• 在Linux上安装Chef工作站


    导读 Chef是一个IT基础设施自动化软件,它可以管理你组织中所有的服务器和网络设备。当我们想与Chef服务器、任何物理节点(服务器、网络设备等)的基础设施进行交互时,我们需要一个Chef工作站。本教程解释如何安装和配置Linux服务器上Chef工作站。

    small-Linux_fighter

    下载 ChefDK

    ChefDK是Chef Development Kit的缩写,它几乎用于所有的平台,包括基于Debian发行版、Ubuntu、RedHat、CentOS、Mac OS X和Windows。当前ChefDK的稳定版本是0.11.2,对于基于RHEL的系统,它可用于版本 6 和 7(如: CentOS 6 和 CentOS 7),RPM版本只有64位版本。

    使用以下命令下载ChefDK

    在CentOS 7上

    cd ~
    wget https://packages.chef.io/stable/el/7/chefdk-0.11.2-1.el7.x86_64.rpm
    

    在CentOS 6上

    cd ~
    wget https://packages.chef.io/stable/el/6/chefdk-0.11.2-1.el6.x86_64.rpm
    
    安装 ChefDK

    使用RPM安装刚刚下载的ChefDK

    # rpm -ivh chefdk-0.11.2-1.el7.x86_64.rpm 
    Preparing...                          ################################# [100%]
    Updating / installing...
       1:chefdk-0.11.2-1.el7              ################################# [100%]
    Thank you for installing Chef Development Kit!
    

    ChefDK默认安装到/opt/chefdk目录下,如下所示

    # ls -l /opt/chefdk/
    drwxr-xr-x. 2 root root  4096 Mar  3 13:50 bin
    drwxr-xr-x. 7 root root    62 Mar  3 13:50 embedded
    -rw-r--r--. 1 root root 13249 Feb 22 14:26 version-manifest.json
    -rw-r--r--. 1 root root  8233 Feb 22 14:26 version-manifest.txt
    
    验证ChefDK的安装

    执行chef verify,验证所有来自ChefDK的不同组件,确保他们都工作正常,没有任何问题

    # chef verify
    Running verification for component 'berkshelf'
    Running verification for component 'test-kitchen'
    Running verification for component 'tk-policyfile-provisioner'
    Running verification for component 'chef-client'
    Running verification for component 'chef-dk'
    Running verification for component 'chef-provisioning'
    Running verification for component 'chefspec'
    Running verification for component 'generated-cookbooks-pass-chefspec'
    Running verification for component 'rubocop'
    Running verification for component 'fauxhai'
    Running verification for component 'knife-spork'
    Running verification for component 'kitchen-vagrant'
    Running verification for component 'package installation'
    Running verification for component 'openssl'
    Running verification for component 'inspec'
    .......
    ---------------------------------------------
    Verification of component 'test-kitchen' succeeded.
    Verification of component 'chef-dk' succeeded.
    Verification of component 'chefspec' succeeded.
    Verification of component 'rubocop' succeeded.
    Verification of component 'knife-spork' succeeded.
    Verification of component 'openssl' succeeded.
    Verification of component 'berkshelf' succeeded.
    Verification of component 'chef-client' succeeded.
    Verification of component 'fauxhai' succeeded.
    Verification of component 'inspec' succeeded.
    Verification of component 'tk-policyfile-provisioner' succeeded.
    Verification of component 'kitchen-vagrant' succeeded.
    Verification of component 'chef-provisioning' succeeded.
    Verification of component 'package installation' succeeded.
    Verification of component 'generated-cookbooks-pass-chefspec' succeeded.
    

    下面是chef verify失败的案例。注意:Ruby在Chef中是必须的,它被嵌入在了ChefDK中。

    # chef verify
    ..
    /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/mixlib-shellout-2.2.6/lib/mixlib/shellout.rb:289:in `invalid!': Expected process to exit with [0], but received '1' (Mixlib::ShellOut::ShellCommandFailed)
    ---- Begin output of /usr/bin/ohai -v ----
    STDOUT: 
    STDERR: /opt/chefdk/embedded/lib/ruby/site_ruby/2.1.0/rubygems/dependency.rb:319:in `to_specs': Could not find 'chef-config' (= 12.8.0) - did find: [chef-config-12.7.2] (Gem::LoadError)
    

    以上错误信息显示:“Could not find ‘chef-config’ (= 12.8.0) – did find: [chef-config-12.7.2] (Gem::LoadError)”,在安装的ChefDK中chef-config的版本是12.7.2的旧版本,在手动安装chef-confg 12.8.0版本后再执行chef verify,显示验证成功。

    验证ChefDK版本

    执行 chef -version命令,显示ChefDK的版本号以及所有附带组件

    # chef --version
    Chef Development Kit Version: 0.11.2
    chef-client version: 12.7.2
    berks version: 4.2.0
    kitchen version: 1.5.0
    
    设置Chef 环境变量

    设置Chef相关的环境变量,如:GEM_ROOT GEM_HOME GEM_PATH。

    export GEM_ROOT="/opt/chefdk/embedded/lib/ruby/gems/2.1.0"
    export GEM_HOME="/root/.chefdk/gem/ruby/2.1.0"
    export GEM_PATH="/root/.chefdk/gem/ruby/2.1.0:/opt/chefdk/embedded/lib/ruby/gems/2.1.0"
    

    此外,如果你的系统上已经安装了ruby,你需要更新与ruby相关的PATH变量,如下所示

    export PATH="/opt/chefdk/bin:/root/.chefdk/gem/ruby/2.1.0/bin:/opt/chefdk/embedded/bin:/opt/chefdk/bin:/root/.chefdk/gem/ruby/2.1.0/bin:/opt/chefdk/embedded/bin:/opt/chefdk/bin:/root/.chefdk/gem/ruby/2.1.0/bin:/opt/chefdk/embedded/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin"
    

    显示所有Chef设置的环境变量。

    chef shell-init bash
    

    想要快速设置这些环境变量,可以将其添加到bash_profile文件中,如下所示。

    echo 'eval "$(chef shell-init bash)"' >> ~/.bash_profile
    
    访问Chef的Firewalld规则

    为了访问Chef服务器上的Chef Manage GUI,添加以下firewalld规则,开放Chef服务器上的相应端口。

    firewall-cmd --direct  --add-rule ipv4 
    filter INPUT_direct 0 -i eth0 -p tcp 
     --dport 443 -j ACCEPT
    
    firewall-cmd --direct  --add-rule ipv4 
    filter INPUT_direct 0 -i eth0 -p tcp 
     --dport 80 -j ACCEPT
    
    firewall-cmd --direct  --add-rule ipv4 
    filter INPUT_direct 0 -i eth0 -p tcp 
     --dport 9683 -j ACCEPT
    
    firewall-cmd --reload
    
    从Chef Manage GUI下载Starter Kit

    登录到Chef Manage GUI,单击“Administration”选项,从列表中选择“organization”。此例中,“organization”为“example”,选中organization之后,点击左侧菜单中的“Starter Kit”。 chef-manage-starter-kit
    按下“Download(下载)”按钮之后,会跳出一个警告信息,按下“Proceed”,它会将chef-starter.zip文件下载到本地机器。

    解压缩 Starter Kit

    将chef-starter.zip文件传输到Chef工作站并解压到root的home目录下

    # cd ~
    # unzip chef-starter.zip 
    Archive:  chef-starter.zip
       creating: chef-repo/cookbooks/
       creating: chef-repo/cookbooks/starter/
       creating: chef-repo/cookbooks/starter/templates/
       creating: chef-repo/cookbooks/starter/templates/default/
      inflating: chef-repo/cookbooks/starter/templates/default/sample.erb  
       creating: chef-repo/cookbooks/starter/files/
       creating: chef-repo/cookbooks/starter/files/default/
      inflating: chef-repo/cookbooks/starter/files/default/sample.txt  
       creating: chef-repo/cookbooks/starter/recipes/
      inflating: chef-repo/cookbooks/starter/recipes/default.rb  
       creating: chef-repo/cookbooks/starter/attributes/
      inflating: chef-repo/cookbooks/starter/attributes/default.rb  
      inflating: chef-repo/cookbooks/starter/metadata.rb  
      inflating: chef-repo/cookbooks/chefignore  
      inflating: chef-repo/README.md     
      inflating: chef-repo/.gitignore    
       creating: chef-repo/.chef/
       creating: chef-repo/roles/
      inflating: chef-repo/.chef/knife.rb  
      inflating: chef-repo/roles/starter.rb  
      inflating: chef-repo/.chef/ramesh.pem  
      inflating: chef-repo/.chef/example-validator.pem
    

    如果你手动创建了chef-repo文件夹,那你就需要手动创建上述的子目录,复制knife.rb文件、organization-validator.pem文件(如:example-validator.pem)、username.pem文件(如:ramesh.pem)到上面显示的目录中。

    Chef服务器的SSL证书

    在这个阶段如果执行knife client list会得到以下错误信息

    # cd ~/chef-repo
    # knife client list
    ERROR: SSL Validation failure connecting to host: centos.example.com - SSL_connect returned=1 errno=0 state=error: certificate verify failed
    ERROR: Could not establish a secure connection to the server.
    Use `knife ssl check` to troubleshoot your SSL configuration.
    If your Chef Server uses a self-signed certificate, you can use
    `knife ssl fetch` to make knife trust the server's certificates.
    
    Original Exception: OpenSSL::SSL::SSLError: SSL Error connecting to https://centos.example.com/organizations/example/clients - SSL_connect returned=1 errno=0 state=error: certificate verify failed
    

    证书验证失败,因为我们没有从Chef服务器下载SSL证书,此时可以执行以下“knife ssl fetch”。

    # cd ~/chef-repo
    # knife ssl fetch
    WARNING: Certificates from centos.example.com will be fetched and placed in your trusted_cert
    directory (/root/chef-repo/.chef/trusted_certs).
    
    Knife has no means to verify these are the correct certificates. You should
    verify the authenticity of these certificates after downloading.
    

    证书将会下载到以下truster_certs目录中

    # ls -l /root/chef-repo/.chef/trusted_certs
    -rw-r--r--. 1 root root 1379 Mar 20 20:17 centos_example_com.crt
    
    # cat /root/chef-repo/.chef/trusted_certs/centos_example_com.crt 
    -----BEGIN CERTIFICATE-----
    MIIDzDCCArSgAwIBAgIBADANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEQ
    MA4GA1UECgwHWW91Q29ycDETMBEGA1UECwwKT3BlcmF0aW9uczEbMBkGA1UEAwwS
    ZXJhdGlvbnMxGzAZBgNVBAMMEmNlbnRvcy5leGFtcGxlLmNvbTCCASIwDQYJKoZI
    ..
    ..
    WLyr2ORLMcck/OGsubabO/koMNTqhl2JJPECNiDJh06MeZ/2+BOwGZSpXDbw+vFE
    NJAsLfsTzihGWZ58einMFA==
    -----END CERTIFICATE-----
    
    Chef工作站的最终确认

    如果Chef工作站工作正常,当你执行“knife client list”时,它会显示所有连接工作站的客户端。由于我们刚刚安装它,因此只能看到刚刚我们创建的组织(organization)

    # cd ~/chef-repo
    
    # knife client list
    example-validator
    

    如果你现有的Chef工作站机器上已经有5个服务器连接到它了,你会看到以下信息

    # knife client list
    example-validator
    node1
    node2
    node3
    node4
    node5
    

    免费提供最新Linux技术教程书籍,为开源技术爱好者努力做得更多更好:https://www.linuxprobe.com/

  • 相关阅读:
    第一篇阅读笔记
    课程信息管理系统
    HDU1124求n的阶乘后0的个数
    分解质因数算法
    牛客小白月赛23 B阶乘(质因数分解)
    JAVAWEB将图片铺满整个页面的方法
    Codeforces Global Round 7
    POJ--1703并查集(区分两个集合)
    POJ--1611经典并查集
    DFS,BFS回顾(各种题)(肺炎疫情中,祝平安)
  • 原文地址:https://www.cnblogs.com/linuxprobe/p/5427827.html
Copyright © 2020-2023  润新知