概要

之前做过 apache + passenger 作为 puppetmaster 前端的实验,

这次试试由 nginx + passenger 来作为 puppetmaster 的前端.

nginx + passenger 配置

package 安装

虽然debian 上有 puppetmaster-passenger 这个包, 但是它是针对 apache 服务器的,

安装这个包会顺带把 apache 也安装上, 然后passenger的配置都是在 apache 中.

所以, 我们通过 gem 的方式来安装 passenger,

root@master-2:~# gem install rake rack passenger --no-rdoc --no-ri
Successfully installed rake-10.4.2
Successfully installed rack-1.6.0
Fetching: passenger-4.0.57.gem (100%)
Building native extensions. This could take a while...
Successfully installed passenger-4.0.57
3 gems installed

安装完成之后, nginx 不能直接从 apt-get 的源来安装, 但是可以用下面的命令来安装,

这样安装的 nginx 中就包含了 passenger 模块.

root@master-2:~# passenger-install-nginx-module
# 根据提示完成安装, 中途可能会提示用 apt-get 安装一些缺失的包.
# 安装完缺失的包后, 再次执行 passenger-install-nginx-module 即可.
# 安装 nginx 之前, 会有如下选择
Do you want this installer to download, compile and install Nginx for you? 1. Yes: download, compile and install Nginx for me. (recommended)
The easiest way to get started. A stock Nginx 1.6.2 with Passenger
support, but with no other additional third party modules, will be
installed for you to a directory of your choice. 2. No: I want to customize my Nginx installation. (for advanced users)
Choose this if you want to compile Nginx with more third party modules
besides Passenger, or if you need to pass additional options to Nginx's
'configure' script. This installer will 1) ask you for the location of
the Nginx source code, 2) run the 'configure' script according to your
instructions, and 3) run 'make install'. Whichever you choose, if you already have an existing Nginx configuration file,
then it will be preserved. Enter your choice (1 or 2) or press Ctrl-C to abort: 1 # 根据情况, 如果熟悉的话, 可以选择2, 否则选择1 即可自动编译安装 nginx

配置文件设置

nginx 配置文件 nginx.conf

root@master-1:~# cat /opt/nginx/conf/nginx.conf

#user  nobody;
worker_processes 1; #error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info; #pid logs/nginx.pid; events {
worker_connections 1024;
} http {
passenger_root /var/lib/gems/1.9.1/gems/passenger-4.0.57;
passenger_ruby /usr/bin/ruby1.9.1; include mime.types;
default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on;
#tcp_nopush on; #keepalive_timeout 0;
keepalive_timeout 65; #gzip on;
include /etc/nginx/conf.d/*.conf; server {
listen 80;
server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; location / {
root html;
index index.html index.htm;
} #error_page 404 /404.html; # redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
} }
}

nginx中作为puppet前端的配置.

root@master-1:~# cat /etc/nginx/conf.d/puppet.conf
server {
listen 8140 ssl;
server_name master-1 master-1.puppet.com; passenger_enabled on;
passenger_set_cgi_param HTTP_X_CLIENT_DN $ssl_client_s_dn;
passenger_set_cgi_param HTTP_X_CLIENT_VERIFY $ssl_client_verify; access_log /var/log/nginx/puppet_access.log;
error_log /var/log/nginx/puppet_error.log; root /usr/share/puppet/rack/puppetmasterd/public; ssl_certificate /var/lib/puppet/ssl/certs/master-1.puppet.com.pem;
ssl_certificate_key /var/lib/puppet/ssl/private_keys/master-1.puppet.com.pem;
ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem;
ssl_client_certificate /var/lib/puppet/ssl/certs/ca.pem;
ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA;
ssl_prefer_server_ciphers on;
ssl_verify_client optional;
ssl_verify_depth 1;
ssl_session_cache shared:SSL:128m;
ssl_session_timeout 5m;
}

测试配置结果

# 上面的配置完成后, master 上重启 nginx 服务
root@master-2:~# /opt/nginx/sbin/nginx -s reload # agent 上允许测试, 查看是否连通
root@node-1:~# rm -rf /var/lib/puppet/ssl/*
root@node-1:~# puppet agent -t
Info: Creating a new SSL key for node-1.puppet.com
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for node-1.puppet.com
Info: Certificate Request fingerprint (SHA256): 7E:F9:4A:EA:B1:BE:A4:0B:33:1D:55:44:9B:4C:83:8D:74:49:25:0E:8B:A2:80:23:D0:6B:A5:0D:FB:E4:6F:07
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled # master 上许可证书
root@master-2:~# puppet cert list --all
"node-1.puppet.com" (SHA256) 7E:F9:4A:EA:B1:BE:A4:0B:33:1D:55:44:9B:4C:83:8D:74:49:25:0E:8B:A2:80:23:D0:6B:A5:0D:FB:E4:6F:07
+ "master-2.puppet.com" (SHA256) 86:12:B9:BE:B2:2C:26:B2:15:FE:07:11:A1:ED:E5:BC:95:0C:8F:D1:8B:E6:40:FB:C5:0D:D6:DD:F6:DC:ED:00
root@master-2:~# puppet cert sign node-1.puppet.com
Notice: Signed certificate request for node-1.puppet.com
Notice: Removing file Puppet::SSL::CertificateRequest node-1.puppet.com at '/var/lib/puppet/ssl/ca/requests/node-1.puppet.com.pem'
root@master-2:~# puppet cert list --all
+ "master-2.puppet.com" (SHA256) 86:12:B9:BE:B2:2C:26:B2:15:FE:07:11:A1:ED:E5:BC:95:0C:8F:D1:8B:E6:40:FB:C5:0D:D6:DD:F6:DC:ED:00
+ "node-1.puppet.com" (SHA256) 8C:EA:3E:05:A0:90:D4:89:75:B6:9A:A8:55:BC:48:F8:C3:E8:60:D9:E0:51:9A:3F:E6:49:FE:B5:EA:1B:05:F3 # agent 再次测试, 可以正常连接 master 了
root@node-1:~# puppet agent -t
Info: Caching certificate for node-1.puppet.com
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for node-1.puppet.com
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for node-1.puppet.com
Info: Applying configuration version '1420875451'
Notice: Finished catalog run in 0.02 seconds

参考网址

http://z0mbix.github.io/blog/2012/03/01/use-nginx-and-passenger-to-power-your-puppet-master/

puppet使用 apache passsenger 作为前端 (debian)的更多相关文章

  1. puppet使用 apache passsenger 作为前端 (centos)

    目录 1. 概要 2. nginx + passenger 配置 2.1. package 安装 2.2. 配置文件设置 2.3. rack 目录生成 概要 使用 nginx + passenger ...

  2. puppet 和 apache passenger的配置

    目录 1. 概要 2. apache passenger 安装测试 2.1. 什么是 apache passenger 2.2. 安装 apache passenger 2.3. 配置 apache ...

  3. debian 安装svn apache 小记. AuthzSVNAccessFile 不生效问题.

    docker 使用docker镜像搭建svn+Apache环境 https://my.oschina.net/u/2006667/blog/637882 1,安装 apache ,svnapt-get ...

  4. DevOps - 配置管理 - Puppet

    uppet总结 一.基础知识 1. Puppet是开源的基于Ruby的系统配置管理工具,依赖于C/S的部署架构.Puppet这样的自动化配置管理工具可以帮助系统管理员更加方便的完成多台服务器的升级软件 ...

  5. Apache代理Tomcat实现session共享构建网上商城系统

    一.环境介绍 二.安装配置后端服务器 三.安装配置前端服务器 四.配置Tomcat服务器实现session共享 五.构建网上商城系统 一.环境介绍 系统版本:CentOS 6.4_x86_64 Mys ...

  6. puppet安装配置及使用

     puppet安装前准备 一.服务器信息 master端:10.10.10.201 master.fansik.com slave端:10.10.10.156 slave.fansik.com 三台机 ...

  7. Apache / PHP 5.x Remote Code Execution Exploit

    测试方法: 本站提供程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负! /* Apache Magica by Kingcope */ /* gcc apache-magika.c -o ...

  8. Nginx + Apache 反向代理

    反向代理负载均衡 使用代理服务器可以将请求转发给内部的Web服务器,使用这种加速模式显然可以提升静态网页的访问速度.因此也可以考虑使用这种技术,让代理服务器将请求均匀转发给多台内部Web服务器之一上, ...

  9. apache的server-status如何分析的技术说明

    XML/HTML代码 Apache Server Status for www.blogguy.cn Server Version: Apache/2.2.9 (Debian) PHP/5.2.6-1 ...

随机推荐

  1. 【golang-GUI开发】struct tags系统(一)

    我们已经介绍了qt的signal和slot,现在该讲讲它的struct tags系统了.qt拥有多种的struct tags,我们会去一一了解它们. 什么是struct tags? struct ta ...

  2. 使用VSCode如何调试C#控制台程序_1

    A-环境安装 https://www.microsoft.com/net/download 下载 .NET Core SDK Installer: https://www.microsoft.com/ ...

  3. WPF Grid布局

    本节讲述布局,顺带加点样式给大家看看~单纯学布局,肯定是枯燥的~哈哈 那如上界面,该如何设计呢? 1.一些布局元素经常用到.Grid StackPanel Canvas WrapPanel等.如上这种 ...

  4. SVN的工作原理及流程手册

    1.什么是SVN ? SVN是Subversion的简称,是一个开放源代码的版本控制系统,相较于RCS.CVS,它采用了分支管理系统,它的设计目标就是取代CVS. 互联网上很多版本控制服务已从CVS迁 ...

  5. [android] 插入一条记录到系统短信应用里

    谷歌市场上有这些应用,模拟短信,原理就是把数据插入到短信应用的数据库里 获取ContentResolver对象,通过getContentResolver()方法 调用resolver对象的insert ...

  6. 【Java每日一题】20170227

    20170224问题解析请点击今日问题下方的“[Java每日一题]20170227”查看(问题解析在公众号首发,公众号ID:weknow619) package Feb2017; import jav ...

  7. 02-Java中的对象和类

    面向对象: 程序由对象构成,每个对象包含对用户公开的特定功能部分(public)和隐藏实现部分(private). 类: 构造对象的模板 对象: 对象的行为 --- 可以对对象施加的操作(方法) 对象 ...

  8. HTML表格,table,thead,tbody,tfoot,th,tr,td,的属性以及跨行,跨列

    在HTML中表格是作为一个整体来解析的,解析完才会在页面显示,如果表格很复杂很长,加载时间很长,用户体验就不好.所以这里就要用到表格结构标签,解析一部分就显示一部分,不用等表格全部加载完再显示. 表格 ...

  9. angular 用拦截器统一处理http请求和响应 比如加token

    想使用angularjs里的htpp向后台发送请求,现在有个用户唯一识别的token想要放到headers里面去,也就是{headres:{'token':1}} index.html里引入以下js: ...

  10. 【机器学习】Google机器学习工程的43条最佳实践

    https://blog.csdn.net/ChenVast/article/details/81449509 本文档旨在帮助那些掌握机器学习基础知识的人从Google机器学习的最佳实践中获益.它提供 ...