Versions Compared

Old Version 3

changes.mady.by.user Former user

Saved on

compared with

New Version 4

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Configurations for Nginx is as follows:
    /etc/nginx/nginx.conf

    Code Block
    user www-data;
worker_processes 5;

error_log /var/log/nginx/error-puppet.log;
pid /var/run/nginx.pid;

events {
       worker_connections  1024;
}

http {
       default_type  application/octet-stream;

sendfile       on;
tcp_nopush     on;

keepalive_timeout  120;
tcp_nodelay        on;

upstream puppetmaster {
   server 127.0.0.1:18140;
   server 127.0.0.1:18141;
   server 127.0.0.1:18142;
   server 127.0.0.1:18143;
   server 127.0.0.1:18144;
}

server {
listen                  8140;
ssl                     on;

ssl_certificate         /var/lib/puppet/ssl/certs/s2demo.s2.wso2.com.pem;
ssl_certificate_key  /var/lib/puppet/ssl/private_keys/s2demo.s2.wso2.com.pem;
ssl_client_certificate  /var/lib/puppet/ssl/ca/ca_crt.pem;
ssl_crl                 /var/lib/puppet/ssl/ca/ca_crl.pem;

ssl_ciphers             SSLv2:-LOW:-EXPORT:RC4+RSA;
ssl_session_cache       shared:SSL:8m;
ssl_session_timeout     5m;
ssl_verify_client       optional;
rewrite_log             on;
client_max_body_size        50m;
root                    /var/empty;
access_log              /var/log/nginx/access.log;

location / {
     proxy_pass          http://puppetmaster;
proxy_redirect      off;
proxy_set_header    Host             $host;
proxy_set_header    X-Real-IP        $remote_addr;
proxy_set_header    X-Forwarded-For  $proxy_add_x_forwarded_for;
proxy_set_header    X-Client-Verify  $ssl_client_verify;
proxy_set_header    X-SSL-Subject    $ssl_client_s_dn;
proxy_set_header    X-SSL-Issuer     $ssl_client_i_dn;
                       proxy_read_timeout  120;
               }
       }
}

     

  • Set the server host name to s2demo.s2.wso2.com and add the host entry to /etc/hosts accordingly.
    If you want to change the domain name make sure to change the nginx ssl settings.

    Code Block
    hostname s2demo.s2.wso2.com
hostname > /etc/hostname


  • Start the Puppet master.

    Code Block
    /etc/init.d/puppetmaster start
/etc/init.d/nginx start

 

Anchor
PuppetAgent
PuppetAgent

Excerpt

Setting up Puppet agent

  1. Install packages.

    Code Block
    $apt-get install puppet

     

  2. Generate the keys in the server (Puppet master)

    Code Block
    $puppet cert --generate star.s2.wso2.com

    Copy the generated key

...

  1. in /var/lib/puppet/ssl/private_keys/star.s2.wso2.com.pem

...

  1.  to clients (Puppet agent) /var/lib/puppet/ssl/private_keys/  

    Copy the generated key in /var/lib/puppet/ssl/ca/signed/star.s2.wso2.com.pem

...

  1.  to clients /var/lib/puppet/ssl/certs/

       

  2. Change

...

  1. the /etc/puppet/puppet.

...

  1. conf as follows:

    Code Block
    [main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
server=s2demo.s2.wso2.com
waitforcert=60
report=false

[master]
environment=stratos2
modulepath=/etc/puppet/$environment/modules
templatedir=/etc/puppet/$environment/templates
manifest=/etc/puppet/$environment/manifests/site.pp
manifestdir=/etc/puppet/$environment/manifests/

[agent]
environment=stratos2
certname = star.s2.wso2.com
node_name = facter
node_name_fact = fqdn

   

Setting up Stratos2

  1. Create a folder path for Stratos2 Puppet manifests.

    Code Block
    $ mkdir -p /mnt/puppet/stratos2

     

  2. Extract the Puppet master files (manifests,modules,templates) to  /mnt/puppet/stratos2

  3. Change the hosts template file in /mnt/puppet/stratos2/templates/hosts.erb

     

...