Puppet单台架构扩展(nginx/apache + passenger)

系统环境:rhel6.5puppet 3.7.4

                    Master server1.example.com(192.168.88.128)

                    Agent server2.example.com(192.168.88.129)

原理:使用apachenginx代替puppet原生态的Webrick以提升master的吞吐量,master上启webserver以负责监听8140端口并处理客户端的请求、file文件以及验证的客户端请求,将编译部分代理转发到后端的master。极大扩展master能够管理的节点的数量。

Apache+passenger

一.安装apachepassenger

yum install httpd httpd-devel  mod_ssl  gcc gcc-c++ ruby-devel rubygems

安装passenger

gem installrack passenger(安装过程较慢)#rack 用来让webserverpuppet交换请求和相应的一些                                         常用API

passenger-install-apache2-module   #安装apache模版

#有时gem安装失败,基本是网络原因,更换gem仓库

gem sources –-remove https://rubygems.org/

gem sources -a  http://ruby.taobao.org/                    #淘宝的gem镜像源

二.配置apache

[root@server1 rack]# pwd

/usr/share/puppet/ext/rack                                #配置文件模板位置

[root@server1 rack]# passenger-config   --root #passengerroot 目录

/usr/lib/ruby/gems/1.8/gems/passenger-5.0.6

mkdir /etc/puppet/rack/

cd /etc/puppet/rack

cp example-passenger-vhost.conf/etc/httpd/conf.d/passenger.conf

cp config.ru   /etc/puppet/rack/

[root@server1 rack]# ll

-rw-r--r-- 1 puppet puppet 1229 Apr 19 09:21 config.ru

drwxr-xr-x 2 root   root  4096 Apr 19 09:20 public

drwxr-xr-x 2 root   root  4096 Apr 19 09:22 tmp

[root@server1 rack]# cat/etc/httpd/conf.d/passenger.conf

# This Apache 2 virtual host config showshow to use Puppet as a Rack

# application via Passenger. See

#http://docs.puppetlabs.com/guides/passenger.html for more information.

LoadModule passenger_module/usr/lib/ruby/gems/1.8/gems/passenger-5.0.6/buildout/apache2/mod_passenger.so

PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-5.0.6

PassengerDefaultRuby /usr/bin/ruby             # passenger-install-apache2-module提供的模块

 

# You can also use the included config.rufile to run Puppet with other Rack

# servers instead of Passenger.

 

# you probably want to tune these settings

PassengerHighPerformance on

PassengerMaxPoolSize 12

PassengerPoolIdleTime 1500

# PassengerMaxRequests 1000

PassengerStatThrottleRate 120

#RackAutoDetectOff

#RailsAutoDetectOff

 

Listen 8140

 

<VirtualHost *:8140>

       SSLEngine on

       SSLProtocol             ALL -SSLv2-SSLv3

       SSLCipherSuite         EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA

       SSLHonorCipherOrder     on

 

       SSLCertificateFile      /var/lib/puppet/ssl/certs/server1.example.com.pem

       SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/server1.example.com.pem

       SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem

       SSLCACertificateFile    /var/lib/puppet/ssl/ca/ca_crt.pem

       # If Apache complains about invalid signatures on the CRL, you can trydisabling

       # CRL checking by commenting the next line, but this is not recommended.

       SSLCARevocationFile     /var/lib/puppet/ssl/ca/ca_crl.pem

       # Apache 2.4 introduces the SSLCARevocationCheck directive and sets itto none

       # which effectively disables CRL checking; if you are using Apache 2.4+you must

       # specify ‘SSLCARevocationCheck chain‘ to actually use the CRL.

       # SSLCARevocationCheck chain

       SSLVerifyClient optional

       SSLVerifyDepth  1

       # The `ExportCertData` option is needed for agent certificate expirationwarnings

       SSLOptions +StdEnvVars +ExportCertData

 

       # This header needs to be set if using a loadbalancer or proxy

       RequestHeader unset X-Forwarded-For

 

       RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e

       RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e

       RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

 

       DocumentRoot /etc/puppet/rack/public/

       RackBaseURI /

       <Directory /etc/puppet/rack/>

                Options None

                AllowOverride None

                Order allow,deny

                allow from all

       </Directory>

</VirtualHost>

Stop puppetmaster(8140) ;start httpd;

检测:端口;在agent上测试:puppet agent --server=server1.example.com --test

Master日志:

[root@server1 rack]# cat  /etc/httpd/logs/access_log

192.168.88.129 - - [19/Apr/2015:09:45:49+0800] "GET /production/node/server2.example.com?fail_on_404=true&transaction_uuid=9823f7a3-0603-48c4-8c27-613697be985cHTTP/1.1" 200 4437 "-" "-"

192.168.88.129 - - [19/Apr/2015:09:45:51+0800] "GET/production/file_metadatas/pluginfacts?checksum_type=md5&ignore=.svn&ignore=CVS&ignore=.git&recurse=true&links=manageHTTP/1.1" 200283 "-" "-"

192.168.88.129 - - [19/Apr/2015:09:45:51+0800] "GET/production/file_metadatas/plugins?checksum_type=md5&ignore=.svn&ignore=CVS&ignore=.git&recurse=true&links=manageHTTP/1.1" 200 283 "-" "-"

192.168.88.129 - - [19/Apr/2015:09:45:51+0800] "POST /production/catalog/server2.example.com HTTP/1.1" 20040146 "-" "-"

192.168.88.129 - - [19/Apr/2015:09:45:53+0800] "PUT/production/report/server2.example.com HTTP/1.1" 200 8 "-""

查看passenger状态:passenger-status

 


Nginx+passenger

yum install -y gcc gcc-c++ curl-devel zlib-devel openssl-develruby-devel

gem install rack passenger

passenger-install-nginx-module
脚本会自动安装nginx支持,按提示操作,基本就是一路回车。(中间选1自动下载安装,选2为安装本地nginx)

http {

    passenger_root/usr/lib/ruby/gems/1.8/gems/passenger-5.0.6;

    passenger_ruby/usr/bin/ruby;                     #默认已配置好

 

 

 

server {

listen 8140;

server_name server1.example.com;

root /etc/puppet/rack/public;

passenger_enabled on;

#passenger5.0后换成这个命令,之前的是

#passenger_set_cgi_param HTTP_X_CLIENT_DN           $ssl_client_s_dn;

#passenger_set_cgi_param HTTP_X_CLIENT_VERIFY    $ssl_client_verify;

passenger_set_headerX_CLIENT_DN $ssl_client_s_dn;

passenger_set_headerX_CLIENT_VERIFY $ssl_client_verify;

ssl on;

ssl_session_timeout 5m;

ssl_certificate        /var/lib/puppet/ssl/certs/server1.example.com.pem;

ssl_certificate_key    /var/lib/puppet/ssl/private_keys/server1.example.com.pem;

ssl_client_certificate  /var/lib/puppet/ssl/ca/ca_crt.pem;

ssl_crl        /var/lib/puppet/ssl/ca/ca_crl.pem;

ssl_verify_client        optional;

ssl_ciphers     SSLv2:-LOW:-EXPORT:RC4+RSA;

ssl_prefer_server_ciphers       on;

ssl_verify_depth        1;

ssl_session_cache      shared:SSL:128m;

}

 

启动nginx即可;

 

 


郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。