本文概述
了解如何在Ubuntu上安装Chef。
Chef是基于ruby的配置管理工具。它用于自动管理集群中所有节点上的配置, 并保持一致性。 Chef包含三个主要部分。
- 厨师服务器
- 工作站
- 节点数
所有配置都从工作站进行管理, 然后再推送到Chef服务器。 Chef服务器是所有基础结构配置的集中存储。刀是工作站上存在的命令行工具, 用于与Chef Server进行交互。节点运行Chef客户端, 这些客户端从Chef服务器请求配置信息。
这是典型的Chef架构的样子:
现在, 让我们继续设置Chef服务器, Workstation和Node(Chef客户端)。
环境细节
我正在使用3个Ubuntu 18.04系统。一个将充当厨师服务器, 第二个将成为工作站, 第三个系统将成为节点。
厨师服务器
- 主机名:chef-geekflare
- IP地址:192.168.0.107
工作站
- 主机名:工作站
- IP地址:192.168.0.108
节点
- 主机名:客户端节点
- IP地址:192.168.0.109
在开始安装之前, 我需要编辑所有系统的/ etc / hosts文件, 以便它们可以相互解析。如下所示, 在所有系统上编辑/ etc / hosts文件。
[email protected]:~$
127.0.0.1 localhost
127.0.1.1 geekflare
192.168.0.107 chef-geekflare
192.168.0.108 chef-workstation
192.168.0.109 client-node
我将在所有三个系统上运行以下命令来更新它们。
[email protected]:~$ sudo apt update
[sudo] password for geekflare:
Hit:1 http://security.ubuntu.com/ubuntu cosmic-security InRelease
Get:2 https://download.docker.com/linux/ubuntu bionic InRelease [64.4 kB]
Hit:3 http://ppa.launchpad.net/ansible/ansible/ubuntu cosmic InRelease
Hit:4 http://us.archive.ubuntu.com/ubuntu cosmic InRelease
Get:5 https://download.docker.com/linux/ubuntu bionic/stable amd64 Packages [9, 594 B]
Hit:6 http://us.archive.ubuntu.com/ubuntu cosmic-updates InRelease
Hit:7 http://us.archive.ubuntu.com/ubuntu cosmic-backports InRelease
Get:8 http://apt.puppetlabs.com bionic InRelease [85.3 kB]
Get:9 http://apt.puppetlabs.com bionic/puppet6 amd64 Packages [32.4 kB]
Fetched 192 kB in 2s (84.6 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
233 packages can be upgraded. Run 'apt list --upgradable' to see them.
Chef服务器安装
Chef Server是体系结构中连接工作站和节点的组件。在工作站上编辑/更改配置后, 它们被推送到Chef服务器, 并且所有节点都从Chef Server中提取这些配置更改。
现在, 让我们运行以下命令来下载Chef-server软件包。
[email protected]:~$ wget https://packages.chef.io/files/stable/chef-server/13.0.17/ubuntu/18.04/chef-server-core_13.0.17-1_amd64.deb
--2019-10-23 04:04:35-- https://packages.chef.io/files/stable/chef-server/13.0.17/ubuntu/18.04/chef-server-core_13.0.17-1_amd64.deb
Saving to: ‘chef-server-core_13.0.17-1_amd64.deb’
chef-server-core_13 100%[===================>] 240.58M 1.33MB/s in 6m 16s
2019-10-23 04:10:51 (656 KB/s) - ‘chef-server-core_13.0.17-1_amd64.deb’ saved [252269838/252269838]
现在, 你需要运行以下命令来安装Chef服务器。
[email protected]:~$ sudo dpkg -i chef-server-core_*.deb
Chef-server-ctl是Chef-server中的命令行实用程序。我将使用该实用程序启动厨师服务器服务。
[email protected]:~$ sudo chef-server-ctl reconfigure
Running handlers:
Running handlers complete
Chef Infra Client finished, 481/1028 resources updated in 04 minutes 08 seconds
Chef Server Reconfigured!
你可以使用以下命令检查已启动的服务的状态。
[email protected]:~$ sudo chef-server-ctl status
run: bookshelf: (pid 2452) 822s; run: log: (pid 29553) 951s
run: nginx: (pid 2318) 826s; run: log: (pid 30216) 908s
run: oc_bifrost: (pid 2296) 827s; run: log: (pid 29240) 996s
run: oc_id: (pid 2304) 826s; run: log: (pid 29308) 979s
run: opscode-erchef: (pid 2511) 822s; run: log: (pid 29707) 946s
run: opscode-expander: (pid 2416) 822s; run: log: (pid 29412) 958s
run: opscode-solr4: (pid 2393) 824s; run: log: (pid 29358) 964s
run: postgresql: (pid 2264) 827s; run: log: (pid 28769) 1021s
run: rabbitmq: (pid 3183) 792s; run: log: (pid 30476) 902s
run: redis_lb: (pid 30011) 926s; run: log: (pid 30010) 926s
创建用户和组织
Chef服务器连接工作站和客户端节点。要链接它们, 我将使用其私钥创建一个管理员和组织者。
首先, 创建一个.chef目录来存储密钥。
[email protected]:~$ mkdir .chef
现在, 我将使用Chef-server-ctl创建一个用户。在下面的命令中, chefadmin是用户, chef是名字, GeekFlare是姓氏, [email protected]是电子邮件ID, geekflare是密码, chefadmin.pen是RSA密钥。
[email protected]:~$ sudo chef-server-ctl user-create chefadmin Chef GeekFlare [email protected] 'geekflare' --filename ~/.chef/chefadmin.pem
让我们运行一个命令来检查Chef服务器上的用户列表。
[email protected]:~$ sudo chef-server-ctl user-list
chefadmin
pivotal
现在, 我将使用chef-server-ctl创建一个组织。在下面的命令中, chef-org是组织名称, Geekflare Chef Infrastructure是全组织名称, chefadmin是我们刚刚创建的用户。chef-org.pem是RSA密钥。
[email protected]:~$ sudo chef-server-ctl org-create chef-org "Geekflare Chef Infrastructure" --association_user chefadmin --filename ~/.chef/chef-org.pem
让我们运行一个命令来检查Chef服务器上的组织列表。
[email protected]:~$ sudo chef-server-ctl org-list
chef-org
我已经完全安装了Chef-server, 让我们继续并安装创建所有配置的工作站。
工作站
工作站是用户创建食谱的地方。菜谱不过是为运行特定任务而创建的配置单元。
让我们运行以下命令来下载Chef工作站软件包。
[email protected]:~$ wget https://packages.chef.io/files/stable/chef-workstation/0.2.43/ubuntu/18.04/chef-workstation_0.2.43-1_amd64.deb
--2019-10-23 05:37:41-- https://packages.chef.io/files/stable/chef-workstation/0.2.43/ubuntu/18.04/chef-workstation_0.2.43-1_amd64.deb
Resolving packages.chef.io (packages.chef.io)... 151.101.194.110, 151.101.130.110, 151.101.66.110, ...
Connecting to packages.chef.io (packages.chef.io)|151.101.194.110|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 129713682 (124M) [application/x-debian-package]
Saving to: ‘chef-workstation_0.2.43-1_amd64.deb’
chef-workstation_0.2.43-1_ 100%[=======================================>] 123.70M 2.37MB/s in 4m 25s
2019-10-23 05:42:18 (477 KB/s) - ‘chef-workstation_0.2.43-1_amd64.deb’ saved [129713682/129713682]
让我们运行dpkg命令在ubuntu系统上安装工作站。
[email protected]:~$ sudo dpkg -i chef-workstation_*.deb
Selecting previously unselected package chef-workstation.
(Reading database ... 273360 files and directories currently installed.)
Preparing to unpack chef-workstation_0.2.43-1_amd64.deb ...
Unpacking chef-workstation (0.2.43-1) ...
Setting up chef-workstation (0.2.43-1) ...
To run the experimental Chef Workstation App, use your
platform's package manager to install these dependencies:
libgconf-2.so.4 => not found
You can then launch the App by running 'chef-workstation-app'.
The App will then be available in the system tray.
Thank you for installing Chef Workstation!
You can find some tips on getting started at https://chef.sh/
现在, 我将运行一个命令来创建一个厨师库, 该库将包含所有食谱和其他文件。
[email protected]:~$ chef generate repo chef-repo
Recipe: code_generator::repo
* directory[/home/geekflare/chef-repo] action create
- create new directory /home/geekflare/chef-repo
* template[/home/geekflare/chef-repo/LICENSE] action create_if_missing
- create new file /home/geekflare/chef-repo/LICENSE
- update content in file /home/geekflare/chef-repo/LICENSE from none to 3c525c
(diff output suppressed by config)
* cookbook_file[/home/geekflare/chef-repo/.chef-repo.txt] action create_if_missing
- create new file /home/geekflare/chef-repo/.chef-repo.txt
- update content in file /home/geekflare/chef-repo/.chef-repo.txt from none to 2bed28
(diff output suppressed by config)
* cookbook_file[/home/geekflare/chef-repo/README.md] action create_if_missing
- create new file /home/geekflare/chef-repo/README.md
- update content in file /home/geekflare/chef-repo/README.md from none to 2b4f46
(diff output suppressed by config)
* cookbook_file[/home/geekflare/chef-repo/chefignore] action create_if_missing
- create new file /home/geekflare/chef-repo/chefignore
- update content in file /home/geekflare/chef-repo/chefignore from none to 9e2ffd
(diff output suppressed by config)
* remote_directory[/home/geekflare/chef-repo/cookbooks] action create_if_missing
- create new directory /home/geekflare/chef-repo/cookbooks
Recipe: code_generator::repo
* cookbook_file[/home/geekflare/chef-repo/cookbooks/README.md] action create_if_missing
- create new file /home/geekflare/chef-repo/cookbooks/README.md
- update content in file /home/geekflare/chef-repo/cookbooks/README.md from none to 54b03d
(diff output suppressed by config)
* execute[initialize-git] action run
- execute git init .
* template[/home/geekflare/chef-repo/.gitignore] action create_if_missing
- create new file /home/geekflare/chef-repo/.gitignore
- update content in file /home/geekflare/chef-repo/.gitignore from none to 11e5ee
(diff output suppressed by config)
现在, 我将创建/chef-repo/.chef目录, 该目录将存储所有刀配置和RSA密钥。
[email protected]:~$ mkdir ~/chef-repo/.chef
[email protected]:~$ cd chef-repo/
现在让我们生成RSA密钥对。我们正在生成此密钥以验证工作站并获得对Chef服务器的访问。
[email protected]:~/chef-repo$ ssh-keygen -b 4096
Generating public/private RSA key pair.
Enter file in which to save the key (/home/geekflare/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/geekflare/.ssh/id_rsa.
Your public key has been saved in /home/geekflare/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:oK/ZyLn+AOMj97F5Z0e1K5o1bxChyKx3ms4HvK06DxI [email protected]
The key's randomart image is:
+---[RSA 4096]----+
| |
| . |
| o.. . . |
| .+.. . . |
| E .o S o . |
| . +..+ . o . |
|. = +..B .o. . |
| o =.&= =oooo |
| .&OB=oo o. |
+----[SHA256]-----+
现在, 将密钥从工作站复制到厨师服务器。
[email protected]:~/chef-repo$ sudo ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/geekflare/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
现在, 我将.pem文件(chefadmin.pem和Chef-org.pem)从Chef服务器复制到工作站。
[email protected]:~/chef-repo$ scp [email protected]:~/.chef/*.pem ~/chef-repo/.chef/
chefadmin.pem 100% 1674 105.1KB/s 00:00
chef-org.pem 100% 1674 103.0KB/s 00:00
检查.pem文件是否在工作站上成功复制。
[email protected]:~/chef-repo$ ls ~/chef-repo/.chef
chefadmin.pem chef-org.pem
创建版本控制
在工作站上工作时, 食谱(配置单元)中会发生许多更改和编辑, 因此需要版本控制系统来跟踪这些更改。因此, 让我们继续使用工作站上的Git创建版本控制系统。我将在chef-repo目录中创建一个git存储库。我将添加用户名和电子邮件以配置git
[email protected]:~$ git config --global user.name geekflare
[email protected]:~$ git config --global user.email [email protected]
让我们将.chef目录添加到.gitignore文件中。
[email protected]:~$ echo ".chef" > ~/chef-repo/.gitignore
现在, 我将在Chef-repo目录中运行add和commit git命令。
[email protected]:~$ cd ~/chef-repo
[email protected]:~/chef-repo$ git add .
[email protected]:~/chef-repo$ git commit -m "initial commit"
[master (root-commit) 99c8c11] initial commit
16 files changed, 359 insertions(+)
create mode 100644 .chef-repo.txt
create mode 100644 .gitignore
create mode 100644 LICENSE
create mode 100644 README.md
create mode 100644 chefignore
create mode 100644 cookbooks/README.md
create mode 100644 cookbooks/example/README.md
create mode 100644 cookbooks/example/attributes/default.rb
create mode 100644 cookbooks/example/metadata.rb
create mode 100644 cookbooks/example/recipes/default.rb
create mode 100644 data_bags/README.md
create mode 100644 data_bags/example/example_item.json
create mode 100644 environments/README.md
create mode 100644 environments/example.json
create mode 100644 roles/README.md
create mode 100644 roles/example.json
检查状态。
[email protected]:~/chef-repo$ git status
On branch master
nothing to commit, working tree clean
生成你的第一本CookBook
现在, WorkStation的安装已完成, 你可以开始在WorkStation上创建食谱。尝试在WorkStation上生成样本食谱, 然后查看是否成功生成了样本。
我将运行以下命令来生成食谱。
[email protected]:~$ Chef generate cookbook geekflare_cookbook
Generating cookbook geekflare_cookbook
- Ensuring correct cookbook file content
- Committing cookbook files to Git
- Ensuring delivery configuration
- Ensuring correct delivery build cookbook content
- Adding delivery configuration to feature branch
- Adding build cookbook to feature branch
- Merging delivery content feature branch to master
Your cookbook is ready. Type `cd geekflare_cookbook` to enter it.
There are several commands you can run to get started locally developing and testing your cookbook.
Type `delivery local --help` to see a full list.
Why not start by writing a test? Tests for the default recipe are stored at:
test/integration/default/default_test.rb
If you'd prefer to dive right in, the default recipe can be found at:
recipes/default.rb
生成chef-repo, 然后移至chef-repo目录
[email protected]:~$ Chef generate app chef-repo
WARNING: The command 'chef generator app' is deprecated and will be removed from the next major release of Chef DK / Workstation (April 2019)
Recipe: code_generator::app
* directory[/home/geekflare/chef-repo] action create (up to date)
* template[/home/geekflare/chef-repo/.kitchen.yml] action create
- create new file /home/geekflare/chef-repo/.kitchen.yml
- update content in file /home/geekflare/chef-repo/.kitchen.yml from none to ceae09
(diff output suppressed by config)
* directory[/home/geekflare/chef-repo/test/integration/default] action create
- create new directory /home/geekflare/chef-repo/test/integration/default
* template[/home/geekflare/chef-repo/test/integration/default/default_test.rb] action create_if_missing
- create new file /home/geekflare/chef-repo/test/integration/default/default_test.rb
- update content in file /home/geekflare/chef-repo/test/integration/default/default_test.rb from none to 0f757b
(diff output suppressed by config)
* template[/home/geekflare/chef-repo/README.md] action create
- update content in file /home/geekflare/chef-repo/README.md from 2b4f46 to 6401b8
(diff output suppressed by config)
* directory[/home/geekflare/chef-repo/cookbooks] action create (up to date)
* directory[/home/geekflare/chef-repo/cookbooks/chef-repo] action create
- create new directory /home/geekflare/chef-repo/cookbooks/chef-repo
* template[/home/geekflare/chef-repo/cookbooks/chef-repo/metadata.rb] action create
- create new file /home/geekflare/chef-repo/cookbooks/chef-repo/metadata.rb
- update content in file /home/geekflare/chef-repo/cookbooks/chef-repo/metadata.rb from none to e30be3
(diff output suppressed by config)
* cookbook_file[/home/geekflare/chef-repo/cookbooks/chef-repo/chefignore] action create
- create new file /home/geekflare/chef-repo/cookbooks/chef-repo/chefignore
- update content in file /home/geekflare/chef-repo/cookbooks/chef-repo/chefignore from none to 9e2ffd
(diff output suppressed by config)
* cookbook_file[/home/geekflare/chef-repo/cookbooks/chef-repo/Berksfile] action create
- create new file /home/geekflare/chef-repo/cookbooks/chef-repo/Berksfile
- update content in file /home/geekflare/chef-repo/cookbooks/chef-repo/Berksfile from none to 15e000
(diff output suppressed by config)
* directory[/home/geekflare/chef-repo/cookbooks/chef-repo/recipes] action create
- create new directory /home/geekflare/chef-repo/cookbooks/chef-repo/recipes
* template[/home/geekflare/chef-repo/cookbooks/chef-repo/recipes/default.rb] action create
- create new file /home/geekflare/chef-repo/cookbooks/chef-repo/recipes/default.rb
- update content in file /home/geekflare/chef-repo/cookbooks/chef-repo/recipes/default.rb from none to f56ecb
(diff output suppressed by config)
* directory[/home/geekflare/chef-repo/cookbooks/chef-repo/spec/unit/recipes] action create
- create new directory /home/geekflare/chef-repo/cookbooks/chef-repo/spec/unit/recipes
* cookbook_file[/home/geekflare/chef-repo/cookbooks/chef-repo/spec/spec_helper.rb] action create_if_missing
- create new file /home/geekflare/chef-repo/cookbooks/chef-repo/spec/spec_helper.rb
- update content in file /home/geekflare/chef-repo/cookbooks/chef-repo/spec/spec_helper.rb from none to 1f80e1
(diff output suppressed by config)
* template[/home/geekflare/chef-repo/cookbooks/chef-repo/spec/unit/recipes/default_spec.rb] action create_if_missing
- create new file /home/geekflare/chef-repo/cookbooks/chef-repo/spec/unit/recipes/default_spec.rb
- update content in file /home/geekflare/chef-repo/cookbooks/chef-repo/spec/unit/recipes/default_spec.rb from none to 666a01
(diff output suppressed by config)
* execute[initialize-git] action run
- execute git init .
* cookbook_file[/home/geekflare/chef-repo/.gitignore] action create
- update content in file /home/geekflare/chef-repo/.gitignore from 25558e to edcd62
(diff output suppressed by config)
配置刀
刀是用于管理节点, 菜谱和食谱的命令行工具。要配置刀具, 请创建一个config.rb文件并将以下内容放入文件中, 这些是刀具配置。
[email protected]:~$ sudo gedit ~/chef-repo/.chef/config.rb
current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name 'chefadmin'
client_key "chefadmin.pem"
validation_client_name 'chef-org-validator'
validation_key "chef-org-validator.pem"
chef_server_url 'https://chef-geekflare/organizations/chef-org'
cache_type 'BasicFile'
cache_options( :path => "#{ENV['HOME']}/.chef/checksums" )
cookbook_path ["#{current_dir}/../cookbooks"]
现在转到Chef-repo目录并复制SSL证书。
[email protected]:~$ cd chef-repo
[email protected]:~/chef-repo$ knife ssl fetch
WARNING: Certificates from chef-geekflare will be fetched and placed in your trusted_cert
directory (/home/geekflare/chef-repo/.chef/trusted_certs).
Knife has no means to verify these are the correct certificates. You should
verify the authenticity of these certificates after downloading.
Adding certificate for chef-geekflare in /home/geekflare/chef-repo/.chef/trusted_certs/chef-geekflare.crt
要检查是否正确设置了config.rb, 请运行以下命令。
[email protected]:~/chef-repo$ knife client list
chef-org-validator
引导节点
Bootstrap从工作站计算机运行, 并在节点上安装Chef-Client。然后, 节点可以使用客户机节点的用户名和密码来引导节点, 从而从Chef服务器读取配置。
现在, 我将引导一个IP地址为192.168.0.109, 用户名geekflare和密码geekflare.org的节点。
[email protected]:~/chef-repo/.chef$ knife bootstrap 192.168.0.109 -x geekflare -P geekflare.org --node-name geekflare-client-1
Creating new client for geekflare-client-1
Creating new node for geekflare-client-1
Connecting to 192.168.0.109
192.168.0.109 -----> Installing Chef Omnibus (-v 14)
192.168.0.109 downloading https://omnitruck-direct.chef.io/chef/install.sh
192.168.0.109 to file /tmp/install.sh.9250/install.sh
192.168.0.109 trying wget...
192.168.0.109 ubuntu 18.10 x86_64
192.168.0.109 Getting information for chef stable 14 for ubuntu...
192.168.0.109 downloading https://omnitruck-direct.chef.io/stable/chef/metadata?v=14&p=ubuntu&pv=18.10&m=x86_64
192.168.0.109 to file /tmp/install.sh.9261/metadata.txt
192.168.0.109 trying wget...
192.168.0.109 sha1 534bae390bde3bd9d93bef99335f62246624f32b
192.168.0.109 sha256 94bc60b3a97ddadf77a70c7678ec77a676942c74f8152a2c70a0f5b68e22a42e
192.168.0.109 url https://packages.chef.io/files/stable/chef/14.14.25/ubuntu/18.04/chef_14.14.25-1_amd64.deb
192.168.0.109 version 14.14.25
192.168.0.109 downloaded metadata file looks valid...
192.168.0.109 downloading https://packages.chef.io/files/stable/chef/14.14.25/ubuntu/18.04/chef_14.14.25-1_amd64.deb
192.168.0.109 to file /tmp/install.sh.9261/chef_14.14.25-1_amd64.deb
192.168.0.109 trying wget...
192.168.0.109 Comparing checksum with sha256sum...
192.168.0.109 Installing chef 14
192.168.0.109 installing with dpkg...
192.168.0.109 Selecting previously unselected package chef.
(Reading database ... 204803 files and directories currently installed.)
192.168.0.109 Preparing to unpack .../chef_14.14.25-1_amd64.deb ...
192.168.0.109 Unpacking chef (14.14.25-1) ...
192.168.0.109 Setting up chef (14.14.25-1) ...
192.168.0.109 Thank you for installing Chef Infra Client! For help getting started visit https://learn.chef.io
192.168.0.109 Starting the first Chef Client run...
192.168.0.109 Starting Chef Client, version 14.14.25
192.168.0.109 resolving cookbooks for run list: []
192.168.0.109 Synchronizing Cookbooks:
192.168.0.109 Installing Cookbook Gems:
192.168.0.109 Compiling Cookbooks...
192.168.0.109 [2019-10-23T10:52:57-04:00] WARN: Node geekflare-client-1 has an empty run list.
192.168.0.109 Converging 0 resources
192.168.0.109
192.168.0.109 Running handlers:
192.168.0.109 Running handlers complete
192.168.0.109 Chef Client finished, 0/0 resources updated in 07 seconds
我现在将列出所有被引导的节点
[email protected]:~/chef-repo/.chef$ knife node list
geekflare-client-1
运行以下命令以获取节点的详细信息。
[email protected]:~/chef-repo/.chef$ knife node show geekflare-client-1
Node Name: geekflare-client-1
Environment: _default
FQDN: client-node
IP: 192.168.0.109
Run List:
Roles:
Recipes:
Platform: ubuntu 18.10
Tags:
现在准备就绪!
我们已经在Ubuntu上成功安装了厨师服务器, 工作站和节点。你可以继续并开始在Chef中创建配方和食谱, 以进行基础结构的配置管理。
如果你是绝对的初学者, 那么你可能也想参加这个Udemy课程。
评论前必须登录!
注册