puppet可以独立工作,但当在一个成百上千台服务器的大规模集群中部署 Puppet 环境后,各个 Agent 节点与 Master 之间的同步、检查、通讯就会成为瓶颈,会频繁出现连接超时、读取失败等错误。究其原因,由于 Puppet Master 默认使用的 WEBrick 是一个简单的单进程的 WEB SERVER 服务(类似原始的 CGI),因而在大访问量、高并发的情况下就不适用了。所以,要使用性能更好的 Web Server 来提供 Puppet Rails 应用。在实际应用中,通常将其与apache或者nginx结合使用,以解决高并发的问题。
LoadModule passenger_module /usr/lib64/ruby/gems/1.8/gems/passenger-4.0.17/buildout/apache2/mod_passenger.so PassengerRoot /usr/lib64/ruby/gems/1.8/gems/passenger-4.0.17 PassengerDefaultRuby /usr/bin/ruby PassengerHighPerformance on #PassengerUseGlobalQueue on PassengerMaxPoolSize 3 PassengerMaxRequests 4000 #关闭空闲超过1800秒的passenger实例 PassengerPoolIdleTime 1800 Include conf/extra/puppetmaster.conf #将puppetmaster.conf配置文件载入 |
# you probably want to tune these settings PassengerHighPerformance on PassengerMaxPoolSize 12 PassengerPoolIdleTime 1500 PassengerMaxRequests 4000 PassengerStatThrottleRate 120 #RackAutoDetect Off #RailsAutoDetect Off Listen 8140 <VirtualHost *:8140> SSLEngine on SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/puppet-master.cmmobi-wh.com.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet-master.cmmobi-wh.com.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem # If Apache complains about invalid signatures on the CRL, you can try disabling # CRL checking by commenting the next line, but this is not recommended. SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 # The `ExportCertData` option is needed for agent certificate expiration warnings SSLOptions +StdEnvVars +ExportCertData # This header needs to be set if using a loadbalancer or proxy RequestHeader unset X-Forwarded-For RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e DocumentRoot /etc/puppet/rack/public/ RackBaseURI / <Directory /etc/puppet/rack/> Options None AllowOverride None Order allow,deny allow from all </Directory> </VirtualHost> |
linux交流群:22346652。欢迎Linux爱好者加入,一起学习,一起进步。