使用apache管理puppet

發(fā)布時間：2020-06-25 13:35:16 來源：網(wǎng)絡(luò) 閱讀：587 作者：yan_ruo_gu 欄目：編程語言

puppet可以獨立工作，但當(dāng)在一個成百上千臺服務(wù)器的大規(guī)模集群中部署 Puppet 環(huán)境后，各個 Agent 節(jié)點與 Master 之間的同步、檢查、通訊就會成為瓶頸，會頻繁出現(xiàn)連接超時、讀取失敗等錯誤。究其原因，由于 Puppet Master 默認(rèn)使用的 WEBrick 是一個簡單的單進(jìn)程的 WEB SERVER 服務(wù)（類似原始的 CGI），因而在大訪問量、高并發(fā)的情況下就不適用了。所以，要使用性能更好的 Web Server 來提供 Puppet Rails 應(yīng)用。在實際應(yīng)用中，通常將其與apache或者nginx結(jié)合使用，以解決高并發(fā)的問題。

在此，我通過apache借助passenger模塊的方式來實現(xiàn)apache和puppet的整合。

puppet master的安裝方法在此略過。需要puppet master成功啟動過一次，這樣會生成相應(yīng)的證書，方便apache管理。

1.安裝ruby環(huán)境

yum -y install ruby ruby-devel ruby-irb ruby-rdoc ruby-ri ruby-libs ruby-rdoc openssl-devel

2.安裝apache

yum install -y httpd httpd-devel

3.安裝rubygems

wget http://rubyforge.org/frs/download.php/76729/rubygems-1.8.25.tgz

tar xf rubygems-1.8.25.tgz

cd rubygems-1.8.25

ruby setup.rb

4.安裝passenger

gem install passenger

5.創(chuàng)建apache passenger模塊：

passenger-install-apache2-module

6.修改apache主配置文件，按照安裝passenger-install-apache2-module模塊時給出的提示添加如下內(nèi)容：

LoadModule passenger_module /usr/lib64/ruby/gems/1.8/gems/passenger-4.0.17/buildout/apache2/mod_passenger.so

PassengerRoot /usr/lib64/ruby/gems/1.8/gems/passenger-4.0.17

PassengerDefaultRuby /usr/bin/ruby

PassengerHighPerformance on

#PassengerUseGlobalQueue on

PassengerMaxPoolSize 3

PassengerMaxRequests 4000

#關(guān)閉空閑超過1800秒的passenger實例

PassengerPoolIdleTime 1800

Include conf/extra/puppetmaster.conf #將puppetmaster.conf配置文件載入

7.將puppet源碼包中給出的apache的配置文件apache2.conf復(fù)制到apache的子配置文件目錄中，并重名為puppetmaster.conf

cp /root/puppet-3.2.2/ext/rack/files/apache2.conf /usr/local/apache2/conf/extra/puppetmaster.conf

8.修改puppetmaster.conf文件，如下：

# you probably want to tune these settings

PassengerHighPerformance on

PassengerMaxPoolSize 12

PassengerPoolIdleTime 1500

PassengerMaxRequests 4000

PassengerStatThrottleRate 120

#RackAutoDetect Off

#RailsAutoDetect Off

Listen 8140

SSLEngine on

SSLProtocol -ALL +SSLv3 +TLSv1

SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

SSLCertificateFile /var/lib/puppet/ssl/certs/puppet-master.cmmobi-wh.com.pem

SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet-master.cmmobi-wh.com.pem

SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem

SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem

# If Apache complains about invalid signatures on the CRL, you can try disabling

# CRL checking by commenting the next line, but this is not recommended.

SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem

SSLVerifyClient optional

SSLVerifyDepth 1

# The `ExportCertData` option is needed for agent certificate expiration warnings

SSLOptions +StdEnvVars +ExportCertData

# This header needs to be set if using a loadbalancer or proxy

RequestHeader unset X-Forwarded-For

RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e

RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e

RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

DocumentRoot /etc/puppet/rack/public/

RackBaseURI /

Options None

AllowOverride None

Order allow,deny

allow from all

</Directory>

</VirtualHost>

9.創(chuàng)建/etc/puppet/rack/public目錄，并將puppet源碼包自帶的config.ru文件復(fù)制到/etc/puppet/rack目錄下

mkdir -p /etc/puppet/rack/public

cp /root/puppet-3.2.2/ext/rack/files/config.ru /etc/puppet/rack

cp /usr/lib64/ruby/gems/1.8/gems/passenger-4.0.17/test/stub/rails_apps/1.2/empty/public/* /etc/puppet/rack/public/

注：如果是以puppet用戶身份來運行puppet，需要將config.ru的屬主和屬組改成puppet

10.關(guān)閉puppet master,啟動apache，并檢查監(jiān)聽端口，然后用客戶端測試

service puppetmaster stop

service httpd start

netstat -ntlp | grep httpd

linux交流群：22346652。歡迎Linux愛好者加入，一起學(xué)習(xí)，一起進(jìn)步。

向AI問一下細(xì)節(jié)

使用apache管理puppet

猜你喜歡

最新資訊

相關(guān)推薦

相關(guān)標(biāo)簽