实战Puppet 集中配置管理系统(3)——Puppet dashboard与nginx+passenger安装配置
本次实验内容紧接前两次实验,第一节内容主要介绍PUPPET的安装认证与资源定义,第二节主要写apache与nginx模块的应用,本次介绍Puppet dashboard与nginx+passenger 的安装,Puppet dashboard 是用以 web 方式管理 puppet。puppet 默认使用基于 Ruby 的WEBRickHTTP 来处理 HTTPS 请求,单个服务器使用Apache/Nginx+Passenger 替换掉 WEBRickHTTP,Passenger 是用于将 Ruby 程序进行嵌入执行的上次实验内容:
实战Puppet 集中配置管理系统(1)——认证与资源定义
实战Puppet 集中配置管理系统(2)——apache与nginx模块配置
1 . Puppet dashboard安装配置
1)所需软件包
puppet-dashboard-1.2.23-1.el6.noarch.rpm
ruby-mysql-2.8.2-1.el6.x86_64.rpm
rubygem-rake-0.8.7-2.1.el6.noarch.rpm
依赖性:
* Ruby 1.8.7
* RubyGems
* Rake >= 0.8.3
* MySQL server 5.x
* Ruby-MySQL bindings 2.7.x or 2.8.x
2)安装
#yum install puppet-dashboard-1.2.23-1.el6.noarch.rpm
ruby-mysql-2.8.2-1.el6.x86_64.rpm rubygem-rake-0.8.7-2.1.el6.noarch.rpm -y
#mysql 5.1 遇到的信息包过大问题 用客户端导入数据的时候,遇到错误代码: 1153 - Got a
packet bigger than 'max_allowed_packet' bytes 终止了数据导入,可以使用如下参数解决:
(rhel6.3 上未遇到)
# vi /etc/my.cnf
max_allowed_packet = 32M#添加此行
3)配置 mysql 数据库
# /etc/init.d/mysqld start
# mysql_secure_installation设置root密码为willis
# cd /usr/share/puppet-dashboard/
# vim config/database.yml//只留下生产环境配置
#vim config/add.sql
CREATE DATABASE dashboard_production CHARACTER SET utf8;
CREATE USER 'dashboard'@'localhost'> GRANT ALL PRIVILEGES ON dashboard_production.* TO 'dashboard'@'localhost';
# rake RAILS_ENV=production db:migrate
//建立 dashboard 所需的数据库和表
4)修改puppet-dashboard 默认时区
#//查看puppet-dashboard 默认支持的时区
#rake gems:refresh_specs
#rake time:zones:local
# vim /usr/share/puppet-dashboard/config/settings.yml
//puppet-dashboard 默认时区不正确,需要修改
time_zone: 'Beijing'
5)启动服务
#/etc/init.d/puppet-dashboard start
6)修改日志文件权限
# cd /usr/share/puppet-dashboard/log
#chmod 666 /production.log
#/etc/init.d/puppet-dashboard-workers start
7)修改服务器的配置文件
# vim /etc/puppet/puppet.conf
//添加以下两项
reports = http
reporturl = http://172.25.254.1:3000/reports
#/etc/init.d/puppetmaster restart
8)设置 client 端
server2与server3同时设置如下
#vim /etc/puppet/puppet.conf
//添加以下行
report = true
# puppet agent --server server1.example.com --no-daemonize -vt//同步数据
9) 浏览器访问 172.25.254.1:3000
10)在客户端安装完 puppet 后,并且认证完后,我们可以看到效果,那怎样让它自动与服务器同步呢?默认多少分钟跟服务器同步呢?怎样修改同步的时间呢,这时候我们需要配置客户端:
<1>配置 puppet 相关参数和同步时间:
# vim /etc/sysconfig/puppet
PUPPET_SERVER=server1.example.com #puppet master 的地址
PUPPET_PORT=8140 #puppet 监听端口
PUPPET_LOG=/var/log/puppet/puppet.log #puppet 本地日志
#PUPPET_EXTRA_OPTS=--waitforcert=500 【默认同步的时间,我这里不修改这行参数】
<2>默认配置完毕后,客户端会半个小时跟服务器同步一次,我们可以修改这个时间
# vim /etc/puppet/puppet.conf
runinterval = 60//代表 60 秒跟服务器同步一次
#/etc/init.d/puppet start
2.nginx+passenger 安装配置
Apache 模块,实现对 puppet 的负载均衡。
参考:https://docs.puppetlabs.com/guides/passenger.html
1)# gem list
*** LOCAL GEMS ***
json (1.5.5)
rack (1.6.4)
2)不够就下载
# gem install passenger-5.0.15.gem rack-1.6.4.gem
3) # yum install -y gcc gcc-c++ curl-devel zlib-devel openssl-devel ruby-devel
# tar zxf nginx-1.8.0.tar.gz -C /mnt
4) #passenger-install-nginx-module
//脚本会自动安装 nginx 支持,按提示操作,其它按Enter就好,编译过程比较慢
5) nginx 默认安装在/opt/nginx 目录:
# cd /opt/nginx/conf/
# /etc/init.d/puppetmaster stop
# vim nginx.conf
server {
listen 8140;
server_nameserver1.example.com;
root /etc/puppet/rack/public;
passenger_enabled on;
passenger_set_header X_CLIENT_DN $ssl_client_s_dn;
passenger_set_header X_CLIENT_VERIFY $ssl_client_verify;
ssl on;
ssl_session_timeout 5m;
ssl_certificate /var/lib/puppet/ssl/certs/server1.example.com.pem;
ssl_certificate_key /var/lib/puppet/ssl/private_keys/server1.example.com.pem;
ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem;
ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem;
ssl_verify_client optional;
ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA;
ssl_prefer_server_ciphers on;
ssl_verify_depth 1;
ssl_session_cache shared:SSL:128m;
}
# /opt/nginx/sbin/nginx -t //检测 nginx配置文件是否有错
6)添加目录
# cd /etc/puppet/
# mkdir /etc/puppet/rack/{public,tmp}-p
# cd rack/
# cp /usr/share/puppet/ext/rack/config.ru /etc/puppet/rack/
# chown puppet.puppet /etc/puppet/rack/config.ru
# /etc/init.d/puppetmaster stop
#chkconfig puppetmaster off
# /opt/nginx/sbin/nginx//启动nginx
//puppetmaster 不需要启动 , nginx 启动时会自动调用 puppet。
7) 测试
# /opt/nginx/sbin/nginx stop #关闭nginx让客户端获取信息,可以看到获取不到信息
# /opt/nginx/sbin/nginx ###开启nginx,可以看到客户端可以获取到信息
#ps -ax ###查看进程启动情况
页:
[1]