puppet4 passenger布署

最新推荐文章于 2021-04-21 15:22:04 发布

原创最新推荐文章于 2021-04-21 15:22:04 发布 · 1.1k 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#puppet #puppet4 #passenger #配置管理 #puppet扩容

配置管理专栏收录该内容

1 篇文章

订阅专栏

本文详细介绍如何在 CentOS 6.2 上使用 Puppet 4.3 配置 Apache 和 Passenger，包括安装 Apache、配置 Ruby 环境、安装 Passenger 及其依赖、配置 Puppet Master 的 Rack 应用及 Apache 虚拟主机等步骤。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

puppet4 passenger布署

本文参考自puppetlabs官方passenger布署文档，增加了一些细节的处理，比官方文档更详细。本文测试环境为centos6.2,puppet4.3。

安装apache

yum install httpd httpd-devel

卸载系统自带ruby

由于puppet4.3已经自带了2.1的ruby,可能会与系统自带版本冲突，所以卸载掉比较安全，免得ruby环境太混乱了。

yum remove ruby

将puppet下的bin目录加到PATH里去，再执行ruby -v看到的ruby版本就是puppet自带的版本了。

export PATH=$PATH:/opt/puppetlabs/puppet/bin
ruby -v         
ruby 2.1.7p400 (2015-08-18 revision 51632) [x86_64-linux]

用gem安装puppet代码

如果默认gem源用不了，就用http的源试下。

gem sources --remove https://rubygems.org/
gem sources -a http://rubygems.org/
gem install -V puppet -v 4.3.1

安装Rack/Passenger

注意，修改passenger-install-apache2-module的ruby路径为puppet自带ruby路径：/opt/puppetlabs/puppet/bin/ruby。

gem install -V rack passenger
vim /usr/bin/passenger-install-apache2-module
#!/opt/puppetlabs/puppet/bin/ruby 
passenger-install-apache2-module

将以下代码拷贝至apache配置文件里，不同的环境配置可能不同，按照passenger-install-apache2-module的提示来。最后回车就搞定了。

   LoadModule passenger_module /opt/puppetlabs/puppet/lib/ruby/gems/2.1.0/gems/passenger-5.0.27/buildout/apache2/mod_passenger.so
   <IfModule mod_passenger.c>
     PassengerRoot /opt/puppetlabs/puppet/lib/ruby/gems/2.1.0/gems/passenger-5.0.27
     PassengerDefaultRuby /opt/puppetlabs/puppet/bin/ruby
   </IfModule>

安装Puppet Master Rack

找到config.ru文件，这个文件应该在puppet代码下面，

# locate config.ru                                     
/opt/puppetlabs/puppet/lib/ruby/gems/2.1.0/gems/puppet-4.3.1/ext/rack/config.ru

然后给应用程序建目录，并把刚刚找到的config.ru文件拷贝过去，将config.ru属主权限改成puppet,

$ sudo mkdir -p /usr/share/puppet/rack/puppetmasterd
$ sudo mkdir /usr/share/puppet/rack/puppetmasterd/public /usr/share/puppet/rack/puppetmasterd/tmp
$ sudo cp /opt/puppetlabs/puppet/lib/ruby/gems/2.1.0/gems/puppet-4.3.1/ext/rack/config.ru /usr/share/puppet/rack/puppetmasterd/
$ sudo chown puppet:puppet /usr/share/puppet/rack/puppetmasterd/config.ru

最终目录结构如下：

# tree /usr/share/puppet
/usr/share/puppet
└── rack
    └── puppetmasterd
        ├── config.ru
        ├── public
        └── tmp

4 directories, 1 file

配置apache

在/etc/httpd/conf.d新建puppetmaster.conf文件，将下面内容拷贝进去。将SSL文件路径修改成自己的实际路径。

# You'll need to adjust the paths in the Passenger config depending on which OS
# you're using, as well as the installed version of Passenger.

# Debian/Ubuntu:
#LoadModule passenger_module /var/lib/gems/1.8/gems/passenger-4.0.x/ext/apache2/mod_passenger.so
#PassengerRoot /var/lib/gems/1.8/gems/passenger-4.0.x
#PassengerRuby /usr/bin/ruby1.8

# RHEL/CentOS:
#LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-4.0.x/ext/apache2/mod_passenger.so
#PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.x
#PassengerRuby /usr/bin/ruby

# And the passenger performance tuning settings:
# Set this to about 1.5 times the number of CPU cores in your master:
PassengerMaxPoolSize 12
# Recycle master processes after they service 1000 requests
PassengerMaxRequests 1000
# Stop processes if they sit idle for 10 minutes
PassengerPoolIdleTime 600

Listen 8140
<VirtualHost *:8140>
    # Make Apache hand off HTTP requests to Puppet earlier, at the cost of
    # interfering with mod_proxy, mod_rewrite, etc. See note below.
    PassengerHighPerformance On

    SSLEngine On

    # Only allow high security cryptography. Alter if needed for compatibility.
    SSLProtocol ALL -SSLv2 -SSLv3
    SSLCipherSuite EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
    SSLHonorCipherOrder     on

    SSLCertificateFile      /etc/puppetlabs/puppet/ssl/certs/puppet-server.example.com.pem
    SSLCertificateKeyFile   /etc/puppetlabs/puppet/ssl/private_keys/puppet-server.example.pem
    SSLCertificateChainFile /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem
    SSLCACertificateFile    /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem
    SSLCARevocationFile     /etc/puppetlabs/puppet/ssl/ca/ca_crl.pem
    SSLCARevocationCheck    chain
    SSLVerifyClient         optional
    SSLVerifyDepth          1
    SSLOptions              +StdEnvVars +ExportCertData

    # Apache 2.4 introduces the SSLCARevocationCheck directive and sets it to none
    # which effectively disables CRL checking. If you are using Apache 2.4+ you must
    # specify 'SSLCARevocationCheck chain' to actually use the CRL.

    # These request headers are used to pass the client certificate
    # authentication information on to the Puppet master process
    RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
    RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
    RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

    DocumentRoot /usr/share/puppet/rack/puppetmasterd/public

    <Directory /usr/share/puppet/rack/puppetmasterd/>
      Options None
      AllowOverride None
      # Apply the right behavior depending on Apache version.
      <IfVersion < 2.4>
        Order allow,deny
        Allow from all
      </IfVersion>
      <IfVersion >= 2.4>
        Require all granted
      </IfVersion>
    </Directory>

    ErrorLog /var/log/httpd/puppet-server.example.com_ssl_error.log
    CustomLog /var/log/httpd/puppet-server.example.com_ssl_access.log combined
</VirtualHost>

重启apache,到这里安装应该是完成了，到客户端执行puppet agent -t试下，结果抛出一堆错误，查看apahce错误日志，发现/bin/uname这个东西puppet没有执行权限，加上权限，再来。

message from application: Permission denied - /bin/uname (Errno::EACCES)

 chmod +x /bin/uname
 /etc/init.d/httpd restart

很不幸，依然报错，那就继续排错。花了不小力气，最后发现居然是/var/log/puppetlabs/puppetmaster这个路径没有建立导致。建好目录后，就一切ok了，最后附图一张。
这里写图片描述