Chef安装部署文档.doc

Chef安装部署文档一、 文档说明在Red Hat Linux 6.4（64bit）部署server-client模式的Chef环境说明：chef-server 50 Red Hat Linux 6.4chef-workstation 50 Red Hat Linux 6.4chef-client 0 Red Hat Linux 6.4二、安装chef-server1.创建用户“test”，并给用户“test”系统管理员权限rootlocalhost # useradd testrootlocalhost # passwd testChanging password for user test.New password: BAD PASSWORD: it is too simplistic/systematicBAD PASSWORD: is too simpleRetype new password: passwd: all authentication tokens updated successfully.rootlocalhost # vi /etc/passwdroot:x:0:0:root:/root:/bin/bashbin:x:1:1:bin:/bin:/sbin/nologintest:x:0:0:/home/test:/bin/bashrootlocalhost # su - testrootlocalhost # iduid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c10232.修改/etc/hosts文件rootlocalhost # vi /etc/hosts localhost localhost.localdomain localhost4 localhost4.localdomain4:1 localhost localhost.localdomain localhost6 localhost6.localdomain650 chef-server50 chef-workstation0 chef-client3.上传安装文件，将安装介质分别上传到两台服务器上。rootlocalhost # pwd/home/testrootlocalhost # lschef-11.4.0-1.el6.x86_64.rpm chef-server-11.0.8-1.el6.x86_64.rpm注1：chef-server(50)需要安装server、client；chef-client(0)只需安装client4.配置yum源，以备安装必要的依赖文件1)使用Red Hat系统安装盘配置本地yum源rootlocalhost # mount /dev/cdrom /mntmount: block device /dev/sr0 is write-protected, mounting read-onlymount: /dev/sr0 already mounted or /mnt busyrootlocalhost # vi /etc/yum.repos.d/rhel-yum.reporhel-sourcename=Red Hat Enterprise Linux $releasever - $basearch - Sourcebaseurl=file:/mnt/Serverenabled=1gpgcheck=0gpgkey=file:/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release5.安装chef-server软件包1）执行以下命令安装chef-server(a)rootlocalhost # rpm -ivh chef-server-11.0.8-1.el6.x86_64.rpmwarning: chef-server-11.0.8-1.el6.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEYPreparing. # 100% 1:chef-server # 100%Thank you for installing Chef Server!The next step in the install process is to run:sudo chef-server-ctl reconfigure(b) 运行命令“sudo chef-server-ctl reconfigure” 配置server。这个命令会安装所有的组件，包括 Erchef, RabbitMQ, PostgreSQL, 以及所有chef-solo 用来维持server所需的cookbook。rootlocalhost # sudo chef-server-ctl reconfigure.Recipe: chef-server:erchef * serviceerchef action restart - restart service serviceerchefChef Client finished, 268 resources updatedchef-server Reconfigured!(c) 安装完成后可以运行命令“chef-server-ctl test”，运用chef自带的一套组件进行测试。测试完之后会显示测试结果，如下:rootlocalhost # chef-server-ctl testDeleting client pedant_admin_client .Deleting client pedant_client .Pedant did not create the user admin, and will not delete itDeleting user pedant_non_admin_user .Deleting user knifey .Finished in 1 minute 39.01 seconds70 examples, 0 failures(d) 关闭server端的防火墙，也可以配置策略允许https访问rootlocalhost # service iptables stopiptables: Flushing firewall rules: OK iptables: Setting chains to policy ACCEPT: filter OK iptables: Unloading modules: OK rootlocalhost #rootlocalhost # netstat -lntp | grep -v grep | grep 443tcp 0 0 :443 :* LISTEN 7029/nginx rootlocalhost #rootlocalhost # ps -ef | grep -v grep | grep chef | wc -l472）验证chef-server安装是否成功三、安装chef-workstation1）安装chef-client软件包，因为只有安装了chef-client即安装knife命令工具rootlocalhost # rpm -ivh chef-11.4.0-1.el6.x86_64.rpmwarning: chef-11.4.0-1.el6.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEYPreparing. # 100% 1:chef # 100%Thank you for installing Chef!rootlocalhost chef-server# cp /etc/chef-server/chef-validator.pem /.chef/rootlocalhost chef-server# cp /etc/chef-server/chef-webui.pem /.chefrootlocalhost # cp /etc/chef-server/admin.pem /.chef/2）执行“knife client create chef-workstation -d -a -f /home/idcuser/.chef/chef-workstation.pem”为工作站安装并配置Knife Client3）安装chef-workstation所需的依赖包rootlocalhost yum.repos.d# yum install -y ruby*rootlocalhost yum.repos.d# yum install -y git*4）输入命令“sudo git clone git://opscode/chef-repo.git /opt/chef-local”，在指定位置（/opt/chef-local）创建Chef Repository，用于存储cookbook等相关文件。备注：Chef的大部分配置工作都是在Workstaion中的Chef Repository中完成的，不同的Chef Repository可以管理不同的Chef Server。注2：在执行此步骤时必须保证服务器可以联接互联网。rootlocalhost # sudo git clone git://opscode/chef-repo.git /opt/chef-localInitialized empty Git repository in /opt/chef-local/.git/remote: Reusing existing pack: 223, done.remote: Total 223 (delta 0), reused 0 (delta 0)Receiving objects: 100% (223/223), 46.09 KiB, done.Resolving deltas: 100% (56/56), done.5）验证chef-workstation是否安装、配置成功rootchef-server # knife client listchef-validatorchef-webuichef-workstation四、安装chef-client1.安装chef-client软件包rootlocalhost # rpm -ivh chef-11.4.0-1.el6.x86_64.rpm warning: chef-11.4.0-1.el6.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEYPreparing. # 100% 1:chef # 100%Thank you for installing Chef!rootlocalhost #2. 从server端拷贝认证文件/etc/chef-server/chef-validator.pem和/etc/chef-server/admin.pem到client端的指定位置/.chef中去。（可以通过命令行scp进行，但是执行完后显示成功，去指定文件夹却找不到文件，所以建议使用winscp软件进行拷贝。另外client端需要提前建一个/.chef文件夹）3.配置client端，并建立一个clientrootchef-client01 # knife client create chef-client -d -a -f /home/idcuser/.chef/chef-client.pemrootchef-client01 # knife client listchef-clientchef-validatorchef-webuichef-workstation注3：也可在chef-server端安装配置client,此种方法必须保证client所在服务器可以联接互联网，因为需要从互联网下载安装介质rootchef-server # sudo knife bootstrap 0 -x test -P redhat -sudoBootstrapping Chef on 00 -2014-02-08 05:03:14- /chef/install.sh0 Resolving . 0 30 Connecting to |3|:80. 0 connected.0 HTTP request sent, awaiting response. 0 200 OK0 Length: 13337 (13K) application/x-sh0 Saving to: 鈥淪TDOUT鈥 0 0% 0 -.-K/s 90% = 12,105 50.1K/s 0 Downloading Chef 11.4.0 for el.0 downloading /chef/metadata?v=11.4.0prerelease=falsep=elpv=6m=x86_640 to file /tmp/install.sh.2323/metadata.txt0 trying wget.100%= 13,337 27.7K/s in 0.5s 0 0 2014-02-08 05:03:15 (27.7 KB/s) - written to stdout 13337/133370 0 url /el/6/x86_64/chef-11.4.0-1.el6.x86_64.rpm0 md5 89f66fdf794d3968e1397b30dc47b4980 sha256 a38da78ea6e2890a00086d11f8ed3abd0817db112d86e304dd740685316b4d810 downloaded metadata file looks valid.0 downloading /el/6/x86_64/chef-11.4.0-1.el6.x86_64.rpm0 to file /tmp/install.sh.2323/chef-11.4.0-1.el6.x86_64.rpm0 trying wget.0 Checksum compare with sha256sum succeeded.0 Installing Chef 11.4.00 installing with rpm.0 warning: /tmp/install.sh.2323/chef-11.4.0-1.el6.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY0 Preparing. 0 # (100%)192.168.1# 100%0 1:chef 0 ( 1%)0 # ( 3%)0 # ( 6%)0 # ( 8%)0 # ( 10%)0 # ( 13%)0 # ( 15%)0 # ( 17%)0 # ( 19%)0 # ( 22%)0 # ( 24%)0 # ( 26%)0 # ( 28%)0 # ( 31%)0 # ( 33%)0 # ( 35%)0 # ( 38%)0 # ( 40%)0 # ( 42%)0 # ( 44%)0 # ( 47%)0 # ( 49%)0 # ( 51%)0 # ( 53%)0 # ( 56%)0 # ( 58%)0 # ( 60%)0 # ( 63%)0 # ( 65%)0 # ( 67%)0 # ( 69%)0 # ( 72%)0 # ( 74%)0 # ( 76%)0 # ( 78%)0 # ( 81%)0 # ( 83%)0 # ( 85%)0 # ( 88%)0 # ( 90%)0 # ( 92%)0 # ( 94%)0 # ( 97%)0 # 100%0 Thank you for installing Chef!0 Starting Chef Client, version 11.4.0