Install chef-server
iptables -F
rpm -ivh chef-server-11.1.7-1.el6.x86_64
Configure Chef Server
chef-server-ctl reconfigure
Running handlers:
Running handlers complete
Chef Client finished, 415/479 resources updated in 220.548599949 seconds
Chef Server Reconfigured!
Confirm Chef server is running by,
chef-server-ctl status
run: bookshelf: (pid 1084) 60730s; run: log: (pid 1083) 60730s
run: chef-expander: (pid 1080) 60730s; run: log: (pid 1079) 60730s
run: chef-server-webui: (pid 1070) 60730s; run: log: (pid 1068) 60730s
run: chef-solr: (pid 1076) 60730s; run: log: (pid 1073) 60730s
run: erchef: (pid 1085) 60730s; run: log: (pid 1082) 60730s
down: nginx: 0s, normally up, want up; run: log: (pid 1078) 60730s
run: postgresql: (pid 1091) 60730s; run: log: (pid 1072) 60730s
run: rabbitmq: (pid 1075) 60730s; run: log: (pid 1071) 60730s
Optionally, run the Opscode Pedant test suite. This will verify that everything is working.
chef-server-ctl test
Configure Chef Workstation
check Chef client pkg is already installed or not
rpmquery chef
package chef is not installed
rpm -ivh chef-11.18.12-1.el6.x86_64
rpmquery chef
chef-11.18.12-1.el6.x86_64
chef-client
To Secure communication with Chef server,
copy files from chef server path /etc/chef-server to chef workstation
scp -r admin.pem chef-validator.pem chef-webui.pem root@10.98.33.204:/root/.chef
admin.pem
chef-validator.pem
chef-webui.pem
mkdir .chef @ home and mv all 3 files inside dir
knife configure -i
Overwrite /root/.chef/knife.rb? (Y/N)Y
Please enter the chef server URL: [https://testchefwork.example.com:443] https://testchefserver.example.com:443
Please enter a name for the new user: [root]
Please enter the existing admin name: [admin] admin
Please enter the location of the existing admin's private key: [/etc/chef-server/admin.pem] /root/.chef/admin.pem
Please enter the validation clientname: [chef-validator]
Please enter the location of the validation key: [/etc/chef-server/chef-validator.pem] /root/.chef/chef-validator.pem
Please enter the path to a chef repository (or leave blank):
Creating initial API user...
Please enter a password for the new user:
Created user[root]
Configuration file written to /root/.chef/knife.rb
knife ssl fetch
knife ssl check
Connecting to host testchefserver.example.com:443
ERROR: The SSL certificate of testchefserver.example.com could not be verified
Certificate issuer data: /C=US/ST=WA/L=Seattle/O=YouCorp/OU=Operations/CN=testchefserver.example.com/emailAddress=you@example.com
Configuration Info:
OpenSSL Configuration:
* Version: OpenSSL 1.0.1m 19 Mar 2015
* Certificate file: /opt/chef/embedded/ssl/cert.pem
* Certificate directory: /opt/chef/embedded/ssl/certs
Chef SSL Configuration:
* ssl_ca_path: nil
* ssl_ca_file: nil
* trusted_certs_dir: "/root/.chef/trusted_certs"
TO FIX THIS ERROR:
If the server you are connecting to uses a self-signed certificate, you must
configure chef to trust that server's certificate.
By default, the certificate is stored in the following location on the host
where your chef-server runs:
/var/opt/chef-server/nginx/ca/SERVER_HOSTNAME.crt
Copy that file to you trusted_certs_dir (currently: /root/.chef/trusted_certs)
using SSH/SCP or some other secure method, then re-run this command to confirm
that the server's certificate is now trusted.
knife ssl check
Connecting to host testchefserver.example.com:443
Successfully verified certificates from `testchefserver.example.com'
knife client list
chef-validator
chef-webui
knife user list
admin
jojan
root
Node configuration
iptables -L
rpm -ivh chef-11.18.12-1.el6.x86_64.rpm
warning: chef-11.18.12-1.el6.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
Preparing... ########################################### [100%]
1:chef ########################################### [100%]
Thank you for installing Chef!
copy chef-validator.pem from chef server path /etc/chef-server to /etc/chef in Node server
knife ssl fetch -s https://testchefserver.example.com
WARNING: No knife configuration file found
WARNING: Certificates from testchefserver.example.com will be fetched and placed in your trusted_cert
directory ().
Knife has no means to verify these are the correct certificates. You should
verify the authenticity of these certificates after downloading.
ERROR: TypeError: can't convert nil into String
knife ssl check
Connecting to host testchefserver.example.com:443
Successfully verified certificates from `testchefserver.example.com'
[root@testchefnode .chef]# knife ssl fetch -s https://testchefserver.example.com
WARNING: Certificates from testchefserver.example.com will be fetched and placed in your trusted_cert
directory (/root/.chef/trusted_certs).
Knife has no means to verify these are the correct certificates. You should
verify the authenticity of these certificates after downloading.
Adding certificate for testchefserver.example.com in /root/.chef/trusted_certs/testchefserver_example_com.crt
knife ssl check -s https://testchefserver.example.com
Connecting to host testchefserver.example.com:443
Successfully verified certificates from `testchefserver.example.com'
cat /etc/chef/client.rb
log_level :info
log_location STDOUT
chef_server_url "https://testchefserver.example.com:443"
trusted_certs_dir "/root/.chef/trusted_certs"
chef-client -S https://testchefserver.example.com -K /etc/chef/chef-validator.pem
creating a recipe on workstation and upload to server
knife cookbook create motd
** Creating cookbook motd
** Creating README for cookbook: motd
** Creating CHANGELOG for cookbook: motd
** Creating metadata for cookbook: motd
cd /var/chef/cookbooks/motd
ls -l
attributes
CHANGELOG.md
definitions
files
libraries
metadata.rb
providers
README.md
recipes
resources
templates
cd recipes/
vi default.rb
file '/etc/motd' do
content 'Welcome to chef'
end
Before uploading to server make sure there is no syntax error
knife cookbook test motd
checking motd
Running syntax check on motd
Validating ruby files
Validating templates
Validating ruby files
Validating templates
upload to server,
knife cookbook upload motd
Uploading motd [0.1.0]
Uploaded 1 cookbook.
to chk from server
knife cookbook list
motd 0.1.0
to chek from dashboard,
https://testchefserver.example.com/cookbooks
Add cookbook to a node,
go to https://testchefserver.example.com/nodes and edit
drag and drop Available Recipes moted to Run List,
chef-client
[2015-09-07T11:17:30+05:30] INFO: Forking chef instance to converge...
[2015-09-07T11:17:30+05:30] WARN:
........................................
- update content in file /etc/motd from e3b0c4 to cad802
--- /etc/motd 2010-01-12 18:58:22.000000000 +0530
+++ /tmp/.motd20150907-26207-mb0jjs 2015-09-07 11:17:32.622947241 +0530
@@ -1 +1,2 @@
+Welcome to chef
- restore selinux security context
[2015-09-07T11:17:32+05:30] INFO: Chef Run complete in 0.661581977 seconds
Running handlers:
[2015-09-07T11:17:32+05:30] INFO: Running report handlers
Running handlers complete
[2015-09-07T11:17:32+05:30] INFO: Report handlers complete
Chef Client finished, 1/1 resources updated in 2.350334219 seconds
now cat it in node server,
cat /etc/motd
Welcome to chef
Ref:- https://www.youtube.com/watch?v=egvEPsVMfK0
No comments:
Post a Comment