puppet负载均衡之nginx+mongrel-TNT、运维之路

超酷小 · 发表于 2018-8-3 08:18:26

yum install -y rubygem-mongrel
echo -e "PUPPETMASTER_PORTS=( 18140 18141 18142 18143 18144 )\nPUPPETMASTER_EXTRA_OPTS=\"—servertype=mongrel --ssl_client_header=HTTP_X_SSL_SUBJECT\"" > /etc/sysconfig/puppetmaster
useradd www
groupadd www
CORE_NUM=`cat /proc/cpuinfo | grep "model name" | wc -l`
cd $path
tar -zxvf pcre-8.10.tar.gz
cd pcre-8.10/
make clean
./configure --disable-shared --with-pic
make && make install
cd ../
tar -zxvf nginx-1.2.1.tar.gz
cd ./nginx-1.2.1/
./configure --prefix=$path_nginx --with-http_stub_status_module --with-http_ssl_module
make && make install
touch $path_nginx/html/index.php
process () {
ZERO=`for((i=1;i<=$CORE_NUM;i++));do echo -n "0";done;`
for (( i = $CORE_NUM; i > o; i-- )); do
echo -n ${ZERO:0:$i-1}"1"${ZERO:$i}" "
done
}
sed -i "s/worker_processes.*/worker_processes $CORE_NUM;\nworker_cpu_affinity $(process);/" $path_nginx/conf/nginx.conf
sed -i "s/#user.*/user www www;/" $path_nginx/conf/nginx.conf
sed -i "s/index.html index.htm;/index.php &/" $path_nginx/conf/nginx.conf
sed -i "47 a#\nlocation ~ \\\.php$ {\nfastcgi_pass 127.0.0.1:9000;\nfastcgi_index index.php;\nfastcgi_param SCRIPT_FILENAME /usr/local/nginx/html/\$fastcgi_script_name;\ninclude fastcgi_params;\ninclude fastcgi.conf;}#" $path_nginx/conf/nginx.conf
######隐藏版本号##########################
sed -i "s/^http {/&\n server_tokens off;/" $path_nginx/conf/nginx.conf
###################################nginx自启动########################################
#sed -i "s#^path_nginx=.*#path_nginx=$path_nginx#" $path/nginxd
cp $path/nginxd /etc/init.d/
mv $path_nginx/conf/nginx.conf $path_nginx/conf/nginx.conf.bak
mv $path/nginx.conf $path_nginx/conf
chmod 755 /etc/init.d/nginxd
chkconfig --add nginxd
chkconfig nginxd on
kill -9 `/usr/sbin/lsof -i:8140 | grep 8140 |awk '{print $2}'`
echo "############################################"
echo " status "
service nginxd start
service puppetmaster start

　　

　　注意下：nginx.conf里面的内容如下，请大家按照的自己的环境修改一下：
　　

user www www;
worker_processes 1;
worker_cpu_affinity 1 ;
error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
pid /usr/local/nginx/nginx.pid;
events {
worker_connections 1024;
}
http {
server_tokens off;
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
upstream puppetmaster {
server 127.0.0.1:18140;
server 127.0.0.1:18141;
server 127.0.0.1:18142;
server 127.0.0.1:18143;
server 127.0.0.1:18144;
}
#gzip on;
server {
listen 8140;
root /etc/puppet;
access_log /usr/local/nginx/logs/puppet_access.log;
error_log /usr/local/nginx/logs/puppet_error.log;
ssl on;
ssl_session_timeout 5m;
#如下为Puppetmaster服务器端证书地址
ssl_certificate /var/lib/puppet/ssl/certs/server.domain.com.pem;
ssl_certificate_key /var/lib/puppet/ssl/private_keys/server.domain.com.pem;
ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem;
ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem;
ssl_verify_client optional;
# File sections
location /production/file_content/files/ {
types { }
default_type application/x-raw;
#主要用于推送文件，定义files别名路径
alias /etc/puppet/files/;
}
# Modules files sections
location ~ /production/file_content/modules/.+/ {
root /etc/puppet/modules;
types { }
default_type application/x-raw;
#rewrite ^/production/file_content/modules/(.+)/(.+)$ /$1/files/$2 break;
rewrite ^/production/file_content/modules/([^/]+)/(.+)$ /$1/files/$2 break;
}
location / {
#设置跳转到puppetmaster负载均衡
proxy_pass http://puppetmaster;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify $ssl_client_verify;
proxy_set_header X-SSL-Subject $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
proxy_buffer_size 10m;
proxy_buffers 1024 10m;
proxy_busy_buffers_size 10m;
proxy_temp_file_write_size 10m;
proxy_read_timeout 120;
}
}
}

　　

　　另外说明下脚本里面的nginxd，是指nginx的启动脚本，内容如下：
　　

#!/bin/sh
#
# nginx - this script starts and stops the nginx daemin
#
# chkconfig: - 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /usr/local/nginx/conf/nginx.conf
# pidfile: /usr/local/nginx/logs/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
nginx="/usr/local/nginx/sbin/nginx"
prog=$(basename $nginx)
NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"
lockfile=/var/lock/subsys/nginx
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
configtest || return $?
stop
start
}
reload() {
configtest || return $?
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac

　　

　　这样大概的系列脚本就结束了；
　　对于Puppet，其实还可以结合下func来使用；具体的安装过程可以找一下老广的博客；
　　另外最近刚知道有个自动化部署的工具，叫salt,最近测试了一下感觉还不错，所以决定继续深入学习;关于salt的安装过程已经放出，有兴趣的可以一起学习下。
　　OVER！！！！

账号		自动登录	找回密码
密码			立即注册

VMware vcenter+vSphere 6.5 U2共享

【跟谁学】韩宇极简英语课-技术人员不得不

用Zabbix通过JMX方式监控weblogic

winhex数据恢复教程（非常巨大，内容丰富）

Symantec Backup Exec 2015 2016/2012 BE20

NetScaler VPX部署之：NetScaler Gateway调

zabbix3.4.1安装部署+微信推送信息+大屏显

[经验分享] puppet负载均衡之nginx+mongrel-TNT、运维之路

扫码加入运维网微信交流群