Puppet install with nginx unicorn

yuanhaoliang

　　主机配置：
　　主机名                 IP（Static）                        系统                                           配置                      角色

　　puppetserver     192.168.20.20       CentOS-6.5-x86_64-minimal           2CPU,2G,50G,1网卡        server
puppetclient       192.168.20.21       CentOS-6.5-x86_64-minimal           2CPU,2G,50G,1网卡        agent


puppetserver：


1.puppet安装：
(1).配置hosts文件：
[iyunv@puppetserver ~]# vi /etc/hosts

1 2 3 4

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.20.20   puppetserver.chensh.net 192.168.20.21   puppetclient.chensh.net

(2).添加yum源：
添加epel源：
[iyunv@puppetserver ~]# rpm -Uvh http://mirrors.sohu.com/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm
添加puppet源：
[iyunv@puppetserver ~]# rpm -Uvh http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-11.noarch.rpm
(3).安装puppet-server：
[iyunv@puppetserver ~]# yum -y install puppet-server
(4).开启puppet服务：
[iyunv@puppetserver ~]# chkconfig puppetmaster on
[iyunv@puppetserver ~]# service puppetmaster start
(5).打开防火墙puppet端口：
[iyunv@puppetserver ~]# iptables -I INPUT -p tcp --dport 8140 -j ACCEPT
(6).编辑puppet.conf文件：
[iyunv@puppetserver ~]# vi /etc/puppet/puppet.conf


　　

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26

[main]     # The Puppet log directory.     # The default value is '$vardir/log'.     logdir = /var/log/puppet         # Where Puppet PID files are kept.     # The default value is '$vardir/run'.     rundir = /var/run/puppet         # Where SSL certificates are kept.     # The default value is '$confdir/ssl'.     ssldir = $vardir/ssl     server = puppetserver.chensh.net     [agent]     # The file in which puppetd stores a list of the classes     # associated with the retrieved configuratiion.  Can be loaded in     # the separate ``puppet`` executable using the ``--loadclasses``     # option.     # The default value is '$confdir/classes.txt'.     classfile = $vardir/classes.txt         # Where puppetd caches the local configuration.  An     # extension indicating the cache format is added automatically.     # The default value is '$confdir/localconfig'.     localconfig = $vardir/localconfig

　　2.Unicron安装：

(1).安装ruby、gcc....2.安装Unicron：

[iyunv@puppetserver ~]# yum install make gcc ruby-devel
(2).安装unicron gem：
[iyunv@puppetserver ~]# gem install unicorn rack
(3).安装拷贝config.ru：
[iyunv@puppetserver ~]# cp -a /usr/share/puppet/ext/rack/config.ru /etc/puppet/
(4).配置unicron：
[iyunv@puppetserver ~]# vi /etc/puppet/unicorn.conf

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

worker_processes 8     working_directory "/etc/puppet"     listen '/var/run/puppet/puppetmaster_unicorn.sock', :backlog => 512     timeout 120     pid "/var/run/puppet/puppetmaster_unicorn.pid"         preload_app true     if GC.respond_to?(:copy_on_write_friendly=)       GC.copy_on_write_friendly = true     end         before_fork do |server, worker|       old_pid = "#{server.config[:pid]}.oldbin"       if File.exists?(old_pid) && server.pid != old_pid         begin           Process.kill("QUIT", File.read(old_pid).to_i)         rescue Errno::ENOENT, Errno::ESRCH           # someone else did our job for us         end       end     end

[iyunv@puppetserver ~]# cd /etc/puppet ; unicorn -c unicorn.conf
(5).测试unicron运行：

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 I, [2014-09-24T15:04:20.961549 #2597]  INFO -- : Refreshing Gem list I, [2014-09-24T15:04:28.543382 #2597]  INFO -- : listening on addr=/var/run/puppet/puppetmaster_unicorn.sock fd=6 I, [2014-09-24T15:04:28.546960 #2613]  INFO -- : worker=0 spawned pid=2613 I, [2014-09-24T15:04:28.549920 #2614]  INFO -- : worker=1 spawned pid=2614 I, [2014-09-24T15:04:28.551218 #2614]  INFO -- : worker=1 ready I, [2014-09-24T15:04:28.552271 #2613]  INFO -- : worker=0 ready I, [2014-09-24T15:04:28.553906 #2615]  INFO -- : worker=2 spawned pid=2615 I, [2014-09-24T15:04:28.557229 #2615]  INFO -- : worker=2 ready I, [2014-09-24T15:04:28.559693 #2617]  INFO -- : worker=4 spawned pid=2617 I, [2014-09-24T15:04:28.558096 #2616]  INFO -- : worker=3 spawned pid=2616 I, [2014-09-24T15:04:28.563467 #2616]  INFO -- : worker=3 ready I, [2014-09-24T15:04:28.565033 #2617]  INFO -- : worker=4 ready I, [2014-09-24T15:04:28.567443 #2618]  INFO -- : worker=5 spawned pid=2618 I, [2014-09-24T15:04:28.568785 #2618]  INFO -- : worker=5 ready I, [2014-09-24T15:04:28.569673 #2619]  INFO -- : worker=6 spawned pid=2619 I, [2014-09-24T15:04:28.571586 #2620]  INFO -- : worker=7 spawned pid=2620 I, [2014-09-24T15:04:28.572643 #2597]  INFO -- : master process ready I, [2014-09-24T15:04:28.573672 #2619]  INFO -- : worker=6 ready I, [2014-09-24T15:04:28.574437 #2620]  INFO -- : worker=7 ready Ctrl+C 退出;

(6).添加Unicron启停脚本：
[iyunv@puppetserver ~]# vi /etc/init.d/puppets-unicron

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75

#!/bin/bash # unicorn-puppet lockfile=/var/lock/puppetmaster-unicorn pidfile=/var/run/puppet/puppetmaster_unicorn.pid     RETVAL=0 DAEMON=/usr/bin/unicorn DAEMON_OPTS="-D -c /etc/puppet/unicorn.conf"         start() {     sudo -u $USER $DAEMON $DAEMON_OPTS     RETVAL=$?     [ $RETVAL -eq 0 ] && touch "$lockfile"     echo     return $RETVAL }     stop() {     sudo -u $USER kill `cat $pidfile`     RETVAL=$?     echo     [ $RETVAL -eq 0 ] && rm -f "$lockfile"     return $RETVAL }     restart() {     stop     sleep 1     start     RETVAL=$?     echo     [ $RETVAL -ne 0 ] && rm -f "$lockfile"     return $RETVAL }     condrestart() {     status     RETVAL=$?     [ $RETVAL -eq 0 ] && restart }     status() {     ps ax | egrep -q "unicorn (worker|master)"     RETVAL=$?     return $RETVAL }     usage() {     echo "Usage: $0 {start|stop|restart|status|condrestart}" >&2     return 3 }     case "$1" in     start)         start         ;;     stop)         stop         ;;     restart)         restart         ;;     condrestart)         condrestart         ;;     status)         status         ;;     *)         usage         ;; esac     exit $RETVAL

(7).修改puppets-unicron执行权限：
[iyunv@puppetserver ~]# chmod 755 /etc/init.d/puppets-unicron
(8).启动puppets-unicron服务：
[iyunv@puppetserver ~]# /etc/init.d/puppets-unicron start
(9).确认puppets-unicron运行状态：
[iyunv@puppetserver ~]# ps -ef | grep unicron
　　

1 2 3 4 5 6 7 8 9 10

puppet    2628     1  0 15:06 ?        00:00:01 unicorn master -D -c /etc/puppet/unicorn.conf                puppet    2636  2628  0 15:06 ?        00:00:00 unicorn worker[0] -D -c /etc/puppet/unicorn.conf             puppet    2637  2628  0 15:06 ?        00:00:00 unicorn worker[1] -D -c /etc/puppet/unicorn.conf             puppet    2638  2628  0 15:06 ?        00:00:00 unicorn worker[2] -D -c /etc/puppet/unicorn.conf             puppet    2639  2628  0 15:06 ?        00:00:00 unicorn worker[3] -D -c /etc/puppet/unicorn.conf             puppet    2640  2628  0 15:06 ?        00:00:00 unicorn worker[4] -D -c /etc/puppet/unicorn.conf             puppet    2641  2628  0 15:06 ?        00:00:00 unicorn worker[5] -D -c /etc/puppet/unicorn.conf             puppet    2642  2628  0 15:06 ?        00:00:00 unicorn worker[6] -D -c /etc/puppet/unicorn.conf             puppet    2643  2628  0 15:06 ?        00:00:00 unicorn worker[7] -D -c /etc/puppet/unicorn.conf             root      2767  1492  0 15:28 pts/1    00:00:00 grep unicron

　　3.Nginx安装：

(1).yum nginx：
[iyunv@puppetserver ~]# yum -y install nginx
(2).配置nginx：
[iyunv@puppetserver ~]# vi /etc/nginx/nginx.conf

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42

# For more information on configuration, see: #   * Official English Documentation: http://nginx.org/en/docs/ #   * Official Russian Documentation: http://nginx.org/ru/docs/     user              nginx; worker_processes  8;     error_log  /var/log/nginx/error.log; #error_log  /var/log/nginx/error.log  notice; #error_log  /var/log/nginx/error.log  info;     pid        /var/run/nginx.pid;         events {     worker_connections  1024; }         http {     include       /etc/nginx/mime.types;     default_type  application/octet-stream;         log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '                       '$status $body_bytes_sent "$http_referer" '                       '"$http_user_agent" "$http_x_forwarded_for"';         access_log  /var/log/nginx/access.log  main;         sendfile        on;     #tcp_nopush     on;         #keepalive_timeout  0;     keepalive_timeout  65;         #gzip  on;            # Load config files from the /etc/nginx/conf.d directory     # The default server is in conf.d/default.conf     include /etc/nginx/conf.d/*.conf;     }

[iyunv@puppetserver ~]# vi /etc/nginx/conf.d/puppets-unicorn.conf
[iyunv@puppetserver ~]# mv /etc/nginx/conf.d/default.conf  /etc/nginx/conf.d/default.conf_bak

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 upstream puppetmaster_unicorn {     server unix:/var/run/puppet/puppetmaster_unicorn.sock fail_timeout=0; }     server {     listen 8140;         ssl on;     ssl_session_timeout 5m;     ssl_certificate /var/lib/puppet/ssl/certs/puppetserver.pem;     ssl_certificate_key /var/lib/puppet/ssl/private_keys/puppetserver.pem;     ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem;     ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA;     ssl_verify_client optional;         root /usr/share/empty;         proxy_set_header Host $host;     proxy_set_header X-Real-IP $remote_addr;     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;     proxy_set_header X-Client-Verify $ssl_client_verify;     proxy_set_header X-Client-DN $ssl_client_s_dn;     proxy_set_header X-SSL-Issuer $ssl_client_i_dn;     proxy_read_timeout 120;         location / {         proxy_pass http://puppetmaster_unicorn;         proxy_redirect off;     } }

(3).启动nginx服务：
[iyunv@puppetserver ~]# service nginx start


Puppetclient：



1.puppet安装：
(1).配置hosts文件：
[iyunv@puppetserver ~]# vi /etc/hosts

1 2 3 4

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.20.20   puppetserver.chensh.net 192.168.20.21   puppetclient.chensh.net

(2).添加yum源：
添加epel源：
[iyunv@puppetclient ~]# rpm -Uvh http://mirrors.sohu.com/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm
添加puppet源：
[iyunv@puppetclient ~]# rpm -Uvh http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-11.noarch.rpm
(3).安装puppet-server：
[iyunv@puppetclient ~]# yum -y install puppet
(4).配置puppet.conf
[iyunv@puppetclient ~]# vi /etc/puppet/puppet.conf

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26

[main]     # The Puppet log directory.     # The default value is '$vardir/log'.     logdir = /var/log/puppet         # Where Puppet PID files are kept.     # The default value is '$vardir/run'.     rundir = /var/run/puppet         # Where SSL certificates are kept.     # The default value is '$confdir/ssl'.     ssldir = $vardir/ssl     [agent]     # The file in which puppetd stores a list of the classes     # associated with the retrieved configuratiion.  Can be loaded in     # the separate ``puppet`` executable using the ``--loadclasses``     # option.     # The default value is '$confdir/classes.txt'.     classfile = $vardir/classes.txt         # Where puppetd caches the local configuration.  An     # extension indicating the cache format is added automatically.     # The default value is '$confdir/localconfig'.     localconfig = $vardir/localconfig     server = puppetserver.chensh.net

[iyunv@puppetclient ~]# chkconfig puppet on

(5).开启puppet服务：
[iyunv@puppetclient ~]# service puppet start


测试：
[iyunv@puppetclient ~]# puppet agent --test
[iyunv@puppetserver ~]# puppet cert --list
[iyunv@puppetserver ~]# puppet cert sign all


其他：
puppet配置项说明：

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54

[main]   #指定了puppet服务端的地址     server = master.puppet.lightcloud.cn     #是否实时刷新日志到磁盘     autoflush = false     #日志目录     logdir = /var/log/puppet     #puppet进程pid文件存放目录，使用守护进程运行时，需要这个文件     rundir = /var/run/puppet     [master]   #保存客户端上传自身信息的文件存储目录，每个节点会有一个单独的目录，客户端的每次执行会生成一个以日期+时间命名yaml文件     reportdir = /var/lib/puppet/reports     #在客户第一次链接服务端的时候，需要服务端签名（相当于确认），服务端对客户端的识别是通过名字来确     #认的，在这个文件中的名字，可以被服务端自动签名（确认），支持正则匹配，内容类似这样：     #test.lightcloud.cn   #*.puppet.lightcloud.cn     autosign = /etc/puppet/autosign.conf     #puppetmaster服务端监听地址     bindaddress = 0.0.0.0     #puppetmaster服务端监听端口     masterport = 8140     #是否记录客户端对     evaltrace = true     [agent]   #客户端的名字     certname = client.puppet.lightcloud.cn     #是否后台运行     daemonize = true     #是否允许证书自动覆盖，默认是不允许的，每个证书的有效期为5年     allow_duplicate_certs = true     #是否上传客户端对resouces的执行结果     report = true     #上传的方式，在有puppet的dashboard时需要这个     reports = store, http     #store上传是的地址     report_server =  master.puppet.lightcloud.cn     #store上传是的端口     report_port = 8140     #http上传时的地址,按照puppet的dashboard时需要这个     reporturl = http://172.58.0.68:3000/reports/upload     #客户端执行间隔（20分钟）     runinterval = 20m     #是否在执行时间上另加一个随机时间（0到最大随机时间之间的一个整数值）     splay = true     #加的随之时间的最大长度     splaylimit = 10m     #客户端获取配置超时时间     configtimeout = 2m     #日志记录是是否加颜色     color = ansi     #是否忽略本地缓存     ignorecache = true