[原]Chef_Server and Chef_WorkStation and Chef_Client Install Guide[by haibo]
一、Prerequisite
OS : CentOS-7.0-1406-x86_64-DVD.iso
Time Server : NTP Server
|
SERVER NAME |
IP PLAN |
|
chef_server |
192.168.100.10 |
|
chef_workstation |
192.168.100.11 |
|
chefnode-1 |
192.168.100.12 |
IP Plan:
rpm package(chef_server):
autogen-libopts-5.18-5.el7.x86_64.rpm
ntp-4.2.6p5-25.el7.centos.x86_64.rpm
chef-server-core-12.15.7-1.el7.x86_64.rpm
rpm package(chef workstation):
chefdk-1.4.3-1.el7.x86_64.rpm
git-1.8.3.1-6.el7_2.1.x86_64.rpm
rpm package(chef node):
chef-13.1.31-1.el7.x86_64.rpm
二、Configure OS Environment
2.1 Configure the /etc/hosts
add the content of below into /etc/hosts every node:
192.168.100.10 chef_server
192.168.100.11 chef_workstation
192.168.100.12 chefnode-1
2.2 Setting the NTP Server On chef_server node
2.2.1 Install NTP package
[root@chef_server ~]# rpm -Uvh autogen-libopts-5.18-5.el7.x86_64.rpm
warning: autogen-libopts-5.18-5.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:autogen-libopts-5.18-5.el7 ################################# [100%]
[root@chef_server ~]# rpm -Uvh ntp-4.2.6p5-25.el7.centos.x86_64.rpm --nodeps
warning: ntp-4.2.6p5-25.el7.centos.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:ntp-4.2.6p5-25.el7.centos ################################# [100%]
[root@chef_server ~]# systemctl start ntpd
[root@chef_server ~]# systemctl status ntpd
ntpd.service - Network Time Service
Loaded: loaded (/usr/lib/systemd/system/ntpd.service; disabled)
Active: active (running) since Thu 2017-06-15 23:40:59 CST; 11s ago
Process: 2681 ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 2682 (ntpd)
CGroup: /system.slice/ntpd.service
├─2682 /usr/sbin/ntpd -u ntp:ntp -g
└─2683 /usr/sbin/ntpd -u ntp:ntp -g
2.2.2 Configure the NTP Server
[root@chef_server ~]# vim /etc/ntp.conf
driftfile /var/lib/ntp/drift
restrict default nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict ::1
# delete
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
# add
server 127.127.1.0
fudge 127.127.1.0 stratum 1
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys
disable monitor
[root@chef_server ~]# systemctl restart ntpd
[root@chef_server ~]# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
*LOCAL(0) .LOCL. 1 l 6 64 1 0.000 0.000 0.000
2.2.3 disable the service named firewalld
[root@chef_server ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: active (running) since Thu 2017-06-15 23:17:24 CST; 37min ago
Main PID: 782 (firewalld)
CGroup: /system.slice/firewalld.service
└─782 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Jun 15 23:17:24 chef_server systemd[1]: Started firewalld - dynamic firewall daemon.
[root@chef_server ~]# systemctl stop firewalld
[root@chef_server ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: inactive (dead) since Thu 2017-06-15 23:55:50 CST; 2s ago
Main PID: 782 (code=exited, status=0/SUCCESS)
Jun 15 23:17:24 chef_server systemd[1]: Started firewalld - dynamic firewall daemon.
Jun 15 23:55:48 chef_server systemd[1]: Stopping firewalld - dynamic firewall daemon...
Jun 15 23:55:50 chef_server systemd[1]: Stopped firewalld - dynamic firewall daemon.
NOTE THAT: if you don’t want to stop the firewall ,The Chef server requires the following ports to be open through the firewall
Run the following command to allow 80 and 443 through the firewall.
firewall-cmd --permanent --zone public --add-service http
firewall-cmd --permanent --zone public --add-service https
firewall-cmd --reload
2.2.4 Verify configure and Synchronization
On chef_workstation
[root@chef_workstation ~]# ntpdate chef_server
16 Jun 00:21:55 ntpdate[3239]: adjust time server 192.168.100.10 offset 0.006277 sec
On chefnode-1
[root@chefnode-1 ~]# ntpdate chef_server
16 Jun 00:22:02 ntpdate[3629]: step time server 192.168.100.10 offset 51936.191786 sec
三、Configure Chef Server
3.1 Install chef server package on server node
Install the chef server package and download from the site: https://downloads.chef.io/
[root@chef_server ~]# rpm -Uvh chef-server-core-12.15.7-1.el7.x86_64.rpm
warning: chef-server-core-12.15.7-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:chef-server-core-12.15.7-1.el7 ################################# [100%]
[root@chef_server ~]# chef-server-ctl reconfigure
……
Chef Client finished, 493/1080 resources updated in 03 minutes 39 seconds
Chef Server Reconfigured!
[root@chef_server ~]# chef-server-ctl status
run: bookshelf: (pid 12149) 193s; run: log: (pid 12187) 193s
run: nginx: (pid 11960) 197s; run: log: (pid 12564) 188s
run: oc_bifrost: (pid 11858) 199s; run: log: (pid 11901) 198s
run: oc_id: (pid 11950) 198s; run: log: (pid 11956) 197s
run: opscode-erchef: (pid 12387) 190s; run: log: (pid 12311) 192s
run: opscode-expander: (pid 12034) 194s; run: log: (pid 12105) 194s
run: opscode-solr4: (pid 12000) 195s; run: log: (pid 12020) 195s
run: postgresql: (pid 11816) 199s; run: log: (pid 11841) 199s
run: rabbitmq: (pid 11304) 211s; run: log: (pid 11163) 216s
run: redis_lb: (pid 10796) 248s; run: log: (pid 12555) 188s
3.2 Create an admin User or Organization
User Name: admin
First Name: admin
Last Name: admin
Email: admin@chef.io
Password: password
File Name: admin.pem
Path: /root
[root@chef_server ~]# chef-server-ctl user-create admin admin admin admin@chef.io password -f /root/admin.pem
[root@chef_server ~]# chef-server-ctl org-create chef "CHEF, Inc" --association_user admin -f /root/chef-validator.pem
四、Configure Chef Workstation
4.1 Install chef dk package on chef workstation node
Download the package from the site : https://downloads.chef.io/
[root@chef_workstation ~]# rpm -Uvh chefdk-1.4.3-1.el7.x86_64.rpm
warning: chefdk-1.4.3-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:chefdk-1.4.3-1.el7 ################################# [100%]
Thank you for installing Chef Development Kit!
4.2 Configure the PATH
[root@chef_workstation bin]# export PATH="/opt/chefdk/embedded/bin:${HOME}/.chefdk/gem/ruby/2.1.0/bin:$PATH"
Verify the configure
[root@chef_workstation bin]# which ruby
/opt/chefdk/embedded/bin/ruby
4.3 Install Git
[root@chef_workstation ~]# rpm -Uvh git-1.8.3.1-6.el7_2.1.x86_64.rpm --nodeps
warning: git-1.8.3.1-6.el7_2.1.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:git-1.8.3.1-6.el7_2.1 ################################# [100%]
[root@chef_workstation ~]# git --version
git version 1.8.3.1
4.4 Create chef repo directory
[root@chef_workstation ~]# chef generate repo chef-repo
[root@chef_workstation ~]# cd chef-repo/
[root@chef_workstation chef-repo]# ls -al
total 32
drwxr-xr-x. 7 root root 4096 Jun 16 01:20 .
dr-xr-x---. 6 root root 4096 Jun 16 01:20 ..
-rw-r--r--. 1 root root 1133 Jun 16 01:20 chefignore
-rw-r--r--. 1 root root 255 Jun 16 01:20 .chef-repo.txt
drwxr-xr-x. 3 root root 36 Jun 16 01:20 cookbooks
drwxr-xr-x. 3 root root 36 Jun 16 01:20 data_bags
drwxr-xr-x. 2 root root 41 Jun 16 01:20 environments
drwxr-xr-x. 7 root root 4096 Jun 16 01:20 .git
-rw-r--r--. 1 root root 2121 Jun 16 01:20 .gitignore
-rw-r--r--. 1 root root 70 Jun 16 01:20 LICENSE
-rw-r--r--. 1 root root 1499 Jun 16 01:20 README.md
drwxr-xr-x. 2 root root 41 Jun 16 01:20 roles
4.5 Create the user and email for git
[root@chef_workstation ~]# git config --global user.name "admin"
[root@chef_workstation ~]# git config --global user.email "admin@chef.io"
4.6 Create the repo for git
[root@chef_workstation ~]# cd chef-repo/
[root@chef_workstation chef-repo]# git init
Reinitialized existing Git repository in /root/chef-repo/.git/
4.7 Create the hidden folder .chef under /root/chef-repo
the hidden folder .chef under /root/chef-repo so that stores the RSA keys
[root@chef_workstation chef-repo]# mkdir -p ~/chef-repo/.chef
NOTE THAT:Since this hidden directory stores the RSA keys, it should not be exposed to the public. To do that we will add this directory to “.gitignore” to prevent uploading the contents to GitHub
[root@chef_workstation chef-repo]# echo '.chef' >> ~/chef-repo/.gitignore
[root@chef_workstation chef-repo]# git add .
[root@chef_workstation chef-repo]# git commit -m "initial commit"
[master (root-commit) 26d359d] initial commit
16 files changed, 471 insertions(+)
create mode 100644 .chef-repo.txt
create mode 100644 .gitignore
create mode 100644 LICENSE
create mode 100644 README.md
create mode 100644 chefignore
create mode 100644 cookbooks/README.md
create mode 100644 cookbooks/example/README.md
create mode 100644 cookbooks/example/attributes/default.rb
create mode 100644 cookbooks/example/metadata.rb
create mode 100644 cookbooks/example/recipes/default.rb
create mode 100644 data_bags/README.md
create mode 100644 data_bags/example/example_item.json
create mode 100644 environments/README.md
create mode 100644 environments/example.json
create mode 100644 roles/README.md
create mode 100644 roles/example.json
[root@chef_workstation chef-repo]# git status
# On branch master
nothing to commit, working directory clean
4.8 Copy the RSA Keys to the Workstation:
Copy the RSA key from chef server node to chef workstation node
[root@chef_workstation chef-repo]# scp -pr root@chef_server:/root/admin.pem /root/chef-repo/.chef/
[root@chef_workstation chef-repo]# scp -pr root@chef_server:/root/chef-validator.pem /root/chef-repo/.chef/
4.9 Create knife.rb File:
create and edit the knife.rb file
[root@chef_workstation chef-repo]# vim ~/chef-repo/.chef/knife.rb
current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name "admin"
client_key "#{current_dir}/admin.pem"
validation_client_name "chef-validator"
validation_key "#{current_dir}/chef-validator.pem"
chef_server_url "https://chef_server/organizations/chef"
syntax_check_cache_path "#{ENV['HOME']}/.chef/syntaxcache"
cookbook_path ["#{current_dir}/../cookbooks"]
4.10 Testing Knife:
[root@chef_workstation ~]# cd /root/chef-repo
[root@chef_workstation chef-repo]# knife client list
ERROR: SSL Validation failure connecting to host: chef_server - SSL_connect returned=1 errno=0 state=error: certificate verify failed
ERROR: Could not establish a secure connection to the server.
Use `knife ssl check` to troubleshoot your SSL configuration.
If your Chef Server uses a self-signed certificate, you can use
`knife ssl fetch` to make knife trust the server's certificates.
Original Exception: OpenSSL::SSL::SSLError: SSL Error connecting to https://chef_server/organizations/chef/clients - SSL_connect returned=1 errno=0 state=error: certificate verify failed
4.11 Check SSL
[root@chef_workstation chef-repo]# knife ssl check
Connecting to host chef_server:443
ERROR: The SSL certificate of chef_server could not be verified
Certificate issuer data: /C=US/O=YouCorp/OU=Operations/CN=chef_server
Configuration Info:
OpenSSL Configuration:
* Version: OpenSSL 1.0.2j 26 Sep 2016
* Certificate file: /opt/chefdk/embedded/ssl/cert.pem
* Certificate directory: /opt/chefdk/embedded/ssl/certs
Chef SSL Configuration:
* ssl_ca_path: nil
* ssl_ca_file: nil
* trusted_certs_dir: "/root/chef-repo/.chef/trusted_certs"
TO FIX THIS ERROR:
If the server you are connecting to uses a self-signed certificate, you must
configure chef to trust that server's certificate.
By default, the certificate is stored in the following location on the host
where your chef-server runs:
/var/opt/opscode/nginx/ca/SERVER_HOSTNAME.crt
Copy that file to your trusted_certs_dir (currently: /root/chef-repo/.chef/trusted_certs)
using SSH/SCP or some other secure method, then re-run this command to confirm
that the server's certificate is now trusted.
[root@chef_workstation chef-repo]# knife ssl fetch
WARNING: Certificates from chef_server will be fetched and placed in your trusted_cert
directory (/root/chef-repo/.chef/trusted_certs).
Knife has no means to verify these are the correct certificates. You should
verify the authenticity of these certificates after downloading.
Adding certificate for chef_server in /root/chef-repo/.chef/trusted_certs/chef_server.crt
[root@chef_workstation chef-repo]# knife ssl check
Connecting to host chef_server:443
Successfully verified certificates from `chef_server'
4.12 Verify the client connection
[root@chef_workstation chef-repo]# knife client list
chef-validator
The output confirms the verification has been completed successfully.
五、Configure Chef client Node
Bootstrapping a node is a process of installing chef-client on a target machine so that it can run as a chef-client node and communicate with the chef server.From the workstation, you can bootstrap the node either by using the node’s root user, or a user with elevated privileges.
[root@chef_workstation .chef]# knife bootstrap chefnode-1 -x root -P password --sudo
Important options:
-x: The ssh username
-P: The ssh password
-p: The ssh port
-N: Set your chef-client node name. Leaving this out will usually make hostname being used as the chef-client node name.
[root@chef_workstation .chef]# knife bootstrap chefnode-1 -x root -P password --sudo
Doing old-style registration with the validation key at /root/chef-repo/.chef/chef-validator.pem...
Delete your validation key in order to use your user credentials instead
Connecting to chefnode-1
chefnode-1 -----> Existing Chef installation detected
chefnode-1 Starting the first Chef Client run...
chefnode-1 Starting Chef Client, version 13.1.31
chefnode-1 Creating a new client identity for chefnode-1 using the validator key.
chefnode-1 resolving cookbooks for run list: []
chefnode-1 Synchronizing Cookbooks:
chefnode-1 Installing Cookbook Gems:
chefnode-1 Compiling Cookbooks...
chefnode-1 [2017-06-16T03:07:47+08:00] WARN: Node chefnode-1 has an empty run list.
chefnode-1 Converging 0 resources
chefnode-1
chefnode-1 Running handlers:
chefnode-1 Running handlers complete
chefnode-1 Chef Client finished, 0/0 resources updated in 02 seconds
[root@chef_workstation .chef]# knife node list
chefnode-1
[root@chef_workstation .chef]# knife client show chefnode-1
admin: false
chef_type: client
name: chefnode-1
validator: false
六、Create a Simple Chef Cookbooks
create cookbook test_cookbook
[root@chef_workstation ~]# cd ~/chef-repo/cookbooks/
[root@chef_workstation cookbooks]# chef generate cookbook test_cookbook
Generating cookbook test_cookbook
- Ensuring correct cookbook file content
- Ensuring delivery configuration
- Ensuring correct delivery build cookbook content
Your cookbook is ready. Type `cd test_cookbook` to enter it.
There are several commands you can run to get started locally developing and testing your cookbook.
Type `delivery local --help` to see a full list.
Why not start by writing a test? Tests for the default recipe are stored at:
test/smoke/default/default_test.rb
If you'd prefer to dive right in, the default recipe can be found at:
recipes/default.rb
[root@chef_workstation recipes]# vim default.rb
#
# Cookbook:: test_cookbook
# Recipe:: default
#
# Copyright:: 2017, The Authors, All Rights Reserved.
#
execute 'cp_file' do
command 'cp /etc/hosts /root'
ignore_failure true
end
Upload the Cookbook:
Once your cookbook is complete, you can upload them on to your Chef server
[root@chef_workstation cookbooks]# knife cookbook upload test_cookbook
Uploading test_cookbook [0.1.0]
Uploaded 1 cookbook.
Check the version of cookbook
[root@chef_workstation cookbooks]# knife cookbook list
test_cookbook 0.1.0
Add the Cookbook to your node:
You can add a cookbook to the run_list of a particular node using the following command
[root@chef_workstation cookbooks]# knife node run_list add chefnode-1 test_cookbook
chefnode-1:
run_list: recipe[test_cookbook]
Ececute the action in cookbook on chef node
[root@chefnode-1 ~]# chef-client
Starting Chef Client, version 13.1.31
resolving cookbooks for run list: ["test_cookbook"]
Synchronizing Cookbooks:
- test_cookbook (0.1.0)
Installing Cookbook Gems:
Compiling Cookbooks...
Converging 1 resources
Recipe: test_cookbook::default
* execute[cp_file] action run
- execute cp /etc/hosts /root
Running handlers:
Running handlers complete
Chef Client finished, 1/1 resources updated in 02 seconds
vreufy the result
[root@chefnode-1 ~]# ls
anaconda-ks.cfg hosts
Resources Reference
https://docs.chef.io/resources.html
[原]Chef_Server and Chef_WorkStation and Chef_Client Install Guide[by haibo]的更多相关文章
- Win10 Theano Install Guide
basic install guide 1. download miniconda 2. conda install libpython mingw 3. conda install theano n ...
- Fedora 25/24/23 nVidia Drivers Install Guide
https://www.if-not-true-then-false.com/2015/fedora-nvidia-guide/ search Most Popular Featured Linux ...
- Install guide for OpenLDAP and GOsa 2 on Ubuntu & Debian
First we will install OpenLDAP by running the command as root: apt-get install slapd ldap-utils ldap ...
- freefcw/hustoj Install Guide
First of all, this version hustoj is a skin and improved for https://code.google.com/p/hustoj/. So t ...
- Isilon OneFS Simulator Install Guide
Isilon build for storage data Use VMware converter to convert node1 to ESX(参考silon_OneFS_Simulator_I ...
- csvn install guide
一. make sure java install $ java -version $ echo $JAVA_HOME 二. untar tgz file $ tar xf CollabNetSubv ...
- kubernetes Auto Install Guide
1.概念&架构 Kubernetes is an open-source system for automating deployment, scaling, and management o ...
- HOWTO install Oracle 11g on Ubuntu Linux 12.04 (Precise Pangolin) 64bits
安装了Ubuntu 12.04 64bit, 想在上面安装Oracle 11gr2,网上找了好多文档都没成功,最后完全参考了MordicusEtCubitus的文章. 成功安装的关键点:install ...
- Install Asterisk 11 on Ubuntu 12.04 LTS
http://blogs.digium.com/2012/11/14/how-to-install-asterisk-11-on-ubuntu-12-4-lts/ Last week I put up ...
随机推荐
- JS_高程4.变量,作用域和内存问题(1)
1.基本类型和应用类型的值 ECMAScript变量可能包含两种不同数据类型的值: 基本类型值——简单的数据段.(5种基本的数据类型,按值访问,因为可以操作保存在变量中的实际的值.) 引用类型值——多 ...
- 4、css属性操作
前面说的主要是css的使用规则和选择器等,这篇主要讲解css的具体使用. 本篇导航: css text 背景属性 边框属性 列表属性 dispaly属性 外边距(margine)和内边距(paddin ...
- HRD Emulator in HTML5
Posted on March 21, 2012 by Moto Just like MPEG-2 video uses VBV (Video Buffer Verifier), H.264 stan ...
- Python - 列联表的独立性检验(卡方检验)
Python - 列联表的独立性检验(卡方检验) 想对两个或两个以上因子彼此之间是否相互独立做检验时,就要用到卡方检验,原以为在Python中实现会像R的chisq.test一样简便,但scipy的s ...
- PPTP服务端与客户端 修改默认PPTP默认端口1723
linux pptp服务端:我们在Linux下建立的pptpd端口号默认是1723,有时候这个端口并不是那么的好用,不是麽?所以服务端修改端口号比较简单 修改 /etc/services 文件查找 1 ...
- mysql函数之SUBSTRING_INDEX(str,"/",-1)
SUBSTRING_INDEX的用法: •SUBSTRING_INDEX(str,delim,count) 在定界符 delim 以及count 出现前,从字符串str返回自字符串.若count为正值 ...
- R语言之Random Forest随机森林
什么是随机森林? 随机森林就是通过集成学习的思想将多棵树集成的一种算法,它的基本单元是决策树,而它的本质属于机器学习的一大分支——集成学习(Ensemble Learning)方法.随机森林的名称中有 ...
- Mongodb系列- java客户端简单使用(CRUD)
Mongodb提供了很多的客户端: shell,python, java, node.js...等等. 以 java 为例实现简单的增删改查 pom文件: <dependencies> & ...
- Mybatis中自定义映射xml参数传递使用
在使用mybatis框架时,大多时候自动生成的mapper.xml文件能满足我们所需的数据库操作,但一些情况下还是需要我们自己写sql:为了加深印象,总结了下参数传递的方式以及各个关键字的含义如下: ...
- FILESTREAM feature can't be enabled if you use cluster shared volumes
Create a SQL Cluster instance. Create Cluster Shared Volume Please note. No Share storage is added i ...