LDF704 - Gestion de la Configuration des Clients

• LDF704 - Gestion de la Configuration des Clients
  • Contenu du Module
  • Infrastructure
  • LAB #1 - La Commande chef-run
    • 1.1 - Présentation
    • 1.2 - Utiliser chef-run sur un Client Unique
    • 1.3 - Utiliser chef-run avec la Commande sudo
    • 1.4 - Utiliser chef-run avec un Cookbook
  • LAB #2 - Configuration des Noeuds en utilisant des Rôles
    • 2.1 - Présentation
    • 2.2 - Création de Rôles
  • LAB #3 - Configuration des Clients en fonction de l'Environnement
    • 3.1 - Préparation
    • 3.2 - Installation

L'infrastructure utilisée dans ce module est la suivante.

Stagiaires 11, 12, 14, 15, 16 et 17 :

Stagiaires 18, 19, 20, 21, 22 et 23 :

Commencez donc par modifier le fichier /etc/hosts de votre VM workstation.ittraining.loc.

Stagiaires 11, 12, 14, 15, 16 et 17 :

root@workstation:~/chef-repo/cookbooks# vi /etc/hosts
root@workstation:~/chef-repo/cookbooks# cat /etc/hosts
127.0.0.1       localhost
127.0.1.1       workstation
10.0.2.110      chefserver.ittraining.loc   chefserver
10.0.2.111      workstation.ittraining.loc  workstation
10.0.2.112      client.ittraining.loc       client
10.0.2.54       web01.i2tch.loc         web01
10.0.2.55       web02.i2tch.loc         web02
10.0.2.56       web03.i2tch.loc         web03

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Stagiaires 18, 19, 20, 21, 22 et 23 :

root@workstation:~/chef-repo/cookbooks# vi /etc/hosts
root@workstation:~/chef-repo/cookbooks# cat /etc/hosts
127.0.0.1       localhost
127.0.1.1       workstation
10.0.3.110      chefserver.ittraining.loc   chefserver
10.0.3.111      workstation.ittraining.loc  workstation
10.0.3.112      client.ittraining.loc       client
10.0.3.54       web01.i2tch.loc         web01
10.0.3.55       web02.i2tch.loc         web02
10.0.3.56       web03.i2tch.loc         web03

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

La commande chef-run permet d'exécuter des commandes ad-hoc localement ou sur des clients.

Cette commande :

• ne nécessite pas de Chef Infra Server,
• ne nécessite pas de pré-installation de Chef Client sur le(s) client(s),
• peut aussi exécuter une recipe ou un Cookbook,
• peut configurer de multiples clients dans la même commande.

Utilisez la commande chef-run pour arrêter le service apache2 sur la VM web01.i2tch.loc :

root@workstation:~/chef-repo/cookbooks# chef-run web01 service apache2 action=stop --password fenestros
Creating config file in /root/.chef-workstation/config.toml.

Telemetry has been enabled by default for this beta release
of chef-run. The anonymous data we gather is used to
determine how we can impove your chef-run experience.

To disable it, add the following entry to
/root/.chef-workstation/config.toml:

[telemetry]
enable=false

For more information about what we data gather and additional opt-out
options, visit https://chef.sh/docs/chef-workstation/privacy/
[✔] Packaging cookbook... done!
[✔] Generating local policyfile... exporting... done!
[✔] Applying service[apache2] from resource to target.
└── [✔] [web01] Successfully converged service[apache2].

Connectez-vous à la VM web01.i2tch.loc à partir de votre VM workstation.ittraining.loc.

Stagiaires 11, 12, 14, 15, 16 et 17 :

root@workstation:~/chef-repo/cookbooks# ssh -l trainee web01
The authenticity of host 'web01 (10.0.2.54)' can't be established.
ECDSA key fingerprint is SHA256:sEfHBv9azmK60cjqF/aJgUc9jg56slNaZQdAUcvBOvE.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'web01,10.0.2.54' (ECDSA) to the list of known hosts.
Debian GNU/Linux 9
trainee@web01's password: trainee
Linux web01.i2tch.loc 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Nov  2 13:35:52 2023 from 10.0.2.1

Stagiaires 18, 19, 20, 21, 22 et 23 :

root@workstation:~/chef-repo/cookbooks# ssh -l trainee web01
The authenticity of host 'web01 (10.0.3.54)' can't be established.
ECDSA key fingerprint is SHA256:sEfHBv9azmK60cjqF/aJgUc9jg56slNaZQdAUcvBOvE.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'web01,10.0.3.54' (ECDSA) to the list of known hosts.
Debian GNU/Linux 9
trainee@web01's password: trainee
Linux web01.i2tch.loc 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Nov  2 13:35:52 2023 from 10.0.3.1

Devenez root :

trainee@web01:~$ su -
Mot de passe : fenestros
root@web01:~# 

Vérifiez le statut du service apache2 :

root@web01:~# systemctl status apache2
● apache2.service - The Apache HTTP Server
   Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Thu 2023-11-02 13:49:44 CET; 42s ago
  Process: 1946 ExecStop=/usr/sbin/apachectl stop (code=exited, status=0/SUCCESS)
  Process: 449 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
 Main PID: 479 (code=exited, status=0/SUCCESS)

nov. 02 13:29:31 web01.i2tch.loc systemd[1]: Starting The Apache HTTP Server...
nov. 02 13:29:32 web01.i2tch.loc systemd[1]: Started The Apache HTTP Server.
nov. 02 13:49:44 web01.i2tch.loc systemd[1]: Stopping The Apache HTTP Server...
nov. 02 13:49:44 web01.i2tch.loc systemd[1]: Stopped The Apache HTTP Server.

Déconnectez-vous de votre VM web01.i2tch.loc :

root@web01:~# exit
déconnexion
trainee@web01:~$ exit
déconnexion
Connection to web01 closed.

La journalisation de l'activité de la commande chef-run est consignée dans le fichier /root/.chef-workstation/logs/default.log. Pour activer la journalisation, il convient d'éditer le fichier /root/.chef-workstation/config.toml :

root@workstation:~/chef-repo/cookbooks# vi /root/.chef-workstation/config.toml 

root@workstation:~/chef-repo/cookbooks# cat /root/.chef-workstation/config.toml 
[log]
level="debug"

Utilisez maintenant la commande chef-run pour démarrer le service apache2 sur la VM web01.i2tch.loc :

root@workstation:~/chef-repo/cookbooks# chef-run web01 service apache2 action=start --password fenestros
[✔] Packaging cookbook... done!
[✔] Generating local policyfile... exporting... done!
[✔] Applying service[apache2] from resource to target.
└── [✔] [web01] Successfully converged service[apache2].

Constatez le bon démarrage du service :

root@workstation:~/chef-repo/cookbooks# ssh -l trainee web01
Debian GNU/Linux 9
trainee@web01's password: trainee
Linux web01.i2tch.loc 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Nov  2 13:50:12 2023 from 10.0.2.111
trainee@web01:~$ su -
Mot de passe : fenestros

root@web01:~# systemctl status apache2
● apache2.service - The Apache HTTP Server
   Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2023-11-02 13:52:27 CET; 1min 29s ago
  Process: 1946 ExecStop=/usr/sbin/apachectl stop (code=exited, status=0/SUCCESS)
  Process: 2134 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
 Main PID: 2138 (apache2)
    Tasks: 55 (limit: 4915)
   CGroup: /system.slice/apache2.service
           ├─2138 /usr/sbin/apache2 -k start
           ├─2139 /usr/sbin/apache2 -k start
           └─2140 /usr/sbin/apache2 -k start

nov. 02 13:52:27 web01.i2tch.loc systemd[1]: Starting The Apache HTTP Server...
nov. 02 13:52:27 web01.i2tch.loc systemd[1]: Started The Apache HTTP Server.

Visualisez ensuite le contenu du fichier /root/.chef-workstation/logs/default.log :

root@workstation:~/chef-repo/cookbooks# more /root/.chef-workstation/logs/default.log
[2023-11-02T14:30:35+01:00] DEBUG: No chefignore file found. No files will be ignored!
[2023-11-02T14:30:35+01:00] DEBUG: No chefignore file found. No files will be ignored!
[2023-11-02T14:30:35+01:00] DEBUG: No chefignore file found. No files will be ignored!
[2023-11-02T14:30:35+01:00] DEBUG: No chefignore file found. No files will be ignored!
oot/.chef-workstation/telemetry/telemetry-payload-1.yml
[2023-11-02T14:30:32+01:00] INFO: Submitting telemetry entry 1/5: {:event=>:run, :properties=>{:installation_id=>"6f4cafea-73a3-4058-8c01-c0212fcaa97f", :run_timestamp=>"2023-11-02T13:29:02Z", :host_platfor
m=>"linux", :event_data=>{:arguments=>[:redacted], :duration=>8.209635892999358}}} 
[2023-11-02T14:30:33+01:00] INFO: Entry 1/5 submitted.
[2023-11-02T14:30:33+01:00] INFO: Submitting telemetry entry 2/5: {:event=>:action, :properties=>{:installation_id=>"6f4cafea-73a3-4058-8c01-c0212fcaa97f", :run_timestamp=>"2023-11-02T13:29:02Z", :host_plat
form=>"linux", :event_data=>{:action=>"ConvergeTarget", :target=>{:platform=>{:name=>:linux, :version=>"9.7", :architecture=>"x86_64"}, :hostname_sha1=>"7f1f968061faac1f2881018c5bbb473f498af24a", :transport
_type=>"ssh"}, :duration=>5.424575929995626}}} 
[2023-11-02T14:30:33+01:00] INFO: Entry 2/5 submitted.
[2023-11-02T14:30:33+01:00] INFO: Submitting telemetry entry 3/5: {:event=>:action, :properties=>{:installation_id=>"6f4cafea-73a3-4058-8c01-c0212fcaa97f", :run_timestamp=>"2023-11-02T13:29:02Z", :host_plat
form=>"linux", :event_data=>{:action=>"InstallChef", :target=>{:platform=>{:name=>:linux, :version=>"9.7", :architecture=>"x86_64"}, :hostname_sha1=>"7f1f968061faac1f2881018c5bbb473f498af24a", :transport_ty
pe=>"ssh"}, :duration=>0.15079596400028095}}} 
[2023-11-02T14:30:33+01:00] DEBUG: [ChefApply::Action::GenerateCookbookFromResource] Action: generating, Action Data: []
[2023-11-02T14:30:33+01:00] DEBUG: Generating cookbook for ad-hoc resource service[apache2]
[2023-11-02T14:30:33+01:00] DEBUG: Generating cookbook for single resource 'service[apache2]'
[2023-11-02T14:30:33+01:00] DEBUG: [ChefApply::Action::GenerateCookbookFromResource] Action: success, Action Data: []
[2023-11-02T14:30:33+01:00] DEBUG: [ChefApply::Action::GenerateLocalPolicy] Action: generating, Action Data: []
[2023-11-02T14:30:33+01:00] INFO: Entry 3/5 submitted.
[2023-11-02T14:30:33+01:00] INFO: Submitting telemetry entry 4/5: {:event=>:action, :properties=>{:installation_id=>"6f4cafea-73a3-4058-8c01-c0212fcaa97f", :run_timestamp=>"2023-11-02T13:29:02Z", :host_plat
form=>"linux", :event_data=>{:action=>"GenerateLocalPolicy", :target=>{:platform=>{}, :hostname_sha1=>nil, :transport_type=>nil}, :duration=>1.7424296090030111}}} 
[2023-11-02T14:30:33+01:00] INFO: Entry 4/5 submitted.
[2023-11-02T14:30:33+01:00] INFO: Submitting telemetry entry 5/5: {:event=>:action, :properties=>{:installation_id=>"6f4cafea-73a3-4058-8c01-c0212fcaa97f", :run_timestamp=>"2023-11-02T13:29:02Z", :host_plat
form=>"linux", :event_data=>{:action=>"GenerateCookbookFromResource", :target=>{:platform=>{}, :hostname_sha1=>nil, :transport_type=>nil}, :duration=>0.0006251430022530258}}} 
[2023-11-02T14:30:33+01:00] INFO: Entry 5/5 submitted.
[2023-11-02T14:30:33+01:00] INFO: Terminating, nothing more to do.
[2023-11-02T14:30:35+01:00] DEBUG: [ChefApply::Action::GenerateLocalPolicy] Action: exporting, Action Data: []
[2023-11-02T14:30:35+01:00] DEBUG: [ChefApply::Action::GenerateLocalPolicy] Action: success, Action Data: []
[2023-11-02T14:30:35+01:00] DEBUG: [SSH] root@web01<{:user_known_hosts_file=>"/dev/null", :port=>22, :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :timeout=>15, :aut
h_methods=>["none", "password", "keyboard-interactive"], :keys_only=>nil, :keys=>nil, :password=>"<hidden>", :forward_agent=>nil, :non_interactive=>true, :verify_host_key=>:never}> (cmd.exe /c ver)
[2023-11-02T14:30:35+01:00] DEBUG: [SSH] opening connection to root@web01<{:user_known_hosts_file=>"/dev/null", :port=>22, :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>
60, :timeout=>15, :auth_methods=>["none", "password", "keyboard-interactive"], :keys_only=>nil, :keys=>nil, :password=>"<hidden>", :forward_agent=>nil, :non_interactive=>true, :verify_host_key=>:never}>
[2023-11-02T14:30:35+01:00] DEBUG: [SSH] root@web01<{:user_known_hosts_file=>"/dev/null", :port=>22, :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :timeout=>15, :aut
h_methods=>["none", "password", "keyboard-interactive"], :keys_only=>nil, :keys=>nil, :password=>"<hidden>", :forward_agent=>nil, :non_interactive=>true, :verify_host_key=>:never}> (Get-WmiObject Win32_Oper
atingSystem | Select Caption,Version | ConvertTo-Json)
[2023-11-02T14:30:35+01:00] DEBUG: [SSH] root@web01<{:user_known_hosts_file=>"/dev/null", :port=>22, :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :timeout=>15, :aut
h_methods=>["none", "password", "keyboard-interactive"], :keys_only=>nil, :keys=>nil, :password=>"<hidden>", :forward_agent=>nil, :non_interactive=>true, :verify_host_key=>:never}> (uname -s)
[2023-11-02T14:30:35+01:00] DEBUG: [SSH] root@web01<{:user_known_hosts_file=>"/dev/null", :port=>22, :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :timeout=>15, :aut
h_methods=>["none", "password", "keyboard-interactive"], :keys_only=>nil, :keys=>nil, :password=>"<hidden>", :forward_agent=>nil, :non_interactive=>true, :verify_host_key=>:never}> (uname -m)
[2023-11-02T14:30:35+01:00] DEBUG: [SSH] root@web01<{:user_known_hosts_file=>"/dev/null", :port=>22, :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :timeout=>15, :aut
h_methods=>["none", "password", "keyboard-interactive"], :keys_only=>nil, :keys=>nil, :password=>"<hidden>", :forward_agent=>nil, :non_interactive=>true, :verify_host_key=>:never}> (test -f /etc/debian_vers
ion && cat /etc/debian_version)
[2023-11-02T14:30:35+01:00] DEBUG: [SSH] root@web01<{:user_known_hosts_file=>"/dev/null", :port=>22, :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :timeout=>15, :aut
h_methods=>["none", "password", "keyboard-interactive"], :keys_only=>nil, :keys=>nil, :password=>"<hidden>", :forward_agent=>nil, :non_interactive=>true, :verify_host_key=>:never}> (test -f /etc/lsb-release
 && cat /etc/lsb-release)
[2023-11-02T14:30:35+01:00] DEBUG: [SSH] root@web01<{:user_known_hosts_file=>"/dev/null", :port=>22, :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :timeout=>15, :aut
h_methods=>["none", "password", "keyboard-interactive"], :keys_only=>nil, :keys=>nil, :password=>"<hidden>", :forward_agent=>nil, :non_interactive=>true, :verify_host_key=>:never}> (test -f /usr/bin/lsb-rel
ease && cat /usr/bin/lsb-release)
[2023-11-02T14:30:36+01:00] DEBUG: [SSH] root@web01<{:user_known_hosts_file=>"/dev/null", :port=>22, :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :timeout=>15, :aut
h_methods=>["none", "password", "keyboard-interactive"], :keys_only=>nil, :keys=>nil, :password=>"<hidden>", :forward_agent=>nil, :non_interactive=>true, :verify_host_key=>:never}> (test -f /etc/os-release 
&& cat /etc/os-release)
[2023-11-02T14:30:36+01:00] DEBUG: [SSH] root@web01<{:user_known_hosts_file=>"/dev/null", :port=>22, :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :timeout=>15, :aut
h_methods=>["none", "password", "keyboard-interactive"], :keys_only=>nil, :keys=>nil, :password=>"<hidden>", :forward_agent=>nil, :non_interactive=>true, :verify_host_key=>:never}> (test -f /usr/bin/raspi-c
--More--(55%)

Visualisez la fin de ce fichier :

ot@workstation:~/chef-repo/cookbooks# tail /root/.chef-workstation/logs/default.log
Recipe: cw_service::default
  * service[apache2] action start
    - start service service[apache2]

Running handlers:
  - ChefApply::Reporter
Running handlers complete
Infra Phase complete, 1/1 resources updated in 02 seconds

[2023-11-02T14:30:41+01:00] DEBUG: [ChefApply::Action::ConvergeTarget] Action: success, Action Data: []

La commande chef-run peut être utiliser pour configurer plusieurs clients dans la même line de commande. Utilisez la commande pour arrêter le service apache2 sur les deux clients web02.i2tch.loc et web03.i2tch.loc :

root@workstation:~/chef-repo/cookbooks# chef-run web0[2:3] service apache2 action=stop --sudo --user trainee --password trainee
[✔] Packaging cookbook... done!
[✔] Generating local policyfile... exporting... done!
[✔] Applying service[apache2] from resource to targets.
├── [✔] [web02] Successfully converged service[apache2].
└── [✔] [web03] Successfully converged service[apache2].

Vérifiez ensuite le statut du service apache2 sur les deux clients web02.i2tch.loc et web03.i2tch.loc :

root@workstation:~/chef-repo/cookbooks# ssh -l trainee web02
The authenticity of host 'web02 (10.0.2.55)' can't be established.
ECDSA key fingerprint is SHA256:sEfHBv9azmK60cjqF/aJgUc9jg56slNaZQdAUcvBOvE.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'web02,10.0.2.55' (ECDSA) to the list of known hosts.
Debian GNU/Linux 9
trainee@web02's password: trainee
Linux web02.i2tch.loc 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Nov  2 13:56:42 2023 from 10.0.2.1

trainee@web02:~$ su -
Mot de passe : fenestros

root@web02:~# systemctl status apache2
● apache2.service - The Apache HTTP Server
   Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Thu 2023-11-02 14:12:37 CET; 57s ago
  Process: 1406 ExecStop=/usr/sbin/apachectl stop (code=exited, status=0/SUCCESS)
  Process: 445 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
 Main PID: 473 (code=exited, status=0/SUCCESS)

nov. 02 13:59:22 web02.i2tch.loc systemd[1]: Starting The Apache HTTP Server...
nov. 02 13:59:22 web02.i2tch.loc systemd[1]: Started The Apache HTTP Server.
nov. 02 14:12:37 web02.i2tch.loc systemd[1]: Stopping The Apache HTTP Server...
nov. 02 14:12:37 web02.i2tch.loc systemd[1]: Stopped The Apache HTTP Server.

root@web02:~# exit
déconnexion

trainee@web02:~$ exit
déconnexion
Connection to web02 closed.

root@workstation:~/chef-repo/cookbooks# ssh -l trainee web03
The authenticity of host 'web03 (10.0.2.56)' can't be established.
ECDSA key fingerprint is SHA256:sEfHBv9azmK60cjqF/aJgUc9jg56slNaZQdAUcvBOvE.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'web03,10.0.2.56' (ECDSA) to the list of known hosts.
Debian GNU/Linux 9
trainee@web03's password: trainee
Linux web03.i2tch.loc 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Nov  2 13:57:50 2023 from 10.0.2.1

trainee@web03:~$ su -
Mot de passe : fenestros

root@web03:~# systemctl status apache2
● apache2.service - The Apache HTTP Server
   Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Thu 2023-11-02 14:12:37 CET; 2min 59s ago
  Process: 1390 ExecStop=/usr/sbin/apachectl stop (code=exited, status=0/SUCCESS)
  Process: 463 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
 Main PID: 497 (code=exited, status=0/SUCCESS)

nov. 02 13:59:37 web03.i2tch.loc systemd[1]: Starting The Apache HTTP Server...
nov. 02 13:59:38 web03.i2tch.loc systemd[1]: Started The Apache HTTP Server.
nov. 02 14:12:36 web03.i2tch.loc systemd[1]: Stopping The Apache HTTP Server...
nov. 02 14:12:37 web03.i2tch.loc systemd[1]: Stopped The Apache HTTP Server.

Déconnectez-vous de la VM web03.i2tch.loc :

root@web03:~# exit
déconnexion
trainee@web03:~$ exit
déconnexion
Connection to web03 closed.
root@workstation:~/chef-repo/cookbooks# 

Utilisez maintenant la commande chef-run pour exécuter la Recipe default du Cookbook apache2 dans la VM web01.i2tch.loc :

root@workstation:~/chef-repo/cookbooks# chef-run web01 apache2::default --password fenestros
[✔] Packaging cookbook... done!
[✔] Generating local policyfile... exporting... done!
[✔] Applying apache2::default from /root/chef-repo/cookbooks/apache2 to target.
└── [✔] [web01] Successfully converged apache2::default.

Le service apache2 ayant été arrêté précédemment, vérifiez que clui-ci a été re-démarré :

root@workstation:~/chef-repo/cookbooks# ssh -l trainee web01
Debian GNU/Linux 9
trainee@web01's password: trainee
Linux web01.i2tch.loc 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Nov  2 14:08:53 2023 from 10.0.2.1

trainee@web01:~$ su -
Mot de passe : fenestros

root@web01:~# systemctl status apache2
● apache2.service - The Apache HTTP Server
   Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2023-11-02 14:40:59 CET; 32s ago
  Process: 4208 ExecStop=/usr/sbin/apachectl stop (code=exited, status=0/SUCCESS)
  Process: 4360 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
 Main PID: 4364 (apache2)
    Tasks: 55 (limit: 4915)
   CGroup: /system.slice/apache2.service
           ├─4364 /usr/sbin/apache2 -k start
           ├─4365 /usr/sbin/apache2 -k start
           └─4366 /usr/sbin/apache2 -k start

nov. 02 14:40:59 web01.i2tch.loc systemd[1]: Starting The Apache HTTP Server...
nov. 02 14:40:59 web01.i2tch.loc systemd[1]: Started The Apache HTTP Server.

Déconnectez-vous de la VM web01.i2tch.loc :

root@web01:~# exit
déconnexion

trainee@web01:~$ exit
déconnexion
Connection to web01 closed.

Un Rôle est une façon logique de regrouper des clients ou noeuds. Chaque Rôle possède des run-lists pour pouvoir configurer les noeuds associés avec le Rôle. Une Run-List est un groupement de Cookbooks ou de Recipes. Pour associer un noeud à un Rôle, Chef utilise des tags. La manipulation des Rôles s'effectue grâce à l'utilisation de la commande knife.

Commencez par définir l'éditeur par défaut dans la VM workstation.ittraining.loc :

root@workstation:~/chef-repo/cookbooks# export EDITOR=$(which vi)

Placez-vous dans le répertoire /root/chef-repo/ créez un Rôle dénommé web en utilisant la commande knife role create :

root@workstation:~/chef-repo/cookbooks# cd ..

root@workstation:~/chef-repo# knife role create web

L'éditeur VI est lancé. Editez la section run_list en y ajoutant “recipe[apache2]“. Sauvegardez et quittez le fichier :

{
   "name": "web",
   "description": "",
   "json_class": "Chef::Role",
   "default_attributes": {

   },
   "override_attributes": {

   },
   "chef_type": "role",
   "run_list": [
           "recipe[apache2]"
   ],
   "env_run_lists": {

   }
}

Vous obtiendrez :

root@workstation:~/chef-repo# knife role create web
Created role[web]

Visualisez le Rôle que vous avez créé grâce à la commande knife role show :

root@workstation:~/chef-repo# knife role show web
chef_type:           role
default_attributes:
description:         
env_run_lists:
json_class:          Chef::Role
name:                web
override_attributes:
run_list:            recipe[apache2]

Connectez-vous ensuite à votre VM ChefServer_10.0.2.110_VNC ou ChefServer_10.0.3.110_VNC selon votre numéro de stagiaire.

Ouvrez le navigateur Web et naviguez à l'adresse 10.0.2.110 ou 10.0.3.110 selon le cas :

Cliquez sur l'onglet Policy :

Cliquez sur Roles pour visualiser le Rôle web :

Sélectionnez le Rôle web pour voir le contenu de la Run List :

Cliquez sur l'ongler Nodes, puis sur le client client. Constatez la présence du Rôle web dans la Run List :

Cliquez sur le lien Edit Run List dans le menu de gauche et constatez la présence de web dans la Current Run List :

Connectez-vous ensuite à votre VM ChefServer_10.0.2.110_SSH ou ChefServer_10.0.3.110_SSH selon votre numéro de stagiaire.

Modifiez maintenant la configuration du client client.ittraining.loc en référencant le Rôle dans le run_list. Sauvegardez et quittez le fichier :

root@workstation:~/chef-repo# knife node edit client

{
  "name": "client",
  "chef_environment": "_default",
  "normal": {
    "tags": [

    ]
  },
  "policy_name": null,
  "policy_group": null,
  "run_list": [
          "role[web]"
]

}

Vous obtiendrez :

root@workstation:~/chef-repo# knife node edit client
Saving updated run_list on node client

Appliquez le Rôle grâce à la commande knife ssh :

root@workstation:~/chef-repo# knife ssh 'role:web' 'chef-client' --ssh-user root --ssh-password fenestros
client.ittraining.loc Starting Chef Infra Client, version 15.17.4
client.ittraining.loc resolving cookbooks for run list: ["apache2"]
client.ittraining.loc Synchronizing Cookbooks:
client.ittraining.loc   - apache2 (0.1.0)
client.ittraining.loc Installing Cookbook Gems:
client.ittraining.loc Compiling Cookbooks...
client.ittraining.loc Converging 3 resources
client.ittraining.loc Recipe: apache2::default
client.ittraining.loc   * apt_package[apache2] action install (up to date)
client.ittraining.loc   * service[apache2] action enable (up to date)
client.ittraining.loc   * service[apache2] action start (up to date)
client.ittraining.loc   * template[/var/www/html/index.html] action create (up to date)
client.ittraining.loc 
client.ittraining.loc Running handlers:
client.ittraining.loc Running handlers complete
client.ittraining.loc Chef Infra Client finished, 0/4 resources updated in 01 seconds
client.ittraining.loc [2023-11-02T16:30:46+01:00] WARN: This release of Chef Infra Client became end of life (EOL) on May 1st 2021. Please update to a supported release to receive new features, bug fixes, and security updates.

Copyright © 2023 Hugh Norris.