我寫了一個Bash腳本來實現廚師API,如GET
和POST
。chef-server-api:廚師服務器發出的「CURL」信息失敗
現在GET
工程完美,而POST
失敗。
#!/bin/bash
# Chef Server API by bash.
set -x
_chomp() {
# helper function to remove newlines
awk '{printf "%s", $0}'
}
chef_api_request() {
# This is the meat-and-potatoes, or rice-and-vegetables, your preference really.
local method path body timestamp chef_server_url client_name hashed_body hashed_path
local canonical_request headers auth_headers
chef_server_url="https://chef.xxx.com:9443"
ca_cert="/root/.chef/trusted_certs/chef.xxx.com.crt"
method=$1
endpoint=${2%%\?*}
body=$3
path=${chef_server_url}$2
client_name="opscode" # from `knife user list`, and the one who is associated with the org when created by `chef-server-ctl org-create`
hashed_path=$(echo -n "$endpoint" | openssl dgst -sha1 -binary | openssl enc -base64)
hashed_body=$(echo -n "$body" | openssl dgst -sha1 -binary | openssl enc -base64)
timestamp=$(date -u "+%Y-%m-%dT%H:%M:%SZ")
canonical_request="Method:$method\nHashed Path:$hashed_path\nX-Ops-Content-Hash:$hashed_body\nX-Ops-Timestamp:$timestamp\nX-Ops-UserId:$client_name"
headers="-H X-Ops-Timestamp:$timestamp \
-H X-Ops-Userid:$client_name \
-H X-Chef-Version:12.15.8 \
-H Accept:application/json \
-H X-Ops-Content-Hash:$hashed_body \
-H X-Ops-Sign:version=1.0"
auth_headers=$(printf "$canonical_request" | openssl rsautl -sign -inkey \
"/etc/chef/${client_name}.pem" | openssl enc -base64 | _chomp | awk '{ll=int(length/60);i=0; \
while (i<=ll) {printf " -H X-Ops-Authorization-%s:%s", i+1, substr($0,i*60+1,60);i=i+1}}')
case $method in
GET)
eval "curl --cacert $ca_cert $headers $auth_headers $path"
;;
POST)
# Content-Type is needed when doing 'POST' and 'PUT'.
eval "curl --cacert $ca_cert -H Content-Type:application/json $headers $auth_headers $path"
;;
*)
echo "Unknown Method. " >&2
exit 1
;;
esac
}
chef_api_request "[email protected]"
現在我與
bash server_api.sh POST "/organizations"'{"name":"secure","full_name":"secure test1"}'
運行錯誤是{"error":["Invalid signature for user or client 'opscode'"]}
而且從access_log
,似乎POST
不生效,GET
仍在使用。
172.16.232.201 - - [17/Jul/2017:11:42:04 +0800] "GET /organizations HTTP/1.1" 401 "0.008" 60 "-" "curl/7.29.0" "127.0.0.1:8000" "401" "0.007" "12.15.8" "version=1.0" "opscode" "2017-07-17T03:42:04Z" "eWa1il2mhfy0QqcQDhcZx3Jda4w=" 785
我知道POST
通過curl
將使用-d
,但是從server api docs
我使用-d
相當混亂。
任何幫助表示讚賞。 謝謝。
你已經發布到郵件列表,你不需要發佈它獲得。那就是說,爲什麼要以所有聖潔的名義來做這件事?這可能不是不可能的,但使用像「chef-api」或「PyChef」這樣的真正的客戶端庫會更容易和更強大。 – coderanger