10:模板应用(添加虚拟主机配置):
文件存放在 templates 目录中,以*.erb 结尾。
# # vim /etc/puppet/modules/httpd/templates/httpd_vhost.conf.erb
<VirtualHost *:80>
DocumentRoot <%= sitedir %>
Servername <%= domainname %>
ErrorLog logs/<%= domainname %>-error_log
CustomLog logs/<%= domainname %>-access_log common
</VirtualHost>
# vim /etc/puppet/modules/httpd/manifests/init.pp
class httpd {
include httpd::install,httpd::config,httpd::service
}
define httpd::vhost($domainname,$sitedir) {
file { "/etc/httpd/conf.d/${domainname}_vhost.conf":
content => template("httpd/httpd_vhost.conf.erb"),
require => Class["httpd::install"],
notify => Class["httpd::service"]
}
file { "$sitedir":
ensure => directory
}
file { "$sitedir/index.html":
content => $domainname
}
}
]# vim /etc/puppet/manifests/nodes/server4.example.com.pp
node 'server4.example.com'{
package {"vsftpd":ensure => present;}
include httpd
httpd::vhost { 'server4.example.com':
domainname => "server4.example.com",
sitedir => "/var/www/html"
}
httpd::vhost { '':
domainname => "",
sitedir => "/var/www/vhost1"
}
}
同时apache打开其虚拟端口
# vim /etc/puppet/modules/httpd/files/httpd.conf
#
NameVirtualHost *:80
#
当client 端登录时会在/etc/httpd/conf.d目录下产生如下文件
server4.example.com_vhost.conf
_vhost.conf
11:Puppet dashboard 安装 (用以 web 方式管理 puppet)
所需安装包
rubygem-rake-0.8.7-2.1.el6.noarch.rpm
puppet-dashboard-1.2.12-1.el6.noarch.rpm
ruby-mysql-2.8.2-1.el6.x86_64.rpm
mysql-server
配置 mysql 数据库:
mysql> CREATE DATABASE dashboard_production CHARACTER SET utf8;
Query OK, 1 row affected (0.00 sec)
mysql> CREATE USER 'dashboard'@'localhost' IDENTIFIED BY 'redhat';
Query OK, 0 rows affected (0.01 sec)
mysql> GRANT ALL PRIVILEGES ON dashboard_production.* TO 'dashboard'@'localhost';
Query OK, 0 rows affected (0.00 sec)
mysql>
# cd /usr/share/puppet-dashboard/
# vi config/database.yml
#只留下生产环境配置
production:
database: dashboard_production
username: dashboard
password: redhat
encoding: utf8
adapter: mysql
# rake RAILS_ENV=production db:migrate #建立 dashboard 所需的数据库和表
mysql> show tables;
+--------------------------------+
| Tables_in_dashboard_production |
+--------------------------------+
| delayed_job_failures |
| delayed_jobs |
| metrics |
| node_class_memberships |
| node_classes |
| node_group_class_memberships |
| node_group_edges |
| node_group_memberships |
| node_groups |
| nodes |
| old_reports |
| parameters |
| report_logs |
| reports |
| resource_events |
| resource_statuses |
| schema_migrations |
| timeline_events |
+--------------------------------+
# rake time:zones:local
# vim /usr/share/puppet-dashboard/config/settings.yml
time_zone:'Beijing'
启动服务:
# service puppet-dashboard start
Starting Puppet Dashboard: => Booting WEBrick
=> Rails 2.3.14 application starting on [ OK ]
# chmod 0666 /usr/share/puppet-dashboard/log/production.log
# service puppet-dashboard-workers start
实时报告汇总:
设置 server 端:
# vim /etc/puppet/puppet.conf
#添加以下行
[main]
reports = http
reporturl = />
# service puppetmaster reload
设置 client 端:
# vi /etc/puppet/puppet.conf #添加以下行
[agent]
report = true
# service puppet reload
# puppet agent --genconfig | grep runinterval #可以看见其默认同步时间是3分钟
# Note that a runinterval of 0 means "run continuously" rather than
runinterval = 1800
# The default value is '$runinterval'.
# The default value is '$runinterval'.
# vi /etc/puppet/puppet.conf #代表 60 秒跟服务器同步一次
[agent]
runinterval = 60
# service puppet reload
# openssl x509 -text -in /var/lib/puppet/ssl/certs/ca.pem | grep -i Validity -A 2 #使用这条命令我们可以看见证书的有效期
Validity
Not Before: Jun 29 09:28:24 2015 GMT
Not After : Jun 28 09:28:24 2020 GMT
# vim /etc/puppet/puppet.conf #修改其配置文件使证书有效期延长至10年
#最后一行添加如下行:
[master]
ca_ttl = 10y
# rm -fr /var/lib/puppet/ssl/
# service puppetmaster reload
# openssl x509 -text -in /var/lib/puppet/ssl/certs/ca.pem | grep -i Validity -A 2
Validity
Not Before: Jun 29 16:31:58 2015 GMT
Not After : Jun 27 16:31:58 2025 GMT
nginx+passenger:
puppet 默认使用基于 Ruby 的 WEBRickHTTP 来处理 HTTPS 请求,单个服务器使用Apache/Nginx+Passenger 替换掉 WEBRickHTTP,Passenger 是用于将 Ruby 程序进行嵌入执行的Apache 模块,实现对 puppet 的负载均衡。
# yum install -y gcc gcc-c++ curl-devel zlib-devel openssl-devel ruby-devel pcre-devel
# gem install rack passenger
# gem --list
*** LOCAL GEMS ***
daemon_controller (1.2.0)
json (1.5.5)
passenger (4.0.58)
rack (1.6.0)
rake (0.8.7)
# passenger-config –root
/usr/lib/ruby/gems/1.8/gems/passenger-4.0.58
# passenger-install-nginx-module
脚本会自动安装 nginx 支持,按提示操作,基本就是一路回车。
nginx 默认安装在/opt/nginx 目录:
nginx.conf:
#user nobody;
worker_processes 4;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid
logs/nginx.pid;
events {
use epoll;
worker_connections 4096;
}
http {
passenger_root /usr/lib/ruby/gems/1.8/gems/passenger-4.0.58;
passenger_ruby /usr/bin/ruby;
include
mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile
tcp_nopush
on;
on;
#keepalive_timeout 0;
keepalive_timeout 65;#gzip on;
server {
listen 8140;
server_name server1.example.com;
root
/etc/puppet/rack/public;
passenger_enabled
on;
passenger_set_cgi_param HTTP_X_CLIENT_DN $ssl_client_s_dn;
passenger_set_cgi_param HTTP_X_CLIENT_VERIFY $ssl_client_verify;
ssl
on;
ssl_session_timeout
5m;
ssl_certificate /var/lib/puppet/ssl/certs/server1.example.com.pem;
ssl_certificate_key /var/lib/puppet/ssl/private_keys/server1.example.com.pem;
ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem;
ssl_crl
/var/lib/puppet/ssl/ca/ca_crl.pem;
ssl_verify_client optional;
ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA;
ssl_prefer_server_ciphers on;
ssl_verify_depth
ssl_session_cache
1;
shared:SSL:128m;
}
}
# mkdir /etc/puppet/rack/{public,tmp} -p
# cp /usr/share/puppet/ext/rack/config.ru /etc/puppet/rack/# chown puppet.puppet /etc/puppet/rack/config.ru
# chkconfig puppetmaster off
# service puppetmaster stop
# /opt/nginx/sbin/nginx -t
# /opt/nginx/sbin/nginx
#检测 nginx
puppetmaster 不需要启动 , nginx 启动时会自动调用 puppet。
