概述

横向扩展实验之一 – 扩展puppet master 的个数.

实验环境

master 和 node 都是 debian 7.7 i686 系统

2个 puppet master 在一台机器上, 都是 apache 虚拟主机

实验步骤

创建puppetmaster的rack环境

  1. cd /usr/share/puppet/rack
  3. mkdir -p puppetmasterd_18140/{public,tmp}
  4. cp puppetmasterd/config.ru puppetmasterd_18140/
  5. chown puppet puppetmasterd_18140/config.ru
  7. mkdir -p puppetmasterd_18141/{public,tmp}
  8. cp puppetmasterd/config.ru puppetmasterd_18141/
  9. chown puppet puppetmasterd_18141/config.ru

配置文件设置

  • passenger.conf : passenger 配置信息

    放在 /etc/apache2/mods-available 中, 并在 /etc/apache2/mods-enabled中建立软连接
  • puppetmaster_proxy.conf

    关闭 SSL, 重新请求头部, 为后端进程做负载均衡,放在 /etc/apache2/site-available 中, 并在 /etc/apache2/site-enabled中建立软连接
  • puppetmaster_worker_1.conf

    虚拟主机1, 指向处理puppet请求的Rac目录,放在 /etc/apache2/site-available 中, 并在 /etc/apache2/site-enabled中建立软连接
  • puppetmaster_worker_2.conf

    虚拟主机2, 指向处理puppet请求的Rac目录,放在 /etc/apache2/site-available 中, 并在 /etc/apache2/site-enabled中建立软连接

各个配置文件的详细内容如下:

  1. $ cat passenger.conf
  2. <IfModule mod_passenger.c>
  3.   PassengerRoot /usr
  4.   PassengerRuby /usr/bin/ruby
  6.   # And the passenger performance tuning settings
  7.   PassengerHighPerformance On
  8.   # Set this to about 1.5 times the number of CPU cores in your master:
  9.   PassengerMaxPoolSize 2
  10.   # Recycle master processes after they service 1000 requests
  11.   PassengerMaxRequests 1000
  12.   # Stop processes if they sit idle for 10 minutes
  13.   PassengerPoolIdleTime 600
  14. </IfModule>
  16. $ cat puppetmaster_proxy.conf
  17. # Available back-end worker virtual hosts
  18. # NOTE the use of cleartext unencrypted HTTP.
  19. <Proxy balancer://puppetmaster>
  20.   BalancerMember http://127.0.0.1:18140
  21.   BalancerMember http://127.0.0.1:18141
  22. </Proxy>
  24. Listen 8140
  25. <VirtualHost *:8140>
  26.   SSLEngine on
  27.   # SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA
  28.   SSLProtocol ALL +SSLv3 +TLSv1
  29.   SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
  30.   #SSLProtocol ALL -SSLv2
  31.   #SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP
  32.   # Puppet master should generate initial CA certificate.
  33.   # ensure certs are located in /var/lib/puppet/ssl
  34.   SSLCertificateFile /var/lib/puppet/ssl/certs/master-1.puppet.com.pem
  35.   SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/master-1.puppet.com.pem
  36.   SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
  37.   SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
  38.   SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
  39.   # optional to all CSR request, required if certificates distributed to client during provisioning.
  40.   SSLVerifyClient optional
  41.   SSLVerifyDepth 1
  42.   SSLOptions +StdEnvVars
  44.   # The following client headers record authentication information for downstream workers.
  45.   RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
  46.   RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
  47.   RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
  49.   <Location />
  50.     SetHandler balancer-manager
  51.     Order allow,deny
  52.     Allow from all
  53.   </Location>
  55.   ProxyPass / balancer://puppetmaster/
  56.   ProxyPassReverse / balancer://puppetmaster/
  57.   ProxyPreserveHost On
  59.   # log settings
  60.   ErrorLog /var/log/apache2/balancer_error.log
  61.   CustomLog /var/log/apache2/balancer_access.log combined
  62.   CustomLog /var/log/apache2/balancer_ssl_requests.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
  64. </VirtualHost>
  66. $ cat puppetmaster_worker_1.conf
  67. Listen 18140
  68. <VirtualHost 127.0.0.1:18140>
  69.   SSLEngine off
  71.   # Obtain Authentication Information from Client Request Headers
  72.   SetEnvIf X-Client-Verify "(.*)" SSL_CLIENT_VERIFY=$1
  73.   SetEnvIf X-SSL-Client-DN "(.*)" SSL_CLIENT_S_DN=$1
  75.   PassengerEnabled On
  76.   DocumentRoot /usr/share/puppet/rack/puppetmasterd_18140/public
  77.   <Directory /usr/share/puppet/rack/puppetmasterd_18140>
  78.     Options None
  79.     AllowOverride None
  80.     Order allow,deny
  81.     allow from all
  82.   </Directory>
  84.   # log settings
  85.   ErrorLog /var/log/apache2/puppetmaster_worker_error_1.log
  86.   CustomLog /var/log/apache2/puppetmaster_worker_access_1.log combined
  88. </VirtualHost>
  90. $ cat puppetmaster_worker_2.conf
  91. Listen 18141
  92. <VirtualHost 127.0.0.1:18141>
  93.   SSLEngine off
  95.   # Obtain Authentication Information from Client Request Headers
  96.   SetEnvIf X-Client-Verify "(.*)" SSL_CLIENT_VERIFY=$1
  97.   SetEnvIf X-SSL-Client-DN "(.*)" SSL_CLIENT_S_DN=$1
  99.   PassengerEnabled On
  100.   DocumentRoot /usr/share/puppet/rack/puppetmasterd_18141/public
  101.   <Directory /usr/share/puppet/rack/puppetmasterd_18141>
  102.     Options None
  103.     AllowOverride None
  104.     Order allow,deny
  105.     allow from all
  106.   </Directory>
  108.   # log settings
  109.   ErrorLog /var/log/apache2/puppetmaster_worker_error_2.log
  110.   CustomLog /var/log/apache2/puppetmaster_worker_access_2.log combined
  112. </VirtualHost>

补充说明

apache默认没有加载 proxy 和 proxy_balancer 和 proxy_http 模块,需要补上

  1. cd /etc/apache2/mods-enabled
  2. ln -s ../mods-available/proxy.conf proxy.conf
  3. ln -s ../mods-available/proxy.load proxy.load
  4. ln -s ../mods-available/proxy_balancer.conf proxy_balancer.conf
  5. ln -s ../mods-available/proxy_balancer.load proxy_balancer.load
  6. ln -s ../mods-available/proxy_http.load proxy_http.load     # 没有这个模块, agent 会有 503错误
  8. cd /etc/apache2/sites-enabled
  9. ln -s ../sites-available/puppetmaster_proxy.conf puppetmaster_proxy
  10. ln -s ../sites-available/puppetmaster_worker_1.conf puppetmaster_worker_1
  11. ln -s ../sites-available/puppetmaster_worker_2.conf puppetmaster_worker_2

默认的 8140 端口关闭

  1. rm /etc/apache2/sites-enabled/puppetmaster
  2. service apache2 restart

配置完成后如果有类似如下 403 权限不足的错误

  1. Warning: Unable to fetch my node definition, but the agent run will continue:
  2. Warning: Error 403 on SERVER: Forbidden request: localhost(127.0.0.1) access to /certificate_revocation_list/ca [find] at :119

那么, 将 master-1 上的 /etc/puppet/puppet.conf 文件中 [master] 下 如下2行注释掉。(估计SSL由代理服务器来完成)

  1. #ssl_client_header = SSL_CLIENT_S_DN
  2. #ssl_client_verify_header = SSL_CLIENT_VERIFY

测试配置结果

默认的负载均衡

  1. # puppet master 上执行
  2. root@master-1:/var/log/apache2# service apache2 restart
  3. # 开始时, 负载均衡的log都是空的
  4. root@master-1:/var/log/apache2# ll /var/log/apache2/
  5. total 4
  6. -rw-r--r-- 1 root root   0 Jan  7 09:58 access.log
  7. -rw-r--r-- 1 root root   0 Jan  7 16:43 balancer_access.log
  8. -rw-r--r-- 1 root root   0 Jan  7 16:43 balancer_error.log
  9. -rw-r--r-- 1 root root   0 Jan  7 16:43 balancer_ssl_requests.log
  10. -rw-r--r-- 1 root root 597 Jan  7 16:43 error.log
  11. -rw-r--r-- 1 root root   0 Jan  7 09:58 other_vhosts_access.log
  12. -rw-r--r-- 1 root root   0 Jan  7 16:43 puppetmaster_worker_access_1.log
  13. -rw-r--r-- 1 root root   0 Jan  7 16:43 puppetmaster_worker_access_2.log
  14. -rw-r--r-- 1 root root   0 Jan  7 16:43 puppetmaster_worker_error_1.log
  15. -rw-r--r-- 1 root root   0 Jan  7 16:43 puppetmaster_worker_error_2.log
  17. # agent 上执行
  18. puppet agent -t
  20. # master 上查看log
  21. root@master-1:/var/log/apache2# ll /var/log/apache2/
  22. total 20
  23. -rw-r--r-- 1 root root   0 Jan  7 09:58 access.log
  24. -rw-r--r-- 1 root root 821 Jan  7 16:52 balancer_access.log
  25. -rw-r--r-- 1 root root   0 Jan  7 16:43 balancer_error.log
  26. -rw-r--r-- 1 root root 903 Jan  7 16:52 balancer_ssl_requests.log
  27. -rw-r--r-- 1 root root 597 Jan  7 16:43 error.log
  28. -rw-r--r-- 1 root root   0 Jan  7 09:58 other_vhosts_access.log
  29. -rw-r--r-- 1 root root 489 Jan  7 16:52 puppetmaster_worker_access_1.log
  30. -rw-r--r-- 1 root root 311 Jan  7 16:52 puppetmaster_worker_access_2.log
  31. -rw-r--r-- 1 root root   0 Jan  7 16:43 puppetmaster_worker_error_1.log
  32. -rw-r--r-- 1 root root   0 Jan  7 16:43 puppetmaster_worker_error_2.log
  33. root@master-1:/var/log/apache2# cat balancer_access.log
  34. 192.168.1.120 - - [07/Jan/2015:16:52:37 +0800] "GET /production/node/node-1.puppet.com?transaction_uuid=7998c4d3-ba8e-4ffd-8f7f-8d37f3de42ec&fail_on_404=true HTTP/1.1" 200 10464 "-" "Ruby"
  35. 192.168.1.120 - - [07/Jan/2015:16:52:39 +0800] "GET /production/file_metadatas/pluginfacts?links=manage&recurse=true&ignore=.svn&ignore=CVS&ignore=.git&checksum_type=md5 HTTP/1.1" 200 569 "-" "Ruby"
  36. 192.168.1.120 - - [07/Jan/2015:16:52:40 +0800] "GET /production/file_metadatas/plugins?links=manage&recurse=true&ignore=.svn&ignore=CVS&ignore=.git&checksum_type=md5 HTTP/1.1" 200 569 "-" "Ruby"
  37. 192.168.1.120 - - [07/Jan/2015:16:52:40 +0800] "POST /production/catalog/node-1.puppet.com HTTP/1.1" 200 869 "-" "Ruby"
  38. 192.168.1.120 - - [07/Jan/2015:16:52:41 +0800] "PUT /production/report/node-1.puppet.com HTTP/1.1" 200 298 "-" "Ruby"
  39. root@master-1:/var/log/apache2# cat puppetmaster_worker_access_1.log
  40. 127.0.0.1 - - [07/Jan/2015:16:52:37 +0800] "GET /production/node/node-1.puppet.com?transaction_uuid=7998c4d3-ba8e-4ffd-8f7f-8d37f3de42ec&fail_on_404=true HTTP/1.1" 200 5120 "-" "Ruby"
  41. 127.0.0.1 - - [07/Jan/2015:16:52:40 +0800] "GET /production/file_metadatas/plugins?links=manage&recurse=true&ignore=.svn&ignore=CVS&ignore=.git&checksum_type=md5 HTTP/1.1" 200 566 "-" "Ruby"
  42. 127.0.0.1 - - [07/Jan/2015:16:52:41 +0800] "PUT /production/report/node-1.puppet.com HTTP/1.1" 200 295 "-" "Ruby"
  43. root@master-1:/var/log/apache2# cat puppetmaster_worker_access_2.log
  44. 127.0.0.1 - - [07/Jan/2015:16:52:39 +0800] "GET /production/file_metadatas/pluginfacts?links=manage&recurse=true&ignore=.svn&ignore=CVS&ignore=.git&checksum_type=md5 HTTP/1.1" 200 567 "-" "Ruby"
  45. 127.0.0.1 - - [07/Jan/2015:16:52:40 +0800] "POST /production/catalog/node-1.puppet.com HTTP/1.1" 200 866 "-" "Ruby"

从上面的log可以看出 agent 上执行的 puppet agent -t 一共访问了 5 次 master.

其中3次由 worker_1 处理了, 2次由 worker_2 处理了. <== 这就是负载均衡的效果

负载均衡情况下, 一台 puppet master 挂了的情况

  1. # master 上执行, 清空log, 删除 puppetmaster_worker_1 的配置, 重启apache2 服务
  2. root@master-1:~# rm /var/log/apache2/* -rf
  3. root@master-1:~# rm /etc/apache2/sites-enabled/puppetmaster_worker_1
  4. rm: remove symbolic link `/etc/apache2/sites-enabled/puppetmaster_worker_1'? y
  5. root@master-1:~# service apache2 restart
  6. [ ok ] Restarting web server: apache2 ... waiting .
  7. root@master-1:~# ll /var/log/apache2/
  8. total 4
  9. -rw-r--r-- 1 root root   0 Jan  7 17:53 access.log
  10. -rw-r--r-- 1 root root   0 Jan  7 17:53 balancer_access.log
  11. -rw-r--r-- 1 root root   0 Jan  7 17:53 balancer_error.log
  12. -rw-r--r-- 1 root root   0 Jan  7 17:53 balancer_ssl_requests.log
  13. -rw-r--r-- 1 root root 155 Jan  7 17:53 error.log
  14. -rw-r--r-- 1 root root   0 Jan  7 17:53 other_vhosts_access.log
  15. -rw-r--r-- 1 root root   0 Jan  7 17:53 puppetmaster_worker_access_2.log
  16. -rw-r--r-- 1 root root   0 Jan  7 17:53 puppetmaster_worker_error_2.log
  18. # agent 上执行
  19. root@node-1:~# puppet agent -t
  20. Info: Retrieving pluginfacts
  21. Info: Retrieving plugin
  22. Info: Caching catalog for node-1.puppet.com
  23. Info: Applying configuration version '1420626127'
  24. Notice: Finished catalog run in 0.03 seconds
  26. # master 上查看执行结果
  27. root@master-1:~# ll /var/log/apache2/
  28. total 20
  29. -rw-r--r-- 1 root root   0 Jan  7 17:53 access.log
  30. -rw-r--r-- 1 root root 821 Jan  7 18:22 balancer_access.log
  31. -rw-r--r-- 1 root root 223 Jan  7 18:22 balancer_error.log
  32. -rw-r--r-- 1 root root 903 Jan  7 18:22 balancer_ssl_requests.log
  33. -rw-r--r-- 1 root root 155 Jan  7 17:53 error.log
  34. -rw-r--r-- 1 root root   0 Jan  7 17:53 other_vhosts_access.log
  35. -rw-r--r-- 1 root root 800 Jan  7 18:22 puppetmaster_worker_access_2.log
  36. -rw-r--r-- 1 root root   0 Jan  7 17:53 puppetmaster_worker_error_2.log
  37. root@master-1:~# cat /var/log/apache2/balancer_access.log
  38. 192.168.1.120 - - [07/Jan/2015:18:22:05 +0800] "GET /production/node/node-1.puppet.com?transaction_uuid=29b0a3a5-8749-4647-92a4-a6da66c25c64&fail_on_404=true HTTP/1.1" 200 10466 "-" "Ruby"
  39. 192.168.1.120 - - [07/Jan/2015:18:22:06 +0800] "GET /production/file_metadatas/pluginfacts?links=manage&recurse=true&ignore=.svn&ignore=CVS&ignore=.git&checksum_type=md5 HTTP/1.1" 200 569 "-" "Ruby"
  40. 192.168.1.120 - - [07/Jan/2015:18:22:06 +0800] "GET /production/file_metadatas/plugins?links=manage&recurse=true&ignore=.svn&ignore=CVS&ignore=.git&checksum_type=md5 HTTP/1.1" 200 569 "-" "Ruby"
  41. 192.168.1.120 - - [07/Jan/2015:18:22:07 +0800] "POST /production/catalog/node-1.puppet.com HTTP/1.1" 200 869 "-" "Ruby"
  42. 192.168.1.120 - - [07/Jan/2015:18:22:07 +0800] "PUT /production/report/node-1.puppet.com HTTP/1.1" 200 298 "-" "Ruby"
  43. root@master-1:~# cat /var/log/apache2/puppetmaster_worker_access_2.log
  44. 127.0.0.1 - - [07/Jan/2015:18:22:05 +0800] "GET /production/node/node-1.puppet.com?transaction_uuid=29b0a3a5-8749-4647-92a4-a6da66c25c64&fail_on_404=true HTTP/1.1" 200 5122 "-" "Ruby"
  45. 127.0.0.1 - - [07/Jan/2015:18:22:06 +0800] "GET /production/file_metadatas/pluginfacts?links=manage&recurse=true&ignore=.svn&ignore=CVS&ignore=.git&checksum_type=md5 HTTP/1.1" 200 566 "-" "Ruby"
  46. 127.0.0.1 - - [07/Jan/2015:18:22:06 +0800] "GET /production/file_metadatas/plugins?links=manage&recurse=true&ignore=.svn&ignore=CVS&ignore=.git&checksum_type=md5 HTTP/1.1" 200 566 "-" "Ruby"
  47. 127.0.0.1 - - [07/Jan/2015:18:22:07 +0800] "POST /production/catalog/node-1.puppet.com HTTP/1.1" 200 866 "-" "Ruby"
  48. 127.0.0.1 - - [07/Jan/2015:18:22:07 +0800] "PUT /production/report/node-1.puppet.com HTTP/1.1" 200 295 "-" "Ruby"

从上面的log可以看出, 没有生成 worker_1 的log, 全部处理都是由 worker_2 完成的. agent 也没有出错.

puppet 横向扩展(一)的更多相关文章

  1. puppet 横向扩展(三)

    Table of Contents 1. 概述 2. 实验环境 3. 实验步骤 3.1. 机器B 的配置 3.2. 机器A 的配置 3.3. 测试配置结果 概述 横向扩展实验之三 – 将CA 认证服务 ...

  2. puppet 横向扩展(二)

    Table of Contents 1. 概述 2. 实验环境 3. 实验步骤 3.1. 机器B 的环境 3.1.1. 安装puppetmaster 以及 apache passenger 3.1.2 ...

  3. presto的动态化应用(一):presto节点的横向扩展与伸缩

    一.presto动态化概述 近年来,基于hadoop的sql框架层出不穷,presto也是其中的一员.从2012年发展至今,依然保持年轻的活力(版本迭代依然很快),presto的相关介绍,我们就不赘述 ...

  4. elasticsearch介绍集群,模拟横向扩展节点、节点宕机、改变分片

        出处:[http://www.cnblogs.com/dennisit/p/4133131.html] ,防楼主删博,故保留一份! elasticsearch用于构建高可用和可扩展的系统.扩展 ...

  5. 在 Windows Azure 网站中进行纵向扩展和横向扩展

    编辑人员注释:本文章由 Windows Azure 网站团队的项目经理 Byron Tardif 撰写. 当您开始一个新的 Web 项目,或者刚刚开始开发一般的网站和应用程序时,您可能希望从小处着手. ...

  6. SignalR学习笔记(五) 横向扩展之SQL Server

    当一个Web应用程序达到一台服务器能力限制,即请求处理数量限制之后,有2种解决方案:纵向扩展和横向扩展. 纵向扩展即用更强的服务器(或虚拟机),或为当前的服务器添加更多的内存,CPU等 横向扩展即添加 ...

  7. 转mysql横向扩展和纵向扩展

    Scale-up(纵向扩展)和Scale-out(横向扩展)的解释 谈到系统的可伸缩性,Scale-up(纵向扩展)和Scale-out(横向扩展)是两个常见的术语,对于初学者来说,很容易搞迷糊这两个 ...

  8. SQL Server横向扩展:设计,实现与维护(2)- 分布式分区视图

    为了使得朋友们对分布式分区视图有个概念,也为了方便后面的内容展开,我们先看看下面一个图:     讲述分布式分区视图之前,很有必要将之与我们常常熟悉的分区表和索引进行区别. 首先,分布式分区视图是一个 ...

  9. .net core 3.0 Signalr - 04 使用Redis做底板来支持横向扩展

    在实际的系统中,可能需要多台机器部署;然而,Signalr的连接信息是跟站点走的,举个例子 推送系统部署了A.B两个服务器,张三访问A服务器,李四访问B服务器,当张三通过A服务器向李四推送的时候,A服 ...

随机推荐

  1. Go Web:RESTful web service示例

    RESTful架构的简介 web服务的架构模式主要有2种:SOAP和REST.SOAP和REST都回答了同一个问题:如何访问web服务. SOAP风格的程序是功能驱动的,要借助xml来传递数据,明确表 ...

  2. C# 7.1中default关键字的新用法

    default 关键字有两类用法 switch语句中指定默认标签 默认值表达式 switch 语句 int caseSwitch = 1; switch (caseSwitch) { case 1: ...

  3. C#爬虫----Fiddler 插件开发 自动生成代码

    哈喽^_^ 一般我们在编写网页爬虫的时候经常会使用到Fiddler这个工具来分析http包,而且通常并不是分析一个包就够了的,所以为了把更多的时间放在分析http包上,自动化生成封包代码就尤为重要了( ...

  4. Linux配置2个或多个Tomcat同时运行

    一.问题说明今天操作Linux部署项目的时候,公司领导要求,只给一个服务器,但是有2个项目要部署,而且需要独立分开运行. 二.解决方法Linux配置两个或多个Tomcat,一个Tomcat对应部署一个 ...

  5. PHP中获取当前页面的URL信息

    <? //获取当前的域名: echo $_SERVER['SERVER_NAME']; //获取来源网址,即点击来到本页的上页网址 echo $_SERVER["HTTP_REFERE ...

  6. java连接MySQL数据库的方式

    Java连接数据库的几种方法 *说明 1.以MySQL数据库为例 2.分为四个步骤: 建立数据库连接, 向数据库中提交sql 处理数据库返回的结果 关闭数据库连接 一:JDBC 1.建立数据库连接 只 ...

  7. MATLAB R2017a 进入主界面以后一直处于初始化状态的解决办法

    自从前几天更新了win10系统,结果发现matlab不能用了,进入主界面一直初始化,没完没了. 网上说可能是许可证等问题,但经过尝试发现仍然无法解决问题. 仔细一想,发现win10系统的防火墙默默把它 ...

  8. Mysql中的外键分析(什么是外键,为什么要用外键,添加外键,主外键关联删除)

    有一个东西一直在我脑海中是个很烦的东西,但是这东西不搞清楚会阻碍自己的前进.自己做项目demo永远只能用一张表... 所以今天还是学习了下外键希望能够搞明白一些... 百度上搜索外键的作用" ...

  9. js动画 Css提供的运动 js提供的运动

    1.     动画 (1)      Css样式提供了运动 过渡的属性transition  从一种情况到另一种情况叫过渡 Transition:attr  time  linear  delay: ...

  10. javascript html页面中的内容替换

    <script language="javascript"> function ffRed(){  var xsxf = document.getElementById ...