Puppet nginx+Mongrel安装配置篇
建立一个epel源Vim /etc/yum.repos.d/local.repo配置name=RedHat Enterprise Linux $releasever - $basearch - epelbaseurl=http://mirrors.sohu.com/fedora-epel/5Server/$basearchenabled=1gpgcheck=0
Yum安装mongrel
#yum-y install rubygem-mongrel
编辑/etc/init.d/puppetmaster添加以下两行
PUPPETMASTER_PORTS=(18140 18141 18142 18143 )PUPPETMASTER_EXTRA_OPTS="--servertype=mongrel--ssl_client_header=HTTP_X_SSL_SUBJECT"
配置nginx
下载并且安装nginx
# wgethttp://nginx.org/download/nginx-xxxx.tar.gz#tarzxvf nginx-xxx.tar.gz#cdnginx-xxx#yum-y install pcre-devel openssl-devel#./configure --with-http_stub_status_module --with-http_ssl_module#make&& make install
vim /usr/local/nginx/conf/nginx.conf配置
user www www;worker_processes 4;worker_rlimit_nofile65535;
error_log/var/log/nginx-puppet.log notice;pid/var/run/nginx-puppet.pid;
events{ useepoll; worker_connections 32768;}
http { include mime.types; default_type application/octet-stream; sendfile on; tcp_nopush on;
keepalive_timeout 300; tcp_nodelay on; access_log /var/log/nginx/access.log;
upstream puppetmaster { server 127.0.0.1:18140; server 127.0.0.1:18141; server 127.0.0.1:18142; server 127.0.0.1:18143; }
server { listen 8140; root /etc/puppet;
access_log/var/log/nginx/puppet-access.log;
ssl on; ssl_session_timeout 5m; ssl_certificate /etc/puppet/ssl/certs/puppetser.xxxx.com.pem; ssl_certificate_key /etc/puppet/ssl/private_keys/puppetser.xxxx.com.pem; ssl_client_certificate /etc/puppet/ssl/ca/ca_crt.pem; ssl_crl /etc/puppet/ssl/ca/ca_crl.pem; ssl_verify_client optional;
# File sectionslocation /production/file_content/files/{ types { } default_type application/x-raw; alias /etc/puppet/manifests/files/;}
# Modules files sectionslocation ~/production/file_content/modules/.+/ { root /etc/puppet/modules; types { } default_type application/x-raw; rewrite^/production/file_content/modules/(.+)/(.+)$ /$1/files/$2 break;}
# Ask the puppetmaster for everythingelselocation / { proxy_pass http://puppetmaster; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Client-Verify $ssl_client_verify; proxy_set_header X-SSL-Subject $ssl_client_s_dn; proxy_set_header X-SSL-Issuer $ssl_client_i_dn; proxy_buffer_size 16k; proxy_buffers 8 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; proxy_read_timeout 65;}}}
注:如果没有www用户就创建一个(#useradd-s /sbin/nologin www)
重新启动puppetmaster和nginx
#/etc/init.d/puppetmasterrestart#/usr/local/nginx/sbin/nginx
不错不错,楼主您辛苦了。。。
页:
[1]