[原]Chef_Server and Chef_WorkStation and Chef_Client Install Guide[by haibo]
一、Prerequisite
OS : CentOS-7.0-1406-x86_64-DVD.iso
Time Server : NTP Server
|
SERVER NAME |
IP PLAN |
|
chef_server |
192.168.100.10 |
|
chef_workstation |
192.168.100.11 |
|
chefnode-1 |
192.168.100.12 |
IP Plan:
rpm package(chef_server):
autogen-libopts-5.18-5.el7.x86_64.rpm
ntp-4.2.6p5-25.el7.centos.x86_64.rpm
chef-server-core-12.15.7-1.el7.x86_64.rpm
rpm package(chef workstation):
chefdk-1.4.3-1.el7.x86_64.rpm
git-1.8.3.1-6.el7_2.1.x86_64.rpm
rpm package(chef node):
chef-13.1.31-1.el7.x86_64.rpm
二、Configure OS Environment
2.1 Configure the /etc/hosts
add the content of below into /etc/hosts every node:
192.168.100.10 chef_server
192.168.100.11 chef_workstation
192.168.100.12 chefnode-1
2.2 Setting the NTP Server On chef_server node
2.2.1 Install NTP package
[root@chef_server ~]# rpm -Uvh autogen-libopts-5.18-5.el7.x86_64.rpm
warning: autogen-libopts-5.18-5.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:autogen-libopts-5.18-5.el7 ################################# [100%]
[root@chef_server ~]# rpm -Uvh ntp-4.2.6p5-25.el7.centos.x86_64.rpm --nodeps
warning: ntp-4.2.6p5-25.el7.centos.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:ntp-4.2.6p5-25.el7.centos ################################# [100%]
[root@chef_server ~]# systemctl start ntpd
[root@chef_server ~]# systemctl status ntpd
ntpd.service - Network Time Service
Loaded: loaded (/usr/lib/systemd/system/ntpd.service; disabled)
Active: active (running) since Thu 2017-06-15 23:40:59 CST; 11s ago
Process: 2681 ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 2682 (ntpd)
CGroup: /system.slice/ntpd.service
├─2682 /usr/sbin/ntpd -u ntp:ntp -g
└─2683 /usr/sbin/ntpd -u ntp:ntp -g
2.2.2 Configure the NTP Server
[root@chef_server ~]# vim /etc/ntp.conf
driftfile /var/lib/ntp/drift
restrict default nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict ::1
# delete
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
# add
server 127.127.1.0
fudge 127.127.1.0 stratum 1
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys
disable monitor
[root@chef_server ~]# systemctl restart ntpd
[root@chef_server ~]# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
*LOCAL(0) .LOCL. 1 l 6 64 1 0.000 0.000 0.000
2.2.3 disable the service named firewalld
[root@chef_server ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: active (running) since Thu 2017-06-15 23:17:24 CST; 37min ago
Main PID: 782 (firewalld)
CGroup: /system.slice/firewalld.service
└─782 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Jun 15 23:17:24 chef_server systemd[1]: Started firewalld - dynamic firewall daemon.
[root@chef_server ~]# systemctl stop firewalld
[root@chef_server ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: inactive (dead) since Thu 2017-06-15 23:55:50 CST; 2s ago
Main PID: 782 (code=exited, status=0/SUCCESS)
Jun 15 23:17:24 chef_server systemd[1]: Started firewalld - dynamic firewall daemon.
Jun 15 23:55:48 chef_server systemd[1]: Stopping firewalld - dynamic firewall daemon...
Jun 15 23:55:50 chef_server systemd[1]: Stopped firewalld - dynamic firewall daemon.
NOTE THAT: if you don’t want to stop the firewall ,The Chef server requires the following ports to be open through the firewall
Run the following command to allow 80 and 443 through the firewall.
firewall-cmd --permanent --zone public --add-service http
firewall-cmd --permanent --zone public --add-service https
firewall-cmd --reload
2.2.4 Verify configure and Synchronization
On chef_workstation
[root@chef_workstation ~]# ntpdate chef_server
16 Jun 00:21:55 ntpdate[3239]: adjust time server 192.168.100.10 offset 0.006277 sec
On chefnode-1
[root@chefnode-1 ~]# ntpdate chef_server
16 Jun 00:22:02 ntpdate[3629]: step time server 192.168.100.10 offset 51936.191786 sec
三、Configure Chef Server
3.1 Install chef server package on server node
Install the chef server package and download from the site: https://downloads.chef.io/
[root@chef_server ~]# rpm -Uvh chef-server-core-12.15.7-1.el7.x86_64.rpm
warning: chef-server-core-12.15.7-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:chef-server-core-12.15.7-1.el7 ################################# [100%]
[root@chef_server ~]# chef-server-ctl reconfigure
……
Chef Client finished, 493/1080 resources updated in 03 minutes 39 seconds
Chef Server Reconfigured!
[root@chef_server ~]# chef-server-ctl status
run: bookshelf: (pid 12149) 193s; run: log: (pid 12187) 193s
run: nginx: (pid 11960) 197s; run: log: (pid 12564) 188s
run: oc_bifrost: (pid 11858) 199s; run: log: (pid 11901) 198s
run: oc_id: (pid 11950) 198s; run: log: (pid 11956) 197s
run: opscode-erchef: (pid 12387) 190s; run: log: (pid 12311) 192s
run: opscode-expander: (pid 12034) 194s; run: log: (pid 12105) 194s
run: opscode-solr4: (pid 12000) 195s; run: log: (pid 12020) 195s
run: postgresql: (pid 11816) 199s; run: log: (pid 11841) 199s
run: rabbitmq: (pid 11304) 211s; run: log: (pid 11163) 216s
run: redis_lb: (pid 10796) 248s; run: log: (pid 12555) 188s
3.2 Create an admin User or Organization
User Name: admin
First Name: admin
Last Name: admin
Email: admin@chef.io
Password: password
File Name: admin.pem
Path: /root
[root@chef_server ~]# chef-server-ctl user-create admin admin admin admin@chef.io password -f /root/admin.pem
[root@chef_server ~]# chef-server-ctl org-create chef "CHEF, Inc" --association_user admin -f /root/chef-validator.pem
四、Configure Chef Workstation
4.1 Install chef dk package on chef workstation node
Download the package from the site : https://downloads.chef.io/
[root@chef_workstation ~]# rpm -Uvh chefdk-1.4.3-1.el7.x86_64.rpm
warning: chefdk-1.4.3-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:chefdk-1.4.3-1.el7 ################################# [100%]
Thank you for installing Chef Development Kit!
4.2 Configure the PATH
[root@chef_workstation bin]# export PATH="/opt/chefdk/embedded/bin:${HOME}/.chefdk/gem/ruby/2.1.0/bin:$PATH"
Verify the configure
[root@chef_workstation bin]# which ruby
/opt/chefdk/embedded/bin/ruby
4.3 Install Git
[root@chef_workstation ~]# rpm -Uvh git-1.8.3.1-6.el7_2.1.x86_64.rpm --nodeps
warning: git-1.8.3.1-6.el7_2.1.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:git-1.8.3.1-6.el7_2.1 ################################# [100%]
[root@chef_workstation ~]# git --version
git version 1.8.3.1
4.4 Create chef repo directory
[root@chef_workstation ~]# chef generate repo chef-repo
[root@chef_workstation ~]# cd chef-repo/
[root@chef_workstation chef-repo]# ls -al
total 32
drwxr-xr-x. 7 root root 4096 Jun 16 01:20 .
dr-xr-x---. 6 root root 4096 Jun 16 01:20 ..
-rw-r--r--. 1 root root 1133 Jun 16 01:20 chefignore
-rw-r--r--. 1 root root 255 Jun 16 01:20 .chef-repo.txt
drwxr-xr-x. 3 root root 36 Jun 16 01:20 cookbooks
drwxr-xr-x. 3 root root 36 Jun 16 01:20 data_bags
drwxr-xr-x. 2 root root 41 Jun 16 01:20 environments
drwxr-xr-x. 7 root root 4096 Jun 16 01:20 .git
-rw-r--r--. 1 root root 2121 Jun 16 01:20 .gitignore
-rw-r--r--. 1 root root 70 Jun 16 01:20 LICENSE
-rw-r--r--. 1 root root 1499 Jun 16 01:20 README.md
drwxr-xr-x. 2 root root 41 Jun 16 01:20 roles
4.5 Create the user and email for git
[root@chef_workstation ~]# git config --global user.name "admin"
[root@chef_workstation ~]# git config --global user.email "admin@chef.io"
4.6 Create the repo for git
[root@chef_workstation ~]# cd chef-repo/
[root@chef_workstation chef-repo]# git init
Reinitialized existing Git repository in /root/chef-repo/.git/
4.7 Create the hidden folder .chef under /root/chef-repo
the hidden folder .chef under /root/chef-repo so that stores the RSA keys
[root@chef_workstation chef-repo]# mkdir -p ~/chef-repo/.chef
NOTE THAT:Since this hidden directory stores the RSA keys, it should not be exposed to the public. To do that we will add this directory to “.gitignore” to prevent uploading the contents to GitHub
[root@chef_workstation chef-repo]# echo '.chef' >> ~/chef-repo/.gitignore
[root@chef_workstation chef-repo]# git add .
[root@chef_workstation chef-repo]# git commit -m "initial commit"
[master (root-commit) 26d359d] initial commit
16 files changed, 471 insertions(+)
create mode 100644 .chef-repo.txt
create mode 100644 .gitignore
create mode 100644 LICENSE
create mode 100644 README.md
create mode 100644 chefignore
create mode 100644 cookbooks/README.md
create mode 100644 cookbooks/example/README.md
create mode 100644 cookbooks/example/attributes/default.rb
create mode 100644 cookbooks/example/metadata.rb
create mode 100644 cookbooks/example/recipes/default.rb
create mode 100644 data_bags/README.md
create mode 100644 data_bags/example/example_item.json
create mode 100644 environments/README.md
create mode 100644 environments/example.json
create mode 100644 roles/README.md
create mode 100644 roles/example.json
[root@chef_workstation chef-repo]# git status
# On branch master
nothing to commit, working directory clean
4.8 Copy the RSA Keys to the Workstation:
Copy the RSA key from chef server node to chef workstation node
[root@chef_workstation chef-repo]# scp -pr root@chef_server:/root/admin.pem /root/chef-repo/.chef/
[root@chef_workstation chef-repo]# scp -pr root@chef_server:/root/chef-validator.pem /root/chef-repo/.chef/
4.9 Create knife.rb File:
create and edit the knife.rb file
[root@chef_workstation chef-repo]# vim ~/chef-repo/.chef/knife.rb
current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name "admin"
client_key "#{current_dir}/admin.pem"
validation_client_name "chef-validator"
validation_key "#{current_dir}/chef-validator.pem"
chef_server_url "https://chef_server/organizations/chef"
syntax_check_cache_path "#{ENV['HOME']}/.chef/syntaxcache"
cookbook_path ["#{current_dir}/../cookbooks"]
4.10 Testing Knife:
[root@chef_workstation ~]# cd /root/chef-repo
[root@chef_workstation chef-repo]# knife client list
ERROR: SSL Validation failure connecting to host: chef_server - SSL_connect returned=1 errno=0 state=error: certificate verify failed
ERROR: Could not establish a secure connection to the server.
Use `knife ssl check` to troubleshoot your SSL configuration.
If your Chef Server uses a self-signed certificate, you can use
`knife ssl fetch` to make knife trust the server's certificates.
Original Exception: OpenSSL::SSL::SSLError: SSL Error connecting to https://chef_server/organizations/chef/clients - SSL_connect returned=1 errno=0 state=error: certificate verify failed
4.11 Check SSL
[root@chef_workstation chef-repo]# knife ssl check
Connecting to host chef_server:443
ERROR: The SSL certificate of chef_server could not be verified
Certificate issuer data: /C=US/O=YouCorp/OU=Operations/CN=chef_server
Configuration Info:
OpenSSL Configuration:
* Version: OpenSSL 1.0.2j 26 Sep 2016
* Certificate file: /opt/chefdk/embedded/ssl/cert.pem
* Certificate directory: /opt/chefdk/embedded/ssl/certs
Chef SSL Configuration:
* ssl_ca_path: nil
* ssl_ca_file: nil
* trusted_certs_dir: "/root/chef-repo/.chef/trusted_certs"
TO FIX THIS ERROR:
If the server you are connecting to uses a self-signed certificate, you must
configure chef to trust that server's certificate.
By default, the certificate is stored in the following location on the host
where your chef-server runs:
/var/opt/opscode/nginx/ca/SERVER_HOSTNAME.crt
Copy that file to your trusted_certs_dir (currently: /root/chef-repo/.chef/trusted_certs)
using SSH/SCP or some other secure method, then re-run this command to confirm
that the server's certificate is now trusted.
[root@chef_workstation chef-repo]# knife ssl fetch
WARNING: Certificates from chef_server will be fetched and placed in your trusted_cert
directory (/root/chef-repo/.chef/trusted_certs).
Knife has no means to verify these are the correct certificates. You should
verify the authenticity of these certificates after downloading.
Adding certificate for chef_server in /root/chef-repo/.chef/trusted_certs/chef_server.crt
[root@chef_workstation chef-repo]# knife ssl check
Connecting to host chef_server:443
Successfully verified certificates from `chef_server'
4.12 Verify the client connection
[root@chef_workstation chef-repo]# knife client list
chef-validator
The output confirms the verification has been completed successfully.
五、Configure Chef client Node
Bootstrapping a node is a process of installing chef-client on a target machine so that it can run as a chef-client node and communicate with the chef server.From the workstation, you can bootstrap the node either by using the node’s root user, or a user with elevated privileges.
[root@chef_workstation .chef]# knife bootstrap chefnode-1 -x root -P password --sudo
Important options:
-x: The ssh username
-P: The ssh password
-p: The ssh port
-N: Set your chef-client node name. Leaving this out will usually make hostname being used as the chef-client node name.
[root@chef_workstation .chef]# knife bootstrap chefnode-1 -x root -P password --sudo
Doing old-style registration with the validation key at /root/chef-repo/.chef/chef-validator.pem...
Delete your validation key in order to use your user credentials instead
Connecting to chefnode-1
chefnode-1 -----> Existing Chef installation detected
chefnode-1 Starting the first Chef Client run...
chefnode-1 Starting Chef Client, version 13.1.31
chefnode-1 Creating a new client identity for chefnode-1 using the validator key.
chefnode-1 resolving cookbooks for run list: []
chefnode-1 Synchronizing Cookbooks:
chefnode-1 Installing Cookbook Gems:
chefnode-1 Compiling Cookbooks...
chefnode-1 [2017-06-16T03:07:47+08:00] WARN: Node chefnode-1 has an empty run list.
chefnode-1 Converging 0 resources
chefnode-1
chefnode-1 Running handlers:
chefnode-1 Running handlers complete
chefnode-1 Chef Client finished, 0/0 resources updated in 02 seconds
[root@chef_workstation .chef]# knife node list
chefnode-1
[root@chef_workstation .chef]# knife client show chefnode-1
admin: false
chef_type: client
name: chefnode-1
validator: false
六、Create a Simple Chef Cookbooks
create cookbook test_cookbook
[root@chef_workstation ~]# cd ~/chef-repo/cookbooks/
[root@chef_workstation cookbooks]# chef generate cookbook test_cookbook
Generating cookbook test_cookbook
- Ensuring correct cookbook file content
- Ensuring delivery configuration
- Ensuring correct delivery build cookbook content
Your cookbook is ready. Type `cd test_cookbook` to enter it.
There are several commands you can run to get started locally developing and testing your cookbook.
Type `delivery local --help` to see a full list.
Why not start by writing a test? Tests for the default recipe are stored at:
test/smoke/default/default_test.rb
If you'd prefer to dive right in, the default recipe can be found at:
recipes/default.rb
[root@chef_workstation recipes]# vim default.rb
#
# Cookbook:: test_cookbook
# Recipe:: default
#
# Copyright:: 2017, The Authors, All Rights Reserved.
#
execute 'cp_file' do
command 'cp /etc/hosts /root'
ignore_failure true
end
Upload the Cookbook:
Once your cookbook is complete, you can upload them on to your Chef server
[root@chef_workstation cookbooks]# knife cookbook upload test_cookbook
Uploading test_cookbook [0.1.0]
Uploaded 1 cookbook.
Check the version of cookbook
[root@chef_workstation cookbooks]# knife cookbook list
test_cookbook 0.1.0
Add the Cookbook to your node:
You can add a cookbook to the run_list of a particular node using the following command
[root@chef_workstation cookbooks]# knife node run_list add chefnode-1 test_cookbook
chefnode-1:
run_list: recipe[test_cookbook]
Ececute the action in cookbook on chef node
[root@chefnode-1 ~]# chef-client
Starting Chef Client, version 13.1.31
resolving cookbooks for run list: ["test_cookbook"]
Synchronizing Cookbooks:
- test_cookbook (0.1.0)
Installing Cookbook Gems:
Compiling Cookbooks...
Converging 1 resources
Recipe: test_cookbook::default
* execute[cp_file] action run
- execute cp /etc/hosts /root
Running handlers:
Running handlers complete
Chef Client finished, 1/1 resources updated in 02 seconds
vreufy the result
[root@chefnode-1 ~]# ls
anaconda-ks.cfg hosts
Resources Reference
https://docs.chef.io/resources.html
[原]Chef_Server and Chef_WorkStation and Chef_Client Install Guide[by haibo]的更多相关文章
- Win10 Theano Install Guide
basic install guide 1. download miniconda 2. conda install libpython mingw 3. conda install theano n ...
- Fedora 25/24/23 nVidia Drivers Install Guide
https://www.if-not-true-then-false.com/2015/fedora-nvidia-guide/ search Most Popular Featured Linux ...
- Install guide for OpenLDAP and GOsa 2 on Ubuntu & Debian
First we will install OpenLDAP by running the command as root: apt-get install slapd ldap-utils ldap ...
- freefcw/hustoj Install Guide
First of all, this version hustoj is a skin and improved for https://code.google.com/p/hustoj/. So t ...
- Isilon OneFS Simulator Install Guide
Isilon build for storage data Use VMware converter to convert node1 to ESX(参考silon_OneFS_Simulator_I ...
- csvn install guide
一. make sure java install $ java -version $ echo $JAVA_HOME 二. untar tgz file $ tar xf CollabNetSubv ...
- kubernetes Auto Install Guide
1.概念&架构 Kubernetes is an open-source system for automating deployment, scaling, and management o ...
- HOWTO install Oracle 11g on Ubuntu Linux 12.04 (Precise Pangolin) 64bits
安装了Ubuntu 12.04 64bit, 想在上面安装Oracle 11gr2,网上找了好多文档都没成功,最后完全参考了MordicusEtCubitus的文章. 成功安装的关键点:install ...
- Install Asterisk 11 on Ubuntu 12.04 LTS
http://blogs.digium.com/2012/11/14/how-to-install-asterisk-11-on-ubuntu-12-4-lts/ Last week I put up ...
随机推荐
- Servlet(3)—Servlet
基本知识: java Servlet是和平台无关的服务端组件,它运行在Servlet容器中,Servlet容器负责Servlet和客户的通信以及调用Servlet方法,Servlet和客户的通信采用& ...
- SharePoint 修改用户属性User Name
前言 最近,碰到一个奇怪的事情,在SharePoint里的用户,如果显示方式显示为登录名(Account)的方式,显示为空.如下图: 1.经过查找,发现是因为用户属性 User name为空造成的,如 ...
- layui常见问题记录
1.用js选中checkbox,没有效果 解决方式:加入 form.render(); 重新渲染表单 $(this).prop('checked', true); //在新版本的jquery中,如果是 ...
- 使用cefsharp 浏览器放大
(1)如果浏览器位置有问题,需要设置 Cef.EnableHighDPISupport(); (2)如果要放大浏览器,需要设置 browser.SetZoomLevel(1.25); Chromiu ...
- [Linux] - 网速测试命令
Windows网速测试方法有很多,或者可以直接使用浏览器去一些网站上搜索测试即可. 在Linux中其实更容易,只需要一行命令即可搞定: curl -s https://raw.githubuserco ...
- gstreamer如何查看相关插件信息(src/sink)?
gstreamer及相关插件编译完成后,会输出gst-inspect可执行文件,相关信息如下: drwxrwxr-x yingc yingc 6月 : glib-/ drwxrwxr-x yingc ...
- Windows 7安装Tensorflow
以前是在Cent OS中运行Tensorflow,,经常需要切换操作系统,很不方便,于是决定在Windows 7下安装Tensorflow. 过程还是挺复杂的,需要安装的包括:Visual Studi ...
- Hibernate 离线对象构建通用查询
1.业务场景 当下主系统衍生子业务系统已经成为常态,像京东的物流和金融,阿里的支付宝和淘宝. 子业务系统需要对主系统的资源进行访问,这里的资源我具体化为数据库数据,但日常业务中可能不只是数据. 抽象服 ...
- [转]The Production Environment at Google (part 2)
How the production environment at Google fits together for networking, monitoring and finishing with ...
- mysql多实例配置下,用脚本启动mysql时,出现Please read "Security" section of the manual to find out how to run mysqld as root!
[root@localhost 3308]# mysqld stop170414 0:35:28 [Note] --secure-file-priv is set to NULL. Operation ...