Chef是一个IT基础设施自动化软件，它可以管理你组织中所有的服务器和网络设备。当我们想与Chef服务器、任何物理节点（服务器、网络设备等）的基础设施进行交互时，我们需要一个Chef工作站。

在CentOS 7上

cd~wgethttps://packages.chef.io/stable/el/7/chefdk-0.11.2-1.el7.x86_64.rpm

在CentOS 6上

cd~wgethttps://packages.chef.io/stable/el/6/chefdk-0.11.2-1.el6.x86_64.rpm

安装 ChefDK

使用RPM安装刚刚下载的ChefDK

#rpm-ivhchefdk-0.11.2-1.el7.x86_64.rpmPreparing...#################################[100%]Updating/installing...1:chefdk-0.11.2-1.el7#################################[100%]ThankyouforinstallingChefDevelopmentKit!

ChefDK默认安装到/opt/chefdk目录下，如下所示

#ls-l/opt/chefdk/drwxr-xr-x.2rootroot4096Mar313:50bindrwxr-xr-x.7rootroot62Mar313:50embedded-rw-r--r--.1rootroot13249Feb2214:26version-manifest.json-rw-r--r--.1rootroot8233Feb2214:26version-manifest.txt验证ChefDK的安装

执行chef verify，验证所有来自ChefDK的不同组件，确保他们都工作正常，没有任何问题

#chefverifyRunningverificationforcomponent'berkshelf'Runningverificationforcomponent'test-kitchen'Runningverificationforcomponent'tk-policyfile-provisioner'Runningverificationforcomponent'chef-client'Runningverificationforcomponent'chef-dk'Runningverificationforcomponent'chef-provisioning'Runningverificationforcomponent'chefspec'Runningverificationforcomponent'generated-cookbooks-pass-chefspec'Runningverificationforcomponent'rubocop'Runningverificationforcomponent'fauxhai'Runningverificationforcomponent'knife-spork'Runningverificationforcomponent'kitchen-vagrant'Runningverificationforcomponent'packageinstallation'Runningverificationforcomponent'openssl'Runningverificationforcomponent'inspec'.......---------------------------------------------Verificationofcomponent'test-kitchen'succeeded.Verificationofcomponent'chef-dk'succeeded.Verificationofcomponent'chefspec'succeeded.Verificationofcomponent'rubocop'succeeded.Verificationofcomponent'knife-spork'succeeded.Verificationofcomponent'openssl'succeeded.Verificationofcomponent'berkshelf'succeeded.Verificationofcomponent'chef-client'succeeded.Verificationofcomponent'fauxhai'succeeded.Verificationofcomponent'inspec'succeeded.Verificationofcomponent'tk-policyfile-provisioner'succeeded.Verificationofcomponent'kitchen-vagrant'succeeded.Verificationofcomponent'chef-provisioning'succeeded.Verificationofcomponent'packageinstallation'succeeded.Verificationofcomponent'generated-cookbooks-pass-chefspec'succeeded.

下面是chef verify失败的案例。注意：Ruby在Chef中是必须的，它被嵌入在了ChefDK中。

#chefverify../opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/mixlib-shellout-2.2.6/lib/mixlib/shellout.rb:289:in`invalid!':Expectedprocesstoexitwith[0],butreceived'1'(Mixlib::ShellOut::ShellCommandFailed)----Beginoutputof/usr/bin/ohai-v----STDOUT:STDERR:/opt/chefdk/embedded/lib/ruby/site_ruby/2.1.0/rubygems/dependency.rb:319:in`to_specs':Couldnotfind'chef-config'(=12.8.0)-didfind:[chef-config-12.7.2](Gem::LoadError)

以上错误信息显示：“Could not find ‘chef-config’ (= 12.8.0) – did find: [chef-config-12.7.2] (Gem::LoadError)”，在安装的ChefDK中chef-config的版本是12.7.2的旧版本，在手动安装chef-confg 12.8.0版本后再执行chef verify，显示验证成功。

执行 chef -version命令，显示ChefDK的版本号以及所有附带组件

#chef--versionChefDevelopmentKitVersion:0.11.2chef-clientversion:12.7.2berksversion:4.2.0kitchenversion:1.5.0设置Chef 环境变量

设置Chef相关的环境变量，如：GEM_ROOT GEM_HOME GEM_PATH。

exportGEM_ROOT="/opt/chefdk/embedded/lib/ruby/gems/2.1.0"exportGEM_HOME="/root/.chefdk/gem/ruby/2.1.0"exportGEM_PATH="/root/.chefdk/gem/ruby/2.1.0:/opt/chefdk/embedded/lib/ruby/gems/2.1.0"

此外，如果你的系统上已经安装了ruby，你需要更新与ruby相关的PATH变量，如下所示

exportPATH="/opt/chefdk/bin:/root/.chefdk/gem/ruby/2.1.0/bin:/opt/chefdk/embedded/bin:/opt/chefdk/bin:/root/.chefdk/gem/ruby/2.1.0/bin:/opt/chefdk/embedded/bin:/opt/chefdk/bin:/root/.chefdk/gem/ruby/2.1.0/bin:/opt/chefdk/embedded/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin"

显示所有Chef设置的环境变量。

chefshell-initbash

想要快速设置这些环境变量，可以将其添加到bash_profile文件中，如下所示。

echo'eval"$(chefshell-initbash)"'>>~/.bash_profile访问Chef的Firewalld规则

为了访问Chef服务器上的Chef Manage GUI，添加以下firewalld规则，开放Chef服务器上的相应端口。

firewall-cmd--direct--add-ruleipv4\filterINPUT_direct0-ieth0-ptcp\--dport443-jACCEPTfirewall-cmd--direct--add-ruleipv4\filterINPUT_direct0-ieth0-ptcp\--dport80-jACCEPTfirewall-cmd--direct--add-ruleipv4\filterINPUT_direct0-ieth0-ptcp\--dport9683-jACCEPTfirewall-cmd--reload从Chef Manage GUI下载Starter Kit

登录到Chef Manage GUI，单击“Administration”选项，从列表中选择“organization”。此例中，“organization”为“example”，选中organization之后，点击左侧菜单中的“Starter Kit”。

按下“Download（下载）”按钮之后，会跳出一个警告信息，按下“Proceed”，它会将chef-starter.zip文件下载到本地机器。

将chef-starter.zip文件传输到Chef工作站并解压到root的home目录下

#cd~#unzipchef-starter.zipArchive:chef-starter.zipcreating:chef-repo/cookbooks/creating:chef-repo/cookbooks/starter/creating:chef-repo/cookbooks/starter/templates/creating:chef-repo/cookbooks/starter/templates/default/inflating:chef-repo/cookbooks/starter/templates/default/sample.erbcreating:chef-repo/cookbooks/starter/files/creating:chef-repo/cookbooks/starter/files/default/inflating:chef-repo/cookbooks/starter/files/default/sample.txtcreating:chef-repo/cookbooks/starter/recipes/inflating:chef-repo/cookbooks/starter/recipes/default.rbcreating:chef-repo/cookbooks/starter/attributes/inflating:chef-repo/cookbooks/starter/attributes/default.rbinflating:chef-repo/cookbooks/starter/metadata.rbinflating:chef-repo/cookbooks/chefignoreinflating:chef-repo/README.mdinflating:chef-repo/.gitignorecreating:chef-repo/.chef/creating:chef-repo/roles/inflating:chef-repo/.chef/knife.rbinflating:chef-repo/roles/starter.rbinflating:chef-repo/.chef/ramesh.peminflating:chef-repo/.chef/example-validator.pem

如果你手动创建了chef-repo文件夹，那你就需要手动创建上述的子目录，复制knife.rb文件、organization-validator.pem文件（如：example-validator.pem）、username.pem文件（如：ramesh.pem）到上面显示的目录中。

在这个阶段如果执行knife client list会得到以下错误信息

#cd~/chef-repo#knifeclientlistERROR:SSLValidationfailureconnectingtohost:centos.example.com-SSL_connectreturned=1errno=0state=error:certificateverifyfailedERROR:Couldnotestablishasecureconnectiontotheserver.Use`knifesslcheck`totroubleshootyourSSLconfiguration.IfyourChefServerusesaself-signedcertificate,youcanuse`knifesslfetch`tomakeknifetrusttheserver'scertificates.OriginalException:OpenSSL::SSL::SSLError:SSLErrorconnectingtohttps://centos.example.com/organizations/example/clients-SSL_connectreturned=1errno=0state=error:certificateverifyfailed

证书验证失败，因为我们没有从Chef服务器下载SSL证书，此时可以执行以下“knife ssl fetch”。

#cd~/chef-repo#knifesslfetchWARNING:Certificatesfromcentos.example.comwillbefetchedandplacedinyourtrusted_certdirectory(/root/chef-repo/.chef/trusted_certs).Knifehasnomeanstoverifythesearethecorrectcertificates.Youshouldverifytheauthenticityofthesecertificatesafterdownloading.

证书将会下载到以下truster_certs目录中

#ls-l/root/chef-repo/.chef/trusted_certs-rw-r--r--.1rootroot1379Mar2020:17centos_example_com.crt#cat/root/chef-repo/.chef/trusted_certs/centos_example_com.crt-----BEGINCERTIFICATE-----MIIDzDCCArSgAwIBAgIBADANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEQMA4GA1UECgwHWW91Q29ycDETMBEGA1UECwwKT3BlcmF0aW9uczEbMBkGA1UEAwwSZXJhdGlvbnMxGzAZBgNVBAMMEmNlbnRvcy5leGFtcGxlLmNvbTCCASIwDQYJKoZI....WLyr2ORLMcck/OGsubabO/koMNTqhl2JJPECNiDJh06MeZ/2+BOwGZSpXDbw+vFENJAsLfsTzihGWZ58einMFA==-----ENDCERTIFICATE-----Chef工作站的最终确认

如果Chef工作站工作正常，当你执行“knife client list”时，它会显示所有连接工作站的客户端。由于我们刚刚安装它，因此只能看到刚刚我们创建的组织（organization）

#cd~/chef-repo#knifeclientlistexample-validator

如果你现有的Chef工作站机器上已经有5个服务器连接到它了，你会看到以下信息

#knifeclientlistexample-validatornode1node2node3node4node5