前言:
最近在服务器系统上安装了最新的Puppet客户端,发现跟老版本的PuppetMaster做同步时出现了一些问题,警告类的信息很好解决,注释掉配置文件templatedir该行即可,后来又对PuppetMaster做了次升级,直接升为最新的3.6.1,随后发现PuppetMaster默认安装的WEBrick的web服务器性能较低且最新版本3.6.1存在bug以至于无法同时接受多台Agent客户端请求,因此使用Apache+Passenger方案替代原WEBrick,提高并发性能,同时解决bug带来的问题
环境:
Ubuntu 12.04 64-LTS
PuppetMaster: 3.6.1(升级前版本为3.4.3)
PuppetAgent: 3.6.1
1、安装Apache2
- $ sudo apt-get install apache2 ruby1.8-dev rubygems
- $ sudo a2enmod ssl
- $ sudo a2enmod headers
2、安装Rack/Passenger
- $ sudo gem install rack passenger
- $ sudo passenger-install-apache2-module
- # 按提示解决软件依赖关系后,再次运行命令安装passenger模块
- Please edit your Apache configuration file, and add these lines:
- LoadModule passenger_module /var/lib/gems/1.8/gems/passenger-4.0.44/buildout/apache2/mod_passenger.so
- <IfModule mod_passenger.c>
- PassengerRoot /var/lib/gems/1.8/gems/passenger-4.0.44
- PassengerDefaultRuby /usr/bin/ruby1.8
- </IfModule>
- $ sudo mkdir /etc/puppet/rack
- $ sudo mkdir /etc/puppet/rack/{public,tmp}
- $ sudo scp /usr/share/puppet/ext/rack/config.ru /etc/puppet/rack/
- $ sudo chown -R puppet:root /etc/puppet/rack
3、配置Puppet虚拟主机文件
- $ sudo cp /usr/share/puppet/ext/rack/example-passenger-vhost.conf /etc/apache2/sites-available/puppet.conf
- $ sudo vim /etc/apache2/sites-available/puppet.conf
- # 按之前的提示添加如下内容
- LoadModule passenger_module /var/lib/gems/1.8/gems/passenger-4.0.44/buildout/apache2/mod_passenger.so
- <IfModule mod_passenger.c>
- PassengerRoot /var/lib/gems/1.8/gems/passenger-4.0.44
- PassengerDefaultRuby /usr/bin/ruby1.8
- PassengerHighPerformance on
- PassengerMaxPoolSize 12
- PassengerPoolIdleTime 1500
- # PassengerMaxRequests 1000
- PassengerStatThrottleRate 120
- # RackAutoDetect Off # 注释该行
- # RailsAutoDetect Off # 注释该行
- </IfModule>
- Listen 8140
- <VirtualHost *:8140>
- SSLEngine on
- SSLProtocol ALL -SSLv2
- SSLCipherSuite ALL:!aNULL:!eNULL:!DES:!3DES:!IDEA:!SEED:!DSS:!PSK:!RC4:!MD5:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXP
- SSLHonorCipherOrder on
- # 修改为SSL实际路径及文件名
- SSLCertificateFile /var/lib/puppet/ssl/certs/test.cominggo.com.pem
- SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/test.cominggo.com.pem
- SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem
- SSLCACertificateFile /var/lib/puppet/ssl/certs/ca.pem
- # If Apache complains about invalid signatures on the CRL, you can try disabling
- # CRL checking by commenting the next line, but this is not recommended.
- SSLCARevocationFile /var/lib/puppet/ssl/crl.pem
- SSLVerifyClient optional
- SSLVerifyDepth 1
- # The `ExportCertData` option is needed for agent certificate expiration warnings
- SSLOptions +StdEnvVars +ExportCertData
- # This header needs to be set if using a loadbalancer or proxy
- RequestHeader unset X-Forwarded-For
- RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
- RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
- RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
- DocumentRoot /etc/puppet/rack/public/
- RackBaseURI /
- <Directory /etc/puppet/rack/>
- Options None
- AllowOverride None
- Order allow,deny
- allow from all
- </Directory>
- ## Logging # 设置Puppet访问日志(可选,默认日志为other_vhosts_access.log)
- ErrorLog "/var/log/apache2/puppet_error.log"
- ServerSignature Off
- CustomLog "/var/log/apache2/puppet_access.log" combined
- </VirtualHost>
- $ cd /etc/apache2/sites-available/
- $ sudo a2ensite puppet.conf
4、移除WEBrick服务(puppetmaster),并重启Apache服务
- $ sudo update-rc.d -f puppetmaster remove
- $ sudo /etc/init.d/apache2 restart
- $ sudo ss -talnp | grep apache2
- LISTEN 0 128 *:8140 *:* users:(("apache2",30037,5),("apache2",29472,5),("apache2",29467,5))
- LISTEN 0 128 *:80 *:* users:(("apache2",30037,3),("apache2",29472,3),("apache2",29467,3))
- LISTEN 0 128 *:443 *:* users:(("apache2",30037,4),("apache2",29472,4),("apache2",29467,4))
5、验证是否部署成功
1)访问HTTPS服务
- # 访问页面:https://test.cominggo.com:8140/
- The environment must be purely alphanumeric, not ''
2)PuppetAgent节点运行测试
- # PuppetAgent:
- $ sudo puppet agent -t
- # PuppetMaster:查看apache访问日志是否有200状态请求
- $ sudo tail /var/log/apache2/puppet_access.log
- 172.16.2.22 - - [20/Jun/2014:19:11:53 +0800] "GET /production/file_metadata/modules/zabbix/check.sh?source_permissions=use&links=manage HTTP/1.1" 200 5987 "-" "-"
- 172.16.2.22 - - [20/Jun/2014:19:11:53 +0800] "GET /production/file_metadata/modules/zabbix/zabbix-release_2.2-1+precise_all.deb?source_permissions=use&links=manage HTTP/1.1" 200 6003 "-" "-"
- 172.16.2.22 - - [20/Jun/2014:19:11:53 +0800] "GET /production/file_metadata/modules/zabbix/game.conf?source_permissions=use&links=manage HTTP/1.1" 200 5971 "-" "-"
- 172.16.2.22 - - [20/Jun/2014:19:11:53 +0800] "GET /production/file_metadatas/modules/game/release/data?checksum_type=md5&recurse=true&links=manage HTTP/1.1" 200 44519 "-" "-"
- 172.16.2.22 - - [20/Jun/2014:19:11:54 +0800] "GET /production/file_metadata/modules/zabbix/netif.py?source_permissions=use&links=manage HTTP/1.1" 200 5987 "-" "-"
- 172.16.2.22 - - [20/Jun/2014:19:11:56 +0800] "PUT /production/report/t1.cominggo.com HTTP/1.1" 200 5683 "-" "-"
参考:
官方文档:http://docs.puppetlabs.com/guides/passenger.html
KissPuppet博客:http://kisspuppet.com/2013/11/08/apache-passenger/