使用Apache 和Passenger来运行puppetmaster

[导读]

关于puppet 的高可用性,以及扩展性puppet pro 书中有详细介绍,本文是参考puppet pro资料进行安装与配置. 为什么要使用Apache来实现,因为puppet 内置的web服务器

比较慢,现在主流的有nginx,apache,关于使用nginx来实现puppet 负载均衡可以参阅:puppet nginx,puppet 官文也有相应文档.可供参考: 点我阅读puppet  官方文档:

今天就学习使用Apache和Passenger来扩展puppet ,下一章节会介绍然后实现puppet的高可用性.

[正文]

1.安装Apache 和Passenger
a.安装httpd
#puppet resource package httpd ensure=present
b.安装mod_ssl模块
# puppet resource package mod_ssl ensure=present
c.停止httpd 服务
# puppet resource service httpd ensure=stopped

接下来我们安装rubygem-passenger

a).我先添加passenger的安装源

安装passenger的源
rpm -Uvh http://passenger.stealthymonkeys.com/rhel/5/passenger-release.noarch.rpm

或者直接复制下面的仓库地址
cat /etc/yum.repos.d/passenger.repo
[passenger]
name = Red Hat Enterprise $releasever – Phusion Passenger
baseurl = http://passenger.stealthymonkeys.com/rhel/$releasever/$basearch
mirrorlist = http://passenger.stealthymonkeys.com/rhel/mirrors
#mirrorlist = file:///etc/yum.repos.d/mirrors-passenger
enabled = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-passenger.rhel5
gpgcheck = 1

### Name: Phusion Passenger RPM Repository for Red Hat Enterprise 5 (TESTING)
### URL: http://passenger.stealthymonkeys.com/
[passenger-testing]
name = Red Hat Enterprise $releasever – Phusion Passenger – TEST
baseurl = http://passenger.stealthymonkeys.com/rhel/$releasever/$basearch/testing/
enabled = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-passenger.rhel5
gpgcheck = 0

接下来安装Passenger

# puppet resource package rubygem-passenger ensure=present

使用gem 安装rack,passenger.
# gem install rack
# gem install passenger

安装完成后安装apache passenger的模块.
passenger-install-apache2-module

使用passener-install-apache2-module 后会弹出个框.检查所需要的软件包,如
系统少了软件包,请使用yum -y 来安装.另外请注意上面出现的mod_passerger.so
的路径,后面apache的配置文件里需要.

接下来安装配置apache和passenger.

cat /etc/httpd/conf.d/10_passenger.conf

LoadModule passenger_module /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.11/ext/apache2/mod_passenger.so
PassengerRoot /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.11
PassengerRuby /usr/local/bin/ruby  ## 红色的部分请根据上面的命令生成的结果进行替换
PassengerHighPerformance on
PassengerUseGlobalQueue on
# PassengerMaxPoolSize control number of application instances,
# typically 1.5x the number of processor cores.
PassengerMaxPoolSize 6
# Restart ruby process after handling specific number of request to resolve MRI memory leak.
PassengerMaxRequests 4000
# Shutdown idle Passenger instances after 30 min.
PassengerPoolIdleTime 1800
# End of /etc/httpd/conf.d/10_passenger.conf

接下来我们配置apache虚拟主机,使其监听8140端口,并修改config.ru配置文件
cat /etc/httpd/conf.d/20_puppetmaster.conf
Listen 8140
<VirtualHost *:8140>
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
# Puppet master should generate initial CA certificate.
# ensure certs are located in /var/lib/puppet/ssl
# Change puppet.example.com to the fully qualified domain name of the Puppet master, i.e.
SSLCertificateFile /var/lib/puppet/ssl/certs/puppetmaster1.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppetmaster1.pem
SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
# CRL checking should be enabled
# disable next line if Apache complains about CRL
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
# optional to allow CSR request, required if certificates distributed to client during
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
# The following client headers record authentication information for down stream workers.
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
RackAutoDetect On
DocumentRoot /etc/puppet/rack/puppetmaster/public/
<Directory /etc/puppet/rack/puppetmaster/>
Options None
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>

创建相应的目录.
# mkdir -p /etc/puppet/rack/puppetmaster/{public,tmp}
##复制config.ru到/etc/puppet/rack/puppetmaster/
cp /usr/share/puppet/ext/rack/files/config.ru /etc/puppet/rack/puppetmaster/

##复制pulic目录到/etc/puppet/rack/puppetmaster/,里面有dispatch.cgi,dispatch.fcgi,以及dispatch.rb等文件
cp -rf /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.11/test/stub/rails_apps/1.2/empty/public/* /etc/puppet/rack/puppetmaster/public/

ll /etc/puppet/rack/puppetmaster/public

rw-r–r– 1 apache apache  947 Mar 22 19:16 404.html
-rw-r–r– 1 apache apache  941 Mar 22 19:16 500.html
-rwxr-xr-x 1 apache apache  473 Mar 22 19:16 dispatch.cgi
-rwxr-xr-x 1 apache apache  855 Mar 22 19:16 dispatch.fcgi
-rwxr-xr-x 1 apache apache  474 Mar 22 19:16 dispatch.rb
-rw-r–r– 1 apache apache    0 Mar 22 19:16 favicon.ico
drwxr-xr-x 2 apache apache 4096 Mar 22 19:16 images
-rw-r–r– 1 apache apache   99 Mar 22 19:16 robots.txt

cat /etc/puppet/rack/puppetmaster/config.ru
# a config.ru, for use with every rack-compatible webserver.
$0 = “master”
# if you want debugging:
# ARGV << “–debug”
ARGV << “–rack”
require ‘puppet/application/master’
run Puppet::Application[:master].run
# EOF /etc/puppet/rack/puppetmaster/config.ru

chown puppet:puppet  /etc/puppet/rack/puppetmaster/config.ru ##这个权限必须是puppet

mkdir -p /var/run/puppet
chown puppet:puppet /var/run/puppet
chmod 755 /var/run/puppet

可以通过https://IP:8140来访问,查看是否有错误,

如果出现The environment must be purely alphanumeric,not ”
那是正常的,否则会显示报错信息.

2). /var/log/httpd/access.log 记得把apache用户加入到puppet 组中,否则会报没有权限写这个文件.
3) .开启apache服务,测试是否正常工作
# puppet resource service httpd ensure=running enable=true hasstatus=true

4). 测试puppetmaster是否正常工作
#puppet agent –test –server puppetmaster1

5).可以查看/var/log/httpd/access_log查看相应的日志

192.168.200.64 – - [09/Apr/2012:13:44:55 +0800] “GET /production/catalog/client1.test.com?facts=eNp1V1uTqroSfj%252B%252FImee9i63cgelalUd71dkVERdL1MIQVAgkIAIv34HcWZ0%250AnbWsGYd0d0Kn%252B%252Fu6e5

[puppet apache ]

puppet pro里面写得非常详细,虽然在实际操作过程中出现了一点小问题,后面都顺利解决了.

我们可以使用如下命令来查看passenger的状态

# passenger-status
———– General information ———–
max      = 6
count    = 1
active   = 0
inactive = 1
Waiting on global queue: 0

———– Application groups ———–
/etc/puppet/rack/puppetmaster_18140:
App root: /etc/puppet/rack/puppetmaster_18140
* PID: 2562    Sessions: 0    Processed: 1       Uptime: 24h 31m 27s

查看Apache passenger使用的内存占用,可以使用如下命令来查看:

passenger-memory-stats

———- Apache processes ———-
PID    PPID   VMSize    Private  Name
————————————–
30544  1      187.6 MB  0.5 MB   /usr/sbin/httpd
31627  30544  187.9 MB  0.5 MB   /usr/sbin/httpd
31628  30544  187.8 MB  0.4 MB   /usr/sbin/httpd
31629  30544  187.8 MB  0.3 MB   /usr/sbin/httpd
31630  30544  187.8 MB  0.3 MB   /usr/sbin/httpd
31631  30544  187.8 MB  0.3 MB   /usr/sbin/httpd
31638  30544  187.8 MB  0.3 MB   /usr/sbin/httpd
31639  30544  187.8 MB  0.3 MB   /usr/sbin/httpd
31640  30544  187.8 MB  0.3 MB   /usr/sbin/httpd
### Processes: 9
### Total private dirty RSS: 3.00 MB

——– Nginx processes ——–

### Processes: 0
### Total private dirty RSS: 0.00 MB

—– Passenger processes —–
PID    VMSize    Private  Name
——————————-
2562   121.0 MB  33.7 MB  Rack: /etc/puppet/rack/puppetmaster_18140
31601  16.5 MB   0.2 MB   PassengerWatchdog
31604  27.2 MB   0.3 MB   PassengerHelperAgent
31606  39.2 MB   5.5 MB   Passenger spawn server
31610  50.3 MB   0.5 MB   PassengerLoggingAgent
### Processes: 5
### Total private dirty RSS: 40.26 MB

 

更多可以参阅:puppet pro以及官方文档,下一章节将会介绍使用Apache来实现多puppetmaster的Load-Balancing.

情提示,本文已同步更新至puppet 中文社区, http://www.puppetfans.com/thread-150-1-1.html,欢迎大家前往讨论

puppet 技术,以及使用puppet 的管理心得.也希望大家参与和我一起探讨使用Apache和Passenger心得.