LDF704 - Gestion de la Configuration des Clients

• LDF704 - Gestion de la Configuration des Clients
  • Contenu du Module
  • Infrastructure
  • LAB #1 - La Commande chef-run
    • 1.1 - Présentation
    • 1.2 - Utiliser chef-run sur un Client Unique
    • 1.3 - Utiliser chef-run avec la Commande sudo
    • 1.4 - Utiliser chef-run avec un Cookbook
  • LAB #2 - Configuration des Noeuds en utilisant des Rôles
    • 2.1 - Présentation
    • 2.2 - Création de Rôles
  • LAB #3 - Configuration des Clients en fonction de l'Environnement
    • 3.1 - Préparation
    • 3.2 - Création des Cookbooks
    • 3.3 - Ajout de Clients au Chef Infra Server
    • 3.4 - Configuration des Environnements
    • 3.5 - Exécution avec Environnements

L'infrastructure utilisée dans ce module est la suivante.

La commande chef-run permet d'exécuter des commandes ad-hoc localement ou sur des clients.

Cette commande :

• ne nécessite pas de Chef Infra Server,
• ne nécessite pas de pré-installation de Chef Client sur le(s) client(s),
• peut aussi exécuter une Recette ou un Cookbook,
• peut configurer de multiples clients dans la même commande.

Commencez par modifier le fichier /etc/hosts de votre VM workstation.ittraining.loc :

root@workstation:~/chef-repo/cookbooks# vi /etc/hosts
root@workstation:~/chef-repo/cookbooks# cat /etc/hosts
127.0.0.1       localhost
127.0.1.1       workstation
10.0.2.110      chefserver.ittraining.loc   chefserver
10.0.2.111      workstation.ittraining.loc  workstation
10.0.2.112      client.ittraining.loc       client
10.0.2.54       web01.i2tch.loc         web01
10.0.2.55       web02.i2tch.loc         web02
10.0.2.56       web03.i2tch.loc         web03

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Utilisez la commande chef-run pour arrêter le service apache2 sur la VM web01.i2tch.loc :

root@workstation:~/chef-repo/cookbooks# chef-run web01 service apache2 action=stop --password fenestros
Creating config file in /root/.chef-workstation/config.toml.

Telemetry has been enabled by default for this beta release
of chef-run. The anonymous data we gather is used to
determine how we can impove your chef-run experience.

To disable it, add the following entry to
/root/.chef-workstation/config.toml:

[telemetry]
enable=false

For more information about what we data gather and additional opt-out
options, visit https://chef.sh/docs/chef-workstation/privacy/
[✔] Packaging cookbook... done!
[✔] Generating local policyfile... exporting... done!
[✔] Applying service[apache2] from resource to target.
└── [✔] [web01] Successfully converged service[apache2].

Connectez-vous à la VM web01.i2tch.loc à partir de votre VM workstation.ittraining.loc :

root@workstation:~/chef-repo/cookbooks# ssh -l trainee web01
The authenticity of host 'web01 (10.0.2.54)' can't be established.
ECDSA key fingerprint is SHA256:sEfHBv9azmK60cjqF/aJgUc9jg56slNaZQdAUcvBOvE.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'web01,10.0.2.54' (ECDSA) to the list of known hosts.
Debian GNU/Linux 9
trainee@web01's password: trainee
Linux web01.i2tch.loc 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Nov  2 13:35:52 2023 from 10.0.2.1

Devenez root :

trainee@web01:~$ su -
Mot de passe : fenestros
root@web01:~# 

Vérifiez le statut du service apache2 :

root@web01:~# systemctl status apache2
● apache2.service - The Apache HTTP Server
   Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Thu 2023-11-02 13:49:44 CET; 42s ago
  Process: 1946 ExecStop=/usr/sbin/apachectl stop (code=exited, status=0/SUCCESS)
  Process: 449 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
 Main PID: 479 (code=exited, status=0/SUCCESS)

nov. 02 13:29:31 web01.i2tch.loc systemd[1]: Starting The Apache HTTP Server...
nov. 02 13:29:32 web01.i2tch.loc systemd[1]: Started The Apache HTTP Server.
nov. 02 13:49:44 web01.i2tch.loc systemd[1]: Stopping The Apache HTTP Server...
nov. 02 13:49:44 web01.i2tch.loc systemd[1]: Stopped The Apache HTTP Server.

Déconnectez-vous de votre VM web01.i2tch.loc :

root@web01:~# exit
déconnexion
trainee@web01:~$ exit
déconnexion
Connection to web01 closed.

La journalisation de l'activité de la commande chef-run est consignée dans le fichier /root/.chef-workstation/logs/default.log. Pour activer la journalisation, il convient d'éditer le fichier /root/.chef-workstation/config.toml :

root@workstation:~/chef-repo/cookbooks# vi /root/.chef-workstation/config.toml 

root@workstation:~/chef-repo/cookbooks# cat /root/.chef-workstation/config.toml 
[log]
level="debug"

Utilisez maintenant la commande chef-run pour démarrer le service apache2 sur la VM web01.i2tch.loc :

root@workstation:~/chef-repo/cookbooks# chef-run web01 service apache2 action=start --password fenestros
[✔] Packaging cookbook... done!
[✔] Generating local policyfile... exporting... done!
[✔] Applying service[apache2] from resource to target.
└── [✔] [web01] Successfully converged service[apache2].

Constatez le bon démarrage du service :

root@workstation:~/chef-repo/cookbooks# ssh -l trainee web01
Debian GNU/Linux 9
trainee@web01's password: trainee
Linux web01.i2tch.loc 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Nov  2 13:50:12 2023 from 10.0.2.111
trainee@web01:~$ su -
Mot de passe : fenestros

root@web01:~# systemctl status apache2
● apache2.service - The Apache HTTP Server
   Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2023-11-02 13:52:27 CET; 1min 29s ago
  Process: 1946 ExecStop=/usr/sbin/apachectl stop (code=exited, status=0/SUCCESS)
  Process: 2134 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
 Main PID: 2138 (apache2)
    Tasks: 55 (limit: 4915)
   CGroup: /system.slice/apache2.service
           ├─2138 /usr/sbin/apache2 -k start
           ├─2139 /usr/sbin/apache2 -k start
           └─2140 /usr/sbin/apache2 -k start

nov. 02 13:52:27 web01.i2tch.loc systemd[1]: Starting The Apache HTTP Server...
nov. 02 13:52:27 web01.i2tch.loc systemd[1]: Started The Apache HTTP Server.

Visualisez ensuite le contenu du fichier /root/.chef-workstation/logs/default.log :

root@workstation:~/chef-repo/cookbooks# more /root/.chef-workstation/logs/default.log
[2023-11-02T14:30:35+01:00] DEBUG: No chefignore file found. No files will be ignored!
[2023-11-02T14:30:35+01:00] DEBUG: No chefignore file found. No files will be ignored!
[2023-11-02T14:30:35+01:00] DEBUG: No chefignore file found. No files will be ignored!
[2023-11-02T14:30:35+01:00] DEBUG: No chefignore file found. No files will be ignored!
oot/.chef-workstation/telemetry/telemetry-payload-1.yml
[2023-11-02T14:30:32+01:00] INFO: Submitting telemetry entry 1/5: {:event=>:run, :properties=>{:installation_id=>"6f4cafea-73a3-4058-8c01-c0212fcaa97f", :run_timestamp=>"2023-11-02T13:29:02Z", :host_platfor
m=>"linux", :event_data=>{:arguments=>[:redacted], :duration=>8.209635892999358}}} 
[2023-11-02T14:30:33+01:00] INFO: Entry 1/5 submitted.
[2023-11-02T14:30:33+01:00] INFO: Submitting telemetry entry 2/5: {:event=>:action, :properties=>{:installation_id=>"6f4cafea-73a3-4058-8c01-c0212fcaa97f", :run_timestamp=>"2023-11-02T13:29:02Z", :host_plat
form=>"linux", :event_data=>{:action=>"ConvergeTarget", :target=>{:platform=>{:name=>:linux, :version=>"9.7", :architecture=>"x86_64"}, :hostname_sha1=>"7f1f968061faac1f2881018c5bbb473f498af24a", :transport
_type=>"ssh"}, :duration=>5.424575929995626}}} 
[2023-11-02T14:30:33+01:00] INFO: Entry 2/5 submitted.
[2023-11-02T14:30:33+01:00] INFO: Submitting telemetry entry 3/5: {:event=>:action, :properties=>{:installation_id=>"6f4cafea-73a3-4058-8c01-c0212fcaa97f", :run_timestamp=>"2023-11-02T13:29:02Z", :host_plat
form=>"linux", :event_data=>{:action=>"InstallChef", :target=>{:platform=>{:name=>:linux, :version=>"9.7", :architecture=>"x86_64"}, :hostname_sha1=>"7f1f968061faac1f2881018c5bbb473f498af24a", :transport_ty
pe=>"ssh"}, :duration=>0.15079596400028095}}} 
[2023-11-02T14:30:33+01:00] DEBUG: [ChefApply::Action::GenerateCookbookFromResource] Action: generating, Action Data: []
[2023-11-02T14:30:33+01:00] DEBUG: Generating cookbook for ad-hoc resource service[apache2]
[2023-11-02T14:30:33+01:00] DEBUG: Generating cookbook for single resource 'service[apache2]'
[2023-11-02T14:30:33+01:00] DEBUG: [ChefApply::Action::GenerateCookbookFromResource] Action: success, Action Data: []
[2023-11-02T14:30:33+01:00] DEBUG: [ChefApply::Action::GenerateLocalPolicy] Action: generating, Action Data: []
[2023-11-02T14:30:33+01:00] INFO: Entry 3/5 submitted.
[2023-11-02T14:30:33+01:00] INFO: Submitting telemetry entry 4/5: {:event=>:action, :properties=>{:installation_id=>"6f4cafea-73a3-4058-8c01-c0212fcaa97f", :run_timestamp=>"2023-11-02T13:29:02Z", :host_plat
form=>"linux", :event_data=>{:action=>"GenerateLocalPolicy", :target=>{:platform=>{}, :hostname_sha1=>nil, :transport_type=>nil}, :duration=>1.7424296090030111}}} 
[2023-11-02T14:30:33+01:00] INFO: Entry 4/5 submitted.
[2023-11-02T14:30:33+01:00] INFO: Submitting telemetry entry 5/5: {:event=>:action, :properties=>{:installation_id=>"6f4cafea-73a3-4058-8c01-c0212fcaa97f", :run_timestamp=>"2023-11-02T13:29:02Z", :host_plat
form=>"linux", :event_data=>{:action=>"GenerateCookbookFromResource", :target=>{:platform=>{}, :hostname_sha1=>nil, :transport_type=>nil}, :duration=>0.0006251430022530258}}} 
[2023-11-02T14:30:33+01:00] INFO: Entry 5/5 submitted.
[2023-11-02T14:30:33+01:00] INFO: Terminating, nothing more to do.
[2023-11-02T14:30:35+01:00] DEBUG: [ChefApply::Action::GenerateLocalPolicy] Action: exporting, Action Data: []
[2023-11-02T14:30:35+01:00] DEBUG: [ChefApply::Action::GenerateLocalPolicy] Action: success, Action Data: []
[2023-11-02T14:30:35+01:00] DEBUG: [SSH] root@web01<{:user_known_hosts_file=>"/dev/null", :port=>22, :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :timeout=>15, :aut
h_methods=>["none", "password", "keyboard-interactive"], :keys_only=>nil, :keys=>nil, :password=>"<hidden>", :forward_agent=>nil, :non_interactive=>true, :verify_host_key=>:never}> (cmd.exe /c ver)
[2023-11-02T14:30:35+01:00] DEBUG: [SSH] opening connection to root@web01<{:user_known_hosts_file=>"/dev/null", :port=>22, :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>
60, :timeout=>15, :auth_methods=>["none", "password", "keyboard-interactive"], :keys_only=>nil, :keys=>nil, :password=>"<hidden>", :forward_agent=>nil, :non_interactive=>true, :verify_host_key=>:never}>
[2023-11-02T14:30:35+01:00] DEBUG: [SSH] root@web01<{:user_known_hosts_file=>"/dev/null", :port=>22, :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :timeout=>15, :aut
h_methods=>["none", "password", "keyboard-interactive"], :keys_only=>nil, :keys=>nil, :password=>"<hidden>", :forward_agent=>nil, :non_interactive=>true, :verify_host_key=>:never}> (Get-WmiObject Win32_Oper
atingSystem | Select Caption,Version | ConvertTo-Json)
[2023-11-02T14:30:35+01:00] DEBUG: [SSH] root@web01<{:user_known_hosts_file=>"/dev/null", :port=>22, :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :timeout=>15, :aut
h_methods=>["none", "password", "keyboard-interactive"], :keys_only=>nil, :keys=>nil, :password=>"<hidden>", :forward_agent=>nil, :non_interactive=>true, :verify_host_key=>:never}> (uname -s)
[2023-11-02T14:30:35+01:00] DEBUG: [SSH] root@web01<{:user_known_hosts_file=>"/dev/null", :port=>22, :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :timeout=>15, :aut
h_methods=>["none", "password", "keyboard-interactive"], :keys_only=>nil, :keys=>nil, :password=>"<hidden>", :forward_agent=>nil, :non_interactive=>true, :verify_host_key=>:never}> (uname -m)
[2023-11-02T14:30:35+01:00] DEBUG: [SSH] root@web01<{:user_known_hosts_file=>"/dev/null", :port=>22, :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :timeout=>15, :aut
h_methods=>["none", "password", "keyboard-interactive"], :keys_only=>nil, :keys=>nil, :password=>"<hidden>", :forward_agent=>nil, :non_interactive=>true, :verify_host_key=>:never}> (test -f /etc/debian_vers
ion && cat /etc/debian_version)
[2023-11-02T14:30:35+01:00] DEBUG: [SSH] root@web01<{:user_known_hosts_file=>"/dev/null", :port=>22, :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :timeout=>15, :aut
h_methods=>["none", "password", "keyboard-interactive"], :keys_only=>nil, :keys=>nil, :password=>"<hidden>", :forward_agent=>nil, :non_interactive=>true, :verify_host_key=>:never}> (test -f /etc/lsb-release
 && cat /etc/lsb-release)
[2023-11-02T14:30:35+01:00] DEBUG: [SSH] root@web01<{:user_known_hosts_file=>"/dev/null", :port=>22, :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :timeout=>15, :aut
h_methods=>["none", "password", "keyboard-interactive"], :keys_only=>nil, :keys=>nil, :password=>"<hidden>", :forward_agent=>nil, :non_interactive=>true, :verify_host_key=>:never}> (test -f /usr/bin/lsb-rel
ease && cat /usr/bin/lsb-release)
[2023-11-02T14:30:36+01:00] DEBUG: [SSH] root@web01<{:user_known_hosts_file=>"/dev/null", :port=>22, :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :timeout=>15, :aut
h_methods=>["none", "password", "keyboard-interactive"], :keys_only=>nil, :keys=>nil, :password=>"<hidden>", :forward_agent=>nil, :non_interactive=>true, :verify_host_key=>:never}> (test -f /etc/os-release 
&& cat /etc/os-release)
[2023-11-02T14:30:36+01:00] DEBUG: [SSH] root@web01<{:user_known_hosts_file=>"/dev/null", :port=>22, :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :timeout=>15, :aut
h_methods=>["none", "password", "keyboard-interactive"], :keys_only=>nil, :keys=>nil, :password=>"<hidden>", :forward_agent=>nil, :non_interactive=>true, :verify_host_key=>:never}> (test -f /usr/bin/raspi-c
--More--(55%)

Visualisez la fin de ce fichier :

root@workstation:~/chef-repo/cookbooks# tail /root/.chef-workstation/logs/default.log
Recipe: cw_service::default
  * service[apache2] action start
    - start service service[apache2]

Running handlers:
  - ChefApply::Reporter
Running handlers complete
Infra Phase complete, 1/1 resources updated in 02 seconds

[2023-11-02T14:30:41+01:00] DEBUG: [ChefApply::Action::ConvergeTarget] Action: success, Action Data: []

La commande chef-run peut être utiliser pour configurer plusieurs clients dans la même line de commande. Utilisez la commande pour arrêter le service apache2 sur les deux clients web02.i2tch.loc et web03.i2tch.loc :

root@workstation:~/chef-repo/cookbooks# chef-run web0[2:3] service apache2 action=stop --sudo --user trainee --password trainee
[✔] Packaging cookbook... done!
[✔] Generating local policyfile... exporting... done!
[✔] Applying service[apache2] from resource to targets.
├── [✔] [web02] Successfully converged service[apache2].
└── [✔] [web03] Successfully converged service[apache2].

Vérifiez ensuite le statut du service apache2 sur les deux clients web02.i2tch.loc et web03.i2tch.loc :

root@workstation:~/chef-repo/cookbooks# ssh -l trainee web02
The authenticity of host 'web02 (10.0.2.55)' can't be established.
ECDSA key fingerprint is SHA256:sEfHBv9azmK60cjqF/aJgUc9jg56slNaZQdAUcvBOvE.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'web02,10.0.2.55' (ECDSA) to the list of known hosts.
Debian GNU/Linux 9
trainee@web02's password: trainee
Linux web02.i2tch.loc 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Nov  2 13:56:42 2023 from 10.0.2.1

trainee@web02:~$ su -
Mot de passe : fenestros

root@web02:~# systemctl status apache2
● apache2.service - The Apache HTTP Server
   Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Thu 2023-11-02 14:12:37 CET; 57s ago
  Process: 1406 ExecStop=/usr/sbin/apachectl stop (code=exited, status=0/SUCCESS)
  Process: 445 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
 Main PID: 473 (code=exited, status=0/SUCCESS)

nov. 02 13:59:22 web02.i2tch.loc systemd[1]: Starting The Apache HTTP Server...
nov. 02 13:59:22 web02.i2tch.loc systemd[1]: Started The Apache HTTP Server.
nov. 02 14:12:37 web02.i2tch.loc systemd[1]: Stopping The Apache HTTP Server...
nov. 02 14:12:37 web02.i2tch.loc systemd[1]: Stopped The Apache HTTP Server.

root@web02:~# exit
déconnexion

trainee@web02:~$ exit
déconnexion
Connection to web02 closed.

root@workstation:~/chef-repo/cookbooks# ssh -l trainee web03
The authenticity of host 'web03 (10.0.2.56)' can't be established.
ECDSA key fingerprint is SHA256:sEfHBv9azmK60cjqF/aJgUc9jg56slNaZQdAUcvBOvE.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'web03,10.0.2.56' (ECDSA) to the list of known hosts.
Debian GNU/Linux 9
trainee@web03's password: trainee
Linux web03.i2tch.loc 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Nov  2 13:57:50 2023 from 10.0.2.1

trainee@web03:~$ su -
Mot de passe : fenestros

root@web03:~# systemctl status apache2
● apache2.service - The Apache HTTP Server
   Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Thu 2023-11-02 14:12:37 CET; 2min 59s ago
  Process: 1390 ExecStop=/usr/sbin/apachectl stop (code=exited, status=0/SUCCESS)
  Process: 463 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
 Main PID: 497 (code=exited, status=0/SUCCESS)

nov. 02 13:59:37 web03.i2tch.loc systemd[1]: Starting The Apache HTTP Server...
nov. 02 13:59:38 web03.i2tch.loc systemd[1]: Started The Apache HTTP Server.
nov. 02 14:12:36 web03.i2tch.loc systemd[1]: Stopping The Apache HTTP Server...
nov. 02 14:12:37 web03.i2tch.loc systemd[1]: Stopped The Apache HTTP Server.

Déconnectez-vous de la VM web03.i2tch.loc :

root@web03:~# exit
déconnexion
trainee@web03:~$ exit
déconnexion
Connection to web03 closed.
root@workstation:~/chef-repo/cookbooks# 

Dans le cas d'une erreur de l'exécution, des traces sont générées dans le fichier /root/.chef-workstation/logs/errors.txt :

root@workstation:~/chef-repo/cookbooks# chef-run web0[2:3] service apache2 action=disbale --sudo --user trainee --password trainee
[✔] Packaging cookbook... done!
[✔] Generating local policyfile... exporting... done!
[✖] Applying service[apache2] from resource to targets.
├── [✖] [web02] Failed to converge service[apache2].
└── [✖] [web03] Failed to converge service[apache2].

One or more actions has failed.

A complete list of failures and possible resolutions can
be found in the file below:

  /root/.chef-workstation/logs/errors.txt

root@workstation:~/chef-repo/cookbooks# cat /root/.chef-workstation/logs/errors.txt
Host: web02 Error: CHEFCCR003: The action 'disbale' is not valid. Valid actions are: :nothing, :enable, :disable, :start, :stop, :restart, :reload, :mask, :unmask For more information, please consult the documentation for this resource: https://docs.chef.io/resource_reference.html
Host: web03 Error: CHEFCCR003: The action 'disbale' is not valid. Valid actions are: :nothing, :enable, :disable, :start, :stop, :restart, :reload, :mask, :unmask For more information, please consult the documentation for this resource: https://docs.chef.io/resource_reference.html

Corrigez l'erreur et désactivez le service apache2 :

root@workstation:~/chef-repo/cookbooks# chef-run web0[2:3] service apache2 action=disable --sudo --user trainee --password trainee
[✔] Packaging cookbook... done!
[✔] Generating local policyfile... exporting... done!
[✔] Applying service[apache2] from resource to targets.
├── [✔] [web02] Successfully converged service[apache2].
└── [✔] [web03] Successfully converged service[apache2].

Installez le paquet git :

root@workstation:~/chef-repo/cookbooks# apt install git

Utilisez la commande git init pour initialiser le répertoire /root/chef-repo/cookbooks en tant que repository git :

root@workstation:~/chef-repo/cookbooks# git init

Utilisez maintenant la commande chef-run pour exécuter la Recette default du Cookbook apache2 dans la VM web01.i2tch.loc :

root@workstation:~/chef-repo/cookbooks# chef-run web01 apache2::default --password fenestros
[✔] Packaging cookbook... done!
[✔] Generating local policyfile... exporting... done!
[✔] Applying apache2::default from /root/chef-repo/cookbooks/apache2 to target.
└── [✔] [web01] Successfully converged apache2::default.

Le service apache2 ayant été arrêté précédemment, vérifiez que clui-ci a été re-démarré :

root@workstation:~/chef-repo/cookbooks# ssh -l trainee web01
Debian GNU/Linux 9
trainee@web01's password: trainee
Linux web01.i2tch.loc 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Nov  2 14:08:53 2023 from 10.0.2.1

trainee@web01:~$ su -
Mot de passe : fenestros

root@web01:~# systemctl status apache2
● apache2.service - The Apache HTTP Server
   Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2023-11-02 14:40:59 CET; 32s ago
  Process: 4208 ExecStop=/usr/sbin/apachectl stop (code=exited, status=0/SUCCESS)
  Process: 4360 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
 Main PID: 4364 (apache2)
    Tasks: 55 (limit: 4915)
   CGroup: /system.slice/apache2.service
           ├─4364 /usr/sbin/apache2 -k start
           ├─4365 /usr/sbin/apache2 -k start
           └─4366 /usr/sbin/apache2 -k start

nov. 02 14:40:59 web01.i2tch.loc systemd[1]: Starting The Apache HTTP Server...
nov. 02 14:40:59 web01.i2tch.loc systemd[1]: Started The Apache HTTP Server.

Déconnectez-vous de la VM web01.i2tch.loc :

root@web01:~# exit
déconnexion

trainee@web01:~$ exit
déconnexion
Connection to web01 closed.

Un Rôle est une façon logique de regrouper des clients ou noeuds. Chaque Rôle possède des run-lists pour pouvoir configurer les noeuds associés avec le Rôle. Une Run-List est un groupement de Cookbooks ou de Recettes. Pour associer un noeud à un Rôle, Chef utilise des tags. La manipulation des Rôles s'effectue grâce à l'utilisation de la commande knife.

Commencez par définir l'éditeur par défaut dans la VM workstation.ittraining.loc :

root@workstation:~/chef-repo/cookbooks# export EDITOR=$(which vi)

Placez-vous dans le répertoire /root/chef-repo/ créez un Rôle dénommé web en utilisant la commande knife role create :

root@workstation:~/chef-repo/cookbooks# cd ..

root@workstation:~/chef-repo# knife role create web

L'éditeur VI est lancé. Editez la section run_list en y ajoutant “recipe[apache2]“. Sauvegardez et quittez le fichier :

{
   "name": "web",
   "description": "",
   "json_class": "Chef::Role",
   "default_attributes": {

   },
   "override_attributes": {

   },
   "chef_type": "role",
   "run_list": [
           "recipe[apache2]"
   ],
   "env_run_lists": {

   }
}

Vous obtiendrez :

root@workstation:~/chef-repo# knife role create web
Created role[web]

Visualisez le Rôle que vous avez créé grâce à la commande knife role show :

root@workstation:~/chef-repo# knife role show web
chef_type:           role
default_attributes:
description:         
env_run_lists:
json_class:          Chef::Role
name:                web
override_attributes:
run_list:            recipe[apache2]

Connectez-vous ensuite à votre VM ChefServer_10.0.2.110_VNC.

Ouvrez le navigateur Web et naviguez à l'adresse 10.0.2.110 :

Cliquez sur l'onglet Policy :

Cliquez sur Roles pour visualiser le Rôle web :

Sélectionnez le Rôle web pour voir le contenu de la Run List :

Cliquez sur l'ongler Nodes, puis sur le client client. Constatez la présence du Rôle web dans la Run List :

Cliquez sur le lien Edit Run List dans le menu de gauche et constatez la présence de web dans la Current Run List :

Connectez-vous ensuite à votre VM ChefServer_10.0.2.110_SSH.

Modifiez maintenant la configuration du client client.ittraining.loc en référencant le Rôle dans le run_list. Sauvegardez et quittez le fichier :

root@workstation:~/chef-repo# knife node edit client

{
  "name": "client",
  "chef_environment": "_default",
  "normal": {
    "tags": [

    ]
  },
  "policy_name": null,
  "policy_group": null,
  "run_list": [
          "role[web]"
]

}

Vous obtiendrez :

root@workstation:~/chef-repo# knife node edit client
Saving updated run_list on node client

Appliquez le Rôle grâce à la commande knife ssh :

root@workstation:~/chef-repo# knife ssh 'role:web' 'chef-client' --ssh-user root --ssh-password fenestros
client.ittraining.loc Starting Chef Infra Client, version 15.17.4
client.ittraining.loc resolving cookbooks for run list: ["apache2"]
client.ittraining.loc Synchronizing Cookbooks:
client.ittraining.loc   - apache2 (0.1.0)
client.ittraining.loc Installing Cookbook Gems:
client.ittraining.loc Compiling Cookbooks...
client.ittraining.loc Converging 3 resources
client.ittraining.loc Recipe: apache2::default
client.ittraining.loc   * apt_package[apache2] action install (up to date)
client.ittraining.loc   * service[apache2] action enable (up to date)
client.ittraining.loc   * service[apache2] action start (up to date)
client.ittraining.loc   * template[/var/www/html/index.html] action create (up to date)
client.ittraining.loc 
client.ittraining.loc Running handlers:
client.ittraining.loc Running handlers complete
client.ittraining.loc Chef Infra Client finished, 0/4 resources updated in 01 seconds
client.ittraining.loc [2023-11-02T16:30:46+01:00] WARN: This release of Chef Infra Client became end of life (EOL) on May 1st 2021. Please update to a supported release to receive new features, bug fixes, and security updates.

La gestion des Environnements est similaire à la gestion des Rôles. Un environnement est une phase de développement telle Développement ou Production. Tous les clients font partis de l'environnement par défaut, appelé _default. Il est possible d'appliquer des Recettes ou des Cookbooks différents en fonction de l'environnement.

Téléchargez le fichier nginx.tar :

root@workstation:~/chef-repo/cookbooks# wget https://files-accl.zohoexternal.com/public/workdrive-external/download/p9zfo77176af8ccf44e4a9cff3dc316a00cf0
--2023-11-03 13:37:07--  https://files-accl.zohoexternal.com/public/workdrive-external/download/p9zfo77176af8ccf44e4a9cff3dc316a00cf0
Resolving files-accl.zohoexternal.com (files-accl.zohoexternal.com)... 169.148.154.32, 169.62.46.83, 169.148.154.31, ...
Connecting to files-accl.zohoexternal.com (files-accl.zohoexternal.com)|169.148.154.32|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 30720 (30K) [application/x-unknown]
Saving to: ‘p9zfo77176af8ccf44e4a9cff3dc316a00cf0’

p9zfo77176af8ccf44e4a9cff3dc316a00cf0                100%[====================================================================================================================>]  30,00K  --.-KB/s    in 0,08s   

2023-11-03 13:37:08 (372 KB/s) - ‘p9zfo77176af8ccf44e4a9cff3dc316a00cf0’ saved [30720/30720]

Renommez le fichier téléchargé et désarchivez-le :

root@workstation:~/chef-repo/cookbooks# mv p9zfo77176af8ccf44e4a9cff3dc316a00cf0 nginx.tar
root@workstation:~/chef-repo/cookbooks# tar xvf nginx.tar
nginx/
nginx/.gitignore
nginx/.delivery/
nginx/.delivery/project.toml
nginx/Policyfile.rb
nginx/kitchen.yml
nginx/chefignore
nginx/recipes/
nginx/recipes/default.rb
nginx/CHANGELOG.md
nginx/spec/
nginx/spec/spec_helper.rb
nginx/spec/unit/
nginx/spec/unit/recipes/
nginx/spec/unit/recipes/default_spec.rb
nginx/metadata.rb
nginx/files/
nginx/files/default/
nginx/files/default/index.html
nginx/LICENSE
nginx/test/
nginx/test/integration/
nginx/test/integration/default/
nginx/test/integration/default/default_test.rb
nginx/README.md

Modifiez le fichier /root/chef-repo/cookbooks/nginx/files/default/index.html :

root@workstation:~/chef-repo/cookbooks# vi nginx/files/default/index.html 
root@workstation:~/chef-repo/cookbooks# cat nginx/files/default/index.html 
<html>
  <head>
    <title>Hello from chef</title>
  </head>
  <body>
    <h1>This is a nginx server</h1>
    <p>Happy Production!</p>
  </body>
</html>

Téléversez maintenant le Cookbook vers le Chef Infra Server :

root@workstation:~/chef-repo/cookbooks# knife cookbook upload nginx
Uploading nginx          [0.1.0]
Uploaded 1 cookbook.

Modifiez de nouveau le fichier /root/chef-repo/cookbooks/nginx/files/default/index.html :

root@workstation:~/chef-repo/cookbooks# vi nginx/files/default/index.html 
root@workstation:~/chef-repo/cookbooks# cat nginx/files/default/index.html 
<html>
  <head>
    <title>Hello from chef</title>
  </head>
  <body>
    <h1>This is a nginx server</h1>
    <p>Happy Development!</p>
  </body>
</html>

Afin de ne pas écraser le Cookbook déjà téléversé, créez une nouvelle vesrion de celiu-ci en éditant le fichier /root/chef-repo/cookbooks/metadat.rb :

root@workstation:~/chef-repo/cookbooks# vi nginx/metadata.rb 
root@workstation:~/chef-repo/cookbooks# cat nginx/metadata.rb 
name 'nginx'
maintainer 'The Authors'
maintainer_email 'you@example.com'
license 'All Rights Reserved'
description 'Installs/Configures nginx'
version '0.1.1'
chef_version '>= 14.0'

# The `issues_url` points to the location where issues for this cookbook are
# tracked.  A `View Issues` link will be displayed on this cookbook's page when
# uploaded to a Supermarket.
#
# issues_url 'https://github.com/<insert_org_here>/nginx/issues'

# The `source_url` points to the development repository for this cookbook.  A
# `View Source` link will be displayed on this cookbook's page when uploaded to
# a Supermarket.
#
# source_url 'https://github.com/<insert_org_here>/nginx'

Téléversez ensuite le nouveau Cookbook vers le Chef Infra Server :

root@workstation:~/chef-repo/cookbooks# knife cookbook upload nginx
Uploading nginx          [0.1.1]
Uploaded 1 cookbook.

Configurez deux nouveaux clients targeta et targetb :

root@workstation:~/chef-repo/cookbooks# ssh -l trainee 10.0.2.52
The authenticity of host '10.0.2.52 (10.0.2.52)' can't be established.
ECDSA key fingerprint is SHA256:sEfHBv9azmK60cjqF/aJgUc9jg56slNaZQdAUcvBOvE.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.2.52' (ECDSA) to the list of known hosts.
Debian GNU/Linux 9
trainee@10.0.2.52's password: trainee
Linux targeta.i2tch.loc 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Sun Mar 21 08:47:45 2021 from 10.0.2.10

trainee@targeta:~$ su -
Mot de passe : fenestros

Editez la directive PermitRootLogin du fichier /etc/ssh/sshd_config afin de permettre l'utilisateur root de se connecter au client :

root@targeta:~# vi /etc/ssh/sshd_config

root@targeta:~# cat /etc/ssh/sshd_config
...
PermitRootLogin yes 
...

root@targeta:~# systemctl restart ssh

Editez ensuite le fichier /etc/hosts :

root@targeta:~# vi /etc/hosts
root@targeta:~# cat /etc/hosts
127.0.0.1       localhost
10.0.2.110      chefserver.ittraining.loc   chefserver
10.0.2.111      workstation.ittraining.loc  workstation
10.0.2.52       web02.i2tch.loc    web02 
10.0.2.53       web03.i2tch.loc    web03


# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Modifiez le FQDN de la VM :

root@targeta:~# hostnamectl set-hostname web02.i2tch.loc

Mettez à jour les dépôts des paquets :

root@targeta:~# sed -i s/ftp.fr.debian.org/archive.debian.org/g /etc/apt/sources.list

root@targeta:~# sed -i '/debian-security/d' /etc/apt/sources.list

root@targeta:~# sed -i '/stretch-updates/d' /etc/apt/sources.list

root@targeta:~# apt update
Ign:1 http://archive.debian.org/debian stretch InRelease
Réception de:2 http://archive.debian.org/debian stretch Release [118 kB]
Réception de:3 http://archive.debian.org/debian stretch Release.gpg [3 177 B]
Réception de:4 http://archive.debian.org/debian stretch/main Sources [6 736 kB]
Réception de:5 http://archive.debian.org/debian stretch/main amd64 Packages [7 080 kB]
Réception de:6 http://archive.debian.org/debian stretch/main Translation-fr [1 894 kB]
Réception de:7 http://archive.debian.org/debian stretch/main Translation-en [5 377 kB]
21,2 Mo réceptionnés en 6s (3 302 ko/s)                                                                                                                                                                      
Lecture des listes de paquets... Fait
Construction de l'arbre des dépendances       
Lecture des informations d'état... Fait
226 packages can be upgraded. Run 'apt list --upgradable' to see them.

Créez le répertoire /var/www/html :

root@targeta:~# mkdir -p /var/www/html

Quittez la VM targeta :

root@targeta:~# exit
déconnexion
trainee@targeta:~$ exit
déconnexion
Connection to 10.0.2.52 closed.

Utilisez la commande knife bootstrap pour référencer le client avec le Chef Infra Server :

root@workstation:~/chef-repo/cookbooks# knife bootstrap 10.0.2.52 --ssh-user root --ssh-password fenestros --node-name web02
Connecting to 10.0.2.52
The authenticity of host '10.0.2.52 ()' can't be established.
fingerprint is SHA256:Tk/PXJFmWnE96DhFsYAaFqgHQXPJhw+ArPP/GG9IJTw.

Are you sure you want to continue connecting
? (Y/N) Y
Connecting to 10.0.2.52
Creating new client for web02
Creating new node for web02
Bootstrapping 10.0.2.52
 [10.0.2.52] -----> Installing Chef Omnibus (stable/15)
downloading https://omnitruck.chef.io/chef/install.sh
  to file /tmp/install.sh.1340/install.sh
trying wget...
 [10.0.2.52] debian 9 x86_64
Getting information for chef stable 15 for debian...
downloading https://omnitruck.chef.io/stable/chef/metadata?v=15&p=debian&pv=9&m=x86_64
  to file /tmp/install.sh.1344/metadata.txt
 [10.0.2.52] trying wget...
 [10.0.2.52] sha1       168e534c58f9e17394bc9ba7112ee2280fecdd79
sha256  a50884a3c0be26875c329de9a1cea854eacb0a0a1ed031301ee6c29aad0f19ed
url     https://packages.chef.io/files/stable/chef/15.17.4/debian/9/chef_15.17.4-1_amd64.deb
version 15.17.4
 [10.0.2.52] 
 [10.0.2.52] downloaded metadata file looks valid...
 [10.0.2.52] downloading https://packages.chef.io/files/stable/chef/15.17.4/debian/9/chef_15.17.4-1_amd64.deb
  to file /tmp/install.sh.1344/chef_15.17.4-1_amd64.deb
...
 [10.0.2.52] Chef Infra Client finished, 0/0 resources updated in 01 seconds
 [10.0.2.52] 
 [10.0.2.52] [2023-11-03T15:53:49+01:00] WARN: This release of Chef Infra Client became end of life (EOL) on May 1st 2021. Please update to a supported release to receive new features, bug fixes, and security updates.

Connectez-vous à la VM targetb :

root@workstation:~/chef-repo/cookbooks# ssh -l trainee 10.0.2.53
The authenticity of host '10.0.2.53 (10.0.2.53)' can't be established.
ECDSA key fingerprint is SHA256:RgOsp/XI7JHNq+oIfHKw+jkHdtTnBIh+Dd7kVmHRxtU.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.2.53' (ECDSA) to the list of known hosts.
trainee@10.0.2.53's password: trainee
Last login: Sun Mar 21 08:53:18 2021 from 10.0.2.10
[trainee@targetb ~]$ su -
Password: fenestros
Last login: dim. mars 21 08:53:25 CET 2021 on pts/0

Modifiez la directive PermitRootLogin du fichier /etc/ssh/sshd_config afin de permettre l'utilisateur root de se connecter au client :

[root@targetb ~]# vi /etc/ssh/sshd_config 

[root@targetb ~]# cat /etc/ssh/sshd_config 
#       $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
...
PermitRootLogin yes
...

[root@targetb ~]# systemctl restart sshd

Editez ensuite le fichier /etc/hosts :

[root@targetb ~]# vi /etc/hosts

[root@targetb ~]# cat /etc/hosts
127.0.0.1               localhost.localdomain localhost
::1             localhost6.localdomain6 localhost6
10.0.2.110      chefserver.ittraining.loc   chefserver
10.0.2.111      workstation.ittraining.loc  workstation
10.0.2.52       web02.i2tch.loc    web02
10.0.2.53       web03.i2tch.loc    web03

Modifiez le FQDN de la VM :

[root@targetb ~]# hostnamectl set-hostname web03.i2tch.loc

La VM targetb étant une CentOS 7, le paquet nginx est disponible dans le dépôt epel-release. Installez donc ce dépôt :

[root@targetb ~]# yum install epel-release

Créez le répertoire /var/www/html :

[root@targetb ~]# mkdir -p /var/www/html

Déconnectez-vous de la VM :

[root@targetb ~]# exit
déconnexion

trainee@targetb:~$ exit
déconnexion

Utilisez maintenant la commande knife bootstrap pour référencer le client avec le Chef Infra Server :

root@workstation:~/chef-repo/cookbooks# knife bootstrap 10.0.2.53 --ssh-user root --ssh-password fenestros --node-name web03
--ssh-user: This flag is deprecated. Use -U/--connection-user instead.
--ssh-password: This flag is deprecated. Use -P/--connection-password instead.
Connecting to 10.0.2.53
The authenticity of host '10.0.2.53 ()' can't be established.
fingerprint is SHA256:PokJEptX8i3G+Qdy2WFX9xWby1d+l/0FhVyN1onGXnQ.

Are you sure you want to continue connecting
? (Y/N) Y
Connecting to 10.0.2.53
Creating new client for web03
Creating new node for web03
Bootstrapping 10.0.2.53
 [10.0.2.53] -----> Installing Chef Omnibus (stable/15)
downloading https://omnitruck.chef.io/chef/install.sh
  to file /tmp/install.sh.14275/install.sh
trying wget...
 [10.0.2.53] el 7 x86_64
Getting information for chef stable 15 for el...
downloading https://omnitruck.chef.io/stable/chef/metadata?v=15&p=el&pv=7&m=x86_64
  to file /tmp/install.sh.14285/metadata.txt
 [10.0.2.53] trying wget...
 [10.0.2.53] sha1       9e066d888611971a1dceb7c3eaf0375a6c61ebd0
sha256  0aaf56d149bdddc73b501322777ac378e2ffb63aa6eb714d93b16714e166e4f0
url     https://packages.chef.io/files/stable/chef/15.17.4/el/7/chef-15.17.4-1.el7.x86_64.rpm
version 15.17.4
 [10.0.2.53] 
 [10.0.2.53] downloaded metadata file looks valid...
 [10.0.2.53] downloading https://packages.chef.io/files/stable/chef/15.17.4/el/7/chef-15.17.4-1.el7.x86_64.rpm
  to file /tmp/install.sh.14285/chef-15.17.4-1.el7.x86_64.rpm
...
Chef Infra Client finished, 0/0 resources updated in 03 seconds
[2023-11-03T16:07:23+01:00] WARN: This release of Chef Infra Client became end of life (EOL) on May 1st 2021. Please update to a supported release to receive new features, bug fixes, and security updates.

Editez le fichier /etc/hosts de votre VM workstation.ittraining.loc :

root@workstation:~/chef-repo/cookbooks# vi /etc/hosts
root@workstation:~/chef-repo/cookbooks# cat /etc/hosts
127.0.0.1       localhost
127.0.1.1       workstation
10.0.2.110      chefserver.ittraining.loc   chefserver
10.0.2.111      workstation.ittraining.loc  workstation
10.0.2.112      client.ittraining.loc       client
10.0.2.52       web02.i2tch.loc    web02
10.0.2.53       web03.i2tch.loc    web03

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Connectez-vous ensuite à votre VM ChefServer_10.0.2.110_VNC.

Ouvrez le navigateur Web et naviguez à l'adresse 10.0.2.110 :

Cliquez sur l'onglet Policy :

Cliquez sur la ligne nginx :

Cliquez sur Environments dans le menu de gauche :

Cliquez sur Create dans le menu de gauche et renseignez la création de l'environnement appelé Dev. Cliquez ensuite sur le bouton Create Environment :

Vous obtiendrez :

Répétez le processus pour créer l'environnement appelé Prod :

Vous obtiendrez :

Cliquez sur la ligne Dev puis sur le lien Edit dans le panneau Cookbook Constraints Renseignez une contrainte afin que l'environnement utilise la version 0.1.1 du Cookbook nginx :

Cliquez sur le bouton Add puis sur le bouton Save Constraints :

Répétez le processus pour créer une contrainte pour l'environnement Prod en spécifiant le version 0.1.0 du Cookbook :

Cliquez sur l'onglet Nodes :

Cliquez sur la ligne web02 et modifiez l'environnement à Dev puis cliquez sur le bouton Save :

Cliquez sur la ligne web03 et modifiez l'environnement à Prod puis cliquez sur le bouton Save :

Cliquez sur la roue dentée à dans la ligne web03 puis cliquez sur le lien Edit Run List. Dans la fenêtre qui apparait, faites glisser nginx de Available Recipes vers Current Run List. Cliquez ensuite sur le bouton Save Run List :

Utilisez le même processus pour affecter nginx à la Current Run List de web02 :

Cliquez sur la ligne web03 et vérifiez que la Run List contient nginx versions 0.1.0 :

Cliquez sur la ligne web02 et vérifiez que la Run List contient nginx versions 0.1.1 :

Connectez-vous à la VM web02.i2tch.loc et devenez l'utilisateur root puis exécutez la commande chef-client :

root@web02:~# chef-client
Starting Chef Infra Client, version 15.17.4
resolving cookbooks for run list: ["nginx"]
Synchronizing Cookbooks:
  - nginx (0.1.1)
Installing Cookbook Gems:
Compiling Cookbooks...
Converging 3 resources
Recipe: nginx::default
  * apt_package[nginx] action install
    - install version 1.10.3-1+deb9u4 of package nginx
  * service[nginx] action enable (up to date)
  * service[nginx] action start (up to date)
  * cookbook_file[/var/www/html/index.html] action create
    - create new file /var/www/html/index.html
    - update content in file /var/www/html/index.html from none to bfe461
    --- /var/www/html/index.html        2023-11-04 13:17:29.520612571 +0100
    +++ /var/www/html/.chef-index20231104-5615-1pw0ng9.html     2023-11-04 13:17:29.520612571 +0100
    @@ -1 +1,10 @@
    +<html>
    +  <head>
    +    <title>Hello from chef</title>
    +  </head>
    +  <body>
    +    <h1>This is a nginx server</h1>
    +    <p>Happy Development!</p>
    +  </body>
    +</html>
    - change mode from '' to '0644'

Running handlers:
Running handlers complete
Chef Infra Client finished, 2/4 resources updated in 19 seconds
[2023-11-04T13:17:29+01:00] WARN: This release of Chef Infra Client became end of life (EOL) on May 1st 2021. Please update to a supported release to receive new features, bug fixes, and security updates.

Vérifiez le contenu du fichier /var/www/html/index.html :

root@web02:~# cat /var/www/html/index.html 
<html>
  <head>
    <title>Hello from chef</title>
  </head>
  <body>
    <h1>This is a nginx server</h1>
    <p>Happy Development!</p>
  </body>
</html>

Connectez-vous à la VM web03.i2tch.loc et devenez l'utilisateur root puis exécutez la commande chef-client :

[root@web03 ~]# chef-client
Starting Chef Infra Client, version 15.17.4
resolving cookbooks for run list: ["nginx"]
Synchronizing Cookbooks:
  - nginx (0.1.0)
Installing Cookbook Gems:
Compiling Cookbooks...
Converging 3 resources
Recipe: nginx::default
  * yum_package[nginx] action install (up to date)
  * service[nginx] action enable (up to date)
  * service[nginx] action start (up to date)
  * cookbook_file[/var/www/html/index.html] action create
    - update content in file /var/www/html/index.html from bfe461 to a89b2b
    --- /var/www/html/index.html        2023-11-04 12:40:57.072941692 +0100
    +++ /var/www/html/.chef-index20231104-19702-1kw3xch.html    2023-11-04 12:54:51.404871486 +0100
    @@ -4,7 +4,7 @@
       </head>
       <body>
         <h1>This is a nginx server</h1>
    -    <p>Happy Development!</p>
    +    <p>Happy Production!</p>
       </body>
     </html>
    - restore selinux security context

Running handlers:
Running handlers complete
Chef Infra Client finished, 1/4 resources updated in 04 seconds
[2023-11-04T12:54:51+01:00] WARN: This release of Chef Infra Client became end of life (EOL) on May 1st 2021. Please update to a supported release to receive new features, bug fixes, and security updates.

Vérifiez le contenu du fichier /var/www/html/index.html :

[root@web03 ~]# cat /var/www/html/index.html
<html>
  <head>
    <title>Hello from chef</title>
  </head>
  <body>
    <h1>This is a nginx server</h1>
    <p>Happy Production!</p>
  </body>
</html>

Copyright © 2023 Hugh Norris.