您好,登錄后才能下訂單哦!
這篇文章主要介紹Linux系統(tǒng)如何安裝chef,文中介紹的非常詳細,具有一定的參考價值,感興趣的小伙伴們一定要看完!
服務(wù)器自動化構(gòu)建工具。 是一個系統(tǒng)集成框架,為整個架構(gòu)提供配置管理功能。
是一個Chef是,由Ruby開發(fā)的服務(wù)器的構(gòu)成管理工具
通過Chef編寫代碼來管理服務(wù)器,而不是運行命令。
Chef與應(yīng)用程序、數(shù)據(jù)庫、LDAP目錄等緊密集成。
輕松地配置需要了解整個基礎(chǔ)設(shè)施的應(yīng)用程序
下載 ChefDK
ChefDK是Chef Development Kit的縮寫,它幾乎用于所有的平臺,包括基于Debian發(fā)行版、Ubuntu、RedHat、CentOS、Mac OS X和Windows。當前ChefDK的穩(wěn)定版本是0.11.2,對于基于RHEL的系統(tǒng),它可用于版本 6 和 7(如: CentOS 6 和 CentOS 7),RPM版本只有64位版本。
使用以下命令下載ChefDK 在CentOS 7上
cd ~ wget https://packages.chef.io/stable/el/7/chefdk-0.11.2-1.el7.x86_64.rpm
在CentOS 6上
cd ~ wget https://packages.chef.io/stable/el/6/chefdk-0.11.2-1.el6.x86_64.rpm
安裝 ChefDK
使用RPM安裝剛剛下載的ChefDK
# rpm -ivh chefdk-0.11.2-1.el7.x86_64.rpm Preparing... ################################# [100%] Updating / installing... 1:chefdk-0.11.2-1.el7 ################################# [100%] Thank you for installing Chef Development Kit!
ChefDK默認安裝到/opt/chefdk目錄下,如下所示
# ls -l /opt/chefdk/ drwxr-xr-x. 2 root root 4096 Mar 3 13:50 bin drwxr-xr-x. 7 root root 62 Mar 3 13:50 embedded -rw-r--r--. 1 root root 13249 Feb 22 14:26 version-manifest.json -rw-r--r--. 1 root root 8233 Feb 22 14:26 version-manifest.txt
驗證ChefDK的安裝
執(zhí)行chef verify,驗證所有來自ChefDK的不同組件,確保他們都工作正常,沒有任何問題
# chef verify Running verification for component 'berkshelf' Running verification for component 'test-kitchen' Running verification for component 'tk-policyfile-provisioner' Running verification for component 'chef-client' Running verification for component 'chef-dk' Running verification for component 'chef-provisioning' Running verification for component 'chefspec' Running verification for component 'generated-cookbooks-pass-chefspec' Running verification for component 'rubocop' Running verification for component 'fauxhai' Running verification for component 'knife-spork' Running verification for component 'kitchen-vagrant' Running verification for component 'package installation' Running verification for component 'openssl' Running verification for component 'inspec' ....... --------------------------------------------- Verification of component 'test-kitchen' succeeded. Verification of component 'chef-dk' succeeded. Verification of component 'chefspec' succeeded. Verification of component 'rubocop' succeeded. Verification of component 'knife-spork' succeeded. Verification of component 'openssl' succeeded. Verification of component 'berkshelf' succeeded. Verification of component 'chef-client' succeeded. Verification of component 'fauxhai' succeeded. Verification of component 'inspec' succeeded. Verification of component 'tk-policyfile-provisioner' succeeded. Verification of component 'kitchen-vagrant' succeeded. Verification of component 'chef-provisioning' succeeded. Verification of component 'package installation' succeeded. Verification of component 'generated-cookbooks-pass-chefspec' succeeded.
下面是chef verify失敗的案例。注意:Ruby在Chef中是必須的,它被嵌入在了ChefDK中。
# chef verify .. /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/mixlib-shellout-2.2.6/lib/mixlib/shellout.rb:289:in `invalid!': Expected process to exit with [0], but received '1' (Mixlib::ShellOut::ShellCommandFailed) ---- Begin output of /usr/bin/ohai -v ---- STDOUT: STDERR: /opt/chefdk/embedded/lib/ruby/site_ruby/2.1.0/rubygems/dependency.rb:319:in `to_specs': Could not find 'chef-config' (= 12.8.0) - did find: [chef-config-12.7.2] (Gem::LoadError)
以上錯誤信息顯示:“Could not find ‘chef-config’ (= 12.8.0) – did find: [chef-config-12.7.2] (Gem::LoadError)”,在安裝的ChefDK中chef-config的版本是12.7.2的舊版本,在手動安裝chef-confg 12.8.0版本后再執(zhí)行chef verify,顯示驗證成功。
驗證ChefDK版本
執(zhí)行 chef -version命令,顯示ChefDK的版本號以及所有附帶組件
# chef --version Chef Development Kit Version: 0.11.2 chef-client version: 12.7.2 berks version: 4.2.0 kitchen version: 1.5.0
設(shè)置Chef
設(shè)置Chef相關(guān)的環(huán)境變量,如:GEM_ROOT GEM_HOME GEM_PATH。
export GEM_ROOT="/opt/chefdk/embedded/lib/ruby/gems/2.1.0" export GEM_HOME="/root/.chefdk/gem/ruby/2.1.0" export GEM_PATH="/root/.chefdk/gem/ruby/2.1.0:/opt/chefdk/embedded/lib/ruby/gems/2.1.0"
此外,如果你的系統(tǒng)上已經(jīng)安裝了ruby,你需要更新與ruby相關(guān)的PATH變量,如下所示
export PATH="/opt/chefdk/bin:/root/.chefdk/gem/ruby/2.1.0/bin:/opt/chefdk/embedded/bin:/opt/chefdk/bin:/root/.chefdk/gem/ruby/2.1.0/bin:/opt/chefdk/embedded/bin:/opt/chefdk/bin:/root/.chefdk/gem/ruby/2.1.0/bin:/opt/chefdk/embedded/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin"
顯示所有Chef設(shè)置的環(huán)境變量。
chef shell-init bash
想要快速設(shè)置這些環(huán)境變量,可以將其添加到bash_profile文件中,如下所示。
echo 'eval "$(chef shell-init bash)"' >> ~/.bash_profile
訪問Chef的 d規(guī)則
為了訪問Chef服務(wù)器上的Chef Manage GUI,添加以下firewalld規(guī)則,開放Chef服務(wù)器上的相應(yīng)端口。
firewall-cmd --direct --add-rule ipv4 \ filter INPUT_direct 0 -i eth0 -p tcp \ --dport 443 -j ACCEPT firewall-cmd --direct --add-rule ipv4 \ filter INPUT_direct 0 -i eth0 -p tcp \ --dport 80 -j ACCEPT firewall-cmd --direct --add-rule ipv4 \ filter INPUT_direct 0 -i eth0 -p tcp \ --dport 9683 -j ACCEPT firewall-cmd --reload
從Chef Manage GUI下載Starter Kit
登錄到Chef Manage GUI,單擊“Administration”選項,從列表中選擇“organization”。此例中,“organization”為“example”,選中organization之后,點擊左側(cè)菜單中的“Starter Kit”。
按下“Download(下載)”按鈕之后,會跳出一個警告信息,按下“Proceed”,它會將chef-starter.zip文件下載到本地機器。
解壓縮 Starter Kit
將chef-starter.zip文件傳輸?shù)紺hef工作站并解壓到root的home目錄下
# cd ~ # unzip chef-starter.zip Archive: chef-starter.zip creating: chef-repo/cookbooks/ creating: chef-repo/cookbooks/starter/ creating: chef-repo/cookbooks/starter/templates/ creating: chef-repo/cookbooks/starter/templates/default/ inflating: chef-repo/cookbooks/starter/templates/default/sample.erb creating: chef-repo/cookbooks/starter/files/ creating: chef-repo/cookbooks/starter/files/default/ inflating: chef-repo/cookbooks/starter/files/default/sample.txt creating: chef-repo/cookbooks/starter/recipes/ inflating: chef-repo/cookbooks/starter/recipes/default.rb creating: chef-repo/cookbooks/starter/attributes/ inflating: chef-repo/cookbooks/starter/attributes/default.rb inflating: chef-repo/cookbooks/starter/metadata.rb inflating: chef-repo/cookbooks/chefignore inflating: chef-repo/README.md inflating: chef-repo/.gitignore creating: chef-repo/.chef/ creating: chef-repo/roles/ inflating: chef-repo/.chef/knife.rb inflating: chef-repo/roles/starter.rb inflating: chef-repo/.chef/ramesh.pem inflating: chef-repo/.chef/example-validator.pem
如果你手動創(chuàng)建了chef-repo文件夾,那你就需要手動創(chuàng)建上述的子目錄,復(fù)制knife.rb文件、organization-validator.pem文件(如:example-validator.pem)、username.pem文件(如:ramesh.pem)到上面顯示的目錄中。
Chef服務(wù)器的SSL證書
在這個階段如果執(zhí)行knife client list會得到以下錯誤信息
# cd ~/chef-repo # knife client list ERROR: SSL Validation failure connecting to host: centos.example.com - SSL_connect returned=1 errno=0 state=error: certificate verify failed ERROR: Could not establish a secure connection to the server. Use `knife ssl check` to troubleshoot your SSL configuration. If your Chef Server uses a self-signed certificate, you can use `knife ssl fetch` to make knife trust the server's certificates. Original Exception: OpenSSL::SSL::SSLError: SSL Error connecting to https://centos.example.com/organizations/example/clients - SSL_connect returned=1 errno=0 state=error: certificate verify failed
證書驗證失敗,因為我們沒有從Chef服務(wù)器下載SSL證書,此時可以執(zhí)行以下“knife ssl fetch”。
# cd ~/chef-repo # knife ssl fetch WARNING: Certificates from centos.example.com will be fetched and placed in your trusted_cert directory (/root/chef-repo/.chef/trusted_certs). Knife has no means to verify these are the correct certificates. You should verify the authenticity of these certificates after downloading.
證書將會下載到以下truster_certs目錄中
# ls -l /root/chef-repo/.chef/trusted_certs -rw-r--r--. 1 root root 1379 Mar 20 20:17 centos_example_com.crt # cat /root/chef-repo/.chef/trusted_certs/centos_example_com.crt -----BEGIN CERTIFICATE----- MIIDzDCCArSgAwIBAgIBADANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEQ MA4GA1UECgwHWW91Q29ycDETMBEGA1UECwwKT3BlcmF0aW9uczEbMBkGA1UEAwwS ZXJhdGlvbnMxGzAZBgNVBAMMEmNlbnRvcy5leGFtcGxlLmNvbTCCASIwDQYJKoZI .. .. WLyr2ORLMcck/OGsubabO/koMNTqhl2JJPECNiDJh06MeZ/2+BOwGZSpXDbw+vFE NJAsLfsTzihGWZ58einMFA== -----END CERTIFICATE-----
Chef工作站的最終確認
如果Chef工作站工作正常,當你執(zhí)行“knife client list”時,它會顯示所有連接工作站的客戶端。由于我們剛剛安裝它,因此只能看到剛剛我們創(chuàng)建的組織(organization)
# cd ~/chef-repo # knife client list example-validator
如果你現(xiàn)有的Chef工作站機器上已經(jīng)有5個服務(wù)器連接到它了,你會看到以下信息
# knife client list example-validator node1 node2 node3 node4 node5
以上是“Linux系統(tǒng)如何安裝chef”這篇文章的所有內(nèi)容,感謝各位的閱讀!希望分享的內(nèi)容對大家有幫助,更多相關(guān)知識,歡迎關(guān)注億速云行業(yè)資訊頻道!
免責聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點不代表本網(wǎng)站立場,如果涉及侵權(quán)請聯(lián)系站長郵箱:is@yisu.com進行舉報,并提供相關(guān)證據(jù),一經(jīng)查實,將立刻刪除涉嫌侵權(quán)內(nèi)容。