隨著公司應用需求的增加,需要不斷的擴展,服務器數量也隨之增加,當服務器數量不斷增加,我們會發現一臺puppetmaster壓力大,解析緩慢,而且時不時出“Timeout”之類的報錯,那這時有什么優化的辦法嗎?我們在Puppet官網上找尋解決方案,發現puppetmaster可以配置多端口,結合WEB代理(推薦輕量級的負載均衡器Nginx),這樣puppetmaster承受能力至少可以提升數倍以上,相當于在很大程度上優化了puppet的處理能力。
1.遵循前面的環境設定,我們這里的服務器環境及軟件版本分別為:
服務器系統:CentOS5.8 x86_64
Ruby版本:ruby-1.8.5
Puppet版本:puppet-2.7.9
Nginx版本:nginx-0.8.46
2.Mongrel安裝
要使用puppet多端口配置,需要指定mongrel類型,默認沒有安裝,需要安裝:
1 | yum install -yrubygem-mongrel |
3.配置puppetmaster
在/etc/sysconfig/puppetmaster文件末尾添加如下兩行,分別代表多端口、mongrel類型,內容如下所示:
1 2 | PUPPETMASTER_PORTS=(8141 8142 8143 81448145) PUPPETMASTER_EXTRA_OPTS="--servertype=mongrel--ssl_client_header=HTTP_X_SSL_SUBJECT" |
4.安裝Nginx服務
安裝之前請確保系統已經安裝pcre-devel正則庫,然后再編譯安裝Nginx,需要添加SSL模塊參數支持,Nginx的安裝過程如下所示:
1 2 3 4 5 6 7 | yum -y install pcre-devel cd /usr/local/srcwgethttp://nginx.org/download/nginx-0.8.46.tar.gz tar zxvf nginx-0.8.46.tar.gz cd nginx-0.8.46 ./configure --prefix=/usr/local/nginx--with-http_ssl_modulemake && make install && cd../ |
添加www用戶組及用戶,命令如下所示:
1 2 | groupadd www useradd -g www www |
5.我們依據puppet需求來修改配置文件nginx.conf,內容如下所示:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 | user www; worker_processes 8; events { worker_connections 65535; } http { include mime.types; default_type application/octet-stream; sendfile on; tcp_nopush on; keepalive_timeout 65; #定義puppet客戶端訪問puppet-server端日志格式 log_format main '$remote_addr - $remote_user [$time_local]"$request" $request_length $request_time $time_local' '$status $body_bytes_sent$bytes_sent $connection $msec "$http_referer" ' '"$http_user_agent" $http_x_forwarded_for$upstream_response_time $upstream_addr $upstream_status '; access_log /usr/local/nginx/logs/access.log main; upstream puppetmaster { server 127.0.0.1:8141; server 127.0.0.1:8142; server 127.0.0.1:8143; server 127.0.0.1:8144; server 127.0.0.1:8145; } server { listen 8140; root /etc/puppet; ssl on; ssl_session_timeout 5m; #如下為puppetmaster服務器端證書地址 ssl_certificate /var/lib/puppet/ssl/certs/server.cn7788.com.pem; ssl_certificate_key/var/lib/puppet/ssl/private_keys/server.cn7788.com.pem; ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem; ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem; ssl_verify_client optional; #File sections location /production/file_content/files/ { types { } default_type application/x-raw; #定義puppet推送路徑別名 alias /etc/puppet/files/; } # Modules files sections location ~ /production/file_content/modules/.+/ { root /etc/puppet/modules; types { } default_type application/x-raw; rewrite ^/production/file_content/modules/(.+)/(.+)$ /$1/files/$2 break; } location / { ##設置跳轉到puppetmaster負載均衡 proxy_pass http://puppetmaster; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Client-Verify $ssl_client_verify; proxy_set_header X-SSL-Subject $ssl_client_s_dn; proxy_set_header X-SSL-Issuer $ssl_client_i_dn; proxy_buffer_size 10m; proxy_buffers 1024 10m; proxy_busy_buffers_size 10m; proxy_temp_file_write_size 10m; proxy_read_timeout 120; } } } |
6.修改完nginx.conf文件以后,我們要啟動nginx及puppet-server,這時應該如何操作呢?
我們首先關閉puppetmaster進程,然后先啟動nginx,不然nginx是會啟動失敗的,命令如下所示:
1 | /usr/local/nginx/sbin/nginx |
nginx占用puppetmaster默認的8140端口后,我們可以用如下命令來檢查8140端口是否被nginx接管,如下所示:
1 | lsof -i:8140 |
此命令顯示結果表明8140被nginx進程接管,如下所示:
1 2 3 | COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME nginx 4121 root 6u IPv4 20668 0t0 TCP *:8140 (LISTEN) nginx 4122 www 6u IPv4 20668 0t0 TCP *:8140 (LISTEN) |
我們再啟動puppetmaster,命令如下所示:
1 | service puppetmaster start |
如果ruby版本為1.8.5的話,等會運行puppetmaster會有如下警告,如下所示:
1 2 3 4 5 6 7 8 9 10 11 | Starting puppetmaster: Port: 8141** Ruby version is not up-to-date;loading cgi_multipart_eof_fix [ OK ] Port: 8142** Ruby version is notup-to-date; loading cgi_multipart_eof_fix [ OK ] Port: 8143** Ruby version is notup-to-date; loading cgi_multipart_eof_fix [ OK ] Port: 8144** Ruby version is notup-to-date; loading cgi_multipart_eof_fix [ OK ] Port: 8145** Ruby version is notup-to-date; loading cgi_multipart_eof_fix [ OK ] |
這段警告值的意思為
1 2 | It's just a warning. Mongrel wants a Rubyversion of at least 1.8.6. But it still runs just fine with previousversions. Just ignore the warning. |
喜歡 
頂
難過
囧
圍觀
無聊
王者榮耀賬號惡
MARVEL Strike 
2017年10月手游
比官居一品好玩
