安装passenger
gem install rake -v 0.8.7
gem install rack -v 1.6.6
gem install daemon_controller -v 1.2.0
gem install passenger -v 4.0.56
passenger-install-apache2-module
回车,选择ruby
配置httpd
mkdir -p /etc/puppet/rack/puppetmaster/{public,tmp}
cp /usr/share/puppet/ext/rack/config.ru /etc/puppet/rack/puppetmaster/
chown puppet. /etc/puppet/rack/puppetmaster/config.ru
修改passenger.conf
vi /etc/httpd/conf.d/passenger.conf
LoadModule passenger_module /usr/local/share/gems/gems/passenger-4.0.56/buildout/apache2/mod_passenger.so
<IfModule mod_passenger.c>
PassengerRoot /usr/local/share/gems/gems/passenger-4.0.56
PassengerDefaultRuby /usr/bin/ruby
</IfModule>
保存退出
修改puppetmaster.conf配置
vi /etc/httpd/conf.d/puppetmaster.conf
This Apache 2 virtual host config shows how to use Puppet as a Rack
application via Passenger. See
http://docs.puppetlabs.com/guides/passenger.html for more information.
You can also use the included config.ru file to run Puppet with other Rack
servers instead of Passenger.
you probably want to tune these settings
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
PassengerMaxRequests 1000
PassengerStatThrottleRate 120
RackAutoDetect Off
RailsAutoDetect Off
Listen 8140
<VirtualHost *:8140>
SSLEngine on
SSLProtocol ALL -SSLv2
SSLCipherSuite ALL:!aNULL:!eNULL:!DES:!3DES:!IDEA:!SEED:!DSS:!PSK:!RC4:!MD5:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXP
SSLHonorCipherOrder on
SSLCertificateFile /var/lib/puppet/ssl/certs/puppetmaster.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppetmaster.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
# If Apache complains about invalid signatures on the CRL, you can try disabling
# CRL checking by commenting the next line, but this is not recommended.
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
# Apache 2.4 introduces the SSLCARevocationCheck directive and sets it to none
# which effectively disables CRL checking; if you are using Apache 2.4+ you must
# specify 'SSLCARevocationCheck chain' to actually use the CRL.
# SSLCARevocationCheck chain
SSLVerifyClient optional
SSLVerifyDepth 1
# The `ExportCertData` option is needed for agent certificate expiration warnings
SSLOptions +StdEnvVars +ExportCertData
# This header needs to be set if using a loadbalancer or proxy
RequestHeader unset X-Forwarded-For
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
DocumentRoot /etc/puppet/rack/puppetmaster/public
RackBaseURI /
<Directory /etc/puppet/rack/puppetmaster/>
AllowOverride all
Options -MultiViews
Require all granted
</Directory>
</VirtualHost>
保存退出,重启httpd
service puppetmaster stop
chkconfig puppetmaster off
service httpd restart
