前提:
aptitude -y install puppet augeas-tools
aptitude -y install puppetmaster sqlite3 libsqlite3-ruby libactiverecord-ruby git rake
已经安装完了puppetmaster端
1.安装软件
apt-get install apache2 libapache2-mod-passenger rails librack-ruby libmysql-ruby 2.需要先产生一次证书 例如:我的hostname是server 先启动puppetmaster,puppet agent -vt 连接到服务器端。如果一切顺利,会产生 /var/lib/puppet/ssl/certs/server.pem /var/lib/puppet/ssl/private_keys/server.pem 这两个文件,在配置apache认证需要 3.vim /etc/apache2/conf.d/puppet.conf 内容如下: Listen 8140 <VirtualHost *:8140> SSLEngine on SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA SSLCertificateFile /var/lib/puppet/ssl/certs/server.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/server.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem # CRL checking should be enabled; if you have problems with Apache complaining about the CRL, disable the next line # SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars # The following client headers allow the same configuration to work with Pound. RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e RackAutoDetect On DocumentRoot /etc/puppet/rack/public/ <Directory /etc/puppet/rack> Options None AllowOverride None Order allow,deny allow from all </Directory> </VirtualHost> 其中SSLCertificateFileSSLCertificateKeyFile 这两行需要根据你自己的puppetmaster证书名 4 Debian and Ubuntu have these enabled by default, but if you need to, this is how you enable them: a2enmod ssl a2enmod headers
这两步不做可能会出现apache找不到ssh模块
5.vim /etc/default/puppetmaster
START=yes 改为no
6./etc/puppet创建rack文件夹
mkdir -p rack/{tmp,public}
并且创建config.ru文件
内容如下:
# a config.ru, for use with every rack-compatible webserver.
# SSL needs to be handled outside this, though.
# if puppet is not in your RUBYLIB:
# $:.unshift('/opt/puppet/lib')
$0 = "master"
# if you want debugging:
#ARGV << "--debug"
ARGV << "--rack"
require 'puppet/application/master'
# we're usually running inside a Rack::Builder.new {} block,
# therefore we need to call run *here*.
run Puppet::Application[:master].run
rack文件夹结构如下:
root@server:/etc/puppet/rack# ls
config.ru public tmp
chown -R puppet:puppet /etc/puppet/rack
7.此时可能8140还是puppetmaster在运行kill掉该进程,重启apache,如果apache没报错尝试puppet agent -vt是否正确
参考文档http://projects.puppetlabs.com/projects/1/wiki/using_passenger
如果有什么错误的地方,欢迎网友指正。