puppet负载均衡之nginx+passenger

由于3.x系列已不再支持mongrel，所以就采用nginx+passenger来做负载均衡；之前有发过nginx+mongrel，puppet version是2.7系列的，所以还是可以用的；

环境说明：

操作系统：centos 5.8 64位

puppet版本：3.1系列

 

1，升级ruby至1.8.7，安装rubygems
# rpm -Uvh http://rbel.frameos.org/rbel5
# yum install -y ruby rubygems ruby-devel.x86_64

2,安装puppet server
# rpm -ivh http://yum.puppetlabs.com/el/5/products/x86_64/puppetlabs-release-5-1.noarch.rpm
# yum install -y puppet puppet-server

3，安装nginx相关的依赖包
# yum install -y gcc make pcre-devel zlib-devel openssl-devel pam-devel curl-devel rpm-build

4安装rake, rack and passenger ruby gems
# gem install rake rack passenger --no-rdoc --no-ri

5，安装nginx
编译参数如下，必须包含passenger模块
# tar -xjf pcre-8.32.tar.bz2 -C /usr/local/src   ----pcre自己下载
# tar -xzf nginx-1.2.1.tar.gz -C /usr/local/src  ----解压nginx
cd /usr/local/src/nginx-1.2.1
    ./configure --prefix=$NGINX_PATH --with-   http_stub_status_module --with-http_ssl_module --with-pcre=/usr/local/src/pcre-8.32 --add-module=`passenger-config --root`/ext/nginx
# make
# make install

6,与passenger的结合
# mkdir -p /etc/puppet/rack/public
# cp /usr/share/puppet/ext/rack/files/config.ru /etc/puppet/rack/
# chown -R puppet:puppet /etc/puppet/rack/
# nginx.conf里面具体的内容如下


user www www;

worker_processes  1;

error_log  /usr/local/nginx/logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

pid        /usr/local/nginx/nginx.pid;

#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 65535;

events {
    use epoll;
    worker_connections  65535;
}

http {
    server_tokens off;
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    charset utf-8;

    server_names_hash_bucket_size 128;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 64k;
    client_max_body_size 8m;

    tcp_nopush     on;
    tcp_nodelay on;
    keepalive_timeout 60;
    fastcgi_intercept_errors on;
    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_buffer_size 64k;
    fastcgi_buffers 4 64k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 128k;

    open_file_cache max=65535 inactive=10s;
    open_file_cache_valid 30s;
    open_file_cache_min_uses 1;

    gzip on;
    gzip_min_length  1k;
    gzip_buffers     4 16k;
    gzip_http_version 1.0;
    gzip_comp_level 2;
    gzip_types       text/plain application/x-javascript text/css application/xml;
    gzip_vary on;

    # Passenger needed for puppet
    passenger_root  /usr/lib/ruby/gems/1.8/gems/passenger-3.0.19;
    passenger_ruby  /usr/bin/ruby;
    passenger_max_pool_size 15;
    index index.html index.htm index.php;

    server {
        listen       80;
        server_name  localhost;

        #access_log  logs/host.access.log  main;

        location / {
            root   html;
            index  index.php index.html index.htm ;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        location ~ \.php$ {
            root           html;
            #fastcgi_pass   127.0.0.1:9000;
            fastcgi_pass unix:/dev/shm/php.socket;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root/$fastcgi_script_name;
            include        fastcgi_params;
        }

    }

    server {
      listen                     8140 ssl;
      server_name                client.domain.com;

      passenger_enabled          on;
      passenger_set_cgi_param    HTTP_X_CLIENT_DN $ssl_client_s_dn;
      passenger_set_cgi_param    HTTP_X_CLIENT_VERIFY $ssl_client_verify;

      access_log                 /usr/local/nginx/logs/puppet_access.log;
      error_log                  /usr/local/nginx/logs/puppet_error.log;

      root                       /etc/puppet/rack/public;

      ssl_certificate            /var/lib/puppet/ssl/certs/client.domain.com.pem;
      ssl_certificate_key        /var/lib/puppet/ssl/private_keys/client.domain.com.pem;
      ssl_crl                    /var/lib/puppet/ssl/ca/ca_crl.pem;
      ssl_client_certificate     /var/lib/puppet/ssl/ca/ca_crt.pem;
      ssl_ciphers                SSLv2:-LOW:-EXPORT:RC4+RSA;
      ssl_prefer_server_ciphers  on;
      ssl_verify_client          optional;
      ssl_verify_depth           1;
      ssl_session_cache          shared:SSL:128m;
      ssl_session_timeout        5m;
    }


}
注意下，我这里puppet server的hostname 是client.domain.com,至于具体的key路径之类的 大家自己按各自的环境自己改
然后调整下puppet.conf
[main]

[agent]
  server = client.domain.com

[master]
  certname = client.domain.com

7，验证
启动nginx
# lsof -i:8140
COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
nginx   20855 root    9u  IPv4 421091      0t0  TCP *:8140 (LISTEN)
nginx   20856  www    9u  IPv4 421091      0t0  TCP *:8140 (LISTEN)
可以发现8140端口已经起来
# puppet agent --test --server client.domain.com
Info: Retrieving plugin
Info: Caching catalog for client.domain.com
Info: Applying configuration version '1366960369'
Notice: Finished catalog run in 0.16 seconds
发现已能正常使用
# tail /usr/local/nginx/log/puppet_access.log  查看nginx日志
192.168.200.220 - - [26/Apr/2013:21:12:15 +0800] "GET /production/node/client.domain.com? HTTP/1.1" 200 3502 "-" "-"
192.168.200.220 - - [26/Apr/2013:21:12:16 +0800] "GET /production/file_metadatas/plugins?&links=manage&recurse=true&checksum_type=md5&ignore=---+%0A++-+%22.svn%22%0A++-+CVS%0A++-+%22.git%22 HTTP/1.1" 200 283 "-" "-"
192.168.200.220 - - [26/Apr/2013:21:12:17 +0800] "POST /production/catalog/client.domain.com HTTP/1.1" 200 1033 "-" "-"
192.168.200.220 - - [26/Apr/2013:21:12:17 +0800] "PUT /production/report/client.domain.com HTTP/1.1" 200 14 "-" "-"
已经有记录，

8.调整
如果puppetmaster服务已经做成开机启动，记得关掉
# chkconfig puppetmaster off
# chkconfig nginx on

至此Puppet 负载均衡到此结束,nginx分别与passenger,mongrel的结合都做完了