代码改变世界

Puppet install with nginx unicorn

2014-09-24 17:15  陈尚华  阅读(381)  评论(0编辑  收藏  举报

主机配置:

主机名                 IP(Static)                        系统                                           配置                      角色

puppetserver     192.168.20.20       CentOS-6.5-x86_64-minimal           2CPU,2G,50G,1网卡        server

puppetclient       192.168.20.21       CentOS-6.5-x86_64-minimal           2CPU,2G,50G,1网卡        agent


puppetserver:


1.puppet安装:

(1).配置hosts文件:

[root@puppetserver ~]# vi /etc/hosts

1
2
3
4
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.20.20   puppetserver.chensh.net
192.168.20.21   puppetclient.chensh.net


(2).添加yum源:

添加epel源:

[root@puppetserver ~]# rpm -Uvh http://mirrors.sohu.com/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm

添加puppet源:

[root@puppetserver ~]# rpm -Uvh http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-11.noarch.rpm

(3).安装puppet-server:

[root@puppetserver ~]# yum -y install puppet-server

(4).开启puppet服务:

[root@puppetserver ~]# chkconfig puppetmaster on

[root@puppetserver ~]# service puppetmaster start

(5).打开防火墙puppet端口:

[root@puppetserver ~]# iptables -I INPUT -p tcp --dport 8140 -j ACCEPT

(6).编辑puppet.conf文件:

[root@puppetserver ~]# vi /etc/puppet/puppet.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
[main]
    # The Puppet log directory.
    # The default value is '$vardir/log'.
    logdir = /var/log/puppet
    
    # Where Puppet PID files are kept.
    # The default value is '$vardir/run'.
    rundir = /var/run/puppet
    
    # Where SSL certificates are kept.
    # The default value is '$confdir/ssl'.
    ssldir = $vardir/ssl
    server = puppetserver.chensh.net
    
[agent]
    # The file in which puppetd stores a list of the classes
    # associated with the retrieved configuratiion.  Can be loaded in
    # the separate ``puppet`` executable using the ``--loadclasses``
    # option.
    # The default value is '$confdir/classes.txt'.
    classfile = $vardir/classes.txt
    
    # Where puppetd caches the local configuration.  An
    # extension indicating the cache format is added automatically.
    # The default value is '$confdir/localconfig'.
    localconfig = $vardir/localconfig

2.Unicron安装:

(1).安装ruby、gcc....2.安装Unicron:

[root@puppetserver ~]# yum install make gcc ruby-devel

(2).安装unicron gem:

[root@puppetserver ~]# gem install unicorn rack

(3).安装拷贝config.ru:

[root@puppetserver ~]# cp -a /usr/share/puppet/ext/rack/config.ru /etc/puppet/

(4).配置unicron:

[root@puppetserver ~]# vi /etc/puppet/unicorn.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
worker_processes 8
    working_directory "/etc/puppet"
    listen '/var/run/puppet/puppetmaster_unicorn.sock', :backlog => 512
    timeout 120
    pid "/var/run/puppet/puppetmaster_unicorn.pid"
    
    preload_app true
    if GC.respond_to?(:copy_on_write_friendly=)
      GC.copy_on_write_friendly = true
    end
    
    before_fork do |server, worker|
      old_pid = "#{server.config[:pid]}.oldbin"
      if File.exists?(old_pid) && server.pid != old_pid
        begin
          Process.kill("QUIT", File.read(old_pid).to_i)
        rescue Errno::ENOENT, Errno::ESRCH
          # someone else did our job for us
        end
      end
    end

[root@puppetserver ~]# cd /etc/puppet ; unicorn -c unicorn.conf

(5).测试unicron运行:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
I, [2014-09-24T15:04:20.961549 #2597]  INFO -- : Refreshing Gem list
I, [2014-09-24T15:04:28.543382 #2597]  INFO -- : listening on addr=/var/run/puppet/puppetmaster_unicorn.sock fd=6
I, [2014-09-24T15:04:28.546960 #2613]  INFO -- : worker=0 spawned pid=2613
I, [2014-09-24T15:04:28.549920 #2614]  INFO -- : worker=1 spawned pid=2614
I, [2014-09-24T15:04:28.551218 #2614]  INFO -- : worker=1 ready
I, [2014-09-24T15:04:28.552271 #2613]  INFO -- : worker=0 ready
I, [2014-09-24T15:04:28.553906 #2615]  INFO -- : worker=2 spawned pid=2615
I, [2014-09-24T15:04:28.557229 #2615]  INFO -- : worker=2 ready
I, [2014-09-24T15:04:28.559693 #2617]  INFO -- : worker=4 spawned pid=2617
I, [2014-09-24T15:04:28.558096 #2616]  INFO -- : worker=3 spawned pid=2616
I, [2014-09-24T15:04:28.563467 #2616]  INFO -- : worker=3 ready
I, [2014-09-24T15:04:28.565033 #2617]  INFO -- : worker=4 ready
I, [2014-09-24T15:04:28.567443 #2618]  INFO -- : worker=5 spawned pid=2618
I, [2014-09-24T15:04:28.568785 #2618]  INFO -- : worker=5 ready
I, [2014-09-24T15:04:28.569673 #2619]  INFO -- : worker=6 spawned pid=2619
I, [2014-09-24T15:04:28.571586 #2620]  INFO -- : worker=7 spawned pid=2620
I, [2014-09-24T15:04:28.572643 #2597]  INFO -- : master process ready
I, [2014-09-24T15:04:28.573672 #2619]  INFO -- : worker=6 ready
I, [2014-09-24T15:04:28.574437 #2620]  INFO -- : worker=7 ready
Ctrl+C 退出;


(6).添加Unicron启停脚本:

[root@puppetserver ~]# vi /etc/init.d/puppets-unicron

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
#!/bin/bash
# unicorn-puppet
lockfile=/var/lock/puppetmaster-unicorn
pidfile=/var/run/puppet/puppetmaster_unicorn.pid
    
RETVAL=0
DAEMON=/usr/bin/unicorn
DAEMON_OPTS="-D -c /etc/puppet/unicorn.conf"
    
    
start() {
    sudo -u $USER $DAEMON $DAEMON_OPTS
    RETVAL=$?
    [ $RETVAL -eq 0 ] && touch "$lockfile"
    echo
    return $RETVAL
}
    
stop() {
    sudo -u $USER kill `cat $pidfile`
    RETVAL=$?
    echo
    [ $RETVAL -eq 0 ] && rm -f "$lockfile"
    return $RETVAL
}
    
restart() {
    stop
    sleep 1
    start
    RETVAL=$?
    echo
    [ $RETVAL -ne 0 ] && rm -f "$lockfile"
    return $RETVAL
}
    
condrestart() {
    status
    RETVAL=$?
    [ $RETVAL -eq 0 ] && restart
}
    
status() {
    ps ax | egrep -q "unicorn (worker|master)"
    RETVAL=$?
    return $RETVAL
}
    
usage() {
    echo "Usage: $0 {start|stop|restart|status|condrestart}" >&2
    return 3
}
    
case "$1" in
    start)
        start
        ;;
    stop)
        stop
        ;;
    restart)
        restart
        ;;
    condrestart)
        condrestart
        ;;
    status)
        status
        ;;
    *)
        usage
        ;;
esac
    
exit $RETVAL


(7).修改puppets-unicron执行权限:

[root@puppetserver ~]# chmod 755 /etc/init.d/puppets-unicron

(8).启动puppets-unicron服务

[root@puppetserver ~]# /etc/init.d/puppets-unicron start

(9).确认puppets-unicron运行状态

[root@puppetserver ~]# ps -ef | grep unicron

1
2
3
4
5
6
7
8
9
10
puppet    2628     1  0 15:06 ?        00:00:01 unicorn master -D -c /etc/puppet/unicorn.conf              
puppet    2636  2628  0 15:06 ?        00:00:00 unicorn worker[0] -D -c /etc/puppet/unicorn.conf           
puppet    2637  2628  0 15:06 ?        00:00:00 unicorn worker[1] -D -c /etc/puppet/unicorn.conf           
puppet    2638  2628  0 15:06 ?        00:00:00 unicorn worker[2] -D -c /etc/puppet/unicorn.conf           
puppet    2639  2628  0 15:06 ?        00:00:00 unicorn worker[3] -D -c /etc/puppet/unicorn.conf           
puppet    2640  2628  0 15:06 ?        00:00:00 unicorn worker[4] -D -c /etc/puppet/unicorn.conf           
puppet    2641  2628  0 15:06 ?        00:00:00 unicorn worker[5] -D -c /etc/puppet/unicorn.conf           
puppet    2642  2628  0 15:06 ?        00:00:00 unicorn worker[6] -D -c /etc/puppet/unicorn.conf           
puppet    2643  2628  0 15:06 ?        00:00:00 unicorn worker[7] -D -c /etc/puppet/unicorn.conf           
root      2767  1492  0 15:28 pts/1    00:00:00 grep unicron

3.Nginx安装:

(1).yum nginx:

[root@puppetserver ~]# yum -y install nginx

(2).配置nginx:

[root@puppetserver ~]# vi /etc/nginx/nginx.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/
   
user              nginx;
worker_processes  8;
   
error_log  /var/log/nginx/error.log;
#error_log  /var/log/nginx/error.log  notice;
#error_log  /var/log/nginx/error.log  info;
   
pid        /var/run/nginx.pid;
   
   
events {
    worker_connections  1024;
}
   
   
http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
   
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
   
    access_log  /var/log/nginx/access.log  main;
   
    sendfile        on;
    #tcp_nopush     on;
   
    #keepalive_timeout  0;
    keepalive_timeout  65;
   
    #gzip  on;
       
    # Load config files from the /etc/nginx/conf.d directory
    # The default server is in conf.d/default.conf
    include /etc/nginx/conf.d/*.conf;
   
}

[root@puppetserver ~]# vi /etc/nginx/conf.d/puppets-unicorn.conf

 [root@puppetserver ~]# mv /etc/nginx/conf.d/default.conf  /etc/nginx/conf.d/default.conf_bak

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
upstream puppetmaster_unicorn {
    server unix:/var/run/puppet/puppetmaster_unicorn.sock fail_timeout=0;
}
   
server {
    listen 8140;
   
    ssl on;
    ssl_session_timeout 5m;
    ssl_certificate /var/lib/puppet/ssl/certs/puppetserver.pem;
    ssl_certificate_key /var/lib/puppet/ssl/private_keys/puppetserver.pem;
    ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem;
    ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA;
    ssl_verify_client optional;
   
    root /usr/share/empty;
   
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Client-Verify $ssl_client_verify;
    proxy_set_header X-Client-DN $ssl_client_s_dn;
    proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
    proxy_read_timeout 120;
   
    location / {
        proxy_pass http://puppetmaster_unicorn;
        proxy_redirect off;
    }
}

(3).启动nginx服务:

[root@puppetserver ~]# service nginx start


Puppetclient


1.puppet安装:

(1).配置hosts文件:

[root@puppetserver ~]# vi /etc/hosts

1
2
3
4
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.20.20   puppetserver.chensh.net
192.168.20.21   puppetclient.chensh.net


(2).添加yum源:

添加epel源:

[root@puppetclient ~]# rpm -Uvh http://mirrors.sohu.com/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm

添加puppet源:

[root@puppetclient ~]# rpm -Uvh http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-11.noarch.rpm

(3).安装puppet-server:

[root@puppetclient ~]# yum -y install puppet

(4).配置puppet.conf

[root@puppetclient ~]# vi /etc/puppet/puppet.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
[main]
    # The Puppet log directory.
    # The default value is '$vardir/log'.
    logdir = /var/log/puppet
   
    # Where Puppet PID files are kept.
    # The default value is '$vardir/run'.
    rundir = /var/run/puppet
   
    # Where SSL certificates are kept.
    # The default value is '$confdir/ssl'.
    ssldir = $vardir/ssl
   
[agent]
    # The file in which puppetd stores a list of the classes
    # associated with the retrieved configuratiion.  Can be loaded in
    # the separate ``puppet`` executable using the ``--loadclasses``
    # option.
    # The default value is '$confdir/classes.txt'.
    classfile = $vardir/classes.txt
   
    # Where puppetd caches the local configuration.  An
    # extension indicating the cache format is added automatically.
    # The default value is '$confdir/localconfig'.
    localconfig = $vardir/localconfig
    server = puppetserver.chensh.net

[root@puppetclient ~]# chkconfig puppet on

(5).开启puppet服务:

[root@puppetclient ~]# service puppet start


测试

[root@puppetclient ~]# puppet agent --test

[root@puppetserver ~]# puppet cert --list

[root@puppetserver ~]# puppet cert sign all


其他:

puppet配置项说明:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
[main]
  #指定了puppet服务端的地址
    server = master.puppet.lightcloud.cn
    #是否实时刷新日志到磁盘
    autoflush = false
    #日志目录
    logdir = /var/log/puppet
    #puppet进程pid文件存放目录,使用守护进程运行时,需要这个文件
    rundir = /var/run/puppet
   
[master]
  #保存客户端上传自身信息的文件存储目录,每个节点会有一个单独的目录,客户端的每次执行会生成一个以日期+时间命名yaml文件
    reportdir = /var/lib/puppet/reports
    #在客户第一次链接服务端的时候,需要服务端签名(相当于确认),服务端对客户端的识别是通过名字来确
    #认的,在这个文件中的名字,可以被服务端自动签名(确认),支持正则匹配,内容类似这样:
    #test.lightcloud.cn
  #*.puppet.lightcloud.cn
    autosign = /etc/puppet/autosign.conf
    #puppetmaster服务端监听地址
    bindaddress = 0.0.0.0
    #puppetmaster服务端监听端口
    masterport = 8140
    #是否记录客户端对
    evaltrace = true
   
[agent]
  #客户端的名字
    certname = client.puppet.lightcloud.cn
    #是否后台运行
    daemonize = true
    #是否允许证书自动覆盖,默认是不允许的,每个证书的有效期为5
    allow_duplicate_certs = true
    #是否上传客户端对resouces的执行结果
    report = true
    #上传的方式,在有puppet的dashboard时需要这个
    reports = store, http
    #store上传是的地址
    report_server =  master.puppet.lightcloud.cn
    #store上传是的端口
    report_port = 8140
    #http上传时的地址,按照puppet的dashboard时需要这个
    reporturl = http://172.58.0.68:3000/reports/upload
    #客户端执行间隔(20分钟)
    runinterval = 20m
    #是否在执行时间上另加一个随机时间(0到最大随机时间之间的一个整数值)
    splay = true
    #加的随之时间的最大长度
    splaylimit = 10m
    #客户端获取配置超时时间
    configtimeout = 2m
    #日志记录是是否加颜色
    color = ansi
    #是否忽略本地缓存
    ignorecache = true