Puppet install with nginx unicorn
主机配置:主机名 IP(Static) 系统 配置 角色
puppetserver 192.168.20.20 CentOS-6.5-x86_64-minimal 2CPU,2G,50G,1网卡 server
puppetclient 192.168.20.21 CentOS-6.5-x86_64-minimal 2CPU,2G,50G,1网卡 agent
puppetserver:
1.puppet安装:
(1).配置hosts文件:
# vi /etc/hosts
1
2
3
4
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.20.20 puppetserver.chensh.net
192.168.20.21 puppetclient.chensh.net
(2).添加yum源:
添加epel源:
# rpm -Uvh http://mirrors.sohu.com/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm
添加puppet源:
# rpm -Uvh http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-11.noarch.rpm
(3).安装puppet-server:
# yum -y install puppet-server
(4).开启puppet服务:
# chkconfig puppetmaster on
# service puppetmaster start
(5).打开防火墙puppet端口:
# iptables -I INPUT -p tcp --dport 8140 -j ACCEPT
(6).编辑puppet.conf文件:
# vi /etc/puppet/puppet.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
server = puppetserver.chensh.net
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion.Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration.An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig 2.Unicron安装:
(1).安装ruby、gcc....2.安装Unicron:
# yum install make gcc ruby-devel
(2).安装unicron gem:
# gem install unicorn rack
(3).安装拷贝config.ru:
# cp -a /usr/share/puppet/ext/rack/config.ru /etc/puppet/
(4).配置unicron:
# vi /etc/puppet/unicorn.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
worker_processes 8
working_directory "/etc/puppet"
listen '/var/run/puppet/puppetmaster_unicorn.sock', :backlog => 512
timeout 120
pid "/var/run/puppet/puppetmaster_unicorn.pid"
preload_app true
if GC.respond_to?(:copy_on_write_friendly=)
GC.copy_on_write_friendly = true
end
before_fork do |server, worker|
old_pid = "#{server.config[:pid]}.oldbin"
if File.exists?(old_pid) && server.pid != old_pid
begin
Process.kill("QUIT", File.read(old_pid).to_i)
rescue Errno::ENOENT, Errno::ESRCH
# someone else did our job for us
end
end
end# cd /etc/puppet ; unicorn -c unicorn.conf
(5).测试unicron运行:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
I, INFO -- : Refreshing Gem list
I, INFO -- : listening on addr=/var/run/puppet/puppetmaster_unicorn.sock fd=6
I, INFO -- : worker=0 spawned pid=2613
I, INFO -- : worker=1 spawned pid=2614
I, INFO -- : worker=1 ready
I, INFO -- : worker=0 ready
I, INFO -- : worker=2 spawned pid=2615
I, INFO -- : worker=2 ready
I, INFO -- : worker=4 spawned pid=2617
I, INFO -- : worker=3 spawned pid=2616
I, INFO -- : worker=3 ready
I, INFO -- : worker=4 ready
I, INFO -- : worker=5 spawned pid=2618
I, INFO -- : worker=5 ready
I, INFO -- : worker=6 spawned pid=2619
I, INFO -- : worker=7 spawned pid=2620
I, INFO -- : master process ready
I, INFO -- : worker=6 ready
I, INFO -- : worker=7 readyCtrl+C 退出;
(6).添加Unicron启停脚本:
# vi /etc/init.d/puppets-unicron
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
#!/bin/bash
# unicorn-puppet
lockfile=/var/lock/puppetmaster-unicorn
pidfile=/var/run/puppet/puppetmaster_unicorn.pid
RETVAL=0
DAEMON=/usr/bin/unicorn
DAEMON_OPTS="-D -c /etc/puppet/unicorn.conf"
start() {
sudo -u $USER $DAEMON $DAEMON_OPTS
RETVAL=$?
[ $RETVAL -eq 0 ] && touch "$lockfile"
echo
return $RETVAL
}
stop() {
sudo -u $USER kill `cat $pidfile`
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f "$lockfile"
return $RETVAL
}
restart() {
stop
sleep 1
start
RETVAL=$?
echo
[ $RETVAL -ne 0 ] && rm -f "$lockfile"
return $RETVAL
}
condrestart() {
status
RETVAL=$?
[ $RETVAL -eq 0 ] && restart
}
status() {
ps ax | egrep -q "unicorn (worker|master)"
RETVAL=$?
return $RETVAL
}
usage() {
echo "Usage: $0 {start|stop|restart|status|condrestart}" >&2
return 3
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
condrestart)
condrestart
;;
status)
status
;;
*)
usage
;;
esac
exit $RETVAL
(7).修改puppets-unicron执行权限:
# chmod 755 /etc/init.d/puppets-unicron
(8).启动puppets-unicron服务:
# /etc/init.d/puppets-unicron start
(9).确认puppets-unicron运行状态:
# ps -ef | grep unicron
1
2
3
4
5
6
7
8
9
10
puppet 2628 10 15:06 ? 00:00:01 unicorn master -D -c /etc/puppet/unicorn.conf
puppet 263626280 15:06 ? 00:00:00 unicorn worker -D -c /etc/puppet/unicorn.conf
puppet 263726280 15:06 ? 00:00:00 unicorn worker -D -c /etc/puppet/unicorn.conf
puppet 263826280 15:06 ? 00:00:00 unicorn worker -D -c /etc/puppet/unicorn.conf
puppet 263926280 15:06 ? 00:00:00 unicorn worker -D -c /etc/puppet/unicorn.conf
puppet 264026280 15:06 ? 00:00:00 unicorn worker -D -c /etc/puppet/unicorn.conf
puppet 264126280 15:06 ? 00:00:00 unicorn worker -D -c /etc/puppet/unicorn.conf
puppet 264226280 15:06 ? 00:00:00 unicorn worker -D -c /etc/puppet/unicorn.conf
puppet 264326280 15:06 ? 00:00:00 unicorn worker -D -c /etc/puppet/unicorn.conf
root 276714920 15:28 pts/1 00:00:00 grep unicron 3.Nginx安装:
(1).yum nginx:
# yum -y install nginx
(2).配置nginx:
# vi /etc/nginx/nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes8;
error_log/var/log/nginx/error.log;
#error_log/var/log/nginx/error.lognotice;
#error_log/var/log/nginx/error.loginfo;
pid /var/run/nginx.pid;
events {
worker_connections1024;
}
http {
include /etc/nginx/mime.types;
default_typeapplication/octet-stream;
log_formatmain'$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log/var/log/nginx/access.logmain;
sendfile on;
#tcp_nopush on;
#keepalive_timeout0;
keepalive_timeout65;
#gzipon;
# Load config files from the /etc/nginx/conf.d directory
# The default server is in conf.d/default.conf
include /etc/nginx/conf.d/*.conf;
}# vi /etc/nginx/conf.d/puppets-unicorn.conf
# mv /etc/nginx/conf.d/default.conf/etc/nginx/conf.d/default.conf_bak
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
upstream puppetmaster_unicorn {
server unix:/var/run/puppet/puppetmaster_unicorn.sock fail_timeout=0;
}
server {
listen 8140;
ssl on;
ssl_session_timeout 5m;
ssl_certificate /var/lib/puppet/ssl/certs/puppetserver.pem;
ssl_certificate_key /var/lib/puppet/ssl/private_keys/puppetserver.pem;
ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem;
ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA;
ssl_verify_client optional;
root /usr/share/empty;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify $ssl_client_verify;
proxy_set_header X-Client-DN $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
proxy_read_timeout 120;
location / {
proxy_pass http://puppetmaster_unicorn;
proxy_redirect off;
}
}
(3).启动nginx服务:
# service nginx start
Puppetclient:
1.puppet安装:
(1).配置hosts文件:
# vi /etc/hosts
1
2
3
4
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.20.20 puppetserver.chensh.net
192.168.20.21 puppetclient.chensh.net
(2).添加yum源:
添加epel源:
# rpm -Uvh http://mirrors.sohu.com/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm
添加puppet源:
# rpm -Uvh http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-11.noarch.rpm
(3).安装puppet-server:
# yum -y install puppet
(4).配置puppet.conf
# vi /etc/puppet/puppet.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion.Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration.An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
server = puppetserver.chensh.net# chkconfig puppet on
(5).开启puppet服务:
# service puppet start
测试:
# puppet agent --test
# puppet cert --list
# puppet cert sign all
其他:
puppet配置项说明:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
#指定了puppet服务端的地址
server = master.puppet.lightcloud.cn
#是否实时刷新日志到磁盘
autoflush = false
#日志目录
logdir = /var/log/puppet
#puppet进程pid文件存放目录,使用守护进程运行时,需要这个文件
rundir = /var/run/puppet
#保存客户端上传自身信息的文件存储目录,每个节点会有一个单独的目录,客户端的每次执行会生成一个以日期+时间命名yaml文件
reportdir = /var/lib/puppet/reports
#在客户第一次链接服务端的时候,需要服务端签名(相当于确认),服务端对客户端的识别是通过名字来确
#认的,在这个文件中的名字,可以被服务端自动签名(确认),支持正则匹配,内容类似这样:
#test.lightcloud.cn
#*.puppet.lightcloud.cn
autosign = /etc/puppet/autosign.conf
#puppetmaster服务端监听地址
bindaddress = 0.0.0.0
#puppetmaster服务端监听端口
masterport = 8140
#是否记录客户端对
evaltrace = true
#客户端的名字
certname = client.puppet.lightcloud.cn
#是否后台运行
daemonize = true
#是否允许证书自动覆盖,默认是不允许的,每个证书的有效期为5年
allow_duplicate_certs = true
#是否上传客户端对resouces的执行结果
report = true
#上传的方式,在有puppet的dashboard时需要这个
reports = store, http
#store上传是的地址
report_server =master.puppet.lightcloud.cn
#store上传是的端口
report_port = 8140
#http上传时的地址,按照puppet的dashboard时需要这个
reporturl = http://172.58.0.68:3000/reports/upload
#客户端执行间隔(20分钟)
runinterval = 20m
#是否在执行时间上另加一个随机时间(0到最大随机时间之间的一个整数值)
splay = true
#加的随之时间的最大长度
splaylimit = 10m
#客户端获取配置超时时间
configtimeout = 2m
#日志记录是是否加颜色
color = ansi
#是否忽略本地缓存
ignorecache = true
页:
[1]