diff --git a/sources/tech/20150717 How to Configure Chef (server or client) on Ubuntu 14.04 or 15.04.md b/sources/tech/20150717 How to Configure Chef (server or client) on Ubuntu 14.04 or 15.04.md new file mode 100644 index 0000000000..69efa63823 --- /dev/null +++ b/sources/tech/20150717 How to Configure Chef (server or client) on Ubuntu 14.04 or 15.04.md @@ -0,0 +1,314 @@ +How to Configure Chef (server/client) on Ubuntu 14.04 / 15.04 +================================================================================ +Chef is a configuration management and automation tool for information technology professionals that configures and manages your infrastructure whether it is on-premises or in the cloud. It can be used to speed up application deployment and to coordinate the work of multiple system administrators and developers involving hundreds, or even thousands, of servers and applications to support a large customer base. The key to Chef’s power is that it turns infrastructure into code. Once you master Chef, you will be able to enable web IT with first class support for managing your cloud infrastructure with an easy automation of your internal deployments or end users systems. + +Here are the major components of Chef that we are going to setup and configure in this tutorial. +chef components + +![](http://blog.linoxide.com/wp-content/uploads/2015/07/chef.png) + +### Chef Prerequisites and Versions ### + +We are going to setup Chef configuration management system under the following basic environment. + +注:表格 + + + + + + + + + + + + + + + + + + + + + + + + + + +
Chef, Configuration Management Tool
Base Operating SystemUbuntu 14.04.1 LTS (x86_64)
Chef ServerVersion 12.1.0
Chef ManageVersion 1.17.0
Chef Development KitVersion 0.6.2
RAM and CPU4 GB  , 2.0+2.0 GHZ
+ +### Chef Server's Installation and Configurations ### + +Chef Server is central core component that stores recipes as well as other configuration data and interact with the workstations and nodes. let's download the installation media by selecting the latest version of chef server from its official web link. + +We will get its installation package and install it by using following commands. + +**1) Downloading Chef Server** + + root@ubuntu-14-chef:/tmp# wget https://web-dl.packagecloud.io/chef/stable/packages/ubuntu/trusty/chef-server-core_12.1.0-1_amd64.deb + +**2) To install Chef Server** + + root@ubuntu-14-chef:/tmp# dpkg -i chef-server-core_12.1.0-1_amd64.deb + +**3) Reconfigure Chef Server** + +Now Run the following command to start all of the chef server services ,this step may take a few minutes to complete as its composed of many different services that work together to create a functioning system. + + root@ubuntu-14-chef:/tmp# chef-server-ctl reconfigure + +The chef server startup command 'chef-server-ctl reconfigure' needs to be run twice so that installation ends with the following completion output. + + Chef Client finished, 342/350 resources updated in 113.71139964 seconds + opscode Reconfigured! + +**4) Reboot OS** + +Once the installation complete reboot the operating system for the best working without doing this we you might get the following SSL_connect error during creation of User. + + ERROR: Errno::ECONNRESET: Connection reset by peer - SSL_connect + +**5) Create new Admin User** + +Run the following command to create a new administrator user with its profile settings. During its creation user’s RSA private key is generated automatically that should be saved to a safe location. The --filename option will save the RSA private key to a specified path. + + root@ubuntu-14-chef:/tmp# chef-server-ctl user-create kashi kashi kashi kashif.fareedi@gmail.com kashi123 --filename /root/kashi.pem + +### Chef Manage Setup on Chef Server ### + +Chef Manage is a management console for Enterprise Chef that enables a web-based user interface for visualizing and managing nodes, data bags, roles, environments, cookbooks and role-based access control (RBAC). + +**1) Downloading Chef Manage** + +Copy the link for Chef Manage from the official web site and download the chef manage package. + + root@ubuntu-14-chef:~# wget https://web-dl.packagecloud.io/chef/stable/packages/ubuntu/trusty/opscode-manage_1.17.0-1_amd64.deb + +**2) Installing Chef Manage** + +Let's install it into the root's home directory with below command. + + root@ubuntu-14-chef:~# chef-server-ctl install opscode-manage --path /root + +**3) Restart Chef Manage and Server** + +Once the installation is complete we need to restart chef manage and chef server services by executing following commands. + + root@ubuntu-14-chef:~# opscode-manage-ctl reconfigure + root@ubuntu-14-chef:~# chef-server-ctl reconfigure + +### Chef Manage Web Console ### + +We can access chef manage web console from the localhost as wel as its fqdn and login with the already created admin user account. + +![chef amanage](http://blog.linoxide.com/wp-content/uploads/2015/07/5-chef-web.png) + +**1) Create New Organization with Chef Manage** + +You would be asked to create new organization or accept the invitation from the organizations. Let's create a new organization by providing its short and full name as shown. + +![Create Org](http://blog.linoxide.com/wp-content/uploads/2015/07/7-create-org.png) + +**2) Create New Organization with Command line** + +We can also create new Organization from the command line by executing the following command. + + root@ubuntu-14-chef:~# chef-server-ctl org-create linux Linoxide Linux Org. --association_user kashi --filename linux.pem + +### Configuration and setup of Workstation ### + +As we had done with successful installation of chef server now we are going to setup its workstation to create and configure any recipes, cookbooks, attributes, and other changes that we want to made to our Chef configurations. + +**1) Create New User and Organization on Chef Server** + +In order to setup workstation we create a new user and an organization for this from the command line. + + root@ubuntu-14-chef:~# chef-server-ctl user-create bloger Bloger Kashif bloger.kashif@gmail.com bloger123 --filename bloger.pem + + root@ubuntu-14-chef:~# chef-server-ctl org-create blogs Linoxide Blogs Inc. --association_user bloger --filename blogs.pem + +**2) Download Starter Kit for Workstation** + +Now Download and Save starter-kit from the chef manage web console on a workstation and use it to work with Chef server. + +![Starter Kit](http://blog.linoxide.com/wp-content/uploads/2015/07/8-download-kit.png) + +**3) Click to "Proceed" with starter kit download** + +![starter kit](http://blog.linoxide.com/wp-content/uploads/2015/07/9-download-kit.png) + +### Chef Development Kit Setup for Workstation ### + +Chef Development Kit is a software package suite with all the development tools need to code Chef. It combines with the best of the breed tools developed by Chef community with Chef Client. + +**1) Downloading Chef DK** + +We can Download chef development kit from its official web link and choose the required operating system to get its chef development tool kit. + +![Chef DK](http://blog.linoxide.com/wp-content/uploads/2015/07/10-CDK.png) + +Copy the link and download it with wget command. + + root@ubuntu-15-WKS:~# wget https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chefdk_0.6.2-1_amd64.deb + +**1) Chef Development Kit Installatoion** + +Install chef-development kit using dpkg command + + root@ubuntu-15-WKS:~# dpkg -i chefdk_0.6.2-1_amd64.deb + +**3) Chef DK Verfication** + +Verify using the below command that the client got installed properly. + + root@ubuntu-15-WKS:~# chef verify + +---------- + + Running verification for component 'berkshelf' + Running verification for component 'test-kitchen' + Running verification for component 'chef-client' + Running verification for component 'chef-dk' + Running verification for component 'chefspec' + Running verification for component 'rubocop' + Running verification for component 'fauxhai' + Running verification for component 'knife-spork' + Running verification for component 'kitchen-vagrant' + Running verification for component 'package installation' + Running verification for component 'openssl' + .............. + --------------------------------------------- + Verification of component 'rubocop' succeeded. + Verification of component 'knife-spork' succeeded. + Verification of component 'openssl' succeeded. + Verification of component 'berkshelf' succeeded. + Verification of component 'chef-dk' succeeded. + Verification of component 'fauxhai' succeeded. + Verification of component 'test-kitchen' succeeded. + Verification of component 'kitchen-vagrant' succeeded. + Verification of component 'chef-client' succeeded. + Verification of component 'chefspec' succeeded. + Verification of component 'package installation' succeeded. + +**Connecting to Chef Server** + +We will Create ~/.chef and copy the two user and organization pem files to this folder from chef server. + + root@ubuntu-14-chef:~# scp bloger.pem blogs.pem kashi.pem linux.pem root@172.25.10.172:/.chef/ + +---------- + + root@172.25.10.172's password: + bloger.pem 100% 1674 1.6KB/s 00:00 + blogs.pem 100% 1674 1.6KB/s 00:00 + kashi.pem 100% 1678 1.6KB/s 00:00 + linux.pem 100% 1678 1.6KB/s 00:00 + +**Knife Configurations to Manage your Chef Environment** + +Now create "~/.chef/knife.rb" with following content as configured in previous steps. + + root@ubuntu-15-WKS:/.chef# vim knife.rb + current_dir = File.dirname(__FILE__) + + log_level :info + log_location STDOUT + node_name "kashi" + client_key "#{current_dir}/kashi.pem" + validation_client_name "kashi-linux" + validation_key "#{current_dir}/linux.pem" + chef_server_url "https://172.25.10.173/organizations/linux" + cache_type 'BasicFile' + cache_options( :path => "#{ENV['HOME']}/.chef/checksums" ) + cookbook_path ["#{current_dir}/../cookbooks"] + +Create "~/cookbooks" folder for cookbooks as specified knife.rb file. + + root@ubuntu-15-WKS:/# mkdir cookbooks + +**Testing with Knife Configurations** + +Run "knife user list" and "knife client list" commands to verify whether knife configuration is working. + + root@ubuntu-15-WKS:/.chef# knife user list + +You might get the following error while first time you run this command.This occurs because we do not have our Chef server's SSL certificate on our workstation. + + ERROR: SSL Validation failure connecting to host: 172.25.10.173 - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed + ERROR: Could not establish a secure connection to the server. + Use `knife ssl check` to troubleshoot your SSL configuration. + If your Chef Server uses a self-signed certificate, you can use + `knife ssl fetch` to make knife trust the server's certificates. + +To recover from the above error run the following command to fetch ssl certs and once again run the knife user and client list command and it should be fine then. + + root@ubuntu-15-WKS:/.chef# knife ssl fetch + WARNING: Certificates from 172.25.10.173 will be fetched and placed in your trusted_cert + directory (/.chef/trusted_certs). + + Knife has no means to verify these are the correct certificates. You should + verify the authenticity of these certificates after downloading. + + Adding certificate for ubuntu-14-chef.test.com in /.chef/trusted_certs/ubuntu-14-chef_test_com.crt + +Now after fetching ssl certs with above command, let's again run the below command. + + root@ubuntu-15-WKS:/.chef#knife client list + kashi-linux + +### New Node Configuration to interact with chef-server ### + +Nodes contain chef-client which performs all the infrastructure automation. So, Its time to begin with adding new servers to our chef environment by Configuring a new node to interact with chef-server after we had Configured chef-server and knife workstation combinations. + +To configure a new node to work with chef server use below command. + + root@ubuntu-15-WKS:~# knife bootstrap 172.25.10.170 --ssh-user root --ssh-password kashi123 --node-name mydns + +---------- + + Doing old-style registration with the validation key at /.chef/linux.pem... + Delete your validation key in order to use your user credentials instead + + Connecting to 172.25.10.170 + 172.25.10.170 Installing Chef Client... + 172.25.10.170 --2015-07-04 22:21:16-- https://www.opscode.com/chef/install.sh + 172.25.10.170 Resolving www.opscode.com (www.opscode.com)... 184.106.28.91 + 172.25.10.170 Connecting to www.opscode.com (www.opscode.com)|184.106.28.91|:443... connected. + 172.25.10.170 HTTP request sent, awaiting response... 200 OK + 172.25.10.170 Length: 18736 (18K) [application/x-sh] + 172.25.10.170 Saving to: ‘STDOUT’ + 172.25.10.170 + 100%[======================================>] 18,736 --.-K/s in 0s + 172.25.10.170 + 172.25.10.170 2015-07-04 22:21:17 (200 MB/s) - written to stdout [18736/18736] + 172.25.10.170 + 172.25.10.170 Downloading Chef 12 for ubuntu... + 172.25.10.170 downloading https://www.opscode.com/chef/metadata?v=12&prerelease=false&nightlies=false&p=ubuntu&pv=14.04&m=x86_64 + 172.25.10.170 to file /tmp/install.sh.26024/metadata.txt + 172.25.10.170 trying wget... + +After all we can see the vewly created node under the knife node list and new client list as it it will also creates a new client with the node. + + root@ubuntu-15-WKS:~# knife node list + mydns + +Similarly we can add multiple number of nodes to our chef infrastructure by providing ssh credentials with the same above knofe bootstrap command. + +### Conclusion ### + +In this detailed article we learnt about the Chef Configuration Management tool with its basic understanding and overview of its components with installation and configuration settings. We hope you have enjoyed learning the installation and configuration of Chef server with its workstation and client nodes. + +-------------------------------------------------------------------------------- + +via: http://linoxide.com/ubuntu-how-to/install-configure-chef-ubuntu-14-04-15-04/ + +作者:[Kashif Siddique][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linoxide.com/author/kashifs/ \ No newline at end of file diff --git a/sources/tech/20150717 Howto Configure FTP Server with Proftpd on Fedora 22.md b/sources/tech/20150717 Howto Configure FTP Server with Proftpd on Fedora 22.md new file mode 100644 index 0000000000..89094c1010 --- /dev/null +++ b/sources/tech/20150717 Howto Configure FTP Server with Proftpd on Fedora 22.md @@ -0,0 +1,185 @@ +Howto Configure FTP Server with Proftpd on Fedora 22 +================================================================================ +In this article, we'll learn about setting up an FTP server with Proftpd running Fedora 22 in our machine or server. [ProFTPD][1] is a free and open source FTP daemon software licensed under GPL. It is among most popular FTP server among machines running Linux. Its primary design aims to have an FTP server with many advanced features and provisioning users for more configuration options for easy customization. It includes a number of configuration options that are still not available with many other FTP daemons. It was initially developed by the developers as an alternative with better security and configuration to wu-ftpd server. An FTP server is a program that allows us to upload or download files and folders from a remote server where it is setup using an FTP client. Some of the features of ProFTPD daemon are as follows, you can check more features on [http://www.proftpd.org/features.html][2] . + +- It includes a per directory ".ftpaccess" access configuration similar to Apache's ".htaccess" +- It features multiple virtual FTP server with multiple users login and anonymous FTP services. +- It can be run either as a stand-alone server or from inetd/xinetd. +- Its ownership, file/folder attributes and file/folder permissions are UNIX-based. +- It can be run as standalone mode in order to protect the system from damage that can be caused from root access. +- The modular design of it makes it easily extensible with modules like LDAP servers, SSL/TLS encryption, RADIUS support, etc. +- IPv6 support is also included in the ProFTPD server. + +Here are some easy to perform steps on how we can setup an FTP Server with ProFTPD in Fedora 22 operating system. + +### 1. Installing ProFTPD ### + +First of all, we'll wanna install Proftpd server in our box running Fedora 22 as its operating system. As yum package manager has been depreciated, we'll use the latest and greatest built package manager called dnf. DNF is pretty easy to use and highly user friendly package manager available in Fedora 22. We'll simply use it to install proftpd daemon server. To do so, we'll need to run the following command in a terminal or a console in sudo mode. + + $ sudo dnf -y install proftpd proftpd-utils + +### 2. Configuring ProFTPD ### + +Now, we'll make changes to some configurations in the daemon. To configure the daemon, we will need to edit /etc/proftpd.conf with a text editor. The main configuration file of the ProFTPD daemon is **/etc/proftpd.conf** so, any changes made to this file will affect the FTP server. Here, are some changes we make in this initial step. + + $ sudo vi /etc/proftpd.conf + +Next, after we open the file using a text editor, we'll wanna make changes to the ServerName and ServerAdmin as hostname and email address respectively. Here's what we have made changes to those configs. + + ServerName "ftp.linoxide.com" + ServerAdmin arun@linoxide.com + +After that, we'll wanna the following lines into the configuration file so that it logs access & auth into its specified log files. + + ExtendedLog /var/log/proftpd/access.log WRITE,READ default + ExtendedLog /var/log/proftpd/auth.log AUTH auth + +![Configuring ProFTPD Config](http://blog.linoxide.com/wp-content/uploads/2015/06/configuring-proftpd-config.png) + +### 3. Adding FTP users ### + +After configure the basics of the configuration file, we'll surely wanna create an FTP user which is rooted at a specific directory we want. The current users that we use to login into our machine are automatically enabled with the FTP service, we can even use it to login into the FTP server. But, in this tutorial, we'll gonna create a new user with a specified home directory to the ftp server. + +Here, we'll create a new group named ftpgroup. + + $ sudo groupadd ftpgroup + +Then, we'll gonna add a new user arunftp into the group with home directory specified as /ftp-dir/ + + $ sudo useradd -G ftpgroup arunftp -s /sbin/nologin -d /ftp-dir/ + +After the user has been created and added to the group, we'll wanna set a password to the user arunftp. + + $ sudo passwd arunftp + + Changing password for user arunftp. + New password: + Retype new password: + passwd: all authentication tokens updated successfully. + +Now, we'll set read and write permission of the home directory by the ftp users by executing the following command. + + $ sudo setsebool -P allow_ftpd_full_access=1 + $ sudo setsebool -P ftp_home_dir=1 + +Then, we'll wanna make that directory and its contents unable to get removed or renamed by any other users. + + $ sudo chmod -R 1777 /ftp-dir/ + +### 4. Enabling TLS Support ### + +FTP is considered less secure in comparison to the latest encryption methods used these days as anybody sniffing the network card can read the data pass through FTP. So, we'll enable TLS Encryption support in our FTP server. To do so, we'll need to a edit /etc/proftpd.conf configuration file. Before that, we'll wanna backup our existing configuration file to make sure we can revert our configuration if any unexpected happens. + + $ sudo cp /etc/proftpd.conf /etc/proftpd.conf.bak + +Then, we'll wanna edit the configuration file using our favorite text editor. + + $ sudo vi /etc/proftpd.conf + +Then, we'll wanna add the following lines just below line we configured in step 2 . + + TLSEngine on + TLSRequired on + TLSProtocol SSLv23 + TLSLog /var/log/proftpd/tls.log + TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem + TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem + +![Enabling TLS Configuration](http://blog.linoxide.com/wp-content/uploads/2015/06/tls-configuration.png) + +After finishing up with the configuration, we'll wanna save and exit it. + +Next, we'll need to generate the SSL certificates inside **/etc/pki/tls/certs/** directory as proftpd.pem. To do so, first we'll need to install openssl in our Fedora 22 machine. + + $ sudo dnf install openssl + +Then, we'll gonna generate the SSL certificate by running the following command. + + $ sudo openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/pki/tls/certs/proftpd.pem -out /etc/pki/tls/certs/proftpd.pem + +We'll be asked with some information that will be associated into the certificate. After completing the required information, it will generate a 2048 bit RSA private key. + + Generating a 2048 bit RSA private key + ...................+++ + ...................+++ + writing new private key to '/etc/pki/tls/certs/proftpd.pem' + ----- + You are about to be asked to enter information that will be incorporated + into your certificate request. + What you are about to enter is what is called a Distinguished Name or a DN. + There are quite a few fields but you can leave some blank + For some fields there will be a default value, + If you enter '.', the field will be left blank. + ----- + Country Name (2 letter code) [XX]:NP + State or Province Name (full name) []:Narayani + Locality Name (eg, city) [Default City]:Bharatpur + Organization Name (eg, company) [Default Company Ltd]:Linoxide + Organizational Unit Name (eg, section) []:Linux Freedom + Common Name (eg, your name or your server's hostname) []:ftp.linoxide.com + Email Address []:arun@linoxide.com + +After that, we'll gonna change the permission of the generated certificate file in order to secure it. + + $ sudo chmod 600 /etc/pki/tls/certs/proftpd.pem + +### 5. Allowing FTP through Firewall ### + +Now, we'll need to allow the ftp ports that are usually blocked by the firewall by default. So, we'll allow ports and enable access to the ftp through firewall. + +If **TLS/SSL Encryption is enabled** run the following command. + + $sudo firewall-cmd --add-port=1024-65534/tcp + $ sudo firewall-cmd --add-port=1024-65534/tcp --permanent + +If **TLS/SSL Encryption is disabled** run the following command. + + $ sudo firewall-cmd --permanent --zone=public --add-service=ftp + + success + +Then, we'll need to reload the firewall configuration. + + $ sudo firewall-cmd --reload + + success + +### 6. Starting and Enabling ProFTPD ### + +After everything is set, we'll finally start our ProFTPD and give it a try. To start the proftpd ftp daemon, we'll need to run the following command. + + $ sudo systemctl start proftpd.service + +Then, we'll wanna enable proftpd to start on every boot. + + $ sudo systemctl enable proftpd.service + + Created symlink from /etc/systemd/system/multi-user.target.wants/proftpd.service to /usr/lib/systemd/system/proftpd.service. + +### 7. Logging into the FTP server ### + +Now, if everything was configured and done as expected, we must be able to connect to the ftp server and login with the details we set above. Here, we'll gonna configure our FTP client, filezilla with hostname as **server's ip or url**, Protocol as **FTP**, User as **arunftp** and password as the one we set in above step 3. If you followed step 4 for enabling TLS support, then we'll need to set the Encryption type as **Require explicit FTP over TLS** but if you didn't follow step 4 and don't wanna use TLS encryption then set the Encryption type as **Plain FTP**. + +![FTP Login Details](http://blog.linoxide.com/wp-content/uploads/2015/06/ftp-login-details.png) + +To setup the above configuration, we'll need goto File which is under the Menu and then click on Site Manager in which we can click on new site then configure as illustrated above. + +![FTP SSL Certificate](http://blog.linoxide.com/wp-content/uploads/2015/06/ftp-ssl-certificate.png) + +Then, we're asked to accept the SSL certificate, that can be done by click OK. After that, we are able to upload and download required files and folders from our FTP server. + +### Conclusion ### + +Finally, we have successfully installed and configured our Fedora 22 box with Proftpd FTP server. Proftpd is an awesome powerful highly configurable and extensible FTP daemon. The above tutorial illustrates us how we can configure a secure FTP server with TLS encryption. It is highly recommended to configure FTP server with TLS encryption as it enables SSL certificate security to the data transfer and login. Here, we haven't configured anonymous access to the FTP cause they are usually not recommended in a protected FTP system. An FTP access makes pretty easy for people to upload and download at good efficient performance. We can even change the ports for the users for additional security. So, if you have any questions, suggestions, feedback please write them in the comment box below so that we can improve or update our contents. Thank you ! Enjoy :-) + +-------------------------------------------------------------------------------- + +via: http://linoxide.com/linux-how-to/configure-ftp-proftpd-fedora-22/ + +作者:[Arun Pyasi][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linoxide.com/author/arunp/ \ No newline at end of file