概要

unicorn 和之前的 passenger 的设计理念不同, 究竟谁更好其实还得看具体的使用场景.

但是我觉得 unicorn 有个比 passenger 好的地方就是不用重新编译 nginx.

nginx + unicorn 配置

package 安装

  1. root@master-1:~# apt-get install nginx
  2. root@master-1:~# apt-get install ruby-dev
  3. root@master-1:~# gem install unicorn

配置文件设置

配置 unicorn

  1. root@master-1:~# cat /usr/share/puppet/rack/puppetmasterd/unicorn.conf
  2. worker_processes 8
  3.     #working_directory "/etc/puppet"
  4.     working_directory "/usr/share/puppet/rack/puppetmasterd"
  5.     listen '/var/run/puppet/puppetmaster_unicorn.sock', :backlog => 512
  6.     timeout 120
  7.     pid "/var/run/puppet/puppetmaster_unicorn.pid"
  8.     preload_app true
  9.     if GC.respond_to?(:copy_on_write_friendly=)
  10.       GC.copy_on_write_friendly = true
  11.     end
  12.     before_fork do |server, worker|
  13.       old_pid = "#{server.config[:pid]}.oldbin"
  14.       if File.exists?(old_pid); server.pid != old_pid
  15.         begin
  16.           Process.kill("QUIT", File.read(old_pid).to_i)
  17.         rescue Errno::ENOENT, Errno::ESRCH
  18.           # someone else did our job for us
  19.         end
  20.       end
  21.     end

配置nginx

  1. root@master-1:~# cat /etc/nginx/conf.d/puppet-unicorn.conf
  2. upstream puppetmaster_unicorn {
  3.       server unix:/var/run/puppet/puppetmaster_unicorn.sock fail_timeout=0;
  4. }
  5. server {
  6. listen 8140;
  7.     ssl on;
  8.     ssl_session_timeout 5m;
  9.     ssl_certificate /var/lib/puppet/ssl/certs/master-1.puppet.com.pem;
  10.     ssl_certificate_key /var/lib/puppet/ssl/private_keys/master-1.puppet.com.pem;
  11.     ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem;
  12.     ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA;
  13.     ssl_verify_client optional;
  14.     root /usr/share/empty;
  15.     proxy_set_header Host $host;
  16.     proxy_set_header X-Real-IP $remote_addr;
  17.     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  18.     proxy_set_header X-Client-Verify $ssl_client_verify;
  19.     proxy_set_header X-Client-DN $ssl_client_s_dn;
  20.     proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
  21.     proxy_read_timeout 120;
  22. location / {
  23.     proxy_pass http://puppetmaster_unicorn;
  24.     proxy_redirect off;
  25.     }
  26. }

测试配置结果

  1. # master 上清除证书
  2. root@master-1:/# puppet cert list --all
  3. + "master-1.puppet.com" (SHA256) 38:79:AE:E8:BF:04:EB:F5:C5:D0:62:08:35:D0:4A:13:A7:D4:F4:63:D7:C8:E4:D3:54:1E:35:E3:9F:70:A2:FE (alt names: "DNS:master-1.puppet.com", "DNS:puppet", "DNS:puppet.puppet.com")
  4. + "node-1.puppet.com"   (SHA256) 2A:3B:D4:A7:D2:29:50:AC:06:38:B7:16:AC:B8:F7:0C:4F:74:2A:28:6D:1F:00:D7:72:BB:C2:BE:6E:70:ED:AA
  5. root@master-1:/# puppet cert clean node-1.puppet.com
  6. Notice: Revoked certificate with serial 7
  7. Notice: Removing file Puppet::SSL::Certificate node-1.puppet.com at '/var/lib/puppet/ssl/ca/signed/node-1.puppet.com.pem'
  8. Notice: Removing file Puppet::SSL::Certificate node-1.puppet.com at '/var/lib/puppet/ssl/certs/node-1.puppet.com.pem'
  9. root@master-1:/# puppet cert -c node-1.puppet.com
  10. Notice: Revoked certificate with serial 5
  11. Notice: Revoked certificate with serial 7
  13. # master 上启动nginx 和 unicorn
  14. root@master-1:/# nginx
  15. root@master-1:/# cd /etc/puppet
  16. root@master-1:/etc/puppet# unicorn -c unicorn.conf
  18. # agent 上清除原有的证书
  19. root@node-1:~# rm -rf /var/lib/puppet/ssl/*
  21. # agent 重新生成证书
  22. root@node-1:~# puppet agent  -t
  23. Info: Creating a new SSL key for node-1.puppet.com
  24. Info: Caching certificate for ca
  25. Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
  26. Info: Creating a new SSL certificate request for node-1.puppet.com
  27. Info: Certificate Request fingerprint (SHA256): 41:BF:7B:CB:6A:2B:B4:1B:F3:36:14:8E:EF:F7:61:38:60:A2:59:DC:0E:1C:A2:CE:E5:31:0F:80:CD:7E:B3:D0
  28. Info: Caching certificate for ca
  29. Exiting; no certificate found and waitforcert is disabled
  31. # master 上对证书进行签名
  32. root@master-1:/# puppet cert list
  33.   "node-1.puppet.com" (SHA256) 41:BF:7B:CB:6A:2B:B4:1B:F3:36:14:8E:EF:F7:61:38:60:A2:59:DC:0E:1C:A2:CE:E5:31:0F:80:CD:7E:B3:D0
  34. root@master-1:/# puppet cert sign node-1.puppet.com
  35. Notice: Signed certificate request for node-1.puppet.com
  36. Notice: Removing file Puppet::SSL::CertificateRequest node-1.puppet.com at '/var/lib/puppet/ssl/ca/requests/node-1.puppet.com.pem'
  38. # agent 上再次连接 master
  39. root@node-1:~# puppet agent  -t
  40. Info: Caching certificate for node-1.puppet.com
  41. Info: Caching certificate_revocation_list for ca
  42. Info: Caching certificate for node-1.puppet.com
  43. Info: Retrieving pluginfacts
  44. Info: Retrieving plugin
  45. Info: Caching catalog for node-1.puppet.com
  46. Info: Applying configuration version '1421053002'
  47. Notice: Finished catalog run in 0.02 seconds

nginx 负载均衡

上述方式中, 1个 nginx <> 1个 unicorn

下面配置 nginx 的负载均衡的方式, 即 1个 nginx <> 2个 unicorn

niginx.conf 修改如下:

  1. root@master-1:~# cat /etc/nginx/conf.d/puppet-unicorn.conf
  2. upstream puppetmaster_unicorn {
  3.       server unix:/var/run/puppet/puppetmaster_unicorn.sock fail_timeout=0;
  4.       server unix:/var/run/puppet/puppetmaster_unicorn-1.sock fail_timeout=0;
  5. }
  7. server {
  8. listen 8140;
  9.     ssl on;
  10.     ssl_session_timeout 5m;
  11.     ssl_certificate /var/lib/puppet/ssl/certs/master-1.puppet.com.pem;
  12.     ssl_certificate_key /var/lib/puppet/ssl/private_keys/master-1.puppet.com.pem;
  13.     ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem;
  14.     ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA;
  15.     ssl_verify_client optional;
  16.     root /usr/share/empty;
  17.     proxy_set_header Host $host;
  18.     proxy_set_header X-Real-IP $remote_addr;
  19.     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  20.     proxy_set_header X-Client-Verify $ssl_client_verify;
  21.     proxy_set_header X-Client-DN $ssl_client_s_dn;
  22.     proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
  23.     proxy_read_timeout 120;
  25. location / {
  26.     proxy_pass http://puppetmaster_unicorn;
  27.     proxy_redirect off;
  28.     }
  29. }

再建立一个 puppetmaster

  1. root@master-1:~# cd /usr/share/puppet/rack/
  2. root@master-1:/usr/share/puppet/rack# cp -r puppetmasterd/ puppetmaster-1d/
  4. # 修改 puppetmaster-1d 中的 unicorn.conf
  5. root@master-1:/usr/share/puppet/rack# cat puppetmaster-1d/unicorn.conf
  6. worker_processes 8
  7.     #working_directory "/etc/puppet"
  8.     working_directory "/usr/share/puppet/rack/puppetmaster-1d"
  9.     listen '/var/run/puppet/puppetmaster_unicorn-1.sock', :backlog => 512
  10.     timeout 120
  11.     pid "/var/run/puppet/puppetmaster_unicorn-1.pid"
  12.     preload_app true
  13.     if GC.respond_to?(:copy_on_write_friendly=)
  14.       GC.copy_on_write_friendly = true
  15.     end
  16.     before_fork do |server, worker|
  17.       old_pid = "#{server.config[:pid]}.oldbin"
  18.       if File.exists?(old_pid); server.pid != old_pid
  19.         begin
  20.           Process.kill("QUIT", File.read(old_pid).to_i)
  21.         rescue Errno::ENOENT, Errno::ESRCH
  22.           # someone else did our job for us
  23.         end
  24.       end
  25.     end

启动 nginx, puppetmasterd puppetmaster-1d, 然后就可以接受 agent 的请求了.

  1. root@master-1:~# nginx -s reload
  2. root@master-1:~# unicorn -c /usr/share/puppet/rack/puppetmasterd/unicorn.conf
  3. root@master-1:~# unicorn -c /usr/share/puppet/rack/puppetmaster-1d/unicorn.conf

补充说明

上面的 unicorn 是在命令行启动的, 也可以把它做成 /etc/init.d 中的服务随系统自动启动.

参考网址:

puppet master 用 nginx + unicorn 作为前端的更多相关文章

  1. Puppet master nginx 扩展提升性能(puppet自动化系列4)

    puppet使用SSL(https)协议来进行通讯,默认情况下,puppet server端使用基于Ruby的WEBRick HTTP服务器.由于WEBRick HTTP服务器在处理agent端的性能 ...

  2. Advacned Puppet: Puppet Master性能调优

    本文是Advanced Puppet系列的第一篇:Puppet master性能调优,谈一谈如何优化和提高C/S架构下master端的性能. 故事情节往往惊人地类似:你是一名使用Puppet管理线上业 ...

  3. Configure Puppet Master with Passenger and Apache on Centos

    What is Passenger? Passenger (AKA mod_rails or mod_rack) is an Apache 2.x module which lets you run ...

  4. Nginx + unicorn 运行多个Rails应用程序

    PS:第一次写的很详细,可惜发布失败,然后全没了,这是第二次,表示只贴代码,剩下的自己领悟好了,这就是所谓的一鼓作气再而衰吧,希望没有第三次. 版本: ruby 2.1.0 rails 4.0.2 n ...

  5. WEBrick/Rack Puppet Master

    Puppet's Services: The WEBrick Puppet Master Puppet master is the application that compiles configur ...

  6. Puppet master/agent installation on RHEL7

    ==================================================================================================== ...

  7. 部署puppet master/agent模型

    自己画的一个简单的架构图 agent端每隔30分钟到master端请求与自己相关的catalog. 各节点时间要同步. 依赖DNS,各节点能通过主机名能解析. 1.同步时间 # yum install ...

  8. puppet master/agent

    puppet master/agent 配置 安装 master: yum install puppet-server agent: yum install puppet 自动签名 puppet的ma ...

  9. 自动化运维工具之Puppet master/agent模型、站点清单和puppet多环境设定

    前文我们了解了puppe中模块的使用,回顾请参考https://www.cnblogs.com/qiuhom-1874/p/14086315.html:今天我来了解下puppet的master/age ...

随机推荐

  1. “笨方法”学习Python笔记(1)-Windows下的准备

    Python入门书籍 来自于开源中国微信公众号推荐的一篇文章 全民Python时代,豆瓣高级工程师告诉你 Python 怎么学 问:请问你目前最好的入门书是那本?有没有和PHP或者其他语言对比讲Pyt ...

  2. VB.NET获取系统特殊目录

    For Each x In GetType(System.Environment.SpecialFolder).GetEnumValues Debug.Print("{0} {1}" ...

  3. [PHP]PHP rpc框架hprose测试

    建立composer.json { "name": "hprose/examples", "description": "exam ...

  4. mysql常用操作小节

    比如要将表user 中的字段 username修改为 name: ); 其他关于表字段信息的修改: 1.添加字段:给表 user 添加字段 password 在 id 后面; ) NOT NULL A ...

  5. (7)Jquery1.8.3快速入门_内容过滤选择器

    一.Jquery的内容过滤选择器: 内容过滤选择器: 1.:contains(text) 选取含有文本内容为text的元素 2. :empty 选取不包含子元素或者文本为空的元素 3.:has(sel ...

  6. Eclipse中SVN插件的安装和配置(在线安装)

    公司项目中用到了svn来管理项目,然后需要在Eclipse中进行配置.网上参考了很多资料,离线安装的方式装上了,但是导入项目后报错,可能是离线安装包的问题.然后又采用了Eclipse在线安装的方式,总 ...

  7. python使用gevent实现并发下载器

    并发下载原理 import gevent from gevent import monkey import urllib.request monkey.patch_all() def my_downl ...

  8. 异常:Data = 由于代码已经过优化或者本机框架位于调用堆栈之上,无法计算表达式的值。

    做项目的时候,将DataTable序列化成Json,通过ashx向前台返回数据的时候,前台总是获取不到数据,但是程序运行却没问题, 没抛出异常.一时找不到办法,减小输出的数据量,这时前台可以接收到页面 ...

  9. c3p0链接池配置使用

    c3p0链接池初步使用:直接上代码 c3p0是开源面粉的连接池,目前使用它的开源项目主要有:Spring,Hibernate等,使用时需要导入相关jar包及配置文件c3p0-config.xml文件 ...

  10. hihoCoder编程练习赛49

    题目1 : 相似颜色 时间限制:10000ms 单点时限:1000ms 内存限制:256MB 描述 在CSS中我们可以用井号(#)加6位十六进制数表示一种颜色,例如#000000是黑色,#ff0000 ...