由于3.x系列已不再支持mongrel,所以就采用nginx+passenger来做负载均衡;之前有发过nginx+mongrel,puppet version是2.7系列的,所以还是可以用的;

环境说明:

操作系统:centos 5.8 64位

puppet版本:3.1系列

 

   
   
   
   
  1. 1,升级ruby至1.8.7,安装rubygems 
  2. # rpm -Uvh http://rbel.frameos.org/rbel5 
  3. # yum install -y ruby rubygems ruby-devel.x86_64 
  4.  
  5. 2,安装puppet server 
  6. # rpm -ivh http://yum.puppetlabs.com/el/5/products/x86_64/puppetlabs-release-5-1.noarch.rpm 
  7. # yum install -y puppet puppet-server 
  8.  
  9. 3,安装nginx相关的依赖包 
  10. # yum install -y gcc make pcre-devel zlib-devel openssl-devel pam-devel curl-devel rpm-build 
  11.  
  12. 4安装rake, rack and passenger ruby gems 
  13. # gem install rake rack passenger --no-rdoc --no-ri 
  14.  
  15. 5,安装nginx 
  16. 编译参数如下,必须包含passenger模块 
  17. # tar -xjf pcre-8.32.tar.bz2 -C /usr/local/src   ----pcre自己下载 
  18. # tar -xzf nginx-1.2.1.tar.gz -C /usr/local/src  ----解压nginx 
  19. cd /usr/local/src/nginx-1.2.1 
  20.     ./configure --prefix=$NGINX_PATH --with-   http_stub_status_module --with-http_ssl_module --with-pcre=/usr/local/src/pcre-8.32 --add-module=`passenger-config --root`/ext/nginx 
  21. # make 
  22. # make install 
  23.  
  24. 6,与passenger的结合 
  25. # mkdir -p /etc/puppet/rack/public 
  26. # cp /usr/share/puppet/ext/rack/files/config.ru /etc/puppet/rack/ 
  27. # chown -R puppet:puppet /etc/puppet/rack/ 
  28. # nginx.conf里面具体的内容如下 
  29.  
  30.  
  31. user www www; 
  32.  
  33. worker_processes  1; 
  34.  
  35. error_log  /usr/local/nginx/logs/error.log; 
  36. #error_log  logs/error.log  notice; 
  37. #error_log  logs/error.log  info; 
  38.  
  39. pid        /usr/local/nginx/nginx.pid; 
  40.  
  41. #Specifies the value for maximum file descriptors that can be opened by this process. 
  42. worker_rlimit_nofile 65535; 
  43.  
  44. events { 
  45.     use epoll; 
  46.     worker_connections  65535; 
  47.  
  48. http { 
  49.     server_tokens off; 
  50.     include       mime.types; 
  51.     default_type  application/octet-stream; 
  52.  
  53.     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" ' 
  54.                       '$status $body_bytes_sent "$http_referer" ' 
  55.                       '"$http_user_agent" "$http_x_forwarded_for"'; 
  56.  
  57.     #access_log  logs/access.log  main; 
  58.  
  59.     charset utf-8; 
  60.  
  61.     server_names_hash_bucket_size 128; 
  62.     client_header_buffer_size 32k; 
  63.     large_client_header_buffers 4 64k; 
  64.     client_max_body_size 8m; 
  65.  
  66.     tcp_nopush     on; 
  67.     tcp_nodelay on; 
  68.     keepalive_timeout 60; 
  69.     fastcgi_intercept_errors on; 
  70.     fastcgi_connect_timeout 300; 
  71.     fastcgi_send_timeout 300; 
  72.     fastcgi_read_timeout 300; 
  73.     fastcgi_buffer_size 64k; 
  74.     fastcgi_buffers 4 64k; 
  75.     fastcgi_busy_buffers_size 128k; 
  76.     fastcgi_temp_file_write_size 128k; 
  77.  
  78.     open_file_cache max=65535 inactive=10s
  79.     open_file_cache_valid 30s; 
  80.     open_file_cache_min_uses 1; 
  81.  
  82.     gzip on; 
  83.     gzip_min_length  1k; 
  84.     gzip_buffers     4 16k; 
  85.     gzip_http_version 1.0; 
  86.     gzip_comp_level 2; 
  87.     gzip_types       text/plain application/x-javascript text/css application/xml; 
  88.     gzip_vary on; 
  89.  
  90.     # Passenger needed for puppet 
  91.     passenger_root  /usr/lib/ruby/gems/1.8/gems/passenger-3.0.19; 
  92.     passenger_ruby  /usr/bin/ruby; 
  93.     passenger_max_pool_size 15; 
  94.     index index.html index.htm index.php; 
  95.  
  96.     server { 
  97.         listen       80; 
  98.         server_name  localhost; 
  99.  
  100.         #access_log  logs/host.access.log  main; 
  101.  
  102.         location / { 
  103.             root   html; 
  104.             index  index.php index.html index.htm ; 
  105.         } 
  106.  
  107.         error_page   500 502 503 504  /50x.html; 
  108.         location = /50x.html { 
  109.             root   html; 
  110.         } 
  111.  
  112.         location ~ \.php$ { 
  113.             root           html; 
  114.             #fastcgi_pass   127.0.0.1:9000; 
  115.             fastcgi_pass unix:/dev/shm/php.socket; 
  116.             fastcgi_index  index.php; 
  117.             fastcgi_param  SCRIPT_FILENAME  $document_root/$fastcgi_script_name; 
  118.             include        fastcgi_params; 
  119.         } 
  120.  
  121.     } 
  122.  
  123.     server { 
  124.       listen                     8140 ssl; 
  125.       server_name                client.domain.com; 
  126.  
  127.       passenger_enabled          on; 
  128.       passenger_set_cgi_param    HTTP_X_CLIENT_DN $ssl_client_s_dn;  
  129.       passenger_set_cgi_param    HTTP_X_CLIENT_VERIFY $ssl_client_verify;  
  130.  
  131.       access_log                 /usr/local/nginx/logs/puppet_access.log; 
  132.       error_log                  /usr/local/nginx/logs/puppet_error.log; 
  133.  
  134.       root                       /etc/puppet/rack/public; 
  135.  
  136.       ssl_certificate            /var/lib/puppet/ssl/certs/client.domain.com.pem; 
  137.       ssl_certificate_key        /var/lib/puppet/ssl/private_keys/client.domain.com.pem; 
  138.       ssl_crl                    /var/lib/puppet/ssl/ca/ca_crl.pem; 
  139.       ssl_client_certificate     /var/lib/puppet/ssl/ca/ca_crt.pem; 
  140.       ssl_ciphers                SSLv2:-LOW:-EXPORT:RC4+RSA; 
  141.       ssl_prefer_server_ciphers  on; 
  142.       ssl_verify_client          optional; 
  143.       ssl_verify_depth           1; 
  144.       ssl_session_cache          shared:SSL:128m; 
  145.       ssl_session_timeout        5m; 
  146.     } 
  147.  
  148.  
  149. 注意下,我这里puppet server的hostname 是client.domain.com,至于具体的key路径之类的 大家自己按各自的环境自己改 
  150. 然后调整下puppet.conf 
  151. [main] 
  152.  
  153. [agent] 
  154.   server = client.domain.com
  155.  
  156. [master] 
  157.   certname = client.domain.com
  158.  
  159. 7,验证 
  160. 启动nginx
  161. # lsof -i:8140 
  162. COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME 
  163. nginx   20855 root    9u  IPv4 421091      0t0  TCP *:8140 (LISTEN) 
  164. nginx   20856  www    9u  IPv4 421091      0t0  TCP *:8140 (LISTEN) 
  165. 可以发现8140端口已经起来 
  166. # puppet agent --test --server client.domain.com 
  167. Info: Retrieving plugin 
  168. Info: Caching catalog for client.domain.com 
  169. Info: Applying configuration version '1366960369' 
  170. Notice: Finished catalog run in 0.16 seconds 
  171. 发现已能正常使用 
  172. # tail /usr/local/nginx/log/puppet_access.log  查看nginx日志 
  173. 192.168.200.220 - - [26/Apr/2013:21:12:15 +0800] "GET /production/node/client.domain.com? HTTP/1.1" 200 3502 "-" "-" 
  174. 192.168.200.220 - - [26/Apr/2013:21:12:16 +0800] "GET /production/file_metadatas/plugins?&links=manage&recurse=true&checksum_type=md5&ignore=---+%0A++-+%22.svn%22%0A++-+CVS%0A++-+%22.git%22 HTTP/1.1" 200 283 "-" "-" 
  175. 192.168.200.220 - - [26/Apr/2013:21:12:17 +0800] "POST /production/catalog/client.domain.com HTTP/1.1" 200 1033 "-" "-" 
  176. 192.168.200.220 - - [26/Apr/2013:21:12:17 +0800] "PUT /production/report/client.domain.com HTTP/1.1" 200 14 "-" "-" 
  177. 已经有记录, 
  178.  
  179. 8.调整 
  180. 如果puppetmaster服务已经做成开机启动,记得关掉 
  181. # chkconfig puppetmaster off 
  182. # chkconfig nginx on            

至此Puppet 负载均衡到此结束,nginx分别与passenger,mongrel的结合都做完了