[导读]

关于puppet 的高可用性,以及扩展性puppet pro 书中有详细介绍,本文是参考puppet pro资料进行安装与配置. 为什么要使用Apache来实现,因为puppet 内置的web服务器比较慢,现在主流的有nginx,apache,关于使用nginx来实现puppet 负载均衡可以参阅:puppet nginx,puppet 官文也有相应文档.可供参考: 点我阅读puppet  官方文档:

今天就学习使用Apache和Passenger来扩展puppet ,下一章节会介绍然后实现puppet的高可用性.

[正文]

1.安装Apache 和Passenger
a.安装httpd
#puppet resource package httpd ensure=present
b.安装mod_ssl模块
# puppet resource package mod_ssl ensure=present
c.停止httpd 服务
# puppet resource service httpd ensure=stopped

接下来我们安装rubygem-passenger

a).我先添加passenger的安装源

安装passenger的源
rpm -Uvh http://passenger.stealthymonkeys.com/rhel/5/passenger-release.noarch.rpm

或者直接复制下面的仓库地址
cat /etc/yum.repos.d/passenger.repo
[passenger]
name = Red Hat Enterprise $releasever - Phusion Passenger
baseurl = http://passenger.stealthymonkeys.com/rhel/$releasever/$basearch
mirrorlist = http://passenger.stealthymonkeys.com/rhel/mirrors
#mirrorlist = file:///etc/yum.repos.d/mirrors-passenger
enabled = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-passenger.rhel5
gpgcheck = 1

### Name: Phusion Passenger RPM Repository for Red Hat Enterprise 5 (TESTING)
### URL: http://passenger.stealthymonkeys.com/
[passenger-testing]
name = Red Hat Enterprise $releasever - Phusion Passenger - TEST
baseurl = http://passenger.stealthymonkeys.com/rhel/$releasever/$basearch/testing/
enabled = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-passenger.rhel5
gpgcheck = 0

接下来安装Passenger

# puppet resource package rubygem-passenger ensure=present

使用gem 安装rack,passenger.
# gem install rack
# gem install passenger

安装完成后安装apache passenger的模块.
passenger-install-apache2-module

使用passener-install-apache2-module 后会弹出个框.检查所需要的软件包,如
系统少了软件包,请使用yum -y 来安装.另外请注意上面出现的mod_passerger.so
的路径,后面apache的配置文件里需要.

接下来安装配置apache和passenger.

cat /etc/httpd/conf.d/10_passenger.conf

LoadModule passenger_module /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.11/ext/apache2/mod_passenger.so
PassengerRoot /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.11
PassengerRuby /usr/local/bin/ruby  ## 红色的部分请根据上面的命令生成的结果进行替换
PassengerHighPerformance on
PassengerUseGlobalQueue on
# PassengerMaxPoolSize control number of application instances,
# typically 1.5x the number of processor cores.
PassengerMaxPoolSize 6
# Restart ruby process after handling specific number of request to resolve MRI memory leak.
PassengerMaxRequests 4000
# Shutdown idle Passenger instances after 30 min.
PassengerPoolIdleTime 1800
# End of /etc/httpd/conf.d/10_passenger.conf

接下来我们配置apache虚拟主机,使其监听8140端口,并修改config.ru配置文件
cat /etc/httpd/conf.d/20_puppetmaster.conf
Listen 8140
<VirtualHost *:8140>
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
# Puppet master should generate initial CA certificate.
# ensure certs are located in /var/lib/puppet/ssl
# Change puppet.example.com to the fully qualified domain name of the Puppet master, i.e.
SSLCertificateFile /var/lib/puppet/ssl/certs/puppetmaster1.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppetmaster1.pem
SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
# CRL checking should be enabled
# disable next line if Apache complains about CRL
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
# optional to allow CSR request, required if certificates distributed to client during
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
# The following client headers record authentication information for down stream workers.
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
RackAutoDetect On
DocumentRoot /etc/puppet/rack/puppetmaster/public/
<Directory /etc/puppet/rack/puppetmaster/>
Options None
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>

创建相应的目录.
# mkdir -p /etc/puppet/rack/puppetmaster/{public,tmp}
##复制config.ru到/etc/puppet/rack/puppetmaster/
cp /usr/share/puppet/ext/rack/files/config.ru /etc/puppet/rack/puppetmaster/

##复制pulic目录到/etc/puppet/rack/puppetmaster/,里面有dispatch.cgi,dispatch.fcgi,以及dispatch.rb等文件
cp -rf /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.11/test/stub/rails_apps/1.2/empty/public/* /etc/puppet/rack/puppetmaster/public/

ll /etc/puppet/rack/puppetmaster/public

rw-r-r- 1 apache apache  947 Mar 22 19:16 404.html
-rw-r-r- 1 apache apache  941 Mar 22 19:16 500.html
-rwxr-xr-x 1 apache apache  473 Mar 22 19:16 dispatch.cgi
-rwxr-xr-x 1 apache apache  855 Mar 22 19:16 dispatch.fcgi
-rwxr-xr-x 1 apache apache  474 Mar 22 19:16 dispatch.rb
-rw-r-r- 1 apache apache    0 Mar 22 19:16 favicon.ico
drwxr-xr-x 2 apache apache 4096 Mar 22 19:16 images
-rw-r-r- 1 apache apache   99 Mar 22 19:16 robots.txt

cat /etc/puppet/rack/puppetmaster/config.ru
# a config.ru, for use with every rack-compatible webserver.
$0 = “master”
# if you want debugging:
# ARGV << “-debug”
ARGV << “-rack”
require ‘puppet/application/master’
run Puppet::Application[:master].run
# EOF /etc/puppet/rack/puppetmaster/config.ru

chown puppet:puppet  /etc/puppet/rack/puppetmaster/config.ru ##这个权限必须是puppet

mkdir -p /var/run/puppet
chown puppet:puppet /var/run/puppet
chmod 755 /var/run/puppet

可以通过https://IP:8140来访问,查看是否有错误,

如果出现The environment must be purely alphanumeric,not ”
那是正常的,否则会显示报错信息.

2). /var/log/httpd/access.log 记得把apache用户加入到puppet 组中,否则会报没有权限写这个文件.
3) .开启apache服务,测试是否正常工作
# puppet resource service httpd ensure=running enable=true hasstatus=true

4). 测试puppetmaster是否正常工作
#puppet agent -test -server puppetmaster1

5).可以查看/var/log/httpd/access_log查看相应的日志

192.168.200.64 - - [09/Apr/2012:13:44:55 +0800] “GET /production/catalog/client1.test.com?facts=eNp1V1uTqroSfj%252B%252FImee9i63cgelalUd71dkVERdL1MIQVAgkIAIv34HcWZ0%250AnbWsGYd0d0Kn%252B%252Fu6e5

[puppet apache ]

puppet pro里面写得非常详细,虽然在实际操作过程中出现了一点小问题,后面都顺利解决了.

我们可以使用如下命令来查看passenger的状态

# passenger-status
———- General information ———-
max      = 6
count    = 1
active   = 0
inactive = 1
Waiting on global queue: 0

———- Application groups ———-
/etc/puppet/rack/puppetmaster_18140:
App root: /etc/puppet/rack/puppetmaster_18140
* PID: 2562    Sessions: 0    Processed: 1       Uptime: 24h 31m 27s

查看Apache passenger使用的内存占用,可以使用如下命令来查看:

passenger-memory-stats

———- Apache processes ———-
PID    PPID   VMSize    Private  Name
————————————-
30544  1      187.6 MB  0.5 MB   /usr/sbin/httpd
31627  30544  187.9 MB  0.5 MB   /usr/sbin/httpd
31628  30544  187.8 MB  0.4 MB   /usr/sbin/httpd
31629  30544  187.8 MB  0.3 MB   /usr/sbin/httpd
31630  30544  187.8 MB  0.3 MB   /usr/sbin/httpd
31631  30544  187.8 MB  0.3 MB   /usr/sbin/httpd
31638  30544  187.8 MB  0.3 MB   /usr/sbin/httpd
31639  30544  187.8 MB  0.3 MB   /usr/sbin/httpd
31640  30544  187.8 MB  0.3 MB   /usr/sbin/httpd
### Processes: 9
### Total private dirty RSS: 3.00 MB

——- Nginx processes ——-

### Processes: 0
### Total private dirty RSS: 0.00 MB

—- Passenger processes —-
PID    VMSize    Private  Name
——————————-
2562   121.0 MB  33.7 MB  Rack: /etc/puppet/rack/puppetmaster_18140
31601  16.5 MB   0.2 MB   PassengerWatchdog
31604  27.2 MB   0.3 MB   PassengerHelperAgent
31606  39.2 MB   5.5 MB   Passenger spawn server
31610  50.3 MB   0.5 MB   PassengerLoggingAgent
### Processes: 5
### Total private dirty RSS: 40.26 MB

更多可以参阅:puppet pro以及官方文档,下一章节将会介绍使用Apache来实现多puppetmaster的Load-Balancing.

情提示,本文已同步更新至puppet 中文社区, http://www.puppetfans.com/thread-150-1-1.html,欢迎大家前往讨论

puppet 技术,以及使用puppet 的管理心得.也希望大家参与和我一起探讨使用Apache和Passenger心得.

建议继续学习：

1. Cacti 添加 Apache 监控    (阅读：7552)
2. 自动化运维之企业实际案例分析    (阅读：3728)
3. puppet使用rsync来同步文件教程    (阅读：3237)
4. DevOps之Puppet    (阅读：2914)
5. 如何有效运行puppet cron任务以及如何触发运行puppet    (阅读：2921)
6. puppet vagrant 管理VirtualBox 虚拟机    (阅读：2669)
7. puppet运维之使用自定义函数    (阅读：2579)
8. Apache用户认证方法汇总    (阅读：2579)
9. 从LinkedIn，Apache Kafka到Unix哲学    (阅读：2596)
10. puppet extlookup 和puppet hiera使用    (阅读：2188)