httpd+passenger处理puppet大并发
httpd+passenger处理puppet大并发puppetmaster默认使用的是ruby自带的web服务器WEBRick,它太过简陋,无法满足puppet客户端成百上千的并发,apache成熟稳定、功能强大,这里用apache替换WEBRick。步骤如下
禁用selinux ,修改/etc/selinux/config
[*]SELINUX=disabled
(必须果断禁用selinux,我测试好久没成功都怪它捣鬼。方法有很多,在grub内核启动参数后加selinux=0 也可)
用puppet的方式安装apache 和 mod_ssl (等效于yum install)
[*]# puppet resource package httpd ensure=present
[*]# puppet resource package mod_ssl ensure=present
[*]# puppet resource service httpd ensure=stopped
安装passenger
passenger是一套apache的ruby模块,工作方式跟mod_php差不多
[*]# rpm -Uvhhttp://passenger.stealthymonkeys.com/rhel/6/passenger-release.noarch.rpm
[*]# yum install mod_passenger --enablerepo=epel
1、httpd的配置文件
[*]# cp /usr/share/puppet/ext/rack/files/apache2.conf /etc/httpd/conf.d/rack.conf
很不幸,这里的配置文件是给debian/ubuntu用的,需要修正一些设置,譬如ssl路径为/var/lib/puppet/ssl
还有两行要注意,证书名字需要替换,否则httpd报错文件不存在,无法启动httpd。
将
[*]SSLCertificateFile/etc/puppet/ssl/certs/squigley.namespace.at.pem
[*]SSLCertificateKeyFile /etc/puppet/ssl/private_keys/squigley.namespace.at.pem
替换成
[*]SSLCertificateFile/var/lib/puppet/ssl/certs/puppet.test.org.pem
[*]SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet.test.org.pem
2、建立httpd虚拟主机的根目录,/etc/puppet/rack
[*]# mkdir -p /etc/puppet/rack/{public,tmp}
[*]# cp /usr/share/puppet/ext/rack/files/config.ru /etc/puppet/rack/
[*]# chown puppet:puppet /etc/puppet/rack/config.ru
(config.ru 文件为触发apache调用puppetmaster )
3、测试成功
[*]# chkconfig puppetmaster off
[*]# chkconfig httpd on
[*]# service httpd start
[*]# puppet agent --test
[*]info: Caching catalog for apache01.test.org
[*]info: Applying configuration version '1343463477'
[*]notice: Finished catalog run in 0.02 seconds
(补充说明,8140端口被apache占据,因此puppetmaster应该禁用。 )
页:
[1]