使用apache管理puppet
puppet可以独立工作,但当在一个成百上千台服务器的大规模集群中部署 Puppet 环境后,各个 Agent 节点与 Master 之间的同步、检查、通讯就会成为瓶颈,会频繁出现连接超时、读取失败等错误。究其原因,由于 Puppet Master 默认使用的 WEBrick 是一个简单的单进程的 WEB SERVER 服务(类似原始的 CGI),因而在大访问量、高并发的情况下就不适用了。所以,要使用性能更好的 Web Server 来提供 Puppet Rails 应用。在实际应用中,通常将其与apache或者nginx结合使用,以解决高并发的问题。
在此,我通过apache借助passenger模块的方式来实现apache和puppet的整合。 puppet master的安装方法在此略过。需要puppet master成功启动过一次,这样会生成相应的证书,方便apache管理。1.安装ruby环境
yum -y install ruby ruby-devel ruby-irb ruby-rdoc ruby-ri ruby-libs ruby-rdoc openssl-devel2.安装apache yum install -y httpd httpd-devel3.安装rubygems
wget http://rubyforge.org/frs/download.php/76729/rubygems-1.8.25.tgz tar xf rubygems-1.8.25.tgz cd rubygems-1.8.25 ruby setup.rb 4.安装passenger gem install passenger5.创建apache passenger模块:
passenger-install-apache2-module6.修改apache主配置文件,按照安装passenger-install-apache2-module模块时给出的提示添加如下内容:LoadModule passenger_module /usr/lib64/ruby/gems/1.8/gems/passenger-4.0.17/buildout/apache2/mod_passenger.soPassengerRoot /usr/lib64/ruby/gems/1.8/gems/passenger-4.0.17PassengerDefaultRuby /usr/bin/rubyPassengerHighPerformance on#PassengerUseGlobalQueue onPassengerMaxPoolSize 3PassengerMaxRequests 4000#关闭空闲超过1800秒的passenger实例PassengerPoolIdleTime 1800Include conf/extra/puppetmaster.conf #将puppetmaster.conf配置文件载入 7.将puppet源码包中给出的apache的配置文件apache2.conf复制到apache的子配置文件目录中,并重名为puppetmaster.confcp /root/puppet-3.2.2/ext/rack/files/apache2.conf /usr/local/apache2/conf/extra/puppetmaster.conf8.修改puppetmaster.conf文件,如下:# you probably want to tune these settingsPassengerHighPerformance onPassengerMaxPoolSize 12PassengerPoolIdleTime 1500PassengerMaxRequests 4000PassengerStatThrottleRate 120#RackAutoDetect Off#RailsAutoDetect OffListen 8140<VirtualHost *:8140> SSLEngine on SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/puppet-master.cmmobi-wh.com.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet-master.cmmobi-wh.com.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem # If Apache complains about invalid signatures on the CRL, you can try disabling # CRL checking by commenting the next line, but this is not recommended. SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 # The `ExportCertData` option is needed for agent certificate expiration warnings SSLOptions +StdEnvVars +ExportCertData # This header needs to be set if using a loadbalancer or proxy RequestHeader unset X-Forwarded-For RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e DocumentRoot /etc/puppet/rack/public/ RackBaseURI / <Directory /etc/puppet/rack/> Options None AllowOverride None Order allow,deny allow from all </Directory></VirtualHost>9.创建/etc/puppet/rack/public目录,并将puppet源码包自带的config.ru文件复制到/etc/puppet/rack目录下mkdir -p /etc/puppet/rack/publiccp /root/puppet-3.2.2/ext/rack/files/config.ru /etc/puppet/rackcp /usr/lib64/ruby/gems/1.8/gems/passenger-4.0.17/test/stub/rails_apps/1.2/empty/public/* /etc/puppet/rack/public/注:如果是以puppet用户身份来运行puppet,需要将config.ru的属主和属组改成puppet10.关闭puppet master,启动apache,并检查监听端口,然后用客户端测试service puppetmaster stopservice httpd startnetstat -ntlp | grep httpd
linux交流群:22346652。欢迎Linux爱好者加入,一起学习,一起进步。
声明:本站所有文章资源内容,如无特殊说明或标注,均为采集网络资源。如若本站内容侵犯了原著者的合法权益,可联系本站删除。
