Ubuntu12.04 use apache for puppetmaster authentication
Source: Internet
Author: User
Ubuntu12.04 use apache to do puppetmaster authentication service premise: aptitude-yinstallpuppetaugeas-toolsaptitude-yinstallpuppetmastersqlite3libsqlite3-rubylibactiverecord-rubygitrakewww.2c ..
Ubuntu 12.04 use apache for puppetmaster authentication service prerequisites: aptitude-y install puppet augeas-toolsaptitude-y install puppetmaster sqlite3 libsqlite3-ruby libactiverecord-ruby git rake www.2cto.com has been installed puppetmaster end 1. install software apt-get install apache2 libapache2-mod-passenger rails librack-ruby libmysql-ruby2. you need to generate a certificate first. for example, if my hostname is server, start puppetmaster first and connect puppet agent-vt to the server. If everything goes well,/var/lib/puppet/ssl/certs/server will be generated. pem/var/lib/puppet/ssl/private_keys/server. pem files, which require 3.vim/etc/apache2/conf in apache authentication configuration. d/puppet. conf content: www.2cto.com Listen 8140 SSLEngine on SSLCipherSuite SSLv2:-LOW:-EXPORT: RC4 + RSA SSLCertificateFile/var/lib/puppet/ssl/certs/server. pem SSLCertificateKeyFile/var/lib/puppet/ssl/private_keys/server. pem SSLCertificateChainFile/var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile/var/lib/puppet/ssl/ca/ca_crt.pem # CRL checking shoshould be enabled; if you have problems with Apache complaining about the CRL, disable the next line # Release/var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional limit 1 SSLOptions + StdEnvVars # The following client headers allow the same configuration to work with Pound. requestHeader set X-SSL-Subject % {SSL_CLIENT_S_DN} e RequestHeader set X-Client-DN % {token} e RequestHeader set X-Client-Verify % {SSL_CLIENT_VERIFY} e www.2cto.com RackAutoDetect /etc/puppet/rack/public/ Options None AllowOverride None Order allow, deny allow from all SSLCertificateFileSSLCertificateKeyFile
The two lines need to be changed to no5./etc/default/puppetmasterSTART = yes according to your puppetmaster certificate name 4.vim/etc/puppet to create the rack folder mkdir-p rack/{tmp, public} and create the config.ru file
The content is as follows: # a config.ru, for use with every rack-compatible webserver. # SSL needs to be handled outside this, though. www.2cto.com # if puppet is not in your RUBYLIB: # $ :. unshift ('/opt/puppet/lib') $0 = "master" # if you want debugging: # ARGV <"-- debug" ARGV <"-- rack" require 'puppet/application/master' # we're usually running inside a Rack: Builder. new {} block, # therefore we need to call run * here *. run Puppet: Application [: master]. run
The rack folder structure is as follows: www.2cto.com root @ server:/etc/puppet/rack # lsconfig.ru public tmpchown-R puppet: puppet/etc/puppet/rack6. at this time it may be 8140 or puppetmaster is running kill the process, restart apache, If apache does not report an error try puppet agent-vt is correct refer to the document http://projects.puppetlabs.com/projects/1/wiki/using_passenger
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.