一、Prerequisite

OS  :  CentOS-7.0-1406-x86_64-DVD.iso

Time Server :   NTP Server

SERVER NAME

IP PLAN

chef_server

192.168.100.10

chef_workstation

192.168.100.11

chefnode-1

192.168.100.12

IP Plan:

rpm package(chef_server):

autogen-libopts-5.18-5.el7.x86_64.rpm

ntp-4.2.6p5-25.el7.centos.x86_64.rpm

chef-server-core-12.15.7-1.el7.x86_64.rpm

rpm package(chef workstation):

chefdk-1.4.3-1.el7.x86_64.rpm

git-1.8.3.1-6.el7_2.1.x86_64.rpm

rpm package(chef node):

chef-13.1.31-1.el7.x86_64.rpm

二、Configure OS Environment

2.1 Configure  the  /etc/hosts

add the content of below into /etc/hosts   every node:

192.168.100.10     chef_server

192.168.100.11    chef_workstation

192.168.100.12    chefnode-1

2.2 Setting the NTP Server  On chef_server node

2.2.1 Install NTP package

[root@chef_server ~]# rpm -Uvh autogen-libopts-5.18-5.el7.x86_64.rpm

warning: autogen-libopts-5.18-5.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY

Preparing...                          ################################# [100%]

Updating / installing...

1:autogen-libopts-5.18-5.el7       ################################# [100%]

[root@chef_server ~]# rpm -Uvh ntp-4.2.6p5-25.el7.centos.x86_64.rpm --nodeps

warning: ntp-4.2.6p5-25.el7.centos.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY

Preparing...                          ################################# [100%]

Updating / installing...

1:ntp-4.2.6p5-25.el7.centos        ################################# [100%]

[root@chef_server ~]# systemctl start ntpd

[root@chef_server ~]# systemctl status ntpd

ntpd.service - Network Time Service

Loaded: loaded (/usr/lib/systemd/system/ntpd.service; disabled)

Active: active (running) since Thu 2017-06-15 23:40:59 CST; 11s ago

Process: 2681 ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS (code=exited, status=0/SUCCESS)

Main PID: 2682 (ntpd)

CGroup: /system.slice/ntpd.service

├─2682 /usr/sbin/ntpd -u ntp:ntp -g

└─2683 /usr/sbin/ntpd -u ntp:ntp -g

2.2.2 Configure the NTP Server

[root@chef_server ~]# vim /etc/ntp.conf

driftfile /var/lib/ntp/drift

restrict default nomodify notrap nopeer noquery

restrict 127.0.0.1

restrict ::1

# delete

server 0.centos.pool.ntp.org iburst

server 1.centos.pool.ntp.org iburst

server 2.centos.pool.ntp.org iburst

server 3.centos.pool.ntp.org iburst

#  add

server 127.127.1.0

fudge  127.127.1.0 stratum 1

includefile /etc/ntp/crypto/pw

keys /etc/ntp/keys

disable monitor

[root@chef_server ~]# systemctl restart ntpd

[root@chef_server ~]# ntpq -p

remote           refid      st t when poll reach   delay   offset  jitter

==============================================================================

*LOCAL(0)        .LOCL.           1 l    6   64    1    0.000    0.000   0.000

2.2.3 disable the service named  firewalld

[root@chef_server ~]# systemctl status firewalld

firewalld.service - firewalld - dynamic firewall daemon

Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)

Active: active (running) since Thu 2017-06-15 23:17:24 CST; 37min ago

Main PID: 782 (firewalld)

CGroup: /system.slice/firewalld.service

└─782 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Jun 15 23:17:24 chef_server systemd[1]: Started firewalld - dynamic firewall daemon.

[root@chef_server ~]# systemctl stop firewalld

[root@chef_server ~]# systemctl status firewalld

firewalld.service - firewalld - dynamic firewall daemon

Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)

Active: inactive (dead) since Thu 2017-06-15 23:55:50 CST; 2s ago

Main PID: 782 (code=exited, status=0/SUCCESS)

Jun 15 23:17:24 chef_server systemd[1]: Started firewalld - dynamic firewall daemon.

Jun 15 23:55:48 chef_server systemd[1]: Stopping firewalld - dynamic firewall daemon...

Jun 15 23:55:50 chef_server systemd[1]: Stopped firewalld - dynamic firewall daemon.

NOTE THAT: if you don’t want to stop the firewall ,The Chef server requires the following ports to be open through the firewall

Run the following command to allow 80 and 443 through the firewall.

firewall-cmd --permanent --zone public --add-service http

firewall-cmd --permanent --zone public --add-service https

firewall-cmd --reload

2.2.4 Verify configure and Synchronization

On chef_workstation

[root@chef_workstation ~]# ntpdate chef_server

16 Jun 00:21:55 ntpdate[3239]: adjust time server 192.168.100.10 offset 0.006277 sec

On chefnode-1

[root@chefnode-1 ~]# ntpdate chef_server

16 Jun 00:22:02 ntpdate[3629]: step time server 192.168.100.10 offset 51936.191786 sec

三、Configure Chef Server

3.1 Install chef server package on server node

Install the chef server package and download from the site: https://downloads.chef.io/

[root@chef_server ~]# rpm -Uvh chef-server-core-12.15.7-1.el7.x86_64.rpm

warning: chef-server-core-12.15.7-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY

Preparing...                          ################################# [100%]

Updating / installing...

1:chef-server-core-12.15.7-1.el7   ################################# [100%]

[root@chef_server ~]# chef-server-ctl reconfigure

……

Chef Client finished, 493/1080 resources updated in 03 minutes 39 seconds

Chef Server Reconfigured!

[root@chef_server ~]# chef-server-ctl status

run: bookshelf: (pid 12149) 193s; run: log: (pid 12187) 193s

run: nginx: (pid 11960) 197s; run: log: (pid 12564) 188s

run: oc_bifrost: (pid 11858) 199s; run: log: (pid 11901) 198s

run: oc_id: (pid 11950) 198s; run: log: (pid 11956) 197s

run: opscode-erchef: (pid 12387) 190s; run: log: (pid 12311) 192s

run: opscode-expander: (pid 12034) 194s; run: log: (pid 12105) 194s

run: opscode-solr4: (pid 12000) 195s; run: log: (pid 12020) 195s

run: postgresql: (pid 11816) 199s; run: log: (pid 11841) 199s

run: rabbitmq: (pid 11304) 211s; run: log: (pid 11163) 216s

run: redis_lb: (pid 10796) 248s; run: log: (pid 12555) 188s

3.2 Create an admin User or Organization

User Name: admin

First Name: admin

Last Name: admin

Email: admin@chef.io

Password: password

File Name: admin.pem

Path: /root

[root@chef_server ~]# chef-server-ctl user-create admin admin admin admin@chef.io password -f /root/admin.pem

[root@chef_server ~]# chef-server-ctl org-create chef "CHEF, Inc" --association_user admin -f /root/chef-validator.pem

四、Configure Chef Workstation

4.1 Install chef dk package on chef workstation node

Download the package from the site : https://downloads.chef.io/

[root@chef_workstation ~]# rpm -Uvh chefdk-1.4.3-1.el7.x86_64.rpm

warning: chefdk-1.4.3-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY

Preparing...                          ################################# [100%]

Updating / installing...

1:chefdk-1.4.3-1.el7               ################################# [100%]

Thank you for installing Chef Development Kit!

4.2 Configure the PATH

[root@chef_workstation bin]# export PATH="/opt/chefdk/embedded/bin:${HOME}/.chefdk/gem/ruby/2.1.0/bin:$PATH"

Verify the configure

[root@chef_workstation bin]# which ruby

/opt/chefdk/embedded/bin/ruby

4.3 Install Git

[root@chef_workstation ~]# rpm -Uvh git-1.8.3.1-6.el7_2.1.x86_64.rpm --nodeps

warning: git-1.8.3.1-6.el7_2.1.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY

Preparing...                          ################################# [100%]

Updating / installing...

1:git-1.8.3.1-6.el7_2.1            ################################# [100%]

[root@chef_workstation ~]# git --version

git version 1.8.3.1

4.4 Create chef repo directory

[root@chef_workstation ~]# chef generate repo chef-repo

[root@chef_workstation ~]# cd chef-repo/

[root@chef_workstation chef-repo]# ls -al

total 32

drwxr-xr-x. 7 root root 4096 Jun 16 01:20 .

dr-xr-x---. 6 root root 4096 Jun 16 01:20 ..

-rw-r--r--. 1 root root 1133 Jun 16 01:20 chefignore

-rw-r--r--. 1 root root  255 Jun 16 01:20 .chef-repo.txt

drwxr-xr-x. 3 root root   36 Jun 16 01:20 cookbooks

drwxr-xr-x. 3 root root   36 Jun 16 01:20 data_bags

drwxr-xr-x. 2 root root   41 Jun 16 01:20 environments

drwxr-xr-x. 7 root root 4096 Jun 16 01:20 .git

-rw-r--r--. 1 root root 2121 Jun 16 01:20 .gitignore

-rw-r--r--. 1 root root   70 Jun 16 01:20 LICENSE

-rw-r--r--. 1 root root 1499 Jun 16 01:20 README.md

drwxr-xr-x. 2 root root   41 Jun 16 01:20 roles

4.5 Create the user and email for git

[root@chef_workstation ~]# git config --global user.name "admin"

[root@chef_workstation ~]# git config --global user.email "admin@chef.io"

4.6 Create the repo for git

[root@chef_workstation ~]# cd chef-repo/

[root@chef_workstation chef-repo]# git init

Reinitialized existing Git repository in /root/chef-repo/.git/

4.7 Create the hidden folder  .chef under /root/chef-repo

the hidden folder  .chef under /root/chef-repo so that stores the RSA keys

[root@chef_workstation chef-repo]# mkdir -p ~/chef-repo/.chef

NOTE THAT:Since this hidden directory stores the RSA keys, it should not be exposed to the public. To do that we will add this directory to “.gitignore” to prevent uploading the contents to GitHub

[root@chef_workstation chef-repo]# echo '.chef' >> ~/chef-repo/.gitignore

[root@chef_workstation chef-repo]# git add .

[root@chef_workstation chef-repo]# git commit -m "initial commit"

[master (root-commit) 26d359d] initial commit

16 files changed, 471 insertions(+)

create mode 100644 .chef-repo.txt

create mode 100644 .gitignore

create mode 100644 LICENSE

create mode 100644 README.md

create mode 100644 chefignore

create mode 100644 cookbooks/README.md

create mode 100644 cookbooks/example/README.md

create mode 100644 cookbooks/example/attributes/default.rb

create mode 100644 cookbooks/example/metadata.rb

create mode 100644 cookbooks/example/recipes/default.rb

create mode 100644 data_bags/README.md

create mode 100644 data_bags/example/example_item.json

create mode 100644 environments/README.md

create mode 100644 environments/example.json

create mode 100644 roles/README.md

create mode 100644 roles/example.json

[root@chef_workstation chef-repo]# git status

# On branch master

nothing to commit, working directory clean

4.8 Copy the RSA Keys to the Workstation:

Copy the RSA key from chef server node to chef workstation node

[root@chef_workstation chef-repo]# scp -pr root@chef_server:/root/admin.pem /root/chef-repo/.chef/

[root@chef_workstation chef-repo]# scp -pr root@chef_server:/root/chef-validator.pem /root/chef-repo/.chef/

4.9 Create knife.rb File:

create and edit the knife.rb file

[root@chef_workstation chef-repo]# vim ~/chef-repo/.chef/knife.rb

current_dir = File.dirname(__FILE__)

log_level                :info

log_location             STDOUT

node_name                "admin"

client_key               "#{current_dir}/admin.pem"

validation_client_name   "chef-validator"

validation_key           "#{current_dir}/chef-validator.pem"

chef_server_url          "https://chef_server/organizations/chef"

syntax_check_cache_path  "#{ENV['HOME']}/.chef/syntaxcache"

cookbook_path            ["#{current_dir}/../cookbooks"]

4.10 Testing Knife:

[root@chef_workstation ~]# cd /root/chef-repo

[root@chef_workstation chef-repo]# knife client list

ERROR: SSL Validation failure connecting to host: chef_server - SSL_connect returned=1 errno=0 state=error: certificate verify failed

ERROR: Could not establish a secure connection to the server.

Use `knife ssl check` to troubleshoot your SSL configuration.

If your Chef Server uses a self-signed certificate, you can use

`knife ssl fetch` to make knife trust the server's certificates.

Original Exception: OpenSSL::SSL::SSLError: SSL Error connecting to https://chef_server/organizations/chef/clients - SSL_connect returned=1 errno=0 state=error: certificate verify failed

4.11 Check SSL

[root@chef_workstation chef-repo]# knife ssl check

Connecting to host chef_server:443

ERROR: The SSL certificate of chef_server could not be verified

Certificate issuer data: /C=US/O=YouCorp/OU=Operations/CN=chef_server

Configuration Info:

OpenSSL Configuration:

* Version: OpenSSL 1.0.2j  26 Sep 2016

* Certificate file: /opt/chefdk/embedded/ssl/cert.pem

* Certificate directory: /opt/chefdk/embedded/ssl/certs

Chef SSL Configuration:

* ssl_ca_path: nil

* ssl_ca_file: nil

* trusted_certs_dir: "/root/chef-repo/.chef/trusted_certs"

TO FIX THIS ERROR:

If the server you are connecting to uses a self-signed certificate, you must

configure chef to trust that server's certificate.

By default, the certificate is stored in the following location on the host

where your chef-server runs:

/var/opt/opscode/nginx/ca/SERVER_HOSTNAME.crt

Copy that file to your trusted_certs_dir (currently: /root/chef-repo/.chef/trusted_certs)

using SSH/SCP or some other secure method, then re-run this command to confirm

that the server's certificate is now trusted.

[root@chef_workstation chef-repo]# knife ssl fetch

WARNING: Certificates from chef_server will be fetched and placed in your trusted_cert

directory (/root/chef-repo/.chef/trusted_certs).

Knife has no means to verify these are the correct certificates. You should

verify the authenticity of these certificates after downloading.

Adding certificate for chef_server in /root/chef-repo/.chef/trusted_certs/chef_server.crt

[root@chef_workstation chef-repo]# knife ssl check

Connecting to host chef_server:443

Successfully verified certificates from `chef_server'

4.12 Verify the client connection

[root@chef_workstation chef-repo]# knife client list

chef-validator

The output confirms the verification has been completed successfully.

五、Configure Chef client Node

Bootstrapping a node is a process of installing chef-client on a target machine so that it can run as a chef-client node and communicate with the chef server.From the workstation, you can bootstrap the node either by using the node’s root user, or a user with elevated privileges.

[root@chef_workstation .chef]# knife bootstrap chefnode-1 -x root -P password --sudo

Important options:

-x: The ssh username

-P: The ssh password

-p: The ssh port

-N: Set your chef-client node name. Leaving this out will usually make hostname being used as the chef-client node name.

[root@chef_workstation .chef]# knife bootstrap chefnode-1 -x root -P password --sudo

Doing old-style registration with the validation key at /root/chef-repo/.chef/chef-validator.pem...

Delete your validation key in order to use your user credentials instead

Connecting to chefnode-1

chefnode-1 -----> Existing Chef installation detected

chefnode-1 Starting the first Chef Client run...

chefnode-1 Starting Chef Client, version 13.1.31

chefnode-1 Creating a new client identity for chefnode-1 using the validator key.

chefnode-1 resolving cookbooks for run list: []

chefnode-1 Synchronizing Cookbooks:

chefnode-1 Installing Cookbook Gems:

chefnode-1 Compiling Cookbooks...

chefnode-1 [2017-06-16T03:07:47+08:00] WARN: Node chefnode-1 has an empty run list.

chefnode-1 Converging 0 resources

chefnode-1

chefnode-1 Running handlers:

chefnode-1 Running handlers complete

chefnode-1 Chef Client finished, 0/0 resources updated in 02 seconds

[root@chef_workstation .chef]# knife node list

chefnode-1

[root@chef_workstation .chef]# knife client show chefnode-1

admin:     false

chef_type: client

name:      chefnode-1

validator: false

六、Create a Simple Chef Cookbooks

create cookbook test_cookbook

[root@chef_workstation ~]# cd ~/chef-repo/cookbooks/

[root@chef_workstation cookbooks]# chef generate cookbook test_cookbook

Generating cookbook test_cookbook

- Ensuring correct cookbook file content

- Ensuring delivery configuration

- Ensuring correct delivery build cookbook content

Your cookbook is ready. Type `cd test_cookbook` to enter it.

There are several commands you can run to get started locally developing and testing your cookbook.

Type `delivery local --help` to see a full list.

Why not start by writing a test? Tests for the default recipe are stored at:

test/smoke/default/default_test.rb

If you'd prefer to dive right in, the default recipe can be found at:

recipes/default.rb

[root@chef_workstation recipes]# vim default.rb

#

# Cookbook:: test_cookbook

# Recipe:: default

#

# Copyright:: 2017, The Authors, All Rights Reserved.

#

execute 'cp_file' do

command 'cp /etc/hosts /root'

ignore_failure true

end

Upload the Cookbook:

Once your cookbook is complete, you can upload them on to your Chef server

[root@chef_workstation cookbooks]# knife cookbook upload test_cookbook

Uploading test_cookbook [0.1.0]

Uploaded 1 cookbook.

Check the version of cookbook

[root@chef_workstation cookbooks]# knife cookbook list

test_cookbook   0.1.0

Add the Cookbook to your node:

You can add a cookbook to the run_list of a particular node using the following command

[root@chef_workstation cookbooks]# knife node run_list add chefnode-1 test_cookbook

chefnode-1:

run_list: recipe[test_cookbook]

Ececute the action in cookbook on chef node

[root@chefnode-1 ~]# chef-client

Starting Chef Client, version 13.1.31

resolving cookbooks for run list: ["test_cookbook"]

Synchronizing Cookbooks:

- test_cookbook (0.1.0)

Installing Cookbook Gems:

Compiling Cookbooks...

Converging 1 resources

Recipe: test_cookbook::default

* execute[cp_file] action run

- execute cp /etc/hosts /root

Running handlers:

Running handlers complete

Chef Client finished, 1/1 resources updated in 02 seconds

vreufy the result

[root@chefnode-1 ~]# ls

anaconda-ks.cfg    hosts

Resources Reference

https://docs.chef.io/resources.html

[原]Chef_Server and Chef_WorkStation and Chef_Client Install Guide[by haibo]的更多相关文章

  1. Win10 Theano Install Guide

    basic install guide 1. download miniconda 2. conda install libpython mingw 3. conda install theano n ...

  2. Fedora 25/24/23 nVidia Drivers Install Guide

    https://www.if-not-true-then-false.com/2015/fedora-nvidia-guide/ search Most Popular Featured Linux ...

  3. Install guide for OpenLDAP and GOsa 2 on Ubuntu & Debian

    First we will install OpenLDAP by running the command as root: apt-get install slapd ldap-utils ldap ...

  4. freefcw/hustoj Install Guide

    First of all, this version hustoj is a skin and improved for https://code.google.com/p/hustoj/. So t ...

  5. Isilon OneFS Simulator Install Guide

    Isilon build for storage data Use VMware converter to convert node1 to ESX(参考silon_OneFS_Simulator_I ...

  6. csvn install guide

    一. make sure java install $ java -version $ echo $JAVA_HOME 二. untar tgz file $ tar xf CollabNetSubv ...

  7. kubernetes Auto Install Guide

    1.概念&架构 Kubernetes is an open-source system for automating deployment, scaling, and management o ...

  8. HOWTO install Oracle 11g on Ubuntu Linux 12.04 (Precise Pangolin) 64bits

    安装了Ubuntu 12.04 64bit, 想在上面安装Oracle 11gr2,网上找了好多文档都没成功,最后完全参考了MordicusEtCubitus的文章. 成功安装的关键点:install ...

  9. Install Asterisk 11 on Ubuntu 12.04 LTS

    http://blogs.digium.com/2012/11/14/how-to-install-asterisk-11-on-ubuntu-12-4-lts/ Last week I put up ...

随机推荐

  1. Myeclispe 代码自动补全

    1.Myeclispe—>Preference 2.Java->Editor->Content Assist 3.Auto activation for java 补全(.abcde ...

  2. Python 读取 支付宝账单并存储到 Access 中

    我有一个很多年前自己写的C#+Access的记账程序,用了很多年,现在花钱的机会多了,并且大部分走的支付宝,于是就想把账单从支付宝网站上下载下来,直接写入到Access,这样就很省心了. 记账程序是长 ...

  3. 基于Cesium的demo赏析

    更新于2019.2.23 Cesium的强大不用多说,所以有很多政府.组织基于cesium做了一些应用,其中不乏有很多优秀的示例,我们大都可以从中获得对自己的项目有益的东西.另:有的网站需要FQ. 官 ...

  4. openssl链接动态库的方法

    错误:AES_set_decrypt_key 一. 编译时: 1. 不要在windows与linux共享区编译2. ./config no-asm -fPIC3. make 二. cp: cannot ...

  5. 如何禁用package-lock

    因为 package-lock.json是自动生成的,可以配置 npm 来避免经常需要手动删除这个文件. 在当前项目禁用 package-lock.json 控制台下输入 echo 'package- ...

  6. spring拦截器中使用spring的自动注入

    需要在spring的拦截器中使用自定义的服务,这要就设计到将服务注入到拦截器中.网上看的情况有两种: 1. @Configuration public class OptPermissionHandl ...

  7. Effective Java 第三版——72. 赞成使用标准异常

    Tips 书中的源代码地址:https://github.com/jbloch/effective-java-3e-source-code 注意,书中的有些代码里方法是基于Java 9 API中的,所 ...

  8. 关于 Docker Hub 上不能注册 Docker ID 的问题

    1. 引言 我们中国大陆访问dockerhub的时候,想要注册一个dockerID,发现sign up按钮是灰色的,不能点击进行注册.这个时候通过点击右键"查看网页源代码"和&qu ...

  9. 文档大师 在Win10 IE11下,文档集画面无法正常显示Word等Office文档的解决方法

    在文档集界面中显示Word文档,是文档大师的一个核心功能. 最近在 Win10 升级到最新版后,发现 无法正常显示Office 文档的问题. 一开始以为是Word版本问题,从2007升级到2016,问 ...

  10. Mysql Binlog三种格式详细介绍

    一.MySQL Binlog格式介绍 mysql binlog日志有三种格式,分别为Statement,MiXED,以及ROW! 查看binlog的格式的脚本: 二.binlog 的不同模式有什么区别 ...