关于puppet的扩展APACHE2 + PASSENGER
前言:本篇博客参考了<puppet实战>这本书,测试环境为OpenSuSe13.2+ruby2.1+Apache2.4+Puppet3.7.1 master,Puppet agent为2.7的版本
在领略了puppet种种神奇后,由于puppet通过catalog来更新内容,期间还可能下载插件,下载file,同步file的内容等,这必然要消耗掉master的诸多性能,在获取的过程中master和agent说白了是https的通信,agent通过ruby内置的Webrick服务器获得catalog,而现在流行的webserver肯定对于静态内容效率与效果要更好,于是对master的扩展的一种方式演变为webserver的升级
1 准备工作
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
zypper in ruby apache2libcurllibcurl-devel apr apr-devel apache2-devel(yum -y install ruby httpd ...)
gem install rack passenger rails
passenger-install-apache2-module.ruby2.1
...提示...
如果这里提示你什么包头文件没装,请不要进行下一步,自己去尝试安装devel
cat /etc/apache2/vhost.d/liuliancao.com.conf
LoadModule passenger_module /usr/lib64/ruby/gems/2.1.0/gems/passenger-5.0.22/buildout/apache2/mod_passenger.so
PassengerRoot /usr/lib64/ruby/gems/2.1.0/gems/passenger-5.0.22
PassengerDefaultRuby /usr/bin/ruby.ruby2.1
# And the passenger performance tuning settings:
PassengerHighPerformance On
# now it is on
# PassengerUseGlobalQueueOn
# Set this to about 1.5 times the number of CPU cores in your master:
PassengerMaxPoolSize 3
# Recycle master processes after they service 1000 requests
PassengerMaxRequests 1000
# Stopprocesses if they sit idle for 10 minutes
PassengerPoolIdleTime 600
Listen 8140
<VirtualHost *:8140>
SSLEngine On
# Only allow high security cryptography, ALter if needed for compatibility
SSLProtocol ALL -SSLv2
SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP
SSLCertificateFile /var/lib/puppet/ssl/certs/puppet-master.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet-master.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile/var/lib/puppet/ssl/ca/ca_crt.pem
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyCLient optional
SSLVerifyDepth1
SSLOptions +StdEnvVars+ExportCertData
# These request headers are used to pass the client certificates
# authentication infomation on to the puppet master process
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
#RackAutoDetect On
DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
<Directory /usr/share/puppet/rack/puppetmasterd/>
Options None
AllowOverride None
Order Allow,Deny
Allow from All
</Directory>
</VirtualHost>
检查语法错误,下面错误不是重点就不管了
httpd2 -t
AH00558: httpd2: Could not reliably determine the server's fully qualified domain name, using 172.16.236.1. Set the 'ServerName' directive globally to suppress this message
Syntax OK
systemctl start apache2
netstat -tnlp|grep 8140
tcp 0 0 :::8140 :::* LISTEN 11371/httpd2-prefor
这是apache端已经配置好,还要启动master才行,否则会报500的错误
1
puppet master start
回到我们的agent端进行测试
1
2
3
4
5
puppet agent --server puppet-master --test --noop
...
notice: Class: Would have triggered 'refresh' from 9 events
notice: Stage: Would have triggered 'refresh' from 1 events
notice: Finished catalog run in 13.62 seconds
查看master日志的情况
1
2
3
4
tail /var/log/apache2/access_log
172.16.236.101 - - "POST /production/catalog/puppet-agent HTTP/1.1" 200 11044 "-" "-"
172.16.236.101 - - "GET /production/file_metadata/modules/user/file_from_module?links=manage HTTP/1.1" 200 303 "-" "-"
172.16.236.101 - - "PUT /production/report/puppet-agent HTTP/1.1" 200 9 "-" "-"
就实现了nginx辅助进行catalog的传递这个过程
页:
[1]