chef infra安装和使用入门
2024-05-16 10:23:51
本文不讲架构,不扯淡,上来就是命令和代码直接开干!就是入门和学习,完整的基础构成组件全部堆在一台机器上。有问题请留言。
一台机器安装四个组件
chef server
chef manage
chef workstation
chef client
系统环境为ubuntu16.04,root权限,注意内存至少为3GB
下载的包在/root文件夹下,依次为
https://downloads.chef.io/products/infra-client?os=ubuntu
chef_16.6.14-1_amd64.deb
https://downloads.chef.io/products/infra-server
chef-server-core_14.0.65-1_amd64.deb
https://downloads.chef.io/products/manage
chef-manage_3.0.11-1_amd64.deb
https://downloads.chef.io/products/workstation?os=ubuntu
chef-workstation_20.11.180-1_amd64.deb
/etc/hosts配置如下:
192.168.64.130 chefserver chef.test.com
192.168.64.130 chefworkstation
192.168.64.130 chefnode
chef server安装与配置
配置主机名
hostnamectl set-hostname chef.test.com
安装
dpkg -i chef-server-core_14.0.65-1_amd64.deb
chef-server-ctl reconfigure
chef-server-ctl install chef-manage --path /root/chef-manage_3.0.11-1_amd64.deb
chef-server-ctl reconfigure
chef-manage-ctl reconfigure
创建管理员,比如管理员叫what thehell,用户名为hell,邮箱为whatthehell@whatever.com,密码为usaygej8,证书保存为/root/hell.pem
chef-server-ctl user-create hell what thehell whatthehell@whatever.com 'usaygej8' --filename /root/hell.pem
创建组织,比如组织叫test,全名叫test com,和hell用户关联,证书保存为/root/test-validator.pem(这一步也可以登录https://192.168.64.130的管理页面设置)
chef-server-ctl org-create test 'test com' --association_user hell --filename test-validator.pem
登录https://192.168.64.130的管理页面下载config.rb和Starter Kit
chef workstation安装与配置
安装
dpkg -i chef-workstation_20.11.180-1_amd64.deb
验证
chef -v
显示
Chef Workstation version: 20.11.180
Chef Infra Client version: 16.6.14
Chef InSpec version: 4.23.15
Chef CLI version: 3.0.33
Chef Habitat version: 1.6.56
Test Kitchen version: 2.7.2
Cookstyle version: 7.2.1配置ruby,使用chef自带ruby
echo 'eval "$(chef shell-init bash)"' >> ~/.bash_profile
source ~/.bash_profile
which ruby
创建chef-repo
chef generate repo chef-repo
创建之后的目录结构
chef-repo/
├── chefignore
├── cookbooks
│ ├── example
│ │ ├── attributes
│ │ │ └── default.rb
│ │ ├── metadata.rb
│ │ ├── README.md
│ │ └── recipes
│ │ └── default.rb
│ └── README.md
├── data_bags
│ ├── example
│ │ └── example_item.json
│ └── README.md
├── LICENSE
├── policyfiles
│ └── README.md
└── README.md
创建.chef文件夹用来保存以下文件
config.rb
test-validator.pem
hell.pem
生成.chef文件夹,生成后位置为/root/.chef
root@chef:~# knife configure
WARNING: No knife configuration file found. See https://docs.chef.io/config_rb/ for details.
Please enter the chef server URL: [https://chefserver/organizations/myorg] https://chefserver/organizations/test
Please enter an existing username or clientname for the API: [root] hell
*****You must place your client key in:/root/.chef/hell.pem
Before running commands with Knife*****
Knife configuration file written to /root/.chef/credentials
下载的config.rb上传到~/.chef,需要修改下cookbook_path
改完内容如下:
# See https://docs.getchef.com/config_rb.html for more information on knife configuration optionscurrent_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name "hell"
client_key "#{current_dir}/hell.pem"
chef_server_url "https://chefserver/organizations/test"
cookbook_path ["#{current_dir}/../chef-repo/cookbooks"]
官方的参考内容更丰富一些
current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name 'node_name'
client_key "#{current_dir}/USER.pem"
validation_client_name 'ORG_NAME-validator'
validation_key "#{current_dir}/ORGANIZATION-validator.pem"
chef_server_url 'https://api.chef.io/organizations/ORG_NAME'
cache_type 'BasicFile'
cache_options( :path => "#{ENV['HOME']}/.chef/checksums" )
cookbook_path ["#{current_dir}/../cookbooks"]
拷贝证书
cp /root/hell.pem ~/.chef
cp /root/test-validator.pem ~/.chef
执行
knife ssl fetch
knife ssl check
knife node list
执行结果如下:
root@chef:~# knife ssl fetch
WARNING: Certificates from chefserver will be fetched and placed in your trusted_certdirectory (/root/.chef/trusted_certs).Knife has no means to verify these are the correct certificates. You shouldverify the authenticity of these certificates after downloading.
Adding certificate for chefserver in /root/.chef/trusted_certs/chefserver.crt
root@chef:~# knife ssl check
Connecting to host chefserver:443
Successfully verified certificates from `chefserver'
root@chef:~# knife node listchef client
chef server和workstation已经自带了,不必再安装,如果是单独的client安装如下:
dpkg -i chef_16.6.14-1_amd64.deb
chef-client -v
下面添加节点,应该在workstation上执行,本文情况本地执行:
假设root密码为111111,node名称和/etc/hosts中一致
knife bootstrap 192.168.64.130 --ssh-user root --ssh-password 111111 --node-name chefnode
回显
root@chef:~# knife bootstrap 192.168.64.130 --ssh-user root --ssh-password 111111 --node-name chefnode
--ssh-user: This flag is deprecated. Use -U/--connection-user instead.
--ssh-password: This flag is deprecated. Use -P/--connection-password instead.
Connecting to 192.168.64.130 using ssh
The authenticity of host '192.168.64.130 ()' can't be established.
fingerprint is SHA256:0aYC/Q38o7GpyBSNnpbMRgC0iRcclksBcvIf58tH4EA.Are you sure you want to continue connecting
? (Y/N) y
Connecting to 192.168.64.130 using ssh
WARNING: Performing legacy client registration with the validation key at /root/.chef/test-validator.pem...
WARNING: Remove the key file or remove the 'validation_key' configuration option from your config.rb (knife.rb) to use more secure user credentials for client registration.
Bootstrapping 192.168.64.130[192.168.64.130] -----> Existing Chef Infra Client installation detected[192.168.64.130] Starting the first Chef Infra Client Client run...[192.168.64.130] Starting Chef Infra Client, version 16.6.14
Patents: https://www.chef.io/patents[192.168.64.130] Creating a new client identity for chefnode using the validator key.[192.168.64.130] resolving cookbooks for run list: [][192.168.64.130] Synchronizing Cookbooks:[192.168.64.130] Installing Cookbook Gems:[192.168.64.130] [192.168.64.130] Compiling Cookbooks...[192.168.64.130] [192.168.64.130] [2020-11-23T22:17:42-08:00] WARN: Node chefnode has an empty run list.[192.168.64.130] Converging 0 resources[192.168.64.130]
Running handlers:
Running handlers complete[192.168.64.130] Chef Infra Client finished, 0/0 resources updated in 08 seconds[192.168.64.130]
https://192.168.64.130控制台中可以看到节点,登录用户名密码即为创建的hell用户
编写和使用第一个cookbook
我们这里不再使用starter kit,直接修改chef-repo默认生成的example
vim /root/chef-repo/cookbooks/example/recipes/default.rb
execute 'repo_test' docommand 'netstat -nltp>> /tmp/netstat.txt'ignore_failure true
end
上传到chef server
knife cookbook upload example
root@chef:~# knife cookbook upload example
Uploading example [1.0.0]
Uploaded 1 cookbook.
查看cookbook
knife cookbook list
root@chef:~# knife cookbook list
example 1.0.0
添加cookbook到目标节点
knife node run_list add chefnode example
root@chef:~# knife node run_list add chefnode example
chefnode:run_list: recipe[example]
cookbook的操作都是在workstation上完成,本文为本地即可
chef client执行应用cookbook,本文为本地
chef-client
root@chef:~# chef-client
Starting Chef Infra Client, version 16.6.14
Patents: https://www.chef.io/patents
resolving cookbooks for run list: ["example"]
Synchronizing Cookbooks:- example (1.0.0)
Installing Cookbook Gems:
Compiling Cookbooks...
Converging 1 resources
Recipe: example::default* execute[repo_test] action run- execute netstat -nltp>> /tmp/netstat.txtRunning handlers:
Running handlers complete
Chef Infra Client finished, 1/1 resources updated in 06 seconds
验证/tmp/netstat.txt文件
root@chef:~# cat /tmp/netstat.txt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:9999 0.0.0.0:* LISTEN 46379/nginx.conf
tcp 0 0 0.0.0.0:9680 0.0.0.0:* LISTEN 46379/nginx.conf
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 46379/nginx.conf
tcp 0 0 127.0.0.1:4369 0.0.0.0:* LISTEN 23885/epmd
tcp 0 0 0.0.0.0:9683 0.0.0.0:* LISTEN 46379/nginx.conf
tcp 0 0 127.0.0.1:9462 0.0.0.0:* LISTEN 46366/config.ru
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 813/sshd
tcp 0 0 127.0.0.1:9463 0.0.0.0:* LISTEN 24509/oc_bifrost
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 24505/postgres
tcp 0 0 127.0.0.1:11002 0.0.0.0:* LISTEN 46334/redis-server
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 46379/nginx.conf
tcp 0 0 127.0.0.1:16379 0.0.0.0:* LISTEN 45836/redis-server
tcp 0 0 127.0.0.1:33533 0.0.0.0:* LISTEN 24509/oc_bifrost
tcp 0 0 127.0.0.1:43870 0.0.0.0:* LISTEN 24599/bookshelf
tcp 0 0 127.0.0.1:8000 0.0.0.0:* LISTEN 24676/oc_erchef
tcp 0 0 127.0.0.1:4321 0.0.0.0:* LISTEN 24599/bookshelf
tcp 0 0 127.0.0.1:9090 0.0.0.0:* LISTEN 24519/rails master
tcp 0 0 127.0.0.1:37673 0.0.0.0:* LISTEN 24676/oc_erchef
tcp6 0 0 127.0.0.1:9200 :::* LISTEN 24586/java
tcp6 0 0 127.0.0.1:9300 :::* LISTEN 24586/java
tcp6 0 0 :::22 :::* LISTEN 813/sshd
tcp6 0 0 ::1:5432 :::* LISTEN 24505/postgres
cookbook市场
https://supermarket.chef.io/cookbooks
常用命令
生成repo
chef generate repo chef-repo
生成cookbook
chef generate cookbook COOKBOOK_NAME
下载cookbook
knife supermarket download COOKBOOK_NAME
安装cookbook
knife supermarket install COOKBOOK_NAME
knife download命令是用来从chef server上下载文件的,参见https://docs.chef.io/workstation/knife_download/
chef-server-ctl [start, stop, status]
chef infra安装和使用入门相关推荐
- Linux Supervisor的安装与使用入门
在linux或者unix操作系统中,守护进程(Daemon)是一种运行在后台的特殊进程,它独立于控制终端并且周期性的执行某种任务或等待处理某些发生的事件.由于在linux中,每个系统与用户进行交流的界 ...
- 20165301 预备作业三:Linux安装及命令入门
预备作业三:Linux安装及命令入门 VirtualBox虚拟机的安装 在进行安装之前,原本以为有了娄老师的安装教程会是一件很容易的事情.万万没想到,在自己实际动手操作中,还是遇到了许多困难.通过与同 ...
- phpMyAdmin下载、安装和使用入门
phpMyAdmin下载.安装和使用入门 对于PHP的逐渐流行,我们有目共睹:无论是BLOG程序中的WordPress,还是CMS程序中的DEDECMS,还是BBS程序中的Discuz!,都可谓经典. ...
- 音视频开发(4)---Windows下Red5安装与使用入门
Windows下Red5安装与使用入门 简介 Red5是一个采用Java开发开源的Flash流媒体服务器.它支持:把音频(MP3)和视频(FLV)转换成播放流: 录制客户端播放流(只支持FLV):共享 ...
- swoole php 使用教程,Swoole 扩展安装与使用入门
Swoole 扩展安装与使用入门 由 学院君 创建于2年前, 最后更新于 1年前 版本号 #3 37642 views 13 likes 5 collects Swoole 概述 Swoole 是面向 ...
- 有限元剖网格之Gmsh安装与使用入门
文章目录 有限元剖网格之Gmsh安装与使用入门 Gmsh介绍 Gmsh安装 1. Gmsh图形界面安装 2. Gmsh从源码安装 利用C++语言调用Gmsh的API接口剖网格 有限元剖网格之Gmsh安 ...
- 2021最新版本Python的下载安装及使用入门教程
1.进入官网下载: https://www.python.org/downloads/ 进入后,如下图所示操作,点击Downloads,我的电脑是Windows系统的,这里直接点击下载最新版本. 如果 ...
- Tushare介绍、安装及快速入门
Tushare介绍.安装及快速入门 Tushare是一个免费.开源的python财经数据接口包.主要实现对股票等金融数据从数据采集.清洗加工 到 数据存储的过程,能够为金融分析人员提供快速.整洁.和多 ...
- Chef Infra 16添加了YAML配方支持
基础架构代码专家Chef已发布了其平台的新版本– Chef Infra 16,其目的是减少新客户的学习曲线,同时也解决现有用户的常见痛点. Chef Infra 16增加了使用YAML编写配方的功能, ...
最新文章
- 【最新】南京大学人工智能学院《模式识别》课程PPT
- 跳水比赛背后的隐形教练现身了!百度智能云还完成了历史性的大升级
- python 如何遍历文件夹下所有图片/文件? os.walk() os.listdir()
- Oracle应用容器云上的WildFly Swarm
- 【51单片机快速入门指南】1:基础知识和工程创建
- 怎么让sublime text3可以运行c/c++
- 半年之殇:困扰半年的MSP430的I2C总线问题在今天解决,发文总结
- 【年终总结】可圈可点的2018年
- android布局自适应小示例(用户反馈界面)
- webpack手动构建vue和vue-cli构建使用 px2rem-loader ,全局自动转换px单位,让自适应来的更简单点!...
- [改善Java代码]使用静态内部类提高封装性
- 华为BIOS系统升级
- ENVI遥感处理(9):遥感影像镶嵌和图像裁剪
- 利用httpclient和多线程刷访问量代码
- C语言入门基础知识笔记
- 特殊字符ascii码
- DevOps的技术和工具有哪些?
- 安卓手机运行ios教程_英雄联盟手游公测,安卓/苹果iOS注册下载教程!
- 7种工具帮助你审查代码
- 【深度学习】:详解目标检测YOLO V1(You Only Look Once)算法