# mkdir -p /etc/puppet/rack/public
# cp /usr/share/puppet/ext/rack/files/config.ru /etc/puppet/rack/
# chown -R puppet:puppet /etc/puppet/rack/
# nginx.conf里面具体的内容如下
user www www;
worker_processes 1;
error_log /usr/local/nginx/logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
pid /usr/local/nginx/nginx.pid;
#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 65535;
events {
use epoll;
worker_connections 65535;
}
http {
server_tokens off;
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
charset utf-8;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 64k;
client_max_body_size 8m;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 60;
fastcgi_intercept_errors on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
open_file_cache max=65535 inactive=10s;
open_file_cache_valid 30s;
open_file_cache_min_uses 1;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
# Passenger needed for puppet
passenger_root /usr/lib/ruby/gems/1.8/gems/passenger-3.0.19;
passenger_ruby /usr/bin/ruby;
passenger_max_pool_size 15;
index index.html index.htm index.php;
server {
listen 80;
server_name localhost;
#access_log logs/host.access.log main;
location / {
root html;
index index.php index.html index.htm ;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location ~ \.php$ {
root html;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_pass unix:/dev/shm/php.socket;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 8140 ssl;
server_name client.domain.com;
passenger_enabled on;
passenger_set_cgi_param HTTP_X_CLIENT_DN $ssl_client_s_dn;
passenger_set_cgi_param HTTP_X_CLIENT_VERIFY $ssl_client_verify;
access_log /usr/local/nginx/logs/puppet_access.log;
error_log /usr/local/nginx/logs/puppet_error.log;
root /etc/puppet/rack/public;
ssl_certificate /var/lib/puppet/ssl/certs/client.domain.com.pem;
ssl_certificate_key /var/lib/puppet/ssl/private_keys/client.domain.com.pem;
ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem;
ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem;
ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA;
ssl_prefer_server_ciphers on;
ssl_verify_client optional;
ssl_verify_depth 1;
ssl_session_cache shared:SSL:128m;
ssl_session_timeout 5m;
}
}
注意下,我这里puppet server的hostname 是client.domain.com,至于具体的key路径之类的 大家自己按各自的环境自己改
然后调整下puppet.conf
[main]
[agent]
server = client.domain.com
[master]
certname = client.domain.com
7,验证
启动nginx
# lsof -i:8140
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 20855 root 9u IPv4 421091 0t0 TCP *:8140 (LISTEN)
nginx 20856 www 9u IPv4 421091 0t0 TCP *:8140 (LISTEN)
可以发现8140端口已经起来
# puppet agent --test --server client.domain.com
Info: Retrieving plugin
Info: Caching catalog for client.domain.com
Info: Applying configuration version '1366960369'
Notice: Finished catalog run in 0.16 seconds
发现已能正常使用
# tail /usr/local/nginx/log/puppet_access.log 查看nginx日志
192.168.200.220 - - [26/Apr/2013:21:12:15 +0800] "GET /production/node/client.domain.com? HTTP/1.1" 200 3502 "-" "-"
192.168.200.220 - - [26/Apr/2013:21:12:16 +0800] "GET /production/file_metadatas/plugins?&links=manage&recurse=true&checksum_type=md5&ignore=---+%0A++-+%22.svn%22%0A++-+CVS%0A++-+%22.git%22 HTTP/1.1" 200 283 "-" "-"
192.168.200.220 - - [26/Apr/2013:21:12:17 +0800] "POST /production/catalog/client.domain.com HTTP/1.1" 200 1033 "-" "-"
192.168.200.220 - - [26/Apr/2013:21:12:17 +0800] "PUT /production/report/client.domain.com HTTP/1.1" 200 14 "-" "-"
已经有记录,
8.调整
如果puppetmaster服务已经做成开机启动,记得关掉
# chkconfig puppetmaster off
# chkconfig nginx on