Manage Windows clusters with Chef | Maintenance Automation Tools

Whenever the server on a certain scale (hundred or more), the normal mode of SSH login management is increasingly difficult. Imagine Linux released a high-risk vulnerability patch, you have hundreds of thousands of machines to update the patch, if there is no automated way, then at least a large half of the time. Although you have written a large number of shell (or Python,perl) scripts to implement a variety of automation scenarios, you will eventually find yourself in the midst of a vast expanse of scripts, and the cost of managing and maintaining so many scripts is not small. You need an infrastructure automation tool that you want to have the following capabilities.

1 Batch Execution

This is not a lot to say, just think of the case for each machine patching.

2 Task Orchestration

Applications that are slightly more complex now require n servers to be deployed, and there must be a sequential dependency sequence in the deployment process. Then it seems that the task is definitely necessary.

3 The abstraction of a business scenario, the DSL

One of the reasons why you're abandoning your shell (or other language) scripts to automate a variety of things is that these scripts are hard to understand, and others can barely be modified except you. And as a mature tool, naturally to our complex application scenarios to do abstract, such as the server node, the role of abstraction, the server on the various installation, configuration operation abstraction, the abstraction of different environments. By abstracting out the DSL, it is easy to reach agreement and work together.

4 Security Mechanisms

Since it is an infrastructure automation tool that inevitably contains a variety of sensitive information, how to get sensitive is also very important. And since you can control the entire server cluster, the control mode is also absolutely safe.

In addition to these basic functions, of course, we also want to have more features, such as script reuse, audit function, perfect documentation and so on. There's not much to say here.

Similar tools must have been, now the market is more popular open-source software has puppet, Chef, Ansible, Saltstack and so on. Their merits are not the focus of this article.

When it comes to cluster management, it seems that the default is to manage the cluster of Linux systems, which is seldom involved in Windows Clustering. I think there are two reasons for this, on the one hand, most of the companies in the machine cluster type are mostly Linux systems, on the other hand, Windows machines in the bulk of the management of natural defects, such as the lack of various convenient script commands, it is difficult to fully scripted machine configuration and so on. However, there is no way to avoid managing Windows clusters because the Windows cluster does exist in the enterprise. Microsoft is also working to improve these issues, such as window PowerShell to solve the problem of school-based.

The author's previous project involved the management of hundreds of Windows and Linux clusters. The main operating system of the Windows cluster is the Windows Server 2008,linux cluster's main operating system is Ubuntu 12.04. To achieve such a cluster of automated configuration and management, the author has accumulated some experience, deliberately shared to everyone.

Selection of automation tools

When it comes to tool selection, if you find yourself in a very tangled position, it may be that none of the competing tools is able to break through, which makes you difficult to choose between their strengths and weaknesses. I also understand that there are too many factors to consider in tool selection. The selection of the project didn't go through too much and soon decided to use chef. I can simply say that Puppet's API is too unfriendly, ansible and salt have an unknown degree of support for Windows, and based on my previous experience, chef's support for Windows is still relatively mature. So we took the Gordian knot and chose chef.

Building Chef's eco-environment

Now that you've decided on chef, there are a lot of things to think about next.

Using a self-built chef Server

The reason is simple because customers don't expose their node to the public chef server. So we built a chef server on the intranet and placed it on an Ubuntu machine.

Workstation Select Windows Machine (Windows 7)

Considering that we want to manage both the Linux cluster and the Windows cluster, the choice of workstation is also important. When bootstrap a node, workstation and Linux node communicate in SSH, and Windows node communicates via WinRM. If the use of Linux through WinRM and Windows system communication, theoretically feasible, we can use some third-party tools to achieve, but the process is certainly more tortuous. If you use Windows machine and Linux and Windows system Communication, there is not much problem.

Build Your own software warehouse

There are a lot of mature package management tools for Linux systems, and basically a command to install what software. For Windows systems, though, there are tools such as chocolatey, but they are still stretched to distribute some of the enterprise's internal software. So we chose to build our own software warehouse. At first, for the sake of simplicity, an FTP server was built as a software repository. Later, consider migrating to a package Management server that provides more functionality, such as the Sonatype nexus.

Creating chef repo and incorporating source code control things like that don't have a lot of specificity, so it's not going to start here.

Apply chef to manage Windows clusters

Using chef to manage Windows clusters is certainly not as easy as managing a Linux cluster, here are a few points to be aware of.

Configure Windows node to turn on the WinRM service

WinRM The service is provided by Microsoft for Remote communication (Windows 7 and later system built-in support), you can simply understand the Windows version of SSH. In the WindowsServer R2 operating system, the WinRM service is turned off by default and we need to enable it. You first need to modify two group policies. In the Computer Configuration for Group Policy, policy->windows Component->windows Remote management (WinRM)->WINRM service, select "Allow automatic configuration of supervisor-Listener", choose the policy as enabled, and modify the IPv4 and IPV6 filters as *. Then select Windows Firewall in Control Panel, click the Exceptions tab, and select the Windows Remote Management check box. If you do not see the check box, click Add Program to add Windows Remote Management.

The configuration of these two items can also be implemented through PowerShell scripts.

You can then enable and configure WinRM. Only the WinRM quickconfig-q can be entered in the PowerShell terminal. In addition, Chef also recommends some advanced configuration for WinRM.

Using Windowscookbook

Windows Cookbook is the cookbook that chef has written for the Windows platform. It contains a lot of features for Windows platform features, is an indispensable tool to manipulate the Windows platform. such as extracting files, executing batch (PowerShell) commands, installing authentication, loading and unloading windows packages, configuring execution plan tasks ...

The way to use it is also simple, and installation can be done through chef's supermarket. If you need to use the cookbook module in other cookbook, simply add depends ' windows ' to the other cookbook metadata.rb.

Upgrading the PowerShell version on Windows node

PowerShell to Windows is the equivalent of Shell to Linux. The default version of PowerShell on Windows Server R2 is 3.0, and it is best to upgrade to the advanced version. Cookbook in Github.com/opscode-cookbooks/powershell can easily upgrade and configure Windows Node PowerShell, as well as install a variety of PowerShell module Execute PowerShell scripts, and so on.

Implement a silent installation of the software

Linux each of the software on the basic has a way to silently install through the command line. The software under Windows is not. If the software is packaged in. msi, you can use Windows Installer to implement a silent installation. If it is packaged as an. exe, it is not alarmed, and you can carefully analyze whether it is packaged in Inno, NSIS, InstallShield, and so on, and then automate the installation according to the way you silently implement it. If none of the above applies, then you can analyze whether the software is green software, try to install the entire folder after the installation of the Software warehouse, installation only need to decompress. If the software is neither prescriptive nor green, then it is troublesome to analyze the files created after installation, execute those scripts, and then try to line up these operations (though the software is very small and does not have to worry too much).

Using the Push jobs feature

Usually we need to do a batch operation on the node, and the function is limited by chef-client. Chef provides extended functionality such as push jobs, allowing us to perform arbitrary bulk operations on the nodes.

Skilled use of PowerShell scripts

As I said before, PowerShell's position on Windows is just like the shell's position on Linux. Windows PowerShell provides full access to COM builds and WMI components, and it makes it easy to invoke features in the. NET Framework framework and also contain powerful documentation. If you want to configure a DHCP server, or configure an IIS Web site service, or modify the registry, using PowerShell will make it easy for you to reach your goal and get rid of the graphical interface completely.

In general, Chef's support for the Windows platform is quite complete, and chef is a viable solution if you want to automate the management of Windows clusters. As for several other automation tools, the author will have time to conduct in-depth research, and then issue a report.

Free pick upBrother LianITEducationOriginalLinuxMaintenance EngineerVideo/elaborateLinuxtutorials, more information on the official website customer service:http://www.lampbrother.net/linux/

or hooking up with Q2430675018.

Welcome to the Linux Communication Group 478068715

Manage Windows clusters with Chef | Maintenance Automation Tools