自動化運維工具安裝部署 chef (三) - workstation的安裝
https://docs.chef.io/workstation.html
[root@chef_server etc]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.209.133 chefserver
192.168.209.135 chefworkstation
先設一下DNS,ping一下確保網絡是通常的
[root@chef_server etc]# scp /etc/hosts root@chefworkstation:/etc/hosts
把hosts scp過去。
安裝之後驗證下
echo ‘eval "$(chef shell-init bash)"‘ >> ~/.bash_profile
. ~/.bash_profile
which ruby
輸出 /opt/chefdk/embedded/bin/ruby證明workstation安裝完成
[root@chefworkstation chef]# rpm -ivh chefdk-2.4.17-1.el7.x86_64.rpm
安裝好了之後,從server 網頁下一個start kit
下載後傳過去,ftp傳過去居然顯示沒權限,我是root好麽,看了下VSFTP配置,root 是禁止FTP登陸的,但是pactera用戶就可以,取消禁止root登陸後重啟VSFTPD服務
命令:cd /etc/vsftpd? 進入vsftpd目錄
鍵入命令:ls? 查看該目錄包含的文件
鍵入命令:vi? vsftpd.ftpusers 進入文件vsftpd.ftpusers,在root前加#註釋root
同理,鍵入命令:vi vsftpd.user_list 進入文件vsftpd.user_list,在root前加#註釋root
登陸後又不能上傳,我是root!!!仔細一看selinux還開著,順手改了後重啟
[root@host]# vi /etc/selinux/config
----------------------------------------------------------------------------------
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=disabled
#把這裏改成disable
重啟之後恢復正常
安裝git
yum -y install git
cd ~
chef generate repo chef-repo
ls -al ~/chef-repo/
git config --global user.name "admin"
git config --global user.email "[email protected]"
cd ~/chef-repo/ git init
mkdir -p ~/chef-repo/.chef
echo ‘.chef‘ >> ~/chef-repo/.gitignore
cd ~/chef-repo/ git add . git commit -m "initial commit"
git status
把RSA key從server撈過來
scp -pr root@chefserver:/usr/chef/pcdog.pem ~/chef-repo/.chef/
生成chef repo,如果不想用webui的話
chef generate app chef-repo
配置有3個文件?
For a workstation that will interact with the Chef server (including the hosted Chef server), log on and download the following files:
- knife.rb. This configuration file can be downloaded from the Organizations page.
- ORGANIZATION-validator.pem. This private key can be downloaded from the Organizations page.
- USER.pem. This private key an be downloaded from the Change Password section of the Account Management page
創建knife.rb文件
訪問https://192.168.209.133/organizations/it
左側點擊生成knife config
傳到目錄中,.chef是隱藏的閉著眼睛打就是了
vi ~/chef-repo/.chef/knife.rb
# See https://docs.getchef.com/config_rb_knife.html for more information on knife configuration options
current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name "pcdog"
client_key "#{current_dir}/pcdog.pem"
chef_server_url "https://localhost/organizations/it"
cookbook_path ["#{current_dir}/../cookbooks"]
運行knife ssl fetch 驗證SSL,怎麽失敗鳥?
knife client list ,端口被拒絕了
workstation怎麽連localhost了呢,webui在server啊,一看knife.rb的配置
更新了小刀
knife ssl fetch
把證書從server端復制到workstation
[root@chefserver ca]# scp chefserver.crt root@chefworkstation:/root/chef-repo/.chef/trusted_certs
再次運行ssl 檢查,難道是是自簽名證書的問題?
嘗試連接的是ip,證書的名字是FQDN chefserver這裏不匹配,再次更新了下小刀.rb
覆蓋掉
再次運行
[root@chefworkstation chef-repo]# knife ssl check
成功連接,到此workstation 安裝完成
校驗命令
knife ssl fetch
knife ssl check
knife nod list
自動化運維工具安裝部署 chef (三) - workstation的安裝