在 Chef Workstation 上创建了一个 cookbook 之后,我们执行以下命令来进行测试:
1 chef-client --local-mode --override-runlist first_cookbook
这将在本机执行 cookbook,现在来将 first_cookbook 分发到节点上。
上传 cookbook Chef Workstation 进行 cookbook 的编写测试之后,需要将其上传到 Chef Server 才能分发到各个节点,执行以下命令将 cookbook 上传:
1 knife cookbook upload first_cookbook
上传之后来查看服务器的 cookbook 列表,列出 cookbook:
可以看到 cookbook 已经成功上传,现在在服务器配置节点的运行。
服务器前台管理 在 Chef Server 安装搭建好之后,默认不提供图形界面的前台管理功能,若要使用前台管理我们的 cookbook 以及节点信息,需要安装 Chef Server 的前台界面。执行安装:
1 chef-server-ctl install chef-manage
重新配置:
1 chef-server-ctl reconfigure
随后配置:
1 chef-manage-ctl reconfigure
管理 Run List 打开前台,默认启用 ssl,所以开放了 Chef Server 的 443 端口。
打开 https://192.168.221.89,可以看到登陆页面,使用管理员登陆。登陆后可以看到节点信息:
然后来编辑节点,配置节点的 Run List:
找到节点配置:
配置 Run List:
将我们的 cookbook 从 Avaliable Recipes 拖到 Current Run List 内。
在 Chef Workstation 中执行命令:
1 knife ssh chef-client.geekrainy.local 'chef-client' -m -x root -P passowrd
可以看到输出:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 [root@chef-dk chef-repo]# knife ssh chef-client.geekrainy.local 'chef-client' -m -x root -P 940911 chef-client.geekrainy.local Starting Chef Client, version 13.6.4 chef-client.geekrainy.local resolving cookbooks for run list: ["first_cookbook"] chef-client.geekrainy.local Synchronizing Cookbooks: chef-client.geekrainy.local - first_cookbook (0.1.0) chef-client.geekrainy.local Installing Cookbook Gems: chef-client.geekrainy.local Compiling Cookbooks... chef-client.geekrainy.local Converging 7 resources chef-client.geekrainy.local Recipe: first_cookbook::default chef-client.geekrainy.local * file[/root/test.txt] action create chef-client.geekrainy.local - create new file /root/test.txt chef-client.geekrainy.local - update content in file /root/test.txt from none to 48a12b chef-client.geekrainy.local --- /root/test.txt 2017-12-27 17:33:34.259758283 +0800 chef-client.geekrainy.local +++ /root/.chef-test20171227-8105-1u3f11.txt 2017-12-27 17:33:34.258758279 +0800 chef-client.geekrainy.local @@ -1 +1,2 @@ chef-client.geekrainy.local +This file was created by Chef! chef-client.geekrainy.local - restore selinux security context chef-client.geekrainy.local * yum_package[pcre-devel] action install chef-client.geekrainy.local - install version 8.32-17.el7 of package pcre-devel chef-client.geekrainy.local * yum_package[openssl] action install (up to date) chef-client.geekrainy.local * yum_package[openssl-devel] action install chef-client.geekrainy.local - install version 1.0.2k-8.el7 of package openssl-devel chef-client.geekrainy.local * cookbook_file[/etc/init.d/nginx] action create chef-client.geekrainy.local - create new file /etc/init.d/nginx chef-client.geekrainy.local - update content in file /etc/init.d/nginx from none to 0bc460 chef-client.geekrainy.local --- /etc/init.d/nginx 2017-12-27 17:35:32.489219470 +0800 chef-client.geekrainy.local +++ /etc/init.d/.chef-nginx20171227-8105-19448uh 2017-12-27 17:35:32.488219466 +0800 chef-client.geekrainy.local @@ -1 +1,56 @@ chef-client.geekrainy.local +#!/bin/bash chef-client.geekrainy.local +#chkconfig: 345 86 16 chef-client.geekrainy.local +start(){ chef-client.geekrainy.local +if [ -f /var/lock/subsys/tengine.lock ];then chef-client.geekrainy.local + echo "Tengine is already running: [ FAILED ]" chef-client.geekrainy.local +else chef-client.geekrainy.local + if /usr/local/nginx/sbin/nginx ;then chef-client.geekrainy.local + echo "Starting tengine: [ OK ]" chef-client.geekrainy.local + touch /var/lock/subsys/tengine.lock chef-client.geekrainy.local + else chef-client.geekrainy.local + echo "Starting tengine: [ FAILED ]" chef-client.geekrainy.local + fi chef-client.geekrainy.local +fi chef-client.geekrainy.local +} chef-client.geekrainy.local +stop(){ chef-client.geekrainy.local +if [ -f /var/lock/subsys/tengine.lock ];then chef-client.geekrainy.local + if /usr/local/nginx/sbin/nginx -s quit ;then chef-client.geekrainy.local + echo "Stopping tengine: [ OK ]" chef-client.geekrainy.local + rm -rf /var/lock/subsys/tengine.lock chef-client.geekrainy.local + else chef-client.geekrainy.local + echo "Stopping tengine: [ FAILED ]" chef-client.geekrainy.local + fi chef-client.geekrainy.local +else chef-client.geekrainy.local + echo "Tengine not runing: [ FAILED ]" chef-client.geekrainy.local +fi chef-client.geekrainy.local +} chef-client.geekrainy.local +reload(){ chef-client.geekrainy.local +if /usr/local/nginx/sbin/nginx -s reload ;then chef-client.geekrainy.local + echo "Reload tengine: [ OK ]" chef-client.geekrainy.local +else chef-client.geekrainy.local + echo "Reload tengine: [ FAILED ]" chef-client.geekrainy.local +fi chef-client.geekrainy.local +} chef-client.geekrainy.local +case $1 in chef-client.geekrainy.local +"start") chef-client.geekrainy.local + start chef-client.geekrainy.local +;; chef-client.geekrainy.local +"stop") chef-client.geekrainy.local + stop chef-client.geekrainy.local +;; chef-client.geekrainy.local +"restart") chef-client.geekrainy.local + stop chef-client.geekrainy.local + sleep 1 chef-client.geekrainy.local + start chef-client.geekrainy.local +;; chef-client.geekrainy.local +"reload") chef-client.geekrainy.local + reload chef-client.geekrainy.local +;; chef-client.geekrainy.local +"status") chef-client.geekrainy.local + s=`pidof -s nginx` chef-client.geekrainy.local + [ "$s" ] && echo "Tengine(nginx) pid $s running!!" || echo "Tengine(nginx) not runging!" chef-client.geekrainy.local +;; chef-client.geekrainy.local +*) chef-client.geekrainy.local +echo "usage: $0 start|stop|restart|reload|status" chef-client.geekrainy.local +esac chef-client.geekrainy.local - change mode from '' to '0755' chef-client.geekrainy.local - change owner from '' to 'root' chef-client.geekrainy.local - change group from '' to 'root' chef-client.geekrainy.local - restore selinux security context chef-client.geekrainy.local * script[install_tengine] action run chef-client.geekrainy.local - execute "bash" "/tmp/chef-script20171227-8105-irvw5g" chef-client.geekrainy.local * service[nginx] action start chef-client.geekrainy.local - start service service[nginx] chef-client.geekrainy.local chef-client.geekrainy.local Running handlers: chef-client.geekrainy.local Running handlers complete chef-client.geekrainy.local Chef Client finished, 6/7 resources updated in 03 minutes 21 seconds
执行完成即可创建成功,在 Chef Client 中执行验证:
看到输出:
1 Tengine(nginx) pid 23776 running!!
证明已经部署成功。
命令行运行 除了在 Chef Server 前台管理外,还可在 Chef Workstation 内使用命令行来管理 Run List。
查看 Node 的状态:
1 2 3 4 5 6 7 8 9 10 11 [root@chef-dk chef-repo]# knife node show chef-client.geekrainy.local Node Name: chef-client.geekrainy.local Environment: _default FQDN: chef-client.geekrainy.local IP: 192.168.221.91 Run List: Roles: Recipes: first_cookbook, first_cookbook::default Platform: centos 7.3.1611 toc: true tags:
这里看到 Run List 为空,接下来将我们的 cookbook 添加到 Run List,我们定义了默认的 Recipes: default,因而添加 cookbook 实际上执行的就是 cookbook 中的 default recipes。
1 2 3 [root@chef-dk chef-repo]# knife node run_list add chef-client.geekrainy.local recipe[first_cookbook] chef-client.geekrainy.local: run_list: recipe[first_cookbook]
再次查看状态:
1 2 3 4 5 6 7 8 9 10 11 [root@chef-dk chef-repo]# knife node show chef-client.geekrainy.local Node Name: chef-client.geekrainy.local Environment: _default FQDN: chef-client.geekrainy.local IP: 192.168.221.91 Run List: recipe[first_cookbook] Roles: Recipes: first_cookbook, first_cookbook::default Platform: centos 7.3.1611 toc: true tags:
就成功添加了一个 Run List。
编辑 node 配置文件 通过编辑 node 配置文件,也可以编辑 Run List。
1 knife node edit chef-client.geekrainy.local
执行后可能报错:
ERROR: You must set your EDITOR environment variable or configure your editor via knife.rb
配置环境变量可以解决:
再次执行后可以编辑 JSON 格式的节点信息:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 { "name": "chef-client.geekrainy.local", "chef_environment": "_default", "normal": { "tags": [ ] }, "policy_name": null, "policy_group": null, "run_list": [ "recipe[first_cookbook]" ] }
关于 Knife 和 Run List 的更多信息可以参考:
扩展 上文介绍了通过 Chef Server 的前台界面和命令行对节点的 Run List 进行管理,并且可以成功执行我们的 “烹饪”操作,但这两种方法都有不便之处。用前台界面管理虽然直观但管理更多节点时效率低,命令行也显得繁琐并且容易进行误操作。在执行 kinfe bootstrap 的过程中,也可以用编辑好的 json 文件进行节点的初始化:
1 knife bootstrap localhost -p 2200 -N ubuntu-12.04 -r 'role[group1]' --ssh-user vagrant --sudo --bootstrap-vault-file sea-power-bootstrap-vault-file.json
上述为官网示例,在 json 中去定义和编辑,是一种较为可靠的定义节点的方式。
到这里,就简单的完成了从构建节点,到创建 cookbook,到测试发布的过程。然而,这里的示例存在很多不足,不具有较强的普适性,扩展和管理都很不便。接下来将配置一个较为完善的 cookbook,来探索一些较为优雅的实践方式。
-EOF-
