configure chef replication
service iptables stop#configure ip mapping of master and replication
vi /etc/hosts
146.89.179.218deehops014ccpra.ssm.sdc.gts.ibm.com deehops014ccpra
146.89.136.162deehchf014ccpra.ssm.sdc.gts.ibm.com deehchf014ccpra
#install chef sync,used to support replication
rpm -Uvh chef-sync-1.0.0~rc.6-1.el5.x86_64.rpm
For each replica Chef server, move the /etc/chef-sync/ec_sync_user.pem file from the primary Chef server to the /etc/chef-sync directory on the replica. (This file is created automatically on the primary Chef server.)
ec_sync_user首先存在master上,可以访问master的内容。将ec_sync_user用户的私钥从master拷贝到replication,根据私钥生成公钥。ec_sync_user用户存在replication上,用于同步内容。
mkdir -p /etc/chef-sync/
scp root@deehops014ccpra:/etc/chef-sync/ec_sync_user.pem /etc/chef-sync/
vi /etc/chef-sync/chef-sync.rb
role :replica
master "https://deehops014ccpra.ssm.sdc.gts.ibm.com"
organizations [
{
:destination => "siteng",
:source => "cmsng"
}
]
# cmsngorganization already exit on chef server master
# siteng organization already exit on chef server replication
chef-sync-ctl reconfigure
chef-sync-ctl prepare-org siteng
chef-server-ctl reconfigure
knife user list -s https://deehops014ccpra.ssm.sdc.gts.ibm.com/organizations/cmsng -u ec_sync_user -k /etc/chef-sync/ec_sync_user.pem
mkdir -p /root/.chef/trusted_certs/
cd /root/.chef/trusted_certs/
scp root@deehops014ccpra:/var/opt/opscode/nginx/ca/deehops014ccpra.ssm.sdc.gts.ibm.com.crt .
knife user list -s https://deehchf014ccpra.ssm.sdc.gts.ibm.com/organizations/siteng -u ec_sync_user -k /etc/chef-sync/ec_sync_user.pem
cp /var/opt/opscode/nginx/ca/deehchf014ccpra.ssm.sdc.gts.ibm.com.crt /root/.chef/trusted_certs/
chef-sync-ctl sync-status
chef-sync-ctl sync-stop siteng
chef-sync-ctl sync-start siteng
chef-sync-ctl sync-log siteng
chef-sync-ctl sync-status
页:
[1]