Changes between Version 5 and Version 6 of ChefonDETER


Ignore:
Timestamp:
Jul 14, 2014 2:39:11 PM (10 years ago)
Author:
Geoff Lawler
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • ChefonDETER

    v5 v6  
    77The workflow for a running system is recipes, roles, and chef code is written on a workstation and added to a chef repository. The person on the workstation then pushes updates to the chef server. The client then contacts the chef server for updates, gets the updates, and applies them locally. {{{Knife}}}, on a workstation, can also install Chef-client (and other packages) directly on a client. If this is done the flow becomes: 1) workstation pushes update to the server, 2) the workstation installs Chef on a client and gives it an initial role or list of recipes, 3) the newly installed {{{chef-client}}} then contacts the chef server and downloads the recipes and executes them, configuring the client node.
    88
    9 Swap in an experiment with at least two Ubuntu 12.04 nodes, one of which will be the Chef server and one will be the client.
     9Swap in an experiment with at least three Ubuntu 12.04 nodes, one {{{server}}}, one {{{workstation}}}, and one {{{client}}}.
    1010
    1111=== Chef Server ===
     
    2424This can be the same machine as the server. First we install the package, then configure it. The configuration involves cloning the {{{chef-repo}}} git repository that has the DETER specific recipes. We also set up a trusted user and the appropriate keys.
    2525
     26Install Chef software:
    2627{{{
    2728> ssh workstation
    28 > sudo dpkg -i /share/chef/chef_11.12.2-1_amd64.deb
     29> sudo dpkg -i /share/chef/chef_11.10.4-1.ubuntu.12.04_amd64.deb
    2930> chef-client -v                # test - should show version.
     31}}}
     32
     33Configure admin user and set up keys. Note there is a web interface for this. Since it assumes you're running the browser locally though, you need to setup an ssh tunnel and a web proxy like Foxy-Proxy to access it. For this script, we just stick to the command line. For this though, we need to copy private keys. The procedure for using the web API copies public keys from a web page.
     34
     35Install git and the chef-repo:
     36{{{
    3037> sudo apt-get install -y git   # chef uses git.
    31 > sudo chmod g+x /local
     38> sudo chmod g+w /local
    3239> cd /local
    3340> git clone /share/chef/chef-repo
     41> cd chef-repo
     42> mkdir .chef
     43> # copy keys!
     44> ssh server sudo cat /etc/chef-server/admin.pem > .chef/admin.pem
     45> ssh server sudo cat /etc/chef-server/chef-validator.pem  > .chef/chef-validator.pem
     46> # use knife to configure the account/workstation
     47> knife configure --initial
    3448}}}
     49
     50Answer the questions, substituting in your uid and server's control-net FQDN. A sample run is shown here:
     51{{{
     52> knife configure --initial                                           
     53WARNING: No knife configuration file found                                                                           
     54Where should I put the config file? [/users/glawler/.chef/knife.rb] /local/chef-repo/.chef/knife.rb                   
     55Please enter the chef server URL: [https://pc40.isi.deterlab.net:443] https://pc46.isi.deterlab.net:443               
     56Please enter a name for the new user: [glawler]                                                                       
     57Please enter the existing admin name: [admin]                                                                         
     58Please enter the location of the existing admin's private key: [/etc/chef-server/admin.pem] /local/chef-repo/.chef/admin.pem                                                                                                               
     59Please enter the validation clientname: [chef-validator]                                                             
     60Please enter the location of the validation key: [/etc/chef-server/chef-validator.pem] /local/chef-repo/.chef/chef-validator.pem                                                                                                           
     61Please enter the path to a chef repository (or leave blank): /local/chef-repo                                         
     62Creating initial API user...                                                                                         
     63Please enter a password for the new user:                                                                             
     64Created user[glawler]                                                                                                 
     65Configuration file written to /local/chef-repo/.chef/knife.rb                                                         
     66> # Validate server connection and user.
     67> knife user list
     68admin
     69glawler
     70>
     71}}}
     72Take a look in {{{/local/chef-repo/cookbooks/deter_node/recipes}}} for the "deter_node" recipes. There is also a simple "deter_node" role in {{{/local/chef-repo/roles/deter_node.rb}}} that has a {{{run_list}}} that tells the node to execute the recipes in the correct order. 
     73
     74In order to talk to the chef server with authority, we set up an {{{admin}}} user and distribute/generate keys.
     75{{{
     76
    3577
    3678=== Chef Client(s) ===
     
    3981
    4082{{{
    41 > ssh client
    42 >
     83> # already installed via knife bootstrap.
    4384}}}
    4485