Chef：部署一个禁用root ssh访问的服务器？

ssh-copy-id me@hostname
knife bootstrap hostname --ssh-user me --sudo --run-list role[desired_server_role]

但是,这个答案假设您正在使用厨师服务器(强烈推荐)….

您正在使用非标准刀插件来模拟此引导行为. documentation声明sudo将被“knife solo prepare”命令使用：

It will look up SSH information from ~/.ssh/config or in the file specified by -F. You can also pass port information (-p),identity information (-i),or a password (-P). It will use sudo to run some of these commands and will prompt you for the password if it’s not supplied on the command line.

并且“knife solo bootstrap”命令似乎支持与标准引导程序类似的选项.

$knife solo bootstrap -h 
knife solo bootstrap [USER@]HOSTNAME [JSON] (options)
        --no-berkshelf               Skip berks install
        --bootstrap-version VERSION  The version of Chef to install
    -N,--node-name NAME             The Chef node name for your new node
        --server-url URL             Chef Server URL
        --chef-zero-port PORT        Port to start chef-zero on
    -k,--key KEY                    API Client Key
        --[no-]color                 Use colored output,defaults to false on Windows,true otherwise
    -c,--config CONFIG              The configuration file to use
        --defaults                   Accept default values for all questions
    -d,--disable-editing            Do not open EDITOR,just accept the data as is
    -e,--editor EDITOR              Set the editor to use for interactive commands
    -E,--environment ENVIRONMENT    The Chef environment for your node
        --format FORMAT              Which format to use for output
        --[no-]host-key-verify       Verify host key,enabled by default.
    -i,--identity-file FILE         The ssh identity file
    -j JSON_ATTRIBS,A JSON string to be added to node config (if it does not exist)
        --json-attributes
        --no-librarian               Skip librarian-chef install
    -z,--local-mode                 Point knife commands at local repository instead of server
    -u,--user USER                  API Client Username
        --omnibus-options "OPTIONS"  Pass options to the install.sh script
        --omnibus-url URL            URL to download install.sh from
        --omnibus-version VERSION    Deprecated. Replaced with --bootstrap-version.
        --prerelease                 Install the pre-release Chef version
        --print-after                Show the data after a destructive operation
    -r,--run-list RUN_LIST          Comma separated list of roles/recipes to put to node config (if it does not exist)
    -F CONFIG_FILE,Alternate location for ssh config file
        --ssh-config-file
        --ssh-identity FILE          Deprecated. Replaced with --identity-file.
    -P,--ssh-password PASSWORD      The ssh password
    -p,--ssh-port PORT              The ssh port
    -x,--ssh-user USERNAME          The ssh username
    -s,--startup-script FILE        The startup script on the remote server containing variable definitions
        --sudo-command SUDO_COMMAND  The command to use instead of sudo for admin privileges
        --sync-only                  Only sync the cookbook - do not run Chef
    -V,--verbose                    More verbose output. Use twice for max verbosity
    -v,--version                    Show chef version
    -W,--why-run                    Enable whyrun mode
    -y,--yes                        Say yes to all prompts for confirmation
    -h,--help                       Show this message

我注意到各种各样的时髦东西,包括使用厨师零的选项(现在在chef-client支持的功能).

希望这会有所帮助,但我建议考虑使用chef-server.站起来很容易,然后您将遵循使用厨师的标准方式.

更新

一个有趣的读物：

> The future of knife-solo