锐客网

  1. 首页 > 睿知 > it技术 > >

如何在Ubuntu 18上安装Chef()

IT知识linux后端环境部署Web运维

本文概述

  • 环境细节
  • Chef服务器安装
  • 创建用户和组织
  • 工作站
  • 创建版本控制
  • 生成你的第一本CookBook
  • 配置刀
  • 引导节点
了解如何在Ubuntu上安装Chef。
Chef是基于ruby的配置管理工具。它用于自动管理集群中所有节点上的配置, 并保持一致性。 Chef包含三个主要部分。
  • 厨师服务器
  • 工作站
  • 节点数
所有配置都从工作站进行管理, 然后再推送到Chef服务器。 Chef服务器是所有基础结构配置的集中存储。刀是工作站上存在的命令行工具, 用于与Chef Server进行交互。节点运行Chef客户端, 这些客户端从Chef服务器请求配置信息。
这是典型的Chef架构的样子:
如何在Ubuntu 18上安装Chef()

文章图片
现在, 让我们继续设置Chef服务器, Workstation和Node(Chef客户端)。
环境细节 我正在使用3个Ubuntu 18.04系统。一个将充当厨师服务器, 第二个将成为工作站, 第三个系统将成为节点。
厨师服务器
  • 主机名:chef-geekflare
  • IP地址:192.168.0.107
工作站
  • 主机名:工作站
  • IP地址:192.168.0.108
节点
  • 主机名:客户端节点
  • IP地址:192.168.0.109
在开始安装之前, 我需要编辑所有系统的/ etc / hosts文件, 以便它们可以相互解析。如下所示, 在所有系统上编辑/ etc / hosts文件。
[email  protected]:~$ 127.0.0.1 localhost 127.0.1.1 geekflare 192.168.0.107 chef-geekflare 192.168.0.108 chef-workstation 192.168.0.109 client-node

我将在所有三个系统上运行以下命令来更新它们。
[email  protected]:~$ sudo apt update[sudo] password for geekflare:Hit:1 http://security.ubuntu.com/ubuntu cosmic-security InReleaseGet:2 https://download.docker.com/linux/ubuntu bionic InRelease [64.4 kB]      Hit:3 http://ppa.launchpad.net/ansible/ansible/ubuntu cosmic InRelease          Hit:4 http://us.archive.ubuntu.com/ubuntu cosmic InRelease                      Get:5 https://download.docker.com/linux/ubuntu bionic/stable amd64 Packages [9, 594 B]Hit:6 http://us.archive.ubuntu.com/ubuntu cosmic-updates InRelease              Hit:7 http://us.archive.ubuntu.com/ubuntu cosmic-backports InRelease            Get:8 http://apt.puppetlabs.com bionic InRelease [85.3 kB]                      Get:9 http://apt.puppetlabs.com bionic/puppet6 amd64 Packages [32.4 kB]Fetched 192 kB in 2s (84.6 kB/s)    Reading package lists... DoneBuilding dependency tree        Reading state information... Done233 packages can be upgraded. Run 'apt list --upgradable' to see them.

Chef服务器安装 Chef Server是体系结构中连接工作站和节点的组件。在工作站上编辑/更改配置后, 它们被推送到Chef服务器, 并且所有节点都从Chef Server中提取这些配置更改。
现在, 让我们运行以下命令来下载Chef-server软件包。
[email  protected]:~$ wget https://packages.chef.io/files/stable/chef-server/13.0.17/ubuntu/18.04/chef-server-core_13.0.17-1_amd64.deb--2019-10-23 04:04:35-- https://packages.chef.io/files/stable/chef-server/13.0.17/ubuntu/18.04/chef-server-core_13.0.17-1_amd64.debSaving to: ‘chef-server-core_13.0.17-1_amd64.deb’chef-server-core_13 100%[===================> ] 240.58M 1.33MB/s in 6m 16s  2019-10-23 04:10:51 (656 KB/s) - ‘chef-server-core_13.0.17-1_amd64.deb’ saved [252269838/252269838]

现在, 你需要运行以下命令来安装Chef服务器。
[email  protected]:~$ sudo dpkg -i chef-server-core_*.deb

Chef-server-ctl是Chef-server中的命令行实用程序。我将使用该实用程序启动厨师服务器服务。
[email  protected]:~$ sudo chef-server-ctl reconfigureRunning handlers:Running handlers completeChef Infra Client finished, 481/1028 resources updated in 04 minutes 08 secondsChef Server Reconfigured!

你可以使用以下命令检查已启动的服务的状态。
[email  protected]:~$ sudo chef-server-ctl statusrun: bookshelf: (pid 2452) 822s; run: log: (pid 29553) 951srun: nginx: (pid 2318) 826s; run: log: (pid 30216) 908srun: oc_bifrost: (pid 2296) 827s; run: log: (pid 29240) 996srun: oc_id: (pid 2304) 826s; run: log: (pid 29308) 979srun: opscode-erchef: (pid 2511) 822s; run: log: (pid 29707) 946srun: opscode-expander: (pid 2416) 822s; run: log: (pid 29412) 958srun: opscode-solr4: (pid 2393) 824s; run: log: (pid 29358) 964srun: postgresql: (pid 2264) 827s; run: log: (pid 28769) 1021srun: rabbitmq: (pid 3183) 792s; run: log: (pid 30476) 902srun: redis_lb: (pid 30011) 926s; run: log: (pid 30010) 926s

创建用户和组织 Chef服务器连接工作站和客户端节点。要链接它们, 我将使用其私钥创建一个管理员和组织者。
首先, 创建一个.chef目录来存储密钥。
[email  protected]:~$ mkdir .chef

现在, 我将使用Chef-server-ctl创建一个用户。在下面的命令中, chefadmin是用户, chef是名字, GeekFlare是姓氏, [email protected]是电子邮件ID, geekflare是密码, chefadmin.pen是RSA密钥。
[email  protected]:~$ sudo chef-server-ctl user-create chefadmin Chef GeekFlare [email  protected] 'geekflare' --filename ~/.chef/chefadmin.pem

让我们运行一个命令来检查Chef服务器上的用户列表。
[email  protected]:~$ sudo chef-server-ctl user-listchefadminpivotal

现在, 我将使用chef-server-ctl创建一个组织。在下面的命令中, chef-org是组织名称, Geekflare Chef Infrastructure是全组织名称, chefadmin是我们刚刚创建的用户。chef-org.pem是RSA密钥。
[email  protected]:~$ sudo chef-server-ctl org-create chef-org "Geekflare Chef Infrastructure" --association_user chefadmin --filename ~/.chef/chef-org.pem

让我们运行一个命令来检查Chef服务器上的组织列表。
[email  protected]:~$ sudo chef-server-ctl org-listchef-org

我已经完全安装了Chef-server, 让我们继续并安装创建所有配置的工作站。
工作站 工作站是用户创建食谱的地方。菜谱不过是为运行特定任务而创建的配置单元。
让我们运行以下命令来下载Chef工作站软件包。
[email  protected]:~$ wget https://packages.chef.io/files/stable/chef-workstation/0.2.43/ubuntu/18.04/chef-workstation_0.2.43-1_amd64.deb--2019-10-23 05:37:41-- https://packages.chef.io/files/stable/chef-workstation/0.2.43/ubuntu/18.04/chef-workstation_0.2.43-1_amd64.debResolving packages.chef.io (packages.chef.io)... 151.101.194.110, 151.101.130.110, 151.101.66.110, ...Connecting to packages.chef.io (packages.chef.io)|151.101.194.110|:443... connected.HTTP request sent, awaiting response... 200 OKLength: 129713682 (124M) [application/x-debian-package]Saving to: ‘chef-workstation_0.2.43-1_amd64.deb’chef-workstation_0.2.43-1_ 100%[=======================================> ] 123.70M 2.37MB/s in 4m 25s  2019-10-23 05:42:18 (477 KB/s) - ‘chef-workstation_0.2.43-1_amd64.deb’ saved [129713682/129713682]

让我们运行dpkg命令在ubuntu系统上安装工作站。
[email  protected]:~$ sudo dpkg -i chef-workstation_*.debSelecting previously unselected package chef-workstation.(Reading database ... 273360 files and directories currently installed.)Preparing to unpack chef-workstation_0.2.43-1_amd64.deb ...Unpacking chef-workstation (0.2.43-1) ...Setting up chef-workstation (0.2.43-1) ...To run the experimental Chef Workstation App, use yourplatform's package manager to install these dependencies:                libgconf-2.so.4 => not foundYou can then launch the App by running 'chef-workstation-app'.The App will then be available in the system tray.Thank you for installing Chef Workstation!You can find some tips on getting started at https://chef.sh/

现在, 我将运行一个命令来创建一个厨师库, 该库将包含所有食谱和其他文件。
[email  protected]:~$ chef generate repo chef-repoRecipe: code_generator::repo  * directory[/home/geekflare/chef-repo] action create    - create new directory /home/geekflare/chef-repo  * template[/home/geekflare/chef-repo/LICENSE] action create_if_missing    - create new file /home/geekflare/chef-repo/LICENSE    - update content in file /home/geekflare/chef-repo/LICENSE from none to 3c525c    (diff output suppressed by config)  * cookbook_file[/home/geekflare/chef-repo/.chef-repo.txt] action create_if_missing    - create new file /home/geekflare/chef-repo/.chef-repo.txt    - update content in file /home/geekflare/chef-repo/.chef-repo.txt from none to 2bed28    (diff output suppressed by config)  * cookbook_file[/home/geekflare/chef-repo/README.md] action create_if_missing    - create new file /home/geekflare/chef-repo/README.md    - update content in file /home/geekflare/chef-repo/README.md from none to 2b4f46    (diff output suppressed by config)  * cookbook_file[/home/geekflare/chef-repo/chefignore] action create_if_missing    - create new file /home/geekflare/chef-repo/chefignore    - update content in file /home/geekflare/chef-repo/chefignore from none to 9e2ffd    (diff output suppressed by config)  * remote_directory[/home/geekflare/chef-repo/cookbooks] action create_if_missing    - create new directory /home/geekflare/chef-repo/cookbooks  Recipe: code_generator::repo  * cookbook_file[/home/geekflare/chef-repo/cookbooks/README.md] action create_if_missing    - create new file /home/geekflare/chef-repo/cookbooks/README.md    - update content in file /home/geekflare/chef-repo/cookbooks/README.md from none to 54b03d    (diff output suppressed by config)  * execute[initialize-git] action run    - execute git init .  * template[/home/geekflare/chef-repo/.gitignore] action create_if_missing    - create new file /home/geekflare/chef-repo/.gitignore    - update content in file /home/geekflare/chef-repo/.gitignore from none to 11e5ee    (diff output suppressed by config)

现在, 我将创建/chef-repo/.chef目录, 该目录将存储所有刀配置和RSA密钥。
[email  protected]:~$ mkdir ~/chef-repo/.chef[email  protected]:~$ cd chef-repo/

现在让我们生成RSA密钥对。我们正在生成此密钥以验证工作站并获得对Chef服务器的访问。
[email  protected]:~/chef-repo$ ssh-keygen -b 4096Generating public/private RSA key pair.Enter file in which to save the key (/home/geekflare/.ssh/id_rsa):Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /home/geekflare/.ssh/id_rsa.Your public key has been saved in /home/geekflare/.ssh/id_rsa.pub.The key fingerprint is:SHA256:oK/ZyLn+AOMj97F5Z0e1K5o1bxChyKx3ms4HvK06DxI [email  protected]The key's randomart image is:+---[RSA 4096]----+| || . || o.. . . || .+.. . . || E .o S o . || . +..+ . o . ||. = +..B .o. . || o =.& = =oooo || .& OB=oo o. |+----[SHA256]-----+

现在, 将密钥从工作站复制到厨师服务器。
[email  protected]:~/chef-repo$ sudo ssh-copy-id [email  protected]/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/geekflare/.ssh/id_rsa.pub"/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys[email  protected]'s password:Number of key(s) added: 1Now try logging into the machine, with: "ssh '[email  protected]'"and check to make sure that only the key(s) you wanted were added.

现在, 我将.pem文件(chefadmin.pem和Chef-org.pem)从Chef服务器复制到工作站。
[email  protected]:~/chef-repo$ scp [email  protected]:~/.chef/*.pem ~/chef-repo/.chef/chefadmin.pem 100% 1674 105.1KB/s 00:00    chef-org.pem 100% 1674 103.0KB/s 00:00

检查.pem文件是否在工作站上成功复制。
[email  protected]:~/chef-repo$ ls ~/chef-repo/.chefchefadmin.pem chef-org.pem

创建版本控制 在工作站上工作时, 食谱(配置单元)中会发生许多更改和编辑, 因此需要版本控制系统来跟踪这些更改。因此, 让我们继续使用工作站上的Git创建版本控制系统。我将在chef-repo目录中创建一个git存储库。我将添加用户名和电子邮件以配置git
[email  protected]:~$ git config --global user.name geekflare[email  protected]:~$ git config --global user.email  [email  protected]

让我们将.chef目录添加到.gitignore文件中。
[email  protected]:~$ echo ".chef" > ~/chef-repo/.gitignore

现在, 我将在Chef-repo目录中运行add和commit git命令。
[email  protected]:~$ cd ~/chef-repo[email  protected]:~/chef-repo$ git add .[email  protected]:~/chef-repo$ git commit -m "initial commit"[master (root-commit) 99c8c11] initial commit  16 files changed, 359 insertions(+)  create mode 100644 .chef-repo.txt  create mode 100644 .gitignore  create mode 100644 LICENSE  create mode 100644 README.md  create mode 100644 chefignore  create mode 100644 cookbooks/README.md  create mode 100644 cookbooks/example/README.md  create mode 100644 cookbooks/example/attributes/default.rb  create mode 100644 cookbooks/example/metadata.rb  create mode 100644 cookbooks/example/recipes/default.rb  create mode 100644 data_bags/README.md  create mode 100644 data_bags/example/example_item.json  create mode 100644 environments/README.md  create mode 100644 environments/example.json  create mode 100644 roles/README.md  create mode 100644 roles/example.json

检查状态。
[email  protected]:~/chef-repo$ git statusOn branch masternothing to commit, working tree clean

生成你的第一本CookBook 现在, WorkStation的安装已完成, 你可以开始在WorkStation上创建食谱。尝试在WorkStation上生成样本食谱, 然后查看是否成功生成了样本。
我将运行以下命令来生成食谱。
[email  protected]:~$ Chef generate cookbook geekflare_cookbookGenerating cookbook geekflare_cookbook- Ensuring correct cookbook file content- Committing cookbook files to Git- Ensuring delivery configuration- Ensuring correct delivery build cookbook content- Adding delivery configuration to feature branch- Adding build cookbook to feature branch- Merging delivery content feature branch to masterYour cookbook is ready. Type `cd geekflare_cookbook` to enter it.There are several commands you can run to get started locally developing and testing your cookbook.Type `delivery local --help` to see a full list.Why not start by writing a test? Tests for the default recipe are stored at:test/integration/default/default_test.rbIf you'd prefer to dive right in, the default recipe can be found at:recipes/default.rb

生成chef-repo, 然后移至chef-repo目录
[email  protected]:~$ Chef generate app chef-repoWARNING: The command 'chef generator app' is deprecated and will be removed from the next major release of Chef DK / Workstation (April 2019)Recipe: code_generator::app  * directory[/home/geekflare/chef-repo] action create (up to date)  * template[/home/geekflare/chef-repo/.kitchen.yml] action create    - create new file /home/geekflare/chef-repo/.kitchen.yml    - update content in file /home/geekflare/chef-repo/.kitchen.yml from none to ceae09    (diff output suppressed by config)  * directory[/home/geekflare/chef-repo/test/integration/default] action create    - create new directory /home/geekflare/chef-repo/test/integration/default  * template[/home/geekflare/chef-repo/test/integration/default/default_test.rb] action create_if_missing    - create new file /home/geekflare/chef-repo/test/integration/default/default_test.rb    - update content in file /home/geekflare/chef-repo/test/integration/default/default_test.rb from none to 0f757b    (diff output suppressed by config)  * template[/home/geekflare/chef-repo/README.md] action create    - update content in file /home/geekflare/chef-repo/README.md from 2b4f46 to 6401b8    (diff output suppressed by config)  * directory[/home/geekflare/chef-repo/cookbooks] action create (up to date)  * directory[/home/geekflare/chef-repo/cookbooks/chef-repo] action create    - create new directory /home/geekflare/chef-repo/cookbooks/chef-repo  * template[/home/geekflare/chef-repo/cookbooks/chef-repo/metadata.rb] action create    - create new file /home/geekflare/chef-repo/cookbooks/chef-repo/metadata.rb    - update content in file /home/geekflare/chef-repo/cookbooks/chef-repo/metadata.rb from none to e30be3    (diff output suppressed by config)  * cookbook_file[/home/geekflare/chef-repo/cookbooks/chef-repo/chefignore] action create    - create new file /home/geekflare/chef-repo/cookbooks/chef-repo/chefignore    - update content in file /home/geekflare/chef-repo/cookbooks/chef-repo/chefignore from none to 9e2ffd    (diff output suppressed by config)  * cookbook_file[/home/geekflare/chef-repo/cookbooks/chef-repo/Berksfile] action create    - create new file /home/geekflare/chef-repo/cookbooks/chef-repo/Berksfile    - update content in file /home/geekflare/chef-repo/cookbooks/chef-repo/Berksfile from none to 15e000    (diff output suppressed by config)  * directory[/home/geekflare/chef-repo/cookbooks/chef-repo/recipes] action create    - create new directory /home/geekflare/chef-repo/cookbooks/chef-repo/recipes  * template[/home/geekflare/chef-repo/cookbooks/chef-repo/recipes/default.rb] action create    - create new file /home/geekflare/chef-repo/cookbooks/chef-repo/recipes/default.rb    - update content in file /home/geekflare/chef-repo/cookbooks/chef-repo/recipes/default.rb from none to f56ecb    (diff output suppressed by config)  * directory[/home/geekflare/chef-repo/cookbooks/chef-repo/spec/unit/recipes] action create    - create new directory /home/geekflare/chef-repo/cookbooks/chef-repo/spec/unit/recipes  * cookbook_file[/home/geekflare/chef-repo/cookbooks/chef-repo/spec/spec_helper.rb] action create_if_missing    - create new file /home/geekflare/chef-repo/cookbooks/chef-repo/spec/spec_helper.rb    - update content in file /home/geekflare/chef-repo/cookbooks/chef-repo/spec/spec_helper.rb from none to 1f80e1    (diff output suppressed by config)  * template[/home/geekflare/chef-repo/cookbooks/chef-repo/spec/unit/recipes/default_spec.rb] action create_if_missing    - create new file /home/geekflare/chef-repo/cookbooks/chef-repo/spec/unit/recipes/default_spec.rb    - update content in file /home/geekflare/chef-repo/cookbooks/chef-repo/spec/unit/recipes/default_spec.rb from none to 666a01    (diff output suppressed by config)  * execute[initialize-git] action run    - execute git init .  * cookbook_file[/home/geekflare/chef-repo/.gitignore] action create    - update content in file /home/geekflare/chef-repo/.gitignore from 25558e to edcd62    (diff output suppressed by config)

配置刀 刀是用于管理节点, 菜谱和食谱的命令行工具。要配置刀具, 请创建一个config.rb文件并将以下内容放入文件中, 这些是刀具配置。
[email  protected]:~$ sudo gedit ~/chef-repo/.chef/config.rb

current_dir = File.dirname(__FILE__)log_level :infolog_location STDOUTnode_name 'chefadmin'client_key "chefadmin.pem"validation_client_name 'chef-org-validator'validation_key "chef-org-validator.pem"chef_server_url 'https://chef-geekflare/organizations/chef-org'cache_type 'BasicFile'cache_options( :path => "#{ENV['HOME']}/.chef/checksums" )cookbook_path ["#{current_dir}/../cookbooks"]

现在转到Chef-repo目录并复制SSL证书。
[email  protected]:~$ cd chef-repo[email  protected]:~/chef-repo$ knife ssl fetchWARNING: Certificates from chef-geekflare will be fetched and placed in your trusted_certdirectory (/home/geekflare/chef-repo/.chef/trusted_certs).Knife has no means to verify these are the correct certificates. You shouldverify the authenticity of these certificates after downloading.Adding certificate for chef-geekflare in /home/geekflare/chef-repo/.chef/trusted_certs/chef-geekflare.crt

要检查是否正确设置了config.rb, 请运行以下命令。
[email  protected]:~/chef-repo$ knife client listchef-org-validator

引导节点 Bootstrap从工作站计算机运行, 并在节点上安装Chef-Client。然后, 节点可以使用客户机节点的用户名和密码来引导节点, 从而从Chef服务器读取配置。
现在, 我将引导一个IP地址为192.168.0.109, 用户名geekflare和密码geekflare.org的节点。
[email  protected]:~/chef-repo/.chef$ knife bootstrap 192.168.0.109 -x geekflare -P geekflare.org --node-name geekflare-client-1Creating new client for geekflare-client-1Creating new node for geekflare-client-1Connecting to 192.168.0.109192.168.0.109 -----> Installing Chef Omnibus (-v 14)192.168.0.109 downloading https://omnitruck-direct.chef.io/chef/install.sh192.168.0.109 to file /tmp/install.sh.9250/install.sh192.168.0.109 trying wget...192.168.0.109 ubuntu 18.10 x86_64192.168.0.109 Getting information for chef stable 14 for ubuntu...192.168.0.109 downloading https://omnitruck-direct.chef.io/stable/chef/metadata?v=14& p=ubuntu& pv=18.10& m=x86_64192.168.0.109 to file /tmp/install.sh.9261/metadata.txt192.168.0.109 trying wget...192.168.0.109 sha1 534bae390bde3bd9d93bef99335f62246624f32b192.168.0.109 sha256 94bc60b3a97ddadf77a70c7678ec77a676942c74f8152a2c70a0f5b68e22a42e192.168.0.109 url https://packages.chef.io/files/stable/chef/14.14.25/ubuntu/18.04/chef_14.14.25-1_amd64.deb192.168.0.109 version 14.14.25192.168.0.109 downloaded metadata file looks valid...192.168.0.109 downloading https://packages.chef.io/files/stable/chef/14.14.25/ubuntu/18.04/chef_14.14.25-1_amd64.deb192.168.0.109 to file /tmp/install.sh.9261/chef_14.14.25-1_amd64.deb192.168.0.109 trying wget...192.168.0.109 Comparing checksum with sha256sum...192.168.0.109 Installing chef 14192.168.0.109 installing with dpkg...192.168.0.109 Selecting previously unselected package chef.(Reading database ... 204803 files and directories currently installed.)192.168.0.109 Preparing to unpack .../chef_14.14.25-1_amd64.deb ...192.168.0.109 Unpacking chef (14.14.25-1) ...192.168.0.109 Setting up chef (14.14.25-1) ...192.168.0.109 Thank you for installing Chef Infra Client! For help getting started visit https://learn.chef.io192.168.0.109 Starting the first Chef Client run...192.168.0.109 Starting Chef Client, version 14.14.25192.168.0.109 resolving cookbooks for run list: []192.168.0.109 Synchronizing Cookbooks:192.168.0.109 Installing Cookbook Gems:192.168.0.109 Compiling Cookbooks...192.168.0.109 [2019-10-23T10:52:57-04:00] WARN: Node geekflare-client-1 has an empty run list.192.168.0.109 Converging 0 resources192.168.0.109192.168.0.109 Running handlers:192.168.0.109 Running handlers complete192.168.0.109 Chef Client finished, 0/0 resources updated in 07 seconds

我现在将列出所有被引导的节点
[email  protected]:~/chef-repo/.chef$ knife node listgeekflare-client-1

运行以下命令以获取节点的详细信息。
[email  protected]:~/chef-repo/.chef$ knife node show geekflare-client-1Node Name: geekflare-client-1Environment: _defaultFQDN: client-nodeIP: 192.168.0.109Run List:    Roles:        Recipes:      Platform: ubuntu 18.10Tags:

现在准备就绪!
我们已经在Ubuntu上成功安装了厨师服务器, 工作站和节点。你可以继续并开始在Chef中创建配方和食谱, 以进行基础结构的配置管理。
【如何在Ubuntu 18上安装Chef()】如果你是绝对的初学者, 那么你可能也想参加这个Udemy课程。

    推荐阅读


    上一篇:如何在VirtualBox上安装Linux Mint()

    下一篇:如何在Ubuntu 18上安装Puppet 6()