https://docs.chef.io/workstation.html
[root@chef_server etc]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.209.133 chefserver
192.168.209.135 chefworkstation
先设一下DNS,ping一下确保网络是通常的
[root@chef_server etc]# scp /etc/hosts root@chefworkstation:/etc/hosts
把hosts scp过去。
安装之后验证下
echo ‘eval "$(chef shell-init bash)"‘ >> ~/.bash_profile
. ~/.bash_profile
which ruby
输出 /opt/chefdk/embedded/bin/ruby证明workstation安装完成
[root@chefworkstation chef]# rpm -ivh chefdk-2.4.17-1.el7.x86_64.rpm
安装好了之后,从server 网页下一个start kit
下载后传过去,ftp传过去居然显示没权限,我是root好么,看了下VSFTP配置,root 是禁止FTP登陆的,但是pactera用户就可以,取消禁止root登陆后重启VSFTPD服务
命令:cd /etc/vsftpd? 进入vsftpd目录
键入命令:ls? 查看该目录包含的文件
键入命令:vi? vsftpd.ftpusers 进入文件vsftpd.ftpusers,在root前加#注释root
同理,键入命令:vi vsftpd.user_list 进入文件vsftpd.user_list,在root前加#注释root
登陆后又不能上传,我是root!!!仔细一看selinux还开着,顺手改了后重启
[root@host]# vi /etc/selinux/config
----------------------------------------------------------------------------------
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=disabled
#把这里改成disable
重启之后恢复正常
安装git
yum -y install git
cd ~
chef generate repo chef-repo
ls -al ~/chef-repo/
git config --global user.name "admin"
git config --global user.email "pcdogyu@hotmail.com"
cd ~/chef-repo/ git init
mkdir -p ~/chef-repo/.chef
echo ‘.chef‘ >> ~/chef-repo/.gitignore
cd ~/chef-repo/ git add . git commit -m "initial commit"
git status
把RSA key从server捞过来
scp -pr root@chefserver:/usr/chef/pcdog.pem ~/chef-repo/.chef/
生成chef repo,如果不想用webui的话
chef generate app chef-repo
配置有3个文件?
For a workstation that will interact with the Chef server (including the hosted Chef server), log on and download the following files:
创建knife.rb文件
访问https://192.168.209.133/organizations/it
左侧点击生成knife config
传到目录中,.chef是隐藏的闭着眼睛打就是了
vi ~/chef-repo/.chef/knife.rb
# See https://docs.getchef.com/config_rb_knife.html for more information on knife configuration options
current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name "pcdog"
client_key "#{current_dir}/pcdog.pem"
chef_server_url "https://localhost/organizations/it"
cookbook_path ["#{current_dir}/../cookbooks"]
运行knife ssl fetch 验证SSL,怎么失败鸟?
knife client list ,端口被拒绝了
workstation怎么连localhost了呢,webui在server啊,一看knife.rb的配置
更新了小刀
knife ssl fetch
把证书从server端复制到workstation
[root@chefserver ca]# scp chefserver.crt root@chefworkstation:/root/chef-repo/.chef/trusted_certs
再次运行ssl 检查,难道是是自签名证书的问题?
尝试连接的是ip,证书的名字是FQDN chefserver这里不匹配,再次更新了下小刀.rb
覆盖掉
再次运行
[root@chefworkstation chef-repo]# knife ssl check
成功连接,到此workstation 安装完成
校验命令
knife ssl fetch
knife ssl check
knife nod list
自动化运维工具安装部署 chef (三) - workstation的安装
原文地址:http://blog.51cto.com/433266/2084541
