ADMIN

Recommendations

Info

mAnAgement chef © Alistair Cotton, 123RF.com Configuration management with Chef Chef de Config ever dream of rolling out a complete computer farm with a single mouse click? if you stick to Linux computers and you speak a little Ruby, chef can go a long way toward making that dream come true. By tim Schürmann over and making a mess on the server room floor. Valuable Ingredients Chef is basically a server that stores customized configuration guides for software. Clients connected to the server access the recipes and automatically configure their systems on the basis of the rulesets the recipes contain. To do so, the clients not only modify their configuration files, but – if needed – launch their package managers. If the recipes change, or new ones are added at a later date, the clients affected automatically update to reflect the changes. In an ideal environment, this just leaves it up to the administrator to manage the recipes on the server. Bulk Shopping Before you can enjoy the benefits, the developers behind Chef expect you to put in a modicum of work. For example, recipes are made up of one or multiple standard Ruby scripts. If you need anything beyond the fairly generic recipes available on the web, you need to have a good command of the Ruby scripting language. In other words, your mileage will vary before you deploy a home-grown and hometested solution. The installation is another obstacle – and a fairly complex one, too, because the Chef server depends on several other components, each of which in turn requires even more software packages. The Chef server itself is written in Ruby but relies on the RabbitMQ server and on a Java-based full-text search engine, at the same time storing its data in a CouchDB database. Finally, your choice of operating system is also important. Chef prefers Linux underpinnings, but it will also run on other Unix-flavored operating systems such as Mac OS X, Open Solaris, FreeBSD, and OpenBSD, according to the wiki [1]. The fastest approach today is offered by Debian 5, Ubuntu 8.10 or later, or CentOS 5.x. Setting up the server on any other system can be an adventure. This article mainly relates to Debian and Ubuntu for this reason. If this is the first time you have ever cooked one of Chef’s recipes, it is also a good idea to run your kitchen on a virtual machine. This prevents things boiling A full-fledged Chef installation comprises the systems you want to configure (nodes) and the server that manages and stores the recipes. Chef clients do all the hard work, picking up the recipes from the server via a REST interface and running the scripts. Each client runs on one node but can apply recipes to multiple nodes. [Figure 1] shows you how this works. For simplicity’s sake, the following examples just use the Chef server and a single client. The latter only configures the computer on which it is running. The first thing you need to have in place is Ruby version 1.8.5 through 1.9.2 (with SSL bindings). Add to this, RubyGems, which will want to build various extensions and libraries later on, thus necessitating the existence of make, gcc, g++, and the Ruby developer packages. Additionally, you need the wget tool for various downloads. The following command installs the whole enchilada on Debian and Ubuntu Linux: sudo apt‐get install ruby U ruby1.8‐dev libopenssl‐ruby1.8 U rdoc ri irb build‐essential U wget ssl‐cert 68 Admin 01 www.Admin-mAgAzine.com
Chef Management Server Provides recipes Client Collects recipes and executes scripts Nodes you need to concentrate on the installation, particularly server-side. Who’s the Chef? Figure 1: Overview of the Chef landscape with the server, clients, and nodes. The packages for openSUSE are called ruby, ruby-devel, wget, opensslcerts, make, gcc, and g++. The certificates from ssl-cert will be required later. According to the how-to [1], Chef prefers RubyGems version 1.3.6 or newer, but not 1.3.7. This version contains a bug that kills the following installation mid-way. Because most distributions have an older version of RubyGems, your best bet is to head for the source code archive: cd /tmp wget http://rubyforge.org/frs/U download.php/69365/rubygems‐1.3.6.tgz tar zxf rubygems‐1.3.6.tgz cd rubygems‐1.3.6 sudo ruby setup.rb If the last command installs the Gems executable as /usr/bin/gem1.8 (as is the case with Debian and Ubuntu), a symbolic link will improve things: sudo ln ‐sfv /usr/bin/gem1.8 /usr/bin/gem Now you can issue the following Gems command to install the Chef package: sudo gem install chef When you run a Gem update, keep an eye on the JSON Gem. The version that now comes with RubyGems, 1.4.3, causes an error in Chef. If gem update installs the offending JSON package on your disk, these commands revert to the original version: sudo gem uninstall ‐aIx json sudo gem install ‐v1.4.2 json The steps thus far provide the underpinnings for Chef operations. Now, Chef can automate the process of installing and configuring software, so it only seems logical to let Chef install itself. The developers refer to this process as bootstrapping. Having said this, recipes that install the server in this way only exist for Debian 5, Ubuntu 8.10 or later, and CentOS 5.x. On any other distribution, you need to perform all of the steps manually as described in the [Manual Server Installation] boxout. Life is a little easier with one of the operating systems officially supported by Chef. To begin, make sure the computers involved have Fully Qualified Domain Names (FQDNs), such as chefserver.example.com. If you don’t, you will be bombarded with error messages like Attribute domain is not defined! (ArgumentError) later on. Additionally, the repositories need to provide the runit program in Manual Server Installation If you need to set up the Chef server manually, start by installing the RabbitMQ messaging server [2]. openSUSE users should use the open- SUSE Build Service to install rabbit-mq [3]. Doing so means that YaST automatically adds repositories that you need later on. Once you have RabbitMQ in place, it’s time to start the Chef configuration: sudo rabbitmqctl add_vhost /chef sudo rabbitmqctl add_user chef testing sudo rabbitmqctl set_permissions ‐p /chef chef ".*" ".*" ".*" The next task on the list concerns the CouchDB database from the CouchDB package. If needed, you can start the service manually on openSUSE by typing rccouchdb start. The Chef server also requires Sun Java SDK version 1.6.0. Some distributions keep this package in an external or special repository. On Debian, you need to enable the nonfree package source; on Ubuntu 10.04, you can add the partner repository like this: openSUSE goes for zlib-devel and libxml-devel. Now, finally, you can install the Chef server sudo gem install chef‐server chef‐server‐api chef‐server chef‐solr and add the really practical web front end: sudo gem install chef‐server‐webui After completing this work, create the /etc/chef/server.rb configuration file. [Listing 1] gives you a template. As a minimum, you need to replace the domain name that follows chef_server_url with the output from hostname ‐f and add a password of your choice after web_ui_admin_default_password. All the other defaults you can keep, particularly the paths, which the server automatically creates later, should the need arise. In the next step, the script shown in [Listing 2] creates a pair of SSL certificates, which you will need. The following command line creates the search index: sudo add‐apt‐repository "deb http://archive.canonical.com/ U lucid partner" sudo apt‐get update Now install the JDK. On Debian and Ubuntu, the JDK is hidden away in the sun-java6-jdk package, whereas openSUSE calls it java- 1_6_0-sun-devel. Users on openSUSE will probably want to delete the OpenJDK packages java-1_6_0-openjdk and java-1_6_0-openjdkdevel to be on the safe side. Then, you just need to install the developer packages for zlib and libxml. Debian and Ubuntu call them zlib1g-dev and libxml2-dev; sudo chef‐solr‐indexer Another command launches the Chef SOLR Server sudo chef‐solr and the Chef server itself, sudo chef‐server ‐N ‐e production including the graphical web interface: sudo chef‐server‐webui ‐p 4040 ‐e production www.admin-magazine.com Admin 01 69
Page 1 and 2:
ADMIN Network & Security Rescue CD
Page 3 and 4:
Welcome to Admin WELCOME ALL FOR AD
Page 5 and 6:
Table of Contents SERVICE 8 Spacewa
Page 7 and 8:
POWERHOUSE PERL 11 cool projects! F
Page 9 and 10:
Spacewalk Features configuration fi
Page 11 and 12:
Spacewalk Features Figure 2: Assign
Page 13 and 14:
Spacewalk Features kickstart profil
Page 15 and 16:
Icinga Features Table 1: States Opt
Page 17 and 18: Icinga Features ministrators only n
Page 19 and 20: Icinga Features Figure 6: Network o
Page 21 and 22: MySQL Forks and Patches Features th
Page 23 and 24: MySQL Forks and Patches Features In
Page 25 and 26: Exchange 2010 Features © peapop, F
Page 27 and 28: they can now synchronize text messa
Page 29 and 30: Backup Software Features data. One
Page 31 and 32: Backup Software Features tended), l
Page 33 and 34: Backup Software Features Two “wiz
Page 35 and 36: Backup & Disaster Recovery Georgeto
Page 37 and 38: OCFS2 Tools ing. OCFS2 is fairly si
Page 39 and 40: OCFS2 Tools F Figure 2: Unspectacul
Page 41 and 42: To do this, you need to change the
Page 43 and 44: Synergy Tools Figure 1: Synergy as
Page 45 and 46: SystemTap Tools The SystemTap [3] t
Page 47 and 48: SystemTap Tools Instead of searchin
Page 49 and 50: Package Your Scripts Virtualization
Page 51 and 52: Linux Magazine ACADEMY curl U http:
Page 53 and 54: openVz VirtuAlizAtion live migratio
Page 55 and 56: OpenVZ Virtualization a number of c
Page 57 and 58: OpenVZ Virtualization OpenVZ kernel
Page 59 and 60: AND SAVE 30%! ADMIN Network & Secur
Page 61 and 62: Virtual Machine Manager Virtualizat
Page 63 and 64: Virtual Machine Manager Virtualizat
Page 65 and 66: Teamviewer Management and be contro
Page 67: NOV. 7-12 2010 24th Large Installat
Page 71 and 72: Chef Management ‐r http://s3.amaz
Page 73 and 74: Chef Management Figure 5: The clien
Page 75 and 76: Sysinternals Management AdInsight a
Page 77 and 78: Sysinternals Management Name Table
Page 79 and 80: PAM and Hardware Nuts and Bolts Fig
Page 81 and 82: November 13-19, 2010 • Ernest N.
Page 83 and 84: PAM and Hardware Nuts and Bolts to
Page 85 and 86: ON NEWSSTANDS NOW ! UBUNTU USER MAG
Page 87 and 88: modSecurity nutS And boltS complex
Page 89 and 90: ModSecurity Nuts and bolts Insider
Page 91 and 92: REAL SOLUTIONS FOR REAL NETWORKS Ea
Page 93 and 94: Daemon Monitoring Nuts and Bolts Fi
Page 95 and 96: VPns with SSTP nuTS And BoLTS Hands
Page 97 and 98: VPNs with SSTP Nuts and Bolts Figur
Page 100: DEDICATED SERVERS £59 FROM PER MON
show all

ADMIN

Create successful ePaper yourself

Delete template?

Save as template?