puppet系列之nginx+foreman-TNT、运维之路
foreman架构:http://blog.51cto.com/attachment/201305/211323267.png
本文主要讲述搭建foreman,及集成进nginx的过程
环境说明:
CentOS 5.8 x86_64
puppet version:3.1.1
master hostname:server.domain.com
client hostname:client.test.com
----------------------------------------------
[*]1,puppet,nginx环境
[*]均按上篇文章所部署安装好puppet,nginx,ruby等
[*]
[*]2,配置yum源
[*]# rpm -ivh http://yum.theforeman.org/releases/1.1/el5/x86_64/foreman-release-1.1stable-3.el5.noarch.rpm
[*]
[*]3,安装foreman,foreman-proxy
[*]# yum -y install foreman-installer
[*]# ruby /usr/share/foreman-installer/generate_answers.rb
[*]分别输入三次 y
[*]# yum install ruby-mysql
[*]# yum -y install foremanforeman-proxy
[*]# chown foreman.foreman -R /usr/share/foreman
[*]# su - foreman -s /bin/bash -c /usr/share/foreman/extras/dbmigrate
[*]# vim /usr/share/foreman/config/database.yml
[*]原文件为sqllite的配置,此处改为mysql作为数据库存储
[*]=================================================
[*]production:
[*]adapter: mysql
[*]database: puppet
[*]username: puppet
[*]password: puppet
[*]host: localhost
[*]socket: "/tmp/mysql.sock"
[*]=================================================
[*]mysql> create database puppet CHARACTER SET utf8;
[*]mysql> grant all privileges on puppet.* to puppet@'localhost' identified by 'puppet';
[*]mysql>flush privileges;
[*]
[*]# cd /usr/share/foreman/
[*]RAILS_ENV=production rake db:migrate
[*]rake puppet:migrate:populate_hosts RAILS_ENV=production
[*]
[*]# chown foreman.foreman /usr/share/foreman/tmp/secret_token
[*]# vim /etc/foreman-proxy/settings.yml
[*]==========================================================
[*]:trusted_hosts:
[*]- server.domain.com
[*]:puppetca: true
[*]:puppet: true
[*]:puppet_conf: /etc/puppet/puppet.conf
[*]=========================================================
[*]# /etc/init.d/foreman-proxy start启动proxy 端口8443
[*]4,集成进nginx
[*]nginx虚拟主机如下:
[*]server {
[*] listen 443;
[*] server_name server.domain.com;
[*] ssl on;
[*] ssl_certificate /var/lib/puppet/ssl/certs/server.domain.com.pem;
[*] ssl_certificate_key /var/lib/puppet/ssl/private_keys/server.domain.com.pem;
[*]
[*] #Verify puppetmaster clients against Puppet CA
[*] ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem;
[*] ssl_client_certificate /var/lib/puppet/ssl/certs/ca.pem;
[*] ssl_verify_client optional;
[*] ssl_verify_depth 1;
[*]
[*] access_log /usr/local/nginx/logs/foreman_access.log;
[*] error_log /usr/local/nginx/logs/foreman_error.log debug;
[*] root /usr/share/foreman/public;
[*]
[*] passenger_enabled on;
[*] passenger_set_cgi_param HTTPS on;
[*] passenger_set_cgi_param SSL_CLIENT_S_DN $ssl_client_s_dn;
[*] passenger_set_cgi_param SSL_CLIENT_VERIFY $ssl_client_verify;
[*]
[*] }
[*]# /etc/init.d/nginxd start###启动nginx
[*]
[*]5,访问foreman
[*]输入网址:https://server.domain.com
[*]默认账号:admin 密码:changeme
[*]进入之后配置more-configureation-smart proxies----
[*]添加proxy地址: https://server.domain.com:8443
[*]
[*]#vim /etc/puppet/node.rb
[*]:url => "https://server.domain.com",
[*]
[*]6,设置report自动导入foreman
[*]# cp /usr/share/foreman-installer/foreman/templates/foreman-report.rb.erb /usr/lib/ruby/site_ruby/1.8/puppet/reports/foreman.rb
[*]# vim foreman.rb
[*] 修改成一下配置,其他不变(ps:一直就是卡在住错)
[*]#<%= ERB.new(File.read(File.expand_path("_header.erb",File.dirname(file)))).result(binding) -%>
[*]# copy this file to your report dir - e.g. /usr/lib/ruby/1.8/puppet/reports/
[*]
[*]# add this report in your puppetmaster reports - e.g, in your puppet.conf add:
[*]# reports=log, foreman # (or any other reports you want)
[*]
[*]# URL of your Foreman installation
[*]$foreman_url = 'https://server.domain.com'
[*]# if CA is specified, remote Foreman host will be verified
[*]$foreman_ssl_ca = "/var/lib/puppet/ssl/certs/ca.pem"
[*]# ssl_cert and key are required if require_ssl_puppetmasters is enabled in Foreman
[*]$foreman_ssl_cert = "/var/lib/puppet/ssl/certs/server.domain.com.pem"
[*]$foreman_ssl_key = "/var/lib/puppet/ssl/private_keys/server.domain.com.pem"
[*]
[*]客户端需修改
[*]agent配置如下
[*]
[*] classfile = $vardir/classes.txt
[*] localconfig = $vardir/localconfig
[*] report = true
[*] pluginsync= true
[*] masterport= 8140
[*] environment = production
[*] certname = client.test.com
[*] server = server.domain.com
[*] listen = true
[*]服务器端修改
[*]
[*] autosign = $confdir/autosign.conf { mode = 664 }
[*] reports = log,foreman
[*] external_nodes = /etc/puppet/node.rb
[*] node_terminus= exec
[*] ca = true
[*]=======================
[*]7,class,host.facts导入foreman
[*]#cd /usr/share/foreman
[*]#导入hosts 和facts
[*]rake puppet:import:hosts_and_facts RAILS_ENV=production
[*]把/etc/puppet/modules底下的模块都复制至/etc/puppet/modules/production
[*]在foreman web管理
[*]mode---configuration---puppet classes
[*]点击import from server 即可
主要截图如下:
http://blog.51cto.com/attachment/201305/221108514.jpg
http://blog.51cto.com/attachment/201305/221529555.jpg
http://blog.51cto.com/attachment/201305/221341998.jpg
这样puppet系列文章已基本完成;
在此感谢下itnihao,liu.cy的指导 (ps:为了文章的完整性,所以引用了大量itnihao文章的内容)
页:
[1]