使用Apache 和Passenger来运行puppetmaster
[导读]
关于puppet 的高可用性,以及扩展性puppet pro 书中有详细介绍,本文是参考puppet pro资料进行安装与配置. 为什么要使用Apache来实现,因为puppet 内置的web服务器比较慢,现在主流的有nginx,apache,关于使用nginx来实现puppet 负载均衡可以参阅:puppet nginx,puppet 官文也有相应文档.可供参考: 点我阅读puppet 官方文档:
今天就学习使用Apache和Passenger来扩展puppet ,下一章节会介绍然后实现puppet的高可用性.
[正文]
1.安装Apache 和Passenger
a.安装httpd
#puppet resource package httpd ensure=present
b.安装mod_ssl模块
# puppet resource package mod_ssl ensure=present
c.停止httpd 服务
# puppet resource service httpd ensure=stopped
接下来我们安装rubygem-passenger
a).我先添加passenger的安装源
安装passenger的源
rpm -Uvh http://passenger.stealthymonkeys.com/rhel/5/passenger-release.noarch.rpm
或者直接复制下面的仓库地址
cat /etc/yum.repos.d/passenger.repo
[passenger]
name = Red Hat Enterprise $releasever - Phusion Passenger
baseurl = http://passenger.stealthymonkeys.com/rhel/$releasever/$basearch
mirrorlist = http://passenger.stealthymonkeys.com/rhel/mirrors
#mirrorlist = file:///etc/yum.repos.d/mirrors-passenger
enabled = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-passenger.rhel5
gpgcheck = 1
### Name: Phusion Passenger RPM Repository for Red Hat Enterprise 5 (TESTING)
### URL: http://passenger.stealthymonkeys.com/
[passenger-testing]
name = Red Hat Enterprise $releasever - Phusion Passenger - TEST
baseurl = http://passenger.stealthymonkeys.com/rhel/$releasever/$basearch/testing/
enabled = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-passenger.rhel5
gpgcheck = 0
接下来安装Passenger
# puppet resource package rubygem-passenger ensure=present
使用gem 安装rack,passenger.
# gem install rack
# gem install passenger
安装完成后安装apache passenger的模块.
passenger-install-apache2-module
使用passener-install-apache2-module 后会弹出个框.检查所需要的软件包,如
系统少了软件包,请使用yum -y 来安装.另外请注意上面出现的mod_passerger.so
的路径,后面apache的配置文件里需要.
接下来安装配置apache和passenger.
cat /etc/httpd/conf.d/10_passenger.conf
LoadModule passenger_module /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.11/ext/apache2/mod_passenger.so
PassengerRoot /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.11
PassengerRuby /usr/local/bin/ruby ## 红色的部分请根据上面的命令生成的结果进行替换
PassengerHighPerformance on
PassengerUseGlobalQueue on
# PassengerMaxPoolSize control number of application instances,
# typically 1.5x the number of processor cores.
PassengerMaxPoolSize 6
# Restart ruby process after handling specific number of request to resolve MRI memory leak.
PassengerMaxRequests 4000
# Shutdown idle Passenger instances after 30 min.
PassengerPoolIdleTime 1800
# End of /etc/httpd/conf.d/10_passenger.conf
接下来我们配置apache虚拟主机,使其监听8140端口,并修改config.ru配置文件
cat /etc/httpd/conf.d/20_puppetmaster.conf
Listen 8140
<VirtualHost *:8140>
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
# Puppet master should generate initial CA certificate.
# ensure certs are located in /var/lib/puppet/ssl
# Change puppet.example.com to the fully qualified domain name of the Puppet master, i.e.
SSLCertificateFile /var/lib/puppet/ssl/certs/puppetmaster1.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppetmaster1.pem
SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
# CRL checking should be enabled
# disable next line if Apache complains about CRL
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
# optional to allow CSR request, required if certificates distributed to client during
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
# The following client headers record authentication information for down stream workers.
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
RackAutoDetect On
DocumentRoot /etc/puppet/rack/puppetmaster/public/
<Directory /etc/puppet/rack/puppetmaster/>
Options None
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>
创建相应的目录.
# mkdir -p /etc/puppet/rack/puppetmaster/{public,tmp}
##复制config.ru到/etc/puppet/rack/puppetmaster/
cp /usr/share/puppet/ext/rack/files/config.ru /etc/puppet/rack/puppetmaster/
##复制pulic目录到/etc/puppet/rack/puppetmaster/,里面有dispatch.cgi,dispatch.fcgi,以及dispatch.rb等文件
cp -rf /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.11/test/stub/rails_apps/1.2/empty/public/* /etc/puppet/rack/puppetmaster/public/
ll /etc/puppet/rack/puppetmaster/public
rw-r-r- 1 apache apache 947 Mar 22 19:16 404.html
-rw-r-r- 1 apache apache 941 Mar 22 19:16 500.html
-rwxr-xr-x 1 apache apache 473 Mar 22 19:16 dispatch.cgi
-rwxr-xr-x 1 apache apache 855 Mar 22 19:16 dispatch.fcgi
-rwxr-xr-x 1 apache apache 474 Mar 22 19:16 dispatch.rb
-rw-r-r- 1 apache apache 0 Mar 22 19:16 favicon.ico
drwxr-xr-x 2 apache apache 4096 Mar 22 19:16 images
-rw-r-r- 1 apache apache 99 Mar 22 19:16 robots.txt
cat /etc/puppet/rack/puppetmaster/config.ru
# a config.ru, for use with every rack-compatible webserver.
$0 = “master”
# if you want debugging:
# ARGV << “-debug”
ARGV << “-rack”
require ‘puppet/application/master’
run Puppet::Application[:master].run
# EOF /etc/puppet/rack/puppetmaster/config.ru
chown puppet:puppet /etc/puppet/rack/puppetmaster/config.ru ##这个权限必须是puppet
mkdir -p /var/run/puppet
chown puppet:puppet /var/run/puppet
chmod 755 /var/run/puppet
可以通过https://IP:8140来访问,查看是否有错误,
如果出现The environment must be purely alphanumeric,not ”
那是正常的,否则会显示报错信息.
2). /var/log/httpd/access.log 记得把apache用户加入到puppet 组中,否则会报没有权限写这个文件.
3) .开启apache服务,测试是否正常工作
# puppet resource service httpd ensure=running enable=true hasstatus=true
4). 测试puppetmaster是否正常工作
#puppet agent -test -server puppetmaster1
5).可以查看/var/log/httpd/access_log查看相应的日志
192.168.200.64 - - [09/Apr/2012:13:44:55 +0800] “GET /production/catalog/client1.test.com?facts=eNp1V1uTqroSfj%252B%252FImee9i63cgelalUd71dkVERdL1MIQVAgkIAIv34HcWZ0%250AnbWsGYd0d0Kn%252B%252Fu6e5
[puppet apache ]
puppet pro里面写得非常详细,虽然在实际操作过程中出现了一点小问题,后面都顺利解决了.
我们可以使用如下命令来查看passenger的状态
# passenger-status
———- General information ———-
max = 6
count = 1
active = 0
inactive = 1
Waiting on global queue: 0
———- Application groups ———-
/etc/puppet/rack/puppetmaster_18140:
App root: /etc/puppet/rack/puppetmaster_18140
* PID: 2562 Sessions: 0 Processed: 1 Uptime: 24h 31m 27s
查看Apache passenger使用的内存占用,可以使用如下命令来查看:
passenger-memory-stats
———- Apache processes ———-
PID PPID VMSize Private Name
————————————-
30544 1 187.6 MB 0.5 MB /usr/sbin/httpd
31627 30544 187.9 MB 0.5 MB /usr/sbin/httpd
31628 30544 187.8 MB 0.4 MB /usr/sbin/httpd
31629 30544 187.8 MB 0.3 MB /usr/sbin/httpd
31630 30544 187.8 MB 0.3 MB /usr/sbin/httpd
31631 30544 187.8 MB 0.3 MB /usr/sbin/httpd
31638 30544 187.8 MB 0.3 MB /usr/sbin/httpd
31639 30544 187.8 MB 0.3 MB /usr/sbin/httpd
31640 30544 187.8 MB 0.3 MB /usr/sbin/httpd
### Processes: 9
### Total private dirty RSS: 3.00 MB
——- Nginx processes ——-
### Processes: 0
### Total private dirty RSS: 0.00 MB
—- Passenger processes —-
PID VMSize Private Name
——————————-
2562 121.0 MB 33.7 MB Rack: /etc/puppet/rack/puppetmaster_18140
31601 16.5 MB 0.2 MB PassengerWatchdog
31604 27.2 MB 0.3 MB PassengerHelperAgent
31606 39.2 MB 5.5 MB Passenger spawn server
31610 50.3 MB 0.5 MB PassengerLoggingAgent
### Processes: 5
### Total private dirty RSS: 40.26 MB
更多可以参阅:puppet pro以及官方文档,下一章节将会介绍使用Apache来实现多puppetmaster的Load-Balancing.
情提示,本文已同步更新至puppet 中文社区, http://www.puppetfans.com/thread-150-1-1.html,欢迎大家前往讨论
puppet 技术,以及使用puppet 的管理心得.也希望大家参与和我一起探讨使用Apache和Passenger心得.
建议继续学习:
- Cacti 添加 Apache 监控 (阅读:7582)
- 自动化运维之企业实际案例分析 (阅读:3750)
- puppet使用rsync来同步文件教程 (阅读:3255)
- DevOps之Puppet (阅读:2932)
- 如何有效运行puppet cron任务以及如何触发运行puppet (阅读:2947)
- puppet vagrant 管理VirtualBox 虚拟机 (阅读:2689)
- puppet运维之使用自定义函数 (阅读:2600)
- Apache用户认证方法汇总 (阅读:2626)
- 从LinkedIn,Apache Kafka到Unix哲学 (阅读:2682)
- puppet extlookup 和puppet hiera使用 (阅读:2208)
扫一扫订阅我的微信号:IT技术博客大学习
- 作者:sky 来源: MySQLOPS 数据库与运维自动化技术分享
- 标签: Apache Passenger puppet puppetmaster
- 发布时间:2012-05-04 00:23:12
- [52] IOS安全–浅谈关于IOS加固的几种方法
- [51] android 开发入门
- [50] 如何拿下简短的域名
- [49] Oracle MTS模式下 进程地址与会话信
- [48] 图书馆的世界纪录
- [47] 【社会化设计】自我(self)部分――欢迎区
- [46] Go Reflect 性能
- [43] 读书笔记-壹百度:百度十年千倍的29条法则
- [37] 视觉调整-设计师 vs. 逻辑
- [35] 程序员技术练级攻略