Deploy high-performance puppetmaster using Apache + passenger

Preface:

Recently, the latest puppet client has been installed on the server system, and some problems have occurred while synchronizing with the old version of puppetmaster. The warning class information is well resolved, comment out the line of the configuration file templatedir, and then upgrade the puppetmaster directly to the latest 3.6.1, then we found that the webrick web server installed by puppetmaster by default has a low performance and the latest version 3.6.1 has bugs, which make it impossible to accept requests from multiple Agent clients at the same time. Therefore, we used the Apache + pasick solution to replace the original webrick, improve concurrency performance and solve bugs

Environment:

Ubuntu 12.04 64-lts

Puppetmaster: 3.6.1 (version 3.4.3 before Upgrade)

Puppetagent: 3.6.1

1. Install apache2

$ sudo apt-get install apache2 ruby1.8-dev rubygems$ sudo a2enmod ssl$ sudo a2enmod headers

2. Install rack/passenger

$ Sudo gem install rack passenger $ sudo passenger-install-apache2-module # Run the command again to install the passenger module Please edit your Apache configuration file, and add these lines as prompted: loadmodule passenger_module/var/lib/gems/1.8/gems/Passenger-4.0.44/buildout/apache2/mod_passenger.so <ifmodule plugin> passengerroot/var/lib/gems/1.8/gems/Passenger- 4.0.44 passengerdefaultruby/usr/bin/ruby1.8 </ifmodule> $ sudo mkdir/etc/puppet/Rack/{public, TMP} $ sudo SCP/usr/share/puppet/EXT/Rack/config.ru/etc/puppet/Rack/$ sudo chown-r puppet: Root/etc/puppet/Rack

3. Configure the puppet VM File

$ Sudo CP/usr/share/puppet/EXT/Rack/example-passenger-vhost.conf/etc/apache2/sites-available/puppet. conf $ sudo Vim/etc/apache2/sites-available/puppet. conf # Add the following content as prompted: loadmodule passenger_module/var/lib/gems/1.8/gems/pas#- 4.0.44/buildout/apache2/mod_passenger.so <ifmodule mod_passenger.c> passengerroot/var/lib /gems/1.8/gems/Passenger-4.0.44 passengerdefaultruby/usr/bin/ruby1.8 passengerh Ighperformance on passengermaxpoolsize 12 passengerpoolidletime 1500 # passengermaxrequests 1000 limit 120 # rackautodetect off # comment this row # railsautodetect off # comment this row </ifmodule> listen 8140 <virtualhost *: 8140> sslengine on sslprotocol all-SSLv2 sslciphersuite all :! Anull :! Enull :! Des :! 3DES :! Idea :! Seed :! DSS :! PSK :! RC4 :! MD5: + high: + medium :! Low :! SSLv2 :! Exp sslhonorcipherorder on # change to the actual SSL path and file name sslcertificatefile/var/lib/puppet/SSL/certs/test.cominggo.com. PEM sslcertificatekeyfile/var/lib/puppet/SSL/private_keys/test.cominggo.com. PEM sslcertificatechainfile/var/lib/puppet/SSL/certs/CA. PEM sslcacertificatefile/var/lib/puppet/SSL/certs/CA. PEM # If Apache complains about invalid signatures on the CRL, you can try disabling # CRL checking by commenting the next line, but this is not recommended. sslcarevocationfile/var/lib/puppet/SSL/CRl. PEM kernel optional kernel 1 # The 'portcertdata' option is needed for agent certificate expiration warnings ssloptions + conditions + exportcertdata # This header needs to be set if using a loadbalancer or proxy requestheader unset-x- forwarded-for requestheader set X-SSL-subject % {ssl_client_s_dn} e requestheader set X-client-DN % {ssl_client_s_dn} e requestheader set X-client-verify % {ssl_client_verify} e DocumentRoot /etc/puppet/Rack/public/rackbaseuri/<directory/etc/puppet/Rack/> options none AllowOverride none order allow, deny allow from all </directory> # logging # Set puppet access log (optional, default log: other_vhosts_access.log) errorlog "/var/log/apache2/logs" serversignature off customlog "/var/log/apache2/puppet_access.log" combined </virtualhost> $ CD/etc/apache2/sites-available/ $ sudo a2ensite puppet. conf

4. Remove the webrick Service (puppetmaster) and restart the apache service.

$ sudo /etc/init.d/puppetmaster stop$ sudo update-rc.d -f puppetmaster remove$ sudo /etc/init.d/apache2 restart$ sudo ss -talnp | grep apache2LISTEN     0      128      *:8140         *:*      users:(("apache2",30037,5),("apache2",29472,5),("apache2",29467,5))LISTEN     0      128      *:80           *:*      users:(("apache2",30037,3),("apache2",29472,3),("apache2",29467,3))LISTEN     0      128      *:443          *:*      users:(("apache2",30037,4),("apache2",29472,4),("apache2",29467,4))

5. Verify that the deployment is successful.

1) access the HTTPS service

# Access page: https://test.cominggo.com: 8140/the environment must be purely alphanumeric, not''

2) puppetagent node run test

# Puppetagent: $ sudo puppet agent-T # puppetmaster: check whether the Apache access log has a 200 status request $ sudo tail/var/log/apache2/puppet_access.log172.16.2.22--[20/Jun/2014: 19: 11: 53 + 0800] "Get/production/file_metadata/modules/zabbix/check. sh? Source_permissions = use & links = manage HTTP/1.1 "200 5987"-""-"172.16.2.22---[20/Jun/2014: 19: 11: 53 + 0800] "Get/production/file_metadata/modules/zabbix/zabbix-release_2.2-1 + precise_all.deb? Source_permissions = use & links = manage HTTP/1.1 "200 6003"-""-"172.16.2.22---[20/Jun/2014: 19: 11: 53 + 0800] "Get/production/file_metadata/modules/zabbix/game. conf? Source_permissions = use & links = manage HTTP/1.1 "200 5971"-""-"172.16.2.22---[20/Jun/2014: 19: 11: 53 + 0800] "Get/production/file_metadatas/modules/GAME/release/data? Checksum_type = MD5 & recurse = true & links = manage HTTP/1.1 "200 44519"-""-"172.16.2.22--[20/Jun/2014: 19: 11: 54 + 0800] "Get/production/file_metadata/modules/zabbix/netif. PY? Source_permissions = use & links = manage HTTP/1.1 "200 5987"-""-"172.16.2.22---[20/Jun/2014: 19: 11: 56 + 0800] "Put/production/report/t1.cominggo.com HTTP/1.1" 200 5683 "-""-"

Refer:

Official documents: http://docs.puppetlabs.com/guides/passenger.html

Kisspuppet blog: http://kisspuppet.com/2013/11/08/apache-passenger/

This article from the "Don't dead birds a Hui" blog, please be sure to keep this source http://phenixikki.blog.51cto.com/7572938/1432633