Changes between Version 12 and Version 13 of ChefonDETER
- Timestamp:
- Jul 15, 2014 3:09:29 PM (10 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
ChefonDETER
v12 v13 15 15 16 16 {{{ 17 users$ ssh server18 server$ # if you don't want to hammer NFS, copy deb to /tmp first.19 server$ sudo dpkg -i /share/chef/chef-server_11.0.12-1.ubuntu.12.04_amd64.deb20 server$ sudo chef-server-ctl reconfigure21 server$ sudo chef-server-ctl test17 [users:~]$ ssh server 18 [server:~]$ # if you don't want to hammer NFS, copy deb to /tmp first. 19 [server:~]$ sudo dpkg -i /share/chef/chef-server_11.0.12-1.ubuntu.12.04_amd64.deb 20 [server:~]$ sudo chef-server-ctl reconfigure 21 [server:~]$ sudo chef-server-ctl test 22 22 }}} 23 23 … … 28 28 Install Chef software: 29 29 {{{ 30 users$ ssh workstation31 workstation$ sudo dpkg -i /share/chef/chef_11.10.4-1.ubuntu.12.04_amd64.deb32 workstation$ chef-client -v # test - should show version.30 [users:~]$ ssh workstation 31 [workstation:~]$ sudo dpkg -i /share/chef/chef_11.10.4-1.ubuntu.12.04_amd64.deb 32 [workstation:~]$ chef-client -v # test - should show version. 33 33 }}} 34 34 35 35 Install git and the chef-repo: 36 36 {{{ 37 workstation$ sudo apt-get install -y git # chef uses git.38 workstation$ sudo chmod g+w /local39 workstation$ cd /local40 workstation$ git clone /share/chef/chef-repo41 workstation$ cd chef-repo37 [workstation:~]$ sudo apt-get install -y git # chef uses git. 38 [workstation:~]$ sudo chmod g+w /local 39 [workstation:/local]$ cd /local 40 [workstation:/local]$ git clone /share/chef/chef-repo 41 [workstation:/local/chef-repo]$ cd chef-repo 42 42 }}} 43 43 … … 47 47 48 48 {{{ 49 workstation$ cd /local/chef-repo 50 workstation$ mkdir .chef 51 workstation$ # copy keys! 52 workstation$ ssh server sudo cat /etc/chef-server/admin.pem > .chef/admin.pem 53 workstation$ ssh server sudo cat /etc/chef-server/chef-validator.pem > .chef/chef-validator.pem 54 workstation$ # use knife to configure the account/workstation 55 workstation$ knife configure --initial 49 [workstation:/local/chef-repo]$ mkdir .chef 50 [workstation:/local/chef-repo]$ # copy keys! 51 [workstation:/local/chef-repo]$ ssh server sudo cat /etc/chef-server/admin.pem > .chef/admin.pem 52 [workstation:/local/chef-repo]$ ssh server sudo cat /etc/chef-server/chef-validator.pem > .chef/chef-validator.pem 53 [workstation:/local/chef-repo]$ # use knife to configure the account/workstation 54 [workstation:/local/chef-repo]$ knife configure --initial 56 55 }}} 57 56 58 57 Answer the questions, substituting in your uid and server's control-net FQDN. A sample run is shown here: 59 58 {{{ 60 workstation$ knife configure --initial59 [workstation:/local/chef-repo]$ knife configure --initial 61 60 WARNING: No knife configuration file found 62 61 Where should I put the config file? [/users/glawler/.chef/knife.rb] /local/chef-repo/.chef/knife.rb … … 72 71 Created user[glawler] 73 72 Configuration file written to /local/chef-repo/.chef/knife.rb 74 workstation$ # Validate server connection and user.75 workstation$ knife user list73 [workstation:/local/chef-repo]$ # Validate server connection and user. 74 [workstation:/local/chef-repo]$ knife user list 76 75 admin 77 76 glawler 78 workstation$77 [workstation:/local/chef-repo]$ 79 78 }}} 80 79 … … 83 82 Push the local roles and recipes to the chef server. 84 83 {{{ 85 workstation$ cd /local/chef-repo 86 workstation$ knife cookbook upload hostsfile deter_node 84 [workstation:/local/chef-repo]$ knife cookbook upload hostsfile deter_node 87 85 Uploading hostsfile [2.4.4] 88 86 Uploading deter_node [0.1.1] 89 87 Uploaded 2 cookbooks. 90 workstation$ knife role from file roles/deter_node.rb88 [workstation:/local/chef-repo]$ knife role from file roles/deter_node.rb 91 89 Updated Role deter_node! 92 workstation$ # Confirm things are OK.93 workstation$ knife cookbook list90 [workstation:/local/chef-repo]$ # Confirm things are OK. 91 [workstation:/local/chef-repo]$ knife cookbook list 94 92 deter_node 0.1.1 95 93 hostsfile 2.4.4 96 workstation$ knife role list94 [workstation:/local/chef-repo]$ knife role list 97 95 deter_node 98 workstation$96 [workstation:/local/chef-repo]$ 99 97 }}} 100 98 101 Push testbed specific information to the chef server. The {{{deter_user}}} recipes look for this information to get testbed-specific instantiation information, like the name of the boss machine or which file systems to mount. Chef calls these collections of data, "data bags". We first create a named data bag, "testbed-defs" then populate it with the testbed-specific information. 99 Push testbed specific information to the chef server. The {{{deter_user}}} recipes look for this information to get testbed-specific instantiation information, like the name of the boss machine or which file systems to mount. Chef calls these collections of data, "data bags". We first create a named data bag, "testbed-defs" then populate it with the testbed-specific information. There is currently only testbed information for Emulab-in-Emulab experiments, but a similar set of data would be created for each testbed instantiation. This data is stored in a git repo and pushed to a chef server. It can be edited via {{{knife}}} or a standard editor and updated in real time if need be. 102 100 103 101 {{{ 104 workstation$ cd /local/chef-repo 105 workstation$ knife data bag create testbed-defs 106 workstation$ # We only have an emulab-in-emulab data bag defined right now. 107 workstation$ knife data bag from file testbed-defs data_bags/testbed-defs/eine.json 108 workstation$ knife data bag show testbed-defs eine 102 [workstation:/local/chef-repo]$ knife data bag create testbed-defs 103 [workstation:/local/chef-repo]$ # We only have an emulab-in-emulab data bag defined right now. 104 [workstation:/local/chef-repo]$ knife data bag from file testbed-defs data_bags/testbed-defs/eine.json 105 [workstation:/local/chef-repo]$ knife data bag show testbed-defs eine 109 106 binary_store_path: binaries 110 107 bossnode: myboss.eine.deter.isi.deterlab.net … … 128 125 userdir: /users 129 126 usernode: myops.eine.deter.isi.deterlab.net 130 workstation$127 [workstation:/local/chef-repo]$ 131 128 }}} 132 129 133 130 If you look at {{{cookbooks/deter_node/libraries/node_info.rb}}} you can see the recipe code that references this information. 134 131 135 We are now going to use {{{knife}}} to bootstrap Chef unto a client machine. The usual Chef assumes internet connectivity and asks you to download a script and pipe it to {{{sudo}}} on the client. We will not be doing that. 132 We are now going to use {{{knife}}} to bootstrap Chef unto a client machine. The usual Chef assumes internet connectivity and asks you to download a script and pipe it to {{{sudo}}} on the client. We will not be doing that. {{{knife}}} understands custom install scripts so we'll give it one that is specific for our Ubuntu 12.04, non-internet connected test node. Take a look at {{{users:/share/chef/ubuntu12.04-deb.erb}}} if you're interested. {{{knife}}} will look in .chef/bootstrap for "distro" specific install files. We create the erb file and pass its name to the knife bootstrap command via the {{{--distro}}} argument. 136 133 137 134 {{{ 138 > cd /local/chef-repo 139 > mkdir .chef/bootstrap 140 > cp /share/chef/ubuntu12.04-deb.erb .chef/bootstrap 135 [workstation:/local/chef-repo]$ mkdir .chef/bootstrap 136 [workstation:/local/chef-repo]$ cp /share/chef/ubuntu12.04-deb.erb .chef/bootstrap 141 137 }}} 142 138 143 The bootstrap usually grabs the p ackagefile from the internet. We give {{{chef}}} a custom bootstrap script that looks for it at {{{users:8523}}}. This means something on {{{users}}} must be listening on port 8523 and understand how to serve files via HTTPS. We use python for this. On {{{users}}}, cd to /share/chef and run {{{python -m SimpleHTTPServer 8523}}}. This starts a simple HTTP server on port 8523. If you want to run on your local server instead edit the file {{{/local/chef-repo/.chef/bootstrap/ubuntu12.04-deb.erb}}}, set the {{{SERVER}}} variable to the control net FQDN/ip address of your server and run the python simple server there.139 The bootstrap usually grabs the platform specific package (deb, yum, gem, etc) file from the internet. We give {{{chef}}} a custom bootstrap script that looks for it at {{{users:8523}}}. This means something on {{{users}}} must be listening on port 8523 and understand how to serve files via HTTPS. We use python for this. On {{{users}}}, cd to /share/chef and run {{{python -m SimpleHTTPServer 8523}}}. This starts a simple HTTP server on port 8523. If you want to run on your local server instead edit the file {{{/local/chef-repo/.chef/bootstrap/ubuntu12.04-deb.erb}}}, set the {{{SERVER}}} variable to the control net FQDN/ip address of your server and run the python simple server there. 144 140 145 141 Now run the bootstrap command to install and configure chef on the client. {{{$NODE}}} is the control net name of the client node, like {{{pc33.isi.deterlab.net}}} and {{{$USER}}} if your sudo-able user name, like {{{glawler}}} or {{{faber}}}. 146 142 147 143 {{{ 148 > knife bootstrap $NODE-x $USER --sudo --distro ubuntu12.04-deb144 [workstation:/local/chef-repo]$ knife bootstrap pc33.isi.deterlab.net -x $USER --sudo --distro ubuntu12.04-deb 149 145 }}} 150 146 … … 188 184 * {{{mounts}}}: look in the appropriate "data bag" for the test bed type the client is running on and mount the file systems found there. See {{{/local/chef-repo/data_bags/testbed-defs/eine.json}}} for a sample emulab-in-emulab testbed-specific configuration. (These testbed specific data bags take the place of the compile time *.DEF files in the testbed source tree.) 189 185 190 === Chef Client(s) ===186 === Chef Client(s) Installation/Configuration === 191 187 192 188 These machines should be different than the server and workstation. There are three ways to install chef on a client. 1) simply use whatever package system exists for the client OS and install the chef software. 2) Use a chef workstation to push platform specific chef software to the client that installs and configures it. 3) Use the chef supplied script that reaches out to the internet and executes arbitrary commands on the machine as root. We will use method 2) to give a flavor of installing chef by force on unsuspecting nodes on DETER (as this is the most flexible and useful installation method in the DETER context).