当前位置:龙图IT服务 > 操作系统 >

Chef集中管理工具实践之 (1) 环境部署

作者:北京IT服务外包公司 发布时间:2016-04-11 阅读: 转至微博:

环境介绍
OS: Ubuntu 10.10 Server 64-bit //经过验证在12.04.1以及12.10上也成功实现部署。
Servers:
chef-server:10.6.1.170
chef-workstation:10.6.1.171
chef-client-1:10.6.1.172
chef-client-2:10.6.1.173

1. 安装配置Chef Server
编辑hosts
ubuntu@chef-server:~$ sudo vim /etc/hosts

127.0.0.1    localhost

10.6.1.170 chef-server
10.6.1.171 chef-workstation
10.6.1.172 chef-client-1
10.6.1.173 chef-client-2

注意:
将本机的hostname在/etc/hosts中添加一条IP解析记录,这一点非常重要。
因为后面在安装chef-server的过程中,会首先安装rabbitmq-server,缺少该解析记录的话,会导致rabbitma-server启动失败,进而影响到所有其它chef-server软件包的正常安装,如果不清楚这一点的话,会给问题的排查带来很大的不便。

创建 /etc/apt/sources.list.d/opscode.list
ubuntu@chef-server:~$ sudo echo "deb http://apt.opscode.com/ `lsb_release -cs`-0.10 main" | sudo tee /etc/apt/sources.list.d/opscode.list

添加GPG Key
ubuntu@chef-server:~$ sudo mkdir -p /etc/apt/trusted.gpg.d
ubuntu@chef-server:~$ sudo gpg --keyserver keys.gnupg.net --recv-keys 83EF826A
ubuntu@chef-server:~$ sudo gpg --export packages@opscode.com | sudo tee /etc/apt/trusted.gpg.d/opscode-keyring.gpg > /dev/null

ubuntu@chef-server:~$ sudo apt-get update
ubuntu@chef-server:~$ sudo apt-get install opscode-keyring

安装NTP时间服务器,Chef需要确保workstation与所有client与server的时钟一致
ubuntu@chef-server:~$ sudo apt-get install ntp

更新现有系统
ubuntu@chef-server:~$ sudo apt-get upgrade

安装chef-server软件包
ubuntu@chef-server:~$ sudo apt-get install chef chef-server

输入URL: http://chef-server:4000
chef
输入密码: chef-server
chef
该过程执行了如下过程:
安装Chef Server以及所依赖的软件包如Merb,CouchDB,RabbitMQ等共300多个软件包
启动CouchDB,RabbitMQ
启动chef-server-api并运行在4000端口
启动chef-server-webui并运行在4040端口
启动chef-solr-indexer并自动连接到rabbitmq-server
启动chef-solr,chef-client
在目录/etc/chef中创建相关的配置文件

安装完成后检查并确认以下端口:
Chef Server - 4000
Chef Server WebUI - 4040
CouchDB - 5984
RabbitMQ - 5672
Chef Solr - 8983

ubuntu@chef-server:~$ sudo netstat -lntp

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp   0   0 0.0.0.0:22          0.0.0.0:*          LISTEN      11402/sshd               
tcp   0   0 0.0.0.0:4000        0.0.0.0:*          LISTEN      31998/merb : chef-s  
tcp   0   0 0.0.0.0:4040        0.0.0.0:*          LISTEN      32168/merb : chef-s
tcp   0   0 0.0.0.0:5672        0.0.0.0:*          LISTEN      30470/beam
tcp   0   0 127.0.0.1:5984      0.0.0.0:*          LISTEN      30518/beam      
tcp   0   0 0.0.0.0:41891       0.0.0.0:*          LISTEN      30128/beam        
tcp6  0   0 :::22               :::*               LISTEN      11402/sshd      
tcp6  0   0 127.0.0.1:8983      :::*               LISTEN      31760/java
...

登陆Web UI
chef
地址:http://chef-server:4040 (正常访问需要在本地电脑的hosts中添加“10.6.1.170 chef-server”)
账号:admin
密码:chef-server

安装配置knife命令行工具
ubuntu@chef-server:~$ mkdir -p ~/.chef
ubuntu@chef-server:~$ sudo cp /etc/chef/validation.pem /etc/chef/webui.pem ~/.chef
ubuntu@chef-server:~$ sudo chown -R $USER ~/.chef

ubuntu@chef-server:~$ knife configure -i

WARNING: No knife configuration file found
Where should I put the config file? [/home/ubuntu/.chef/knife.rb]
Please enter the chef server URL: [http://chef-server:4000] http://chef-server:4000
Please enter a clientname for the new client: [ubuntu]
Please enter the existing admin clientname: [chef-webui]
Please enter the location of the existing admin client's private key: [/etc/chef/webui.pem] .chef/webui.pem
Please enter the validation clientname: [chef-validator]
Please enter the location of the validation key: [/etc/chef/validation.pem] .chef/validation.pem
Please enter the path to a chef repository (or leave blank):
Creating initial API user...
Created client[ubuntu]
Configuration file written to /home/ubuntu/.chef/knife.rb

执行knife命令,检查是否能连接到指定的Chef Server
ubuntu@chef-server:~$ knife client list

  chef-validator
  chef-webui
  ubuntu

ubuntu@chef-server:~$ knife cookbook list

ubuntu@chef-server:~$ sudo apt-get install ntp

为工作站安装并配置Knife Client
ubuntu@chef-server:~$ knife client create chef-workstation -d -a -f /home/ubuntu/.chef/chef-workstation.pem

Created client[chef-workstation]

ubuntu@chef-server:~$ knife client show chef-workstation

_rev:        1-2a52b9416bad08b697e9c644a0aea4cc
admin:       true
chef_type:   client
json_class:  Chef::ApiClient
name:        chef-workstation
public_key:  -----BEGIN RSA PUBLIC KEY-----
             MIIBCgKCAQEA1RAa+jf733FtoTv64msykO3/SEe8G/YhPgA2S3NfWdgh+LbuhCdT
             9IjX3Hio3U/rj6VGeICJkCfWZy7NM9pTaPzH+gJdFbkLrLW1GSoEKMJ/f9IkxRcS
             7vdySU05IrPOF9PqcMvrME4xYzsFzIXDz1CbWBs08SuMfjP9qHfeStfBQaoQ8rLp
             mOGI0VMOU/CrlfNsAPLbUgVVylKfcmop1dCO6My53xW/qogfg/8Af0qtk7tyjVFi
             K+umCjmHmtW09qg5467p7xf4WSUYh076pb3ofbTi0o3VJi8Dz+qGISjvAVf3Y1As
             mwkam0IBM5sK41r/Suki9UQanKWsiDm0CQIDAQAB
             -----END RSA PUBLIC KEY-----

2. 安装配置chef-workstation
编辑hosts
ubuntu@chef-workstation:~$ vim /etc/hosts

127.0.0.1    localhost

10.6.1.170 chef-server
10.6.1.171 chef-workstation
10.6.1.172 chef-client-1
10.6.1.173 chef-client-2

安装Ruby与其它依赖包
ubuntu@chef-workstation:~$ sudo apt-get install ruby ruby-dev libopenssl-ruby rdoc ri irb build-essential wget ssl-cert curl

安装RubyGems
ubuntu@chef-workstation:~$ cd /tmp
ubuntu@chef-workstation:~$ curl -O http://production.cf.rubygems.org/rubygems/rubygems-1.8.10.tgz
ubuntu@chef-workstation:~$ tar zxf rubygems-1.8.10.tgz
ubuntu@chef-workstation:~$ cd rubygems-1.8.10
ubuntu@chef-workstation:/tmp/rubygems-1.8.10$ sudo ruby setup.rb --no-format-executable

安装Chef Gem
ubuntu@chef-workstation:/tmp/rubygems-1.8.10$ sudo gem install chef --no-ri --no-rdoc

Fetching: mixlib-config-1.1.2.gem (100%)
Fetching: mixlib-cli-1.2.2.gem (100%)
Fetching: mixlib-log-1.4.1.gem (100%)
Fetching: mixlib-authentication-1.3.0.gem (100%)
Fetching: mixlib-shellout-1.1.0.gem (100%)
Fetching: systemu-2.5.2.gem (100%)
Fetching: yajl-ruby-1.1.0.gem (100%)
Building native extensions.  This could take a while...
Fetching: ipaddress-0.8.0.gem (100%)
Fetching: ohai-6.14.0.gem (100%)
Fetching: mime-types-1.19.gem (100%)
Fetching: rest-client-1.6.7.gem (100%)
Fetching: bunny-0.7.9.gem (100%)
[Version 0.7.8] test suite cleanup (eliminated some race conditions related to queue.message_count)
Fetching: json-1.6.1.gem (100%)
Building native extensions.  This could take a while...
Fetching: polyglot-0.3.3.gem (100%)
Fetching: treetop-1.4.12.gem (100%)
Fetching: net-ssh-2.2.2.gem (100%)
Fetching: net-ssh-gateway-1.1.0.gem (100%)
Fetching: net-ssh-multi-1.1.gem (100%)
Fetching: highline-1.6.15.gem (100%)
Fetching: erubis-2.7.0.gem (100%)
Fetching: moneta-0.6.0.gem (100%)
Fetching: uuidtools-2.1.3.gem (100%)
Fetching: chef-10.16.2.gem (100%)
Successfully installed mixlib-config-1.1.2
Successfully installed mixlib-cli-1.2.2
Successfully installed mixlib-log-1.4.1
Successfully installed mixlib-authentication-1.3.0
Successfully installed mixlib-shellout-1.1.0
Successfully installed systemu-2.5.2
Successfully installed yajl-ruby-1.1.0
Successfully installed ipaddress-0.8.0
Successfully installed ohai-6.14.0
Successfully installed mime-types-1.19
Successfully installed rest-client-1.6.7
Successfully installed bunny-0.7.9
Successfully installed json-1.6.1
Successfully installed polyglot-0.3.3
Successfully installed treetop-1.4.12
Successfully installed net-ssh-2.2.2
Successfully installed net-ssh-gateway-1.1.0
Successfully installed net-ssh-multi-1.1
Successfully installed highline-1.6.15
Successfully installed erubis-2.7.0
Successfully installed moneta-0.6.0
Successfully installed uuidtools-2.1.3
Successfully installed chef-10.16.2
23 gems installed

安装Git
ubuntu@chef-workstation:~$ sudo apt-get -y install git-core
ubuntu@chef-workstation:~$ git --version
git version 1.7.1

创建Chef Repository
备注:Chef的大部分配置工作都是在Workstaion中的Chef Repository中完成的,不同的Chef Repository可以管理不同的Chef Server。
ubuntu@chef-workstation:~$ sudo git clone git://github.com/opscode/chef-repo.git /opt/chef-local

Initialized empty Git repository in /opt/chef-local/.git/
remote: Counting objects: 199, done.
remote: Compressing objects: 100% (117/117), done.
remote: Total 199 (delta 72), reused 162 (delta 49)
Receiving objects: 100% (199/199), 30.34 KiB | 10 KiB/s, done.
Resolving deltas: 100% (72/72), done.

ubuntu@chef-workstation:~$ cd /opt/chef-local/
ubuntu@chef-workstation:/opt/chef-local$ ls
README.md Rakefile certificates chefignore config cookbooks data_bags environments roles

创建配置文件夹
ubuntu@chef-workstation:/opt/chef-local$ sudo mkdir -p .chef

传输pem认证文件到Workstation
ubuntu@chef-workstation:/opt/chef-local$ sudo scp ubuntu@chef-server:/home/ubuntu/.chef/chef-workstation.pem .chef/
ubuntu@chef-workstation:/opt/chef-local$ sudo scp ubuntu@chef-server:/home/ubuntu/.chef/validation.pem .chef/

ubuntu@chef-workstation:/opt/chef-local$ ls .chef/
chef-workstation.pem validation.pem

ubuntu@chef-workstation:/opt/chef-local$ sudo knife configure

WARNING: No knife configuration file found
Where should I put the config file? [/home/ubuntu/.chef/knife.rb] .chef/knife.rb
Please enter the chef server URL: [http://chef-workstation:4000] http://chef-server:4000
Please enter an existing username or clientname for the API: [ubuntu] chef-workstation
Please enter the validation clientname: [chef-validator]
Please enter the location of the validation key: [/etc/chef/validation.pem] .chef/validation.pem
Please enter the path to a chef repository (or leave blank): /opt/chef-local
*****

You must place your client key in:
  /opt/chef-local/.chef/chef-workstation.pem
Before running commands with Knife!

*****

You must place your validation key in:
  /opt/chef-local/.chef/validation.pem
Before generating instance data with Knife!

*****
Configuration file written to /opt/chef-local/.chef/knife.rb

验证配置是否正确
ubuntu@chef-workstation:~$ sudo ntpdate chef-server

确认Knife工具能否连接到Chef Server
ubuntu@chef-workstation:~$ knife client list

  chef-server
  chef-validator
  chef-webui
  chef-workstation
  ubuntu

ubuntu@chef-workstation:~$ knife client show chef-validator

_rev:        1-96959e21dfdb3f232a3ce8bae835475b
admin:       false
chef_type:   client
json_class:  Chef::ApiClient
name:        chef-validator
public_key:  -----BEGIN RSA PUBLIC KEY-----
             MIIBCgKCAQEA00/AWJL5mThj+pSXEB2gMKdTdHFm0pGi2hXAoBwm4/ZlnO4p2iwI
             /skfZMepVm8SAkSMIhz7ZC+jN/+Kqas7es0E+iv9ei0BF4Q41Y5kKMFctuElYbPH
             ImRCVTcQJ6m7BPS0Tczhy87jk6QlhsDsrnhNyUEgM5XRVNO+NzqeqZ+UMOWd9k2q
             KTJhbtHdx7ILdjZ5SBsiIMBhBNni2D0Y34BDtddsXCn1eyTWwGZxZTRZuDDXnls+
             aZaqogKoZ40d6h6ZVGh6nmmpdPDi9YdCIqFtWe5LF5bwIy7K6qBVgiOqU0x3Xek3
             d1eZG/8C+4FWjAm1h856npvmMOpVip9w8QIDAQAB
             -----END RSA PUBLIC KEY-----

3. 安装配置chef-client
编辑hosts
ubuntu@chef-client-1:~$ vim /etc/hosts

127.0.0.1    localhost

10.6.1.170 chef-server
10.6.1.171 chef-workstation
10.6.1.172 chef-client-1
10.6.1.173 chef-client-2

与chef-server同步时间
ubuntu@chef-client-1:~$ sudo ntpdate chef-server

Boostrap可以用来将目标节点初始化为一个Client
ubuntu@chef-workstation:~$ knife bootstrap --help

knife bootstrap FQDN (options)
        --bootstrap-proxy PROXY_URL  The proxy server for the node being bootstrapped
        --bootstrap-version VERSION  The version of Chef to install
    -N, --node-name NAME             The Chef node name for your new node
    -s, --server-url URL             Chef Server URL
    -k, --key KEY                    API Client Key
        --[no-]color                 Use colored output, defaults to enabled
    -c, --config CONFIG              The configuration file to use
        --defaults                   Accept default values for all questions
        --disable-editing            Do not open EDITOR, just accept the data as is
    -d, --distro DISTRO              Bootstrap a distro using a template
    -e, --editor EDITOR              Set the editor to use for interactive commands
    -E, --environment ENVIRONMENT    Set the Chef environment
    -j JSON_ATTRIBS                  A JSON string to be added to the first run of chef-client
        --json-attributes
    -F, --format FORMAT              Which format to use for output
        --hint HINT_NAME[=HINT_FILE] Specify Ohai Hint to be set on the bootstrap target.  Use multiple --hint options to specify multiple hints.
        --[no-]host-key-verify       Verify host key, enabled by default.
    -i IDENTITY_FILE                 The SSH identity file used for authentication
        --identity-file
    -u, --user USER                  API Client Username
        --prerelease                 Install the pre-release chef gems
        --print-after                Show the data after a destructive operation
    -r, --run-list RUN_LIST          Comma separated list of roles/recipes to apply
    -G, --ssh-gateway GATEWAY        The ssh gateway
    -P, --ssh-password PASSWORD      The ssh password
    -p, --ssh-port PORT              The ssh port
    -x, --ssh-user USERNAME          The ssh username
        --template-file TEMPLATE     Full path to location of template to use
        --sudo                       Execute the bootstrap via sudo
    -V, --verbose                    More verbose output. Use twice for max verbosity
    -v, --version                    Show chef version
    -y, --yes                        Say yes to all prompts for confirmation
    -h, --help                       Show this message

下面我们对chef-client-1进行初始化
ubuntu@chef-workstation:~$ sudo knife bootstrap 10.6.1.172 -x ubuntu -P password --sudo

Bootstrapping Chef on 10.6.1.172
10.6.1.172 --2012-11-09 03:34:40--  http://opscode.com/chef/install.sh
10.6.1.172 Resolving opscode.com...
10.6.1.172 184.106.28.83
10.6.1.172 Connecting to opscode.com|184.106.28.83|:80...
10.6.1.172 connected.
10.6.1.172 HTTP request sent, awaiting response...
10.6.1.172 301 Moved Permanently
10.6.1.172 Location: http://www.opscode.com/chef/install.sh [following]
10.6.1.172 --2012-11-09 03:34:41--  http://www.opscode.com/chef/install.sh
10.6.1.172 Resolving www.opscode.com...
10.6.1.172 184.106.28.83
10.6.1.172 Reusing existing connection to opscode.com:80.
10.6.1.172 HTTP request sent, awaiting response...
10.6.1.172 200 OK
10.6.1.172 Length: 6396 (6.2K) [application/x-sh]
10.6.1.172 Saving to: `STDOUT'
10.6.1.172
 0% [                                       ] 0           --.-K/s              
10.6.1.172 Downloading Chef 10.16.2 for ubuntu...
100%[======================================>] 6,396       18.7K/s   in 0.3s    
10.6.1.172
10.6.1.172 2012-11-09 03:34:42 (18.7 KB/s) - written to stdout [6396/6396]
10.6.1.172
10.6.1.172 Installing Chef 10.16.2
10.6.1.172 Selecting previously deselected package chef.
10.6.1.172 (Reading database ...
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 41378 files and directories currently installed.)
10.6.1.172 Unpacking chef (from .../chef_10.16.2_amd64.deb) ...
10.6.1.172 Setting up chef (10.16.2-1.ubuntu.10.04) ...
10.6.1.172 Thank you for installing Chef!
10.6.1.172 [2012-11-09T03:57:46+08:00] INFO: *** Chef 10.16.2 ***
10.6.1.172 [2012-11-09T03:57:47+08:00] INFO: Client key /etc/chef/client.pem is not present - registering
10.6.1.172 [2012-11-09T03:57:47+08:00] INFO: HTTP Request Returned 404 Not Found: Cannot load node chef-client-1
10.6.1.172 [2012-11-09T03:57:47+08:00] INFO: Setting the run_list to [] from JSON
10.6.1.172 [2012-11-09T03:57:47+08:00] INFO: Run List is []
10.6.1.172 [2012-11-09T03:57:47+08:00] INFO: Run List expands to []
10.6.1.172 [2012-11-09T03:57:47+08:00] INFO: HTTP Request Returned 404 Not Found: No routes match the request: /reports/nodes/chef-client-1/runs
10.6.1.172 [2012-11-09T03:57:47+08:00] INFO: Starting Chef Run for chef-client-1
10.6.1.172 [2012-11-09T03:57:47+08:00] INFO: Running start handlers
10.6.1.172 [2012-11-09T03:57:47+08:00] INFO: Start handlers complete.
10.6.1.172 [2012-11-09T03:57:48+08:00] INFO: Loading cookbooks []
10.6.1.172 [2012-11-09T03:57:48+08:00] WARN: Node chef-client-1 has an empty run list.
10.6.1.172 [2012-11-09T03:57:48+08:00] INFO: Chef Run complete in 0.438462677 seconds
10.6.1.172 [2012-11-09T03:57:48+08:00] INFO: Running report handlers
10.6.1.172 [2012-11-09T03:57:48+08:00] INFO: Report handlers complete

验证chef-client-1是否已经注册
ubuntu@chef-workstation:~$ knife client list

  chef-client-1
  chef-server
  chef-validator
  chef-webui
  chef-workstation
  ubuntu

从上面可以看出chef-client-1已经成功注册到了chef-server中,整个环境 chef-workstation => chef-server => chef-client-1 已经搭建成功。

4. 接着,我们可以开始以下过程

关键词: Chef

    热点推荐