自动化运维工具安装部署 chef (三） - workstation的安装

workstation原文

https://docs.chef.io/workstation.html

[root@chef_server etc]# cat /etc/hosts

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.209.133 chefserver

192.168.209.135 chefworkstation

先设一下DNS,ping一下确保网络是通常的

[root@chef_server etc]# scp /etc/hosts root@chefworkstation:/etc/hosts

把hosts scp过去。

安装之后验证下

echo 'eval "$(chef shell-init bash)"' >> ~/.bash_profile

. ~/.bash_profile

which ruby

输出 /opt/chefdk/embedded/bin/ruby证明workstation安装完成

[root@chefworkstation chef]# rpm -ivh chefdk-2.4.17-1.el7.x86_64.rpm

安装好了之后，从server 网页下一个start kit

下载后传过去，ftp传过去居然显示没权限，我是root好么，看了下VSFTP配置，root 是禁止FTP登陆的，但是pactera用户就可以，取消禁止root登陆后重启VSFTPD服务

命令：cd /etc/vsftpd  进入vsftpd目录

键入命令：ls  查看该目录包含的文件

键入命令：vi  vsftpd.ftpusers 进入文件vsftpd.ftpusers，在root前加#注释root

同理，键入命令：vi vsftpd.user_list 进入文件vsftpd.user_list，在root前加#注释root

登陆后又不能上传，我是root！！！仔细一看selinux还开着，顺手改了后重启

[root@host]# vi /etc/selinux/config

----------------------------------------------------------------------------------

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

# enforcing - SELinux security policy is enforced.

# permissive - SELinux prints warnings instead of enforcing.

# disabled - SELinux is fully disabled.

SELINUX=disabled

#把这里改成disable

重启之后恢复正常

安装git

yum -y install git

cd ~

chef generate repo chef-repo

ls -al ~/chef-repo/

git config --global user.name "admin"

git config --global user.email "pcdogyu@hotmail.com"

cd ~/chef-repo/ git init

mkdir -p ~/chef-repo/.chef

echo '.chef' >> ~/chef-repo/.gitignore

cd ~/chef-repo/ git add . git commit -m "initial commit"

git status

把RSA key从server捞过来

scp -pr root@chefserver:/usr/chef/pcdog.pem ~/chef-repo/.chef/

生成chef repo，如果不想用webui的话

chef generate app chef-repo

配置有3个文件¶

For a workstation that will interact with the Chef server (including the hosted Chef server), log on and download the following files:

• knife.rb. This configuration file can be downloaded from the Organizations page.
• ORGANIZATION-validator.pem. This private key can be downloaded from the Organizations page.
• USER.pem. This private key an be downloaded from the Change Password section of the Account Management page

创建knife.rb文件

访问https://192.168.209.133/organizations/it

左侧点击生成knife config

传到目录中，.chef是隐藏的闭着眼睛打就是了

vi ~/chef-repo/.chef/knife.rb

# See https://docs.getchef.com/config_rb_knife.html for more information on knife configuration options

current_dir = File.dirname(__FILE__)

log_level :info

log_location STDOUT

node_name "pcdog"

client_key "#{current_dir}/pcdog.pem"

chef_server_url "https://localhost/organizations/it"

cookbook_path ["#{current_dir}/../cookbooks"]

运行knife ssl fetch 验证SSL,怎么失败鸟？

knife client list ，端口被拒绝了

workstation怎么连localhost了呢，webui在server啊，一看knife.rb的配置

更新了小刀

knife ssl fetch

把证书从server端复制到workstation

[root@chefserver ca]# scp chefserver.crt root@chefworkstation:/root/chef-repo/.chef/trusted_certs

再次运行ssl 检查，难道是是自签名证书的问题？

尝试连接的是ip，证书的名字是FQDN chefserver这里不匹配，再次更新了下小刀.rb

覆盖掉

再次运行

[root@chefworkstation chef-repo]# knife ssl check

成功连接，到此workstation 安装完成

校验命令

knife ssl fetch

knife ssl check

knife nod list