安装puppet并使用Nginx提供服务

Published on 2015 - 05 - 29

服务端

安装 yum源 puppet

wget http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-7.noarch.rpm
rpm -ivh puppetlabs-release-6-7.noarch.rpm 
yum install puppet-server
service puppetmaster start #执行完这步后可以在客户端中运行 agent -t 一次,看看是否正常

客户端

安装 yum源 puppet

wget http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-7.noarch.rpm
rpm -ivh puppetlabs-release-6-7.noarch.rpm 
yum install puppet
service puppet start 

指定服务器

vi /etc/puppet/puppet.conf
server = zabbix-150-168-211-6.9th.go #执行完这步后可以在客户端中运行 agent -t 一次,看看是否正常

安装并配置Nginx

安装Nginx 与 epel源

touch /etc/yum.repos.d/nginx.repo
cat /etc/yum.repos.d/nginx.repo

#以下为配置文件
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/6/$basearch/
gpgcheck=0
enabled=1
#以上为配置文件
wget https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm-ivh epel-release-6-8.noarch.rpm

安装Nginx

安装Nginx 与 ruby

yum install  ruby-devel

安装 unicorn 与 rack

gem install unicorn rack
cp /usr/share/puppet/ext/rack/config.ru /etc/puppet/
vi /etc/puppet/unicorn.conf

#以下为配置文件
worker_processes 8
working_directory "/etc/puppet"
listen '/var/run/puppet/puppetmaster_unicorn.sock', :backlog => 512
timeout 120
pid "/var/run/puppet/puppetmaster_unicorn.pid"
preload_app true
if GC.respond_to?(:copy_on_write_friendly=)
   GC.copy_on_write_friendly = true
end
before_fork do |server, worker|
  old_pid = "#{server.config[:pid]}.oldbin"
  if File.exists?(old_pid); server.pid != old_pid
    begin
      Process.kill("QUIT", File.read(old_pid).to_i)
      rescue Errno::ENOENT, Errno::ESRCH
    end
  end
end
#以上为配置文件

调试:

unicorn -c /etc/puppet/unicorn.conf
I, [2014-08-15T08:55:36.452577 #9031]  INFO -- : Refreshing Gem list
I, [2014-08-15T08:55:38.779972 #9031]  INFO -- : unlinking existing socket=/var/run/puppet/puppetmaster_unicorn.sock
I, [2014-08-15T08:55:38.780441 #9031]  INFO -- : listening on addr=/var/run/puppet/puppetmaster_unicorn.sock fd=6
I, [2014-08-15T08:55:38.787469 #9059]  INFO -- : worker=0 spawned pid=9059
I, [2014-08-15T08:55:38.790368 #9059]  INFO -- : worker=0 ready
I, [2014-08-15T08:55:38.792410 #9060]  INFO -- : worker=1 spawned pid=9060
I, [2014-08-15T08:55:38.795405 #9060]  INFO -- : worker=1 ready
I, [2014-08-15T08:55:38.796387 #9061]  INFO -- : worker=2 spawned pid=9061
I, [2014-08-15T08:55:38.799071 #9061]  INFO -- : worker=2 ready
I, [2014-08-15T08:55:38.801353 #9062]  INFO -- : worker=3 spawned pid=9062
I, [2014-08-15T08:55:38.804052 #9062]  INFO -- : worker=3 ready
I, [2014-08-15T08:55:38.805570 #9063]  INFO -- : worker=4 spawned pid=9063
I, [2014-08-15T08:55:38.808220 #9063]  INFO -- : worker=4 ready
I, [2014-08-15T08:55:38.810281 #9064]  INFO -- : worker=5 spawned pid=9064
I, [2014-08-15T08:55:38.812904 #9064]  INFO -- : worker=5 ready
I, [2014-08-15T08:55:38.814869 #9065]  INFO -- : worker=6 spawned pid=9065
I, [2014-08-15T08:55:38.817497 #9065]  INFO -- : worker=6 ready
I, [2014-08-15T08:55:38.817731 #9031]  INFO -- : master process ready
I, [2014-08-15T08:55:38.819580 #9066]  INFO -- : worker=7 spawned pid=9066
I, [2014-08-15T08:55:38.822096 #9066]  INFO -- : worker=7 ready

按ctrl+c结束

编写 启动脚本:

vi /etc/init.d/puppet-unicorn

#以下为配置文件
#!/bin/bash
# unicorn-puppet
# chkconfig: - 98 02
#
# description: Enables periodic system configuration checks through unicorn-puppet.
# processname: unicorn-puppet
# Source function library.
. /etc/rc.d/init.d/functions
lockfile=/var/lock/puppetmaster-unicorn
pidfile=/var/run/puppet/puppetmaster_unicorn.pid
RETVAL=0
DAEMON=/usr/bin/unicorn
DAEMON_OPTS="-D -c /etc/puppet/unicorn.conf"
start() {
echo -n $"Starting puppet unicorn: "
daemon $DAEMON $DAEMON_OPTS
RETVAL=$?
echo
  [ $RETVAL = 0 ] && touch ${lockfile}
  return $RETVAL
}
stop() {
    echo -n $"Stopping puppet unicorn: "
    kill `cat $pidfile`
    RETVAL=$?
    [ $RETVAL -eq 0 ] && rm -f {$lockfile} {$pidfile}
    [ $RETVAL -eq 0 ] && echo_success || echo_failure
    echo
    return $RETVAL
}

restart() {
    stop
    start
}

    usage() {
        echo "Usage: $0 {start|stop|restart}" ;
        return 3
}

case "$1" in
    start)
        start
        ;;
        stop)
        stop
        ;;
    restart)
    restart
    ;;
*)
    usage
    ;;
esac
exit $RETVAL
#以上为配置文件

设置开机启动

chmod +x  /etc/init.d/puppet-unicorn
chkconfig puppet-unicorn on
/etc/init.d/puppet-unicorn

配置nginx:

vi /etc/nginx/conf.d/puppets-unicorn.conf

upstream puppetmaster_unicorn {
    server unix:/var/run/puppet/puppetmaster_unicorn.sock fail_timeout=0;
    }

server {
listen 8140;

ssl on;
ssl_session_timeout 5m;
ssl_certificate /var/lib/puppet/ssl/certs/puppet.test.com.pem;
ssl_certificate_key /var/lib/puppet/ssl/private_keys/puppet.test.com.pem;
ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem;
ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA;
ssl_verify_client optional;

root /usr/share/empty;

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify $ssl_client_verify;
proxy_set_header X-Client-DN $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
proxy_read_timeout 120;

location / {
    proxy_pass http://puppetmaster_unicorn;
    proxy_redirect off;
    }
}

启动Nginx并设置开机启动

/etc/init.d/nginx start
chkconfig nginx on