puppet负载均衡之nginx+passenger-TNT、运维之路
由于3.x系列已不再支持mongrel,所以就采用nginx+passenger来做负载均衡;之前有发过nginx+mongrel,puppet version是2.7系列的,所以还是可以用的;环境说明:
操作系统:centos 5.8 64位
puppet版本:3.1系列
[*]1,升级ruby至1.8.7,安装rubygems
[*]# rpm -Uvh http://rbel.frameos.org/rbel5
[*]# yum install -y ruby rubygems ruby-devel.x86_64
[*]
[*]2,安装puppet server
[*]# rpm -ivh http://yum.puppetlabs.com/el/5/products/x86_64/puppetlabs-release-5-1.noarch.rpm
[*]# yum install -y puppet puppet-server
[*]
[*]3,安装nginx相关的依赖包
[*]# yum install -y gcc make pcre-devel zlib-devel openssl-devel pam-devel curl-devel rpm-build
[*]
[*]4安装rake, rack and passenger ruby gems
[*]# gem install rake rack passenger --no-rdoc --no-ri
[*]
[*]5,安装nginx
[*]编译参数如下,必须包含passenger模块
[*]# tar -xjf pcre-8.32.tar.bz2 -C /usr/local/src ----pcre自己下载
[*]# tar -xzf nginx-1.2.1.tar.gz -C /usr/local/src----解压nginx
[*]cd /usr/local/src/nginx-1.2.1
[*] ./configure --prefix=$NGINX_PATH --with- http_stub_status_module --with-http_ssl_module --with-pcre=/usr/local/src/pcre-8.32 --add-module=`passenger-config --root`/ext/nginx
[*]# make
[*]# make install
[*]
[*]6,与passenger的结合
[*]# mkdir -p /etc/puppet/rack/public
[*]# cp /usr/share/puppet/ext/rack/files/config.ru /etc/puppet/rack/
[*]# chown -R puppet:puppet /etc/puppet/rack/
[*]# nginx.conf里面具体的内容如下
[*]
[*]
[*]user www www;
[*]
[*]worker_processes1;
[*]
[*]error_log/usr/local/nginx/logs/error.log;
[*]#error_loglogs/error.lognotice;
[*]#error_loglogs/error.loginfo;
[*]
[*]pid /usr/local/nginx/nginx.pid;
[*]
[*]#Specifies the value for maximum file descriptors that can be opened by this process.
[*]worker_rlimit_nofile 65535;
[*]
[*]events {
[*] use epoll;
[*] worker_connections65535;
[*]}
[*]
[*]http {
[*] server_tokens off;
[*] include mime.types;
[*] default_typeapplication/octet-stream;
[*]
[*] log_formatmain'$remote_addr - $remote_user [$time_local] "$request" '
[*] '$status $body_bytes_sent "$http_referer" '
[*] '"$http_user_agent" "$http_x_forwarded_for"';
[*]
[*] #access_loglogs/access.logmain;
[*]
[*] charset utf-8;
[*]
[*] server_names_hash_bucket_size 128;
[*] client_header_buffer_size 32k;
[*] large_client_header_buffers 4 64k;
[*] client_max_body_size 8m;
[*]
[*] tcp_nopush on;
[*] tcp_nodelay on;
[*] keepalive_timeout 60;
[*] fastcgi_intercept_errors on;
[*] fastcgi_connect_timeout 300;
[*] fastcgi_send_timeout 300;
[*] fastcgi_read_timeout 300;
[*] fastcgi_buffer_size 64k;
[*] fastcgi_buffers 4 64k;
[*] fastcgi_busy_buffers_size 128k;
[*] fastcgi_temp_file_write_size 128k;
[*]
[*] open_file_cache max=65535 inactive=10s;
[*] open_file_cache_valid 30s;
[*] open_file_cache_min_uses 1;
[*]
[*] gzip on;
[*] gzip_min_length1k;
[*] gzip_buffers 4 16k;
[*] gzip_http_version 1.0;
[*] gzip_comp_level 2;
[*] gzip_types text/plain application/x-javascript text/css application/xml;
[*] gzip_vary on;
[*]
[*] # Passenger needed for puppet
[*] passenger_root/usr/lib/ruby/gems/1.8/gems/passenger-3.0.19;
[*] passenger_ruby/usr/bin/ruby;
[*] passenger_max_pool_size 15;
[*] index index.html index.htm index.php;
[*]
[*] server {
[*] listen 80;
[*] server_namelocalhost;
[*]
[*] #access_loglogs/host.access.logmain;
[*]
[*] location / {
[*] root html;
[*] indexindex.php index.html index.htm ;
[*] }
[*]
[*] error_page 500 502 503 504/50x.html;
[*] location = /50x.html {
[*] root html;
[*] }
[*]
[*] location ~ \.php$ {
[*] root html;
[*] #fastcgi_pass 127.0.0.1:9000;
[*] fastcgi_pass unix:/dev/shm/php.socket;
[*] fastcgi_indexindex.php;
[*] fastcgi_paramSCRIPT_FILENAME$document_root/$fastcgi_script_name;
[*] include fastcgi_params;
[*] }
[*]
[*] }
[*]
[*] server {
[*] listen 8140 ssl;
[*] server_name client.domain.com;
[*]
[*] passenger_enabled on;
[*] passenger_set_cgi_param HTTP_X_CLIENT_DN $ssl_client_s_dn;
[*] passenger_set_cgi_param HTTP_X_CLIENT_VERIFY $ssl_client_verify;
[*]
[*] access_log /usr/local/nginx/logs/puppet_access.log;
[*] error_log /usr/local/nginx/logs/puppet_error.log;
[*]
[*] root /etc/puppet/rack/public;
[*]
[*] ssl_certificate /var/lib/puppet/ssl/certs/client.domain.com.pem;
[*] ssl_certificate_key /var/lib/puppet/ssl/private_keys/client.domain.com.pem;
[*] ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem;
[*] ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem;
[*] ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA;
[*] ssl_prefer_server_cipherson;
[*] ssl_verify_client optional;
[*] ssl_verify_depth 1;
[*] ssl_session_cache shared:SSL:128m;
[*] ssl_session_timeout 5m;
[*] }
[*]
[*]
[*]}
[*]注意下,我这里puppet server的hostname 是client.domain.com,至于具体的key路径之类的 大家自己按各自的环境自己改
[*]然后调整下puppet.conf
[*]
[*]
[*]
[*]server = client.domain.com
[*]
[*]
[*]certname = client.domain.com
[*]
[*]7,验证
[*]启动nginx
[*]# lsof -i:8140
[*]COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
[*]nginx 20855 root 9uIPv4 421091 0t0TCP *:8140 (LISTEN)
[*]nginx 20856www 9uIPv4 421091 0t0TCP *:8140 (LISTEN)
[*]可以发现8140端口已经起来
[*]# puppet agent --test --server client.domain.com
[*]Info: Retrieving plugin
[*]Info: Caching catalog for client.domain.com
[*]Info: Applying configuration version '1366960369'
[*]Notice: Finished catalog run in 0.16 seconds
[*]发现已能正常使用
[*]# tail /usr/local/nginx/log/puppet_access.log查看nginx日志
[*]192.168.200.220 - - "GET /production/node/client.domain.com? HTTP/1.1" 200 3502 "-" "-"
[*]192.168.200.220 - - "GET /production/file_metadatas/plugins?&links=manage&recurse=true&checksum_type=md5&ignore=---+%0A++-+%22.svn%22%0A++-+CVS%0A++-+%22.git%22 HTTP/1.1" 200 283 "-" "-"
[*]192.168.200.220 - - "POST /production/catalog/client.domain.com HTTP/1.1" 200 1033 "-" "-"
[*]192.168.200.220 - - "PUT /production/report/client.domain.com HTTP/1.1" 200 14 "-" "-"
[*]已经有记录,
[*]
[*]8.调整
[*]如果puppetmaster服务已经做成开机启动,记得关掉
[*]# chkconfig puppetmaster off
[*]# chkconfig nginx on
至此Puppet 负载均衡到此结束,nginx分别与passenger,mongrel的结合都做完了
页:
[1]