Puppetboard Install

对于我这样的python小白来说，有网络来安装 puppetboard 还是比较容易的（离线安装依赖处理可能比较麻烦）。

# https://fedoraproject.org/wiki/EPEL/zh-cn
[root@cu2 ~]# yum search epel
[root@cu2 ~]# yum install epel-release


[root@cu2 ~]# yum repolist
Loaded plugins: fastestmirror, priorities
Loading mirror speeds from cached hostfile
 * base: mirrors.skyshe.cn
 * centosplus: mirrors.pubyun.com
 * epel: mirror01.idc.hinet.net
 * extras: mirrors.skyshe.cn
 * updates: mirrors.skyshe.cn
193 packages excluded due to repository priority protections
repo id                                   repo name                                                                   status
base                                      CentOS-6 - Base                                                                  6,575
centosplus                                CentOS-6 - Centosplus                                                             0+76
epel                                      Extra Packages for Enterprise Linux 6 - x86_64                              12,127+117
extras                                    CentOS-6 - Extras                                                                   62
puppet-local                              Puppet Local                                                                         5
updates                                   CentOS-6 - Updates                                                               1,607
repolist: 20,376


[root@cu2 ~]# yum install python-pip -y


[root@cu2 ~]# pip install puppetboard
/usr/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
You are using pip version 7.1.0, however version 8.1.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
Collecting puppetboard
/usr/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
  Downloading puppetboard-0.1.3.tar.gz (598kB)
    100% |████████████████████████████████| 602kB 726kB/s 
Collecting Flask>=0.10.1 (from puppetboard)
  Downloading Flask-0.10.1.tar.gz (544kB)
    100% |████████████████████████████████| 544kB 734kB/s 
Collecting Flask-WTF<=0.9.5,>=0.9.4 (from puppetboard)
  Downloading Flask-WTF-0.9.5.tar.gz (245kB)
    100% |████████████████████████████████| 249kB 320kB/s 
Collecting WTForms<2.0 (from puppetboard)
  Downloading WTForms-1.0.5.zip (355kB)
    100% |████████████████████████████████| 356kB 1.3MB/s 
Collecting pypuppetdb<0.3.0,>=0.2.1 (from puppetboard)
  Downloading pypuppetdb-0.2.1.tar.gz
Collecting Werkzeug>=0.7 (from Flask>=0.10.1->puppetboard)
  Downloading Werkzeug-0.11.9-py2.py3-none-any.whl (306kB)
    100% |████████████████████████████████| 307kB 1.5MB/s 
Collecting Jinja2>=2.4 (from Flask>=0.10.1->puppetboard)
  Downloading Jinja2-2.8-py2.py3-none-any.whl (263kB)
    100% |████████████████████████████████| 266kB 2.3MB/s 
Collecting itsdangerous>=0.21 (from Flask>=0.10.1->puppetboard)
  Downloading itsdangerous-0.24.tar.gz (46kB)
    100% |████████████████████████████████| 49kB 7.2MB/s 
Collecting requests>=1.2.3 (from pypuppetdb<0.3.0,>=0.2.1->puppetboard)
  Downloading requests-2.10.0-py2.py3-none-any.whl (506kB)
    100% |████████████████████████████████| 507kB 920kB/s 
Collecting MarkupSafe (from Jinja2>=2.4->Flask>=0.10.1->puppetboard)
  Downloading MarkupSafe-0.23.tar.gz
Installing collected packages: Werkzeug, MarkupSafe, Jinja2, itsdangerous, Flask, WTForms, Flask-WTF, requests, pypuppetdb, puppetboard
  Running setup.py install for MarkupSafe
  Running setup.py install for itsdangerous
  Running setup.py install for Flask
  Running setup.py install for WTForms
  Running setup.py install for Flask-WTF
  Running setup.py install for pypuppetdb
  Running setup.py install for puppetboard
Successfully installed Flask-0.10.1 Flask-WTF-0.9.5 Jinja2-2.8 MarkupSafe-0.23 WTForms-1.0.5 Werkzeug-0.11.9 itsdangerous-0.24 puppetboard-0.1.3 pypuppetdb-0.2.1 requests-2.10.0


[root@cu2 ~]# pip show puppetboard
You are using pip version 7.1.0, however version 8.1.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
---
Metadata-Version: 1.0
Name: puppetboard
Version: 0.1.3
Summary: Web frontend for PuppetDB
Home-page: https://github.com/puppet-community/puppetboard
Author: Daniele Sluijters
Author-email: daniele.sluijters+pypi@gmail.com
License: Apache License 2.0
Location: /usr/lib/python2.6/site-packages
Requires: Flask, Flask-WTF, WTForms, pypuppetdb
[root@cu2 ~]# ll /usr/lib/python2.6/site-packages/puppetboard
total 100
-rw-r--r-- 1 root root 31629 May  5 09:12 app.py
-rw-r--r-- 1 root root 30481 May  5 09:12 app.pyc
-rw-r--r-- 1 root root  1206 May  5 09:12 default_settings.py
-rw-r--r-- 1 root root  1477 May  5 09:12 default_settings.pyc
-rw-r--r-- 1 root root  1025 May  5 09:12 forms.py
-rw-r--r-- 1 root root  1982 May  5 09:12 forms.pyc
-rw-r--r-- 1 root root     0 May  5 09:12 __init__.py
-rw-r--r-- 1 root root   143 May  5 09:12 __init__.pyc
drwxr-xr-x 9 root root  4096 May  5 09:12 static
drwxr-xr-x 2 root root  4096 May  5 09:12 templates
-rw-r--r-- 1 root root  2155 May  5 09:12 utils.py
-rw-r--r-- 1 root root  3433 May  5 09:12 utils.pyc


[root@cu2 ~]# pip install uwsgi
You are using pip version 7.1.0, however version 8.1.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
Collecting uwsgi
/usr/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
  Downloading uwsgi-2.0.12.tar.gz (784kB)
    100% |████████████████████████████████| 786kB 143kB/s 
Installing collected packages: uwsgi
  Running setup.py install for uwsgi
Successfully installed uwsgi-2.0.12


[root@cu2 ~]# mkdir -p /var/www/puppetboard
[root@cu2 ~]# cd /var/www/puppetboard/
[root@cu2 puppetboard]# cp /usr/lib/python2.6/site-packages/puppetboard/default_settings.py ./settings.py
# 修改配置 
# https://github.com/voxpupuli/puppetboard#settings
PUPPETDB_HOST = 'cu3'
PUPPETDB_PORT = 8080
REPORTS_COUNT = 21
ENABLE_CATALOG = True

[root@cu2 puppetboard]# vi wsgi.py 
from __future__ import absolute_import
import os

os.environ['PUPPETDOARD_SETTINGS'] = '/var/www/puppetboard/settings.py'
from puppetboard.app import app as application


# A 直接用uwsgi-http
# http://yongqing.is-programmer.com/posts/43688.html
[root@cu2 puppetboard]# uwsgi --http :9091 --wsgi-file /var/www/puppetboard/wsgi.py 

# 使用 supervisord 管理
[root@cu2 supervisord.d]# cat uwsgi.ini 
[program:puppetboard]
command=uwsgi --http :9091 --wsgi-file /var/www/puppetboard/wsgi.py 
[root@cu2 supervisord.d]# supervisorctl update


# B nginx + uwsgi-socket
# 需要对应到 / ，新增一个9091的server
[root@cu2 puppetboard]# vi /home/hadoop/nginx/conf/nginx.conf
server {
  listen 9091;

  location /static {
    alias /usr/lib/python2.6/site-packages/puppetboard/static;
  }
  location / {
    include uwsgi_params;
    uwsgi_pass 127.0.0.1:9090;
  }
}

[root@cu2 puppetboard]# uwsgi --socket :9090 --wsgi-file /var/www/puppetboard/wsgi.py 

[root@cu2 puppetboard]# /home/hadoop/nginx/sbin/nginx -s reload

配置SSL访问需要把ssl_verify设置为false。

# 2.7.9+网上说好像就没问题
# http://stackoverflow.com/questions/29099404/ssl-insecureplatform-error-when-using-requests-package
# https://github.com/pypa/pip/issues/2681
[root@cu2 ~]# yum install -y  libffi-devel libffi 
[root@cu2 ~]# pip install 'requests[security]'

# [重要] 两个链接内容一样的：
# * https://groups.google.com/forum/#!msg/puppet-users/m7Sakf4bQ7Q/y6uAa0AUsZIJ
# * http://grokbase.com/t/gg/puppet-users/1428vjkncr/puppetboard-and-ssl
# You have two choices now, set SSL_VERIFY to False and trust that you're
# always talking to your actual PuppetDB or copy from the Puppet CA
# $vardir/ssl/ca_crt.pem to /etc/puppetboard and set SSL_VERIFY to the path
# of ca_crt.pem. In that case the file SSL_VERIFY points to will be used to
# verify PuppetDB's server certificate instead of the OS truststore.
[root@cu2 puppetboard]# vi settings.py 
PUPPETDB_HOST = 'cu3.eshore.cn'
PUPPETDB_PORT = 8081
PUPPETDB_SSL_VERIFY = False  # 这里设置为false
PUPPETDB_KEY = '/etc/puppetlabs/puppet/ssl/private_keys/cu2.eshore.cn.pem'
PUPPETDB_CERT = '/etc/puppetlabs/puppet/ssl/ca/signed/cu2.eshore.cn.pem'

# 重启uwsgi-http服务
[root@cu2 ~]# supervisorctl restart puppetboard

如果 puppetboard 和 puppetdb 安装在同一机器，可以使用 puppetdb/ssl 路径下的ssl文件（puppetdb/ssl也是从puppet/ssl拷贝过来的）：

[root@cu3 ~]# puppetdb ssl-setup -f
PEM files in /etc/puppetlabs/puppetdb/ssl are missing, we will move them into place for you
Copying files: /etc/puppetlabs/puppet/ssl/certs/ca.pem, /etc/puppetlabs/puppet/ssl/private_keys/cu3.eshore.cn.pem and /etc/puppetlabs/puppet/ssl/certs/cu3.eshore.cn.pem to /etc/puppetlabs/puppetdb/ssl
...

[root@cu3 ~]# tree /etc/puppetlabs/puppetdb/ssl/
/etc/puppetlabs/puppetdb/ssl/
├── ca.pem
├── private.pem
└── public.pem

–END

Winse Blog

走走停停, 熙熙攘攘, 忙忙碌碌, 不知何畏.

Comments