CODEWITHSUNDEEP
rubychef-infrachef-recipe
jebjeb
jebjeb

Reputation: 125

Chef::Exceptions::ChildConvergeError: user_keys could not be found

I am having some issues figuring out why my recipe run is failing to decrypt my data bags. Seems as if line 37 is where the problem lies however i am unable to figure out what is wrong with the code. It's inserting an additional "_keys" in the file name. It should be looking for testuser_keys not testuser_keys_keys. Any help is greatly appreciated.

`chef1.example.com ChefVault::Exceptions::KeysNotFound`

`chef1.example.com   -----------------------------------`

`chef1.example.com   myusers/testuser_keys_keys could not be found`

`chef1.example.com   Cookbook Trace:`


`chef1.example.com   Relevant File Content:
 chef1.example.com   ----------------------
 chef1.example.com  /var/chef/cache/cookbooks/user_management/recipes/default.rb:
chef1.example.com
chef1.example.com  30:  require 'chef-vault'
chef1.example.com  31:
chef1.example.com  32:  if node['user_management']['use_databag']  == true then
chef1.example.com  33:  users = data_bag(node['user_management']['databag_name'])
chef1.example.com  34:  sudoer_users = Array.new()
chef1.example.com  35:  users.each do |id|
chef1.example.com  36:#user = data_bag_item(node['user_management']['databag_name'], id)
chef1.example.com  37>> user =ChefVault::Item.load(node['user_management']['databag_name'], id)
chef1.example.com  38: user_management user['id'] do
chef1.example.com  39: comment user['comment'] unless user['comment'].nil?
chef1.example.com  40: create_home user['create_home']
chef1.example.com  41: shell user['shell'] unless   user['shell'].nil?
chef1.example.com  42: password user['password'] unless user['password'].nil?
chef1.example.com  43: uid user['uid'] unless user['uid'].nil?
chef1.example.com  44: gid user['gid'] unless user['gid'].nil?
chef1.example.com  45: ssh_keys user['ssh_keys'] unless user['ssh_keys'].nil?
chef1.example.com  46:delete_home_when_remove user['delete_home_when_remove'] unless user['delete_home_when_remove'].nil?`

Edit:

I ran this to create the vault

`knife vault create myusers testuser -S '*:*'  -J /root/chef-repo/data_bags/myusers/testuser.json

Here is the content of the encrypted databag

`[root@workstation recipes]# knife data bag show myusers testuser`

`WARNING: Encrypted data bag detected, but no secret provided for  decoding. Displaying encrypted data.
`action:
 `cipher:         aes-256-cbc
  `encrypted_data: XHgISIMGdtMRRCpZV9MuiZJwV46IGdhP3kIZs/9YHUE=`

  `iv:             NDM4/3LfD8ZgJBOFKEX8SA==

   `version:        1
   `password:
   `cipher:         aes-256-cbc
   `encrypted_data: O7KgcNmw43y3lCPpIdaLjvFHIFWewUTIs/yOC2Jsg9M=

   `iv:             WQhYMQmvDwRcPQeN8LGiRQ==`

Here is the content of my decrypted vault

`[root@workstation recipes]# knife vault show myusers testuser

`id:                      testuser
 `password:                $1$NpvZg/BJ$ptmD2pk.BuM41j5pkJn2q0

Upvotes: 0

Views: 505

Answers (1)

coderanger
coderanger

Reputation: 54249

Data bags don't use files per se, they use entities on the Chef Server. The _keys bag is part of the implementation of Chef Vault. Are you sure you used the Vault tools to encrypt the bag? Remember the Chef Vault and Chef Encrypted Data Bags are separate things.

Upvotes: 1

Related Questions