Shulou(Shulou.com)06/01 Report--

This article mainly introduces "how to install Chef under Linux" related knowledge, editor through the actual case to show you the operation process, the method of operation is simple and fast, practical, I hope that this "how to install Chef under Linux" article can help you solve the problem.

Chef is an automated server configuration management tool, which can automate the configuration of managed objects, such as system management, installation software and so on. Chef consists of three major components: Chef Server, Chef Workstation and Chef Node.

Download ChefDK

ChefDK is an abbreviation for Chef Development Kit and is used on almost all platforms, including Debian-based distributions, Ubuntu, RedHat, CentOS, Mac OS X, and Windows. The current stable version of ChefDK is 0.11.2, and for RHEL-based systems, it is available for versions 6 and 7 (such as CentOS 6 and CentOS 7), and the RPM version is only 64-bit.

Download ChefDK on CentOS 7 using the following command

Cd ~ wget https://packages.chef.io/stable/el/7/chefdk-0.11.2-1.el7.x86_64.rpm

On CentOS 6

Cd ~ wget https://packages.chef.io/stable/el/6/chefdk-0.11.2-1.el6.x86_64.rpm install ChefDK

Use RPM to install the ChefDK you just downloaded

# rpm-ivh chefdk-0.11.2-1.el7.x864.rpmgathering. # # [100%] Updating / installing... 1:chefdk-0.11.2-1.el7 # # [100%] Thank you for installing Chef Development Kit!

ChefDK is installed by default in the / opt/chefdk directory, as shown below

# ls-l / opt/chefdk/drwxr-xr-x. 2 root root 4096 Mar 3 13:50 bindrwxr-xr-x. 7 root root 62 Mar 3 13:50 embedded-rw-r--r--. 1 root root 13249 Feb 22 14:26 version-manifest.json-rw-r--r--. 1 root root 8233 Feb 22 14:26 version-manifest.txt verifies the installation of ChefDK

Execute chef verify to verify all the different components from ChefDK and make sure they are working properly without any problems

# chef verifyRunning verification for component 'berkshelf'Running verification for component' test-kitchen'Running verification for component 'tk-policyfile-provisioner'Running verification for component' chef-client'Running verification for component 'chef-dk'Running verification for component' chef-provisioning'Running verification for component 'chefspec'Running verification for component' generated-cookbooks-pass-chefspec'Running verification for component 'rubocop'Running verification for component' fauxhai'Running verification for component 'knife-spork'Running verification for component' kitchen-vagrant'Running verification for component 'package installation'Running verification for component 'openssl'Running verification for component 'inspec'.-Verification of component' test-kitchen' succeeded.Verification of component 'chef-dk' succeeded.Verification of component' chefspec' succeeded.Verification of component 'rubocop' succeeded.Verification of component' knife-spork' succeeded.Verification of component 'openssl' succeeded.Verification of component' Berkshelf' succeeded.Verification of component 'chef-client' succeeded.Verification of component' fauxhai' succeeded.Verification of component 'inspec' succeeded.Verification of component' tk-policyfile-provisioner' succeeded.Verification of component 'kitchen-vagrant' succeeded.Verification of component' chef-provisioning' succeeded.Verification of component 'package installation' succeeded.Verification of component' generated-cookbooks-pass-chefspec' succeeded.

The following is an example of a chef verify failure. Note: Ruby is required in Chef and is embedded in ChefDK.

# chef verify../opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/mixlib-shellout-2.2.6/lib/mixlib/shellout.rb:289:in `roomidservant: Expected process to exit with [0] But received'1' (Mixlib::ShellOut::ShellCommandFailed)-Begin output of / usr/bin/ohai-v-STDOUT:STDERR: / opt/chefdk/embedded/lib/ruby/site_ruby/2.1.0/rubygems/dependency.rb:319:in `to_specs': Could not find 'chef-config' (= 12.8.0)-did find: [chef-config-12.7.2] (Gem::LoadError)

The above error message shows: "Could not find 'chef-config' (= 12.8.0)-did find: [chef-config-12.7.2] (Gem::LoadError)". The version of chef-config in the installed ChefDK is the old version of 12.7.2. The verification is successful by performing chef verify after manually installing chef-confg 12.8.0.

Verify the ChefDK version

Execute the chef-version command to display the version number of ChefDK and all accompanying components

# chef--versionChef Development Kit Version: 0.11.2chef-client version: 12.7.2berks version: 4.2.0kitchen version: 1.5.0 set the Chef environment variable

Set Chef-related environment variables, such as GEM_ROOT GEM_HOME GEM_PATH.

Export GEM_ROOT= "/ opt/chefdk/embedded/lib/ruby/gems/2.1.0" export GEM_HOME= "/ root/.chefdk/gem/ruby/2.1.0" export GEM_PATH= "/ root/.chefdk/gem/ruby/2.1.0:/opt/chefdk/embedded/lib/ruby/gems/2.1.0"

In addition, if you already have ruby installed on your system, you need to update the PATH variable associated with ruby, as shown below

Export PATH= "/ opt/chefdk/bin:/root/.chefdk/gem/ruby/2.1.0/bin:/opt/chefdk/embedded/bin:/opt/chefdk/bin:/root/.chefdk/gem/ruby/2.1.0/bin:/opt/chefdk/embedded/bin:/opt/chefdk/bin:/root/.chefdk/gem/ruby/2.1.0/bin:/opt/chefdk/embedded/bin:/usr/local/sbin:/usr/local/bin:/ Usr/sbin:/usr/bin:/root/bin "

Displays the environment variables for all Chef settings.

Chef shell-init bash

To quickly set these environment variables, you can add them to the bash_profile file, as shown below.

Echo 'eval "$(chef shell-init bash)" > ~ / .Firewalld rules for bash_profile access to Chef

To access the Chef Manage GUI on the Chef server, add the following firewalld rule to open the appropriate port on the Chef server.

Firewall-cmd-- direct-- add-rule ipv4\ filter INPUT_direct 0-I eth0-p tcp\-- dport 443-j ACCEPTfirewall-cmd-- direct-- add-rule ipv4\ filter INPUT_direct 0-I eth0-p tcp\-- dport 80-j ACCEPTfirewall-cmd-direct-add-rule ipv4\ filter INPUT_direct 0-I eth0-p tcp\-dport 9683-j ACCEPTfirewall-cmd-reload download Starter Kit from Chef Manage GUI

Log in to Chef Manage GUI, click the "Administration" option, and select "organization" from the list. In this example, "organization" is "example". With organization selected, click "Starter Kit" in the left menu.

After pressing the "Download" button, a warning message will pop up and press "Proceed", which will download the chef-starter.zip file to your local machine.

Decompress Starter Kit

Transfer the chef-starter.zip file to the Chef workstation and extract it to the home directory of root

# cd ~ # unzip chef-starter.zipArchive: chef-starter.zip creating: chef-repo/cookbooks/ creating: chef-repo/cookbooks/starter/ creating: chef-repo/cookbooks/starter/templates/ creating: chef-repo/cookbooks/starter/templates/default/ inflating: chef-repo/cookbooks/starter/templates/default/sample.erb creating: chef-repo/cookbooks/starter/files/ creating: chef-repo/cookbooks/starter/files/default/ inflating: chef-repo/cookbooks/starter/files / default/sample.txt creating: chef-repo/cookbooks/starter/recipes/ inflating: chef-repo/cookbooks/starter/recipes/default.rb creating: chef-repo/cookbooks/starter/attributes/ inflating: chef-repo/cookbooks/starter/attributes/default.rb inflating: chef-repo/cookbooks/starter/metadata.rb inflating: chef-repo/cookbooks/chefignore inflating: chef-repo/README.md inflating: chef-repo/.gitignore creating: chef-repo/.chef/ creating: Chef-repo/roles/ inflating: chef-repo/.chef/knife.rb inflating: chef-repo/roles/starter.rb inflating: chef-repo/.chef/ramesh.pem inflating: chef-repo/.chef/example-validator.pem

If you manually create the chef-repo folder, then you need to manually create the above subdirectories and copy the knife.rb file, organization-validator.pem file (e.g. example-validator.pem), username.pem file (e.g. ramesh.pem) to the directory shown above.

SSL certificate of the Chef server

If you execute knife client list at this stage, you will get the following error message

# cd ~ / chef-repo# knife client listERROR: SSL Validation failure connecting to host: centos.example.com-SSL_connect returned=1 errno=0 state=error: certificate verify failedERROR: Could not establish a secure connection to the server.Use `knife ssl check` to troubleshoot your SSL configuration.If your Chef Server uses a self-signed certificate, you can use`accessible ssl fetch` to make knife trust the server's certificates.Original Exception: OpenSSL::SSL::SSLError: SSLError connecting to https://centos.example.com/organizations/example/clients-SSL_connect returned=1 errno=0 state=error: certificate verify failed

Certificate verification failed because we did not download the SSL certificate from the Chef server, so we can execute the following "knife ssl fetch" at this time.

# cd ~ / chef-repo# knife ssl fetchWARNING: Certificates from centos.example.com will be fetched and placed in your trusted_certdirectory (/ root/chef-repo/.chef/trusted_certs). Knife has no means to verify these are the correct certificates. You shouldverify the authenticity of these certificates after downloading.

The certificate will be downloaded to the following truster_certs directory

# ls-l / root/chef-repo/.chef/trusted_certs-rw-r--r--. 1 root root 1379 Mar 20 20:17 final confirmation of centos_example_com.crt# cat / root/chef-repo/.chef/trusted_certs/centos_example_com.crt-BEGIN CERTIFICATE-MIIDzDCCArSgAwIBAgIBADANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEQMA4GA1UECgwHWW91Q29ycDETMBEGA1UECwwKT3BlcmF0aW9uczEbMBkGA1UEAwwSZXJhdGlvbnMxGzAZBgNVBAMMEmNlbnRvcy5leGFtcGxlLmNvbTCCASIwDQYJKoZI....WLyr2ORLMcck/OGsubabO/koMNTqhl2JJPECNiDJh06MeZ/2+BOwGZSpXDbw+vFENJAsLfsTzihGWZ58einMFA==-END CERTIFICATE-Chef workstation

If the Chef workstation is working properly, when you execute "knife client list", it will show all clients connected to the workstation. Since we have just installed it, we can only see the organization we just created (organization)

# cd ~ / chef-repo# knife client listexample-validator

If you already have five servers connected to your existing Chef workstation machine, you will see the following message

# knife client listexample-validatornode1node2node3node4node5, that's all for "how to install Chef under Linux". Thank you for reading. If you want to know more about the industry, you can follow the industry information channel. The editor will update different knowledge points for you every day.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.