こしごぇ(B)

旧:http://d.hatena.ne.jp/koshigoeb/

Chef 実践入門(0) 準備

Chef実践入門 ~コードによるインフラ構成の自動化 (WEB+DB PRESS plus)

Chef実践入門 ~コードによるインフラ構成の自動化 (WEB+DB PRESS plus)

写経。重い腰をあげていく。

仮想サーバを準備する

$ brew cask install vagrant virtualbox
$ vagrant -v
Vagrant 1.6.3
$ vagrant box add opscode-centos-6.5 http://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_centos-6.5_chef-provisionerless.box
==> box: Adding box 'opscode-centos-6.5' (v0) for provider:
    box: Downloading: http://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_centos-6.5_chef-provisionerless.box
==> box: Successfully added box 'opscode-centos-6.5' (v0) for 'virtualbox'!
$ vagrant init opscode-centos-6.5
A `Vagrantfile` has been placed in this directory. You are now
ready to `vagrant up` your first virtual environment! Please read
the comments in the Vagrantfile as well as documentation on
`vagrantup.com` for more information on using Vagrant.
$ vagrant up
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'opscode-centos-6.5'...
==> default: Matching MAC address for NAT networking...
==> default: Setting the name of the VM: chef-practice_default_1408109406692_62816
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
    default: Adapter 1: nat
==> default: Forwarding ports...
    default: 22 => 2222 (adapter 1)
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
    default: SSH address: 127.0.0.1:2222
    default: SSH username: vagrant
    default: SSH auth method: private key
    default: Warning: Connection timeout. Retrying...
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
==> default: Mounting shared folders...
    default: /vagrant => /Users/koshigoe/Projects/chef-practice
$ vagrant ssh
[vagrant@localhost ~]$ exit
$ vagrant ssh-config --host webdb
Host webdb
  HostName 127.0.0.1
  User vagrant
  Port 2222
  UserKnownHostsFile /dev/null
  StrictHostKeyChecking no
  PasswordAuthentication no
  IdentityFile /Users/koshigoe/.vagrant.d/insecure_private_key
  IdentitiesOnly yes
  LogLevel FATAL

$ vagrant ssh-config --host webdb >> ~/.ssh/config
$ cp Vagrantfile Vagrantfile.orig
$ vi Vagrantfile
$ diff -u Vagrantfile.orig Vagrantfile
--- Vagrantfile.orig    2014-08-15 22:34:31.000000000 +0900
+++ Vagrantfile 2014-08-15 22:35:00.000000000 +0900
@@ -24,7 +24,7 @@

   # Create a private network, which allows host-only access to the machine
   # using a specific IP.
-  # config.vm.network "private_network", ip: "192.168.33.10"
+  config.vm.network "private_network", ip: "192.168.33.10"

   # Create a public network, which generally matched to bridged network.
   # Bridged networks make the machine appear as another physical device on
$ vagrant halt
==> default: Attempting graceful shutdown of VM...
$ vagrant up
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Clearing any previously set forwarded ports...
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
    default: Adapter 1: nat
    default: Adapter 2: hostonly
==> default: Forwarding ports...
    default: 22 => 2222 (adapter 1)
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
    default: SSH address: 127.0.0.1:2222
    default: SSH username: vagrant
    default: SSH auth method: private key
    default: Warning: Connection timeout. Retrying...
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
==> default: Configuring and enabling network interfaces...
==> default: Mounting shared folders...
    default: /vagrant => /Users/koshigoe/Projects/chef-practice
==> default: Machine already provisioned. Run `vagrant provision` or use the `--provision`
==> default: to force provisioning. Provisioners marked to run always will still run.

Chef Solo を仮想サーバにインストール

$ vagrant ssh
[vagrant@localhost ~]$ curl -L https://www.opscode.com/chef/install.sh | sudo bash
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 16519  100 16519    0     0  14703      0  0:00:01  0:00:01 --:--:-- 35832
Downloading Chef  for el...
downloading https://www.opscode.com/chef/metadata?v=&prerelease=false&nightlies=false&p=el&pv=6&m=x86_64
  to file /tmp/install.sh.2020/metadata.txt
trying wget...
url     https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-11.14.2-1.el6.x86_64.rpm
md5     ffeffb67c310e6f76bb5d90ee7e30a3f
sha256  840946bc5f7931346131c0c77f2f5bfd1328245189fc6c8173b01eb040ffb58b
downloaded metadata file looks valid...
downloading https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-11.14.2-1.el6.x86_64.rpm
  to file /tmp/install.sh.2020/chef-11.14.2-1.el6.x86_64.rpm
trying wget...
Comparing checksum with sha256sum...
Installing Chef
installing with rpm...
警告: /tmp/install.sh.2020/chef-11.14.2-1.el6.x86_64.rpm: ヘッダ V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
準備中...                ########################################### [100%]
   1:chef                   ########################################### [100%]
Thank you for installing Chef!
[vagrant@localhost ~]$ chef-solo -v
Chef: 11.14.2

Chef を動かす

[vagrant@localhost ~]$ sudo knife cookbook create hello -o /var/chef/cookbooks
WARNING: No knife configuration file found
** Creating cookbook hello
** Creating README for cookbook: hello
** Creating CHANGELOG for cookbook: hello
** Creating metadata for cookbook: hello
[vagrant@localhost ~]$ find /var/chef/cookbooks
/var/chef/cookbooks
/var/chef/cookbooks/hello
/var/chef/cookbooks/hello/resources
/var/chef/cookbooks/hello/README.md
/var/chef/cookbooks/hello/libraries
/var/chef/cookbooks/hello/metadata.rb
/var/chef/cookbooks/hello/CHANGELOG.md
/var/chef/cookbooks/hello/attributes
/var/chef/cookbooks/hello/definitions
/var/chef/cookbooks/hello/recipes
/var/chef/cookbooks/hello/recipes/default.rb
/var/chef/cookbooks/hello/files
/var/chef/cookbooks/hello/files/default
/var/chef/cookbooks/hello/templates
/var/chef/cookbooks/hello/templates/default
/var/chef/cookbooks/hello/providers
[vagrant@localhost ~]$ sudo cp /var/chef/cookbooks/hello/recipes/default.rb /var/chef/cookbooks/hello/recipes/default.rb.orig
[vagrant@localhost ~]$ sudo vi /var/chef/cookbooks/hello/recipes/default.rb
[vagrant@localhost ~]$ diff -u /var/chef/cookbooks/hello/recipes/default.rb.orig /var/chef/cookbooks/hello/recipes/default.rb
--- /var/chef/cookbooks/hello/recipes/default.rb.orig   2014-08-15 15:28:59.695189333 +0000
+++ /var/chef/cookbooks/hello/recipes/default.rb        2014-08-15 15:29:23.310191245 +0000
@@ -6,3 +6,4 @@
 #
 # All rights reserved - Do Not Redistribute
 #
+log 'Hello, World!'
[vagrant@localhost ~]$ sudo chef-solo -o hello
[2014-08-15T15:30:13+00:00] WARN: *****************************************
[2014-08-15T15:30:13+00:00] WARN: Did not find config file: /etc/chef/solo.rb, using command line options.
[2014-08-15T15:30:13+00:00] WARN: *****************************************
[2014-08-15T15:30:13+00:00] WARN:
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
SSL validation of HTTPS requests is disabled. HTTPS connections are still
encrypted, but chef is not able to detect forged replies or man in the middle
attacks.

To fix this issue add an entry like this to your configuration file:

```
  # Verify all HTTPS connections (recommended)
  ssl_verify_mode :verify_peer

  # OR, Verify only connections to chef-server
  verify_api_cert true
```

To check your SSL configuration, or troubleshoot errors, you can use the
`knife ssl check` command like so:

```
  knife ssl check -c /etc/chef/solo.rb
```

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Starting Chef Client, version 11.14.2
[2014-08-15T15:30:14+00:00] WARN: Run List override has been provided.
[2014-08-15T15:30:14+00:00] WARN: Original Run List: []
[2014-08-15T15:30:14+00:00] WARN: Overridden Run List: [recipe[hello]]
Compiling Cookbooks...
Converging 1 resources
Recipe: hello::default
  * log[Hello, World!] action write


Running handlers:
Running handlers complete
Chef Client finished, 1/1 resources updated in 1.647607218 seconds

/etc/chef/solo.rb

[vagrant@localhost ~]$ sudo mkdir /etc/chef
[vagrant@localhost ~]$ sudo vi /etc/chef/solo.rb
[vagrant@localhost ~]$ cat /etc/chef/solo.rb
# Verify all HTTPS connections (recommended)
ssl_verify_mode :verify_peer

パッケージインストール

[vagrant@localhost ~]$ sudo knife cookbook create dstat -o /var/chef/cookbooks/
WARNING: No knife configuration file found
** Creating cookbook dstat
** Creating README for cookbook: dstat
** Creating CHANGELOG for cookbook: dstat
** Creating metadata for cookbook: dstat
cat <<\EOF | sudo tee -a /var/chef/cookbooks/dstat/recipes/default.rb
package 'dstat' do
  action :install
end
EOF
package 'dstat' do
  action :install
end
[vagrant@localhost ~]$ sudo chef-solo -o hello,dstat
Starting Chef Client, version 11.14.2
[2014-08-15T15:37:10+00:00] WARN: Run List override has been provided.
[2014-08-15T15:37:10+00:00] WARN: Original Run List: []
[2014-08-15T15:37:10+00:00] WARN: Overridden Run List: [recipe[hello], recipe[dstat]]
Compiling Cookbooks...
Converging 2 resources
Recipe: hello::default
  * log[Hello, World!] action write

Recipe: dstat::default
  * package[dstat] action install
    - install version 0.7.0-1.el6 of package dstat

Running handlers:
Running handlers complete
Chef Client finished, 2/2 resources updated in 11.672054207 seconds

knife-solo で chef-solo をリモート実行

$ cat <<\EOF > Gemfile
source 'https://rubygems.org'

gem 'knife-solo'
gem 'berkshelf'
EOF
$ bundle
$ knife solo init .
WARNING: No knife configuration file found
Creating kitchen...
Creating knife.rb in kitchen...
Creating cupboards...
Setting up Berkshelf...

knife-solo で chef-solo を仮想サーバにインストール

$ knife solo bootstrap webdb

クックブックを作成

$ knife cookbook create dstat -o site-cookbooks
$ cat <<\EOF >> site-cookbooks/dstat/recipes/default.rb
package 'dstat' do
  action :install
end
EOF

Node オブジェクト

diff --git a/nodes/webdb.json b/nodes/webdb.json
index cfc3fb0..562f116 100644
--- a/nodes/webdb.json
+++ b/nodes/webdb.json
@@ -1,8 +1,8 @@
 {
   "run_list": [
-
+    "recipe[dstat]"
   ],
   "automatic": {
     "ipaddress": "webdb"
   }
-}
\ No newline at end of file
+}

knife-solo で chef-solo を実行

$ knife solo cook webdb
....
Starting Chef Client, version 11.14.2
Compiling Cookbooks...
Converging 1 resources
Recipe: dstat::default
  * package[dstat] action install (up to date)

Running handlers:
Running handlers complete
Chef Client finished, 0/1 resources updated in 2.992491012 seconds

Apache, MySQL のセットアップ

$ knife cookbook create apache -o site-cookbooks
$ knife cookbook create mysql -o site-cookbooks
$ vi nodes/webdb.json

Apache のレシピ

$ cat <<\EOF >> site-cookbooks/apache/recipes/default.rb
package 'httpd' do
  action :install
end

service 'httpd' do
  action [:enable, :start]
end
EOF

MySQL のレシピ

$ cat <<\EOF >> site-cookbooks/mysql/recipes/default.rb
package 'mysql-server' do
  action :install
end

service 'mysqld' do
  action [:enable, :start]
end
EOF

chef-solo 実行

$ knife solo cook webdb

テンプレート

元となる設定ファイルを仮想サーバからコピー。

[vagrant@localhost ~]$ cp /etc/httpd/conf/httpd.conf /vagrant/site-cookbooks/apache/templates/default/httpd.conf.erb

レシピに追記。

$ cat <<\EOF >> site-cookbooks/apache/recipes/default.rb

template 'httpd.conf' do
  path '/etc/httpd/conf/httpd.conf'
  owner 'root'
  group 'root'
  mode 0644
  notifies :reload, 'service[httpd]'
end
EOF

仮想サーバを作り直して chef-solo 実行

$ vagrant destroy -f
$ vagrant up
$ knife solo bootstrap webdb