From workstation, you can use knife tool to make recipes. Then using recipes you can distribute settings and other things to a lot of nodes almost at the same time.
1.Installing chef server
root@chef-server:/home/young# wget https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef-server_11.0.10-1.ubuntu.12.04_amd64.deb
root@chef-server:/home/young# dpkg -i chef-server_11.0.10-1.ubuntu.12.04_amd64.deb
Selecting previously unselected package chef-server.
(Reading database ... 168983 files and directories currently installed.)
Unpacking chef-server (from chef-server_11.0.10-1.ubuntu.12.04_amd64.deb) ...
root@chef-server:/home/young# chef-server-ctl reconfigure
#Making workstation
root@knife:/home/young# curl -L https://www.opscode.com/chef/install.sh | sudo bash
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 14101 100 14101 0 0 13711 0 0:00:01 0:00:01 --:--:-- 19290
Downloading Chef for ubuntu...
downloading https://www.opscode.com/chef/metadata?v=&prerelease=false&p=ubuntu&pv=12.04&m=x86_64
to file /tmp/install.sh.7422/metadata.txt
trying wget...
url https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef_11.8.2-1.ubuntu.12.04_amd64.deb
md5 3d3b3662830a44eeec71aadc098a4018
sha256 a5b00a24e68e29a01c7ab9de5cdaf0cc9fd1c889599ad9af70293e5b4de8615c
downloaded metadata file looks valid...
downloading https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef_11.8.2-1.ubuntu.12.04_amd64.deb
to file /tmp/install.sh.7422/chef__amd64.deb
trying wget...
Checksum compare with sha256sum succeeded.
Installing Chef
installing with dpkg...
Selecting previously unselected package chef.
(Reading database ... 144584 files and directories currently installed.)
Unpacking chef (from .../chef__amd64.deb) ...
Setting up chef (11.8.2-1.ubuntu.12.04) ...
Thank you for installing Chef!
root@knife:/home/young# chef-client -v
Chef: 11.8.2
root@knife:/home/young#
# Confirm installation of git
root@knife:/home/young# which git
/usr/bin/git
root@knife:/home/young#
#If cannot find git, then install git by "apt-get -y install git" =ubuntu
root@knife2:/home/young# git clone git://github.com/opscode/chef-repo.git
Cloning into 'chef-repo'...
remote: Reusing existing pack: 223, done.
remote: Total 223 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (223/223), 46.09 KiB, done.
Resolving deltas: 100% (56/56), done.
root@knife:/home/young# ls chef-repo/
certificates chefignore config cookbooks data_bags environments LICENSE Rakefile README.md roles
root@knife2:/home/young# ls -lrt chef-repo/
total 48
drwxr-xr-x 2 root root 4096 Jan 21 23:48 roles
-rw-r--r-- 1 root root 3510 Jan 21 23:48 README.md
-rw-r--r-- 1 root root 2169 Jan 21 23:48 Rakefile
-rw-r--r-- 1 root root 10850 Jan 21 23:48 LICENSE
drwxr-xr-x 2 root root 4096 Jan 21 23:48 environments
drwxr-xr-x 2 root root 4096 Jan 21 23:48 data_bags
drwxr-xr-x 2 root root 4096 Jan 21 23:48 cookbooks
drwxr-xr-x 2 root root 4096 Jan 21 23:48 config
-rw-r--r-- 1 root root 156 Jan 21 23:48 chefignore
drwxr-xr-x 2 root root 4096 Jan 21 23:48 certificates
root@knife2:/home/young#
# Chef node install chef-client
young@node1:~$ curl -L https://www.opscode.com/chef/install.sh | sudo bash
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 14101 100 14101 0 0 8390 0 0:00:01 0:00:01 --:--:-- 12680
Downloading Chef for ubuntu...
downloading https://www.opscode.com/chef/metadata?v=&prerelease=false&p=ubuntu&pv=12.04&m=x86_64
to file /tmp/install.sh.2666/metadata.txt
trying wget...
url https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef_11.8.2-1.ubuntu.12.04_amd64.deb
md5 3d3b3662830a44eeec71aadc098a4018
sha256 a5b00a24e68e29a01c7ab9de5cdaf0cc9fd1c889599ad9af70293e5b4de8615c
downloaded metadata file looks valid...
downloading https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef_11.8.2-1.ubuntu.12.04_amd64.deb
to file /tmp/install.sh.2666/chef__amd64.deb
trying wget...
Checksum compare with sha256sum succeeded.
Installing Chef
installing with dpkg...
Selecting previously unselected package chef.
(Reading database ... 87885 files and directories currently installed.)
Unpacking chef (from .../chef__amd64.deb) ...
Setting up chef (11.8.2-1.ubuntu.12.04) ...
Thank you for installing Chef!
young@node1:~$
young@node1:~$ chef-client -v
Chef: 11.8.2
root@knife2:/home/young/chef-repo/.chef# knife configure --initial
WARNING: No knife configuration file found
Where should I put the config file? [/root/.chef/knife.rb] /home/young/chef-repo/.chef/knife.rb
Please enter the chef server URL: [https://knife2:443] https://192.168.56.3:443
Please enter a name for the new user: [young]
Please enter the existing admin name: [admin]
Please enter the location of the existing admin's private key: [/etc/chef-server/admin.pem]
Please enter the validation clientname: [chef-validator]
Please enter the location of the validation key: [/etc/chef-server/chef-validator.pem]
Please enter the path to a chef repository (or leave blank):
Creating initial API user...
Please enter a password for the new user:
ERROR: Your private key could not be loaded from /etc/chef-server/admin.pem
Check your configuration file and ensure that your private key is readable
root@knife2:/home/young/chef-repo/.chef# ls
knife.rb
root@knife2:/home/young/chef-repo/.chef#
root@knife2:/home/young/chef-repo/.chef# ls
knife.rb
root@knife2:/home/young/chef-repo/.chef# cat knife.rb
log_level :info
log_location STDOUT
node_name 'young'
client_key '/home/young/chef-repo/.chef/young.pem'
validation_client_name 'chef-validator'
validation_key '/etc/chef-server/chef-validator.pem'
chef_server_url 'https://192.168.56.3:443'
syntax_check_cache_path '/home/young/chef-repo/.chef/syntax_check_cache'
root@knife2:/home/young/chef-repo/.chef# stat knife.rb
oot@knife2:/home/young/chef-repo/.chef# telnet 192.168.56.3 443
Trying 192.168.56.3...
Connected to 192.168.56.3.
Escape character is '^]'.
* When reinstall chef-server , should backup /etc/chef-server directory, if not, then chef-server-ctl cleanse then chef-server-ctl reconfigure again
*Below
Create new User
*Below
Copy private key
In Knife workstation make young.pem and paste above key to it.
root@knife2:/home/young/chef-repo/.chef# vi young.pem
root@knife2:/home/young/chef-repo/.chef# ls
knife.rb young.pem
root@knife2:/home/young/chef-repo/.chef#
# scp chef-validator.pem to workstaion(knife server)
root@chef-server:/etc/chef-server# scp chef-validator.pem young@192.168.56.105:/home/young/
The authenticity of host '192.168.56.105 (192.168.56.105)' can't be established.
ECDSA key fingerprint is 2e:9f:2a:8e:6f:3b:17:50:c8:2a:8c:aa:e7:f9:ba:19.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.56.105' (ECDSA) to the list of known hosts.
young@192.168.56.105's password:
chef-validator.pem 100% 1679 1.6KB/s 00:00
root@chef-server:/etc/chef-server#
root@chef-server:/etc/chef-server# scp chef-validator.pem young@192.168.56.105:/home/young/
The authenticity of host '192.168.56.105 (192.168.56.105)' can't be established.
ECDSA key fingerprint is 2e:9f:2a:8e:6f:3b:17:50:c8:2a:8c:aa:e7:f9:ba:19.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.56.105' (ECDSA) to the list of known hosts.
young@192.168.56.105's password:
chef-validator.pem 100% 1679 1.6KB/s 00:00
root@chef-server:/etc/chef-server#
#And then cp to .chef folder.
root@knife2:/home/young/chef-repo/.chef# cat knife.rb
log_level :info
log_location STDOUT
node_name 'young'
client_key '/home/young/chef-repo/.chef/young.pem'
validation_client_name 'chef-validator'
validation_key '/etc/chef-server/chef-validator.pem'
chef_server_url 'https://192.168.56.3:443'
syntax_check_cache_path '/home/young/chef-repo/.chef/syntax_check_cache'
root@knife2:/home/young/chef-repo/.chef# ls
chef-validator.pem knife.rb young.pem
root@knife2:/home/young/chef-repo/.chef#
root@knife2:/home/young/chef-repo/.chef# cat knife.rb
log_level :info
log_location STDOUT
node_name 'young'
client_key '/home/young/chef-repo/.chef/young.pem'
validation_client_name 'chef-validator'
validation_key '/etc/chef-server/chef-validator.pem'
chef_server_url 'https://192.168.56.3:443'
syntax_check_cache_path '/home/young/chef-repo/.chef/syntax_check_cache'
root@knife2:/home/young/chef-repo/.chef# ls
chef-validator.pem knife.rb young.pem
root@knife2:/home/young/chef-repo/.chef#
#RUBY TO $PATH
root@knife2:/home/young/chef-repo/.chef# tail -1 ~/.bashrc
export PATH="/opt/chef/embedded/bin:$PATH"
root@knife2:/home/young/chef-repo/.chef# echo $PATH
/opt/chef/embedded/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
root@knife2:/home/young/chef-repo/.chef#
root@knife2:/home/young/chef-repo/.chef# knife client list
ERROR: You authenticated successfully to https://192.168.56.3:443 as young but you are not authorized for this action
Response: You are not allowed to take this action.
# To allow above "knife client list", change young user to admin group.
root@knife2:/home/young/chef-repo/.chef# knife client list
chef-validator
chef-webui
root@knife2:/home/young/chef-repo/.chef#
#Add the cookbook_path to knife.rb
root@knife2:/home/young/chef-repo/cookbooks# tail ../.chef/knife.rb
log_level :info
log_location STDOUT
node_name 'young'
client_key '/home/young/chef-repo/.chef/young.pem'
validation_client_name 'chef-validator'
validation_key '/etc/chef-server/chef-validator.pem'
chef_server_url 'https://192.168.56.3:443'
syntax_check_cache_path '/home/young/chef-repo/.chef/syntax_check_cache'
cookbook_path ["./cookbooks"]
No comments:
Post a Comment