Terraform:与厨师一起供应

Question

我正在使用此配置,以便使用厨师客户和流浪汉来配置我的客人:

  config.vm.provision "chef_client" do |chef|
    chef.add_recipe 'living-development'
    chef.chef_server_url = 'https://api.chef.io/organizations/my-organization'
    chef.validation_key_path = 'cert.pem'
    chef.validation_client_name = 'validation'
    chef.version = '12.19.36'
  end

这种配置使用厨师和流浪汉工作正常.不过我需要使用terraform配置我的机器.我不太清楚如何设置上面的"vagrant+chef"配置"terraform+chef".

到目前为止,我一直想要这个:

# Create a new Web Droplet in the nyc2 region
resource "digitalocean_droplet" "web" {
  image  = "ubuntu-14-04-x64"
  name   = "web-1"
  region = "fra1"
  size   = "512mb"
  ssh_keys = ["${digitalocean_ssh_key.default.id}"]
  volume_ids = ["${digitalocean_volume.foobar.id}"]
  provisioner "chef" {
    server_url = "https://api.chef.io/organizations/my-organization"
    user_name = "living"
    user_key = "./living.pem"
    node_name = "living"
    run_list = [ "cookbook::living-development" ]
    version = "12.19.36"
  }
}

执行是打印出来的:

digitalocean_droplet.web (chef): Connecting to remote host via SSH...
digitalocean_droplet.web (chef):   Host: 139.59.148.167
digitalocean_droplet.web (chef):   User: root
digitalocean_droplet.web (chef):   Password: false
digitalocean_droplet.web (chef):   Private key: false
digitalocean_droplet.web (chef):   SSH Agent: false
digitalocean_droplet.web: Still creating... (1m0s elapsed)
digitalocean_droplet.web (chef): Connecting to remote host via SSH...
digitalocean_droplet.web (chef):   Host: 139.59.148.167
digitalocean_droplet.web (chef):   User: root
digitalocean_droplet.web (chef):   Password: false
digitalocean_droplet.web (chef):   Private key: false
digitalocean_droplet.web (chef):   SSH Agent: false
digitalocean_droplet.web (chef): Connecting to remote host via SSH...
digitalocean_droplet.web (chef):   Host: 139.59.148.167
digitalocean_droplet.web (chef):   User: root
digitalocean_droplet.web (chef):   Password: false
digitalocean_droplet.web (chef):   Private key: false
digitalocean_droplet.web (chef):   SSH Agent: false
digitalocean_droplet.web (chef): Connecting to remote host via SSH...
digitalocean_droplet.web (chef):   Host: 139.59.148.167
digitalocean_droplet.web (chef):   User: root
digitalocean_droplet.web (chef):   Password: false
digitalocean_droplet.web (chef):   Private key: false
digitalocean_droplet.web (chef):   SSH Agent: false
digitalocean_droplet.web: Still creating... (1m10s elapsed)
digitalocean_droplet.web (chef): Connecting to remote host via SSH...
...

我不知道这意味着什么......

什么厨师试图得到？

我做错了吗？

Answer 1

您的问题是,Chef正在尝试使用SSH的根凭据连接到您的DigitalOcean Droplet.默认情况下,在ubuntu上禁用SSH的root登录,并且您不希望更改它,因为被认为是不允许它的最佳做法.

因此,您需要将Chef配置程序配置为使用正确的SSH凭据连接到Droplet.为此,您需要在chef供应商定义中包含以下内容:

provisioner "chef" {
 connection {
  type = "ssh"
  user = "your-ssh-user"
  key = $file("/path/to/.pem.key")
 }
}

只需为Chef 设置器中的属性user和key属性设置正确的值connection,这应该允许Chef按预期连接到Droplet.