本文章使用服务器配置信息:
- 操作系统:ubuntu16.04
- 使用软件包:apahce2 、puppetmaster-passenger
序言:
当我们使用包安装puppetmaster之后,启puppet master服务。默认情况下,puppet使用基于Ruby的Webrick http服务器,puppet自带的 Webrick模是用户不需要单独安装http服务器就能运行master服务。webrick虽然方便,但是不具备扩展能力,因而只适用于对puppet进行测试、评估和开发。生产环境中,需要使用更健壮的webt服务器(如apahce或nginx)来处理大量用户请求。
安装部署
1. 安装软件包
如果之前已经在服务器上使用webrick启动了puppet master,在安装软件包之前,先停止服务;如果没有可以忽略。
/etc/init.d/puppetmaster stop
root@xxxx: apt-get install puppetmaster-passenger
....
apache2_invoke: Enable module passenger
Setting up ruby-augeas (1:0.5.0-3build4) ...
Setting up ruby-nokogiri (1.6.7.2-3ubuntu0.1) ...
Setting up ruby-rgen (0.7.0-2) ...
Setting up ruby-safe-yaml (1.0.4-1) ...
Setting up ruby-shadow (2.4.1-1build4) ...
Setting up puppet-common (3.8.5-2ubuntu0.1) ...
Setting up puppetmaster-common (3.8.5-2ubuntu0.1) ...
Setting up puppetmaster-passenger (3.8.5-2ubuntu0.1) ...
apache2_invoke: Enable module ssl
apache2_invoke: Enable module headers
Notice: Signed certificate request for ca
Notice: cnabdabpdu0e-12-37 has a waiting certificate request
Notice: Signed certificate request for cnabdabpdu0e-12-37
Notice: Removing file Puppet::SSL::CertificateRequest cnabdabpdu0e-12-37 at '/var/lib/puppet/ssl/ca/requests/cnabdabpdu0e-12-37.pem'
Notice: Removing file Puppet::SSL::CertificateRequest cnabdabpdu0e-12-37 at '/var/lib/puppet/ssl/certificate_requests/cnabdabpdu0e-12-37.pem'
apache2_invoke: Enable site puppetmaster
Setting up ruby-i18n (0.7.0-2) ...
Setting up ruby-atomic (1.1.16-2build5) ...
Setting up ruby-thread-safe (0.3.5-3) ...
Setting up ruby-tzinfo (1.2.2-1) ...
Setting up ruby-activesupport (2:4.2.6-1) ...
Setting up ruby-blankslate (3.1.3-1) ...
Setting up ruby-builder (3.2.2-4) ...
Setting up ruby-activemodel (2:4.2.6-1) ...
Setting up ruby-arel (6.0.3-2) ...
Setting up ruby-activerecord (2:4.2.6-1) ...
Setting up ruby-activerecord-deprecated-finders (1.0.4-1) ...
Setting up ruby-selinux (2.4-3build2) ...
Processing triggers for libc-bin (2.23-0ubuntu10) ...
Processing triggers for systemd (229-4ubuntu21.4) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for ufw (0.35-0ubuntu2) ...
可以从安装过程,软件在安装时自动调用passenger、ssl模块,并为自己注册了证书。软件包安装完成之后会自动启动apache2服务,启动8140端口。这样puppet服务器就完成部署。
root@xxxx: puppet cert list -a
+ "xxxx" (SHA256) 76:72:24:FC:11:2A:BC:EE:B4:32:90:5C:86:80:DC:C6:F5:37:50:DE:BA:AF:99:FE:F6:92:B7:2F:E4:74:F7:47
2. 访问验证
在浏览器中输入:
https://xxxxx:8140