在 CentOS 7 上安装 CHEF 13 服务器
目前,CHEF 13 服务器可在其官网下载。
[root@chef-server-01 ~]# cd /tmp [root@chef-server-01 tmp]# curl -O https://packages.chef.io/files/stable/chef-server/13.0.17/el/7/chef-server-core-13.0.17-1.el7.x86_64.rpm
完成 CHEF 13 服务器下载后,使用 rpm 命令安装 RPM 包。
[root@chef-server-01 tmp]# rpm -ivh chef-server-core-13.0.17-1.el7.x86_64.rpm
如下配置 CHEF 13 服务器。
[root@chef-server-01 tmp]# chef-server-ctl reconfigure +---------------------------------------------+ Chef License Acceptance Before you can continue, 3 product licenses must be accepted. View the license at https://www.chef.io/end-user-license-agreement/ Licenses that need accepting: * Chef Infra Server * Chef Infra Client * Chef InSpec Do you accept the 3 product licenses (yes/no)? > yes Persisting 3 product licenses... -> 3 product licenses persisted. +---------------------------------------------+ Starting Chef Infra Client, version 15.0.300 resolving cookbooks for run list: ["private-chef::default"] Synchronizing Cookbooks: - enterprise (0.15.1) - runit (5.1.1) - packagecloud (1.0.1) - yum-epel (3.3.0) - private-chef (0.1.1) Installing Cookbook Gems: Compiling Cookbooks... Recipe: private-chef::default * directory[/etc/opscode] action create (up to date) * directory[/etc/opscode/logrotate.d] action create - create new directory /etc/opscode/logrotate.d - change mode from '' to '0755' - change owner from '' to 'root' - change group from '' to 'root' - restore selinux security context /var/opt/opscode/local-mode-cache/cookbooks/private-chef/recipes/oc-chef-pedant.rb:41: warning: constant OpenSSL::SSL::SSLContext::METHODS is deprecated Converging 259 resources * link[/usr/bin/private-chef-ctl] action create (up to date) * link[/usr/bin/chef-server-ctl] action create (up to date) * directory[/etc/opscode] action nothing (skipped due to action :nothing) * directory[/etc/opscode/logrotate.d] action nothing (skipped due to action :nothing) * log[opscode_webui deprecation notice] action write (skipped due to only_if) Recipe: private-chef::users * linux_user[opscode] action create - create user opscode * group[opscode] action create - alter group opscode - replace group members with new list of members Recipe: private-chef::private_keys * file[/etc/opscode/pivotal.pem] action create - create new file /etc/opscode/pivotal.pem - update content in file /etc/opscode/pivotal.pem from none to 689221 - suppressed sensitive resource - change mode from '' to '0600' - change owner from '' to 'opscode' - change group from '' to 'root' - restore selinux security context * file[/etc/opscode/webui_priv.pem] action create - create new file /etc/opscode/webui_priv.pem - update content in file /etc/opscode/webui_priv.pem from none to 4d9638 - suppressed sensitive resource - change mode from '' to '0600' - change owner from '' to 'opscode' - change group from '' to 'root' - restore selinux security context * file[/etc/opscode/webui_pub.pem] action create - create new file /etc/opscode/webui_pub.pem - update content in file /etc/opscode/webui_pub.pem from none to 3e4501 - suppressed sensitive resource - change mode from '' to '0644' - change owner from '' to 'root' - change group from '' to 'root' - restore selinux security context Recipe: private-chef::default * file[/etc/opscode/dark_launch_features.json] action create - create new file /etc/opscode/dark_launch_features.json - update content in file /etc/opscode/dark_launch_features.json from none to 05b75f --- /etc/opscode/dark_launch_features.json 2019-09-04 20:24:28.821962036 +0500 +++ /etc/opscode/.chef-dark_launch_features20190904-7539-h4omrn.json 2019-09-04 20:24:28.821962036 +0500 @@ -1 +1,17 @@ +{ + "quick_start": false, + "new_theme": true, + "private-chef": true, + "sql_users": true, + "add_type_and_bag_to_items": true, + "reporting": true, + "actions": true, + "503_mode": false, + "couchdb_containers": false, + "couchdb_groups": false, + "couchdb_acls": false, + "couchdb_association_requests": false, + "couchdb_organizations": false, + "couchdb_associations": false +} - change mode from '' to '0644' - change owner from '' to 'opscode' - change group from '' to 'root' - restore selinux security context * directory[/etc/chef] action create - change mode from '0755' to '0775' - change group from 'root' to 'opscode' - restore selinux security context * directory[/var/opt/opscode] action create (up to date) * directory[/var/log/opscode] action create - create new directory /var/log/opscode - change mode from '' to '0755' - change owner from '' to 'opscode' - change group from '' to 'opscode' - restore selinux security context Recipe: enterprise::runit * component_runit_supervisor[private_chef] action create * template[/etc/systemd/system/private_chef-runsvdir-start.service] action create - create new file /etc/systemd/system/private_chef-runsvdir-start.service - update content in file /etc/systemd/system/private_chef-runsvdir-start.service from none to 27231f --- /etc/systemd/system/private_chef-runsvdir-start.service 2019-09-04 20:24:28.936962034 +0500 +++ /etc/systemd/system/.chef-private_chef-runsvdir-start20190904-7539-1hczk0s.service 2019-09-04 20:24:28.936962034 +0500 @@ -1 +1,11 @@ +[Unit] +Description=private_chef Runit Process Supervisor +After=network.target auditd.service + +[Service] +ExecStart=/opt/opscode/embedded/bin/runsvdir-start +Restart=always + +[Install] +WantedBy=multi-user.target - change mode from '' to '0644' - change owner from '' to 'root' - change group from '' to 'root' - restore selinux security context * execute[systemctl daemon-reload] action run - execute systemctl daemon-reload * execute[systemctl daemon-reload] action nothing (skipped due to action :nothing) * file[/usr/lib/systemd/system/private_chef-runsvdir-start.service] action delete (up to date) * service[private_chef-runsvdir-start.service] action enable - enable service service[private_chef-runsvdir-start.service] * service[private_chef-runsvdir-start.service] action start - start service service[private_chef-runsvdir-start.service] Recipe: private-chef::sysctl-updates * execute[sysctl-reload] action nothing (skipped due to action :nothing) * bash[dual ip4/ip6 portbind] action run (skipped due to only_if) Recipe: private-chef::fix_permissions * execute[find /opt/opscode/embedded/lib/ruby/gems/*/gems -perm /u=x,g=x,o=x -exec chmod 755 {} \;] action run - execute find /opt/opscode/embedded/lib/ruby/gems/*/gems -perm /u=x,g=x,o=x -exec chmod 755 {} \; * execute[find /opt/opscode/embedded/lib/ruby/gems/*/gems -perm /u=r,g=r,o=r ! -perm /u=x -exec chmod 644 {} \;] action run ... ... ... Recipe: private-chef::opscode-erchef * component_runit_service[opscode-erchef] action restart Recipe: <Dynamically Defined Resource> * service[opscode-erchef] action nothing (skipped due to action :nothing) * runit_service[opscode-erchef] action restart (up to date) (up to date) Recipe: private-chef::partybus * execute[set initial migration level] action run - execute cd /opt/opscode/embedded/service/partybus && ./bin/partybus init * ruby_block[migration-level file sanity check] action run (skipped due to not_if) Recipe: private-chef::rabbitmq * script[hard_kill_rabbitmq] action run - execute "bash" "/tmp/chef-script20190904-7539-il7d0v" Running handlers: Running handlers complete Chef Infra Client finished, 482/1028 resources updated in 05 minutes 44 seconds Chef Server Reconfigured!
检查 CHEF 13 服务器组件的状态。
[root@chef-server-01 tmp]# chef-server-ctl status run: bookshelf: (pid 36604) 569s; run: log: (pid 30489) 749s run: nginx: (pid 36571) 575s; run: log: (pid 31865) 667s run: oc_bifrost: (pid 36483) 580s; run: log: (pid 29963) 804s run: oc_id: (pid 36560) 577s; run: log: (pid 30055) 778s run: opscode-erchef: (pid 37511) 475s; run: log: (pid 30679) 743s run: opscode-expander: (pid 36594) 571s; run: log: (pid 30282) 761s run: opscode-solr4: (pid 36586) 572s; run: log: (pid 30176) 767s run: postgresql: (pid 36479) 582s; run: log: (pid 29399) 829s run: rabbitmq: (pid 37285) 522s; run: log: (pid 32136) 660s run: redis_lb: (pid 31083) 708s; run: log: (pid 31082) 708s
为 CHEF 服务器管理创建一个管理员用户。
[root@chef-server-01 tmp]# chef-server-ctl user-create admin admin admin admin@chef-server-01.onitroad.com 'abc123' -f /etc/chef/admin.pem
我们根据以下语法提供了上述命令中的值。
chef-server-ctl user-create USER_NAME FIRST_NAME LAST_NAME EMAIL 'PASSWORD' -f PATH_FILE_NAME
创建一个组织来保存 CHEF 13 服务器配置。
[root@chef-server-01 tmp]# chef-server-ctl org-create sysadminrecipes "JackLi's SysAdmin Recipes" --association_user admin -f /etc/chef/sysadminrecipes-validator.pem
我们根据以下语法提供了值。
chef-server-ctl org-create SHORT_ORG_NAME FULL_ORG_NAME --association_user USER_NAME --filename ORGANIZATION-validator.pem
在 Linux 防火墙中允许 HTTP 和 HTTPS 服务端口。
[root@chef-server-01 tmp]# firewall-cmd --permanent --add-service={http,https} success [root@chef-server-01 tmp]# firewall-cmd --reload success
CHEF 是一个用 Ruby 和 ErLang 编写的配置管理工具。
CHEF 是最受欢迎的基础设施即代码 (IAC) 工具之一。
通过使用 CHEF,我们可以简化配置和维护组织服务器的任务。
CHEF 还包括一个用于维护服务器配置的瘦客户端管理控制台。
CHEF 使用 Ruby 编写系统配置“Recipes”。
在本文中,我们将在 CentOS 7 上安装 CHEF 13 服务器。
同时为 CHEF 安装了一个管理控制台。
on
it
road
.com
在 CentOS 7 上安装 CHEF 13 管理控制台
使用以下命令安装管理控制台。
[root@chef-server-01 tmp]# chef-server-ctl install chef-manage Starting Chef Infra Client, version 15.0.300 resolving cookbooks for run list: ["private-chef::add_ons_wrapper"] Synchronizing Cookbooks: - enterprise (0.15.1) - runit (5.1.1) - packagecloud (1.0.1) - yum-epel (3.3.0) - private-chef (0.1.1) Installing Cookbook Gems: Compiling Cookbooks... Converging 4 resources Recipe: private-chef::add_ons_wrapper * ruby_block[addon_install_notification_chef-manage] action nothing (skipped due to action :nothing) * remote_file[/var/opt/opscode/local-mode-cache/chef-manage-2.5.16-1.el7.x86_64.rpm] action create - create new file /var/opt/opscode/local-mode-cache/chef-manage-2.5.16-1.el7.x86_64.rpm - update content in file /var/opt/opscode/local-mode-cache/chef-manage-2.5.16-1.el7.x86_64.rpm from none to 8b14a7 (file sizes exceed 10000000 bytes, diff output suppressed) - restore selinux security context * ruby_block[locate_addon_package_chef-manage] action run - execute the ruby block locate_addon_package_chef-manage * yum_package[chef-manage] action install - install version 2.5.16-1.el7 of package chef-manage * ruby_block[addon_install_notification_chef-manage] action run - execute the ruby block addon_install_notification_chef-manage Running handlers: -- Installed Add-On Package: chef-manage - #<Class:0x0000000005722e50>::AddonInstallHandler Running handlers complete Chef Infra Client finished, 4/5 resources updated in 08 minutes 30 seconds
现在,我们必须重新配置 CHEF 13 服务器。
[root@chef-server-01 tmp]# chef-server-ctl reconfigure ... Recipe: private-chef::nginx * component_runit_service[nginx] action restart Recipe: <Dynamically Defined Resource> * service[nginx] action nothing (skipped due to action :nothing) * runit_service[nginx] action restart (up to date) (up to date) Running handlers: Running handlers complete Chef Infra Client finished, 52/553 resources updated in 01 minutes 48 seconds Chef Server Reconfigured!
如下配置 CHEF 管理控制台。
[root@chef-server-01 tmp]# chef-manage-ctl reconfigure To use this software, you must agree to the terms of the software license agreement. Press any key to continue. Type 'yes' to accept the software license agreement, or anything else to cancel. yes ... ... ... Cloning resource attributes for directory[/var/log/chef-manage/worker] from prior resource Previous directory[/var/log/chef-manage/worker]: /opt/chef-manage/embedded/cookbooks/cache/cookbooks/private_chef_addon/providers/default.rb:42:in `block in create_log_directories' Current directory[/var/log/chef-manage/worker]: /opt/chef-manage/embedded/cookbooks/cache/cookbooks/private_chef_addon/providers/default.rb:42:in `block in create_log_directories' at 1 location: - /opt/chef-manage/embedded/cookbooks/cache/cookbooks/private_chef_addon/providers/default.rb:42:in `block in create_log_directories' See https://docs.chef.io/deprecations_resource_cloning.html for further details. Chef Client finished, 90/269 resources updated in 01 minutes 36 seconds chef-manage Reconfigured!
在客户端浏览器中浏览 URL https://chef-server-01.onitroad.com/。
浏览器显示安全警告,因为我们的 CHEF 13 服务器使用自签名证书。
忽略警告并继续访问该网站。
以我们在上面创建的管理员用户身份登录。
进入 CHEF 13 管理控制台的仪表板。
我们已经在 CentOS 7 上成功安装了 CHEF 13 服务器以及管理控制台。
日期:2020-09-17 00:16:38 来源:oir作者:oir