系统环境
ubuntu16.04
安装chefDK
下载地址:
https://packages.chef.io/files/stable/chefdk/4.12.0/ubuntu/16.04/chefdk_4.12.0-1_amd64.deb
dpkg -i chefdk_4.12.0-1_amd64.deb
安装完成后,~/.chef已经自动创建了
下面这个文件非必要,也可以改成config.rb,没有这个文件一样可以solo
vim ~/.chef/knife.rb
verify_api_cert true
其实就是为了去掉ssl的warning提示
运行下列命令查看效果
chef-client -z
写一个简单的cookbook
先写一个简单的test.rb
file '/tmp/x.txt' do
content 'hello world'
end
执行下看看:
chef-client -z test.rb
然后我们试着生成一个repo
chef generate repo test-repo
test-repo在当前文件夹下创建,目录结构如下
test-repo/
├── chefignore
├── cookbooks
│ ├── example
│ │ ├── attributes
│ │ │ └── default.rb
│ │ ├── metadata.rb
│ │ ├── README.md
│ │ └── recipes
│ │ └── default.rb
│ └── README.md
├── data_bags
│ ├── example
│ │ └── example_item.json
│ └── README.md
├── LICENSE
├── policyfiles
│ └── README.md
└── README.md
我们在test-repo文件夹下操作,编写converge.sh脚本
#!/bin/bash
chef-client -z -j test.json
添加执行权限
chmod 750 converge.sh
编写test.json
{
"run_list": [ "recipe[common::default]" ]
}
test-repo的cookbook里边已经有了一个名为example的cookbook,我们不使用它,自己新建一个叫common的cookbook
cd cookbooks/
chef generate cookbook common
查看common目录结构
├── common
│ ├── CHANGELOG.md
│ ├── chefignore
│ ├── kitchen.yml
│ ├── LICENSE
│ ├── metadata.rb
│ ├── Policyfile.rb
│ ├── README.md
│ ├── recipes
│ │ └── default.rb
│ ├── spec
│ │ ├── spec_helper.rb
│ │ └── unit
│ │ └── recipes
│ │ └── default_spec.rb
│ └── test
│ └── integration
│ └── default
│ └── default_test.rb
我们编写一下common cookbook文件
vim common/recipes/default.rb
%w{vim ntp build-essential}.each do |pkg|
package pkg do
action :install
end
end
这个recipe就是装三个包
为了演示用法我们再编写一个ssh recipe
vim common/recipes/ssh.rb
package 'openssh-server' do
action :install
end
cookbook_file '/etc/ssh/ssh_config' do
source 'ssh_config'
owner 'root'
group 'root'
mode '0640'
notifies :reload, 'service[ssh]'
end
service 'ssh' do
action [:enable, :start]
supports :status => true, :restart => true
end
ssh的recipe我们指定了文件源,所以要创建files文件夹并添加ssh_config文件并添加一点内容来验证效果
mkdir -p common/files/default
cp /etc/ssh/ssh_config common/files/default/
echo "# hello chef">>common/files/default/ssh_config
然后我们编辑default.rb将ssh include进来
%w{vim ntp build-essential}.each do |pkg|
package pkg do
action :install
end
end
include_recipe 'common::ssh'
我们回到test-repo目录下,执行converge.sh
可以看到/etc/ssh/ssh_config内容已经改变了
实际上我们可以在test.json中添加内容来让机器运行ssh recipe
{
"run_list": [ "recipe[common::default]","recipe[common::ssh]" ]
}
然后我们再写一个deployer的recipe增加印象
vim cookbooks/common/recipes/deployer.rb
group 'deployer' do
gid 15000
action :create
end
user 'deployer' do
comment 'D-Deployer'
home '/home/deployer'
manage_home true
uid 15000
gid 15000
shell '/bin/bash'
action :create
end
directory '/home/deployer/.ssh' do
owner 'deployer'
group 'deployer'
action :create
end
cookbook_file '/home/deployer/.ssh/authorized_keys' do
source 'deployer_key.pub'
owner 'deployer'
group 'deployer'
action :create_if_missing
mode '0600'
end
这个recipe同样要求一搁源文件,随便创建一下
echo "123">cookbooks/common/files/default/deployer_key.pub
这个recipe没有include,所以我们要修改test.json
{
"run_list": [ "recipe[common::default]","recipe[common::ssh]","recipe[common::deployer]" ]
}
运行
converge.sh
大概就是以上这个么多,现在你应该已经入门成为一个合格的厨子了,嗯,对,你现在真的是一名合格的厨子了。
不是我夹带私货,而是作为一名厨子,你还得多读些书,看看我的资源吧!
https://download.csdn.net/download/Jailman/13192862
https://download.csdn.net/download/Jailman/13192872
关于server,solo,zero的区别
https://www.devopsschool.com/blog/difference-between-chef-infra-server-vs-chef-zero-vs-chef-solo/