This article is a reference to the official website. If you have any misunderstanding, please correct it. If you have any questions, please leave a message to discuss them together
Installation deployment
chef server
Official documents: https://docs.chef.io/server/install_server/
Important prerequisites: modify your own hostname (the value I configured is chefserver, and both workstation and node machines need to be able to parse), synchronize the clock, and close the firewall
- Download the installation package and upload it to the server for installation
Download address: https://downloads.chef.io/chef-server/[root@chefworkstation ~] rpm -Uvh chef-server-core-12.19.31-1.sles12.x86_64.rpm
- Configure and start service: Chef server CTL command help document: https://docs.chef.io/server/ctl_chef_server/
[root@chefworkstation ~] chef-server-ctl reconfigure
- Create administrator user
[root@chefworkstation ~] mkdir -p /path/to [root@chefworkstation ~] chef-server-ctl user-create janedoe Jane Doe janed@example.com 'abc123' --filename /path/to/janedoe.pem
- Create the organization and associate the user janedoe to the admin security group of the organization
In order to facilitate management, I create a cw user and add cw to the admin Group. cw will be used in the subsequent installation of workstation PEM file[root@chefworkstation ~] chef-server-ctl org-create 4thcafe 'Fourth Cafe, Inc.' --association_user janedoe --filename /path/to/4thcafe-validator.pem
[root@chefworkstation ~] chef-server-ctl user-create cw chef workstation cw@example.com '111111' --filename /path/to/cw.pem [root@chefworkstation ~] chef-server-ctl org-user-add 4thcafe cw --admin
chef workstation
Official documents: https://docs.chef.io/workstation/install_workstation/
Important prerequisites: modify your own hostname, be able to parse the chefserver (the hostname of the server machine), configure clock synchronization, close the firewall, and have a minimum memory of 4G
- Install package
Check the installation directory. The default workstation is installed under / opt[root@chefworkstation ~] wget https://packages.chef.io/files/stable/chef-workstation/21.2.278/el/8/chef-workstation-21.2.278-1.el7.x86_64.rpm [root@chefworkstation ~] yum localinstall chef-workstation-21.2.278-1.el7.x86_64.rpm [root@chefworkstation ~] chef -v Chef Workstation version: 21.2.278 Chef Infra Client version: 16.10.8 Chef InSpec version: 4.26.4 Chef CLI version: 3.1.1 Chef Habitat version: 1.6.181 Test Kitchen version: 2.10.0 Cookstyle version: 7.8.0
[root@chefworkstation opt] ls /opt/ chef-workstation
- Set ruby in Chef Workstation as the default ruby for linux
Restart a terminal (restart an xshell) and execute which ruby[root@chefworkstation ~] echo 'eval "$(chef shell-init bash)"' >> ~/.bashrc
[root@chefworkstation ~] which ruby /opt/chef-workstation/embedded/bin/ruby
- Create a repository warehouse to store local cookbook s and other resources (Chef repo in the command represents the name of the repository you want to create). Finally, a repository will be created in the directory where the command is executed. To facilitate management, I choose to put it in the same directory as workstation
(chef command help document: https://docs.chef.io/workstation/ctl_chef/#chef-generate-repo)[root@chefworkstation ~] cd /opt/ [root@chefworkstation ~] chef generate repo chef-repo
Finally, the directory structure is as follows[root@chefworkstation opt] ll /opt/ drwxr-xr-x 6 root root 161 Aug 13 10:08 chef-repo drwxr-xr-x 7 root root 186 Aug 13 09:46 chef-workstation [root@chefworkstation opt] tree chef-repo/ chef-repo/ ├── chefignore ├── cookbooks │ ├── example │ │ ├── attributes │ │ │ └── default.rb │ │ ├── metadata.rb │ │ ├── README.md │ │ └── recipes │ │ └── default.rb │ └── README.md ├── data_bags │ ├── example │ │ └── example_item.json │ └── README.md ├── LICENSE ├── policyfiles │ └── README.md └── README.md 7 directories, 11 files
- Use the knife configure command to create a credentials file (~ /. chef / directory) to communicate with the server (use knife config show to view it after creation)
The command requires two parameters: Chef Server URL and Client Name. My parameters are as follows:
Chef Server URL: https://chefserver/organizations/4thcafe (chefserver is the hostname of the server machine, which needs to be resolved in the hosts of workstation, and 4thcafe is the name of the organization created on the server)
Client Name: CW (user created on server)[root@chefworkstation opt] knife configure #View content [root@chefworkstation cookbooks] knife config show Loading from credentials file /root/.chef/credentials chef_server_url: https://chefserver/organizations/4thcafe client_key: /root/.chef/cw.pem config_file: log_level: warn log_location: STDERR node_name: cw profile: default
- Copy the pem file of user cw on server to workstation ~ / Chef path, view directory structure
credentials: the configuration file of the knife command (similar to nginx.conf). For detailed file interpretation, refer to: https://docs.chef.io/workstation/config_rb/[root@chefworkstation opt] ll ~/.chef/ -rw-r--r-- 1 root root 36 Aug 13 10:08 chef_guid -rw-r--r-- 1 root root 133 Aug 13 10:35 credentials -rw-r--r-- 1 root root 1674 Aug 13 10:52 cw.pem [root@chefworkstation opt]
cw.pem: run the command on workstation, and the background completes the corresponding changes by calling the API of server, CW PEM for API service validation - Verify whether the communication between workstation and server is normal
#Since the server uses a self signed certificate, you need to add a knife SSL fetch in the workstation [root@chefworkstation opt] knife ssl fetch #Check all client s. If the returned results are similar to the following, it means that the workstation can communicate with the server normally [root@chefworkstation opt] knife client list 4thcafe-validator
chef client installation
Official documents: https://docs.chef.io/workstation/knife_bootstrap/
Important premise: modify your own hostname, be able to parse the chefserver (the hostname of the server machine), configure clock synchronization, and close the firewall
Chef client installation refers to installing the client program chef client on the managed node. This operation is completed by executing commands on the workstation
Execute the command on the workstation to install the client (modify the IP in the command and the login account and password of the server)
#192.168.16.12: node IP #chefnode2: hostname of node #root: the user name to log in to the node server #1: The password corresponding to the user name of the node server [root@chefworkstation opt]knife bootstrap 192.168.16.12 -N chefnode -U root -P 1
Check whether the node is successfully installed in the workstation
[root@chefworkstation opt] knife node list chefnode
Log in to the node node and check the installation directory (the default installation path is / opt/chef)
[root@chefnode chef] ll /opt/chef/ drwxr-xr-x 2 root root 204 Aug 12 13:21 bin drwxr-xr-x 7 root root 67 Aug 12 13:21 embedded -rw-r--r-- 1 root root 35962 Jul 28 03:24 LICENSE drwxr-xr-x 2 root root 8192 Aug 12 13:21 LICENSES -rw-r--r-- 1 root root 7002 Jul 28 03:25 version-manifest.json -rw-r--r-- 1 root root 3500 Jul 28 03:25 version-manifest.txt [root@chefnode chef]
Detailed explanation of knife command: https://docs.chef.io/workstation/knife/
Actual combat: Quick Start
Next, I will explain how to write recipe, create files, folders and install software packages. The overall process is as follows
workstation local create repo - > create cookbook in repo - > write recipe - > execute recipe locally (not required) - > upload cookbook to server - > node execute recipe
- Create a repo locally: myrepo
[root@chefworkstation cookbooks] cd /opt/ [root@chefworkstation opt] chef generate repo myrepo
- Create local cookbook: mycookbook
[root@chefworkstation opt] cd myrepo/cookbooks/ [root@chefworkstation cookbooks] chef generate cookbook mycookbook
- Write recipe. For specific syntax format and parameter description, refer to:
recipe syntax format: https://docs.chef.io/resource/
All resource types and parameters: https://docs.chef.io/resources/[root@chefworkstation cookbooks] cd mycookbook/ [root@chefworkstation mycookbook] vim recipes/default.rb Write the following notes( action (space between and) #Create a folder using directory resource directory '/home/resource_directory' do action :create end #Create a file using file resource file '/home/resource_directory/resource_file' do content 'This is created by chef!' end #Executing linux commands using bash resource bash 'excute command' do cwd '/home/' code <<-EOH mkdir -p resource_bash echo "This is created by bash resource!" >> resource_bash_file.txt EOH end #Use package resource to install telnet package package 'telnet' do action :install end - Execute recipe locally in workstation, and pay attention to whether the directory is correct
[root@chefworkstation mycookbook] pwd /opt/myrepo/cookbooks/mycookbook [root@chefworkstation mycookbook] chef-client -z -o mycookbook
- Check whether the corresponding folders, files are created, and software packages are installed
[root@chefworkstation mycookbook] ll /home/ total 4 drwxr-xr-x 2 root root 6 Aug 19 11:40 resource_bash -rw-r--r-- 1 root root 34 Aug 19 11:40 resource_bash_file.txt drwxr-xr-x 2 root root 27 Aug 19 11:40 resource_directory [root@chefworkstation mycookbook] rpm -qa |grep telnet telnet-0.17-66.el7.x86_64
- So far, we have learned to write recipe s locally in the workstation, use various built-in resource s to complete file creation, software package installation and other operations, and then upload the cookbook to the server and execute it on the node to make the node reach the same state
Optional operation: the path of the cookbook needs to be specified in the command. We can write this parameter to the configuration file, and there is no need to manually transfer parameters in the command in the future[root@chefworkstation mycookbook] knife cookbook upload mycookbook --cookbook-path /opt/myrepo/cookbooks/ Uploading mycookbook [0.1.0] Uploaded 1 cookbook.
Here you may have some questions. What is the purpose of knife? The official introduction is as follows:[root@chefworkstation mycookbook] vim /root/.chef/credentials #Add the following line: please refer to the credentials file mentioned above for specific parameters that can be added cookbook_path = '/opt/myrepo/cookbooks/'
knife is a command-line tool that provides an interface between a local chef-repo and the Chef Infra Server
Knife is a command-line tool that provides an interface for local repo and server interaction. A simple understanding is that the execution of knife commands is related to the server most of the time. For specific usage of knife, please refer to the knife official website for details
To view which cookbook s are available on the server:[root@chefworkstation mycookbook] knife cookbook list mycookbook 0.1.0
- The next step is to ask node to execute the recipe just uploaded, but now node doesn't know what it needs to execute. We need to tell it what it should execute (run list)
The modified contents are as follows (after modification: wq save, the same as the local vi file)#Edit the run list of chefnode machine and tell it to execute the default recipe of mycookbook, - e VI is the specified editor. You can also use vim or other tools #For convenience, this can also be written in the configuration file: create XXX in the credentials file and the same directory D folder, and then create XXX in it RB file, write the following line #knife[:editor] = 'vi' [root@chefworkstation mycookbook] knife node edit chefnode -e vi
{ "name": "chefnode", "chef_environment": "_default", "normal": { "tags": [ ] }, "policy_name": null, "policy_group": null, "run_list": [ "recipe[mycookbook::default]" ] } - Then you can log in to the node machine and execute run list
So far, the process operation has been completed. For more information about role, environment, policy file, etc., please refer to the official website: https://docs.chef.io/#It can be executed in any directory of the node machine. After playing, check whether the files and folders are created and whether the telnet package is installed. [root@chefnode home] chef-client