关于puppet的扩展APACHE2 + PASSENGER
前言:
本篇博客参考了<puppet实战>这本书,测试环境为OpenSuSe13.2+ruby2.1+Apache2.4+Puppet3.7.1 master,Puppet agent为2.7的版本
在领略了puppet种种神奇后,由于puppet通过catalog来更新内容,期间还可能下载插件,下载file,同步file的内容等,这必然要消耗掉master的诸多性能,在获取的过程中master和agent说白了是https的通信,agent通过ruby内置的Webrick服务器获得catalog,而现在流行的webserver肯定对于静态内容效率与效果要更好,于是对master的扩展的一种方式演变为webserver的升级
1 准备工作
zypperinrubyapache2libcurllibcurl-develaprapr-develapache2-devel(yum-yinstallrubyhttpd...)geminstallrackpassengerrailspassenger-install-apache2-module.ruby2.1...提示...如果这里提示你什么包头文件没装,请不要进行下一步,自己去尝试安装develcat/etc/apache2/vhost.d/liuliancao.com.confLoadModulepassenger_module/usr/lib64/ruby/gems/2.1.0/gems/passenger-5.0.22/buildout/apache2/mod_passenger.soPassengerRoot/usr/lib64/ruby/gems/2.1.0/gems/passenger-5.0.22PassengerDefaultRuby/usr/bin/ruby.ruby2.1#Andthepassengerperformancetuningsettings:PassengerHighPerformanceOn#nowitison#PassengerUseGlobalQueueOn#Setthistoabout1.5timesthenumberofCPUcoresinyourmaster:PassengerMaxPoolSize3#Recyclemasterprocessesaftertheyservice1000requestsPassengerMaxRequests1000#Stopprocessesiftheysitidlefor10minutesPassengerPoolIdleTime600Listen8140<VirtualHost*:8140>SSLEngineOn#Onlyallowhighsecuritycryptography,ALterifneededforcompatibilitySSLProtocolALL-SSLv2SSLCipherSuiteHIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXPSSLCertificateFile/var/lib/puppet/ssl/certs/puppet-master.pemSSLCertificateKeyFile/var/lib/puppet/ssl/private_keys/puppet-master.pemSSLCertificateChainFile/var/lib/puppet/ssl/ca/ca_crt.pemSSLCACertificateFile/var/lib/puppet/ssl/ca/ca_crt.pemSSLCARevocationFile/var/lib/puppet/ssl/ca/ca_crl.pemSSLVerifyCLientoptionalSSLVerifyDepth1SSLOptions+StdEnvVars+ExportCertData#Theserequestheadersareusedtopasstheclientcertificates#authenticationinfomationontothepuppetmasterprocessRequestHeadersetX-SSL-Subject%{SSL_CLIENT_S_DN}eRequestHeadersetX-SSL-Subject%{SSL_CLIENT_S_DN}eRequestHeadersetX-Client-DN%{SSL_CLIENT_S_DN}eRequestHeadersetX-Client-Verify%{SSL_CLIENT_VERIFY}e#RackAutoDetectOnDocumentRoot/usr/share/puppet/rack/puppetmasterd/public/<Directory/usr/share/puppet/rack/puppetmasterd/>OptionsNoneAllowOverrideNoneOrderAllow,DenyAllowfromAll</Directory></VirtualHost>检查语法错误,下面错误不是重点就不管了httpd2-tAH00558:httpd2:Couldnotreliablydeterminetheserver'sfullyqualifieddomainname,using172.16.236.1.Setthe'ServerName'directivegloballytosuppressthismessageSyntaxOKsystemctlstartapache2netstat-tnlp|grep8140tcp00:::8140:::*LISTEN11371/httpd2-prefor
这是apache端已经配置好,还要启动master才行,否则会报500的错误
puppetmasterstart
回到我们的agent端进行测试
puppetagent--serverpuppet-master--test--noop...notice:Class[Nginx]:Wouldhavetriggered'refresh'from9eventsnotice:Stage[main]:Wouldhavetriggered'refresh'from1eventsnotice:Finishedcatalogrunin13.62seconds
查看master日志的情况
tail/var/log/apache2/access_log172.16.236.101--[20/Dec/2015:21:15:03+0800]"POST/production/catalog/puppet-agentHTTP/1.1"20011044"-""-"172.16.236.101--[20/Dec/2015:21:15:04+0800]"GET/production/file_metadata/modules/user/file_from_module?links=manageHTTP/1.1"200303"-""-"172.16.236.101--[20/Dec/2015:21:15:18+0800]"PUT/production/report/puppet-agentHTTP/1.1"2009"-""-"
就实现了nginx辅助进行catalog的传递这个过程
声明:本站所有文章资源内容,如无特殊说明或标注,均为采集网络资源。如若本站内容侵犯了原著者的合法权益,可联系本站删除。