puppet4 passenger布署

本文详细介绍如何在 CentOS 6.2 上使用 Puppet 4.3 配置 Apache 和 Passenger,包括安装 Apache、配置 Ruby 环境、安装 Passenger 及其依赖、配置 Puppet Master 的 Rack 应用及 Apache 虚拟主机等步骤。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

puppet4 passenger布署

本文参考自puppetlabs官方passenger布署文档,增加了一些细节的处理,比官方文档更详细。本文测试环境为centos6.2,puppet4.3。

安装apache

yum install httpd httpd-devel

卸载系统自带ruby

由于puppet4.3已经自带了2.1的ruby,可能会与系统自带版本冲突,所以卸载掉比较安全,免得ruby环境太混乱了。

yum remove ruby

将puppet下的bin目录加到PATH里去,再执行ruby -v看到的ruby版本就是puppet自带的版本了。

export PATH=$PATH:/opt/puppetlabs/puppet/bin
ruby -v         
ruby 2.1.7p400 (2015-08-18 revision 51632) [x86_64-linux]

用gem安装puppet代码

如果默认gem源用不了,就用http的源试下。

gem sources --remove https://rubygems.org/
gem sources -a http://rubygems.org/
gem install -V puppet -v 4.3.1

安装Rack/Passenger

注意,修改passenger-install-apache2-module的ruby路径为puppet自带ruby路径:/opt/puppetlabs/puppet/bin/ruby。

gem install -V rack passenger
vim /usr/bin/passenger-install-apache2-module
#!/opt/puppetlabs/puppet/bin/ruby 
passenger-install-apache2-module

将以下代码拷贝至apache配置文件里,不同的环境配置可能不同,按照passenger-install-apache2-module的提示来。最后回车就搞定了。

   LoadModule passenger_module /opt/puppetlabs/puppet/lib/ruby/gems/2.1.0/gems/passenger-5.0.27/buildout/apache2/mod_passenger.so
   <IfModule mod_passenger.c>
     PassengerRoot /opt/puppetlabs/puppet/lib/ruby/gems/2.1.0/gems/passenger-5.0.27
     PassengerDefaultRuby /opt/puppetlabs/puppet/bin/ruby
   </IfModule>

安装Puppet Master Rack

找到config.ru文件,这个文件应该在puppet代码下面,

# locate config.ru                                     
/opt/puppetlabs/puppet/lib/ruby/gems/2.1.0/gems/puppet-4.3.1/ext/rack/config.ru

然后给应用程序建目录,并把刚刚找到的config.ru文件拷贝过去,将config.ru属主权限改成puppet,

$ sudo mkdir -p /usr/share/puppet/rack/puppetmasterd
$ sudo mkdir /usr/share/puppet/rack/puppetmasterd/public /usr/share/puppet/rack/puppetmasterd/tmp
$ sudo cp /opt/puppetlabs/puppet/lib/ruby/gems/2.1.0/gems/puppet-4.3.1/ext/rack/config.ru /usr/share/puppet/rack/puppetmasterd/
$ sudo chown puppet:puppet /usr/share/puppet/rack/puppetmasterd/config.ru

最终目录结构如下:

# tree /usr/share/puppet
/usr/share/puppet
└── rack
    └── puppetmasterd
        ├── config.ru
        ├── public
        └── tmp

4 directories, 1 file

配置apache

在/etc/httpd/conf.d新建puppetmaster.conf文件,将下面内容拷贝进去。将SSL文件路径修改成自己的实际路径。

# You'll need to adjust the paths in the Passenger config depending on which OS
# you're using, as well as the installed version of Passenger.

# Debian/Ubuntu:
#LoadModule passenger_module /var/lib/gems/1.8/gems/passenger-4.0.x/ext/apache2/mod_passenger.so
#PassengerRoot /var/lib/gems/1.8/gems/passenger-4.0.x
#PassengerRuby /usr/bin/ruby1.8

# RHEL/CentOS:
#LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-4.0.x/ext/apache2/mod_passenger.so
#PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.x
#PassengerRuby /usr/bin/ruby

# And the passenger performance tuning settings:
# Set this to about 1.5 times the number of CPU cores in your master:
PassengerMaxPoolSize 12
# Recycle master processes after they service 1000 requests
PassengerMaxRequests 1000
# Stop processes if they sit idle for 10 minutes
PassengerPoolIdleTime 600

Listen 8140
<VirtualHost *:8140>
    # Make Apache hand off HTTP requests to Puppet earlier, at the cost of
    # interfering with mod_proxy, mod_rewrite, etc. See note below.
    PassengerHighPerformance On

    SSLEngine On

    # Only allow high security cryptography. Alter if needed for compatibility.
    SSLProtocol ALL -SSLv2 -SSLv3
    SSLCipherSuite EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
    SSLHonorCipherOrder     on

    SSLCertificateFile      /etc/puppetlabs/puppet/ssl/certs/puppet-server.example.com.pem
    SSLCertificateKeyFile   /etc/puppetlabs/puppet/ssl/private_keys/puppet-server.example.pem
    SSLCertificateChainFile /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem
    SSLCACertificateFile    /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem
    SSLCARevocationFile     /etc/puppetlabs/puppet/ssl/ca/ca_crl.pem
    SSLCARevocationCheck    chain
    SSLVerifyClient         optional
    SSLVerifyDepth          1
    SSLOptions              +StdEnvVars +ExportCertData

    # Apache 2.4 introduces the SSLCARevocationCheck directive and sets it to none
    # which effectively disables CRL checking. If you are using Apache 2.4+ you must
    # specify 'SSLCARevocationCheck chain' to actually use the CRL.

    # These request headers are used to pass the client certificate
    # authentication information on to the Puppet master process
    RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
    RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
    RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

    DocumentRoot /usr/share/puppet/rack/puppetmasterd/public

    <Directory /usr/share/puppet/rack/puppetmasterd/>
      Options None
      AllowOverride None
      # Apply the right behavior depending on Apache version.
      <IfVersion < 2.4>
        Order allow,deny
        Allow from all
      </IfVersion>
      <IfVersion >= 2.4>
        Require all granted
      </IfVersion>
    </Directory>

    ErrorLog /var/log/httpd/puppet-server.example.com_ssl_error.log
    CustomLog /var/log/httpd/puppet-server.example.com_ssl_access.log combined
</VirtualHost>

重启apache,到这里安装应该是完成了,到客户端执行puppet agent -t试下,结果抛出一堆错误,查看apahce错误日志,发现/bin/uname这个东西puppet没有执行权限,加上权限,再来。

message from application: Permission denied - /bin/uname (Errno::EACCES)

 chmod +x /bin/uname
 /etc/init.d/httpd restart

很不幸,依然报错,那就继续排错。花了不小力气,最后发现居然是/var/log/puppetlabs/puppetmaster这个路径没有建立导致。建好目录后,就一切ok了,最后附图一张。
这里写图片描述


评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值