Changes between Version 11 and Version 12 of ChefonDETER

Timestamp:

Jul 15, 2014 1:34:34 PM (10 years ago)

Author:

Geoff Lawler

Comment:

--

ChefonDETER

@@ -7 +7 @@
 The workflow for a running system is recipes, roles, and chef code is written on a workstation and added to a chef repository. The person on the workstation then pushes updates to the chef server. The client then contacts the chef server for updates, gets the updates, and applies them locally. {{{Knife}}}, on a workstation, can also install Chef-client (and other packages) directly on a client. If this is done the flow becomes: 1) workstation pushes update to the server, 2) the workstation installs Chef on a client and gives it an initial role or list of recipes, 3) the newly installed {{{chef-client}}} then contacts the chef server and downloads the recipes and executes them, configuring the client node.
 
-Note: the recipes here use a mysql library to talk directly to the testbed database. On the current DETER testbed though, the database is setup to only allow local access from boss. The TMCD/TMCC library is used to bridge the gap between test nodes and the database on boss. The recipes can be rewritten to use the TMCD interface but this was an exercise in trying to cut out Emulab code, a decision was made to talk directly to the database using standard database APIs. In short, the cookbook (and recipes) here cannot be run on DETER unless the database on boss is reconfigured to allow external access. Instructions are given for that below though. If you want to run the recipes, spin up an Emulab in Emulab experiment or access a local, non-public DETER/Emulab instance and modify the database configuration.  
+Note: the recipes here use a mysql library to talk directly to the testbed database. On the current DETER testbed though, the database is setup to only allow local access from boss. The TMCD/TMCC library is used to bridge the gap between test nodes and the database on boss on DETER. The recipes can be rewritten to use the TMCD interface but this was an exercise in trying to cut out Emulab code, a decision was made to talk directly to the database using standard database APIs. In short, the cookbook (and recipes) here cannot be run on DETER unless the database on boss is reconfigured to allow external access. Instructions are given for that below though. If you want to run the recipes, spin up an Emulab in Emulab experiment or access a local, non-public DETER/Emulab instance and modify the database configuration.  
 
 Swap in an experiment with at least three Ubuntu 12.04 nodes, one {{{server}}}, one {{{workstation}}}, and one {{{client}}}. 
@@ -15 +15 @@
 
 {{{
-> ssh server
-> # if you don't want to hammer NFS, copy deb to /tmp first.
-> sudo dpkg -i /share/chef/chef-server_11.0.12-1.ubuntu.12.04_amd64.deb
-> sudo chef-server-ctl reconfigure
-> sudo chef-server-ctl test
+users$ ssh server
+server$ # if you don't want to hammer NFS, copy deb to /tmp first.
+server$ sudo dpkg -i /share/chef/chef-server_11.0.12-1.ubuntu.12.04_amd64.deb
+server$ sudo chef-server-ctl reconfigure
+server$ sudo chef-server-ctl test
 }}}
 
@@ -28 +28 @@
 Install Chef software:
 {{{
-> ssh workstation
-> sudo dpkg -i /share/chef/chef_11.10.4-1.ubuntu.12.04_amd64.deb
-> chef-client -v                # test - should show version.
+users$ ssh workstation
+workstation$ sudo dpkg -i /share/chef/chef_11.10.4-1.ubuntu.12.04_amd64.deb
+workstation$ chef-client -v                # test - should show version.
 }}}
 
 Install git and the chef-repo:
 {{{
-> sudo apt-get install -y git   # chef uses git.
-> sudo chmod g+w /local
-> cd /local
-> git clone /share/chef/chef-repo
-> cd chef-repo
+workstation$ sudo apt-get install -y git   # chef uses git.
+workstation$ sudo chmod g+w /local
+workstation$ cd /local
+workstation$ git clone /share/chef/chef-repo
+workstation$ cd chef-repo
 }}}
 
 Take a look in {{{/local/chef-repo/cookbooks/deter_node/recipes}}} for the "deter_node" recipes. There is also a simple "deter_node" role in {{{/local/chef-repo/roles/deter_node.rb}}} that has a {{{run_list}}} that tells the node to execute the recipes in the correct order.  
 
-Now configure the workstation user and set up keys. Note that there *is* a web interface for this and that is the standard interface to use for this. Since it assumes you're running the browser locally though, you need to setup an ssh tunnel and a web proxy like Foxy-Proxy to access it. For this script though (and because we prefer it as it's scriptable) we stick to the command line. To do this though, we need to copy private keys. The procedure for using the web API copies public keys from a web page.
-
-{{{
-> mkdir .chef
-> # copy keys!
-> ssh server sudo cat /etc/chef-server/admin.pem > .chef/admin.pem
-> ssh server sudo cat /etc/chef-server/chef-validator.pem  > .chef/chef-validator.pem
-> # use knife to configure the account/workstation
-> knife configure --initial
+Now configure the workstation user and set up keys. Note that there *is* a web interface for this and that is the standard interface to use for this. Since it assumes you're running the browser locally though, you need to setup an ssh tunnel and a web proxy like Foxy-Proxy to access it. For this script though (and because we prefer it as it's scriptable) we stick to the command line. To do this, we need to copy private keys. (The procedure for using the web API copies public keys from a web page so is the preferred method.)
+
+{{{
+workstation$ cd /local/chef-repo
+workstation$ mkdir .chef
+workstation$ # copy keys!
+workstation$ ssh server sudo cat /etc/chef-server/admin.pem > .chef/admin.pem
+workstation$ ssh server sudo cat /etc/chef-server/chef-validator.pem  > .chef/chef-validator.pem
+workstation$ # use knife to configure the account/workstation
+workstation$ knife configure --initial
 }}}
 
 Answer the questions, substituting in your uid and server's control-net FQDN. A sample run is shown here:
 {{{
-> knife configure --initial                                           
+workstation$ knife configure --initial                                           
 WARNING: No knife configuration file found                                                                            
 Where should I put the config file? [/users/glawler/.chef/knife.rb] /local/chef-repo/.chef/knife.rb                   
@@ -71 +72 @@
 Created user[glawler]                                                                                                 
 Configuration file written to /local/chef-repo/.chef/knife.rb                                                         
-> # Validate server connection and user.
-> knife user list
+workstation$ # Validate server connection and user.
+workstation$ knife user list
 admin
 glawler
->
+workstation$ 
 }}}
 
@@ -82 +83 @@
 Push the local roles and recipes to the chef server.
 {{{
-> cd /local/chef-repo
-> knife cookbook upload hostsfile deter_node 
+workstation$ cd /local/chef-repo
+workstation$ knife cookbook upload hostsfile deter_node 
 Uploading hostsfile    [2.4.4]                                                               
 Uploading deter_node   [0.1.1]                                                               
 Uploaded 2 cookbooks.                                                                        
-> knife role from file roles/deter_node.rb
+workstation$ knife role from file roles/deter_node.rb
 Updated Role deter_node!
-> # Confirm things are OK.
-> knife cookbook list
+workstation$ # Confirm things are OK.
+workstation$ knife cookbook list
 deter_node   0.1.1
 hostsfile    2.4.4
-> knife role list
+workstation$ knife role list
 deter_node
->
+workstation$ 
 }}}