(Mac) Berkshelfを利用したVagrant+Chefの環境構築
MacでVirtualBox+Vagrant+BerkshelfでChefのprovision時の手順について。
Vagrantにはvagrant-berkshelfというBerkshelfを実行してくれるプラグインが存在するが、現在はVagrantにてプラグインが非推奨となっているようなので、利用については注意を。
環境はMacでvirtualboxとVagrant 1.5.3をインストール済みの環境。
●初めにberkshelfのインストール 環境変数を設定せずにインストールを実行すると「clang: error: unknown argument: '-multiply_definedsuppress’」のエラーが出力された。
# ARCHFLAGS=-Wno-error=unused-command-line-argument-hard-error-in-future gem install berkshelf --no-ri --no-rdoc # berks -v 3.1.1
●vagrant-berkshelfプラグインのインストール vagrantでは非推奨となったプラグイン。
利用する場合には、バージョン指定でインストールすることで正常にインストールされる。
# gem install addressable -v '2.3.6' --no-ri --no-rdoc $ vagrant plugin install vagrant-berkshelf --plugin-version 2.0.1
vagrantのゲストOSにchefの実行環境をVagrantfileの設定で自動でインストール出来るプラグイン。
利用するboxにchefの実行環境が導入されていない場合には、必須のプラグイン。
$ vagrant plugin install vagrant-omnibus
●Berksfileの作成
$ vi Berksfile source "https://api.berkshelf.com" cookbook "selinux" cookbook "iptables"
※以下のberksコマンドを実行すれば作成したBerksfileよりcookbookを取得可。
$ berks vendor cookbooks $ ls cookbooks/ Berksfile.lock iptables/ selinux/
●Vagrantfileの作成
$ vi Vagrantfile # -*- mode: ruby -*- # vi: set ft=ruby : VAGRANTFILE_API_VERSION = "2" Vagrant.require_version ">= 1.5.0" Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| config.vm.box = "centos-6.5" config.vm.box_url = "https://github.com/2creatives/vagrant-centos/releases/download/v6.5.1/centos65-x86_64-20131205.box" config.vm.boot_timeout = 300 config.vm.define :test01 do |test01| test01.vm.network :private_network, ip: "192.168.10.10" test01.vm.hostname = "test01" test01.vm.provider :virtualbox do |vb| vb.name = "test01" vb.customize ["modifyvm", :id, "--cpus", "1"] vb.customize ["modifyvm", :id, "--memory", "1024"] vb.gui = true end end $script = <<-eot sed="" -i="" s="" usedns="" yes="" no="" g="" etc="" ssh="" sshd_config="" service="" sshd="" restart="" include_only=".*$/include_only=.jp/'" yum="" pluginconf="" d="" fastestmirror="" conf="" eot="" config="" vm="" provision="" :shell="" inline:="" script="" omnibus="" chef_version=":latest" berkshelf="" enabled="true" berksfile_path="./Berksfile" :chef_solo="" do="" chef="" custom_config_path="Vagrantfile.chef" cookbooks_path="[" cookbooks="" site-cookbooks="" log_level=":info" add_recipe="" selinux::disabled="" iptables::disabled="" json="{" end="" pre=""> ●Vagrantfile.chefの作成 Chefで外部にSSL(HTTPS)で通信する相手先サーバの検証を行う設定を行う。 未設定の場合にはprovision中に「SSL validation of HTTPS requests is disabled.」の警告が出力される。
$ vi Vagrantfile.chef Chef::Config.ssl_verify_mode = :verify_peer
●VMの作成/起動
$ vagrant up Bringing machine 'test01' up with 'virtualbox' provider... ==> test01: Importing base box 'centos-6.5'... ==> test01: Matching MAC address for NAT networking... ==> test01: Setting the name of the VM: test01 Updating Vagrant's berkshelf: '/Users/xx/.berkshelf/test01/vagrant/berkshelf-20140427-52381-1ulw1uz-test01' Resolving cookbook dependencies... Fetching cookbook index from https://api.berkshelf.com... Installing iptables (0.13.2) Installing selinux (0.8.0) Vendoring iptables (0.13.2) to /Users/xx/.berkshelf/test01/vagrant/berkshelf-20140427-52381-1ulw1uz-test01/iptables Vendoring selinux (0.8.0) to /Users/xx/.berkshelf/test01/vagrant/berkshelf-20140427-52381-1ulw1uz-test01/selinux ==> test01: Clearing any previously set network interfaces... ==> test01: Preparing network interfaces based on configuration... test01: Adapter 1: nat test01: Adapter 2: hostonly ==> test01: Forwarding ports... test01: 22 => 2222 (adapter 1) ==> test01: Running 'pre-boot' VM customizations... ==> test01: Booting VM... ==> test01: Waiting for machine to boot. This may take a few minutes... test01: SSH address: 127.0.0.1:2222 test01: SSH username: vagrant test01: SSH auth method: private key test01: Warning: Connection timeout. Retrying... test01: Warning: Connection timeout. Retrying... ==> test01: Machine booted and ready! ==> test01: Checking for guest additions in VM... ==> test01: Setting hostname... ==> test01: Configuring and enabling network interfaces... ==> test01: Mounting shared folders... test01: /vagrant => /Users/xx/vagrant test01: /tmp/vagrant-chef-3/chef-solo-1/cookbooks => /Users/xx/.berkshelf/test01/vagrant/berkshelf-20140427-52381-1ulw1uz-test01 ==> test01: Installing Chef 11.12.2 Omnibus package... ==> test01: Downloading Chef 11.12.2 for el... ==> test01: downloading https://www.getchef.com/chef/metadata?v=11.12.2&prerelease=false&nightlies=false&p=el&pv=6&m=x86_64 ==> test01: to file /tmp/install.sh.2578/metadata.txt ==> test01: trying curl... ==> test01: url https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-11.12.2-1.el6.x86_64.rpm ==> test01: md5 b8ef6b908b42f1cf97ac7864a8587d9f ==> test01: sha256 cc6bafac692a9b6db791310f46917a0c5857bd5b5e69c65daabf0beac3595cff ==> test01: downloaded metadata file looks valid... ==> test01: downloading https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-11.12.2-1.el6.x86_64.rpm ==> test01: to file /tmp/install.sh.2578/chef-11.12.2-1.el6.x86_64.rpm ==> test01: trying curl... ==> test01: Comparing checksum with sha256sum... ==> test01: Installing Chef 11.12.2 ==> test01: installing with rpm... ==> test01: warning: ==> test01: /tmp/install.sh.2578/chef-11.12.2-1.el6.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY ==> test01: Preparing... ==> test01: ################################################## ==> test01: chef ==> test01: # ==> test01: # ==> test01: # ==> test01: Thank you for installing Chef! ==> test01: Running provisioner: shell... test01: Running: inline script Stopping sshd: [ OK ] Starting sshd: [ OK ] ==> test01: Running provisioner: chef_solo... Generating chef JSON and uploading... Running chef-solo... [2014-04-26T17:53:47+00:00] INFO: Forking chef instance to converge... [2014-04-26T17:53:47+00:00] INFO: *** Chef 11.12.2 *** [2014-04-26T17:53:47+00:00] INFO: Chef-client pid: 2975 [2014-04-26T17:54:09+00:00] INFO: Setting the run_list to ["recipe[selinux::disabled]", "recipe[iptables::disabled]"] from CLI options [2014-04-26T17:54:09+00:00] INFO: Run List is [recipe[selinux::disabled], recipe[iptables::disabled]] [2014-04-26T17:54:09+00:00] INFO: Run List expands to [selinux::disabled, iptables::disabled] [2014-04-26T17:54:09+00:00] INFO: Starting Chef Run for test01 [2014-04-26T17:54:09+00:00] INFO: Running start handlers [2014-04-26T17:54:09+00:00] INFO: Start handlers complete. [2014-04-26T17:55:03+00:00] INFO: template[disabled selinux config] backed up to /var/chef/backup/etc/selinux/config.chef-20140426175503.940314 [2014-04-26T17:55:03+00:00] INFO: template[disabled selinux config] updated file contents /etc/selinux/config [2014-04-26T17:55:05+00:00] INFO: service[iptables] disabled [2014-04-26T17:55:05+00:00] INFO: Chef Run complete in 56.477397029 seconds [2014-04-26T17:55:05+00:00] INFO: Running report handlers [2014-04-26T17:55:05+00:00] INFO: Report handlers complete
●VMの確認
# service iptables status iptables: Firewall is not running. # chkconfig --list iptables iptables 0:off 1:off 2:off 3:off 4:off 5:off 6:off # getenforce Disabled # grep ^SELINUX= /etc/sysconfig/selinux SELINUX=disabled # grep include_only /etc/yum/pluginconf.d/fastestmirror.conf include_only=.jp
起動したVMでchefのcookbookやprovisionのshellが反映されていることが確認できた。
