Puppet自动化高可用集群部署
upstream puppetmaster {server 127.0.0.1:18140;
server 127.0.0.1:18141;
server 127.0.0.1:18142;
server 127.0.0.1:18143;
server 127.0.0.1:18144;
}
server{
listen 8140;
root /etc/puppet;
ssl on;
ssl_session_timeout 5m;
#如下为Puppetmaster服务器端证书地址
ssl_certificate /var/lib/puppet/ssl/certs/192-9-117-162-usr/local.com.pem;
ssl_certificate_key /var/lib/puppet/ssl/private_keys/192-9-117-162-usr/local.com.pem;
ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem;
ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem;
ssl_verify_client optional;
# File sections
location/production/file_content/files/{
types { }
default_type /usr/locallication/x-raw;
#主要用于推送文件,定义files别名路径
alias /etc/puppet/files/;
}
# Modules files sections
location~/production/file_content/modules/.+/ {
root /etc/puppet/modules;
types { }
default_type usr/locallication/x-raw;
rewrite ^/production/file_content/modules/(.+)/(.+)$ /$1/files/$2 break;
}
location / {
#设置跳转到puppetmaster负载均衡
proxy_pass http://puppetmaster;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For$proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify$ssl_client_verify;
proxy_set_header X-SSL-Subject$ssl_client_s_dn;
proxy_set_header X-SSL-Issuer$ssl_client_i_dn;
proxy_buffer_size 10m;
proxy_buffers 1024 10m;
proxy_busy_buffers_size 10m;
proxy_temp_file_write_size 10m;
proxy_read_timeout 120;
}
}
页:
[1]