puppetmaster默认使用的是ruby自带的web服务器WEBRick,它太过简陋,无法满足puppet客户端成百上千的并发,apache成熟稳定、功能强大,这里用apache替换WEBRick。步骤如下
禁用selinux ,修改/etc/selinux/config
SELINUX=disabled
(必须果断禁用selinux,我测试好久没成功都怪它捣鬼。方法有很多,在grub内核启动参数后加selinux=0 也可)
用puppet的方式安装apache 和 mod_ssl (等效于yum install)
# puppet resource package httpd ensure=present # puppet resource package mod_ssl ensure=present # puppet resource service httpd ensure=stopped1、安装passenger
passenger是一套apache的ruby模块,工作方式跟mod_php差不多
# rpm -Uvh
# yum install mod_passenger --enablerepo=epel
httpd的配置文件
# cp /usr/share/puppet/ext/rack/files/apache2.conf /etc/httpd/conf.d/rack.conf
很不幸,这里的配置文件是给debian/Ubuntu用的,需要修正一些设置,譬如ssl路径为/var/lib/puppet/ssl
还有两行要注意,证书名字需要替换,否则httpd报错文件不存在,无法启动httpd。
将
SSLCertificateFile /etc/puppet/ssl/certs/squigley.namespace.at.pem
SSLCertificateKeyFile /etc/puppet/ssl/private_keys/squigley.namespace.at.pem
替换成
SSLCertificateFile /var/lib/puppet/ssl/certs/puppet.test.org.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet.test.org.pem
2、建立httpd虚拟主机的根目录,/etc/puppet/rack
# mkdir -p /etc/puppet/rack/{public,tmp}
# cp /usr/share/puppet/ext/rack/files/config.ru /etc/puppet/rack/
# chown puppet:puppet /etc/puppet/rack/config.ru
(config.ru 文件为触发apache调用puppetmaster )
3、测试成功
# chkconfig puppetmaster off
# chkconfig httpd on
# service httpd start
# puppet agent --test
info: Caching catalog for apache01.test.org
info: Applying configuration version '1343463477'
notice: Finished catalog run in 0.02 seconds
(补充说明,8140端口被apache占据,因此puppetmaster应该禁用。 )