Foreman Architecture:
This paper mainly describes the construction of foreman, and integration into the nginx process
Environment Description:
CentOS 5.8 x86_64
Puppet version:3.1.1
Master hostname:server.domain.com
Client hostname:client.test.com
1,puppet,nginx environment is installed by the previous article Puppet,nginx,ruby, etc. 2, configure Yum source # RPM-IVH Http://yum.theforeman.org/releas es/1.1/el5/x86_64/foreman-release-1.1stable-3.el5.noarch.rpm 3, install Foreman,foreman-proxy # yum-y install F
Oreman-installer # ruby/usr/share/foreman-installer/generate_answers.rb Input three times y # yum install Ruby-mysql # yum-y Install foreman Foreman-proxy # chown foreman.foreman-r/usr/share/foreman # su-foreman-s/bin/bas H-c/usr/share/foreman/extras/dbmigrate # vim/usr/share/foreman/config/database.yml original file for Sqllite configuration, here to MySQL as ================================================= production:adapter:mysql for database storage Database:pupp ET username:puppet password:puppet host:localhost socket: "/tmp/mysql.sock" ==============
=================================== mysql> Create database puppet CHARACTER SET UTF8; Mysql> grant all privileges in puppet.* to Puppet@ ' localhost ' identified by ' puppet ';
mysql> flush Privileges; # cd/usr/share/foreman/rails_env=production Rake db:migrate rake puppet:migrate:populate_hosts Rails_env=produ ction # chown Foreman.foreman/usr/share/foreman/tmp/secret_token # Vim/etc/foreman-proxy/settings.ym L ==========================================================: trusted_hosts:-server.domain.com:p upp Etca:true:p uppet:true:p uppet_conf:/etc/puppet/puppet.conf ==================================================== ===== #/etc/init.d/foreman-proxy Start proxy Port 8443 4, integrated into Nginx Nginx virtual host as follows: server {Liste
n 443;
server_name server.domain.com;
SSL on;
SSL_CERTIFICATE/VAR/LIB/PUPPET/SSL/CERTS/SERVER.DOMAIN.COM.PEM;
SSL_CERTIFICATE_KEY/VAR/LIB/PUPPET/SSL/PRIVATE_KEYS/SERVER.DOMAIN.COM.PEM; #Verify PuppetmastER clients against Puppet CA Ssl_crl/var/lib/puppet/ssl/ca/ca_crl.pem;
SSL_CLIENT_CERTIFICATE/VAR/LIB/PUPPET/SSL/CERTS/CA.PEM;
Ssl_verify_client Optional;
Ssl_verify_depth 1;
Access_log/usr/local/nginx/logs/foreman_access.log;
Error_log/usr/local/nginx/logs/foreman_error.log Debug;
Root/usr/share/foreman/public;
Passenger_enabled on;
Passenger_set_cgi_param HTTPS on;
Passenger_set_cgi_param ssl_client_s_dn $ssl _client_s_dn;
Passenger_set_cgi_param ssl_client_verify $ssl _client_verify; #/etc/init.d/nginxd Start # # #启动nginx 5, Access Foreman input URL: https://server.domain.com default account: admin Password: changeme To configure More-configureation-smart proxies----Add proxy address after entering: https://server.domain.com:8443 # Vim/etc/puppet/node.rb:url => "Https://server.doMain.com ", 6, set up the automatic import Foreman # Cp/usr/share/foreman-installer/foreman/templates/foreman-report.rb.er B/USR/LIB/RUBY/SITE_RUBY/1.8/PUPPET/REPORTS/FOREMAN.RB # VIM FOREMAN.RB modified to configure, the other unchanged (PS: Has been stuck in the wrong) #<%= ERB. New (File.read (File.expand_path ("_header.erb", File.dirname (File))). Result (binding)-%> # Copy this File to your rep Ort dir-e.g./usr/lib/ruby/1.8/puppet/reports/# Add this is in your puppetmaster reports-e.g R puppet.conf Add: # Reports=log, Foreman # (or any other reports to you want) # URL of your foreman install ation $foreman _url = ' https://server.domain.com ' # If CA is specified, remote foreman host'll be verified $forem An_ssl_ca = "/var/lib/puppet/ssl/certs/ca.pem" # Ssl_cert and key are required if Require_ssl_puppetmasters is enabled in Foreman $foreman _ssl_cert = "/var/lib/puppet/ssl/certs/server.domain.com.pem" $foreman _ssl_key = "/var/lib/puppet/ Ssl/private_keys/server.domaIn.com.pem "The client needs to modify the agent configuration as follows [agent] Classfile = $vardir/classes.txt localconfig = $vardi R/localconfig-Pluginsync = True Masterport = 8140 environment = Producti On certname = client.test.com Server = server.domain.com Listen = True server-side modifications [MA Ster] Autosign = $confdir/autosign.conf {mode = 664} reports = Log,foreman external _nodes =/etc/puppet/node.rb Node_terminus = Exec ca = True ======================= 7,cla Ss,host.facts Import Foreman #cd/usr/share/foreman #导入hosts and facts rake puppet:import:hosts_and_facts Rails_env=produ Ction the modules underneath/etc/puppet/modules to/etc/puppet/modules/production in Foreman Web Admin mode---configuration---puppet Classes click Import from server