使用apache管理puppet
puppet可以独立工作,但当在一个成百上千台服务器的大规模集群中部署 Puppet 环境后,各个 Agent 节点与 Master 之间的同步、检查、通讯就会成为瓶颈,会频繁出现连接超时、读取失败等错误。究其原因,由于 Puppet Master 默认使用的 WEBrick 是一个简单的单进程的 WEB SERVER 服务(类似原始的 CGI),因而在大访问量、高并发的情况下就不适用了。所以,要使用性能更好的 Web Server 来提供 Puppet Rails 应用。在实际应用中,通常将其与apache或者nginx结合使用,以解决高并发的问题。
站在用户的角度思考问题,与客户深入沟通,找到华坪网站设计与华坪网站推广的解决方案,凭借多年的经验,让设计与互联网技术结合,创造个性化、用户体验好的作品,建站类型包括:成都网站建设、成都网站设计、企业官网、英文网站、手机端网站、网站推广、申请域名、网页空间、企业邮箱。业务覆盖华坪地区。
在此,我通过apache借助passenger模块的方式来实现apache和puppet的整合。
puppet master的安装方法在此略过。需要puppet master成功启动过一次,这样会生成相应的证书,方便apache管理。
1.安装ruby环境
yum -y install ruby ruby-devel ruby-irb ruby-rdoc ruby-ri ruby-libs ruby-rdoc openssl-devel
2.安装apache
yum install -y httpd httpd-devel
3.安装rubygems
wgethttp://rubyforge.org/frs/download.php/76729/rubygems-1.8.25.tgz
tar xf rubygems-1.8.25.tgz
cd rubygems-1.8.25
ruby setup.rb
4.安装passenger
gem install passenger
5.创建apache passenger模块:
passenger-install-apache2-module
6.修改apache主配置文件,按照安装passenger-install-apache2-module模块时给出的提示添加如下内容:
LoadModule passenger_module /usr/lib64/ruby/gems/1.8/gems/passenger-4.0.17/buildout/apache2/mod_passenger.so PassengerRoot /usr/lib64/ruby/gems/1.8/gems/passenger-4.0.17 PassengerDefaultRuby /usr/bin/ruby PassengerHighPerformance on #PassengerUseGlobalQueue on PassengerMaxPoolSize 3 PassengerMaxRequests 4000 #关闭空闲超过1800秒的passenger实例 PassengerPoolIdleTime 1800 Include conf/extra/puppetmaster.conf #将puppetmaster.conf配置文件载入 |
7.将puppet源码包中给出的apache的配置文件apache2.conf复制到apache的子配置文件目录中,并重名为puppetmaster.conf
cp /root/puppet-3.2.2/ext/rack/files/apache2.conf /usr/local/apache2/conf/extra/puppetmaster.conf
8.修改puppetmaster.conf文件,如下:
# you probably want to tune these settings PassengerHighPerformance on PassengerMaxPoolSize 12 PassengerPoolIdleTime 1500 PassengerMaxRequests 4000 PassengerStatThrottleRate 120 #RackAutoDetect Off #RailsAutoDetect Off Listen 8140 SSLEngine on SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/puppet-master.cmmobi-wh.com.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet-master.cmmobi-wh.com.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem # If Apache complains about invalid signatures on the CRL, you can try disabling # CRL checking by commenting the next line, but this is not recommended. SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 # The `ExportCertData` option is needed for agent certificate expiration warnings SSLOptions +StdEnvVars +ExportCertData # This header needs to be set if using a loadbalancer or proxy RequestHeader unset X-Forwarded-For RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e DocumentRoot /etc/puppet/rack/public/ RackBaseURI / Options None AllowOverride None Order allow,deny allow from all |
9.创建/etc/puppet/rack/public目录,并将puppet源码包自带的config.ru文件复制到/etc/puppet/rack目录下
mkdir -p /etc/puppet/rack/public
cp /root/puppet-3.2.2/ext/rack/files/config.ru /etc/puppet/rack
cp /usr/lib64/ruby/gems/1.8/gems/passenger-4.0.17/test/stub/rails_apps/1.2/empty/public/* /etc/puppet/rack/public/
注:如果是以puppet用户身份来运行puppet,需要将config.ru的属主和属组改成puppet
10.关闭puppet master,启动apache,并检查监听端口,然后用客户端测试
service puppetmaster stop
service httpd start
netstat -ntlp | grep httpd
linux交流群:22346652。欢迎Linux爱好者加入,一起学习,一起进步。
当前文章:使用apache管理puppet
本文网址:http://scyanting.com/article/jiihhs.html