Puppet单台架构扩展(nginx/apache + passenger)

系统环境:rhel6.5,puppet 3.7.4

Master server1.example.com(192.168.88.128)

Agent server2.example.com(192.168.88.129)

原理:使用apache或nginx代替puppet原生态的Webrick以提升master的吞吐量,在master上启webserver以负责监听8140端口并处理客户端的请求、file文件以及验证的客户端请求,将编译部分代理转发到后端的master。极大扩展master能够管理的节点的数量。

Apache+passenger;

一.安装apache和passenger:

yum install httpd httpd-devel  mod_ssl  gcc gcc-c++ ruby-devel rubygems

安装passenger

gem installrack passenger(安装过程较慢)#rack 用来让webserver和puppet交换请求和相应的一些                                         常用API

passenger-install-apache2-module   #安装apache模版

#有时gem安装失败,基本是网络原因,更换gem仓库

gem sources –-remove https://rubygems.org/

gem sources -a  http://ruby.taobao.org/                    #淘宝的gem镜像源

二.配置apache

[[email protected] rack]# pwd

/usr/share/puppet/ext/rack                                #配置文件模板位置

[[email protected] rack]# passenger-config   --root #passengerroot 目录

/usr/lib/ruby/gems/1.8/gems/passenger-5.0.6

mkdir /etc/puppet/rack/

cd /etc/puppet/rack

cp example-passenger-vhost.conf/etc/httpd/conf.d/passenger.conf

cp config.ru   /etc/puppet/rack/

[[email protected] rack]# ll

-rw-r--r-- 1 puppet puppet 1229 Apr 19 09:21 config.ru

drwxr-xr-x 2 root   root  4096 Apr 19 09:20 public

drwxr-xr-x 2 root   root  4096 Apr 19 09:22 tmp

[[email protected] rack]# cat/etc/httpd/conf.d/passenger.conf

# This Apache 2 virtual host config showshow to use Puppet as a Rack

# application via Passenger. See

#http://docs.puppetlabs.com/guides/passenger.html for more information.

LoadModule passenger_module/usr/lib/ruby/gems/1.8/gems/passenger-5.0.6/buildout/apache2/mod_passenger.so

PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-5.0.6

PassengerDefaultRuby /usr/bin/ruby             # passenger-install-apache2-module提供的模块

# You can also use the included config.rufile to run Puppet with other Rack

# servers instead of Passenger.

# you probably want to tune these settings

PassengerHighPerformance on

PassengerMaxPoolSize 12

PassengerPoolIdleTime 1500

# PassengerMaxRequests 1000

PassengerStatThrottleRate 120

#RackAutoDetectOff

#RailsAutoDetectOff

Listen 8140

<VirtualHost *:8140>

SSLEngine on

SSLProtocol             ALL -SSLv2-SSLv3

SSLCipherSuite         EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA

SSLHonorCipherOrder     on

SSLCertificateFile      /var/lib/puppet/ssl/certs/server1.example.com.pem

SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/server1.example.com.pem

SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem

SSLCACertificateFile    /var/lib/puppet/ssl/ca/ca_crt.pem

# If Apache complains about invalid signatures on the CRL, you can trydisabling

# CRL checking by commenting the next line, but this is not recommended.

SSLCARevocationFile     /var/lib/puppet/ssl/ca/ca_crl.pem

# Apache 2.4 introduces the SSLCARevocationCheck directive and sets itto none

# which effectively disables CRL checking; if you are using Apache 2.4+you must

# specify ‘SSLCARevocationCheck chain‘ to actually use the CRL.

# SSLCARevocationCheck chain

SSLVerifyClient optional

SSLVerifyDepth  1

# The `ExportCertData` option is needed for agent certificate expirationwarnings

SSLOptions +StdEnvVars +ExportCertData

# This header needs to be set if using a loadbalancer or proxy

RequestHeader unset X-Forwarded-For

RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e

RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e

RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

DocumentRoot /etc/puppet/rack/public/

RackBaseURI /

<Directory /etc/puppet/rack/>

Options None

AllowOverride None

Order allow,deny

allow from all

</Directory>

</VirtualHost>

Stop puppetmaster(8140) ;start httpd;

检测:端口;在agent上测试:puppet agent --server=server1.example.com --test

Master日志:

[[email protected] rack]# cat  /etc/httpd/logs/access_log

192.168.88.129 - - [19/Apr/2015:09:45:49+0800] "GET /production/node/server2.example.com?fail_on_404=true&transaction_uuid=9823f7a3-0603-48c4-8c27-613697be985cHTTP/1.1" 200 4437 "-" "-"

192.168.88.129 - - [19/Apr/2015:09:45:51+0800] "GET/production/file_metadatas/pluginfacts?checksum_type=md5&ignore=.svn&ignore=CVS&ignore=.git&recurse=true&links=manageHTTP/1.1" 200283 "-" "-"

192.168.88.129 - - [19/Apr/2015:09:45:51+0800] "GET/production/file_metadatas/plugins?checksum_type=md5&ignore=.svn&ignore=CVS&ignore=.git&recurse=true&links=manageHTTP/1.1" 200 283 "-" "-"

192.168.88.129 - - [19/Apr/2015:09:45:51+0800] "POST /production/catalog/server2.example.com HTTP/1.1" 20040146 "-" "-"

192.168.88.129 - - [19/Apr/2015:09:45:53+0800] "PUT/production/report/server2.example.com HTTP/1.1" 200 8 "-""

查看passenger状态:passenger-status

Nginx+passenger

yum install -y gcc gcc-c++ curl-devel zlib-devel openssl-develruby-devel

gem install rack passenger

passenger-install-nginx-module
脚本会自动安装nginx支持,按提示操作,基本就是一路回车。(中间选1自动下载安装,选2为安装本地nginx包)

http {

passenger_root/usr/lib/ruby/gems/1.8/gems/passenger-5.0.6;

passenger_ruby/usr/bin/ruby;                     #默认已配置好

server {

listen 8140;

server_name server1.example.com;

root /etc/puppet/rack/public;

passenger_enabled on;

#passenger5.0后换成这个命令,之前的是

#passenger_set_cgi_param HTTP_X_CLIENT_DN           $ssl_client_s_dn;

#passenger_set_cgi_param HTTP_X_CLIENT_VERIFY    $ssl_client_verify;

passenger_set_headerX_CLIENT_DN $ssl_client_s_dn;

passenger_set_headerX_CLIENT_VERIFY $ssl_client_verify;

ssl on;

ssl_session_timeout 5m;

ssl_certificate        /var/lib/puppet/ssl/certs/server1.example.com.pem;

ssl_certificate_key    /var/lib/puppet/ssl/private_keys/server1.example.com.pem;

ssl_client_certificate  /var/lib/puppet/ssl/ca/ca_crt.pem;

ssl_crl        /var/lib/puppet/ssl/ca/ca_crl.pem;

ssl_verify_client        optional;

ssl_ciphers     SSLv2:-LOW:-EXPORT:RC4+RSA;

ssl_prefer_server_ciphers       on;

ssl_verify_depth        1;

ssl_session_cache      shared:SSL:128m;

}

启动nginx即可;

时间: 2024-10-07 02:41:56

Puppet单台架构扩展(nginx/apache + passenger)的相关文章

Puppet apache + passenger模式扩展

puppet使用SSL(https)协议来进行通讯,默认情况下,puppet server端使用基于Ruby的WEBRick HTTP服务器.由于WEBRick HTTP服务器在处理agent端的性能方面并不是很强劲,因此需要扩展puppet,搭建Apache或者其他web服务器来处理客户的https请求. Passenger是一个将Ruby程序嵌入执行的apache的一个模块,它可以让你运行Rails,即Rack应用内的一个Web服务器.能够自动增减集群进程的数量.能提高性能并增加Master

Puppet扩展(一):纵向扩展Apache+Passenger

1.功能说明 puppet默认使用基于Ruby的WEBRickHTTP来处理HTTPS请求, 单个服务器使用Apache+Passenger替换掉WEBRickHTTP, Passenger是用于将Ruby程序进行嵌入执行的Apache模块, 在安装前,首先至少要执行一次service puppetmaster start,生成本地证书 官方配置指南:https://docs.puppetlabs.com/guides/passenger.html 2.安装apache [[email prot

单台主机nginx+tomcat+mencached部署测试

单台主机部署 亦可分布式部署 改动配置ip即可 多个tomcat要一起协同工作有几种办法,可以考虑的方案有以下几个:1. 使用tomcat自带的cluster方式,多个tomcat间自动实时复制session信息,配置起来很简单.但这个方案的效率比较低,在大并发下表现并不好.2. 利用nginx的基于访问ip的hash路由策略,保证访问的ip始终被路由到同一个tomcat上,这个配置更简单.但如果应用是某一个局域网大量用户同时登录,这样负载均衡就没什么作用了.3. 利用memcached把多个t

(apache+tomcat集群+memcached番外篇)单台tomcat的session信息的2种持久化方式

为什么要实现搭建tomcat集群环境呢?主要因为单个tomcat无论从吞吐量和并发数上,会达到一定的极限.如果访问量超过单个tomcat的承受能力的话,tomcat一般要么拒绝提供服务,要么直接宕掉.所以,必须要依靠tomcat集群技术.举个最简单的例子,拿"送快件"比喻,如果一个人,5分钟送一件,一小时之内,送10个,一个人完全能胜任这项工作.假设现在到了双十一,要求1小时,送100个, 那怎么办?只能安排更多的人加入"送快件"这项工作中来.这其实和集群一个道理.

Centos7单台服务器搭建FastDFS+Nginx

Fastdfs+Nginx配置操作 单台配置 安装包下载: wget https://github.com/happyfish100/libfastcommon/archive/V1.0.7.tar.gz wget http://jaist.dl.sourceforge.net/project/fastdfs/FastDFS%20Nginx%20Module%20Source%20Code/fastdfs-nginx-module_v1.16.tar.gz wget https://github

LNAMP(Linux+Nginx+Apache+Mysql+PHP)高性能架构配置实战版

LNAMP(Linux+Nginx+Apache+Mysql+PHP)架构受到很多IT企业的青睐,取代了原来认为很好的LNMP(Linux+Nginx+Mysql+PHP)架构. 那我们说LNAMP到底有什么优点呢,还得从Nginx和apache的优缺点说起. 1)Nginx处理静态文件能力很强 2)Apache处理动态文件很强而且很稳定,把二者综合在一块,性能提升很多倍. 可能很多Linux SA在从事LNMP运维中,会发现PHP(FastCGI)模式会出现一些502错误的现象,这是因为Ngi

CentOS6.5源码搭建LAMP--基于module方式实现php(单台机器)

源码搭建LAMP 软件包下载源: 搜狐镜像源:http://mirrors.sohu.com/ apache下载网:http://mirror.bit.edu.cn/apache/ pcre官网:http://www.pcre.org/ apr官网:http://apr.apache.org/ apache官网:http://httpd.apache.org/ mysql官网:https://www.mysql.com/ php官网:http://php.net/ freetds:http://

nginx+apache+php+mysql服务器集群搭建

nginx+apache+php+mysql服务器集群搭建 由于需要搭建了一个基本的服务器集群.具体的配置方案先不说了,到有时间的时候再介绍.下面介绍下整个方案的优点. 我总共准备了四台阿里云的主机,架设分别是A,B1,B2,C,A在集群的最前面,B1和B2在A的后面,C在最后面.A主要用的nginx,用nginx做反向代理的功能实在是强大.nginx把来自80的http请求都转发到B1和B2上,B1和B2主要是两台apache,用于php解析.B1和B2来连接C上的mysql.A上的nginx

使用Apache+Passenger部署高性能PuppetMaster

前言: 最近在服务器系统上安装了最新的Puppet客户端,发现跟老版本的PuppetMaster做同步时出现了一些问题,警告类的信息很好解决,注释掉配置文件templatedir该行即可,后来又对PuppetMaster做了次升级,直接升为最新的3.6.1,随后发现PuppetMaster默认安装的WEBrick的web服务器性能较低且最新版本3.6.1存在bug以至于无法同时接受多台Agent客户端请求,因此使用Apache+Passenger方案替代原WEBrick,提高并发性能,同时解决b