环境:puppet-3.1 (由于puppet 3.x系列版本不支持mongrel)则使用Nginx and Passenger来做集群。
centos 6.3
1.配置yum源,包括puppet Nginx Passenger
- rpm -ivh epel-release-6-8.noarch.rpm
- #puppet源
- [root@test puppet]# cat /etc/yum.repos.d/puppet.repo
- [puppet]
- name=Puppet for EL $releasever - $basearch
- baseurl=http://yum.puppetlabs.com/el/6/products/$basearch
- enabled=1
- gpgcheck=1
- gpgkey=http://yum.puppetlabs.com/RPM-GPG-KEY-puppetlabs
- #nginx 源
- [root@test puppet]# cat /etc/yum.repos.d/nginx.repo
- [nginx]
- name=nginx repo
- baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
- gpgcheck=0
- enabled=1
配置Passenger源
- #http://passenger.stealthymonkeys.com/
- RHEL 6 / CentOS 6 / ScientificLinux 6: (note, these packages depend on EPEL)
- rpm --import http://passenger.stealthymonkeys.com/RPM-GPG-KEY-stealthymonkeys.asc
- yum install http://passenger.stealthymonkeys.com/rhel/6/passenger-release.noarch.rpm
安装Puppet:
- yum install -y ruby rubygems ruby-devel
- yum install -y puppet puppet-server
安装nginx:
- yum install nginx
安装nginx-passenger:
- yum install nginx-passenger
配置Puppet 与passenger结合:
- # mkdir -p /etc/puppet/rack/public
- # cp /usr/share/puppet/ext/rack/files/config.ru /etc/puppet/rack/
- # chown -R puppet:puppet /etc/puppet/rack/
创建nginx 配置文件 /etc/nginx/nginx.conf:
- user nginx;
- worker_processes 1;
- error_log /var/log/nginx/error.log warn;
- pid /var/run/nginx.pid;
- events {
- worker_connections 1024;
- }
- http {
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
- log_format main '$remote_addr - $remote_user [$time_local] "$request" '
- '$status $body_bytes_sent "$http_referer" '
- '"$http_user_agent" "$http_x_forwarded_for"';
- access_log /var/log/nginx/access.log main;
- sendfile on;
- tcp_nopush on;
- keepalive_timeout 65;
- # Passenger needed for puppet
- passenger_max_pool_size 15;
- include /etc/nginx/conf.d/*.conf;
- }
确保passenger_root的路径:
- # passenger-config --root
- 检查/etc/nginx/conf.d/passenger.conf
- [root@test puppet]# cat /etc/nginx/conf.d/passenger.conf passenger_root /usr/lib/ruby/gems/1.8/gems/passenger-3.0.19; passenger_ruby /usr/bin/ruby;
创建nginx puppet server 配置文件 /etc/nginx/conf.d/puppet.conf:
- server {
- listen 8140 ssl;
- server_name puppet puppet.example.com;
- passenger_enabled on;
- passenger_set_cgi_param HTTP_X_CLIENT_DN $ssl_client_s_dn;
- passenger_set_cgi_param HTTP_X_CLIENT_VERIFY $ssl_client_verify;
- access_log /var/log/nginx/puppet_access.log;
- error_log /var/log/nginx/puppet_error.log;
- root /etc/puppet/rack/public;
- ssl_certificate /var/lib/puppet/ssl/certs/client.domain.com.pem;
- ssl_certificate_key /var/lib/puppet/ssl/private_keys/client.domain.com.pem;
- ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem;
- ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem;
- ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA;
- ssl_prefer_server_ciphers on;
- ssl_verify_client optional;
- ssl_verify_depth 1;
- ssl_session_cache shared:SSL:128m;
- ssl_session_timeout 5m;
- }
注意下,我这里puppet server的hostname 具体的key路径之类的 大家自己按各自的环境自己改 。
修改文件/etc/puppet/puppet.conf:
- [main]
- [agent]
- server = puppet.example.com
- [master]
- certname = puppet.example.com
关闭puppet master开机自动运行:
- # chkconfig puppetmaster off
- # service nginx configtest
- # chkconfig nginx on
- # service nginx start
转载于:https://blog.51cto.com/1076468/1195371