Puppet automated high-availability cluster deployment

With the increase of company application demand, need to expand, the number of servers also increased, when the number of servers is increasing, we will find a puppetmaster response is slow, pressure, parsing slow, what is the optimal solution? The puppetmaster can be configured with a multi-port, combined with Nginx Web proxy, so that the puppetmaster capacity can be increased by at least 10 times times.

First, install the Configuration Mongrel service:

To use the puppet multiport configuration, you need to specify the mongrel type, which is not installed by default and needs to be installed. Execute the following command on the puppetmaster server side (provided that the corresponding version of the Epel Redhat source is installed):

RPM-UVH Http://mirrors.sohu.com/fedora-epel/5/x86_64/epel-release-5-4.noarch.rpmyum install-y Rubygem-mongrel

Add the following two lines at the end of the Vi/etc/sysconfig/puppetmaster file

Also comment out the same configuration items, representing the multi-port, mongrel type, respectively:

puppetmaster_ports= (18140 18141 18142 18143 18144) puppetmaster_extra_opts= "--servertype=mongrel--ssl_client_header =http_x_ssl_subject "

Second, install the configuration Nginx server:

CD/USR/SRC, Wget-c http://nginx.org/download/nginx-1.2.6.tar.gz, tar xzf nginx-1.2.6.tgz && CD nginx-1.2.6 & ; &./configure--prefix=/usr/local/nginx--with-http_ssl_module &&make &&make Install

nginx.conf configuration file section content:

upstream puppetmaster {        server 127.0.0.1:18140;         server 127.0.0.1:18141;         server 127.0.0.1:18142;        server  127.0.0.1:18143;        server 127.0.0.1:18144;  } server{   listen 8140;   root /etc/puppet;   ssl  on;   ssl_session_timeout 5m;    #如下为Puppetmaster服务器端证书地址     Ssl_certificate /var/lib/puppet/ssl/certs/192-9-117-162-usr/local.com.pem;   ssl_ Certificate_key /var/lib/puppet/ssl/private_keys/192-9-117-162-usr/local.com.pem;   ssl_ client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem;   ssl_crl /var/lib/puppet/ssl/ Ca/ca_crl.pem;   ssl_verify_client optional;   # file sections   location  / production/file_content/files/{   types { }   default_type /usr/ locallication/x-raw;    #主要用于推送文件, define the files alias path    alias /etc/puppet/files/;    }   # Modules files sections   location   ~/production/file_content/modules/.+/ {   root /etc/puppet/modules;    types { }   default_type usr/locallication/x-raw;   rewrite  ^/production/file_content/modules/(. +)/(. +) $ /$1/files/$2 break;   }     location / {    #设置跳转到puppetmaster负载均衡    proxy_pass  http://puppetmaster;   proxy_redirect off;   proxy_set_header  host  $host;    proxy_set_header x-real-ip  $remote _addr;   proxy_set_header  X-forwarded-for$proxy_add_x_forwarded_for;   proxy_set_header x-client-verify$ssl_client_ Verify;   proxy_set_header x-ssl-subject$ssl_client_s_dn;   proxy_set_ Header x-ssl-issuer$ssl_client_i_dn;   proxy_buffer_size 10m;   proxy_ Buffers 1024 10m;   proxy_busy_buffers_size 10m;   proxy_temp_ file_write_size 10m;   proxy_read_timeout 120;    } }

Then restart the server-side/etc/init.d/puppetmaster Restart, restart the Nginx WEB, test on the client.

Third, Puppet Multi-Master Master deployment:

If you configure a multi-master cluster, you can share the 33.10 Master1 certificate, then another master mount the certificate, 192.168.33.10 NFS is configured as follows:

Vi/etc/exports content:

/var/lib/puppet/* (No_root_squash,rw,sync)

Then execute on the 192.168.33.11master2:

Mount-t NFS 192.168.33.10:/var/lib/puppet/ssl/var/lib/puppet/ssl

Then restart the Master2puppetmaster service.

Add multi-port service, same as required installation:

Yum Install-y Rubygem-mongrel

Also modify master2/etc/sysconfig/puppet.conf inside:

The [main] segment adds bind address = 0.0.0.0 so that the listening port is 0.0.0.0 global all addresses.

so in Master1 Nginx can be upstream, the final Master1 nginx.conf upstream configuration is as follows:

upstreampuppetmaster {         server 127.0.0.1:18140;        server 127.0.0.1:18141;         server 127.0.0.1:18142;         server 127.0.0.1:18143;         server  127.0.0.1:18144;         #config  add 2014-10-10         server 192.168.33.11:18140;         server 192.168.33.11:18141;        server  192.168.33.11:18142;        server 192.168.33.11:18143;         server 192.168.33.11:18144;  } 

If you need to do keepalived high-availability cluster, in fact, it is not difficult, we can divergent thinking to build Oh. More exciting articles, welcome to continue to pay attention!

This article is from the "Wu Guangko-Keio Linux Operations Training" blog, please be sure to keep this source http://wgkgood.blog.51cto.com/1192594/1690881

Puppet automated high-availability cluster deployment