[root@test conf.d]# yum install mod_passenger rubygem-rake.noarch
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
省略
Installed:
mod_passenger.x86_64 0:4.0.18-9.6.el6 rubygem-rake.noarch 0:0.8.7-2.1.el6
Dependency Installed:
rubygem-passenger.x86_64 0:4.0.18-9.6.el6 rubygem-passenger-native.x86_64 0:4.0.18-9.6.el6
rubygem-passenger-native-libs.x86_64 0:4.0.18-9.6.el6
Complete!
[root@test conf.d]#
[root@test conf.d]# ll /etc/httpd/conf.d/
total 32
-rw-r--r--. 1 root root 807 Nov 13 18:27 passenger.conf
-rw-r--r--. 1 root root 674 Sep 30 13:59 php.conf
-rw-r--r--. 1 root root 392 Apr 4 2014 README
-rw-r--r--. 1 root root 9473 Mar 20 2014 ssl.conf
-rw-r--r--. 1 root root 299 Mar 20 2014 welcome.conf
-rw-r--r--. 1 root root 1116 Aug 28 14:56 zabbix.conf
[root@test conf.d]#
[root@test conf.d]# cat puppetmaster_01.conf
#很多目录需要自己创建
Listen 8140
<VirtualHost *:8140>
SSLEngine On
# Only allow high security cryptography. Alter if needed for compatibility.
SSLProtocol All -SSLv2
SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP
SSLCertificateFile /var/lib/puppet/ssl/certs/test.145.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/test.145.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars +ExportCertData
# These request headers are used to pass the client certificate
# authentication information on to the puppet master process
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
#puppet 2.7.x 开启会报错
#RackAutoDetect On
DocumentRoot /etc/puppet/rack/puppetmaster/public/
<Directory /etc/puppet/rack/puppetmaster/ >
Options None
AllowOverride None
Order Allow,Deny
Allow from All
</Directory>
</VirtualHost>
[root@test conf.d]#
[root@test conf.d]# /etc/init.d/puppetmaster stop
Stopping puppetmaster: [ OK ]
[root@test conf.d]# /etc/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
[root@test conf.d]# netstat -ltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 test.145:6379 *:* LISTEN 5992/redis-server
tcp 0 0 *:35824 *:* LISTEN 26345/beam
tcp 0 0 *:epmd *:* LISTEN 2294/epmd
tcp 0 0 *:ssh *:* LISTEN 1066/sshd
tcp 0 0 localhost:ipp *:* LISTEN 1032/cupsd
tcp 0 0 test.145:ddi-tcp-1 *:* LISTEN 22921/./bin/mongod
tcp 0 0 *:zabbix-trapper *:* LISTEN 5612/zabbix_server
tcp 0 0 *:mysql *:* LISTEN 5860/mysqld
tcp 0 0 *:8140 *:* LISTEN 31224/httpd
tcp 0 0 *:http *:* LISTEN 31224/httpd
tcp 0 0 *:ssh *:* LISTEN 1066/sshd
tcp 0 0 ::1:ipp *:* LISTEN 1032/cupsd
tcp 0 0 *:https *:* LISTEN 31224/httpd
tcp 0 0 *:zabbix-trapper *:* LISTEN 5612/zabbix_server
tcp 0 0 *:amqp *:* LISTEN 26345/beam
[root@test conf.d]# netstat -ltnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 10.210.71.145:6379 0.0.0.0:* LISTEN 5992/redis-server
tcp 0 0 0.0.0.0:35824 0.0.0.0:* LISTEN 26345/beam
tcp 0 0 0.0.0.0:4369 0.0.0.0:* LISTEN 2294/epmd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1066/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1032/cupsd
tcp 0 0 10.210.71.145:8888 0.0.0.0:* LISTEN 22921/./bin/mongod
tcp 0 0 0.0.0.0:10051 0.0.0.0:* LISTEN 5612/zabbix_server
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 5860/mysqld
tcp 0 0 :::8140 :::* LISTEN 31224/httpd
tcp 0 0 :::80 :::* LISTEN 31224/httpd
tcp 0 0 :::22 :::* LISTEN 1066/sshd
tcp 0 0 ::1:631 :::* LISTEN 1032/cupsd
tcp 0 0 :::443 :::* LISTEN 31224/httpd
tcp 0 0 :::10051 :::* LISTEN 5612/zabbix_server
tcp 0 0 :::5672 :::* LISTEN 26345/beam
[root@test conf.d]#
[root@test conf.d]# cat /etc/puppet/manifests/site.pp
node default {
file {
"/tmp/hello_puppet":
content=>"hello_puppet nice to meet you,come from apache\n";
}
}
[root@test conf.d]# hostname
test.145
[root@test conf.d]#
[root@test ~]# puppetd --test
notice: Ignoring --listen on onetime run
info: Caching catalog for test.144
info: Applying configuration version '1417611731'
notice: /Stage[main]//Node[default]/File[/tmp/hello_puppet]/content:
--- /tmp/hello_puppet 2014-12-03 15:24:45.048201779 +0800
+++ /tmp/puppet-file20141203-13556-49sc5r-0 2014-12-03 21:02:12.653200583 +0800
@@ -1 +1 @@
-hello_puppet nice to meet you
\ No newline at end of file
+hello_puppet nice to meet you,come from apache
info: FileBucket adding {md5}6152d048657a8a30d6894b3a6f164657
info: /Stage[main]//Node[default]/File[/tmp/hello_puppet]: Filebucketed /tmp/hello_puppet to puppet with sum 6152d048657a8a30d6894b3a6f164657
notice: /Stage[main]//Node[default]/File[/tmp/hello_puppet]/content: content changed '{md5}6152d048657a8a30d6894b3a6f164657' to '{md5}918e67eed208f028b587e70fb21949ed'
notice: Finished catalog run in 0.17 seconds
[root@test ~]# cat /tmp/hello_puppet
hello_puppet nice to meet you,come from apache
[root@test ~]# hostname
test.144
[root@test ~]#
[root@test conf.d]# cd /var/lib/puppet/ssl/ca/signed/
[root@test signed]# ll
total 8
-rw-r-----. 1 puppet puppet 1891 Dec 3 15:10 test.143.pem
-rw-r-----. 1 puppet puppet 1891 Dec 3 20:35 test.144.pem
[root@test signed]# rm -rf test.144.pem
[root@test signed]# pwd
/var/lib/puppet/ssl/ca/signed
[root@test signed]# ll
total 4
-rw-r-----. 1 puppet puppet 1891 Dec 3 15:10 test.143.pem
[root@test signed]#
[root@test puppet]# pwd
/etc/puppet
[root@test puppet]# cd /var/lib/puppet/
[root@test puppet]# ll
total 32
-rw-r----- 1 root root 17 Dec 3 21:02 classes.txt
drwxr-x--- 3 root root 4096 Dec 3 21:02 clientbucket
drwxr-x--- 2 root root 4096 Dec 3 20:35 client_data
drwxr-x--- 3 root root 4096 Dec 3 20:35 client_yaml
drwxr-xr-x 2 root root 4096 Dec 3 20:35 facts
drwxr-xr-x 2 root root 4096 Dec 3 20:35 lib
drwxrwx--x 7 puppet root 4096 Dec 3 20:35 ssl
drwxr-xr-t 3 root root 4096 Dec 3 21:02 state
[root@test puppet]# /etc/init.d/puppet stop
Stopping puppet: [ OK ]
[root@test puppet]# rm -rf *
[root@test puppet]# pwd
/var/lib/puppet
[root@test puppet]# hostname
test.144
[root@test puppet]#
[root@test puppet]# hostname
test.144
[root@test puppet]# /etc/init.d/puppet start
Starting puppet: [ OK ]
[root@test puppet]# ll
total 28
drwxr-x--- 2 root root 4096 Dec 4 10:48 clientbucket
drwxr-x--- 2 root root 4096 Dec 4 10:48 client_data
drwxr-x--- 2 root root 4096 Dec 4 10:48 client_yaml
drwxr-xr-x 2 root root 4096 Dec 4 10:48 facts
drwxr-xr-x 2 root root 4096 Dec 4 10:48 lib
drwxrwx--x 7 puppet root 4096 Dec 4 10:48 ssl
drwxr-xr-t 3 root root 4096 Dec 4 10:48 state
[root@test signed]# puppetca --list --all
"test.144" (7C:14:91:F7:D7:5A:5B:6B:F2:2B:CE:16:C3:C6:02:E0)
+ "test.143" (D9:D5:89:D3:32:2C:CB:9D:50:F5:24:60:97:F5:C7:D7)
[root@test signed]# puppetca -s -a
notice: Signed certificate request for test.144
notice: Removing file Puppet::SSL::CertificateRequest test.144 at '/var/lib/puppet/ssl/ca/requests/test.144.pem'
[root@test signed]# puppetca --list --all
+ "test.143" (D9:D5:89:D3:32:2C:CB:9D:50:F5:24:60:97:F5:C7:D7)
+ "test.144" (D7:D4:F0:DD:C9:3E:A2:C6:3A:57:65:A7:3F:14:E6:3B)
[root@test signed]#
OK 目前ssl 握手也是完成了。
2.前端配置nginx做负载,后端配置多个Apache。(后续会有相关文章)
-----------------------update--------------------------------
568 yum install httpd httpd-devel mod_ssl ruby-devel rubygems gcc
569 yum install mod_passenger rubygem-rake.noarch
570 history
571 sudo curl --fail -sSLo /etc/yum.repos.d/passenger.repo https://oss-binaries.phusionpassenger.com/yum/definitions/el-passenger.repo
572 yum install mod_passenger rubygem-rake.noarch
573 cd /etc/httpd/
574 ll
575 cd conf.d/
576 ll
577 cp passenger.conf passenger_01.conf
578 cat passenger_01.conf
579 ll
580 >passenger_01.conf
581 vim passenger_01.conf
582 ll /etc/puppet/rack/puppetmaster/public/
583 sudo mkdir -p /usr/share/puppet/rack/puppetmasterd
584 sudo mkdir /usr/share/puppet/rack/puppetmasterd/public /usr/share/puppet/rack/puppetmasterd/tmp
585 sudo cp /usr/share/puppet/ext/rack/config.ru /usr/share/puppet/rack/puppetmasterd/
586 sudo chown puppet:puppet /usr/share/puppet/rack/puppetmasterd/config.ru
587 vim passenger_01.conf
588 /etc/init.d/puppetmaster stop
589 /etc/init.d/httpd restart
590 vim /etc/httpd/conf.d/passenger_01.conf +1
591 /etc/init.d/httpd restart
592 vim /etc/httpd/conf.d/passenger_01.conf +1
593 /etc/init.d/httpd restart
594 /etc/init.d/nginx stop
595 /etc/init.d/httpd restart
596 netstat -lntp
597 netstat -ltp
598 history
599 puppet kick -d --host hadoop00
600 cd /etc/puppet/modules/apache/manifests/
601 ll
602 vim service.pp
603 puppet kick -d --host hadoop00
[root@hadoop01 manifests]# cat /etc/httpd/conf.d/passenger_01.conf
Listen 8140
<VirtualHost *:8140>
SSLEngine On
# Only allow high security cryptography. Alter if needed for compatibility.
SSLProtocol All -SSLv2
SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP
SSLCertificateFile /var/lib/puppet/ssl/certs/hadoop01.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/hadoop01.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars +ExportCertData
# These request headers are used to pass the client certificate
# authentication information on to the puppet master process
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
#puppet 2.7.x 开启会报错
#RackAutoDetect On
#DocumentRoot /etc/puppet/rack/puppetmaster/public/
DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
<Directory /usr/share/puppet/rack/puppetmasterd/ >
Options None
AllowOverride None
Order Allow,Deny
Allow from All
</Directory>
</VirtualHost>
[root@hadoop01 manifests]#
参考链接 :
http://www.cnblogs.com/yuxc/p/3916726.html
http://www.6tech.org/2013/01/how-to-install-puppet-open-source-on-centos-6-3/