puppet可以独立工作,但当在一个成百上千台服务器的大规模集群中部署 Puppet 环境后,各个 Agent 节点与 Master 之间的同步、检查、通讯就会成为瓶颈,会频繁出现连接超时、读取失败等错误。究其原因,由于 Puppet Master 默认使用的 WEBrick 是一个简单的单进程的 WEB SERVER 服务(类似原始的 CGI),因而在大访问量、高并发的情况下就不适用了。所以,要使用性能更好的 Web Server 来提供 Puppet Rails 应用。在实际应用中,通常将其与apache或者nginx结合使用,以解决高并发的问题。

   在此,我通过apache借助passenger模块的方式来实现apache和puppet的整合。
   puppet master的安装方法在此略过。需要puppet master成功启动过一次,这样会生成相应的证书,方便apache管理。
1.安装ruby环境
    yum -y install  ruby ruby-devel ruby-irb ruby-rdoc ruby-ri  ruby-libs ruby-rdoc openssl-devel
2.安装apache
    yum install -y httpd httpd-devel
3.安装rubygems
       tar xf rubygems-1.8.25.tgz
       cd rubygems-1.8.25
       ruby setup.rb
4.安装passenger
      gem install passenger
5.创建apache passenger模块:
       passenger-install-apache2-module
6.修改apache主配置文件,按照安装passenger-install-apache2-module模块时给出的提示添加如下内容:
LoadModule passenger_module /usr/lib64/ruby/gems/1.8/gems/passenger-4.0.17/buildout/apache2/mod_passenger.so
PassengerRoot /usr/lib64/ruby/gems/1.8/gems/passenger-4.0.17
PassengerDefaultRuby /usr/bin/ruby
PassengerHighPerformance on
#PassengerUseGlobalQueue on
PassengerMaxPoolSize 3
PassengerMaxRequests 4000
#关闭空闲超过1800秒的passenger实例
PassengerPoolIdleTime 1800
Include conf/extra/puppetmaster.conf     #将puppetmaster.conf配置文件载入
7.将puppet源码包中给出的apache的配置文件apache2.conf复制到apache的子配置文件目录中,并重名为puppetmaster.conf
cp /root/puppet-3.2.2/ext/rack/files/apache2.conf /usr/local/apache2/conf/extra/puppetmaster.conf
8.修改puppetmaster.conf文件,如下:
# you probably want to tune these settings
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
PassengerMaxRequests 4000
PassengerStatThrottleRate 120
#RackAutoDetect Off
#RailsAutoDetect Off
Listen 8140
<VirtualHost *:8140>
       SSLEngine on
       SSLProtocol -ALL +SSLv3 +TLSv1
       SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
       SSLCertificateFile      /var/lib/puppet/ssl/certs/puppet-master.cmmobi-wh.com.pem
       SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/puppet-master.cmmobi-wh.com.pem
       SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
       SSLCACertificateFile    /var/lib/puppet/ssl/ca/ca_crt.pem
       # If Apache complains about invalid signatures on the CRL, you can try disabling
       # CRL checking by commenting the next line, but this is not recommended.
       SSLCARevocationFile     /var/lib/puppet/ssl/ca/ca_crl.pem
       SSLVerifyClient optional
       SSLVerifyDepth  1
       # The `ExportCertData` option is needed for agent certificate expiration warnings
       SSLOptions +StdEnvVars +ExportCertData
       # This header needs to be set if using a loadbalancer or proxy
       RequestHeader unset X-Forwarded-For
       RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
       RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
       RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
       DocumentRoot /etc/puppet/rack/public/
       RackBaseURI /
       <Directory /etc/puppet/rack/>
               Options None
               AllowOverride None
               Order allow,deny
               allow from all
       </Directory>
</VirtualHost>
9.创建/etc/puppet/rack/public目录,并将puppet源码包自带的config.ru文件复制到/etc/puppet/rack目录下
mkdir -p /etc/puppet/rack/public
cp /root/puppet-3.2.2/ext/rack/files/config.ru /etc/puppet/rack
cp /usr/lib64/ruby/gems/1.8/gems/passenger-4.0.17/test/stub/rails_apps/1.2/empty/public/*    /etc/puppet/rack/public/
注:如果是以puppet用户身份来运行puppet,需要将config.ru的属主和属组改成puppet
10.关闭puppet master,启动apache,并检查监听端口,然后用客户端测试
service puppetmaster stop
service httpd start
netstat -ntlp | grep httpd



linux交流群:22346652。欢迎Linux爱好者加入,一起学习,一起进步。