Chef検証(2) Chef Workstation セットアップ

Chef Development Kit 導入

inohana@ino-ubuntu:~$ ls -la repo/chef/Packages/
total 380180
drwxrwxrwx 2 root    root         4096 Mar  2 04:48 .
drwxrwxrwx 3 root    root         4096 Mar  1 15:23 ..
-rw-r--r-- 1 inohana inohana 105773606 Mar  2  2017 chefdk_1.2.22-1_amd64.deb
-rw-r--r-- 1 inohana inohana 283514266 Mar  1 20:57 chef-server-core_12.13.0-1_amd64.deb
inohana@ino-ubuntu:~$

inohana@ino-ubuntu:~/repo/chef/Packages$ sudo dkpg -i ./chefdk_1.2.22-1_amd64.deb

Selecting previously unselected package chefdk.
(Reading database ... (Reading database ... 5%(Reading database ... 10%(Reading database ... 15%(Reading database ... 20%(Reading database ... 25%(Reading database ... 30%(Reading database ... 35%(Reading database ... 40%(Reading database ... 45%(Reading database ... 50%(Reading database ... 55%(Reading database ... 60%(Reading database ... 65%(Reading database ... 70%(Reading database ... 75%(Reading database ... 80%(Reading database ... 85%(Reading database ... 90%(Reading database ... 95%(Reading database ... 100%(Reading database ... 122120 files and directories currently installed.)
Preparing to unpack ./chefdk_1.2.22-1_amd64.deb ...
Unpacking chefdk (1.2.22-1) ...
Setting up chefdk (1.2.22-1) ...
Thank you for installing Chef Development Kit!

inohana@ino-ubuntu:~$ sudo chef verify
Running verification for component 'berkshelf'
Running verification for component 'test-kitchen'
Running verification for component 'tk-policyfile-provisioner'
Running verification for component 'chef-client'
Running verification for component 'chef-dk'
Running verification for component 'chef-provisioning'
Running verification for component 'chefspec'
Running verification for component 'generated-cookbooks-pass-chefspec'
Running verification for component 'rubocop'
Running verification for component 'fauxhai'
Running verification for component 'knife-spork'
Running verification for component 'kitchen-vagrant'
Running verification for component 'package installation'
Running verification for component 'openssl'
Running verification for component 'inspec'
Running verification for component 'delivery-cli'
Running verification for component 'git'
Running verification for component 'opscode-pushy-client'
Running verification for component 'chef-sugar'
....................../opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/mixlib-shellout-2.2.7/lib/mixlib/shellout.rb:289:in `invalid!': Expected process to exit with [0], but received '128' (Mixlib::ShellOut::ShellCommandFailed)
---- Begin output of /opt/chefdk/gitbin/git clone https://github.com/chef/chef-provisioning ----
STDOUT:
STDERR: Cloning into 'chef-provisioning'...
fatal: unable to access 'https://github.com/chef/chef-provisioning/': Couldn't resolve host 'github.com'
---- End output of /opt/chefdk/gitbin/git clone https://github.com/chef/chef-provisioning ----
Ran /opt/chefdk/gitbin/git clone https://github.com/chef/chef-provisioning returned 128
        from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/mixlib-shellout-2.2.7/lib/mixlib/shellout.rb:276:in `error!'
        from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/chef-dk-1.2.22/lib/chef-dk/component_test.rb:128:in `block in sh!'
        from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/chef-dk-1.2.22/lib/chef-dk/component_test.rb:128:in `tap'
        from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/chef-dk-1.2.22/lib/chef-dk/component_test.rb:128:in `sh!'
        from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/chef-dk-1.2.22/lib/chef-dk/command/verify.rb:483:in `block (3 levels) in <class:Verify>'
        from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/chef-dk-1.2.22/lib/chef-dk/component_test.rb:165:in `block in tmpdir'
        from /opt/chefdk/embedded/lib/ruby/2.3.0/tmpdir.rb:89:in `mktmpdir'
        from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/chef-dk-1.2.22/lib/chef-dk/component_test.rb:164:in `tmpdir'
        from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/chef-dk-1.2.22/lib/chef-dk/command/verify.rb:481:in `block (2 levels) in <class:Verify>'
        from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/chef-dk-1.2.22/lib/chef-dk/component_test.rb:99:in `instance_eval'
        from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/chef-dk-1.2.22/lib/chef-dk/component_test.rb:99:in `run_smoke_test'
        from /opt/chefdk/embedded/lib/ruby/gems/2.3.0/gems/chef-dk-1.2.22/lib/chef-dk/command/verify.rb:586:in `block (2 levels) in invoke_tests'
inohana@ino-ubuntu:~$

ユーザ設定

inohana@ino-ubuntu:~$ sudo chef generate app chef-repo
Recipe: code_generator::app
  * directory[/home/inohana/chef-repo] action create (up to date)
  * template[/home/inohana/chef-repo/.kitchen.yml] action create (up to date)
  * directory[/home/inohana/chef-repo/test/smoke/default] action create (up to date)
  * template[/home/inohana/chef-repo/test/smoke/default/default_test.rb] action create_if_missing (up to date)
  * template[/home/inohana/chef-repo/README.md] action create (up to date)
  * directory[/home/inohana/chef-repo/cookbooks] action create (up to date)
  * directory[/home/inohana/chef-repo/cookbooks/chef-repo] action create (up to date)
  * template[/home/inohana/chef-repo/cookbooks/chef-repo/metadata.rb] action create (up to date)
  * cookbook_file[/home/inohana/chef-repo/cookbooks/chef-repo/chefignore] action create (up to date)
  * cookbook_file[/home/inohana/chef-repo/cookbooks/chef-repo/Berksfile] action create (up to date)
  * directory[/home/inohana/chef-repo/cookbooks/chef-repo/recipes] action create (up to date)
  * template[/home/inohana/chef-repo/cookbooks/chef-repo/recipes/default.rb] action create (up to date)
  * directory[/home/inohana/chef-repo/cookbooks/chef-repo/spec/unit/recipes] action create (up to date)
  * cookbook_file[/home/inohana/chef-repo/cookbooks/chef-repo/spec/spec_helper.rb] action create_if_missing (up to date)
  * template[/home/inohana/chef-repo/cookbooks/chef-repo/spec/unit/recipes/default_spec.rb] action create_if_missing (up to date)
inohana@ino-ubuntu:~$

# 作成したPemファイルを /chef-repo/.chef にコピーします
# コピー後権限を600に変更

inohana@ino-ubuntu:~/repo$ pwd
/home/inohana/chef-repo

inohana@ino-ubuntu:~/repo$ sudo mkdir -p .chef

inohana@ino-ubuntu:~/repo$ ls -la /etc/opscode/ise
total 16
drwxrwxrwx 2 root root 4096 Mar  2 04:41 .
drwxr-xr-x 4 root root 4096 Mar  2 04:25 ..
-rw-r--r-- 1 root root 1678 Mar  2 04:38 inohana.pem
-rw-r--r-- 1 root root 1678 Mar  2 04:41 ise-validator.pem


inohana@ino-ubuntu:~/repo$ sudo cp /etc/opscode/ise/* .chef/

inohana@ino-ubuntu:~/repo$ ls -l .chef/
total 8
-rw-r--r-- 1 root root 1678 Mar  2 04:53 inohana.pem
-rw-r--r-- 1 root root 1678 Mar  2 04:53 ise-validator.pem
inohana@ino-ubuntu:~/repo$ sudo chmod 600 inohana.pem.chef/*

inohana@ino-ubuntu:~/repo$ sudo chmod 600 .chef/*ls -l .chef/
total 8
-rw------- 1 root root 1678 Mar  2 04:53 inohana.pem
-rw------- 1 root root 1678 Mar  2 04:53 ise-validator.pem

# エラー。knife.rb のファイルを書き換える必要があります。

inohana@ino-ubuntu:~/repo/.chef$ sudo knife ssl fetch
WARNING: Certificates from sjchefs01.cent7.local will be fetched and placed in your trusted_cert
directory (/home/inohana/repo/.chef/trusted_certs).

Knife has no means to verify these are the correct certificates. You should
verify the authenticity of these certificates after downloading.

ERROR: Network Error: getaddrinfo: Name or service not known
Check your knife configuration and network settings

inohana@ino-ubuntu:~/repo$ sudo vi .chef/knife.rb

• 以下をコピペ。

current_dir = File.dirname(__FILE__)
log_level                :info
log_location             STDOUT
node_name                'kentarok' # <- ユーザ名
client_key               "#{current_dir}/kentarok.pem" # <- ユーザの鍵
validation_client_name   'test-validator' # <- 組織の鍵の拡張子抜いた文字列を設定
validation_key           "#{current_dir}/test-validator.pem" # <- 組織の鍵
chef_server_url          'https://sjchefs01.cent7.local/organizations/test' # <- 最後を組織名にする
cache_type               'BasicFile'
cache_options( :path => "#{ENV['HOME']}/.chef/checksums" )
cookbook_path            ["#{current_dir}/../cookbooks"]

• SSL 設定

# Chef Server では自己証明書を使用しています。
# knife.rb で設定した Chef Server の自己証明書を信頼する設定を行います。
# 設定は knife.rb が参照できるように chef-repo 配下でコマンドを実行します。

user01@ino-ubuntu:~/chef-repo$  knife ssl fetch
WARNING: Certificates from ino-ubuntu.iselab.local will be fetched and placed in your trusted_cert
directory (/home/inohana/chef-repo/.chef/trusted_certs).

Knife has no means to verify these are the correct certificates. You should
verify the authenticity of these certificates after downloading.

Adding certificate for ino-ubuntu_iselab_local in /home/inohana/chef-repo/.chef/trusted_certs/ino-ubuntu_iselab_local.crt

inohana@ino-ubuntu:~/repo$ knife client list
ise-validator

inohana@ino-ubuntu:~/repo$ sudo knife user list
inohana

[参考：Chef Server 環境構築手順](https://github.ibm.com/KENTAROK/doc/blob/master/chefserver12.md)

### 追記

- 実は、作業ディレクトリを repo から chef-repo に変更しました。
    - chef generate app chef-repo を実行。

inohana@ino-ubuntu:~$ pwd
/home/inohana

inohana@ino-ubuntu:~$ chef generate app chef-repo
Recipe: code_generator::app

• directory[/home/inohana/chef-repo] action create
  • create new directory /home/inohana/chef-repo
• template[/home/inohana/chef-repo/.kitchen.yml] action create
  • create new file /home/inohana/chef-repo/.kitchen.yml
  • update content in file /home/inohana/chef-repo/.kitchen.yml from none to 545edc
    (diff output suppressed by config)
• directory[/home/inohana/chef-repo/test/smoke/default] action create
  • create new directory /home/inohana/chef-repo/test/smoke/default
• template[/home/inohana/chef-repo/test/smoke/default/default_test.rb] action create_if_missing
  • create new file /home/inohana/chef-repo/test/smoke/default/default_test.rb
  • update content in file /home/inohana/chef-repo/test/smoke/default/default_test.rb from none to 50a264
    (diff output suppressed by config)
• template[/home/inohana/chef-repo/README.md] action create
  • create new file /home/inohana/chef-repo/README.md
  • update content in file /home/inohana/chef-repo/README.md from none to 6401b8
    (diff output suppressed by config)
• directory[/home/inohana/chef-repo/cookbooks] action create
  • create new directory /home/inohana/chef-repo/cookbooks
• directory[/home/inohana/chef-repo/cookbooks/chef-repo] action create
  • create new directory /home/inohana/chef-repo/cookbooks/chef-repo
• template[/home/inohana/chef-repo/cookbooks/chef-repo/metadata.rb] action create
  • create new file /home/inohana/chef-repo/cookbooks/chef-repo/metadata.rb
  • update content in file /home/inohana/chef-repo/cookbooks/chef-repo/metadata.rb from none to 4f365a
    (diff output suppressed by config)
• cookbook_file[/home/inohana/chef-repo/cookbooks/chef-repo/chefignore] action create
  • create new file /home/inohana/chef-repo/cookbooks/chef-repo/chefignore
  • update content in file /home/inohana/chef-repo/cookbooks/chef-repo/chefignore from none to f728e0
    (diff output suppressed by config)
• cookbook_file[/home/inohana/chef-repo/cookbooks/chef-repo/Berksfile] action create
  • create new file /home/inohana/chef-repo/cookbooks/chef-repo/Berksfile
  • update content in file /home/inohana/chef-repo/cookbooks/chef-repo/Berksfile from none to 5ec92e
    (diff output suppressed by config)
• directory[/home/inohana/chef-repo/cookbooks/chef-repo/recipes] action create
  • create new directory /home/inohana/chef-repo/cookbooks/chef-repo/recipes
• template[/home/inohana/chef-repo/cookbooks/chef-repo/recipes/default.rb] action create
  • create new file /home/inohana/chef-repo/cookbooks/chef-repo/recipes/default.rb
  • update content in file /home/inohana/chef-repo/cookbooks/chef-repo/recipes/default.rb from none to ef7644
    (diff output suppressed by config)
• directory[/home/inohana/chef-repo/cookbooks/chef-repo/spec/unit/recipes] action create
  • create new directory /home/inohana/chef-repo/cookbooks/chef-repo/spec/unit/recipes
• cookbook_file[/home/inohana/chef-repo/cookbooks/chef-repo/spec/spec_helper.rb] action create_if_missing
  • create new file /home/inohana/chef-repo/cookbooks/chef-repo/spec/spec_helper.rb
  • update content in file /home/inohana/chef-repo/cookbooks/chef-repo/spec/spec_helper.rb from none to 945e09
    (diff output suppressed by config)
• template[/home/inohana/chef-repo/cookbooks/chef-repo/spec/unit/recipes/default_spec.rb] action create_if_missing
  • create new file /home/inohana/chef-repo/cookbooks/chef-repo/spec/unit/recipes/default_spec.rb
  • update content in file /home/inohana/chef-repo/cookbooks/chef-repo/spec/unit/recipes/default_spec.rb from none to 7dd2b8
    (diff output suppressed by config)

- repo ディレクトリ配下を chef-repo に移動。

inohana@ino-ubuntu:~$ sudo mv repo/.chef chef-repo/
[sudo] password for inohana:
inohana@ino-ubuntu:~$ ls -la chef-repo/
total 28
drwxrwxr-x 5 inohana inohana 4096 Mar 10 04:44 .
drwxrwxrwx 7 root root 4096 Mar 10 04:43 ..
drwxr-xr-x 3 root root 4096 Mar 2 05:01 .chef
drwxrwxr-x 3 inohana inohana 4096 Mar 10 04:43 cookbooks
-rw-rw-r-- 1 inohana inohana 486 Mar 10 04:43 .kitchen.yml
-rw-rw-r-- 1 inohana inohana 57 Mar 10 04:43 README.md
drwxrwxr-x 3 inohana inohana 4096 Mar 10 04:43 test

移動が完了。

inohana@ino-ubuntu:~$ ls -la chef-repo/.chef
total 24
drwxr-xr-x 3 root root 4096 Mar 2 05:01 .
drwxrwxr-x 5 inohana inohana 4096 Mar 10 04:44 ..
-rw------- 1 inohana root 1678 Mar 2 04:53 inohana.pem
-rw------- 1 inohana root 1678 Mar 2 04:53 ise-validator.pem
-rw-r--r-- 1 inohana root 667 Mar 2 05:01 knife.rb
drwxr-xr-x 2 inohana root 4096 Mar 2 05:01 trusted_certs

権限を変更。

inohana@ino-ubuntu:~$ sudo chown inohana chef-repo/.chef
inohana@ino-ubuntu:~$ ls -la chef-repo/.chef
total 24
drwxr-xr-x 3 inohana root 4096 Mar 2 05:01 .
drwxrwxr-x 5 inohana inohana 4096 Mar 10 04:44 ..
-rw------- 1 inohana root 1678 Mar 2 04:53 inohana.pem
-rw------- 1 inohana root 1678 Mar 2 04:53 ise-validator.pem
-rw-r--r-- 1 inohana root 667 Mar 2 05:01 knife.rb
drwxr-xr-x 2 inohana root 4096 Mar 2 05:01 trusted_certs

inohana@ino-ubuntu:~$ ls -la chef-repo
total 28
drwxrwxr-x 5 inohana inohana 4096 Mar 10 04:44 .
drwxrwxrwx 7 root root 4096 Mar 10 04:43 ..
drwxr-xr-x 3 inohana root 4096 Mar 2 05:01 .chef
drwxrwxr-x 3 inohana inohana 4096 Mar 10 04:43 cookbooks
-rw-rw-r-- 1 inohana inohana 486 Mar 10 04:43 .kitchen.yml
-rw-rw-r-- 1 inohana inohana 57 Mar 10 04:43 README.md
drwxrwxr-x 3 inohana inohana 4096 Mar 10 04:43 test