puppet master 用 nginx + unicorn 作为前端

23ed

# master 上清除证书　　root@master-1:/# puppet cert list --all
　　+ "master-1.puppet.com" (SHA256) 38:79:AE:E8:BF:04:EB:F5:C5:D0:62:08:35:D0:4A:13:A7:D4:F4:63:D7:C8:E4:D3:54:1E:35:E3:9F:70:A2:FE (alt names: "DNS:master-1.puppet.com", "DNS:puppet", "DNS:puppet.puppet.com")
　　+ "node-1.puppet.com"   (SHA256) 2A:3B:D4:A7:D2:29:50:AC:06:38:B7:16:AC:B8:F7:0C:4F:74:2A:28:6D:1F:00:D7:72:BB:C2:BE:6E:70:ED:AA
　　root@master-1:/# puppet cert clean node-1.puppet.com
　　Notice: Revoked certificate with serial 7
　　Notice: Removing file Puppet::SSL::Certificate node-1.puppet.com at '/var/lib/puppet/ssl/ca/signed/node-1.puppet.com.pem'
　　Notice: Removing file Puppet::SSL::Certificate node-1.puppet.com at '/var/lib/puppet/ssl/certs/node-1.puppet.com.pem'
　　root@master-1:/# puppet cert -c node-1.puppet.com
　　Notice: Revoked certificate with serial 5
　　Notice: Revoked certificate with serial 7
　　
　　# master 上启动nginx 和 unicorn
　　root@master-1:/# nginx
　　root@master-1:/# cd /etc/puppet
　　root@master-1:/etc/puppet# unicorn -c unicorn.conf
　　
　　# agent 上清除原有的证书
　　root@node-1:~# rm -rf /var/lib/puppet/ssl/*
　　
　　# agent 重新生成证书
　　root@node-1:~# puppet agent  -t
　　Info: Creating a new SSL key for node-1.puppet.com
　　Info: Caching certificate for ca
　　Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
　　Info: Creating a new SSL certificate request for node-1.puppet.com
　　Info: Certificate Request fingerprint (SHA256): 41:BF:7B:CB:6A:2B:B4:1B:F3:36:14:8E:EF:F7:61:38:60:A2:59:DC:0E:1C:A2:CE:E5:31:0F:80:CD:7E:B3:D0
　　Info: Caching certificate for ca
　　Exiting; no certificate found and waitforcert is disabled
　　
　　# master 上对证书进行签名
　　root@master-1:/# puppet cert list
　　"node-1.puppet.com" (SHA256) 41:BF:7B:CB:6A:2B:B4:1B:F3:36:14:8E:EF:F7:61:38:60:A2:59:DC:0E:1C:A2:CE:E5:31:0F:80:CD:7E:B3:D0
　　root@master-1:/# puppet cert sign node-1.puppet.com
　　Notice: Signed certificate request for node-1.puppet.com
　　Notice: Removing file Puppet::SSL::CertificateRequest node-1.puppet.com at '/var/lib/puppet/ssl/ca/requests/node-1.puppet.com.pem'
　　
　　# agent 上再次连接 master
　　root@node-1:~# puppet agent  -t
　　Info: Caching certificate for node-1.puppet.com
　　Info: Caching certificate_revocation_list for ca
　　Info: Caching certificate for node-1.puppet.com
　　Info: Retrieving pluginfacts
　　Info: Retrieving plugin
　　Info: Caching catalog for node-1.puppet.com
　　Info: Applying configuration version '1421053002'
　　Notice: Finished catalog run in 0.02 seconds