我是 chef 的新手,想要使用 rabbitmq user_management 配方,但不使用添加 rabbitmq 访客帐户的默认行为。
我正在使用 chef-server 11.1.3 和 rabbitmq cookbook 版本 3.3.0(https://supermarket.getchef.com/cookbooks/rabbitmq)在ubuntu 14.04上安装并配置rabbitmq 3.3.5。
我定义了一个 chef 角色,在其中使用 user_management 配方和 disabled_users 来删除来宾帐户,但是每次运行 chef-client 时,guest 帐户首先添加到 rabbitmq,然后再次删除(正如您从下面 client.log 输出中的“-execute”行所看到的)。我做错了什么?
/var/log/chef/client.log 输出
Recipe: rabbitmq::user_management
* rabbitmq_user[guest] action addRecipe: <Dynamically Defined Resource>
* execute[rabbitmqctl add_user guest] action run
- execute rabbitmqctl add_user guest 'guest'
Recipe: rabbitmq::user_management
* rabbitmq_user[guest] action set_tags (up to date)
* rabbitmq_user[guest] action set_permissionsRecipe: <Dynamically Defined Resource>
* execute[rabbitmqctl set_permissions guest ".*" ".*" ".*"] action run
- execute rabbitmqctl set_permissions guest ".*" ".*" ".*"
Recipe: rabbitmq::user_management
* rabbitmq_user[user1] action add (up to date)
* rabbitmq_user[user1] action set_tags (up to date)
* rabbitmq_user[user1] action set_permissionsRecipe: <Dynamically Defined Resource>
* execute[rabbitmqctl set_permissions -p / user1 ".*" ".*" ".*"] action run
- execute rabbitmqctl set_permissions -p / user1 ".*" ".*" ".*"
Recipe: rabbitmq::user_management
* rabbitmq_user[guest] action deleteRecipe: <Dynamically Defined Resource>
* execute[rabbitmqctl delete_user guest] action run
- execute rabbitmqctl delete_user guest
我的厨师角色
{
"name": "server-rabbitmq-test",
"description": "testing",
"json_class": "Chef::Role",
"default_attributes": {
"rabbitmq": {
"version": "3.3.5",
"use_distro_version": "true",
"port": "5672",
"virtualhosts": [
"/vhost1"
],
"disabled_users": [
"guest"
],
"enabled_users": [
{
"name": "user1",
"password": "user1",
"tag": "user tag",
"rights": [
{
"vhost": "/vhost1",
"conf": ".*",
"write": ".*",
"read": ".*"
}
]
}
]
}
},
"override_attributes": {
},
"chef_type": "role",
"run_list": [
"recipe[rabbitmq]",
"recipe[rabbitmq::mgmt_console]",
"recipe[rabbitmq::policy_management]",
"recipe[rabbitmq::user_management]",
"recipe[rabbitmq::virtualhost_management]",
"recipe[rabbitmq::plugin_management]"
],
"env_run_lists": {
}
}
修改 rabbitmq cookbook????
我可以通过更改 rabbitmq/attributes/default.rb 文件来停止该行为:
# users
default['rabbitmq']['enabled_users'] =
[{ :name => 'guest', :password => 'guest', :rights =>
[{ :vhost => nil , :conf => '.*', :write => '.*', :read => '.*' }]
}]
对此:
# users
default['rabbitmq']['enabled_users'] = []
但一定有更好的方法来实现它,不是吗?
谢谢!!
答案1
您需要[:rabbitmq][:enabled_users]在某处覆盖该属性。编辑原始食谱并不是执行此操作的最佳位置,因为有一天该食谱将被更新,您需要记住再次执行此操作。
当你处理default在菜谱属性文件中设置的属性时,它可以是几乎在任何地方被覆盖在 Chef 中。
包装食谱
可能最便携的方式是创建你自己的特定领域的 RabbitMQ包装食谱并通过它完成所有自定义工作。基本上,它是一种薄垫片,可将大部分工作直接传递到原始 RabbitMQ 食谱上,但您想要更改的地方除外。
在这种情况下,您可以default[:rabbitmq][:enabled_users] = []在包装器食谱中设置attributes.rb,并且首先加载的将是默认的default。
角色、环境、节点覆盖
您还可以在节点(单数)、环境(组)或角色(全局)级别上设置 Chef 服务器上属性的覆盖。如果您认为属性覆盖将在其中一个分组中使用,那么最好在那里完成。
请注意,您会丢失在食谱中执行此类操作时所获得的版本控制(并且很可能是更改跟踪)。
答案2
答案3
再次感谢@mtm。这里记录的是修复问题的完整角色,并添加了 override_attributes 部分:
{
"name": "server-rabbitmq-test",
"description": "testing",
"json_class": "Chef::Role",
"default_attributes": {
"rabbitmq": {
"version": "3.3.5",
"use_distro_version": "true",
"port": "5672",
"virtualhosts": [
"/vhost1"
],
"disabled_users": [
"guest"
],
"enabled_users": [
{
"name": "user1",
"password": "user1",
"tag": "user tag",
"rights": [
{
"vhost": "/vhost1",
"conf": ".*",
"write": ".*",
"read": ".*"
}
]
}
]
}
},
"override_attributes": {
"rabbitmq": {
"enabled_users": []
}
},
"chef_type": "role",
"run_list": [
"recipe[rabbitmq]",
"recipe[rabbitmq::mgmt_console]",
"recipe[rabbitmq::policy_management]",
"recipe[rabbitmq::user_management]",
"recipe[rabbitmq::virtualhost_management]",
"recipe[rabbitmq::plugin_management]"
],
"env_run_lists": {
}
}