puppet集群之 Nginx and Passenger-linux
环境:puppet-3.1 (由于puppet 3.x系列版本不支持mongrel)则使用Nginx and Passenger来做集群。centos 6.3
1.配置yum源,包括puppet Nginx Passenger
[*]rpm -ivh epel-release-6-8.noarch.rpm
[*]#puppet源
[*]# cat /etc/yum.repos.d/puppet.repo
[*]
[*]name=Puppet for EL $releasever - $basearch
[*]baseurl=http://yum.puppetlabs.com/el/6/products/$basearch
[*]enabled=1
[*]gpgcheck=1
[*]gpgkey=http://yum.puppetlabs.com/RPM-GPG-KEY-puppetlabs
[*]#nginx 源
[*]# cat /etc/yum.repos.d/nginx.repo
[*]
[*]name=nginx repo
[*]baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
[*]gpgcheck=0
[*]enabled=1
配置Passenger源
[*]#http://passenger.stealthymonkeys.com/
[*]RHEL 6 / CentOS 6 / ScientificLinux 6: (note, these packages depend on EPEL)
[*]rpm --import http://passenger.stealthymonkeys.com/RPM-GPG-KEY-stealthymonkeys.asc
[*]yum install http://passenger.stealthymonkeys.com/rhel/6/passenger-release.noarch.rpm
安装Puppet:
[*]yum install -y ruby rubygems ruby-devel
[*]yum install -y puppet puppet-server
安装nginx:
[*]yum install nginx
安装nginx-passenger:
[*]yum install nginx-passenger
配置Puppet 与passenger结合:
[*]# mkdir -p /etc/puppet/rack/public
[*]# cp /usr/share/puppet/ext/rack/files/config.ru /etc/puppet/rack/
[*]# chown -R puppet:puppet /etc/puppet/rack/
创建nginx 配置文件 /etc/nginx/nginx.conf:
[*]usernginx;
[*]worker_processes1;
[*]
[*]error_log/var/log/nginx/error.log warn;
[*]pid /var/run/nginx.pid;
[*]
[*]events {
[*] worker_connections1024;
[*]}
[*]
[*]http {
[*] include /etc/nginx/mime.types;
[*] default_typeapplication/octet-stream;
[*]
[*] log_formatmain'$remote_addr - $remote_user [$time_local] "$request" '
[*] '$status $body_bytes_sent "$http_referer" '
[*] '"$http_user_agent" "$http_x_forwarded_for"';
[*]
[*] access_log/var/log/nginx/access.logmain;
[*]
[*] sendfile on;
[*] tcp_nopush on;
[*]
[*] keepalive_timeout65;
[*]
[*] # Passenger needed for puppet
[*] passenger_max_pool_size 15;
[*]
[*] include /etc/nginx/conf.d/*.conf;
[*]}
确保passenger_root的路径:
[*]# passenger-config --root
[*]检查/etc/nginx/conf.d/passenger.conf
[*]# cat /etc/nginx/conf.d/passenger.confpassenger_root /usr/lib/ruby/gems/1.8/gems/passenger-3.0.19; passenger_ruby /usr/bin/ruby;
创建nginx puppet server 配置文件 /etc/nginx/conf.d/puppet.conf:
[*]server {
[*]listen 8140 ssl;
[*]server_name puppet puppet.example.com;
[*]
[*]passenger_enabled on;
[*]passenger_set_cgi_param HTTP_X_CLIENT_DN $ssl_client_s_dn;
[*]passenger_set_cgi_param HTTP_X_CLIENT_VERIFY $ssl_client_verify;
[*]
[*]access_log /var/log/nginx/puppet_access.log;
[*]error_log /var/log/nginx/puppet_error.log;
[*]
[*]root /etc/puppet/rack/public;
[*]
[*]ssl_certificate /var/lib/puppet/ssl/certs/client.domain.com.pem;
[*]ssl_certificate_key /var/lib/puppet/ssl/private_keys/client.domain.com.pem;
[*]ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem;
[*]ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem;
[*]ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA;
[*]ssl_prefer_server_cipherson;
[*]ssl_verify_client optional;
[*]ssl_verify_depth 1;
[*]ssl_session_cache shared:SSL:128m;
[*]ssl_session_timeout 5m;
[*]}
注意下,我这里puppet server的hostname具体的key路径之类的 大家自己按各自的环境自己改 。
修改文件/etc/puppet/puppet.conf:
[*]
[*]
[*]
[*]server = puppet.example.com
[*]
[*]
[*]certname = puppet.example.com
关闭puppet master开机自动运行:
[*]# chkconfig puppetmaster off
配置nginx:
[*]# service nginx configtest
[*]# chkconfig nginx on
[*]# service nginx start
页:
[1]