如何编写厨师食谱以自动在节点中创建新用户和密码？ [英] How can I write a chef recipe to create a new user and password in the Nodes automatically?

问题描述

我是厨师新手。请帮助！我已经尝试过

I'm new to chef. Kindly help! I have tried this

user "newuser" do
  password: xyz
end

和

user 'newuser' do
  comment 'A random user'
  uid '1234567'
  gid '1234567'
  home '/home/saxuser'
  shell '/bin/bash'
  password 'newpassword'
end 

推荐答案

user 资源的正确格式如下：

The correct format for the user resource is the following:

user "newuser" do
  password crypt_password
end

请记住密码必须为影子格式：

Keep in mind that the password must be in shadow format:

密码阴影哈希。此属性要求安装红宝石阴影。这是Debian软件包的一部分：libshadow-ruby1.8。

The password shadow hash. This property requires that ruby-shadow be installed. This is part of the Debian package: libshadow-ruby1.8.

请参见 密码影子哈希部分，了解如何生成影子密码：

See the Password Shadow Hash section to see how to generate the shadow password:

$ openssl passwd -1 "theplaintextpassword"

要从食谱生成影子密码，可以使用 openssl 烹饪助手来生成盐：

To generate the shadow password from the cookbook, you can use the openssl cookbook helpers to generate the salt:

Chef::Recipe.send(:include, OpenSSLCookbook::RandomPassword)

password = 'xyz'
salt = random_password(length: 10)
crypt_password = password.crypt("$6$#{salt}")

user 'newuser' do
  password crypt_password
end      

别忘了在您的ru中包含 openssl 食谱n列表。

Don't forget to include the openssl cookbook in your run list.

无论如何，请记住，每次厨师运行都会产生不同的盐，所以也许这不是最佳的使用方法。

Anyway, keep in mind that this will generate a different salt in each chef run, so maybe it's not the best approach to use.

我还建议您阅读关于信息管理的诺亚帖子了解使用Chef管理密码的适当方法。

I also encourage you to read Noah's post about secrets management to learn appropriate ways to manage passwords with Chef.

这篇关于如何编写厨师食谱以自动在节点中创建新用户和密码？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！