Shulou(Shulou.com)06/01 Report--

Today, the editor will share with you the relevant knowledge points about how to install Cheff workstations in CentOS. The content is detailed and the logic is clear. I believe most people still know too much about this knowledge, so share this article for your reference. I hope you can get something after reading this article.

Chef is an IT infrastructure automation software that manages all servers and network devices in your organization. When we want to interact with the infrastructure of the Chef server, any physical node (server, network device, etc.), we need a Chef workstation.

Download ChefDK using the following command

On CentOS 7

Cd ~ wget https://packages.chef.io/stable/el/7/chefdk-0.11.2-1.el7.x86_64.rpm

On CentOS 6

Cd ~ wget https://packages.chef.io/stable/el/6/chefdk-0.11.2-1.el6.x86_64.rpm

Install ChefDK

Use RPM to install the ChefDK you just downloaded

# rpm-ivh chefdk-0.11.2-1.el7.x864.rpmgathering. # # [100%] Updating / installing... 1:chefdk-0.11.2-1.el7 # # [100%] Thank you for installing Chef Development Kit!

ChefDK is installed by default in the / opt/chefdk directory, as shown below

# ls-l / opt/chefdk/drwxr-xr-x. 2 root root 4096 Mar 3 13:50 bindrwxr-xr-x. 7 root root 62 Mar 3 13:50 embedded-rw-r--r--. 1 root root 13249 Feb 22 14:26 version-manifest.json-rw-r--r--. 1 root root 8233 Feb 22 14:26 version-manifest.txt verifies the installation of ChefDK

Execute chef verify to verify all the different components from ChefDK and make sure they are working properly without any problems

# chef verifyRunning verification for component 'berkshelf'Running verification for component' test-kitchen'Running verification for component 'tk-policyfile-provisioner'Running verification for component' chef-client'Running verification for component 'chef-dk'Running verification for component' chef-provisioning'Running verification for component 'chefspec'Running verification for component' generated-cookbooks-pass-chefspec'Running verification for component 'rubocop'Running verification for component' fauxhai'Running verification for component 'knife-spork'Running verification for component' kitchen-vagrant'Running verification for component 'package installation'Running verification for component 'openssl'Running verification for component 'inspec'.-Verification of component' test-kitchen' succeeded.Verification of component 'chef-dk' succeeded.Verification of component' chefspec' succeeded.Verification of component 'rubocop' succeeded.Verification of component' knife-spork' succeeded.Verification of component 'openssl' succeeded.Verification of component' Berkshelf' succeeded.Verification of component 'chef-client' succeeded.Verification of component' fauxhai' succeeded.Verification of component 'inspec' succeeded.Verification of component' tk-policyfile-provisioner' succeeded.Verification of component 'kitchen-vagrant' succeeded.Verification of component' chef-provisioning' succeeded.Verification of component 'package installation' succeeded.Verification of component' generated-cookbooks-pass-chefspec' succeeded.

The following is an example of a chef verify failure. Note: Ruby is required in Chef and is embedded in ChefDK.

# chef verify../opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/mixlib-shellout-2.2.6/lib/mixlib/shellout.rb:289:in `roomidservant: Expected process to exit with [0] But received'1' (Mixlib::ShellOut::ShellCommandFailed)-Begin output of / usr/bin/ohai-v-STDOUT:STDERR: / opt/chefdk/embedded/lib/ruby/site_ruby/2.1.0/rubygems/dependency.rb:319:in `to_specs': Could not find 'chef-config' (= 12.8.0)-did find: [chef-config-12.7.2] (Gem::LoadError)

The above error message shows: "Could not find 'chef-config' (= 12.8.0)-did find: [chef-config-12.7.2] (Gem::LoadError)". The version of chef-config in the installed ChefDK is the old version of 12.7.2. The verification is successful by performing chef verify after manually installing chef-confg 12.8.0.

Verify the ChefDK version

Execute the chef-version command to display the version number of ChefDK and all accompanying components

# chef--versionChef Development Kit Version: 0.11.2chef-client version: 12.7.2berks version: 4.2.0kitchen version: 1.5.0 set the Chef environment variable

Set Chef-related environment variables, such as GEM_ROOT GEM_HOME GEM_PATH.

Export GEM_ROOT= "/ opt/chefdk/embedded/lib/ruby/gems/2.1.0" export GEM_HOME= "/ root/.chefdk/gem/ruby/2.1.0" export GEM_PATH= "/ root/.chefdk/gem/ruby/2.1.0:/opt/chefdk/embedded/lib/ruby/gems/2.1.0"

In addition, if you already have ruby installed on your system, you need to update the PATH variable associated with ruby, as shown below

Export PATH= "/ opt/chefdk/bin:/root/.chefdk/gem/ruby/2.1.0/bin:/opt/chefdk/embedded/bin:/opt/chefdk/bin:/root/.chefdk/gem/ruby/2.1.0/bin:/opt/chefdk/embedded/bin:/opt/chefdk/bin:/root/.chefdk/gem/ruby/2.1.0/bin:/opt/chefdk/embedded/bin:/usr/local/sbin:/usr/local/bin:/ Usr/sbin:/usr/bin:/root/bin "

Displays the environment variables for all Chef settings.

Chef shell-init bash

To quickly set these environment variables, you can add them to the bash_profile file, as shown below.

Echo 'eval "$(chef shell-init bash)" > ~ / .Firewalld rules for bash_profile access to Chef

To access the Chef Manage GUI on the Chef server, add the following firewalld rule to open the appropriate port on the Chef server.

Firewall-cmd-- direct-- add-rule ipv4\ filter INPUT_direct 0-I eth0-p tcp\-- dport 443-j ACCEPTfirewall-cmd-- direct-- add-rule ipv4\ filter INPUT_direct 0-I eth0-p tcp\-- dport 80-j ACCEPTfirewall-cmd-direct-add-rule ipv4\ filter INPUT_direct 0-I eth0-p tcp\-dport 9683-j ACCEPTfirewall-cmd-reload download Starter Kit from Chef Manage GUI

Log in to Chef Manage GUI, click the "Administration" option, and select "organization" from the list. In this example, "organization" is "example". With organization selected, click "Starter Kit" in the left menu.

After pressing the "Download" button, a warning message will pop up and press "Proceed", which will download the chef-starter.zip file to your local machine.

Decompress Starter Kit

Transfer the chef-starter.zip file to the Chef workstation and extract it to the home directory of root

# cd ~ # unzip chef-starter.zipArchive: chef-starter.zip creating: chef-repo/cookbooks/ creating: chef-repo/cookbooks/starter/ creating: chef-repo/cookbooks/starter/templates/ creating: chef-repo/cookbooks/starter/templates/default/ inflating: chef-repo/cookbooks/starter/templates/default/sample.erb creating: chef-repo/cookbooks/starter/files/ creating: chef-repo/cookbooks/starter/files/default/ inflating: chef-repo/cookbooks/starter/files / default/sample.txt creating: chef-repo/cookbooks/starter/recipes/ inflating: chef-repo/cookbooks/starter/recipes/default.rb creating: chef-repo/cookbooks/starter/attributes/ inflating: chef-repo/cookbooks/starter/attributes/default.rb inflating: chef-repo/cookbooks/starter/metadata.rb inflating: chef-repo/cookbooks/chefignore inflating: chef-repo/README.md inflating: chef-repo/.gitignore creating: chef-repo/.chef/ creating: Chef-repo/roles/ inflating: chef-repo/.chef/knife.rb inflating: chef-repo/roles/starter.rb inflating: chef-repo/.chef/ramesh.pem inflating: chef-repo/.chef/example-validator.pem

If you manually create the chef-repo folder, then you need to manually create the above subdirectories and copy the knife.rb file, organization-validator.pem file (e.g. example-validator.pem), username.pem file (e.g. ramesh.pem) to the directory shown above.

SSL certificate of the Chef server

If you execute knife client list at this stage, you will get the following error message

# cd ~ / chef-repo# knife client listERROR: SSL Validation failure connecting to host: centos.example.com-SSL_connect returned=1 errno=0 state=error: certificate verify failedERROR: Could not establish a secure connection to the server.Use `knife ssl check` to troubleshoot your SSL configuration.If your Chef Server uses a self-signed certificate, you can use`accessible ssl fetch` to make knife trust the server's certificates.Original Exception: OpenSSL::SSL::SSLError: SSLError connecting to https://centos.example.com/organizations/example/clients-SSL_connect returned=1 errno=0 state=error: certificate verify failed

Certificate verification failed because we did not download the SSL certificate from the Chef server, so we can execute the following "knife ssl fetch" at this time.

# cd ~ / chef-repo# knife ssl fetchWARNING: Certificates from centos.example.com will be fetched and placed in your trusted_certdirectory (/ root/chef-repo/.chef/trusted_certs). Knife has no means to verify these are the correct certificates. You shouldverify the authenticity of these certificates after downloading.

The certificate will be downloaded to the following truster_certs directory

# ls-l / root/chef-repo/.chef/trusted_certs-rw-r--r--. 1 root root 1379 Mar 20 20:17 final confirmation of centos_example_com.crt# cat / root/chef-repo/.chef/trusted_certs/centos_example_com.crt-BEGIN CERTIFICATE-MIIDzDCCArSgAwIBAgIBADANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEQMA4GA1UECgwHWW91Q29ycDETMBEGA1UECwwKT3BlcmF0aW9uczEbMBkGA1UEAwwSZXJhdGlvbnMxGzAZBgNVBAMMEmNlbnRvcy5leGFtcGxlLmNvbTCCASIwDQYJKoZI....WLyr2ORLMcck/OGsubabO/koMNTqhl2JJPECNiDJh06MeZ/2+BOwGZSpXDbw+vFENJAsLfsTzihGWZ58einMFA==-END CERTIFICATE-Chef workstation

If the Chef workstation is working properly, when you execute "knife client list", it will show all clients connected to the workstation. Since we have just installed it, we can only see the organization we just created (organization)

# cd ~ / chef-repo# knife client listexample-validator

If you already have five servers connected to your existing Chef workstation machine, you will see the following message

# knife client listexample-validatornode1node2node3node4node5 above is all the content of the article "how to install a Cheff workstation in CentOS". Thank you for reading! I believe you will gain a lot after reading this article. The editor will update different knowledge for you every day. If you want to learn more knowledge, please pay attention to the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.