Chef-Serverの/etc/chef-server配下のgoodjob.pem kk-openam-validator.pemをChef-Clientの/root/.chef配下に置いておく。
また、Chef Manage(Webブラウザ)で取り出したknife.rbを/root/.chef配下に置いておく。
●Chef Client
クライアントのリストを確認する。
# knife client list
kk-openam-validator
クライアントを作成する。
# export EDITOR=vi
# knife client create test-user1
{
"name": "test-user1",
"public_key": null,
"validator": false,
"admin": false,
"json_class": "Chef::ApiClient",
"chef_type": "client"
}
※:wq で保存。
Created client[test-user1]
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA0U6qfY1zTy0qpnKBKtOaq0UYzrMzLa2azZ8VcUBq6sqGyRUK
...
gCx4hsZ83I4hbzEdyYiokla2ug/jG2T8o3I8qanNQiYXshB7snKD
-----END RSA PRIVATE KEY-----
# vi testuser1.pem
※上記を保存
# yum -y install git
# knife configure client -s https://chef-server.openam.net /etc/chef
Creating client configuration
Writing client.rb
Writing validation.pem
# cp /root/.chef/knife.rb /etc/chef/client.rb
# cp /root/.chef/kk-openam-validator.pem /etc/chef
# cp /root/.chef/goodjob.pem /etc/chef
# knife ssl fetch -c /etc/chef/client.rb
WARNING: Certificates from chef-server.openam.net will be fetched and placed in your trusted_cert
directory (/etc/chef/trusted_certs).
Knife has no means to verify these are the correct certificates. You should
verify the authenticity of these certificates after downloading.
Adding certificate for chef-server.openam.net in /etc/chef/trusted_certs/chef-server_openam_net.crt
●準備
# mkdir -p /root/cookbooks
# cd /root/cookbooks
・openldap
# knife cookbook site download openldap
Downloading openldap from the cookbooks site at version 1.12.10 to /root/cookbooks/openldap-1.12.10.tar.gz
Cookbook saved: /root/cookbooks/openldap-1.12.10.tar.gz
# tar zxf openldap-1.12.10.tar.gz
# rm -f openldap-1.12.10.tar.gz
・openssh
# knife cookbook site download openssh
Downloading openssh from the cookbooks site at version 1.3.4 to /root/cookbooks/openssh-1.3.4.tar.gz
Cookbook saved: /root/cookbooks/openssh-1.3.4.tar.gz
# tar zxf openssh-1.3.4.tar.gz
# rm -f openssh-1.3.4.tar.gz
・nscd
# knife cookbook site download nscd
Downloading nscd from the cookbooks site at version 0.12.0 to /root/cookbooks/nscd-0.12.0.tar.gz
Cookbook saved: /root/cookbooks/nscd-0.12.0.tar.gz
# tar zxf nscd-0.12.0.tar.gz
# rm -f nscd-0.12.0.tar.gz
・openssl
# knife cookbook site download openssl
Downloading openssl from the cookbooks site at version 2.0.0 to /root/cookbooks/openssl-2.0.0.tar.gz
Cookbook saved: /root/cookbooks/openssl-2.0.0.tar.gz
# tar zxf openssl-2.0.0.tar.gz
# rm -f openssl-2.0.0.tar.gz
・iptables
# knife cookbook site download iptables
Downloading iptables from the cookbooks site at version 0.14.0 to /root/cookbooks/iptables-0.14.0.tar.gz
Cookbook saved: /root/cookbooks/iptables-0.14.0.tar.gz
# tar zxf iptables-0.14.0.tar.gz
# rm -f iptables-0.14.0.tar.gz
・chef-sugar
# knife cookbook site download chef-sugar
Downloading chef-sugar from the cookbooks site at version 2.4.1 to /root/cookbooks/chef-sugar-2.4.1.tar.gz
Cookbook saved: /root/cookbooks/chef-sugar-2.4.1.tar.gz
# tar zxf chef-sugar-2.4.1.tar.gz
# rm -f chef-sugar-2.4.1.tar.gz
以下のとおり、cookbookを登録する。
# knife cookbook upload -o . iptables
Uploading iptables [0.14.0]
Uploaded 1 cookbook.
# knife cookbook upload -o . openssh
Uploading openssh [1.3.4]
Uploaded 1 cookbook.
# knife cookbook upload -o . chef-sugar
Uploading chef-sugar [2.4.1]
Uploaded 1 cookbook.
# knife cookbook upload -o . openssl
Uploading openssl [2.0.0]
Uploaded 1 cookbook.
# knife cookbook upload -o . nscd
Uploading nscd [0.12.0]
Uploaded 1 cookbook.
# knife cookbook upload -o . openldap
Uploading openldap [1.12.10]
Uploaded 1 cookbook.
# cd /root
# chef-client -o iptables,openssh,chef-sugar,openssl,nscd,openldap::client
https://tickets.opscode.com/browse/COOK-4085?page=com.googlecode.jira-suite-utilities:transitions-summary-tabpanel
※OpenLDAPはインストール不可(GitにあるOpenLDAPのcookbookは、2014/12時点でCentOSは未サポート)
0 件のコメント:
コメントを投稿