It worked for the time being. The UI opened from the browser. I did knife bootstrap and was able to run chef-client on the node
https://downloads.chef.io/products/workstation It has a setup tool so it's easy to install
https://qiita.com/kurkuru/items/127fa99ef5b2f0288b81 I forgot, but I installed Docker for Mac It has a setup tool so it's easy to install
docker ps
docker stop containerID
docker images
docker rmi
Dockerfile
Authorized_keys used in COPY will be created later, put the public key chmod 600 authorized_keys Keep
FROM centos:centos7
RUN yum -y update && yum clean all
RUN yum install -y which
RUN yum install -y wget
RUN yum install -y tar
RUN yum install -y vim
RUN yum install -y git
RUN yum install -y iproute
RUN yum -y install openssh-server openssh-clients
#COPY chef_setting.conf /etc/sysctl.d/
#RUN sysctl -p /etc/sysctl.d/chef_setting.conf
RUN mkdir /root/.ssh
COPY authorized_keys /root/.ssh/
#&& touch ~/.ssh/authorized_keys \
#&& chmod 600 ~/.ssh/authorized_keys
#RUN curl https://packages.chef.io/files/current/latest/chef-automate-cli/chef-automate_linux_amd64.zip | gunzip - > chef-automate && chmod +x chef-automate
#&& echo y | ./chef-automate deploy --product automate --product infra-server
#Command to be executed when the container starts
CMD /bin/bash
mac、/etc/hosts
add to
127.0.0.1 centos7chef
build
$ docker build -t centos7chef ./
$ docker build -t centos7chef ./ --no-cache
// workstation
$ docker build -f Dockerfile_wk -t centos7chefworkstation ./
// chef-client(node)
$ docker build -f Dockerfile_node -t centos7chefnode ./
#Delete unnecessary images (REPOSITORY<none>Guy)
docker rmi $(docker images -f dangling=true -q)
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos7chef latest 732b9ef19ac6 5 minutes ago 794MB
centos 7 7e6257c9f8d8 2 months ago 203MB
centos centos7 7e6257c9f8d8 2 months ago 203MB
I failed but there are no containers left
#16 1.578 Bootstrapping Chef Automate
#16 1.578 Fetching Release Manifest
#16 1.654 Installing Habitat
#16 1.654 Installing Habitat 1.6.139/20200824142405
#16 6.354 Installing the Chef Automate deployment-service
#16 87.28 Installing supplementary Habitat packages
#16 87.28 Installing Habitat package automate-cli
#16 91.01 Installing Habitat package rsync
#16 91.20 Installing Habitat package hab-sup
#16 95.62 Installing Habitat package hab-launcher
#16 99.02 Installing Habitat systemd unit
#16 99.05 Creating Habitat user and group
#16 99.10 Starting Habitat with systemd
#16 99.12 Error: setup failed: failed to reload systemd daemon: exit status 1
#16 99.12 DeployError: Unable to install, configure and start the service: exit status 1
------
failed to solve with frontend dockerfile.v0: failed to build LLB: executor failed running [/bin/sh -c curl https://packages.chef.io/files/current/latest/chef-automate-cli/chef-automate_linux_amd64.zip | gunzip - > chef-automate && chmod +x chef-automate && echo y | ./chef-automate deploy --product automate --product infra-server --skip-preflight]: runc did not terminate sucessfully
// chefserver
//UI is NG
docker run --privileged --rm -d -p 2222:22 -p 5000:443 -p 443:443 --hostname=centos7chef --name centos7chefcontainer centos7chef /sbin/init
// chefserver
//UI is OK
docker run --privileged --rm -d -p 2222:22 -p 5000:443 -p 443:443 --hostname=localhost --name centos7chefcontainer centos7chef /sbin/init
//Boot from the saved image(org and user created)
docker run --privileged --rm -d -p 2222:22 -p 5000:443 -p 6000:10161 --hostname=centos7chef --name centos7chefcontainer centos7chef-setuped
// chefworkstation
docker run --privileged --rm -d -p 3333:22 --hostname=centos7chefwk --name centos7chefwkcontainer centos7chefworkstation /sbin/init
// chef-client(node)
docker run --privileged --rm -d -p 4444:22 --hostname=centos7chefnode --name centos7chefnodecontainer centos7chefnode /sbin/init
It didn't start without / sbin / init and --privileged. There seems to be something I don't understand. I shouldn't need it
--- rm docker run --rm option (container automatically deleted when container is closed) --- d Run container in background --–P Port specification (here, change ssh access port) --- Added this option because I want to be able to use the privateged systemctl command --–Name Give the created container a name --/ sbin / init In order to realize automatic start of service at OS startup on Docker container using systemctl in CentOS 7.x, when starting Docker container, set / sbin / init as follows. Must be specified.
~/docker 13:00:38 $ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
75356a7cf03a centos7chef "/sbin/init" 12 seconds ago Up 11 seconds 0.0.0.0:2222->22/tcp, 0.0.0.0:5000->80/tcp centos7chefcontainer
ssh-keygen -t rsa -b 4096
docker exec -it centos7chefcontainer /bin/bash
// workstation
docker exec -it centos7chefwkcontainer /bin/bash
--- it Assign a tty to the process in the container. I don't know what it means --docker exec A command that executes the specified command in the running container. --docker run Command to create and start a container
I didn't use this command because I ended up connecting with ssh
~/.ssh/config(Mac)
It is a mystery that you can connect with HostName 0.0.0.0
Host centos7chef
HostName 0.0.0.0
User root
Port 2222
IdentityFile ~/.ssh/id_rsa
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
ssh centos7chef
// workstation
ssh centos7chefwk
// chef-client(node)
ssh centos7chefnode
https://docs.chef.io/automate/infra_server/#use-knife-with-chef-infra-server
I tried to embed it in the Dockerfile, but I gave up because sysctl could not be done and install failed.
Copy and paste 3 lines
sysctl -w vm.dirty_expire_centisecs=20000
curl https://packages.chef.io/files/current/latest/chef-automate-cli/chef-automate_linux_amd64.zip | gunzip - > chef-automate && chmod +x chef-automate
echo y | ./chef-automate deploy --product automate --product infra-server
Then enter y
I was told that there was no command, so I added ./ Such a log comes out
Deploy Complete
Your credentials have been saved to automate-credentials.toml
Access the web UI at https://centos7chef/
Users of this Automate deployment may elect to share anonymized usage data with
Chef Software, Inc. Chef uses this shared data to improve Automate.
Please visit https://chef.io/privacy-policy for more information about the
information Chef collects, and how that information is used.
Password is in this file
[root@centos7chef ~]# cat automate-credentials.toml
url = "https://centos7chef"
username = "admin"
password = "9bba1587a3c5c3597a7fd933e9f30e00"
https://localhost:5000/
less /hab/svc/automate-ui/config/nginx.conf This may be wrong less /hab/svc/automate-load-balancer/config/nginx.conf
grep centos7chef /hab/svc/automate-ui/config/nginx.conf grep centos7chef /hab/svc/automate-load-balancer/config/nginx.conf
chef-server-ctl user-create chef chef chef [email protected] 'password' --filename chef.pem
chef-server-ctl org-create cheftest 'cheftest' --association_user chef --filename cheftest-validator.pem
chef-server-ctl org-user-add cheftest chef --admin
//I can make a key
[root@centos7chef ~]# ls
anaconda-ks.cfg automate-credentials.toml chef-automate chef.pem cheftest-validator.pem
Since the command worked, the chef server itself is working. I don't know if the UI will work if you set up the network. If this doesn't work, you can't knife
[root@centos7chef ~]# knife user show chef
display_name: chef chef
email: [email protected]
first_name: chef
last_name: chef
middle_name:
username: chef
[root@centos7chef ~]# chef-server-ctl org-list
cheftest
[root@centos7chef ~]# chef-server-ctl org-show cheftest
full_name: cheftest
guid: 900d399584e991235b29d2aa946a8fed
name: cheftest
U goita
docker run --privileged --rm -d -p 2222:22 -p 80:80 --hostname=centos7chef --name centos7chefcontainer centos7chef /sbin/init
I still don't understand.
1 is the font, bold letters, etc. The next number is the color
PS1='\[\e[1;32m\][\t \[\e[1;31m\] \w \[\e[1;32m\]]\\$ \[\e[m\]'
[17:32:19 ~/docker ]$ ssh centos7chef
Warning: Permanently added '[0.0.0.0]:2222' (ECDSA) to the list of known hosts.
[root@centos7chef ~]# sysctl -w vm.dirty_expire_centisecs=20000
vm.dirty_expire_centisecs = 20000
[root@centos7chef ~]# curl https://packages.chef.io/files/current/latest/chef-automate-cli/chef-automate_linux_amd64.zip | gunzip - > chef-automate && chmod +x chef-automate
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 10.7M 100 10.7M 0 0 12.7M 0 --:--:-- --:--:-- --:--:-- 12.7M
[root@centos7chef ~]# ./chef-automate deploy --product automate --product infra-server
To continue, you'll need to accept our terms of service:
Terms of Service
https://www.chef.io/terms-of-service
Master License and Services Agreement
https://www.chef.io/online-master-agreement
I agree to the Terms of Service and the Master License and Services Agreement
(y/n)
y
Beginning pre-flight checks
OK | running as root
OK | volume: has 53.3GB avail (need 5.0GB for installation)
OK | chef-automate CLI is not in /bin
OK | automate not already deployed
OK | initial required ports are available
OK | init system is systemd
OK | found required command "useradd"
OK | user "nobody" exists
OK | MemTotal 6093672 kB (6.1GB) is at least 2000000 kB (2.0GB)
OK | fs.file-max=524288 is at least 64000
OK | vm.max_map_count=262144 is at least 262144
OK | vm.dirty_ratio=20 is between 5 and 30
OK | vm.dirty_background_ratio=10 is between 10 and 60
OK | vm.dirty_expire_centisecs=20000 is between 10000 and 30000
OK | kernel version "4.19" is at least "3.2"
OK | https://licensing.chef.io/status is reachable
OK | https://bldr.habitat.sh is reachable
OK | https://raw.githubusercontent.com is reachable
OK | https://packages.chef.io is reachable
OK | https://github.com is reachable
OK | https://downloads.chef.io is reachable
Bootstrapping Chef Automate
Fetching Release Manifest
Installing Habitat
Installing Habitat 1.6.56/20200618202635
Installing the Chef Automate deployment-service
Installing supplementary Habitat packages
Installing Habitat package automate-cli
Installing Habitat package rsync
Installing Habitat package hab-sup
Installing Habitat package hab-launcher
Installing Habitat systemd unit
Creating Habitat user and group
Starting Habitat with systemd
Bootstrapping deployment-service on localhost
Configuring deployment-service
Starting deployment-service
Waiting for deployment-service to be ready
Initializing connection to deployment-service
Applying Deployment Configuration
Starting deploy
Installing deployment-service
Installing automate-cli
Installing backup-gateway
Installing automate-postgresql
Installing automate-pg-gateway
Installing automate-elasticsearch
Installing automate-es-gateway
Installing automate-ui
Installing pg-sidecar-service
Installing cereal-service
Installing event-service
Installing authz-service
Installing es-sidecar-service
Installing event-feed-service
Installing automate-dex
Installing teams-service
Installing authn-service
Installing secrets-service
Installing applications-service
Installing notifications-service
Installing nodemanager-service
Installing compliance-service
Installing license-control-service
Installing local-user-service
Installing session-service
Installing config-mgmt-service
Installing ingest-service
Installing infra-proxy-service
Installing data-feed-service
Installing event-gateway
Installing automate-gateway
Installing automate-cs-bookshelf
Installing automate-cs-oc-bifrost
Installing automate-cs-oc-erchef
Installing automate-cs-nginx
Installing automate-load-balancer
Configuring deployment-service
Starting backup-gateway
Starting automate-postgresql
Starting automate-pg-gateway
Starting automate-elasticsearch
Starting automate-es-gateway
Starting automate-ui
Starting pg-sidecar-service
Starting cereal-service
Starting event-service
Starting authz-service
Starting es-sidecar-service
Starting event-feed-service
Starting automate-dex
Starting teams-service
Starting authn-service
Starting secrets-service
Starting applications-service
Starting notifications-service
Starting nodemanager-service
Starting compliance-service
Starting license-control-service
Starting local-user-service
Starting session-service
Starting config-mgmt-service
Starting ingest-service
Starting infra-proxy-service
Starting data-feed-service
Starting event-gateway
Starting automate-gateway
Starting automate-cs-bookshelf
Starting automate-cs-oc-bifrost
Starting automate-cs-oc-erchef
Starting automate-cs-nginx
Starting automate-load-balancer
Checking service health
Creating admin user
Deploy Complete
Your credentials have been saved to automate-credentials.toml
Access the web UI at https://centos7chef/
Users of this Automate deployment may elect to share anonymized usage data with
Chef Software, Inc. Chef uses this shared data to improve Automate.
Please visit https://chef.io/privacy-policy for more information about the
information Chef collects, and how that information is used.
[root@centos7chef ~]#
Container name image name
docker commit centos7chefcontainer centos7chef-setuped-test
//Boot from the saved image
docker run --privileged --rm -d -p 2222:22 -p 5000:443 -p 6000:10161 --hostname=centos7chef --name centos7chefcontainer centos7chef-setuped
// knife bootstrap FQDN_or_IP_ADDRESS
knife bootstrap -U root -N centos7chefnode -i /root/.ssh/id_rsa --node-ssl-verify-mode none 172.17.0.4 -y
did it!
Set a password. I was asked for the password, so I set it
ssh centos7chefnode
passwd root
// chef1234
//Is insecure ssl disabled?
[root@centos7chef ~]# curl --insecure https://centos7chef/
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Chef Automate</title>
<base href="/">
<script type="text/javascript">
window.staticAutomateConfig = {};
function parseStaticAutomateConfig(options) {
window.staticAutomateConfig = options;
};
</script>
<script src="/automate.conf.js"></script>
<script type="text/javascript">
!function(){var analytics=window.analytics=window.analytics||[];if(!analytics.initialize)if(analytics.invoked)window.console&&console.error&&console.error("Segment snippet included twice.");else{analytics.invoked=!0;analytics.methods=["trackSubmit","trackClick","trackLink","trackForm","pageview","identify","reset","group","track","ready","alias","debug","page","once","off","on"];analytics.factory=function(t){return function(){var e=Array.prototype.slice.call(arguments);e.unshift(t);analytics.push(e);return analytics}};for(var t=0;t<analytics.methods.length;t++){var e=analytics.methods[t];analytics[e]=analytics.factory(e)}analytics.load=function(t){var e=document.createElement("script");e.type="text/javascript";e.async=!0;e.src=("https:"===document.location.protocol?"https://":"http://")+"cdn.segment.com/analytics.js/v1/"+t+"/analytics.min.js";var n=document.getElementsByTagName("script")[0];n.parentNode.insertBefore(e,n)};analytics.SNIPPET_VERSION="4.0.0";
}}();
</script>
<script>
// This shim is currently necessary for IE11 compatibility for ngx-charts v6.0.2.
// See https://github.com/swimlane/ngx-charts/issues/386
if (typeof SVGElement.prototype.contains === 'undefined') {
SVGElement.prototype.contains = HTMLDivElement.prototype.contains;
}
</script>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="icon" type="image/x-icon" href="favicon.ico">
<link rel="stylesheet" href="styles.46ae88d1054ededacc13.css"></head>
<body>
<app-root></app-root>
<script src="runtime-es2019.25b4fd3cb33ce3bf38cb.js" type="module"></script><script src="runtime-es5.25b4fd3cb33ce3bf38cb.js" nomodule defer></script><script src="polyfills-es5.e06d095faa1450814d39.js" nomodule defer></script><script src="polyfills-es2019.26fe9ed96dfc7e34b888.js" type="module"></script><script src="scripts.cc8a29e31189c7ef0450.js" defer></script><script src="main-es2019.04273c31070ef62fa00f.js" type="module"></script><script src="main-es5.04273c31070ef62fa00f.js" nomodule defer></script></body>
</html>
[root@centos7chef ~]#
I don't know if port forward can work properly
[root@centos7chef ~]# curl --insecure https://localhost:443
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Chef Automate</title>
<base href="/">
<script type="text/javascript">
window.staticAutomateConfig = {};
function parseStaticAutomateConfig(options) {
window.staticAutomateConfig = options;
};
</script>
<script src="/automate.conf.js"></script>
<script type="text/javascript">
!function(){var analytics=window.analytics=window.analytics||[];if(!analytics.initialize)if(analytics.invoked)window.console&&console.error&&console.error("Segment snippet included twice.");else{analytics.invoked=!0;analytics.methods=["trackSubmit","trackClick","trackLink","trackForm","pageview","identify","reset","group","track","ready","alias","debug","page","once","off","on"];analytics.factory=function(t){return function(){var e=Array.prototype.slice.call(arguments);e.unshift(t);analytics.push(e);return analytics}};for(var t=0;t<analytics.methods.length;t++){var e=analytics.methods[t];analytics[e]=analytics.factory(e)}analytics.load=function(t){var e=document.createElement("script");e.type="text/javascript";e.async=!0;e.src=("https:"===document.location.protocol?"https://":"http://")+"cdn.segment.com/analytics.js/v1/"+t+"/analytics.min.js";var n=document.getElementsByTagName("script")[0];n.parentNode.insertBefore(e,n)};analytics.SNIPPET_VERSION="4.0.0";
}}();
</script>
<script>
// This shim is currently necessary for IE11 compatibility for ngx-charts v6.0.2.
// See https://github.com/swimlane/ngx-charts/issues/386
if (typeof SVGElement.prototype.contains === 'undefined') {
SVGElement.prototype.contains = HTMLDivElement.prototype.contains;
}
</script>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="icon" type="image/x-icon" href="favicon.ico">
<link rel="stylesheet" href="styles.46ae88d1054ededacc13.css"></head>
<body>
<app-root></app-root>
<script src="runtime-es2019.25b4fd3cb33ce3bf38cb.js" type="module"></script><script src="runtime-es5.25b4fd3cb33ce3bf38cb.js" nomodule defer></script><script src="polyfills-es5.e06d095faa1450814d39.js" nomodule defer></script><script src="polyfills-es2019.26fe9ed96dfc7e34b888.js" type="module"></script><script src="scripts.cc8a29e31189c7ef0450.js" defer></script><script src="main-es2019.04273c31070ef62fa00f.js" type="module"></script><script src="main-es5.04273c31070ef62fa00f.js" nomodule defer></script></body>
</html>
[root@centos7chef ~]# curl --insecure https://localhost:442
curl: (7) Failed to connect to ::1: Cannot assign requested address
[root@centos7chef ~]#
//Boot from the saved image(org and user created)
//IP may shift if not executed one by one
docker run --privileged --rm -d -p 2222:22 -p 5000:443 -p 443:443 --hostname=centos7chef --name centos7chefcontainer centos7chef-setuped
docker run --privileged --rm -d -p 3333:22 --hostname=centos7chefwk --name centos7chefwkcontainer centos7chefworkstation /sbin/init
docker run --privileged --rm -d -p 4444:22 --hostname=centos7chefnode --name centos7chefnodecontainer centos7chefnode /sbin/init
OK if you see the word automate
curl --insecure https://localhost:443
OK if everything is running
chef-automate status
chef-automate restart-services
https://localhost:5000 When you access with https://centos7chef/... become. It worked when I rewrote it below https://localhost:5000/...
5000(host)->443(docker)--redirect-> localhost:443(host) -X-> 443(docker)
less /hab/svc/automate-ui/config/nginx.conf This may be wrong less /hab/svc/automate-load-balancer/config/nginx.conf
grep centos7chef /hab/svc/automate-ui/config/nginx.conf grep centos7chef /hab/svc/automate-load-balancer/config/nginx.conf
ssl_certificate /hab/svc/automate-load-balancer/data/centos7chef.cert;
ssl_certificate_key /hab/svc/automate-load-balancer/data/centos7chef.key;
proxy_ssl_trusted_certificate /hab/svc/automate-load-balancer/config/root_ca.crt; proxy_ssl_certificate /hab/svc/automate-load-balancer/config/service.crt;
ssh-add
ssh centos7chef
ssh centos7chefwk
ssh centos7chefnode
172.17.0.2
172.17.0.3
172.17.0.4
ssh centos7chefnode
passwd root
// chef1234
ssh centos7chefwk
cd chef-repo
knife bootstrap -U root -N centos7chefnode -i /root/.ssh/id_rsa --node-ssl-verify-mode none 172.17.0.4 -y
knife bootstrap -U root -N centos7chefnode -i /root/.ssh/id_rsa --node-ssl-verify-mode none centos7chefnode -y
// ssh-That it has been added, ssh_config seems to be loading
knife bootstrap -U root -N centos7chefnode --node-ssl-verify-mode none centos7chefnode -y -V -p 4444
// chef1234
cd ~/chef-repo/cookbooks
chef generate cookbook test-cookbook
vim test-cookbook/recipes/default.rb
package "nginx" do
action :install
end
service "nginx" do
action [:enable, :start]
end
cookbook upload
knife cookbook upload test-cookbook
knife cookbook list
knife show test-cookbook recipes/default.rb
knife node edit centos7chefnode
{
"name": "centos7chefnode",
"chef_environment": "_default",
"normal": {
"tags": [
]
},
"policy_name": null,
"policy_group": null,
"run_list": [
"recipe[test-cookbook::default]"
]
}
knife node show centos7chefnode
ssh centos7chefnode
chef-client
moved. I can't use the UI, but I was able to build a CHef server
option
[root@3f2738e3c363 /]# chef-automate
A helpful utility to deploy and manage Chef Automate.
Usage:
chef-automate [command]
Available Commands:
airgap
applications Manage applications observability features
backup Chef Automate backup
config Chef Automate configuration
deploy Deploy Chef Automate
external-cert Manage Chef Automate's external certificate
gather-logs Gather system diagnostics and logs
help Help about any command
iam Chef Automate iam commands
infrastructure Chef Automate infrastructure
init-config Initialize default config
internal-ca Manage Chef Automate's internal certificate authority
license Chef Automate license management
maintenance Put Chef Automate into or out of maintenance mode
migrate-from-v1 Migrate from Chef Automate v1
migrate-from-v1-status Watch the status of the migration to Chef Automate 2
preflight-check Perform preflight check
restart-services restart deployment services
service-versions Retrieve the versions of the individual Chef Automate services
start Start Chef Automate
status Retrieve Chef Automate status
stop Stop deployment
system-logs Tail Chef Automate logs
uninstall Uninstall Chef Automate
upgrade upgrade automate to the latest version
version Show CLI version
Flags:
-d, --debug Enable debug output
-h, --help help for chef-automate
--no-check-version Disable version check
--result-json string Write command result as JSON to PATH
[root@3f2738e3c363 /]# chef-automate deploy -h
Deploy a new Chef Automate instance using the supplied configuration.
- <CONFIG_FILE> must be a valid path to a TOML formatted configuration file
Usage:
chef-automate deploy [/path/to/config.toml] [flags]
Flags:
--accept-terms-and-mlsa Agree to the Chef Software Terms of Service and the Master License and Services Agreement
--airgap-bundle string Path to an airgap install bundle
--certificate string The path to a certificate that should be used for external TLS connections (web and API).
--channel string Release channel to deploy all services from
--fqdn string The fully-qualified domain name that Chef Automate can be accessed at. (default: hostname of this machine)
-h, --help help for deploy
--private-key string The path to a private key corresponding to the TLS certificate.
--product strings Product to deploy
--skip-preflight Deploy regardless of pre-flight conditions
--upgrade-strategy string Upgrade strategy to use for this deployment. (default "at-once")
Global Flags:
-d, --debug Enable debug output
--no-check-version Disable version check
--result-json string Write command result as JSON to PATH
Recommended Posts