1. Environment: Four hosts: HD8, HD7, HD6, HD5
On each of these hosts, there is chefadmin account with sudo privilege.
HD8: chefserver
/etc/hosts:
192.168.7.100 HD8 chefserver
192.168.7.101 HD7 chefdk
192.168.7.102 HD6 chefclient1
192.168.7.103 HD5 chefclient2
HD7: chefdk (Work Station)
/etc/hosts:
192.168.7.100 HD8 chefserver
192.168.7.101 HD7 chefdk
192.168.7.102 HD6 chefclient1
192.168.7.103 HD5 chefclient2
HD6: chefclient1
/etc/hosts:
192.168.7.100 HD8 chefserver
192.168.7.101 HD7 chefdk
192.168.7.102 HD6 chefclient1
192.168.7.103 HD5 chefclient2
HD5: chefclient2
/etc/hosts:
192.168.7.100 HD8 chefserver
192.168.7.101 HD7 chefdk
192.168.7.102 HD6 chefclient1
192.168.7.103 HD5 chefclient2
2. On HD8 (chefserver)
Use root account:
# cd /usr/local/src
# rpm -ivh chef-server-core-12.17.33-1.el7.x86_64.rpm
# chef-server-ctl reconfigure
# chef-server-ctl status
# chef-server-ctl user-create chefadmin FirstName LastName jonyue@datajaguar.com chefadminpassword -f /etc/chef/chefadmin.pem
# chef-server-ctl service-list
# chef-server-ctl user-list
# chef-server-ctl org-create datajaguar “DataJaguar, Inc” –association_user chefadmin -f /etc/chef/datajaguar-validator.pem
# firewall-cmd –permanent –zone public –add-service http
# firewall-cmd –permanent –zone public –add-service https
3. On HD7 (chefdk)
# yum install ruby
# yum install git
# cd /usr/local/src
# wget https://packages.chef.io/files/stable/chefdk/1.5.0/el/7/chefdk-1.5.0-1.el7.x86_64.rpm
# rpm -ivh chefdk-1.5.0-1.el7.x86_64.rpm
# chef verify
# useradd chefadmin
# passwd chefadmin
# su – chefadmin
In user chefadmin account:
$ echo ‘eval “$(chef shell-init bash)”‘ >> ~/.bash_profile
$ . ~/.bash_profile
$ cd ~
$ chef generate repo chef-repo
$ cd chef-repo
$ git init
$ git config –global user.name “chefadmin”
$ git config –global user.email “chefadmin@datajaguar.com”
$ mkdir .chef
$ echo ‘.chef’ >> ~/chef-repo/.gitignore
$ cd ~/chef-repo
$ git add .
$ git commit
$ scp -pr root@chefserver:/etc/chef/chefadmin.pem ~/chef-repo/.chef/
$ scp -pr root@chefserver:/etc/chef/datajaguar-validator.pem ~/chef-repo/.chef/
$ vi ~/chef-repo/.chef/knife.rb
current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name “chefadmin”
client_key “#{current_dir}/chefadmin.pem”
validation_client_name “datajaguar-validator”
validation_key “#{current_dir}/datajaguar-validator.pem”
chef_server_url “https://HD8/organizations/datajaguar”
syntax_check_cache_path “#{ENV[‘HOME’]}/.chef/syntaxcache”
cookbook_path [“#{current_dir}/../cookbooks”]
$ knife ssl fetch
$ knife bootstrap chefclient1 -x chefadmin –sudo
(chefadmin is user account on host chefclient1. It must have sudo privilege)
$ knife bootstrap chefclient2 -x chefadmin –sudo
(chefadmin is user account on host chefclient2. It must have sudo privilege)