Chef 実践入門(0) 準備
Chef実践入門 ~コードによるインフラ構成の自動化 (WEB+DB PRESS plus)
- 作者: 吉羽龍太郎,安藤祐介,伊藤直也,菅井祐太朗,並河祐貴
- 出版社/メーカー: 技術評論社
- 発売日: 2014/05/22
- メディア: 単行本(ソフトカバー)
- この商品を含むブログ (7件) を見る
写経。重い腰をあげていく。
仮想サーバを準備する
$ brew cask install vagrant virtualbox
$ vagrant -v
Vagrant 1.6.3
$ vagrant box add opscode-centos-6.5 http://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_centos-6.5_chef-provisionerless.box
==> box: Adding box 'opscode-centos-6.5' (v0) for provider:
box: Downloading: http://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_centos-6.5_chef-provisionerless.box
==> box: Successfully added box 'opscode-centos-6.5' (v0) for 'virtualbox'!
$ vagrant init opscode-centos-6.5
A `Vagrantfile` has been placed in this directory. You are now
ready to `vagrant up` your first virtual environment! Please read
the comments in the Vagrantfile as well as documentation on
`vagrantup.com` for more information on using Vagrant.
$ vagrant up
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'opscode-centos-6.5'...
==> default: Matching MAC address for NAT networking...
==> default: Setting the name of the VM: chef-practice_default_1408109406692_62816
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
default: Adapter 1: nat
==> default: Forwarding ports...
default: 22 => 2222 (adapter 1)
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
default: SSH address: 127.0.0.1:2222
default: SSH username: vagrant
default: SSH auth method: private key
default: Warning: Connection timeout. Retrying...
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
==> default: Mounting shared folders...
default: /vagrant => /Users/koshigoe/Projects/chef-practice
$ vagrant ssh
[vagrant@localhost ~]$ exit
$ vagrant ssh-config --host webdb
Host webdb
HostName 127.0.0.1
User vagrant
Port 2222
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
PasswordAuthentication no
IdentityFile /Users/koshigoe/.vagrant.d/insecure_private_key
IdentitiesOnly yes
LogLevel FATAL
$ vagrant ssh-config --host webdb >> ~/.ssh/config
$ cp Vagrantfile Vagrantfile.orig
$ vi Vagrantfile
$ diff -u Vagrantfile.orig Vagrantfile
--- Vagrantfile.orig 2014-08-15 22:34:31.000000000 +0900
+++ Vagrantfile 2014-08-15 22:35:00.000000000 +0900
@@ -24,7 +24,7 @@
# Create a private network, which allows host-only access to the machine
# using a specific IP.
- # config.vm.network "private_network", ip: "192.168.33.10"
+ config.vm.network "private_network", ip: "192.168.33.10"
# Create a public network, which generally matched to bridged network.
# Bridged networks make the machine appear as another physical device on
$ vagrant halt
==> default: Attempting graceful shutdown of VM...
$ vagrant up
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Clearing any previously set forwarded ports...
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
default: Adapter 1: nat
default: Adapter 2: hostonly
==> default: Forwarding ports...
default: 22 => 2222 (adapter 1)
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
default: SSH address: 127.0.0.1:2222
default: SSH username: vagrant
default: SSH auth method: private key
default: Warning: Connection timeout. Retrying...
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
==> default: Configuring and enabling network interfaces...
==> default: Mounting shared folders...
default: /vagrant => /Users/koshigoe/Projects/chef-practice
==> default: Machine already provisioned. Run `vagrant provision` or use the `--provision`
==> default: to force provisioning. Provisioners marked to run always will still run.
Chef Solo を仮想サーバにインストール
$ vagrant ssh
[vagrant@localhost ~]$ curl -L https://www.opscode.com/chef/install.sh | sudo bash
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 16519 100 16519 0 0 14703 0 0:00:01 0:00:01 --:--:-- 35832
Downloading Chef for el...
downloading https://www.opscode.com/chef/metadata?v=&prerelease=false&nightlies=false&p=el&pv=6&m=x86_64
to file /tmp/install.sh.2020/metadata.txt
trying wget...
url https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-11.14.2-1.el6.x86_64.rpm
md5 ffeffb67c310e6f76bb5d90ee7e30a3f
sha256 840946bc5f7931346131c0c77f2f5bfd1328245189fc6c8173b01eb040ffb58b
downloaded metadata file looks valid...
downloading https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-11.14.2-1.el6.x86_64.rpm
to file /tmp/install.sh.2020/chef-11.14.2-1.el6.x86_64.rpm
trying wget...
Comparing checksum with sha256sum...
Installing Chef
installing with rpm...
警告: /tmp/install.sh.2020/chef-11.14.2-1.el6.x86_64.rpm: ヘッダ V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
準備中... ########################################### [100%]
1:chef ########################################### [100%]
Thank you for installing Chef!
[vagrant@localhost ~]$ chef-solo -v
Chef: 11.14.2
Chef を動かす
[vagrant@localhost ~]$ sudo knife cookbook create hello -o /var/chef/cookbooks
WARNING: No knife configuration file found
** Creating cookbook hello
** Creating README for cookbook: hello
** Creating CHANGELOG for cookbook: hello
** Creating metadata for cookbook: hello
[vagrant@localhost ~]$ find /var/chef/cookbooks
/var/chef/cookbooks
/var/chef/cookbooks/hello
/var/chef/cookbooks/hello/resources
/var/chef/cookbooks/hello/README.md
/var/chef/cookbooks/hello/libraries
/var/chef/cookbooks/hello/metadata.rb
/var/chef/cookbooks/hello/CHANGELOG.md
/var/chef/cookbooks/hello/attributes
/var/chef/cookbooks/hello/definitions
/var/chef/cookbooks/hello/recipes
/var/chef/cookbooks/hello/recipes/default.rb
/var/chef/cookbooks/hello/files
/var/chef/cookbooks/hello/files/default
/var/chef/cookbooks/hello/templates
/var/chef/cookbooks/hello/templates/default
/var/chef/cookbooks/hello/providers
[vagrant@localhost ~]$ sudo cp /var/chef/cookbooks/hello/recipes/default.rb /var/chef/cookbooks/hello/recipes/default.rb.orig
[vagrant@localhost ~]$ sudo vi /var/chef/cookbooks/hello/recipes/default.rb
[vagrant@localhost ~]$ diff -u /var/chef/cookbooks/hello/recipes/default.rb.orig /var/chef/cookbooks/hello/recipes/default.rb
--- /var/chef/cookbooks/hello/recipes/default.rb.orig 2014-08-15 15:28:59.695189333 +0000
+++ /var/chef/cookbooks/hello/recipes/default.rb 2014-08-15 15:29:23.310191245 +0000
@@ -6,3 +6,4 @@
#
# All rights reserved - Do Not Redistribute
#
+log 'Hello, World!'
[vagrant@localhost ~]$ sudo chef-solo -o hello
[2014-08-15T15:30:13+00:00] WARN: *****************************************
[2014-08-15T15:30:13+00:00] WARN: Did not find config file: /etc/chef/solo.rb, using command line options.
[2014-08-15T15:30:13+00:00] WARN: *****************************************
[2014-08-15T15:30:13+00:00] WARN:
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
SSL validation of HTTPS requests is disabled. HTTPS connections are still
encrypted, but chef is not able to detect forged replies or man in the middle
attacks.
To fix this issue add an entry like this to your configuration file:
```
# Verify all HTTPS connections (recommended)
ssl_verify_mode :verify_peer
# OR, Verify only connections to chef-server
verify_api_cert true
```
To check your SSL configuration, or troubleshoot errors, you can use the
`knife ssl check` command like so:
```
knife ssl check -c /etc/chef/solo.rb
```
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Starting Chef Client, version 11.14.2
[2014-08-15T15:30:14+00:00] WARN: Run List override has been provided.
[2014-08-15T15:30:14+00:00] WARN: Original Run List: []
[2014-08-15T15:30:14+00:00] WARN: Overridden Run List: [recipe[hello]]
Compiling Cookbooks...
Converging 1 resources
Recipe: hello::default
* log[Hello, World!] action write
Running handlers:
Running handlers complete
Chef Client finished, 1/1 resources updated in 1.647607218 seconds
/etc/chef/solo.rb
[vagrant@localhost ~]$ sudo mkdir /etc/chef
[vagrant@localhost ~]$ sudo vi /etc/chef/solo.rb
[vagrant@localhost ~]$ cat /etc/chef/solo.rb
# Verify all HTTPS connections (recommended)
ssl_verify_mode :verify_peer
パッケージインストール
[vagrant@localhost ~]$ sudo knife cookbook create dstat -o /var/chef/cookbooks/
WARNING: No knife configuration file found
** Creating cookbook dstat
** Creating README for cookbook: dstat
** Creating CHANGELOG for cookbook: dstat
** Creating metadata for cookbook: dstat
cat <<\EOF | sudo tee -a /var/chef/cookbooks/dstat/recipes/default.rb
package 'dstat' do
action :install
end
EOF
package 'dstat' do
action :install
end
[vagrant@localhost ~]$ sudo chef-solo -o hello,dstat
Starting Chef Client, version 11.14.2
[2014-08-15T15:37:10+00:00] WARN: Run List override has been provided.
[2014-08-15T15:37:10+00:00] WARN: Original Run List: []
[2014-08-15T15:37:10+00:00] WARN: Overridden Run List: [recipe[hello], recipe[dstat]]
Compiling Cookbooks...
Converging 2 resources
Recipe: hello::default
* log[Hello, World!] action write
Recipe: dstat::default
* package[dstat] action install
- install version 0.7.0-1.el6 of package dstat
Running handlers:
Running handlers complete
Chef Client finished, 2/2 resources updated in 11.672054207 seconds
knife-solo で chef-solo をリモート実行
$ cat <<\EOF > Gemfile
source 'https://rubygems.org'
gem 'knife-solo'
gem 'berkshelf'
EOF
$ bundle
$ knife solo init .
WARNING: No knife configuration file found
Creating kitchen...
Creating knife.rb in kitchen...
Creating cupboards...
Setting up Berkshelf...
knife-solo で chef-solo を仮想サーバにインストール
$ knife solo bootstrap webdb
クックブックを作成
$ knife cookbook create dstat -o site-cookbooks
$ cat <<\EOF >> site-cookbooks/dstat/recipes/default.rb
package 'dstat' do
action :install
end
EOF
Node オブジェクト
diff --git a/nodes/webdb.json b/nodes/webdb.json
index cfc3fb0..562f116 100644
--- a/nodes/webdb.json
+++ b/nodes/webdb.json
@@ -1,8 +1,8 @@
{
"run_list": [
-
+ "recipe[dstat]"
],
"automatic": {
"ipaddress": "webdb"
}
-}
\ No newline at end of file
+}
knife-solo で chef-solo を実行
$ knife solo cook webdb
....
Starting Chef Client, version 11.14.2
Compiling Cookbooks...
Converging 1 resources
Recipe: dstat::default
* package[dstat] action install (up to date)
Running handlers:
Running handlers complete
Chef Client finished, 0/1 resources updated in 2.992491012 seconds
Apache, MySQL のセットアップ
$ knife cookbook create apache -o site-cookbooks
$ knife cookbook create mysql -o site-cookbooks
$ vi nodes/webdb.json
Apache のレシピ
$ cat <<\EOF >> site-cookbooks/apache/recipes/default.rb
package 'httpd' do
action :install
end
service 'httpd' do
action [:enable, :start]
end
EOF
MySQL のレシピ
$ cat <<\EOF >> site-cookbooks/mysql/recipes/default.rb
package 'mysql-server' do
action :install
end
service 'mysqld' do
action [:enable, :start]
end
EOF
chef-solo 実行
$ knife solo cook webdb
テンプレート
元となる設定ファイルを仮想サーバからコピー。
[vagrant@localhost ~]$ cp /etc/httpd/conf/httpd.conf /vagrant/site-cookbooks/apache/templates/default/httpd.conf.erb
レシピに追記。
$ cat <<\EOF >> site-cookbooks/apache/recipes/default.rb
template 'httpd.conf' do
path '/etc/httpd/conf/httpd.conf'
owner 'root'
group 'root'
mode 0644
notifies :reload, 'service[httpd]'
end
EOF
仮想サーバを作り直して chef-solo 実行
$ vagrant destroy -f
$ vagrant up
$ knife solo bootstrap webdb