https://docs.chef.io/workstation.html

[root@chef_server etc]# cat /etc/hosts

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.209.133 chefserver

192.168.209.135 chefworkstation

先設一下DNS,ping一下確保網絡是通常的

[root@chef_server etc]# scp /etc/hosts root@chefworkstation:/etc/hosts

把hosts scp過去。

安裝之後驗證下

echo ‘eval "$(chef shell-init bash)"‘ >> ~/.bash_profile

. ~/.bash_profile

which ruby

輸出 /opt/chefdk/embedded/bin/ruby證明workstation安裝完成

[root@chefworkstation chef]# rpm -ivh chefdk-2.4.17-1.el7.x86_64.rpm

安裝好了之後，從server 網頁下一個start kit

下載後傳過去，ftp傳過去居然顯示沒權限，我是root好麽，看了下VSFTP配置，root 是禁止FTP登陸的，但是pactera用戶就可以，取消禁止root登陸後重啟VSFTPD服務

命令：cd /etc/vsftpd? 進入vsftpd目錄

鍵入命令：ls? 查看該目錄包含的文件

鍵入命令：vi? vsftpd.ftpusers 進入文件vsftpd.ftpusers，在root前加#註釋root

同理，鍵入命令：vi vsftpd.user_list 進入文件vsftpd.user_list，在root前加#註釋root

登陸後又不能上傳，我是root！！！仔細一看selinux還開著，順手改了後重啟

[root@host]# vi /etc/selinux/config

----------------------------------------------------------------------------------

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

# enforcing - SELinux security policy is enforced.

# permissive - SELinux prints warnings instead of enforcing.

# disabled - SELinux is fully disabled.

SELINUX=disabled

#把這裏改成disable

重啟之後恢復正常

安裝git

yum -y install git

cd ~

chef generate repo chef-repo

ls -al ~/chef-repo/

git config --global user.name "admin"

git config --global user.email "[email protected]"

cd ~/chef-repo/ git init

mkdir -p ~/chef-repo/.chef

echo ‘.chef‘ >> ~/chef-repo/.gitignore

cd ~/chef-repo/ git add . git commit -m "initial commit"

git status

把RSA key從server撈過來

scp -pr root@chefserver:/usr/chef/pcdog.pem ~/chef-repo/.chef/

生成chef repo，如果不想用webui的話

chef generate app chef-repo

配置有3個文件?

For a workstation that will interact with the Chef server (including the hosted Chef server), log on and download the following files:

• knife.rb. This configuration file can be downloaded from the Organizations page.
• ORGANIZATION-validator.pem. This private key can be downloaded from the Organizations page.
• USER.pem. This private key an be downloaded from the Change Password section of the Account Management page

創建knife.rb文件

訪問https://192.168.209.133/organizations/it

左側點擊生成knife config

傳到目錄中，.chef是隱藏的閉著眼睛打就是了

vi ~/chef-repo/.chef/knife.rb

# See https://docs.getchef.com/config_rb_knife.html for more information on knife configuration options

current_dir = File.dirname(__FILE__)

log_level :info

log_location STDOUT

node_name "pcdog"

client_key "#{current_dir}/pcdog.pem"

chef_server_url "https://localhost/organizations/it"

cookbook_path ["#{current_dir}/../cookbooks"]

運行knife ssl fetch 驗證SSL,怎麽失敗鳥？

knife client list ，端口被拒絕了

workstation怎麽連localhost了呢，webui在server啊，一看knife.rb的配置

更新了小刀

knife ssl fetch

把證書從server端復制到workstation

[root@chefserver ca]# scp chefserver.crt root@chefworkstation:/root/chef-repo/.chef/trusted_certs

再次運行ssl 檢查，難道是是自簽名證書的問題？

嘗試連接的是ip，證書的名字是FQDN chefserver這裏不匹配，再次更新了下小刀.rb

覆蓋掉

再次運行

[root@chefworkstation chef-repo]# knife ssl check

成功連接，到此workstation 安裝完成

校驗命令

knife ssl fetch

knife ssl check

knife nod list

自動化運維工具安裝部署 chef (三） - workstation的安裝