目录结构
Chef集中管理工具实践之 (0) 什么是Chef
Chef集中管理工具实践之 (1) 环境部署
Chef集中管理工具实践之 (2) 服务器配置
Chef集中管理工具实践之 (3) 自定义配置
本文内容
Chef集中配置管理工具实践之 (1) 环境部署
参考资料
http://wiki.opscode.com/pages/viewpage.action?pageId=24773429
http://wiki.opscode.com/display/chef/Installing+Chef+Server+on+Debian+or+Ubuntu+using+Packages
http://wiki.opscode.com/display/chef/Workstation+Setup+for+Debian+and+Ubuntu
http://wiki.opscode.com/display/chef/Knife+Bootstrap
环境介绍
OS: Ubuntu 10.10 Server 64-bit //经过验证在12.04.1以及12.10上也成功实现部署。
Servers:
chef-server:10.6.1.170
chef-workstation:10.6.1.171
chef-client-1:10.6.1.172
chef-client-2:10.6.1.173
1. 安装配置Chef Server
编辑hosts
ubuntu@chef-server:~$ sudo vim /etc/hosts
4 |
10.6.1.171 chef-workstation |
5 |
10.6.1.172 chef-client-1 |
6 |
10.6.1.173 chef-client-2 |
注意:
将本机的hostname在/etc/hosts中添加一条IP解析记录,这一点非常重要。
因为后面在安装chef-server的过程中,会首先安装rabbitmq-server,缺少该解析记录的话,会导致rabbitma-server启动失败,进而影响到所有其它chef-server软件包的正常安装,如果不清楚这一点的话,会给问题的排查带来很大的不便。
创建 /etc/apt/sources.list.d/opscode.list
ubuntu@chef-server:~$ sudo echo "deb http://apt.opscode.com/ `lsb_release -cs`-0.10 main" | sudo tee /etc/apt/sources.list.d/opscode.list
添加GPG Key
ubuntu@chef-server:~$ sudo mkdir -p /etc/apt/trusted.gpg.d
ubuntu@chef-server:~$ sudo gpg --keyserver keys.gnupg.net --recv-keys 83EF826A
ubuntu@chef-server:~$ sudo gpg --export packages@opscode.com | sudo tee /etc/apt/trusted.gpg.d/opscode-keyring.gpg > /dev/null
《注:如果遇到update问题,可参考: https://wiki.opscode.com/display/chef10/Installing+Chef+Server+on+Debian+or+Ubuntu+using+Packages
中的步骤。》
ubuntu@chef-server:~$ sudo apt-get update
ubuntu@chef-server:~$ sudo apt-get install opscode-keyring
安装NTP时间服务器,Chef需要确保workstation与所有client与server的时钟一致
ubuntu@chef-server:~$ sudo apt-get install ntp
更新现有系统
ubuntu@chef-server:~$ sudo apt-get upgrade
安装chef-server软件包
ubuntu@chef-server:~$ sudo apt-get install chef chef-server
输入URL: http://chef-server:4000
输入密码: chef-server
该过程执行了如下过程:
安装Chef Server以及所依赖的软件包如Merb,CouchDB,RabbitMQ等共300多个软件包
启动CouchDB,RabbitMQ
启动chef-server-api并运行在4000端口
启动chef-server-webui并运行在4040端口
启动chef-solr-indexer并自动连接到rabbitmq-server
启动chef-solr,chef-client
在目录/etc/chef中创建相关的配置文件
安装完成后检查并确认以下端口:
Chef Server - 4000
Chef Server WebUI - 4040
CouchDB - 5984
RabbitMQ - 5672
Chef Solr - 8983
ubuntu@chef-server:~$ sudo netstat -lntp
01 |
Active Internet connections (only servers) |
02 |
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name |
03 |
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 11402/sshd |
04 |
tcp 0 0 0.0.0.0:4000 0.0.0.0:* LISTEN 31998/merb : chef-s |
05 |
tcp 0 0 0.0.0.0:4040 0.0.0.0:* LISTEN 32168/merb : chef-s |
06 |
tcp 0 0 0.0.0.0:5672 0.0.0.0:* LISTEN 30470/beam |
07 |
tcp 0 0 127.0.0.1:5984 0.0.0.0:* LISTEN 30518/beam |
08 |
tcp 0 0 0.0.0.0:41891 0.0.0.0:* LISTEN 30128/beam |
09 |
tcp6 0 0 :::22 :::* LISTEN 11402/sshd |
10 |
tcp6 0 0 127.0.0.1:8983 :::* LISTEN 31760/java |
登陆Web UI
地址:http://chef-server:4040 (正常访问需要在本地电脑的hosts中添加“10.6.1.170 chef-server”)
账号:admin
密码:chef-server
安装配置knife命令行工具
ubuntu@chef-server:~$ mkdir -p ~/.chef
ubuntu@chef-server:~$ sudo cp /etc/chef/validation.pem /etc/chef/webui.pem ~/.chef
ubuntu@chef-server:~$ sudo chown -R $USER ~/.chef
ubuntu@chef-server:~$ knife configure -i
01 |
WARNING: No knife configuration file found |
02 |
Where should I put the config file? [/home/ubuntu/.chef/knife.rb] |
04 |
Please enter a clientname for the new client: [ubuntu] |
05 |
Please enter the existing admin clientname: [chef-webui] |
06 |
Please enter the location of the existing admin client's private key: [/etc/chef/webui.pem] .chef/webui.pem |
07 |
Please enter the validation clientname: [chef-validator] |
08 |
Please enter the location of the validation key: [/etc/chef/validation.pem] .chef/validation.pem |
09 |
Please enter the path to a chef repository (or leave blank): |
10 |
Creating initial API user... |
11 |
Created client[ubuntu] |
12 |
Configuration file written to /home/ubuntu/.chef/knife.rb |
执行knife命令,检查是否能连接到指定的Chef Server
ubuntu@chef-server:~$ knife client list
ubuntu@chef-server:~$ knife cookbook list
ubuntu@chef-server:~$ sudo apt-get install ntp
为工作站安装并配置Knife Client
ubuntu@chef-server:~$ knife client create chef-workstation -d -a -f /home/ubuntu/.chef/chef-workstation.pem
1 |
Created client[chef-workstation] |
ubuntu@chef-server:~$ knife client show chef-workstation
01 |
_rev: 1-2a52b9416bad08b697e9c644a0aea4cc |
04 |
json_class: Chef::ApiClient |
05 |
name: chef-workstation |
06 |
public_key: -----BEGIN RSA PUBLIC KEY----- |
07 |
MIIBCgKCAQEA1RAa+jf733FtoTv64msykO3/SEe8G/YhPgA2S3NfWdgh+LbuhCdT |
08 |
9IjX3Hio3U/rj6VGeICJkCfWZy7NM9pTaPzH+gJdFbkLrLW1GSoEKMJ/f9IkxRcS |
09 |
7vdySU05IrPOF9PqcMvrME4xYzsFzIXDz1CbWBs08SuMfjP9qHfeStfBQaoQ8rLp |
10 |
mOGI0VMOU/CrlfNsAPLbUgVVylKfcmop1dCO6My53xW/qogfg/8Af0qtk7tyjVFi |
11 |
K+umCjmHmtW09qg5467p7xf4WSUYh076pb3ofbTi0o3VJi8Dz+qGISjvAVf3Y1As |
12 |
mwkam0IBM5sK41r/Suki9UQanKWsiDm0CQIDAQAB |
13 |
-----END RSA PUBLIC KEY----- |
2. 安装配置chef-workstation
编辑hosts
ubuntu@chef-workstation:~$ vim /etc/hosts
4 |
10.6.1.171 chef-workstation |
5 |
10.6.1.172 chef-client-1 |
6 |
10.6.1.173 chef-client-2 |
安装Ruby与其它依赖包
ubuntu@chef-workstation:~$ sudo apt-get install ruby ruby-dev libopenssl-ruby rdoc ri irb build-essential wget ssl-cert curl
安装RubyGems
ubuntu@chef-workstation:~$ cd /tmp
ubuntu@chef-workstation:~$ curl -O http://production.cf.rubygems.org/rubygems/rubygems-1.8.10.tgz
<note: here may it be 2.1.11.tgz>
ubuntu@chef-workstation:~$ tar zxf rubygems-1.8.10.tgz
ubuntu@chef-workstation:~$ cd rubygems-1.8.10
ubuntu@chef-workstation:/tmp/rubygems-1.8.10$ sudo ruby setup.rb --no-format-executable
安装Chef Gem
ubuntu@chef-workstation:/tmp/rubygems-1.8.10$ sudo gem install chef --no-ri --no-rdoc
<note: 唉,苦难啊,在这一步,一直没有反应,难道是我等的时间不苟久,无奈手动下载了很多个gem,很多很多, 然后用的下面的命令手动安装的:
admin@ubuntu:/tmp/chef-workstation$ sudo gem install /tmp/chef-workstation/chef-11.8.2.gem --local --no-ri --no-rdoc
前提是把所有的gem都放到这个目录下了,再也不干这种事情了。
>
01 |
Fetching: mixlib-config-1.1.2.gem (100%) |
02 |
Fetching: mixlib-cli-1.2.2.gem (100%) |
03 |
Fetching: mixlib-log-1.4.1.gem (100%) |
04 |
Fetching: mixlib-authentication-1.3.0.gem (100%) |
05 |
Fetching: mixlib-shellout-1.1.0.gem (100%) |
06 |
Fetching: systemu-2.5.2.gem (100%) |
07 |
Fetching: yajl-ruby-1.1.0.gem (100%) |
08 |
Building native extensions. This could take a while... |
09 |
Fetching: ipaddress-0.8.0.gem (100%) |
10 |
Fetching: ohai-6.14.0.gem (100%) |
11 |
Fetching: mime-types-1.19.gem (100%) |
12 |
Fetching: rest-client-1.6.7.gem (100%) |
13 |
Fetching: bunny-0.7.9.gem (100%) |
14 |
[Version 0.7.8] test suite cleanup (eliminated some race conditions related to queue.message_count) |
15 |
Fetching: json-1.6.1.gem (100%) |
16 |
Building native extensions. This could take a while... |
17 |
Fetching: polyglot-0.3.3.gem (100%) |
18 |
Fetching: treetop-1.4.12.gem (100%) |
19 |
Fetching: net-ssh-2.2.2.gem (100%) |
20 |
Fetching: net-ssh-gateway-1.1.0.gem (100%) |
21 |
Fetching: net-ssh-multi-1.1.gem (100%) |
22 |
Fetching: highline-1.6.15.gem (100%) |
23 |
Fetching: erubis-2.7.0.gem (100%) |
24 |
Fetching: moneta-0.6.0.gem (100%) |
25 |
Fetching: uuidtools-2.1.3.gem (100%) |
26 |
Fetching: chef-10.16.2.gem (100%) |
27 |
Successfully installed mixlib-config-1.1.2 |
28 |
Successfully installed mixlib-cli-1.2.2 |
29 |
Successfully installed mixlib-log-1.4.1 |
30 |
Successfully installed mixlib-authentication-1.3.0 |
31 |
Successfully installed mixlib-shellout-1.1.0 |
32 |
Successfully installed systemu-2.5.2 |
33 |
Successfully installed yajl-ruby-1.1.0 |
34 |
Successfully installed ipaddress-0.8.0 |
35 |
Successfully installed ohai-6.14.0 |
36 |
Successfully installed mime-types-1.19 |
37 |
Successfully installed rest-client-1.6.7 |
38 |
Successfully installed bunny-0.7.9 |
39 |
Successfully installed json-1.6.1 |
40 |
Successfully installed polyglot-0.3.3 |
41 |
Successfully installed treetop-1.4.12 |
42 |
Successfully installed net-ssh-2.2.2 |
43 |
Successfully installed net-ssh-gateway-1.1.0 |
44 |
Successfully installed net-ssh-multi-1.1 |
45 |
Successfully installed highline-1.6.15 |
46 |
Successfully installed erubis-2.7.0 |
47 |
Successfully installed moneta-0.6.0 |
48 |
Successfully installed uuidtools-2.1.3 |
49 |
Successfully installed chef-10.16.2 |
安装Git
ubuntu@chef-workstation:~$ sudo apt-get -y install git-core
ubuntu@chef-workstation:~$ git --version
git version 1.7.1
创建Chef Repository
备注:Chef的大部分配置工作都是在Workstaion中的Chef Repository中完成的,不同的Chef Repository可以管理不同的Chef Server。
ubuntu@chef-workstation:~$ git clone git://github.com/opscode/chef-repo.git /opt/chef-local #可能会不工作, 请参照note。
<note: 此处应该是用 git clone git@github.com:opscode/chef-repo.git 目录名字(例如 /home/user1/chef-local/, 必须是有rw权限的,否则会有
Cloning into '/home/chef1/chef-repo'...
Permission denied (publickey).
fatal: The remote end hung up unexpectedly
>
1 |
Initialized empty Git repository in /opt/chef-local/.git/ |
2 |
remote: Counting objects: 199, done. |
3 |
remote: Compressing objects: 100% (117/117), done. |
4 |
remote: Total 199 (delta 72), reused 162 (delta 49) |
5 |
Receiving objects: 100% (199/199), 30.34 KiB | 10 KiB/s, done. |
6 |
Resolving deltas: 100% (72/72), done. |
ubuntu@chef-workstation:~$ cd /opt/chef-local/
ubuntu@chef-workstation:/opt/chef-local$ ls
README.md Rakefile certificates chefignore config cookbooks data_bags environments roles
创建配置文件夹
ubuntu@chef-workstation:/opt/chef-local$ sudo mkdir -p .chef
传输pem认证文件到Workstation
ubuntu@chef-workstation:/opt/chef-local$ sudo scp ubuntu@chef-server:/home/ubuntu/.chef/chef-workstation.pem .chef/
ubuntu@chef-workstation:/opt/chef-local$ sudo scp ubuntu@chef-server:/home/ubuntu/.chef/validation.pem .chef/
ubuntu@chef-workstation:/opt/chef-local$ ls .chef/
chef-workstation.pem validation.pem
ubuntu@chef-workstation:/opt/chef-local$ sudo knife configure
01 |
WARNING: No knife configuration file found |
02 |
Where should I put the config file? [/home/ubuntu/.chef/knife.rb] .chef/knife.rb |
04 |
Please enter an existing username or clientname for the API: [ubuntu] chef-workstation |
05 |
Please enter the validation clientname: [chef-validator] |
06 |
Please enter the location of the validation key: [/etc/chef/validation.pem] .chef/validation.pem |
07 |
Please enter the path to a chef repository (or leave blank): /opt/chef-local |
10 |
You must place your client key in: |
11 |
/opt/chef-local/.chef/chef-workstation.pem |
12 |
Before running commands with Knife! |
16 |
You must place your validation key in: |
17 |
/opt/chef-local/.chef/validation.pem |
18 |
Before generating instance data with Knife! |
21 |
Configuration file written to /opt/chef-local/.chef/knife.rb |
<note: following is the example from me>
********************************************************
admin@ubuntu:~/.chef$ sudo knife configure
Overwrite /home/admin/.chef/knife.rb? (Y/N) y
Please enter the chef server URL: [https://ubuntu.cs1cloud.internal:443] http://135.252.151.137:4000
Please enter an existing username or clientname for the API: [admin] ubuntu.cs1cloud.internal
Please enter the validation clientname: [chef-validator]
Please enter the location of the validation key: [/etc/chef-server/chef-validator.pem] ./validation.pem
Please enter the path to a chef repository (or leave blank): /home/admin/chef-repo/
*****
You must place your client key in:
/home/admin/.chef/ubuntu.cs1cloud.internal.pem
Before running commands with Knife!
*****
You must place your validation key in:
/home/admin/.chef/validation.pem
Before generating instance data with Knife!
*****
Configuration file written to /home/admin/.chef/knife.rb
admin@ubuntu:~/.chef$ knife client list
acm-dev12-n1-ext
chef-validator
chef-webui
chef1
chef2
ubuntu.cs1cloud.internal
******************************************
验证配置是否正确
ubuntu@chef-workstation:~$ sudo ntpdate chef-server
确认Knife工具能否连接到Chef Server
ubuntu@chef-workstation:~$ knife client list
ubuntu@chef-workstation:~$ knife client show chef-validator
01 |
_rev: 1-96959e21dfdb3f232a3ce8bae835475b |
04 |
json_class: Chef::ApiClient |
06 |
public_key: -----BEGIN RSA PUBLIC KEY----- |
07 |
MIIBCgKCAQEA00/AWJL5mThj+pSXEB2gMKdTdHFm0pGi2hXAoBwm4/ZlnO4p2iwI |
08 |
/skfZMepVm8SAkSMIhz7ZC+jN/+Kqas7es0E+iv9ei0BF4Q41Y5kKMFctuElYbPH |
09 |
ImRCVTcQJ6m7BPS0Tczhy87jk6QlhsDsrnhNyUEgM5XRVNO+NzqeqZ+UMOWd9k2q |
10 |
KTJhbtHdx7ILdjZ5SBsiIMBhBNni2D0Y34BDtddsXCn1eyTWwGZxZTRZuDDXnls+ |
11 |
aZaqogKoZ40d6h6ZVGh6nmmpdPDi9YdCIqFtWe5LF5bwIy7K6qBVgiOqU0x3Xek3 |
12 |
d1eZG/8C+4FWjAm1h856npvmMOpVip9w8QIDAQAB |
13 |
-----END RSA PUBLIC KEY----- |
3. 安装配置chef-client
编辑hosts
ubuntu@chef-client-1:~$ vim /etc/hosts
4 |
10.6.1.171 chef-workstation |
5 |
10.6.1.172 chef-client-1 |
6 |
10.6.1.173 chef-client-2 |
与chef-server同步时间
ubuntu@chef-client-1:~$ sudo ntpdate chef-server
Boostrap可以用来将目标节点初始化为一个Client
ubuntu@chef-workstation:~$ knife bootstrap --help
01 |
knife bootstrap FQDN (options) |
02 |
--bootstrap-proxy PROXY_URL The proxy server for the node being bootstrapped |
03 |
--bootstrap-version VERSION The version of Chef to install |
04 |
-N, --node-name NAME The Chef node name for your new node |
05 |
-s, --server-url URL Chef Server URL |
06 |
-k, --key KEY API Client Key |
07 |
--[no-]color Use colored output, defaults to enabled |
08 |
-c, --config CONFIG The configuration file to use |
09 |
--defaults Accept default values for all questions |
10 |
--disable-editing Do not open EDITOR, just accept the data as is |
11 |
-d, --distro DISTRO Bootstrap a distro using a template |
12 |
-e, --editor EDITOR Set the editor to use for interactive commands |
13 |
-E, --environment ENVIRONMENT Set the Chef environment |
14 |
-j JSON_ATTRIBS A JSON string to be added to the first run of chef-client |
16 |
-F, --format FORMAT Which format to use for output |
17 |
--hint HINT_NAME[=HINT_FILE] Specify Ohai Hint to be set on the bootstrap target. Use multiple --hint options to specify multiple hints. |
18 |
--[no-]host-key-verify Verify host key, enabled by default. |
19 |
-i IDENTITY_FILE The SSH identity file used for authentication |
21 |
-u, --user USER API Client Username |
22 |
--prerelease Install the pre-release chef gems |
23 |
--print-after Show the data after a destructive operation |
24 |
-r, --run-list RUN_LIST Comma separated list of roles/recipes to apply |
25 |
-G, --ssh-gateway GATEWAY The ssh gateway |
26 |
-P, --ssh-password PASSWORD The ssh password |
27 |
-p, --ssh-port PORT The ssh port |
28 |
-x, --ssh-user USERNAME The ssh username |
29 |
--template-file TEMPLATE Full path to location of template to use |
30 |
--sudo Execute the bootstrap via sudo |
31 |
-V, --verbose More verbose output. Use twice for max verbosity |
32 |
-v, --version Show chef version |
33 |
-y, --yes Say yes to all prompts for confirmation |
34 |
-h, --help Show this message |
下面我们对chef-client-1进行初始化
ubuntu@chef-workstation:~$ sudo knife bootstrap 10.6.1.172 -x ubuntu -P password --sudo
01 |
Bootstrapping Chef on 10.6.1.172 |
03 |
10.6.1.172 Resolving opscode.com... |
04 |
10.6.1.172 184.106.28.83 |
05 |
10.6.1.172 Connecting to opscode.com|184.106.28.83|:80... |
07 |
10.6.1.172 HTTP request sent, awaiting response... |
08 |
10.6.1.172 301 Moved Permanently |
11 |
10.6.1.172 Resolving www.opscode.com... |
12 |
10.6.1.172 184.106.28.83 |
13 |
10.6.1.172 Reusing existing connection to opscode.com:80. |
14 |
10.6.1.172 HTTP request sent, awaiting response... |
16 |
10.6.1.172 Length: 6396 (6.2K) [application/x-sh] |
17 |
10.6.1.172 Saving to: `STDOUT' |
20 |
10.6.1.172 Downloading Chef 10.16.2 for ubuntu... |
21 |
100%[======================================>] 6,396 18.7K/s in 0.3s |
23 |
10.6.1.172 2012-11-09 03:34:42 (18.7 KB/s) - written to stdout [6396/6396] |
25 |
10.6.1.172 Installing Chef 10.16.2 |
26 |
10.6.1.172 Selecting previously deselected package chef. |
27 |
10.6.1.172 (Reading database ... |
28 |
(Reading database ... 60% |
29 |
(Reading database ... 65% |
30 |
(Reading database ... 70% |
31 |
(Reading database ... 75% |
32 |
(Reading database ... 80% |
33 |
(Reading database ... 85% |
34 |
(Reading database ... 90% |
35 |
(Reading database ... 95% |
36 |
(Reading database ... 41378 files and directories currently installed.) |
37 |
10.6.1.172 Unpacking chef (from .../chef_10.16.2_amd64.deb) ... |
38 |
10.6.1.172 Setting up chef (10.16.2-1.ubuntu.10.04) ... |
39 |
10.6.1.172 Thank you for installing Chef! |
40 |
10.6.1.172 [2012-11-09T03:57:46+08:00] INFO: *** Chef 10.16.2 *** |
41 |
10.6.1.172 [2012-11-09T03:57:47+08:00] INFO: Client key /etc/chef/client.pem is not present - registering |
42 |
10.6.1.172 [2012-11-09T03:57:47+08:00] INFO: HTTP Request Returned 404 Not Found: Cannot load node chef-client-1 |
43 |
10.6.1.172 [2012-11-09T03:57:47+08:00] INFO: Setting the run_list to [] from JSON |
44 |
10.6.1.172 [2012-11-09T03:57:47+08:00] INFO: Run List is [] |
45 |
10.6.1.172 [2012-11-09T03:57:47+08:00] INFO: Run List expands to [] |
46 |
10.6.1.172 [2012-11-09T03:57:47+08:00] INFO: HTTP Request Returned 404 Not Found: No routes match the request: /reports/nodes/chef-client-1/runs |
47 |
10.6.1.172 [2012-11-09T03:57:47+08:00] INFO: Starting Chef Run for chef-client-1 |
48 |
10.6.1.172 [2012-11-09T03:57:47+08:00] INFO: Running start handlers |
49 |
10.6.1.172 [2012-11-09T03:57:47+08:00] INFO: Start handlers complete. |
50 |
10.6.1.172 [2012-11-09T03:57:48+08:00] INFO: Loading cookbooks [] |
51 |
10.6.1.172 [2012-11-09T03:57:48+08:00] WARN: Node chef-client-1 has an empty run list. |
52 |
10.6.1.172 [2012-11-09T03:57:48+08:00] INFO: Chef Run complete in 0.438462677 seconds |
53 |
10.6.1.172 [2012-11-09T03:57:48+08:00] INFO: Running report handlers |
54 |
10.6.1.172 [2012-11-09T03:57:48+08:00] INFO: Report handlers complete |
<example from me:
***************************if /bin/bash is not included in /etc/sudoers for client with Redhat OS***********
admin@ubuntu:~/.chef$ sudo knife bootstrap 135.252.151.141 -x lps -P lps --sudo
Bootstrapping Chef on 135.252.151.141
135.252.151.141 knife sudo password:
Enter your password:
135.252.151.141
135.252.151.141 Sorry, user lps is not allowed to execute '/bin/bash -c
135.252.151.141
135.252.151.141 distro=`uname -s`
135.252.151.141
135.252.151.141 if test "x$distro" = "xSunOS"; then
135.252.151.141 if test -d "/usr/sfw/bin"; then
135.252.151.141 PATH=/usr/sfw/bin:$PATH
135.252.151.141 export PATH
135.252.151.141 fi
135.252.151.141 fi
135.252.151.141
135.252.151.141 exists() {
135.252.151.141 if command -v $1 &>/dev/null
135.252.151.141 then
135.252.151.141 return 0
135.252.151.141 else
135.252.151.141 return 1
135.252.151.141 fi
135.252.151.141 }
135.252.151.141
135.252.151.141 install_sh="https://www.opscode.com/chef/install.sh"
135.252.151.141 version_string="-v 11.8.2"
135.252.151.141
135.252.151.141 if ! exists /usr/bin/chef-client; then
135.252.151.141 if exists wget; then
135.252.151.141 bash <(wget ${install_sh} -O -) ${version_string}
135.252.151.141 elif exists curl; then
135.252.151.141 bash <(curl -L ${install_sh}) ${version_string}
135.252.151.141 else
135.252.151.141 echo "Neither wget nor curl found. Please install one and try again." >&2
135.252.151.141 exit 1
135.252.151.141 fi
135.252.151.141 fi
135.252.151.141
135.252.151.141 mkdir -p /etc/chef
135.252.151.141
135.252.151.141 cat > /etc/chef/validation.pem <<EOP
135.252.151.141 -----BEGIN RSA PRIVATE KEY-----
135.252.151.141 MIIEowIBAAKCAQEA1sz0MIQ1fGr7uM5w8NQA383Hd9k+e7BsfFDQsoMCJYtxvdp2
135.252.151.141 3ag+mYT5/KxlLO+hjh2zaDdZgrT6ThE2KWOg04/Mh351V/WYAtYZMzsYgT0f8Of3
135.252.151.141 LF5WftAaxCXxcyDJKmKj98FfclGTFV7cHK+nMbaThX/oiPFTWDVh6SK+TW80v4gA
135.252.151.141 jAPPZ4QcS+DFL+sV8iTPtLtP975y0aTtx/xu8Om2pplvcri1I0zysSBOVG8/KJoW
135.252.151.141 cDzjBeF2fsc9dXtwUaS+PbGfIPP1V3f9FLv32vFEzD2vPDKDjrSXxFZHOWlQeq1+
135.252.151.141 6/BV0jVoftMAT1uHS1Xcw8PteqlJmeT6K0CYYQIDAQABAoIBAH06gCLI8WXX+WmE
135.252.151.141 8dN1xgy0q9XzkboK4TSY6RMpzdaVtXo6I5KWw+g83oGxAEtyaX2xUycvHcBWQpfA
135.252.151.141 8RKwQtMUwuk7kK33QOhmacq0aVTvje+lTTVQypykNvakKGA2fRF48J9A3aSIanfL
135.252.151.141 FgijX5ZcGyV5rNgp2a1TcgG5f7kkStW9891j66RnNuC/tvJFqfyqhYA5ZijgityH
135.252.151.141 PdQqeyCcai0961fbSg9Wk/7uISd9GfXIyIrbBLpyE08gxhNse+O8aWmi4JUr1we1
135.252.151.141 UZETaoMKY7Ilq4i7hfEYVVC7IlKnvKPTLfXE+gtvH/BzAS+XWR+XL88Q1uJAolM5
135.252.151.141 5O0pyQECgYEA8OAL68CzSxAU/djQRfjmCtFI6CghSi11UgBI/66kvE8xXPLCNXoR
135.252.151.141 8h4rmkKNxszdgmy82eTHzGrAVQ7gpboBsMQpFZzL4UlshvHiH8ZzHeGZIQLMmNTC
135.252.151.141 rItlPqwEVc/rXYJ2vE6Q9rQdFilnJC/R8ut9/7zVdYCFIPNL/+sPPWMCgYEA5EnF
135.252.151.141 V+8s3Xp4Xre8uFc0BfeORnV0B7RfFGbki0n0+AZVOQxV/Vzy3ORSbANa/3OkKpjl
135.252.151.141 0uz86rk1MUuIHL4jdGbxEJMX2A1514nzmswbbVWc6zUCry227JVU4S6CDnqTt0mU
135.252.151.141 +rqeg+KkrlEBnG1qpZZoRPjGw4jHE4GH4LBxUGsCgYALGJcT/iWEQLJm2zUE9ClM
135.252.151.141 uEVehHK8IwnzhBXYyWfHUPKaMIinw/7No3wouAYl8UwG9RFiDDrz/LrtcCkDGWV4
135.252.151.141 iiDGYRm3QBWixcO/6Plml/zg22snYy2wmx9H2s68UT6raRYlKI1e//8TBUc+EIHg
135.252.151.141 ad69CCrhJdF8KhkHKgHitwKBgQCB3b2X8oXRULRdHaUMMP91TYjwaCyjnWZhUs88
135.252.151.141 tcvXtLKSi4P3aAL4yiJhM992ZrDDUsubHBoc5VNvQYqi3z+IHm+QgD0WOURQ6zdb
135.252.151.141 njUUE5n66+MlCJqBJ8prd2uhFPYnVIKdx8AZQrtwNsD13gDHRjL22Zco8Qxe+lbz
135.252.151.141 6SvtFQKBgErcyzkYLCGOrOsbQN/veYD4LXnaITtQEBip0MIf5pnJxZ+Rz+8WUdDu
135.252.151.141 Lxjlqe3Yg3+yxyi/u/Y4HSQaxMyvZSGh2VZtCs3vzzS+q6qJSzJVyCk8mwTZJeYs
135.252.151.141 9IJMMt2YBox71FLrC9E0P/1mRDdOoPvbGGkrVk1DFQLkNg/rNWrM
135.252.151.141 -----END RSA PRIVATE KEY-----
135.252.151.141
135.252.151.141 EOP
135.252.151.141 chmod 0600 /etc/chef/validation.pem
135.252.151.141
135.252.151.141
135.252.151.141
135.252.151.141 cat > /etc/chef/client.rb <<EOP
135.252.151.141 log_level :auto
135.252.151.141 log_location STDOUT
135.252.151.141 chef_server_url "http://135.252.151.137:4000"
135.252.151.141 validation_client_name "chef-validator"
135.252.151.141 # Using default node name (fqdn)
135.252.151.141
135.252.151.141 EOP
135.252.151.141
135.252.151.141 cat > /etc/chef/first-boot.json <<EOP
135.252.151.141 {"run_list":[]}
135.252.151.141 EOP
135.252.151.141
135.252.151.141 chef-client -j /etc/chef/first-boot.json -E _default' as root on acm-dev12-n1-ext.qd.lucent.com.
************************After adding /bin/bash into /etc/sudoers in client OS, then got following****************
workstation会用sudo的方式在client端执行install.sh, 最终会根据OS的类型(rl,ubuntu,suse,aix,etc)和版本,是否为64位拿到一个chef的rpm包,
wget -O "/tmp/chef-11.8.2-1.el5.x86_64.rpm" "http://opscode-omnibus-packages.s3.amazonaws.com/el/5/x86_64/chef-11.8.2-1.el5.x86_64.rpm" 2>/tmp/stderr。
这部分工作可以在client上事先安装好。
需要做的工作包括:
1)对应的chef RPM package
2)建立.chef 目录(可能会在lps下面)
所以在cloud上这些工作完全可以包含在每个NE的qcow2的image里面。
整个的chef setup 过程将只包含:
1)chef server(network level 同一个, or 用chef solo的方式)
2)chef workstation(这个需要一个)
3)添加client,创建client.pem.然后copy到
验证chef-client-1是否已经注册
ubuntu@chef-workstation:~$ knife client list
从上面可以看出chef-client-1已经成功注册到了chef-server中,整个环境 chef-workstation => chef-server => chef-client-1 已经搭建成功。