目录结构
Chef集中管理工具实践之 (0) 什么是Chef
Chef集中管理工具实践之 (1) 环境部署
Chef集中管理工具实践之 (2) 服务器配置
Chef集中管理工具实践之 (3) 自定义配置
本文内容
Chef集中配置管理工具实践之 (1) 环境部署
参考资料
http://wiki.opscode.com/pages/viewpage.action?pageId=24773429
http://wiki.opscode.com/display/chef/Installing+Chef+Server+on+Debian+or+Ubuntu+using+Packages
http://wiki.opscode.com/display/chef/Workstation+Setup+for+Debian+and+Ubuntu
http://wiki.opscode.com/display/chef/Knife+Bootstrap
环境介绍
OS: Ubuntu 10.10 Server 64-bit //经过验证在12.04.1以及12.10上也成功实现部署。
Servers:
chef-server:10.6.1.170
chef-workstation:10.6.1.171
chef-client-1:10.6.1.172
chef-client-2:10.6.1.173
1. 安装配置Chef Server
编辑hosts
ubuntu@chef-server:~$ sudo vim /etc/hosts
127.0.0.1 localhost 10.6.1.170 chef-server 10.6.1.171 chef-workstation 10.6.1.172 chef-client-1 10.6.1.173 chef-client-2
注意:
将本机的hostname在/etc/hosts中添加一条IP解析记录,这一点非常重要。
因为后面在安装chef-server的过程中,会首先安装rabbitmq-server,缺少该解析记录的话,会导致rabbitma-server启动失败,进而影响到所有其它chef-server软件包的正常安装,如果不清楚这一点的话,会给问题的排查带来很大的不便。
创建 /etc/apt/sources.list.d/opscode.list
ubuntu@chef-server:~$ sudo echo "deb http://apt.opscode.com/ `lsb_release -cs`-0.10 main" | sudo tee /etc/apt/sources.list.d/opscode.list
添加GPG Key
ubuntu@chef-server:~$ sudo mkdir -p /etc/apt/trusted.gpg.d
ubuntu@chef-server:~$ sudo gpg --keyserver keys.gnupg.net --recv-keys 83EF826A
ubuntu@chef-server:~$ sudo gpg --export packages@opscode.com | sudo tee /etc/apt/trusted.gpg.d/opscode-keyring.gpg > /dev/null
ubuntu@chef-server:~$ sudo apt-get update
ubuntu@chef-server:~$ sudo apt-get install opscode-keyring
安装NTP时间服务器,Chef需要确保workstation与所有client与server的时钟一致
ubuntu@chef-server:~$ sudo apt-get install ntp
更新现有系统
ubuntu@chef-server:~$ sudo apt-get upgrade
安装chef-server软件包
ubuntu@chef-server:~$ sudo apt-get install chef chef-server
输入URL: http://chef-server:4000
输入密码: chef-server
该过程执行了如下过程:
安装Chef Server以及所依赖的软件包如Merb,CouchDB,RabbitMQ等共300多个软件包
启动CouchDB,RabbitMQ
启动chef-server-api并运行在4000端口
启动chef-server-webui并运行在4040端口
启动chef-solr-indexer并自动连接到rabbitmq-server
启动chef-solr,chef-client
在目录/etc/chef中创建相关的配置文件
安装完成后检查并确认以下端口:
Chef Server - 4000
Chef Server WebUI - 4040
CouchDB - 5984
RabbitMQ - 5672
Chef Solr - 8983
ubuntu@chef-server:~$ sudo netstat -lntp
Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 11402/sshd tcp 0 0 0.0.0.0:4000 0.0.0.0:* LISTEN 31998/merb : chef-s tcp 0 0 0.0.0.0:4040 0.0.0.0:* LISTEN 32168/merb : chef-s tcp 0 0 0.0.0.0:5672 0.0.0.0:* LISTEN 30470/beam tcp 0 0 127.0.0.1:5984 0.0.0.0:* LISTEN 30518/beam tcp 0 0 0.0.0.0:41891 0.0.0.0:* LISTEN 30128/beam tcp6 0 0 :::22 :::* LISTEN 11402/sshd tcp6 0 0 127.0.0.1:8983 :::* LISTEN 31760/java ...
登陆Web UI
地址:http://chef-server:4040 (正常访问需要在本地电脑的hosts中添加“10.6.1.170 chef-server”)
账号:admin
密码:chef-server
安装配置knife命令行工具
ubuntu@chef-server:~$ mkdir -p ~/.chef
ubuntu@chef-server:~$ sudo cp /etc/chef/validation.pem /etc/chef/webui.pem ~/.chef
ubuntu@chef-server:~$ sudo chown -R $USER ~/.chef
ubuntu@chef-server:~$ knife configure -i
WARNING: No knife configuration file found Where should I put the config file? [/home/ubuntu/.chef/knife.rb] Please enter the chef server URL: [http://chef-server:4000] http://chef-server:4000 Please enter a clientname for the new client: [ubuntu] Please enter the existing admin clientname: [chef-webui] Please enter the location of the existing admin client's private key: [/etc/chef/webui.pem] .chef/webui.pem Please enter the validation clientname: [chef-validator] Please enter the location of the validation key: [/etc/chef/validation.pem] .chef/validation.pem Please enter the path to a chef repository (or leave blank): Creating initial API user... Created client[ubuntu] Configuration file written to /home/ubuntu/.chef/knife.rb
执行knife命令,检查是否能连接到指定的Chef Server
ubuntu@chef-server:~$ knife client list
chef-validator chef-webui ubuntu
ubuntu@chef-server:~$ knife cookbook list
ubuntu@chef-server:~$ sudo apt-get install ntp
为工作站安装并配置Knife Client
ubuntu@chef-server:~$ knife client create chef-workstation -d -a -f /home/ubuntu/.chef/chef-workstation.pem
Created client[chef-workstation]
ubuntu@chef-server:~$ knife client show chef-workstation
_rev: 1-2a52b9416bad08b697e9c644a0aea4cc
admin: true
chef_type: client
json_class: Chef::ApiClient
name: chef-workstation
public_key: -----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA1RAa+jf733FtoTv64msykO3/SEe8G/YhPgA2S3NfWdgh+LbuhCdT
9IjX3Hio3U/rj6VGeICJkCfWZy7NM9pTaPzH+gJdFbkLrLW1GSoEKMJ/f9IkxRcS
7vdySU05IrPOF9PqcMvrME4xYzsFzIXDz1CbWBs08SuMfjP9qHfeStfBQaoQ8rLp
mOGI0VMOU/CrlfNsAPLbUgVVylKfcmop1dCO6My53xW/qogfg/8Af0qtk7tyjVFi
K+umCjmHmtW09qg5467p7xf4WSUYh076pb3ofbTi0o3VJi8Dz+qGISjvAVf3Y1As
mwkam0IBM5sK41r/Suki9UQanKWsiDm0CQIDAQAB
-----END RSA PUBLIC KEY-----
2. 安装配置chef-workstation
编辑hosts
ubuntu@chef-workstation:~$ vim /etc/hosts
127.0.0.1 localhost 10.6.1.170 chef-server 10.6.1.171 chef-workstation 10.6.1.172 chef-client-1 10.6.1.173 chef-client-2
安装Ruby与其它依赖包
ubuntu@chef-workstation:~$ sudo apt-get install ruby ruby-dev libopenssl-ruby rdoc ri irb build-essential wget ssl-cert curl
安装RubyGems
ubuntu@chef-workstation:~$ cd /tmp
ubuntu@chef-workstation:~$ curl -O http://production.cf.rubygems.org/rubygems/rubygems-1.8.10.tgz
ubuntu@chef-workstation:~$ tar zxf rubygems-1.8.10.tgz
ubuntu@chef-workstation:~$ cd rubygems-1.8.10
ubuntu@chef-workstation:/tmp/rubygems-1.8.10$ sudo ruby setup.rb --no-format-executable
安装Chef Gem
ubuntu@chef-workstation:/tmp/rubygems-1.8.10$ sudo gem install chef --no-ri --no-rdoc
Fetching: mixlib-config-1.1.2.gem (100%) Fetching: mixlib-cli-1.2.2.gem (100%) Fetching: mixlib-log-1.4.1.gem (100%) Fetching: mixlib-authentication-1.3.0.gem (100%) Fetching: mixlib-shellout-1.1.0.gem (100%) Fetching: systemu-2.5.2.gem (100%) Fetching: yajl-ruby-1.1.0.gem (100%) Building native extensions. This could take a while... Fetching: ipaddress-0.8.0.gem (100%) Fetching: ohai-6.14.0.gem (100%) Fetching: mime-types-1.19.gem (100%) Fetching: rest-client-1.6.7.gem (100%) Fetching: bunny-0.7.9.gem (100%) [Version 0.7.8] test suite cleanup (eliminated some race conditions related to queue.message_count) Fetching: json-1.6.1.gem (100%) Building native extensions. This could take a while... Fetching: polyglot-0.3.3.gem (100%) Fetching: treetop-1.4.12.gem (100%) Fetching: net-ssh-2.2.2.gem (100%) Fetching: net-ssh-gateway-1.1.0.gem (100%) Fetching: net-ssh-multi-1.1.gem (100%) Fetching: highline-1.6.15.gem (100%) Fetching: erubis-2.7.0.gem (100%) Fetching: moneta-0.6.0.gem (100%) Fetching: uuidtools-2.1.3.gem (100%) Fetching: chef-10.16.2.gem (100%) Successfully installed mixlib-config-1.1.2 Successfully installed mixlib-cli-1.2.2 Successfully installed mixlib-log-1.4.1 Successfully installed mixlib-authentication-1.3.0 Successfully installed mixlib-shellout-1.1.0 Successfully installed systemu-2.5.2 Successfully installed yajl-ruby-1.1.0 Successfully installed ipaddress-0.8.0 Successfully installed ohai-6.14.0 Successfully installed mime-types-1.19 Successfully installed rest-client-1.6.7 Successfully installed bunny-0.7.9 Successfully installed json-1.6.1 Successfully installed polyglot-0.3.3 Successfully installed treetop-1.4.12 Successfully installed net-ssh-2.2.2 Successfully installed net-ssh-gateway-1.1.0 Successfully installed net-ssh-multi-1.1 Successfully installed highline-1.6.15 Successfully installed erubis-2.7.0 Successfully installed moneta-0.6.0 Successfully installed uuidtools-2.1.3 Successfully installed chef-10.16.2 23 gems installed
安装Git
ubuntu@chef-workstation:~$ sudo apt-get -y install git-core
ubuntu@chef-workstation:~$ git --version
git version 1.7.1
创建Chef Repository
备注:Chef的大部分配置工作都是在Workstaion中的Chef Repository中完成的,不同的Chef Repository可以管理不同的Chef Server。
ubuntu@chef-workstation:~$ sudo git clone git://github.com/opscode/chef-repo.git /opt/chef-local
Initialized empty Git repository in /opt/chef-local/.git/ remote: Counting objects: 199, done. remote: Compressing objects: 100% (117/117), done. remote: Total 199 (delta 72), reused 162 (delta 49) Receiving objects: 100% (199/199), 30.34 KiB | 10 KiB/s, done. Resolving deltas: 100% (72/72), done.
ubuntu@chef-workstation:~$ cd /opt/chef-local/
ubuntu@chef-workstation:/opt/chef-local$ ls
README.md Rakefile certificates chefignore config cookbooks data_bags environments roles
创建配置文件夹
ubuntu@chef-workstation:/opt/chef-local$ sudo mkdir -p .chef
传输pem认证文件到Workstation
ubuntu@chef-workstation:/opt/chef-local$ sudo scp ubuntu@chef-server:/home/ubuntu/.chef/chef-workstation.pem .chef/
ubuntu@chef-workstation:/opt/chef-local$ sudo scp ubuntu@chef-server:/home/ubuntu/.chef/validation.pem .chef/
ubuntu@chef-workstation:/opt/chef-local$ ls .chef/
chef-workstation.pem validation.pem
ubuntu@chef-workstation:/opt/chef-local$ sudo knife configure
WARNING: No knife configuration file found Where should I put the config file? [/home/ubuntu/.chef/knife.rb] .chef/knife.rb Please enter the chef server URL: [http://chef-workstation:4000] http://chef-server:4000 Please enter an existing username or clientname for the API: [ubuntu] chef-workstation Please enter the validation clientname: [chef-validator] Please enter the location of the validation key: [/etc/chef/validation.pem] .chef/validation.pem Please enter the path to a chef repository (or leave blank): /opt/chef-local ***** You must place your client key in: /opt/chef-local/.chef/chef-workstation.pem Before running commands with Knife! ***** You must place your validation key in: /opt/chef-local/.chef/validation.pem Before generating instance data with Knife! ***** Configuration file written to /opt/chef-local/.chef/knife.rb
验证配置是否正确
ubuntu@chef-workstation:~$ sudo ntpdate chef-server
确认Knife工具能否连接到Chef Server
ubuntu@chef-workstation:~$ knife client list
chef-server chef-validator chef-webui chef-workstation ubuntu
ubuntu@chef-workstation:~$ knife client show chef-validator
_rev: 1-96959e21dfdb3f232a3ce8bae835475b
admin: false
chef_type: client
json_class: Chef::ApiClient
name: chef-validator
public_key: -----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA00/AWJL5mThj+pSXEB2gMKdTdHFm0pGi2hXAoBwm4/ZlnO4p2iwI
/skfZMepVm8SAkSMIhz7ZC+jN/+Kqas7es0E+iv9ei0BF4Q41Y5kKMFctuElYbPH
ImRCVTcQJ6m7BPS0Tczhy87jk6QlhsDsrnhNyUEgM5XRVNO+NzqeqZ+UMOWd9k2q
KTJhbtHdx7ILdjZ5SBsiIMBhBNni2D0Y34BDtddsXCn1eyTWwGZxZTRZuDDXnls+
aZaqogKoZ40d6h6ZVGh6nmmpdPDi9YdCIqFtWe5LF5bwIy7K6qBVgiOqU0x3Xek3
d1eZG/8C+4FWjAm1h856npvmMOpVip9w8QIDAQAB
-----END RSA PUBLIC KEY-----
3. 安装配置chef-client
编辑hosts
ubuntu@chef-client-1:~$ vim /etc/hosts
127.0.0.1 localhost 10.6.1.170 chef-server 10.6.1.171 chef-workstation 10.6.1.172 chef-client-1 10.6.1.173 chef-client-2
与chef-server同步时间
ubuntu@chef-client-1:~$ sudo ntpdate chef-server
Boostrap可以用来将目标节点初始化为一个Client
ubuntu@chef-workstation:~$ knife bootstrap --help
knife bootstrap FQDN (options)
--bootstrap-proxy PROXY_URL The proxy server for the node being bootstrapped
--bootstrap-version VERSION The version of Chef to install
-N, --node-name NAME The Chef node name for your new node
-s, --server-url URL Chef Server URL
-k, --key KEY API Client Key
--[no-]color Use colored output, defaults to enabled
-c, --config CONFIG The configuration file to use
--defaults Accept default values for all questions
--disable-editing Do not open EDITOR, just accept the data as is
-d, --distro DISTRO Bootstrap a distro using a template
-e, --editor EDITOR Set the editor to use for interactive commands
-E, --environment ENVIRONMENT Set the Chef environment
-j JSON_ATTRIBS A JSON string to be added to the first run of chef-client
--json-attributes
-F, --format FORMAT Which format to use for output
--hint HINT_NAME[=HINT_FILE] Specify Ohai Hint to be set on the bootstrap target. Use multiple --hint options to specify multiple hints.
--[no-]host-key-verify Verify host key, enabled by default.
-i IDENTITY_FILE The SSH identity file used for authentication
--identity-file
-u, --user USER API Client Username
--prerelease Install the pre-release chef gems
--print-after Show the data after a destructive operation
-r, --run-list RUN_LIST Comma separated list of roles/recipes to apply
-G, --ssh-gateway GATEWAY The ssh gateway
-P, --ssh-password PASSWORD The ssh password
-p, --ssh-port PORT The ssh port
-x, --ssh-user USERNAME The ssh username
--template-file TEMPLATE Full path to location of template to use
--sudo Execute the bootstrap via sudo
-V, --verbose More verbose output. Use twice for max verbosity
-v, --version Show chef version
-y, --yes Say yes to all prompts for confirmation
-h, --help Show this message
下面我们对chef-client-1进行初始化
ubuntu@chef-workstation:~$ sudo knife bootstrap 10.6.1.172 -x ubuntu -P password --sudo
Bootstrapping Chef on 10.6.1.172 10.6.1.172 --2012-11-09 03:34:40-- http://opscode.com/chef/install.sh 10.6.1.172 Resolving opscode.com... 10.6.1.172 184.106.28.83 10.6.1.172 Connecting to opscode.com|184.106.28.83|:80... 10.6.1.172 connected. 10.6.1.172 HTTP request sent, awaiting response... 10.6.1.172 301 Moved Permanently 10.6.1.172 Location: http://www.opscode.com/chef/install.sh [following] 10.6.1.172 --2012-11-09 03:34:41-- http://www.opscode.com/chef/install.sh 10.6.1.172 Resolving www.opscode.com... 10.6.1.172 184.106.28.83 10.6.1.172 Reusing existing connection to opscode.com:80. 10.6.1.172 HTTP request sent, awaiting response... 10.6.1.172 200 OK 10.6.1.172 Length: 6396 (6.2K) [application/x-sh] 10.6.1.172 Saving to: `STDOUT' 10.6.1.172 0% [ ] 0 --.-K/s 10.6.1.172 Downloading Chef 10.16.2 for ubuntu... 100%[======================================>] 6,396 18.7K/s in 0.3s 10.6.1.172 10.6.1.172 2012-11-09 03:34:42 (18.7 KB/s) - written to stdout [6396/6396] 10.6.1.172 10.6.1.172 Installing Chef 10.16.2 10.6.1.172 Selecting previously deselected package chef. 10.6.1.172 (Reading database ... (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 41378 files and directories currently installed.) 10.6.1.172 Unpacking chef (from .../chef_10.16.2_amd64.deb) ... 10.6.1.172 Setting up chef (10.16.2-1.ubuntu.10.04) ... 10.6.1.172 Thank you for installing Chef! 10.6.1.172 [2012-11-09T03:57:46+08:00] INFO: *** Chef 10.16.2 *** 10.6.1.172 [2012-11-09T03:57:47+08:00] INFO: Client key /etc/chef/client.pem is not present - registering 10.6.1.172 [2012-11-09T03:57:47+08:00] INFO: HTTP Request Returned 404 Not Found: Cannot load node chef-client-1 10.6.1.172 [2012-11-09T03:57:47+08:00] INFO: Setting the run_list to [] from JSON 10.6.1.172 [2012-11-09T03:57:47+08:00] INFO: Run List is [] 10.6.1.172 [2012-11-09T03:57:47+08:00] INFO: Run List expands to [] 10.6.1.172 [2012-11-09T03:57:47+08:00] INFO: HTTP Request Returned 404 Not Found: No routes match the request: /reports/nodes/chef-client-1/runs 10.6.1.172 [2012-11-09T03:57:47+08:00] INFO: Starting Chef Run for chef-client-1 10.6.1.172 [2012-11-09T03:57:47+08:00] INFO: Running start handlers 10.6.1.172 [2012-11-09T03:57:47+08:00] INFO: Start handlers complete. 10.6.1.172 [2012-11-09T03:57:48+08:00] INFO: Loading cookbooks [] 10.6.1.172 [2012-11-09T03:57:48+08:00] WARN: Node chef-client-1 has an empty run list. 10.6.1.172 [2012-11-09T03:57:48+08:00] INFO: Chef Run complete in 0.438462677 seconds 10.6.1.172 [2012-11-09T03:57:48+08:00] INFO: Running report handlers 10.6.1.172 [2012-11-09T03:57:48+08:00] INFO: Report handlers complete
验证chef-client-1是否已经注册
ubuntu@chef-workstation:~$ knife client list
chef-client-1 chef-server chef-validator chef-webui chef-workstation ubuntu
从上面可以看出chef-client-1已经成功注册到了chef-server中,整个环境 chef-workstation => chef-server => chef-client-1 已经搭建成功。
4. 接着,我们可以开始以下过程
Chef集中管理工具实践之 (2) 服务器配置
Chef集中管理工具实践之 (3) 自定义配置
#1 by jerry on 2013/01/09 - 16:15
ops@debian:~/.chef$ knife configure -i
Overwrite /home/ops/.chef/knife.rb? (Y/N) Y
Please enter the chef server URL: [http://chef-server:4000]
Please enter a clientname for the new client: [root]
Please enter the existing admin clientname: [chef-webui]
Please enter the location of the existing admin client's private key: [/etc/chef/webui.pem]
Please enter the validation clientname: [chef-validator]
Please enter the location of the validation key: [/etc/chef/validation.pem]
Please enter the path to a chef repository (or leave blank):
Creating initial API user...
ERROR: Your private key could not be loaded from /etc/chef/webui.pem
Check your configuration file and ensure that your private key is readable
博主,您好,我按照你的步骤去做,但是到这步总是有问题,无论我是用默认root账户,还是用我的ops账户,都不行
有什么解决方案吗?或者给我一个思路
++++++++++++++++++++++++++
********************** Resolved
ERROR: Your private key could not be loaded from /home/brett/.chef/
This seems to have the wrong username for some reason
Here is the knife.rb that I am using, modify the passwords and usernames and it should work
***************************
current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name "username"
client_key "#{current_dir}/username.pem"
validation_client_name "organization-validator"
validation_key "#{current_dir}/organization.pem"
chef_server_url "https://api.opscode.com/organizations/organization"
cache_type 'BasicFil
cache_options( :path => "#{ENV['HOME']}/.chef/checksums" )
cookbook_path ["#{current_dir}/cookbooks"]
++++++++++++++++++++++++++++
以上是一个老外blog上的解决方法,但似乎不适用于我
#2 by jerry on 2013/01/09 - 16:21
我仔细看了下,我明明是ops用户,提示我的时候,默认却是root
Debian GNU/Linux 6.0 \n \l
#3 by zhishui on 2013/07/08 - 15:24
你好,我想请教下三个装在同一台电脑上可以吗,我试了下,在chef-client-1注册的时候就有问题,还有就是现在chef是11版的,据说跟10有挺多差别,这个适用于11版的吗,
#4 by mcsrainbow on 2013/07/10 - 11:43
基本的配置思路肯定是一致的,具体细节可能不同,有时间我测试一下11版的。目前更喜欢用的是一个叫Saltstack的软件,和Chef类似但是更易用,用Python实现的。
#5 by eric on 2013/07/12 - 18:25
哥们你这教程写的有点忒.....
连一点说明都没有,很多地方随着版本和使用不同都应该或多或少有一点变化,所以看你这文档能做成功的应该很少
希望你下次写文档时可以负责一点,要是给自己就自己收藏就好了
要是想分享,就应该写的详细和人性化一些
谢谢 以上是小弟的一点建议
#6 by mcsrainbow on 2013/07/12 - 18:38
你是用的新版本么?我写文章的习惯是一遍操作一遍写,因此所有的步骤至少在我写文章的当时是没问题的,我自己也经常拿来参考这些步骤,每次都能成功。我了解近期可能有新版的Chef,有时间我会再测试一遍,看是不是有的步骤需要更新。
#7 by Peter on 2014/10/31 - 18:11
Hi,
在做第三步3. 安装配置chef-client时,是不是要对chef-client-1做一些操作,否则,在运行sudo knife bootstrap 10.6.1.172 -x ubuntu -P password --sudo的时候回出现:
Connecting to 10.6.1.172
ERROR: Errno::ENOENT: No such file or directory - /opt/chef-local/.chef/validator.pem