Winse Blog

走走停停, 熙熙攘攘, 忙忙碌碌, 不知何畏.

Puppetboard Install

对于我这样的python小白来说,有网络来安装 puppetboard 还是比较容易的(离线安装依赖处理可能比较麻烦)。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
# https://fedoraproject.org/wiki/EPEL/zh-cn
[root@cu2 ~]# yum search epel
[root@cu2 ~]# yum install epel-release


[root@cu2 ~]# yum repolist
Loaded plugins: fastestmirror, priorities
Loading mirror speeds from cached hostfile
 * base: mirrors.skyshe.cn
 * centosplus: mirrors.pubyun.com
 * epel: mirror01.idc.hinet.net
 * extras: mirrors.skyshe.cn
 * updates: mirrors.skyshe.cn
193 packages excluded due to repository priority protections
repo id                                   repo name                                                                   status
base                                      CentOS-6 - Base                                                                  6,575
centosplus                                CentOS-6 - Centosplus                                                             0+76
epel                                      Extra Packages for Enterprise Linux 6 - x86_64                              12,127+117
extras                                    CentOS-6 - Extras                                                                   62
puppet-local                              Puppet Local                                                                         5
updates                                   CentOS-6 - Updates                                                               1,607
repolist: 20,376


[root@cu2 ~]# yum install python-pip -y


[root@cu2 ~]# pip install puppetboard
/usr/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
You are using pip version 7.1.0, however version 8.1.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
Collecting puppetboard
/usr/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
  Downloading puppetboard-0.1.3.tar.gz (598kB)
    100% |████████████████████████████████| 602kB 726kB/s 
Collecting Flask>=0.10.1 (from puppetboard)
  Downloading Flask-0.10.1.tar.gz (544kB)
    100% |████████████████████████████████| 544kB 734kB/s 
Collecting Flask-WTF<=0.9.5,>=0.9.4 (from puppetboard)
  Downloading Flask-WTF-0.9.5.tar.gz (245kB)
    100% |████████████████████████████████| 249kB 320kB/s 
Collecting WTForms<2.0 (from puppetboard)
  Downloading WTForms-1.0.5.zip (355kB)
    100% |████████████████████████████████| 356kB 1.3MB/s 
Collecting pypuppetdb<0.3.0,>=0.2.1 (from puppetboard)
  Downloading pypuppetdb-0.2.1.tar.gz
Collecting Werkzeug>=0.7 (from Flask>=0.10.1->puppetboard)
  Downloading Werkzeug-0.11.9-py2.py3-none-any.whl (306kB)
    100% |████████████████████████████████| 307kB 1.5MB/s 
Collecting Jinja2>=2.4 (from Flask>=0.10.1->puppetboard)
  Downloading Jinja2-2.8-py2.py3-none-any.whl (263kB)
    100% |████████████████████████████████| 266kB 2.3MB/s 
Collecting itsdangerous>=0.21 (from Flask>=0.10.1->puppetboard)
  Downloading itsdangerous-0.24.tar.gz (46kB)
    100% |████████████████████████████████| 49kB 7.2MB/s 
Collecting requests>=1.2.3 (from pypuppetdb<0.3.0,>=0.2.1->puppetboard)
  Downloading requests-2.10.0-py2.py3-none-any.whl (506kB)
    100% |████████████████████████████████| 507kB 920kB/s 
Collecting MarkupSafe (from Jinja2>=2.4->Flask>=0.10.1->puppetboard)
  Downloading MarkupSafe-0.23.tar.gz
Installing collected packages: Werkzeug, MarkupSafe, Jinja2, itsdangerous, Flask, WTForms, Flask-WTF, requests, pypuppetdb, puppetboard
  Running setup.py install for MarkupSafe
  Running setup.py install for itsdangerous
  Running setup.py install for Flask
  Running setup.py install for WTForms
  Running setup.py install for Flask-WTF
  Running setup.py install for pypuppetdb
  Running setup.py install for puppetboard
Successfully installed Flask-0.10.1 Flask-WTF-0.9.5 Jinja2-2.8 MarkupSafe-0.23 WTForms-1.0.5 Werkzeug-0.11.9 itsdangerous-0.24 puppetboard-0.1.3 pypuppetdb-0.2.1 requests-2.10.0


[root@cu2 ~]# pip show puppetboard
You are using pip version 7.1.0, however version 8.1.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
---
Metadata-Version: 1.0
Name: puppetboard
Version: 0.1.3
Summary: Web frontend for PuppetDB
Home-page: https://github.com/puppet-community/puppetboard
Author: Daniele Sluijters
Author-email: daniele.sluijters+pypi@gmail.com
License: Apache License 2.0
Location: /usr/lib/python2.6/site-packages
Requires: Flask, Flask-WTF, WTForms, pypuppetdb
[root@cu2 ~]# ll /usr/lib/python2.6/site-packages/puppetboard
total 100
-rw-r--r-- 1 root root 31629 May  5 09:12 app.py
-rw-r--r-- 1 root root 30481 May  5 09:12 app.pyc
-rw-r--r-- 1 root root  1206 May  5 09:12 default_settings.py
-rw-r--r-- 1 root root  1477 May  5 09:12 default_settings.pyc
-rw-r--r-- 1 root root  1025 May  5 09:12 forms.py
-rw-r--r-- 1 root root  1982 May  5 09:12 forms.pyc
-rw-r--r-- 1 root root     0 May  5 09:12 __init__.py
-rw-r--r-- 1 root root   143 May  5 09:12 __init__.pyc
drwxr-xr-x 9 root root  4096 May  5 09:12 static
drwxr-xr-x 2 root root  4096 May  5 09:12 templates
-rw-r--r-- 1 root root  2155 May  5 09:12 utils.py
-rw-r--r-- 1 root root  3433 May  5 09:12 utils.pyc


[root@cu2 ~]# pip install uwsgi
You are using pip version 7.1.0, however version 8.1.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
Collecting uwsgi
/usr/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
  Downloading uwsgi-2.0.12.tar.gz (784kB)
    100% |████████████████████████████████| 786kB 143kB/s 
Installing collected packages: uwsgi
  Running setup.py install for uwsgi
Successfully installed uwsgi-2.0.12


[root@cu2 ~]# mkdir -p /var/www/puppetboard
[root@cu2 ~]# cd /var/www/puppetboard/
[root@cu2 puppetboard]# cp /usr/lib/python2.6/site-packages/puppetboard/default_settings.py ./settings.py
# 修改配置 
# https://github.com/voxpupuli/puppetboard#settings
PUPPETDB_HOST = 'cu3'
PUPPETDB_PORT = 8080
REPORTS_COUNT = 21
ENABLE_CATALOG = True

[root@cu2 puppetboard]# vi wsgi.py 
from __future__ import absolute_import
import os

os.environ['PUPPETDOARD_SETTINGS'] = '/var/www/puppetboard/settings.py'
from puppetboard.app import app as application


# A 直接用uwsgi-http
# http://yongqing.is-programmer.com/posts/43688.html
[root@cu2 puppetboard]# uwsgi --http :9091 --wsgi-file /var/www/puppetboard/wsgi.py 

# 使用 supervisord 管理
[root@cu2 supervisord.d]# cat uwsgi.ini 
[program:puppetboard]
command=uwsgi --http :9091 --wsgi-file /var/www/puppetboard/wsgi.py 
[root@cu2 supervisord.d]# supervisorctl update


# B nginx + uwsgi-socket
# 需要对应到 / ,新增一个9091的server
[root@cu2 puppetboard]# vi /home/hadoop/nginx/conf/nginx.conf
server {
  listen 9091;

  location /static {
    alias /usr/lib/python2.6/site-packages/puppetboard/static;
  }
  location / {
    include uwsgi_params;
    uwsgi_pass 127.0.0.1:9090;
  }
}

[root@cu2 puppetboard]# uwsgi --socket :9090 --wsgi-file /var/www/puppetboard/wsgi.py 

[root@cu2 puppetboard]# /home/hadoop/nginx/sbin/nginx -s reload

配置SSL访问需要把ssl_verify设置为false。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# 2.7.9+网上说好像就没问题
# http://stackoverflow.com/questions/29099404/ssl-insecureplatform-error-when-using-requests-package
# https://github.com/pypa/pip/issues/2681
[root@cu2 ~]# yum install -y  libffi-devel libffi 
[root@cu2 ~]# pip install 'requests[security]'

# [重要] 两个链接内容一样的:
# * https://groups.google.com/forum/#!msg/puppet-users/m7Sakf4bQ7Q/y6uAa0AUsZIJ
# * http://grokbase.com/t/gg/puppet-users/1428vjkncr/puppetboard-and-ssl
# You have two choices now, set SSL_VERIFY to False and trust that you're
# always talking to your actual PuppetDB or copy from the Puppet CA
# $vardir/ssl/ca_crt.pem to /etc/puppetboard and set SSL_VERIFY to the path
# of ca_crt.pem. In that case the file SSL_VERIFY points to will be used to
# verify PuppetDB's server certificate instead of the OS truststore.
[root@cu2 puppetboard]# vi settings.py 
PUPPETDB_HOST = 'cu3.eshore.cn'
PUPPETDB_PORT = 8081
PUPPETDB_SSL_VERIFY = False  # 这里设置为false
PUPPETDB_KEY = '/etc/puppetlabs/puppet/ssl/private_keys/cu2.eshore.cn.pem'
PUPPETDB_CERT = '/etc/puppetlabs/puppet/ssl/ca/signed/cu2.eshore.cn.pem'

# 重启uwsgi-http服务
[root@cu2 ~]# supervisorctl restart puppetboard

如果 puppetboard 和 puppetdb 安装在同一机器,可以使用 puppetdb/ssl 路径下的ssl文件(puppetdb/ssl也是从puppet/ssl拷贝过来的):

1
2
3
4
5
6
7
8
9
10
[root@cu3 ~]# puppetdb ssl-setup -f
PEM files in /etc/puppetlabs/puppetdb/ssl are missing, we will move them into place for you
Copying files: /etc/puppetlabs/puppet/ssl/certs/ca.pem, /etc/puppetlabs/puppet/ssl/private_keys/cu3.eshore.cn.pem and /etc/puppetlabs/puppet/ssl/certs/cu3.eshore.cn.pem to /etc/puppetlabs/puppetdb/ssl
...

[root@cu3 ~]# tree /etc/puppetlabs/puppetdb/ssl/
/etc/puppetlabs/puppetdb/ssl/
├── ca.pem
├── private.pem
└── public.pem

–END

Comments