[原]Chef_Server and Chef_WorkStation and Chef_Client Install Guide[by haibo]
一、Prerequisite
OS : CentOS-7.0-1406-x86_64-DVD.iso
Time Server : NTP Server
SERVER NAME |
IP PLAN |
chef_server |
192.168.100.10 |
chef_workstation |
192.168.100.11 |
chefnode-1 |
192.168.100.12 |
IP Plan:
rpm package(chef_server):
autogen-libopts-5.18-5.el7.x86_64.rpm
ntp-4.2.6p5-25.el7.centos.x86_64.rpm
chef-server-core-12.15.7-1.el7.x86_64.rpm
rpm package(chef workstation):
chefdk-1.4.3-1.el7.x86_64.rpm
git-1.8.3.1-6.el7_2.1.x86_64.rpm
rpm package(chef node):
chef-13.1.31-1.el7.x86_64.rpm
二、Configure OS Environment
2.1 Configure the /etc/hosts
add the content of below into /etc/hosts every node:
192.168.100.10 chef_server
192.168.100.11 chef_workstation
192.168.100.12 chefnode-1
2.2 Setting the NTP Server On chef_server node
2.2.1 Install NTP package
[root@chef_server ~]# rpm -Uvh autogen-libopts-5.18-5.el7.x86_64.rpm
warning: autogen-libopts-5.18-5.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:autogen-libopts-5.18-5.el7 ################################# [100%]
[root@chef_server ~]# rpm -Uvh ntp-4.2.6p5-25.el7.centos.x86_64.rpm --nodeps
warning: ntp-4.2.6p5-25.el7.centos.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:ntp-4.2.6p5-25.el7.centos ################################# [100%]
[root@chef_server ~]# systemctl start ntpd
[root@chef_server ~]# systemctl status ntpd
ntpd.service - Network Time Service
Loaded: loaded (/usr/lib/systemd/system/ntpd.service; disabled)
Active: active (running) since Thu 2017-06-15 23:40:59 CST; 11s ago
Process: 2681 ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 2682 (ntpd)
CGroup: /system.slice/ntpd.service
├─2682 /usr/sbin/ntpd -u ntp:ntp -g
└─2683 /usr/sbin/ntpd -u ntp:ntp -g
2.2.2 Configure the NTP Server
[root@chef_server ~]# vim /etc/ntp.conf
driftfile /var/lib/ntp/drift
restrict default nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict ::1
# delete
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
# add
server 127.127.1.0
fudge 127.127.1.0 stratum 1
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys
disable monitor
[root@chef_server ~]# systemctl restart ntpd
[root@chef_server ~]# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
*LOCAL(0) .LOCL. 1 l 6 64 1 0.000 0.000 0.000
2.2.3 disable the service named firewalld
[root@chef_server ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: active (running) since Thu 2017-06-15 23:17:24 CST; 37min ago
Main PID: 782 (firewalld)
CGroup: /system.slice/firewalld.service
└─782 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Jun 15 23:17:24 chef_server systemd[1]: Started firewalld - dynamic firewall daemon.
[root@chef_server ~]# systemctl stop firewalld
[root@chef_server ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: inactive (dead) since Thu 2017-06-15 23:55:50 CST; 2s ago
Main PID: 782 (code=exited, status=0/SUCCESS)
Jun 15 23:17:24 chef_server systemd[1]: Started firewalld - dynamic firewall daemon.
Jun 15 23:55:48 chef_server systemd[1]: Stopping firewalld - dynamic firewall daemon...
Jun 15 23:55:50 chef_server systemd[1]: Stopped firewalld - dynamic firewall daemon.
NOTE THAT: if you don’t want to stop the firewall ,The Chef server requires the following ports to be open through the firewall
Run the following command to allow 80 and 443 through the firewall.
firewall-cmd --permanent --zone public --add-service http
firewall-cmd --permanent --zone public --add-service https
firewall-cmd --reload
2.2.4 Verify configure and Synchronization
On chef_workstation
[root@chef_workstation ~]# ntpdate chef_server
16 Jun 00:21:55 ntpdate[3239]: adjust time server 192.168.100.10 offset 0.006277 sec
On chefnode-1
[root@chefnode-1 ~]# ntpdate chef_server
16 Jun 00:22:02 ntpdate[3629]: step time server 192.168.100.10 offset 51936.191786 sec
三、Configure Chef Server
3.1 Install chef server package on server node
Install the chef server package and download from the site: https://downloads.chef.io/
[root@chef_server ~]# rpm -Uvh chef-server-core-12.15.7-1.el7.x86_64.rpm
warning: chef-server-core-12.15.7-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:chef-server-core-12.15.7-1.el7 ################################# [100%]
[root@chef_server ~]# chef-server-ctl reconfigure
……
Chef Client finished, 493/1080 resources updated in 03 minutes 39 seconds
Chef Server Reconfigured!
[root@chef_server ~]# chef-server-ctl status
run: bookshelf: (pid 12149) 193s; run: log: (pid 12187) 193s
run: nginx: (pid 11960) 197s; run: log: (pid 12564) 188s
run: oc_bifrost: (pid 11858) 199s; run: log: (pid 11901) 198s
run: oc_id: (pid 11950) 198s; run: log: (pid 11956) 197s
run: opscode-erchef: (pid 12387) 190s; run: log: (pid 12311) 192s
run: opscode-expander: (pid 12034) 194s; run: log: (pid 12105) 194s
run: opscode-solr4: (pid 12000) 195s; run: log: (pid 12020) 195s
run: postgresql: (pid 11816) 199s; run: log: (pid 11841) 199s
run: rabbitmq: (pid 11304) 211s; run: log: (pid 11163) 216s
run: redis_lb: (pid 10796) 248s; run: log: (pid 12555) 188s
3.2 Create an admin User or Organization
User Name: admin
First Name: admin
Last Name: admin
Email: admin@chef.io
Password: password
File Name: admin.pem
Path: /root
[root@chef_server ~]# chef-server-ctl user-create admin admin admin admin@chef.io password -f /root/admin.pem
[root@chef_server ~]# chef-server-ctl org-create chef "CHEF, Inc" --association_user admin -f /root/chef-validator.pem
四、Configure Chef Workstation
4.1 Install chef dk package on chef workstation node
Download the package from the site : https://downloads.chef.io/
[root@chef_workstation ~]# rpm -Uvh chefdk-1.4.3-1.el7.x86_64.rpm
warning: chefdk-1.4.3-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:chefdk-1.4.3-1.el7 ################################# [100%]
Thank you for installing Chef Development Kit!
4.2 Configure the PATH
[root@chef_workstation bin]# export PATH="/opt/chefdk/embedded/bin:${HOME}/.chefdk/gem/ruby/2.1.0/bin:$PATH"
Verify the configure
[root@chef_workstation bin]# which ruby
/opt/chefdk/embedded/bin/ruby
4.3 Install Git
[root@chef_workstation ~]# rpm -Uvh git-1.8.3.1-6.el7_2.1.x86_64.rpm --nodeps
warning: git-1.8.3.1-6.el7_2.1.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:git-1.8.3.1-6.el7_2.1 ################################# [100%]
[root@chef_workstation ~]# git --version
git version 1.8.3.1
4.4 Create chef repo directory
[root@chef_workstation ~]# chef generate repo chef-repo
[root@chef_workstation ~]# cd chef-repo/
[root@chef_workstation chef-repo]# ls -al
total 32
drwxr-xr-x. 7 root root 4096 Jun 16 01:20 .
dr-xr-x---. 6 root root 4096 Jun 16 01:20 ..
-rw-r--r--. 1 root root 1133 Jun 16 01:20 chefignore
-rw-r--r--. 1 root root 255 Jun 16 01:20 .chef-repo.txt
drwxr-xr-x. 3 root root 36 Jun 16 01:20 cookbooks
drwxr-xr-x. 3 root root 36 Jun 16 01:20 data_bags
drwxr-xr-x. 2 root root 41 Jun 16 01:20 environments
drwxr-xr-x. 7 root root 4096 Jun 16 01:20 .git
-rw-r--r--. 1 root root 2121 Jun 16 01:20 .gitignore
-rw-r--r--. 1 root root 70 Jun 16 01:20 LICENSE
-rw-r--r--. 1 root root 1499 Jun 16 01:20 README.md
drwxr-xr-x. 2 root root 41 Jun 16 01:20 roles
4.5 Create the user and email for git
[root@chef_workstation ~]# git config --global user.name "admin"
[root@chef_workstation ~]# git config --global user.email "admin@chef.io"
4.6 Create the repo for git
[root@chef_workstation ~]# cd chef-repo/
[root@chef_workstation chef-repo]# git init
Reinitialized existing Git repository in /root/chef-repo/.git/
4.7 Create the hidden folder .chef under /root/chef-repo
the hidden folder .chef under /root/chef-repo so that stores the RSA keys
[root@chef_workstation chef-repo]# mkdir -p ~/chef-repo/.chef
NOTE THAT:Since this hidden directory stores the RSA keys, it should not be exposed to the public. To do that we will add this directory to “.gitignore” to prevent uploading the contents to GitHub
[root@chef_workstation chef-repo]# echo '.chef' >> ~/chef-repo/.gitignore
[root@chef_workstation chef-repo]# git add .
[root@chef_workstation chef-repo]# git commit -m "initial commit"
[master (root-commit) 26d359d] initial commit
16 files changed, 471 insertions(+)
create mode 100644 .chef-repo.txt
create mode 100644 .gitignore
create mode 100644 LICENSE
create mode 100644 README.md
create mode 100644 chefignore
create mode 100644 cookbooks/README.md
create mode 100644 cookbooks/example/README.md
create mode 100644 cookbooks/example/attributes/default.rb
create mode 100644 cookbooks/example/metadata.rb
create mode 100644 cookbooks/example/recipes/default.rb
create mode 100644 data_bags/README.md
create mode 100644 data_bags/example/example_item.json
create mode 100644 environments/README.md
create mode 100644 environments/example.json
create mode 100644 roles/README.md
create mode 100644 roles/example.json
[root@chef_workstation chef-repo]# git status
# On branch master
nothing to commit, working directory clean
4.8 Copy the RSA Keys to the Workstation:
Copy the RSA key from chef server node to chef workstation node
[root@chef_workstation chef-repo]# scp -pr root@chef_server:/root/admin.pem /root/chef-repo/.chef/
[root@chef_workstation chef-repo]# scp -pr root@chef_server:/root/chef-validator.pem /root/chef-repo/.chef/
4.9 Create knife.rb File:
create and edit the knife.rb file
[root@chef_workstation chef-repo]# vim ~/chef-repo/.chef/knife.rb
current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name "admin"
client_key "#{current_dir}/admin.pem"
validation_client_name "chef-validator"
validation_key "#{current_dir}/chef-validator.pem"
chef_server_url "https://chef_server/organizations/chef"
syntax_check_cache_path "#{ENV['HOME']}/.chef/syntaxcache"
cookbook_path ["#{current_dir}/../cookbooks"]
4.10 Testing Knife:
[root@chef_workstation ~]# cd /root/chef-repo
[root@chef_workstation chef-repo]# knife client list
ERROR: SSL Validation failure connecting to host: chef_server - SSL_connect returned=1 errno=0 state=error: certificate verify failed
ERROR: Could not establish a secure connection to the server.
Use `knife ssl check` to troubleshoot your SSL configuration.
If your Chef Server uses a self-signed certificate, you can use
`knife ssl fetch` to make knife trust the server's certificates.
Original Exception: OpenSSL::SSL::SSLError: SSL Error connecting to https://chef_server/organizations/chef/clients - SSL_connect returned=1 errno=0 state=error: certificate verify failed
4.11 Check SSL
[root@chef_workstation chef-repo]# knife ssl check
Connecting to host chef_server:443
ERROR: The SSL certificate of chef_server could not be verified
Certificate issuer data: /C=US/O=YouCorp/OU=Operations/CN=chef_server
Configuration Info:
OpenSSL Configuration:
* Version: OpenSSL 1.0.2j 26 Sep 2016
* Certificate file: /opt/chefdk/embedded/ssl/cert.pem
* Certificate directory: /opt/chefdk/embedded/ssl/certs
Chef SSL Configuration:
* ssl_ca_path: nil
* ssl_ca_file: nil
* trusted_certs_dir: "/root/chef-repo/.chef/trusted_certs"
TO FIX THIS ERROR:
If the server you are connecting to uses a self-signed certificate, you must
configure chef to trust that server's certificate.
By default, the certificate is stored in the following location on the host
where your chef-server runs:
/var/opt/opscode/nginx/ca/SERVER_HOSTNAME.crt
Copy that file to your trusted_certs_dir (currently: /root/chef-repo/.chef/trusted_certs)
using SSH/SCP or some other secure method, then re-run this command to confirm
that the server's certificate is now trusted.
[root@chef_workstation chef-repo]# knife ssl fetch
WARNING: Certificates from chef_server will be fetched and placed in your trusted_cert
directory (/root/chef-repo/.chef/trusted_certs).
Knife has no means to verify these are the correct certificates. You should
verify the authenticity of these certificates after downloading.
Adding certificate for chef_server in /root/chef-repo/.chef/trusted_certs/chef_server.crt
[root@chef_workstation chef-repo]# knife ssl check
Connecting to host chef_server:443
Successfully verified certificates from `chef_server'
4.12 Verify the client connection
[root@chef_workstation chef-repo]# knife client list
chef-validator
The output confirms the verification has been completed successfully.
五、Configure Chef client Node
Bootstrapping a node is a process of installing chef-client on a target machine so that it can run as a chef-client node and communicate with the chef server.From the workstation, you can bootstrap the node either by using the node’s root user, or a user with elevated privileges.
[root@chef_workstation .chef]# knife bootstrap chefnode-1 -x root -P password --sudo
Important options:
-x: The ssh username
-P: The ssh password
-p: The ssh port
-N: Set your chef-client node name. Leaving this out will usually make hostname being used as the chef-client node name.
[root@chef_workstation .chef]# knife bootstrap chefnode-1 -x root -P password --sudo
Doing old-style registration with the validation key at /root/chef-repo/.chef/chef-validator.pem...
Delete your validation key in order to use your user credentials instead
Connecting to chefnode-1
chefnode-1 -----> Existing Chef installation detected
chefnode-1 Starting the first Chef Client run...
chefnode-1 Starting Chef Client, version 13.1.31
chefnode-1 Creating a new client identity for chefnode-1 using the validator key.
chefnode-1 resolving cookbooks for run list: []
chefnode-1 Synchronizing Cookbooks:
chefnode-1 Installing Cookbook Gems:
chefnode-1 Compiling Cookbooks...
chefnode-1 [2017-06-16T03:07:47+08:00] WARN: Node chefnode-1 has an empty run list.
chefnode-1 Converging 0 resources
chefnode-1
chefnode-1 Running handlers:
chefnode-1 Running handlers complete
chefnode-1 Chef Client finished, 0/0 resources updated in 02 seconds
[root@chef_workstation .chef]# knife node list
chefnode-1
[root@chef_workstation .chef]# knife client show chefnode-1
admin: false
chef_type: client
name: chefnode-1
validator: false
六、Create a Simple Chef Cookbooks
create cookbook test_cookbook
[root@chef_workstation ~]# cd ~/chef-repo/cookbooks/
[root@chef_workstation cookbooks]# chef generate cookbook test_cookbook
Generating cookbook test_cookbook
- Ensuring correct cookbook file content
- Ensuring delivery configuration
- Ensuring correct delivery build cookbook content
Your cookbook is ready. Type `cd test_cookbook` to enter it.
There are several commands you can run to get started locally developing and testing your cookbook.
Type `delivery local --help` to see a full list.
Why not start by writing a test? Tests for the default recipe are stored at:
test/smoke/default/default_test.rb
If you'd prefer to dive right in, the default recipe can be found at:
recipes/default.rb
[root@chef_workstation recipes]# vim default.rb
#
# Cookbook:: test_cookbook
# Recipe:: default
#
# Copyright:: 2017, The Authors, All Rights Reserved.
#
execute 'cp_file' do
command 'cp /etc/hosts /root'
ignore_failure true
end
Upload the Cookbook:
Once your cookbook is complete, you can upload them on to your Chef server
[root@chef_workstation cookbooks]# knife cookbook upload test_cookbook
Uploading test_cookbook [0.1.0]
Uploaded 1 cookbook.
Check the version of cookbook
[root@chef_workstation cookbooks]# knife cookbook list
test_cookbook 0.1.0
Add the Cookbook to your node:
You can add a cookbook to the run_list of a particular node using the following command
[root@chef_workstation cookbooks]# knife node run_list add chefnode-1 test_cookbook
chefnode-1:
run_list: recipe[test_cookbook]
Ececute the action in cookbook on chef node
[root@chefnode-1 ~]# chef-client
Starting Chef Client, version 13.1.31
resolving cookbooks for run list: ["test_cookbook"]
Synchronizing Cookbooks:
- test_cookbook (0.1.0)
Installing Cookbook Gems:
Compiling Cookbooks...
Converging 1 resources
Recipe: test_cookbook::default
* execute[cp_file] action run
- execute cp /etc/hosts /root
Running handlers:
Running handlers complete
Chef Client finished, 1/1 resources updated in 02 seconds
vreufy the result
[root@chefnode-1 ~]# ls
anaconda-ks.cfg hosts
Resources Reference
https://docs.chef.io/resources.html
[原]Chef_Server and Chef_WorkStation and Chef_Client Install Guide[by haibo]的更多相关文章
- Win10 Theano Install Guide
basic install guide 1. download miniconda 2. conda install libpython mingw 3. conda install theano n ...
- Fedora 25/24/23 nVidia Drivers Install Guide
https://www.if-not-true-then-false.com/2015/fedora-nvidia-guide/ search Most Popular Featured Linux ...
- Install guide for OpenLDAP and GOsa 2 on Ubuntu & Debian
First we will install OpenLDAP by running the command as root: apt-get install slapd ldap-utils ldap ...
- freefcw/hustoj Install Guide
First of all, this version hustoj is a skin and improved for https://code.google.com/p/hustoj/. So t ...
- Isilon OneFS Simulator Install Guide
Isilon build for storage data Use VMware converter to convert node1 to ESX(参考silon_OneFS_Simulator_I ...
- csvn install guide
一. make sure java install $ java -version $ echo $JAVA_HOME 二. untar tgz file $ tar xf CollabNetSubv ...
- kubernetes Auto Install Guide
1.概念&架构 Kubernetes is an open-source system for automating deployment, scaling, and management o ...
- HOWTO install Oracle 11g on Ubuntu Linux 12.04 (Precise Pangolin) 64bits
安装了Ubuntu 12.04 64bit, 想在上面安装Oracle 11gr2,网上找了好多文档都没成功,最后完全参考了MordicusEtCubitus的文章. 成功安装的关键点:install ...
- Install Asterisk 11 on Ubuntu 12.04 LTS
http://blogs.digium.com/2012/11/14/how-to-install-asterisk-11-on-ubuntu-12-4-lts/ Last week I put up ...
随机推荐
- Myeclispe 代码自动补全
1.Myeclispe—>Preference 2.Java->Editor->Content Assist 3.Auto activation for java 补全(.abcde ...
- Python 读取 支付宝账单并存储到 Access 中
我有一个很多年前自己写的C#+Access的记账程序,用了很多年,现在花钱的机会多了,并且大部分走的支付宝,于是就想把账单从支付宝网站上下载下来,直接写入到Access,这样就很省心了. 记账程序是长 ...
- 基于Cesium的demo赏析
更新于2019.2.23 Cesium的强大不用多说,所以有很多政府.组织基于cesium做了一些应用,其中不乏有很多优秀的示例,我们大都可以从中获得对自己的项目有益的东西.另:有的网站需要FQ. 官 ...
- openssl链接动态库的方法
错误:AES_set_decrypt_key 一. 编译时: 1. 不要在windows与linux共享区编译2. ./config no-asm -fPIC3. make 二. cp: cannot ...
- 如何禁用package-lock
因为 package-lock.json是自动生成的,可以配置 npm 来避免经常需要手动删除这个文件. 在当前项目禁用 package-lock.json 控制台下输入 echo 'package- ...
- spring拦截器中使用spring的自动注入
需要在spring的拦截器中使用自定义的服务,这要就设计到将服务注入到拦截器中.网上看的情况有两种: 1. @Configuration public class OptPermissionHandl ...
- Effective Java 第三版——72. 赞成使用标准异常
Tips 书中的源代码地址:https://github.com/jbloch/effective-java-3e-source-code 注意,书中的有些代码里方法是基于Java 9 API中的,所 ...
- 关于 Docker Hub 上不能注册 Docker ID 的问题
1. 引言 我们中国大陆访问dockerhub的时候,想要注册一个dockerID,发现sign up按钮是灰色的,不能点击进行注册.这个时候通过点击右键"查看网页源代码"和&qu ...
- 文档大师 在Win10 IE11下,文档集画面无法正常显示Word等Office文档的解决方法
在文档集界面中显示Word文档,是文档大师的一个核心功能. 最近在 Win10 升级到最新版后,发现 无法正常显示Office 文档的问题. 一开始以为是Word版本问题,从2007升级到2016,问 ...
- Mysql Binlog三种格式详细介绍
一.MySQL Binlog格式介绍 mysql binlog日志有三种格式,分别为Statement,MiXED,以及ROW! 查看binlog的格式的脚本: 二.binlog 的不同模式有什么区别 ...