龙图IT服务|北京IT外包公司|运维监控|Oracle优化|MySQL优化|Linux运维|网络维护|IT运维|网站建设-ITrid.com
作者:北京IT服务外包公司 发布时间:04-11 阅读: 转至微博:
|
环境介绍 OS: Ubuntu 10.10 Server 64-bit Servers: chef-server:10.6.1.170 chef-workstation:10.6.1.171 chef-client-1:10.6.1.172 1. 开始创造属于自己的大餐 “等我的手艺熟练之后我还会写我自己的菜色和菜谱,来创造属于我自己的大餐。” 在前面我提到过这句话,并且在上一个章节,也通过使用官方社区提供的cookbook完成了账号与openssh的配置。 在这一章,我们就来编写一个cookbook,将不同的自定义配置任务做成不同的recipe,最后实现对服务器的配置。 2. 如何开始 如何开始呢?使用官方社区的cookbook很简单,只需要修改attributes里面的参数就可以了,如果要自己来写,该怎么写用什么格式呢? 相信你一定有这个疑问存在。不过你可以尽管放心,Chef的官方社区有很完善的在线文档可供参考的。 上面提到的“参考资料”中的URL,就是对应的文档地址:http://wiki.opscode.com/display/chef/Resources#Resources-Service 具体内容很多,我们可以通过右侧的目录结构来理清思绪。 总共有差不多30个模块,每一个都有相应的示例。 最常用的有: 账号管理方面 Group,User 配置文件方面 Template,File, 脚本命令方面 Script,Execute 系统服务方面 Cron,Service,Mount,Package 这些模块的具体用法,都可以在上面的页面中找到,在这里我先就不描述了,接下来我们通过实践来理解它们。 3. 规划接下来要做的事情 以我的实际生产环境中遇到的情况为例,操作系统为Ubuntu,有以下几个任务要完成: 1.新建一个名为project的用户组,并将之前创建的用户ubuntu添加到该组 2.更改系统默认的APT镜像源为http://old-releases.ubuntu.com 3.通过apt-get安装build-essential 4.编译安装pcre 8.10 这一次,我们不再到官方社区去搜寻第三方的cookbook,而是自己来编写一个cookbook。 3.1 首先,来设计这个cookbook 将cookbook命名为mycookbook 然后分别创建4个不同的recipe,分别命名为 conf_group, conf_sources.list, install_build-essential, build_pcre 来实现对以上4个任务的完成 3.2 开始编写cookbook 3.2.1 创建cookbook ubuntu@chef-workstation:/opt/chef-local$ sudo knife cookbook create mycookbook 1 ** Creating cookbook mycookbook 2 ** Creating README for cookbook: mycookbook 3 ** Creating CHANGELOG for cookbook: mycookbook 4 ** Creating metadata for cookbook: mycookbook ubuntu@chef-workstation:/opt/chef-local$ cd cookbooks/mycookbook/ ubuntu@chef-workstation:/opt/chef-local/cookbooks/mycookbook$ ls 1 CHANGELOG.md README.md attributes definitions files libraries metadata.rb providers recipes resources templates ubuntu@chef-workstation:/opt/chef-local/cookbooks/mycookbook$ cd recipes/ ubuntu@chef-workstation:/opt/chef-local/cookbooks/mycookbook/recipes$ ls 1 default.rb 3.2.2 创建recipe conf_group ubuntu@chef-workstation:/opt/chef-local/cookbooks/mycookbook/recipes$ sudo vim conf_group.rb 1 group "project" do 2 gid 999 3 members [ 'ubuntu' ] 4 end 3.2.3 创建recipe conf_sources.list ubuntu@chef-workstation:/opt/chef-local/cookbooks/mycookbook/recipes$ sudo vim conf_sources.list.rb 01 execute "update" do 02 command "sudo apt-get update" 03 action :nothing 04 end 05 06 template "/etc/apt/sources.list" do 07 source "sources.list.erb" 08 mode 0644 09 owner "root" 10 group "root" 11 notifies :run, "execute[update]", :immediately 12 end ubuntu@chef-workstation:/opt/chef-local/cookbooks/mycookbook/recipes$ cd ../templates/default/ ubuntu@chef-workstation:/opt/chef-local/cookbooks/mycookbook/templates/default$ sudo vim sources.list.erb 1 # Generated by Chef for <%= node['fqdn'] %> 2 deb http://old-releases.ubuntu.com/ubuntu/ maverick main restricted universe multiverse 3 deb http://old-releases.ubuntu.com/ubuntu/ maverick-security main restricted universe multiverse 4 deb http://old-releases.ubuntu.com/ubuntu/ maverick-updates main restricted universe multiverse 5 deb-src http://old-releases.ubuntu.com/ubuntu/ maverick main restricted universe multiverse 6 deb-src http://old-releases.ubuntu.com/ubuntu/ maverick-security main restricted universe multiverse 7 deb-src http://old-releases.ubuntu.com/ubuntu/ maverick-updates main restricted universe multiverse 3.2.4 创建recipe install_build-essential ubuntu@chef-workstation:/opt/chef-local/cookbooks/mycookbook/templates/default$ cd ../../recipes/ ubuntu@chef-workstation:/opt/chef-local/cookbooks/mycookbook/recipes$ sudo vim install_build-essential.rb 1 package "build-essential" do 2 action :install 3 end 3.2.5 创建recipe build_pcre ubuntu@chef-workstation:/opt/chef-local/cookbooks/mycookbook/recipes$ sudo vim build_pcre.rb 01 script "build_pcre" do 02 interpreter "bash" 03 user "root" 04 cwd "/tmp" 05 not_if "test -f /usr/local/bin/pcregrep" 06 code <<-EOH 07 wget http://nchc.dl.sourceforge.net/project/pcre/pcre/8.10/pcre-8.10.tar.gz 08 tar zxvf pcre-8.10.tar.gz 09 cd pcre-8.10 10 ./configure 11 make 12 make install 13 EOH 14 end 3.3 更新并应用编写的cookbook ubuntu@chef-workstation:/opt/chef-local/cookbooks/mycookbook/recipes$ ll 1 total 28 2 drwxr-xr-x 2 root root 4096 Jan 6 18:30 ./ 3 drwxr-xr-x 10 root root 4096 Jan 6 18:11 ../ 4 -rw-r--r-- 1 root root 305 Jan 6 18:30 build_pcre.rb 5 -rw-r--r-- 1 root root 56 Jan 6 18:17 conf_group.rb 6 -rw-r--r-- 1 root root 234 Jan 6 18:19 conf_sources.list.rb 7 -rw-r--r-- 1 root root 136 Jan 6 18:11 default.rb 8 -rw-r--r-- 1 root root 51 Jan 6 18:24 install_build-essential.rb 上传cookbook ubuntu@chef-workstation:/opt/chef-local/cookbooks/mycookbook/recipes$ sudo knife cookbook upload mycookbook 1 Uploading mycookbook [0.1.0] 2 Uploaded 1 cookbook. 查看当前role配置文件 ubuntu@chef-workstation:/opt/chef-local/cookbooks/mycookbook/recipes$ cd ../../../roles/ ubuntu@chef-workstation:/opt/chef-local/roles$ ls 1 README.md ubuntu_servers.rb ubuntu@chef-workstation:/opt/chef-local/roles$ cat ubuntu_servers.rb 01 name "ubuntu_servers" 02 description "The base role applied to all nodes." 03 run_list( 04 "recipe[user]", 05 "recipe[user::data_bag]", 06 "recipe[openssh]" 07 ) 08 override_attributes( 09 "users" => [ "ubuntu" ] 10 ) 更新role配置文件 ubuntu@chef-workstation:/opt/chef-local/roles$ sudo vim ubuntu_servers.rb 01 name "ubuntu_servers" 02 description "The base role applied to all nodes." 03 run_list( 04 "recipe[user]", 05 "recipe[user::data_bag]", 06 "recipe[openssh]", 07 "recipe[mycookbook::conf_group]", 08 "recipe[mycookbook::conf_sources.list]", 09 "recipe[mycookbook::install_build-essential]", 10 "recipe[mycookbook::build_pcre]" 11 ) 12 override_attributes( 13 "users" => [ "ubuntu" ] 14 ) 上传role配置文件 ubuntu@chef-workstation:/opt/chef-local/roles$ sudo knife role from file ubuntu_servers.rb 1 Updated Role ubuntu_servers! 查看节点 ubuntu@chef-workstation:/opt/chef-local/roles$ sudo knife node list 1 chef-client-1 2 chef-server 更新节点run_list ubuntu@chef-workstation:/opt/chef-local/roles$ sudo knife node run_list add chef-client-1 "role[ubuntu_servers]" 1 run_list: role[ubuntu_servers] 3.4 在节点上应用新的cookbook ubuntu@chef-client-1:~$ sudo chef-client 01 INFO: *** Chef 10.16.2 *** 02 INFO: Run List is [role[ubuntu_servers]] 03 INFO: Run List expands to [user, user::data_bag, openssh, mycookbook::conf_group, mycookbook::conf_sources.list, mycookbook::install_build-essential, mycookbook::build_pcre] 04 INFO: HTTP Request Returned 404 Not Found: No routes match the request: /reports/nodes/chef-client-1/runs 05 INFO: Starting Chef Run for chef-client-1 06 INFO: Running start handlers 07 INFO: Start handlers complete. 08 INFO: Loading cookbooks [mycookbook, openssh, user] 09 INFO: Storing updated cookbooks/openssh/recipes/default.rb in the cache. 10 INFO: Storing updated cookbooks/openssh/attributes/default.rb in the cache. 11 INFO: Storing updated cookbooks/openssh/.gitignore in the cache. 12 INFO: Storing updated cookbooks/openssh/metadata.rb in the cache. 13 INFO: Storing updated cookbooks/openssh/README.md in the cache. 14 INFO: Storing updated cookbooks/openssh/LICENSE in the cache. 15 INFO: Storing updated cookbooks/openssh/CHANGELOG.md in the cache. 16 INFO: Storing updated cookbooks/openssh/metadata.json in the cache. 17 INFO: Storing updated cookbooks/openssh/Gemfile in the cache. 18 INFO: Storing updated cookbooks/openssh/CONTRIBUTING in the cache. 19 INFO: Storing updated cookbooks/user/resources/account.rb in the cache. 20 INFO: Storing updated cookbooks/user/providers/account.rb in the cache. 21 INFO: Storing updated cookbooks/user/recipes/data_bag.rb in the cache. 22 INFO: Storing updated cookbooks/user/recipes/default.rb in the cache. 23 INFO: Storing updated cookbooks/user/attributes/default.rb in the cache. 24 INFO: Storing updated cookbooks/user/Rakefile in the cache. 25 INFO: Storing updated cookbooks/user/CHANGELOG.md in the cache. 26 INFO: Storing updated cookbooks/user/README.md in the cache. 27 INFO: Storing updated cookbooks/user/metadata.rb in the cache. 28 INFO: Storing updated cookbooks/user/metadata.json in the cache. 29 INFO: Storing updated cookbooks/mycookbook/recipes/build_nginx.rb in the cache. 30 INFO: Storing updated cookbooks/mycookbook/recipes/conf_group.rb in the cache. 31 INFO: Storing updated cookbooks/mycookbook/recipes/conf_sources.list.rb in the cache. 32 INFO: Storing updated cookbooks/mycookbook/recipes/default.rb in the cache. 33 INFO: Storing updated cookbooks/mycookbook/recipes/install_build-essential.rb in the cache. 34 INFO: Storing updated cookbooks/mycookbook/recipes/build_pcre.rb in the cache. 35 INFO: Storing updated cookbooks/mycookbook/README.md in the cache. 36 INFO: Storing updated cookbooks/mycookbook/metadata.rb in the cache. 37 INFO: Storing updated cookbooks/mycookbook/CHANGELOG.md in the cache. 38 INFO: Processing user_account[ubuntu] action create (user::data_bag line 36) 39 INFO: Processing user[ubuntu] action create (/var/chef/cache/cookbooks/user/providers/account.rb line 94) 40 INFO: user[ubuntu] created 41 INFO: Processing directory[/home/ubuntu/.ssh] action create (/var/chef/cache/cookbooks/user/providers/account.rb line 114) 42 INFO: directory[/home/ubuntu/.ssh] created directory /home/ubuntu/.ssh 43 INFO: directory[/home/ubuntu/.ssh] owner changed to 1001 44 INFO: directory[/home/ubuntu/.ssh] group changed to 109 45 INFO: directory[/home/ubuntu/.ssh] mode changed to 700 46 INFO: Processing directory[/home/ubuntu] action create (/var/chef/cache/cookbooks/user/providers/account.rb line 114) 47 INFO: directory[/home/ubuntu] mode changed to 2755 48 INFO: Processing template[/home/ubuntu/.ssh/authorized_keys] action create (/var/chef/cache/cookbooks/user/providers/account.rb line 130) 49 INFO: template[/home/ubuntu/.ssh/authorized_keys] updated content 50 INFO: template[/home/ubuntu/.ssh/authorized_keys] owner changed to 1001 51 INFO: template[/home/ubuntu/.ssh/authorized_keys] group changed to 109 52 INFO: template[/home/ubuntu/.ssh/authorized_keys] mode changed to 600 53 INFO: Processing user[ubuntu] action nothing (/var/chef/cache/cookbooks/user/providers/account.rb line 94) 54 INFO: Processing directory[/home/ubuntu/.ssh] action nothing (/var/chef/cache/cookbooks/user/providers/account.rb line 114) 55 INFO: Processing directory[/home/ubuntu] action nothing (/var/chef/cache/cookbooks/user/providers/account.rb line 114) 56 INFO: Processing template[/home/ubuntu/.ssh/authorized_keys] action nothing (/var/chef/cache/cookbooks/user/providers/account.rb line 130) 57 INFO: Processing execute[create ssh keypair for ubuntu] action nothing (/var/chef/cache/cookbooks/user/providers/account.rb line 148) 58 INFO: Processing package[openssh-client] action install (openssh::default line 27) 59 INFO: Processing package[openssh-server] action install (openssh::default line 27) 60 INFO: Processing service[ssh] action enable (openssh::default line 30) 61 INFO: service[ssh] enabled 62 INFO: Processing service[ssh] action start (openssh::default line 30) 63 INFO: Processing template[/etc/ssh/ssh_config] action create (openssh::default line 48) 64 INFO: template[/etc/ssh/ssh_config] backed up to /var/chef/backup/etc/ssh/ssh_config.chef-20130106190629 65 INFO: template[/etc/ssh/ssh_config] updated content 66 INFO: template[/etc/ssh/ssh_config] owner changed to 0 67 INFO: template[/etc/ssh/ssh_config] group changed to 0 68 INFO: template[/etc/ssh/ssh_config] mode changed to 644 69 INFO: Processing template[/etc/ssh/sshd_config] action create (openssh::default line 66) 70 INFO: template[/etc/ssh/sshd_config] backed up to /var/chef/backup/etc/ssh/sshd_config.chef-20130106190629 71 INFO: template[/etc/ssh/sshd_config] updated content 72 INFO: template[/etc/ssh/sshd_config] owner changed to 0 73 INFO: template[/etc/ssh/sshd_config] group changed to 0 74 INFO: template[/etc/ssh/sshd_config] mode changed to 644 75 INFO: Processing group[project] action create (mycookbook::conf_group line 1) 76 INFO: group[project] created 77 INFO: Processing execute[update] action nothing (mycookbook::conf_sources.list line 1) 78 INFO: Processing template[/etc/apt/sources.list] action create (mycookbook::conf_sources.list line 6) 79 INFO: template[/etc/apt/sources.list] backed up to /var/chef/backup/etc/apt/sources.list.chef-20130106190629 80 INFO: template[/etc/apt/sources.list] updated content 81 INFO: template[/etc/apt/sources.list] owner changed to 0 82 INFO: template[/etc/apt/sources.list] group changed to 0 83 INFO: template[/etc/apt/sources.list] mode changed to 644 84 INFO: template[/etc/apt/sources.list] sending run action to execute[update] (immediate) 85 INFO: Processing execute[update] action run (mycookbook::conf_sources.list line 1) 86 INFO: execute[update] ran successfully 87 INFO: Processing package[build-essential] action install (mycookbook::install_build-essential line 1) 88 INFO: Processing script[build_pcre] action run (mycookbook::build_pcre line 1) 89 INFO: script[build_pcre] ran successfully 90 INFO: template[/etc/ssh/sshd_config] sending restart action to service[ssh] (delayed) 91 INFO: Processing service[ssh] action restart (openssh::default line 30) 92 INFO: service[ssh] restarted 93 INFO: Chef Run complete in 448.775004685 seconds 94 INFO: Running report handlers 95 INFO: Report handlers complete ubuntu@chef-client-1:/etc$ 通过以上输出,我们可以很清晰的看到每个recipe的执行过程,并且全部都成功执行了。 我们通过以下方式来一一校验: ubuntu@chef-client-1:~$ id ubuntu 1 uid=1001(ubuntu) gid=109(admin) groups=109(admin),999(project) ubuntu@chef-client-1:~$ cat /etc/apt/sources.list 1 # Generated by Chef for chef-client-1 2 deb http://old-releases.ubuntu.com/ubuntu/ maverick main restricted universe multiverse 3 deb http://old-releases.ubuntu.com/ubuntu/ maverick-security main restricted universe multiverse 4 deb http://old-releases.ubuntu.com/ubuntu/ maverick-updates main restricted universe multiverse 5 deb-src http://old-releases.ubuntu.com/ubuntu/ maverick main restricted universe multiverse 6 deb-src http://old-releases.ubuntu.com/ubuntu/ maverick-security main restricted universe multiverse 7 deb-src http://old-releases.ubuntu.com/ubuntu/ maverick-updates main restricted universe multiverse ubuntu@chef-client-1:~$ dpkg -l | grep build-essential 1 ii build-essential 11.5 Informational list of build-essential packages ubuntu@chef-client-1:~$ which pcregrep 1 /usr/local/bin/pcregrep 通过以上校验,再次证明所有的任务都已经执行了。 我们成功的完成了cookbook的自定义配置。 4. 更多深入的功能 至此,我们已经具备了一定的编写cookbook的能力了。 下面我分享一些比较有价值的经验: 4.1 安装官方社区的cookbook chef-client 可以实现客户端的定时自动拉取服务端配置,默认30分钟一次,具体时间可配置 Tips: --- $ sudo knife cookbook site install chef-client 通过以下方式引用: 1 "recipe[chef-client::delete_validation]", 2 "recipe[chef-client::config]", 3 "recipe[chef-client::service]", 4.2 改造cookbook openssh Tips: --- 直接将系统的/etc/ssh/sshd_config 复制成为模板文件sshd_config.erb 然后仅将需要自定义的参数修改为从attributes中读取,如: 1 PasswordAuthentication <%= node['openssh']['server']['password_authentication'] %> 2 UseDNS <%= node['openssh']['server']['use_dns'] %> 同样,我们也可以自己来写attributes文件,实现参数的功能。 4.3 在role文件中重新定义参数值 Tips: --- 通过override_attributes可以直接定义参数的值,实现不同role采用不同的参数。 例如,针对官方社区的sudo的配置,可以通过以下方式重新定义参数的值: 默认的参数值: 1 default['authorization']['sudo']['groups'] = Array.new 2 default['authorization']['sudo']['users'] = Array.new 3 default['authorization']['sudo']['passwordless'] = false 4 default['authorization']['sudo']['include_sudoers_d'] = false 5 default['authorization']['sudo']['agent_forwarding'] = false 在role文件中重新定义后的值: 1 override_attributes( 2 "authorization" => { 3 "sudo" => { 4 "groups" => ["admin"], 5 "passwordless" => true, 6 "users" => ["zabbix"] 7 } 8 } 9 ) 5. 至此,整个系列的文章可以告一段落了 用一句很2的话来说,就是,我只能帮你到这儿了。接下来,通过参考官方文档,以及实践中的更多应用,我们就能够更加熟练的掌握Chef这个强大的集中管理工具,再多的服务器在我们的手里也能管理的井然有序。 关键词: Chef
|
