发布于 2015-05-03 06:59:52 | 329 次阅读 | 评论: 0 | 来源: 网友投递

这里有新鲜出炉的精品教程，程序狗速度看过来！

Puppet 集中配置管理系统

puppet是一种Linux、Unix、windows平台的集中配置管理系统，使用自有的puppet描述语言，可管理配置文件、用户、cron任务、软件包、系统服务等。puppet把这些系统实体称之为资源，puppet的设计目标是简化对这些资源的管理以及妥善处理资源间的依赖关系。

---

    puppet使用SSL(https)协议来进行通讯，默认情况下，puppet server端使用基于Ruby的WEBRick HTTP服务器。由于WEBRick HTTP服务器在处理agent端的性能方面并不是很强劲，因此需要扩展puppet，搭建Apache或者其他web服务器来处理客户的https请 求。    

    Passenger是一个将Ruby程序嵌入执行的apache的一个模块,它可以让你运行Rails,即Rack应用内的一个Web服务器.能够自动增减集群进程的数量.能提高性能并增加Master和agent之间的并发连接数量。

工作原理如下:

    安装好apache和passenger,然后配置apache处理puppet agent的SSL验证请求,最后将apache连接到puppet master.在处理SSL验证请求时,apache会验证puppet agent的证书是否由puppet CA签发,apache 会先验证请求.如果授权通过,则调用master.同时,apache会提供给puppet agent一个证书用于验证服务器的真实性,再将SSL证书存放在适当的位置.打开passenger模块并为puppet master服务创建一个虚拟主机来配置apache.

下面来配置一番:

1.安装apache等相关组件

yum install httpd httpd-devel mod_ssl ruby-devel rubygems libcurl-devel

2.使用ruby gem安装passenger

更换gem镜像 使用淘宝源:

gem sources --remove http://rubygems.org/
gem sources -a http://ruby.taobao.org/
gem sources -l
*** CURRENT SOURCES ***

http://ruby.taobao.org/

gem install rack passenger        #安装passenger
passenger-install-apache2-module  #整合apache和passenger  按照相关提示解决依赖关系
安装过程会提示配置apache虚拟主机时需要增加passenger模块配置文件
LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-4.0.55/buildout/apache2/mod_passenger.so
<IfModule mod_passenger.c>
    PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.55
    PassengerDefaultRuby /usr/bin/ruby
</IfModule>

查看passengeroot目录.
[email protected]:~# passenger-config --root
/usr/lib/ruby/gems/1.8/gems/passenger-4.0.55 

3.配置apache和passenger

需 要在puppet master创建rack应用,创建一个目录用来存放config.ru配置文件,并创建一个虚拟主机配置文件.rack为web服务器提供了用来和 puppet服务交换请求和响应的一些常用API.Rack适用于Ruby类的HTTP服务,可以用于多台服务器之间部署服务.

创建rack框架目录,拷贝配置文件,赋予puppet权限.

mkdir -p /etc/puppet/rack/puppetmaster/{public,tmp}
cp /usr/share/puppet/ext/rack/config.ru /etc/puppet/rack/puppetmaster/
chown puppet. /etc/puppet/rack/puppetmaster/config.ru

配置apache虚拟主机文件:

cp /usr/share/puppet/ext/rack/example-passenger-vhost.conf  /etc/httpd/conf.d/puppet.domain.com.conf
vim /etc/httpd/conf.d/puppet.domain.com.conf

# This Apache 2 virtual host config shows how to use Puppet as a Rack
# application via Passenger. See
# http://docs.puppetlabs.com/guides/passenger.html for more information.


# You can also use the included config.ru file to run Puppet with other Rack
# servers instead of Passenger.


LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-4.0.55/buildout/apache2/mod_passenger.so
<IfModule mod_passenger.c>
    PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.55
    PassengerDefaultRuby /usr/bin/ruby
    # you probably want to tune these settings
    PassengerHighPerformance on
    PassengerMaxPoolSize 12
    PassengerPoolIdleTime 1500
    # PassengerMaxRequests 1000
    PassengerStatThrottleRate 120
#    RackAutoDetect Off
#    RailsAutoDetect Off
</IfModule>


Listen 8140


<VirtualHost *:8140>
        SSLEngine on
        SSLProtocol             ALL -SSLv2 -SSLv3
        SSLCipherSuite          EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
        SSLHonorCipherOrder     on


        SSLCertificateFile      /var/lib/puppet/ssl/certs/puppet.domain.com.pem
        SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/puppet.domain.com.pem
        SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
        SSLCACertificateFile    /var/lib/puppet/ssl/ca/ca_crt.pem
        # If Apache complains about invalid signatures on the CRL, you can try disabling
        # CRL checking by commenting the next line, but this is not recommended.
        SSLCARevocationFile     /var/lib/puppet/ssl/ca/ca_crl.pem
        # Apache 2.4 introduces the SSLCARevocationCheck directive and sets it to none
        # which effectively disables CRL checking; if you are using Apache 2.4+ you must
        # specify ‘SSLCARevocationCheck chain‘ to actually use the CRL.
        # SSLCARevocationCheck chain
        SSLVerifyClient optional
        SSLVerifyDepth  1
        # The `ExportCertData` option is needed for agent certificate expiration warnings
        SSLOptions +StdEnvVars +ExportCertData


        # This header needs to be set if using a loadbalancer or proxy
        RequestHeader unset X-Forwarded-For


        RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
        RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
        RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e


        DocumentRoot /etc/puppet/rack/puppetmaster/public/
        RackBaseURI /
        <Directory /etc/puppet/rack/puppetmaster/>
                Options None
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>
</VirtualHost>

检查配置
[email protected]:~# service httpd configtest
Syntax OK  启动apache
[email protected]:~# /etc/init.d/httpd start
检测端口及进程
[email protected]:~# netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 0.0.0.0:22000               0.0.0.0:*                   LISTEN      811/sshd            
tcp        0      0 127.0.0.1:55939             0.0.0.0:*                   LISTEN      15291/Passenger Rac 
tcp        0      0 :::8140                     :::*                        LISTEN      15234/httpd         
tcp        0      0 :::80                       :::*                        LISTEN      15234/httpd         
tcp        0      0 :::22000                    :::*                        LISTEN      811/sshd            
tcp        0      0 :::443                      :::*                        LISTEN      15234/httpd

4.客户测试:

[email protected]:~# puppet agent --test 
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for agent.domain.com
Info: Applying configuration version ‘1418805297‘
Notice: Finished catalog run in 0.36 seconds

5.查看passenger状态

[email protected]:~# passenger-status
Version : 4.0.55
Date    : Wed Dec 17 17:24:28 +0800 2014
Instance: 15234
----------- General information -----------
Max pool size : 12
Processes     : 1
Requests in top-level queue : 0

----------- Application groups -----------
/etc/puppet/rack/puppetmaster#default:
  App root: /etc/puppet/rack/puppetmaster
  Requests in queue: 0
  * PID: 15291   Sessions: 0       Processed: 62      Uptime: 49m 35s
    CPU: 0%      Memory  : 85M     Last used: 1m 24s ago

[email protected]:~# passenger-memory-stats 
Version: 4.0.55
Date   : Wed Dec 17 17:24:32 +0800 2014

---------- Apache processes ----------
PID    PPID   VMSize    Private  Name
--------------------------------------
15234  1      203.0 MB  0.4 MB   /usr/sbin/httpd
15254  15234  203.3 MB  0.5 MB   /usr/sbin/httpd
15255  15234  203.3 MB  0.5 MB   /usr/sbin/httpd
15256  15234  203.3 MB  0.5 MB   /usr/sbin/httpd
15257  15234  203.3 MB  0.5 MB   /usr/sbin/httpd
15258  15234  203.3 MB  0.5 MB   /usr/sbin/httpd
15259  15234  203.3 MB  0.5 MB   /usr/sbin/httpd
15260  15234  203.3 MB  0.5 MB   /usr/sbin/httpd
15261  15234  203.3 MB  0.5 MB   /usr/sbin/httpd
### Processes: 9
### Total private dirty RSS: 4.27 MB


-------- Nginx processes --------

### Processes: 0
### Total private dirty RSS: 0.00 MB


----- Passenger processes -----
PID    VMSize    Private  Name
-------------------------------
15236  211.6 MB  0.3 MB   PassengerWatchdog
15239  564.9 MB  0.7 MB   PassengerHelperAgent
15244  210.5 MB  0.8 MB   PassengerLoggingAgent
15291  190.6 MB  85.4 MB  Passenger RackApp: /etc/puppet/rack/puppetmaster
### Processes: 4
### Total private dirty RSS: 87.20 MB