前言:隨着公司應用需求的增加,需要不斷的擴展,服務器數量也隨之增加,當服務器數量不斷增加,我們會發現一臺puppetmaster響應很慢,壓力大,解析緩慢,有什麼優化的方案嗎?可以使用Puppetmaster配置多端口,結合Nginx web代理,這樣puppetmaster承受能力至少可以提升10倍以上。
一、安裝配置mongrel服務:
要使用puppet多端口配置,需要指定mongrel類型,默認沒有安裝,需要安裝。在Puppetmaster服務器端執行如下命令(前提是已經安裝了對應版本的epel redhat源):
rpm -Uvh http://mirrors.sohu.com/fedora-epel/5/x86_64/epel-release-5-4.noarch.rpm yum install -y rubygem-mongrel
在vi /etc/sysconfig/puppetmaster文件末尾添加如下兩行、
同時註釋掉原相同配置項,分別代表多端口、mongrel類型:
PUPPETMASTER_PORTS=(18140 18141 18142 18143 18144) PUPPETMASTER_EXTRA_OPTS="--servertype=mongrel --ssl_client_header=HTTP_X_SSL_SUBJECT"
二、安裝配置Nginx服務器:
cd /usr/src ;wget -c http://nginx.org/download/nginx-1.2.6.tar.gz ;tar xzf nginx-1.2.6.tgz && cd nginx-1.2.6 &&./configure --prefix=/usr/local/nginx --with-http_ssl_module &&make &&make install
Nginx.conf配置文件部分內容:
upstream puppetmaster { server 127.0.0.1:18140; server 127.0.0.1:18141; server 127.0.0.1:18142; server 127.0.0.1:18143; server 127.0.0.1:18144; } server{ listen 8140; root /etc/puppet; ssl on; ssl_session_timeout 5m; #如下爲Puppetmaster服務器端證書地址 ssl_certificate /var/lib/puppet/ssl/certs/192-9-117-162-usr/local.com.pem; ssl_certificate_key /var/lib/puppet/ssl/private_keys/192-9-117-162-usr/local.com.pem; ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem; ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem; ssl_verify_client optional; # File sections location /production/file_content/files/{ types { } default_type /usr/locallication/x-raw; #主要用於推送文件,定義files別名路徑 alias /etc/puppet/files/; } # Modules files sections location ~/production/file_content/modules/.+/ { root /etc/puppet/modules; types { } default_type usr/locallication/x-raw; rewrite ^/production/file_content/modules/(.+)/(.+)$ /$1/files/$2 break; } location / { #設置跳轉到puppetmaster負載均衡 proxy_pass http://puppetmaster; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For$proxy_add_x_forwarded_for; proxy_set_header X-Client-Verify$ssl_client_verify; proxy_set_header X-SSL-Subject$ssl_client_s_dn; proxy_set_header X-SSL-Issuer$ssl_client_i_dn; proxy_buffer_size 10m; proxy_buffers 1024 10m; proxy_busy_buffers_size 10m; proxy_temp_file_write_size 10m; proxy_read_timeout 120; } }
然後重啓服務器端/etc/init.d/puppetmaster restart ,重啓nginx WEB,在客戶端測試即可。
三、Puppet多master主部署:
如果配置多主集羣的話,可以共享33.10 master1的證書,然後另外一臺master掛載證書即可,192.168.33.10 nfs配置方式如下:
Vi /etc/exports 內容:
/var/lib/puppet/ *(no_root_squash,rw,sync)
然後在192.168.33.11master2上執行:
mount -t nfs 192.168.33.10:/var/lib/puppet/ssl /var/lib/puppet/ssl
然後重啓master2puppetmaster服務。
添加多端口服務,同上需要安裝:
yum install -y rubygem-mongrel
同時修改master2/etc/sysconfig/puppet.conf裏面:
[main]段添加bind address = 0.0.0.0,使監聽端口爲0.0.0.0全局所有地址。
這樣在master1 nginx可以upstream,最終master1 nginx.conf upstream配置如下:
upstreampuppetmaster { server 127.0.0.1:18140; server 127.0.0.1:18141; server 127.0.0.1:18142; server 127.0.0.1:18143; server 127.0.0.1:18144; #config add 2014-10-10 server 192.168.33.11:18140; server 192.168.33.11:18141; server 192.168.33.11:18142; server 192.168.33.11:18143; server 192.168.33.11:18144; }
如果需要做keepalived高可用集羣,其實也不難,大家可以發散思維去搭建一下哦。更多精彩文章,歡迎持續關注!