Chinaunix首页 | 论坛 | 博客
  • 博客访问: 365033
  • 博文数量: 45
  • 博客积分: 0
  • 博客等级: 民兵
  • 技术积分: 885
  • 用 户 组: 普通用户
  • 注册时间: 2015-05-06 21:07
个人简介

做好自己,不卑不亢,持之以恒!!

文章分类

全部博文(45)

分类: 系统运维

2015-07-01 00:54:28

10:模板应用(添加虚拟主机配置):
文件存放在 templates 目录中,以*.erb 结尾。
# # vim /etc/puppet/modules/httpd/templates/httpd_vhost.conf.erb 
<VirtualHost *:80>
DocumentRoot <%= sitedir %>
Servername <%= domainname %>
ErrorLog logs/<%= domainname %>-error_log
CustomLog logs/<%= domainname %>-access_log common
</VirtualHost>

# vim /etc/puppet/modules/httpd/manifests/init.pp
class httpd {
include httpd::install,httpd::config,httpd::service
}
define httpd::vhost($domainname,$sitedir) {
file { "/etc/httpd/conf.d/${domainname}_vhost.conf":
content => template("httpd/httpd_vhost.conf.erb"),
require => Class["httpd::install"],
notify => Class["httpd::service"]
}

file { "$sitedir":
ensure => directory
}
file { "$sitedir/index.html":
content => $domainname
}
}

]# vim /etc/puppet/manifests/nodes/server4.example.com.pp
node 'server4.example.com'{
        package {"vsftpd":ensure => present;}


include httpd
httpd::vhost { 'server4.example.com':
        domainname => "server4.example.com",
        sitedir => "/var/www/html"
}
httpd::vhost { '':
        domainname => "",
        sitedir => "/var/www/vhost1"

}
}

同时apache打开其虚拟端口
# vim /etc/puppet/modules/httpd/files/httpd.conf
#
NameVirtualHost *:80
#
当client 端登录时会在/etc/httpd/conf.d目录下产生如下文件
server4.example.com_vhost.conf
_vhost.conf

11:Puppet dashboard 安装 (用以 web 方式管理 puppet)
所需安装包
rubygem-rake-0.8.7-2.1.el6.noarch.rpm
puppet-dashboard-1.2.12-1.el6.noarch.rpm
ruby-mysql-2.8.2-1.el6.x86_64.rpm
mysql-server


配置 mysql 数据库:
mysql> CREATE DATABASE dashboard_production CHARACTER SET utf8;
Query OK, 1 row affected (0.00 sec)
mysql> CREATE USER 'dashboard'@'localhost' IDENTIFIED BY 'redhat';
Query OK, 0 rows affected (0.01 sec)
mysql> GRANT ALL PRIVILEGES ON dashboard_production.* TO 'dashboard'@'localhost';
Query OK, 0 rows affected (0.00 sec)
mysql>

# cd /usr/share/puppet-dashboard/
# vi config/database.yml
#只留下生产环境配置
production:
database: dashboard_production
username: dashboard
password: redhat
encoding: utf8
adapter: mysql

# rake RAILS_ENV=production db:migrate      #建立 dashboard 所需的数据库和表
mysql> show tables;
+--------------------------------+
| Tables_in_dashboard_production |
+--------------------------------+
| delayed_job_failures           |
| delayed_jobs                   |
| metrics                        |
| node_class_memberships         |
| node_classes                   |
| node_group_class_memberships   |
| node_group_edges               |
| node_group_memberships         |
| node_groups                    |
| nodes                          |
| old_reports                    |
| parameters                     |
| report_logs                    |
| reports                        |
| resource_events                |
| resource_statuses              |
| schema_migrations              |
| timeline_events                |
+--------------------------------+

# rake time:zones:local
# vim /usr/share/puppet-dashboard/config/settings.yml
time_zone:'Beijing'

启动服务:
# service puppet-dashboard start
Starting Puppet Dashboard: => Booting WEBrick
=> Rails 2.3.14 application starting on [  OK  ]

# chmod 0666 /usr/share/puppet-dashboard/log/production.log
# service puppet-dashboard-workers start

实时报告汇总:
设置 server 端:
# vim /etc/puppet/puppet.conf
#添加以下行
[main]
reports = http
reporturl = /> # service puppetmaster reload

设置 client 端:
# vi /etc/puppet/puppet.conf    #添加以下行
[agent]
report = true

# service puppet reload


# puppet agent --genconfig | grep runinterval      #可以看见其默认同步时间是3分钟
    # Note that a runinterval of 0 means "run continuously" rather than
    runinterval = 1800
    # The default value is '$runinterval'.
    # The default value is '$runinterval'.

# vi /etc/puppet/puppet.conf             #代表 60 秒跟服务器同步一次
[agent]
runinterval = 60

# service puppet reload


# openssl x509 -text -in /var/lib/puppet/ssl/certs/ca.pem | grep -i Validity -A 2            #使用这条命令我们可以看见证书的有效期
        Validity
            Not Before: Jun 29 09:28:24 2015 GMT
            Not After : Jun 28 09:28:24 2020 GMT
# vim /etc/puppet/puppet.conf         #修改其配置文件使证书有效期延长至10年
#最后一行添加如下行:
[master]
ca_ttl = 10y

# rm -fr /var/lib/puppet/ssl/
# service puppetmaster reload
# openssl x509 -text -in /var/lib/puppet/ssl/certs/ca.pem | grep -i Validity -A 2
        Validity
            Not Before: Jun 29 16:31:58 2015 GMT
            Not After : Jun 27 16:31:58 2025 GMT

nginx+passenger:
puppet 默认使用基于 Ruby 的 WEBRickHTTP 来处理 HTTPS 请求,单个服务器使用Apache/Nginx+Passenger 替换掉 WEBRickHTTP,Passenger 是用于将 Ruby 程序进行嵌入执行的Apache 模块,实现对 puppet 的负载均衡。
# yum install -y gcc gcc-c++ curl-devel zlib-devel openssl-devel ruby-devel   pcre-devel
# gem install rack passenger
# gem --list
*** LOCAL GEMS ***
daemon_controller (1.2.0)
json (1.5.5)
passenger (4.0.58)
rack (1.6.0)
rake (0.8.7)
# passenger-config –root
/usr/lib/ruby/gems/1.8/gems/passenger-4.0.58
# passenger-install-nginx-module
脚本会自动安装 nginx 支持,按提示操作,基本就是一路回车。
nginx 默认安装在/opt/nginx 目录:
nginx.conf:
#user nobody;
worker_processes 4;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid
logs/nginx.pid;
events {
use epoll;
worker_connections 4096;
}

http {
passenger_root /usr/lib/ruby/gems/1.8/gems/passenger-4.0.58;
passenger_ruby /usr/bin/ruby;
include
mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile
tcp_nopush
on;
on;
#keepalive_timeout 0;
keepalive_timeout 65;#gzip on;
server {
listen 8140;
server_name server1.example.com;
root
/etc/puppet/rack/public;
passenger_enabled
on;
passenger_set_cgi_param HTTP_X_CLIENT_DN $ssl_client_s_dn;
passenger_set_cgi_param HTTP_X_CLIENT_VERIFY $ssl_client_verify;
ssl
on;
ssl_session_timeout
5m;
ssl_certificate /var/lib/puppet/ssl/certs/server1.example.com.pem;
ssl_certificate_key /var/lib/puppet/ssl/private_keys/server1.example.com.pem;
ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem;
ssl_crl
/var/lib/puppet/ssl/ca/ca_crl.pem;
ssl_verify_client optional;
ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA;
ssl_prefer_server_ciphers on;
ssl_verify_depth
ssl_session_cache
1;
shared:SSL:128m;
}
}
# mkdir /etc/puppet/rack/{public,tmp} -p
# cp /usr/share/puppet/ext/rack/config.ru /etc/puppet/rack/# chown puppet.puppet /etc/puppet/rack/config.ru
# chkconfig puppetmaster off
# service puppetmaster stop
# /opt/nginx/sbin/nginx -t
# /opt/nginx/sbin/nginx
#检测 nginx
puppetmaster 不需要启动 , nginx 启动时会自动调用 puppet。




阅读(2775) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~