Puppet扩展(一):纵向扩展Apache+Passenger
1、功能说明
puppet默认使用基于Ruby的WEBRickHTTP来处理HTTPS请求,
单个服务器使用Apache+Passenger替换掉WEBRickHTTP,
Passenger是用于将Ruby程序进行嵌入执行的Apache模块,
在安装前,首先至少要执行一次service puppetmaster start,生成本地证书
官方配置指南:https://docs.puppetlabs.com/guides/passenger.html
2、安装apache
| 1 | [root@puppet ~]# yum install -y httpd httpd-devel openssl mod_ssl ruby-devel libcurl-devel rubygems gcc |
前面已安装了apache,这里主要安装mod_ssl ruby-devel libcurl-devel三个。
3、安装passenger
| 1 2 | [root@puppet ~]# gem install rack passenger [root@puppet ~]# passenger-install-apache2-module |
直接回车
默认选择了Ruby,直接回车
检查需要安装的包,根据提示安装需要的软件包,再重新执行
| 1 | [root@puppet ~]# yum install libcurl-devel |
需要将此段写入passenger.conf中:
| 1 2 3 4 5 6 | [root@puppet ~]# vi /etc/httpd/conf.d/passenger.conf LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-4.0.53/buildout/apache2/mod_passenger.so <IfModule mod_passenger.c> PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.53 PassengerDefaultRuby /usr/bin/ruby </IfModule> |
继续回车完成,可以看到一个虚拟主机的配置样例。
4、配置rack
config.ru文件会告诉Rack如何生成puppet master进程
| 1 2 3 4 | [root@puppet ~]# cd /usr/share/puppet [root@puppet puppet]# mkdir -p rack/puppetmasterd/{public,tmp} [root@puppet puppet]# cp ext/rack/config.ru rack/puppetmasterd/ [root@puppet puppet]# chown puppet:puppet rack/puppetmasterd/config.ru |
5、配置passenger和vhost
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 | [root@puppet puppet]# cp ext/rack/example-passenger-vhost.conf /etc/httpd/conf.d/puppetmaster.conf [root@puppet puppet]# vi /etc/httpd/conf.d/puppetmaster.conf # This Apache 2 virtual host config shows how to use Puppet as a Rack # application via Passenger. See # http://docs.puppetlabs.com/guides/passenger.html for more information. # You can also use the included config.ru file to run Puppet with other Rack # servers instead of Passenger. # you probably want to tune these settings PassengerHighPerformance on PassengerMaxPoolSize 12 PassengerPoolIdleTime 1500 # PassengerMaxRequests 1000 PassengerStatThrottleRate 120 #RackAutoDetect Off #注释掉这行 #RailsAutoDetect Off #注释掉这行 Listen 8140 <VirtualHost *:8140> SSLEngine on SSLProtocol ALL -SSLv2 -SSLv3 SSLCipherSuite EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA SSLHonorCipherOrder on SSLCertificateFile /var/lib/puppet/ssl/certs/puppet.ewin.com.pem #修改路径和证书名称 SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet.ewin.com.pem #修改路径和证书名称 SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem #修改路径 SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem #修改路径 # If Apache complains about invalid signatures on the CRL, you can try disabling # CRL checking by commenting the next line, but this is not recommended. SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem #修改路径 # Apache 2.4 introduces the SSLCARevocationCheck directive and sets it to none # which effectively disables CRL checking; if you are using Apache 2.4+ you must # specify ‘SSLCARevocationCheck chain’ to actually use the CRL. # SSLCARevocationCheck chain SSLVerifyClient optional SSLVerifyDepth 1 # The `ExportCertData` option is needed for agent certificate expiration warnings SSLOptions +StdEnvVars +ExportCertData # This header needs to be set if using a loadbalancer or proxy RequestHeader unset X-Forwarded-For RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e DocumentRoot /usr/share/puppet/rack/puppetmasterd/public #修改路径 RackBaseURI / <Directory /usr/share/puppet/rack/puppetmasterd/> #修改路径 Options None AllowOverride None Order allow,deny allow from all </Directory> </VirtualHost> |
6、服务
| 1 2 3 4 | [root@puppet ~]# service puppetmaster stop [root@puppet ~]# service httpd restart [root@puppet ~]# chkconfig httpd on [root@puppet ~]# netstat -nlp | grep 8140 |
7、测试
(1)WEB网页访问测试
客户端修改IE设置,去掉标黄的勾:
使用IE浏览https://10.188.1.73:8140/
出现这一行表示配置成功,下一节配置Dashboard后就有内容了。
(2)linux客户端测试
| 1 | [root@zabbix ~]# puppet agent –server puppet.ewin.com –test |
没有报错,显示配置版本号及完成时间表示成功。
(3)puppet服务端测试
| 1 | [root@puppet ~]# tailf /var/log/httpd/access_log |
10.188.1.172是windows客户机ywzhou-pc:
10.188.1.103是linux客户机zabbix:
客户机发出HTTP GET请求,状态码200表示请求成功,再使用PUT请求提交了一个报告
1. 本站所有资源来源于用户上传和网络,因此不包含技术服务请大家谅解!如有侵权请邮件联系客服!10210454@qq.com
2. 本站不保证所提供所有下载的资源的准确性、安全性和完整性,资源仅供下载学习之用!如有链接无法下载、失效或广告,请联系客服处理,有奖励!
3. 您必须在下载后的24个小时之内,从您的电脑中彻底删除上述内容资源!如用于商业或者非法用途,与本站无关,一切后果请用户自负!
4. 如果您也有好的资源或教程,您可以投稿发布,成功分享后有RB奖励和额外RMB收入!
磊宇堂正在使用的服务器 维护管理由磊宇云服务器提供支持
磊宇堂 » Puppet扩展(一):纵向扩展Apache+Passenger
2. 本站不保证所提供所有下载的资源的准确性、安全性和完整性,资源仅供下载学习之用!如有链接无法下载、失效或广告,请联系客服处理,有奖励!
3. 您必须在下载后的24个小时之内,从您的电脑中彻底删除上述内容资源!如用于商业或者非法用途,与本站无关,一切后果请用户自负!
4. 如果您也有好的资源或教程,您可以投稿发布,成功分享后有RB奖励和额外RMB收入!
磊宇堂正在使用的服务器 维护管理由磊宇云服务器提供支持
磊宇堂 » Puppet扩展(一):纵向扩展Apache+Passenger
