puppet负载均衡之nginx+mongrel-TNT、运维之路
[*]yum install -y rubygem-mongrel
[*]echo -e "PUPPETMASTER_PORTS=( 18140 18141 18142 18143 18144 )\nPUPPETMASTER_EXTRA_OPTS=\"—servertype=mongrel--ssl_client_header=HTTP_X_SSL_SUBJECT\"" > /etc/sysconfig/puppetmaster
[*]useradd www
[*]groupadd www
[*]CORE_NUM=`cat /proc/cpuinfo | grep "model name" | wc -l`
[*]cd $path
[*]tar -zxvf pcre-8.10.tar.gz
[*]cd pcre-8.10/
[*]make clean
[*]./configure --disable-shared --with-pic
[*]make && make install
[*]cd ../
[*]tar -zxvf nginx-1.2.1.tar.gz
[*]cd ./nginx-1.2.1/
[*]./configure --prefix=$path_nginx --with-http_stub_status_module --with-http_ssl_module
[*]make && make install
[*]touch $path_nginx/html/index.php
[*]process () {
[*] ZERO=`for((i=1;i<=$CORE_NUM;i++));do echo -n "0";done;`
[*] for (( i = $CORE_NUM; i > o; i-- )); do
[*] echo -n ${ZERO:0:$i-1}"1"${ZERO:$i}" "
[*] done
[*]}
[*]sed -i "s/worker_processes.*/worker_processes $CORE_NUM;\nworker_cpu_affinity $(process);/" $path_nginx/conf/nginx.conf
[*]sed -i "s/#user.*/user www www;/" $path_nginx/conf/nginx.conf
[*]sed -i "s/index.html index.htm;/index.php &/" $path_nginx/conf/nginx.conf
[*]sed -i "47 a#\nlocation ~ \\\.php$ {\nfastcgi_pass 127.0.0.1:9000;\nfastcgi_index index.php;\nfastcgi_param SCRIPT_FILENAME /usr/local/nginx/html/\$fastcgi_script_name;\ninclude fastcgi_params;\ninclude fastcgi.conf;}#" $path_nginx/conf/nginx.conf
[*]
[*]######隐藏版本号##########################
[*]sed -i "s/^http {/&\n server_tokens off;/" $path_nginx/conf/nginx.conf
[*]###################################nginx自启动########################################
[*]#sed -i "s#^path_nginx=.*#path_nginx=$path_nginx#" $path/nginxd
[*]cp $path/nginxd /etc/init.d/
[*]mv $path_nginx/conf/nginx.conf $path_nginx/conf/nginx.conf.bak
[*]mv $path/nginx.conf $path_nginx/conf
[*]chmod 755 /etc/init.d/nginxd
[*]chkconfig --add nginxd
[*]chkconfig nginxd on
[*]kill -9 `/usr/sbin/lsof -i:8140 | grep 8140 |awk '{print $2}'`
[*]echo "############################################"
[*]echo " status "
[*]service nginxd start
[*]service puppetmaster start
注意下:nginx.conf里面的内容如下,请大家按照的自己的环境修改一下:
[*]user www www;
[*]worker_processes 1;
[*]worker_cpu_affinity 1 ;
[*]
[*]error_loglogs/error.log;
[*]#error_loglogs/error.lognotice;
[*]#error_loglogs/error.loginfo;
[*]
[*]pid /usr/local/nginx/nginx.pid;
[*]
[*]
[*]events {
[*] worker_connections1024;
[*]}
[*]
[*]
[*]http {
[*] server_tokens off;
[*] include mime.types;
[*] default_typeapplication/octet-stream;
[*]
[*] #log_formatmain'$remote_addr - $remote_user [$time_local] "$request" '
[*] # '$status $body_bytes_sent "$http_referer" '
[*] # '"$http_user_agent" "$http_x_forwarded_for"';
[*]
[*] #access_loglogs/access.logmain;
[*]
[*] sendfile on;
[*] #tcp_nopush on;
[*]
[*] #keepalive_timeout0;
[*] keepalive_timeout65;
[*] upstream puppetmaster {
[*] server 127.0.0.1:18140;
[*] server 127.0.0.1:18141;
[*] server 127.0.0.1:18142;
[*] server 127.0.0.1:18143;
[*] server 127.0.0.1:18144;
[*] }
[*] #gzipon;
[*] server {
[*] listen 8140;
[*] root /etc/puppet;
[*] access_log /usr/local/nginx/logs/puppet_access.log;
[*] error_log /usr/local/nginx/logs/puppet_error.log;
[*] ssl on;
[*] ssl_session_timeout 5m;
[*] #如下为Puppetmaster服务器端证书地址
[*] ssl_certificate /var/lib/puppet/ssl/certs/server.domain.com.pem;
[*] ssl_certificate_key /var/lib/puppet/ssl/private_keys/server.domain.com.pem;
[*] ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem;
[*] ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem;
[*] ssl_verify_client optional;
[*] # File sections
[*] location /production/file_content/files/ {
[*] types { }
[*] default_type application/x-raw;
[*] #主要用于推送文件,定义files别名路径
[*] alias /etc/puppet/files/;
[*] }
[*] # Modules files sections
[*] location ~ /production/file_content/modules/.+/ {
[*] root /etc/puppet/modules;
[*] types { }
[*] default_type application/x-raw;
[*] #rewrite ^/production/file_content/modules/(.+)/(.+)$ /$1/files/$2 break;
[*] rewrite ^/production/file_content/modules/([^/]+)/(.+)$ /$1/files/$2 break;
[*] }
[*] location / {
[*] #设置跳转到puppetmaster负载均衡
[*] proxy_pass http://puppetmaster;
[*] proxy_redirect off;
[*] proxy_set_header Host $host;
[*] proxy_set_header X-Real-IP $remote_addr;
[*] proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
[*] proxy_set_header X-Client-Verify $ssl_client_verify;
[*] proxy_set_header X-SSL-Subject $ssl_client_s_dn;
[*] proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
[*] proxy_buffer_size 10m;
[*] proxy_buffers 1024 10m;
[*] proxy_busy_buffers_size 10m;
[*] proxy_temp_file_write_size 10m;
[*] proxy_read_timeout 120;
[*] }
[*]
[*] }
[*]}
另外说明下脚本里面的nginxd,是指nginx的启动脚本,内容如下:
[*]#!/bin/sh
[*]#
[*]# nginx - this script starts and stops the nginx daemin
[*]#
[*]# chkconfig: - 85 15
[*]# description:Nginx is an HTTP(S) server, HTTP(S) reverse \
[*]# proxy and IMAP/POP3 proxy server
[*]# processname: nginx
[*]# config: /usr/local/nginx/conf/nginx.conf
[*]# pidfile: /usr/local/nginx/logs/nginx.pid
[*]
[*]# Source function library.
[*]. /etc/rc.d/init.d/functions
[*]
[*]# Source networking configuration.
[*]. /etc/sysconfig/network
[*]
[*]# Check that networking is up.
[*][ "$NETWORKING" = "no" ] && exit 0
[*]
[*]nginx="/usr/local/nginx/sbin/nginx"
[*]prog=$(basename $nginx)
[*]
[*]NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"
[*]
[*]lockfile=/var/lock/subsys/nginx
[*]
[*]start() {
[*] [ -x $nginx ] || exit 5
[*] [ -f $NGINX_CONF_FILE ] || exit 6
[*] echo -n $"Starting $prog: "
[*] daemon $nginx -c $NGINX_CONF_FILE
[*] retval=$?
[*] echo
[*] [ $retval -eq 0 ] && touch $lockfile
[*] return $retval
[*]}
[*]
[*]stop() {
[*] echo -n $"Stopping $prog: "
[*] killproc $prog -QUIT
[*] retval=$?
[*] echo
[*] [ $retval -eq 0 ] && rm -f $lockfile
[*] return $retval
[*]}
[*]
[*]restart() {
[*] configtest || return $?
[*] stop
[*] start
[*]}
[*]
[*]reload() {
[*] configtest || return $?
[*] echo -n $"Reloading $prog: "
[*] killproc $nginx -HUP
[*] RETVAL=$?
[*] echo
[*]}
[*]
[*]force_reload() {
[*] restart
[*]}
[*]
[*]configtest() {
[*]$nginx -t -c $NGINX_CONF_FILE
[*]}
[*]
[*]rh_status() {
[*] status $prog
[*]}
[*]
[*]rh_status_q() {
[*] rh_status >/dev/null 2>&1
[*]}
[*]
[*]case "$1" in
[*] start)
[*] rh_status_q && exit 0
[*] $1
[*] ;;
[*] stop)
[*] rh_status_q || exit 0
[*] $1
[*] ;;
[*] restart|configtest)
[*] $1
[*] ;;
[*] reload)
[*] rh_status_q || exit 7
[*] $1
[*] ;;
[*] force-reload)
[*] force_reload
[*] ;;
[*] status)
[*] rh_status
[*] ;;
[*] condrestart|try-restart)
[*] rh_status_q || exit 0
[*] ;;
[*] *)
[*] echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
[*] exit 2
[*]esac
这样大概的系列脚本就结束了;
对于Puppet,其实还可以结合下func来使用;具体的安装过程可以找一下 老广的博客;
另外最近刚知道有个自动化部署的工具,叫salt,最近测试了一下感觉还不错,所以决定继续深入学习;关于salt的安装过程已经放出,有兴趣的可以一起学习下。
OVER!!!!
页:
[1]