环境:puppet-3.1 (由于puppet 3.x系列版本不支持mongrel)则使用Nginx and Passenger来做集群。

      centos 6.3

 

1.配置yum源,包括puppet Nginx Passenger

   
   
   
   
  1. rpm -ivh epel-release-6-8.noarch.rpm 
  2. #puppet源 
  3. [root@test puppet]# cat /etc/yum.repos.d/puppet.repo  
  4. [puppet] 
  5. name=Puppet for EL $releasever - $basearch 
  6. baseurl=http://yum.puppetlabs.com/el/6/products/$basearch 
  7. enabled=1 
  8. gpgcheck=1 
  9. gpgkey=http://yum.puppetlabs.com/RPM-GPG-KEY-puppetlabs 
  10. #nginx 源 
  11. [root@test puppet]# cat /etc/yum.repos.d/nginx.repo  
  12. [nginx]  
  13. name=nginx repo  
  14. baseurl=http://nginx.org/packages/centos/$releasever/$basearch/  
  15. gpgcheck=0  
  16. enabled=1 

配置Passenger源

   
   
   
   
  1. #http://passenger.stealthymonkeys.com/ 
  2. RHEL 6 / CentOS 6 / ScientificLinux 6: (note, these packages depend on EPEL) 
  3. rpm --import http://passenger.stealthymonkeys.com/RPM-GPG-KEY-stealthymonkeys.asc 
  4. yum install http://passenger.stealthymonkeys.com/rhel/6/passenger-release.noarch.rpm 

安装Puppet:

   
   
   
   
  1. yum install -y ruby rubygems ruby-devel
  2. yum install -y puppet puppet-server 

安装nginx:

   
   
   
   
  1. yum install nginx 

安装nginx-passenger:

   
   
   
   
  1. yum install nginx-passenger 

配置Puppet 与passenger结合:

   
   
   
   
  1. # mkdir -p /etc/puppet/rack/public 
  2. # cp /usr/share/puppet/ext/rack/files/config.ru /etc/puppet/rack/ 
  3. # chown -R puppet:puppet /etc/puppet/rack/ 

创建nginx 配置文件 /etc/nginx/nginx.conf:

   
   
   
   
  1. user  nginx; 
  2. worker_processes  1; 
  3.  
  4. error_log  /var/log/nginx/error.log warn; 
  5. pid        /var/run/nginx.pid; 
  6.  
  7. events { 
  8.     worker_connections  1024; 
  9.  
  10. http { 
  11.     include       /etc/nginx/mime.types; 
  12.     default_type  application/octet-stream; 
  13.  
  14.     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" ' 
  15.                       '$status $body_bytes_sent "$http_referer" ' 
  16.                       '"$http_user_agent" "$http_x_forwarded_for"'; 
  17.  
  18.     access_log  /var/log/nginx/access.log  main; 
  19.  
  20.     sendfile        on; 
  21.     tcp_nopush      on; 
  22.  
  23.     keepalive_timeout  65; 
  24.  
  25.     # Passenger needed for puppet 
  26.     passenger_max_pool_size 15; 
  27.  
  28.     include /etc/nginx/conf.d/*.conf; 

确保passenger_root的路径:

   
   
   
   
  1. # passenger-config --root 
  2. 检查/etc/nginx/conf.d/passenger.conf
  3. [root@test puppet]# cat /etc/nginx/conf.d/passenger.conf passenger_root /usr/lib/ruby/gems/1.8/gems/passenger-3.0.19; passenger_ruby /usr/bin/ruby;

创建nginx puppet server 配置文件 /etc/nginx/conf.d/puppet.conf:

 

   
   
   
   
  1. server { 
  2.   listen                     8140 ssl; 
  3.   server_name                puppet puppet.example.com; 
  4.  
  5.   passenger_enabled          on
  6.   passenger_set_cgi_param    HTTP_X_CLIENT_DN $ssl_client_s_dn;  
  7.   passenger_set_cgi_param    HTTP_X_CLIENT_VERIFY $ssl_client_verify;  
  8.  
  9.   access_log                 /var/log/nginx/puppet_access.log; 
  10.   error_log                  /var/log/nginx/puppet_error.log; 
  11.  
  12.   root                       /etc/puppet/rack/public
  13.  
  14.   ssl_certificate            /var/lib/puppet/ssl/certs/client.domain.com.pem; 
  15.   ssl_certificate_key        /var/lib/puppet/ssl/private_keys/client.domain.com.pem; 
  16.   ssl_crl                    /var/lib/puppet/ssl/ca/ca_crl.pem; 
  17.   ssl_client_certificate     /var/lib/puppet/ssl/ca/ca_crt.pem; 
  18.   ssl_ciphers                SSLv2:-LOW:-EXPORT:RC4+RSA; 
  19.   ssl_prefer_server_ciphers  on
  20.   ssl_verify_client          optional; 
  21.   ssl_verify_depth           1; 
  22.   ssl_session_cache          shared:SSL:128m; 
  23.   ssl_session_timeout        5m; 

注意下,我这里puppet server的hostname  具体的key路径之类的 大家自己按各自的环境自己改 。

修改文件/etc/puppet/puppet.conf:

   
   
   
   
  1. [main] 
  2.  
  3. [agent] 
  4.   server = puppet.example.com 
  5.  
  6. [master] 
  7.   certname = puppet.example.com 

关闭puppet master开机自动运行:

   
   
   
   
  1. # chkconfig puppetmaster off 
配置nginx:
   
   
   
   
  1. # service nginx configtest 
  2. # chkconfig nginx on 
  3. # service nginx start