puppet master 用 nginx + unicorn 作为前端
目录
概要
unicorn 和之前的 passenger 的设计理念不同, 究竟谁更好其实还得看具体的使用场景.
但是我觉得 unicorn 有个比 passenger 好的地方就是不用重新编译 nginx.
nginx + unicorn 配置
package 安装
root@master-1:~# apt-get install nginx
root@master-1:~# apt-get install ruby-dev
root@master-1:~# gem install unicorn
配置文件设置
配置 unicorn
root@master-1:~# cat /usr/share/puppet/rack/puppetmasterd/unicorn.conf
worker_processes 8
#working_directory "/etc/puppet"
working_directory "/usr/share/puppet/rack/puppetmasterd"
listen '/var/run/puppet/puppetmaster_unicorn.sock', :backlog => 512
timeout 120
pid "/var/run/puppet/puppetmaster_unicorn.pid"
preload_app true
if GC.respond_to?(:copy_on_write_friendly=)
GC.copy_on_write_friendly = true
end
before_fork do |server, worker|
old_pid = "#{server.config[:pid]}.oldbin"
if File.exists?(old_pid); server.pid != old_pid
begin
Process.kill("QUIT", File.read(old_pid).to_i)
rescue Errno::ENOENT, Errno::ESRCH
# someone else did our job for us
end
end
end
配置nginx
root@master-1:~# cat /etc/nginx/conf.d/puppet-unicorn.conf
upstream puppetmaster_unicorn {
server unix:/var/run/puppet/puppetmaster_unicorn.sock fail_timeout=0;
}
server {
listen 8140;
ssl on;
ssl_session_timeout 5m;
ssl_certificate /var/lib/puppet/ssl/certs/master-1.puppet.com.pem;
ssl_certificate_key /var/lib/puppet/ssl/private_keys/master-1.puppet.com.pem;
ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem;
ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA;
ssl_verify_client optional;
root /usr/share/empty;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify $ssl_client_verify;
proxy_set_header X-Client-DN $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
proxy_read_timeout 120;
location / {
proxy_pass http://puppetmaster_unicorn;
proxy_redirect off;
}
}
测试配置结果
# master 上清除证书
root@master-1:/# puppet cert list --all
+ "master-1.puppet.com" (SHA256) 38:79:AE:E8:BF:04:EB:F5:C5:D0:62:08:35:D0:4A:13:A7:D4:F4:63:D7:C8:E4:D3:54:1E:35:E3:9F:70:A2:FE (alt names: "DNS:master-1.puppet.com", "DNS:puppet", "DNS:puppet.puppet.com")
+ "node-1.puppet.com" (SHA256) 2A:3B:D4:A7:D2:29:50:AC:06:38:B7:16:AC:B8:F7:0C:4F:74:2A:28:6D:1F:00:D7:72:BB:C2:BE:6E:70:ED:AA
root@master-1:/# puppet cert clean node-1.puppet.com
Notice: Revoked certificate with serial 7
Notice: Removing file Puppet::SSL::Certificate node-1.puppet.com at '/var/lib/puppet/ssl/ca/signed/node-1.puppet.com.pem'
Notice: Removing file Puppet::SSL::Certificate node-1.puppet.com at '/var/lib/puppet/ssl/certs/node-1.puppet.com.pem'
root@master-1:/# puppet cert -c node-1.puppet.com
Notice: Revoked certificate with serial 5
Notice: Revoked certificate with serial 7
# master 上启动nginx 和 unicorn
root@master-1:/# nginx
root@master-1:/# cd /etc/puppet
root@master-1:/etc/puppet# unicorn -c unicorn.conf
# agent 上清除原有的证书
root@node-1:~# rm -rf /var/lib/puppet/ssl/*
# agent 重新生成证书
root@node-1:~# puppet agent -t
Info: Creating a new SSL key for node-1.puppet.com
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for node-1.puppet.com
Info: Certificate Request fingerprint (SHA256): 41:BF:7B:CB:6A:2B:B4:1B:F3:36:14:8E:EF:F7:61:38:60:A2:59:DC:0E:1C:A2:CE:E5:31:0F:80:CD:7E:B3:D0
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled
# master 上对证书进行签名
root@master-1:/# puppet cert list
"node-1.puppet.com" (SHA256) 41:BF:7B:CB:6A:2B:B4:1B:F3:36:14:8E:EF:F7:61:38:60:A2:59:DC:0E:1C:A2:CE:E5:31:0F:80:CD:7E:B3:D0
root@master-1:/# puppet cert sign node-1.puppet.com
Notice: Signed certificate request for node-1.puppet.com
Notice: Removing file Puppet::SSL::CertificateRequest node-1.puppet.com at '/var/lib/puppet/ssl/ca/requests/node-1.puppet.com.pem'
# agent 上再次连接 master
root@node-1:~# puppet agent -t
Info: Caching certificate for node-1.puppet.com
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for node-1.puppet.com
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for node-1.puppet.com
Info: Applying configuration version '1421053002'
Notice: Finished catalog run in 0.02 seconds
nginx 负载均衡
上述方式中, 1个 nginx <> 1个 unicorn
下面配置 nginx 的负载均衡的方式, 即 1个 nginx <> 2个 unicorn
niginx.conf 修改如下:
root@master-1:~# cat /etc/nginx/conf.d/puppet-unicorn.conf
upstream puppetmaster_unicorn {
server unix:/var/run/puppet/puppetmaster_unicorn.sock fail_timeout=0;
server unix:/var/run/puppet/puppetmaster_unicorn-1.sock fail_timeout=0;
}
server {
listen 8140;
ssl on;
ssl_session_timeout 5m;
ssl_certificate /var/lib/puppet/ssl/certs/master-1.puppet.com.pem;
ssl_certificate_key /var/lib/puppet/ssl/private_keys/master-1.puppet.com.pem;
ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem;
ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA;
ssl_verify_client optional;
root /usr/share/empty;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify $ssl_client_verify;
proxy_set_header X-Client-DN $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
proxy_read_timeout 120;
location / {
proxy_pass http://puppetmaster_unicorn;
proxy_redirect off;
}
}
再建立一个 puppetmaster
root@master-1:~# cd /usr/share/puppet/rack/
root@master-1:/usr/share/puppet/rack# cp -r puppetmasterd/ puppetmaster-1d/
# 修改 puppetmaster-1d 中的 unicorn.conf
root@master-1:/usr/share/puppet/rack# cat puppetmaster-1d/unicorn.conf
worker_processes 8
#working_directory "/etc/puppet"
working_directory "/usr/share/puppet/rack/puppetmaster-1d"
listen '/var/run/puppet/puppetmaster_unicorn-1.sock', :backlog => 512
timeout 120
pid "/var/run/puppet/puppetmaster_unicorn-1.pid"
preload_app true
if GC.respond_to?(:copy_on_write_friendly=)
GC.copy_on_write_friendly = true
end
before_fork do |server, worker|
old_pid = "#{server.config[:pid]}.oldbin"
if File.exists?(old_pid); server.pid != old_pid
begin
Process.kill("QUIT", File.read(old_pid).to_i)
rescue Errno::ENOENT, Errno::ESRCH
# someone else did our job for us
end
end
end
启动 nginx, puppetmasterd puppetmaster-1d, 然后就可以接受 agent 的请求了.
root@master-1:~# nginx -s reload
root@master-1:~# unicorn -c /usr/share/puppet/rack/puppetmasterd/unicorn.conf
root@master-1:~# unicorn -c /usr/share/puppet/rack/puppetmaster-1d/unicorn.conf
补充说明
上面的 unicorn 是在命令行启动的, 也可以把它做成 /etc/init.d 中的服务随系统自动启动.
参考网址:
- http://my.oschina.net/u/142602/blog/301400
- https://linuxmoz.com/rhel-centos-install-puppet-nginx-unicorn/
puppet master 用 nginx + unicorn 作为前端的更多相关文章
- Puppet master nginx 扩展提升性能(puppet自动化系列4)
puppet使用SSL(https)协议来进行通讯,默认情况下,puppet server端使用基于Ruby的WEBRick HTTP服务器.由于WEBRick HTTP服务器在处理agent端的性能 ...
- Advacned Puppet: Puppet Master性能调优
本文是Advanced Puppet系列的第一篇:Puppet master性能调优,谈一谈如何优化和提高C/S架构下master端的性能. 故事情节往往惊人地类似:你是一名使用Puppet管理线上业 ...
- Configure Puppet Master with Passenger and Apache on Centos
What is Passenger? Passenger (AKA mod_rails or mod_rack) is an Apache 2.x module which lets you run ...
- Nginx + unicorn 运行多个Rails应用程序
PS:第一次写的很详细,可惜发布失败,然后全没了,这是第二次,表示只贴代码,剩下的自己领悟好了,这就是所谓的一鼓作气再而衰吧,希望没有第三次. 版本: ruby 2.1.0 rails 4.0.2 n ...
- WEBrick/Rack Puppet Master
Puppet's Services: The WEBrick Puppet Master Puppet master is the application that compiles configur ...
- Puppet master/agent installation on RHEL7
==================================================================================================== ...
- 部署puppet master/agent模型
自己画的一个简单的架构图 agent端每隔30分钟到master端请求与自己相关的catalog. 各节点时间要同步. 依赖DNS,各节点能通过主机名能解析. 1.同步时间 # yum install ...
- puppet master/agent
puppet master/agent 配置 安装 master: yum install puppet-server agent: yum install puppet 自动签名 puppet的ma ...
- 自动化运维工具之Puppet master/agent模型、站点清单和puppet多环境设定
前文我们了解了puppe中模块的使用,回顾请参考https://www.cnblogs.com/qiuhom-1874/p/14086315.html:今天我来了解下puppet的master/age ...
随机推荐
- 举例分析 Makefile 中的 patsubst、wildcard、notdir 函数
函数简介: 1.wildcard : 扩展通配符 2.notdir :去除路径 3.patsubst :替换通配符 实例: 建立一个 test 目录,在测试目录下建立一个名为 sub 的子目录 $ m ...
- 【转载】PhpStudy修改网站根目录
phpStudy是一个PHP调试环境的程序集成包.该程序包集成最新的Apache+PHP+MySQL+phpMyAdmin+ZendOptimizer,一次性安装,无须配置即可使用,是非常方便.好用的 ...
- C# Parallel用法
1.Parallel.Invoke 主要用于任务的并行 这个函数的功能和Task有些相似,就是并发执行一系列任务,然后等待所有完成.和Task比起来,省略了Task.WaitAll这一步,自然也缺少了 ...
- IdentityServer4客户端JWT解密实现(基于.net4.0)
情景:公司项目基于.net4.0,web客户端实现单点登录需要自己解密id_token,对于jwt解密,.net提供了IdentityModel类库,但是4.0中该类库不可用,所以自己实现了解密方法. ...
- [nodejs] nodejs开发个人博客(四)数据模型
数据库模型 /model/db.js 数据库操作类,完成链接数据库和数据库的增删查改 查询表 /*查询*/ select:function(tableName,callback,where,field ...
- 深入理解Redis内存模型
前言 Redis是目前最火爆的内存数据库之一,通过在内存中读写数据,大大提高了读写速度,可以说Redis是实现网站高并发不可或缺的一部分. 我们使用Redis时,会接触Redis的5种对象类型(字符串 ...
- JavaWeb学习日记----表单提交方式
1.表单提交方式 (1) 使用input控件中的submit提交 代码如下: <!DOCTYPE html> <html lang="en"> <he ...
- cas单点登录
一般一家企业内部会有多个业务系统,多个系统相互协作,但每个系统都需要登陆密码,比如:权限系统,发布系统,配置系统,邮件系统等,用户使用每个系统都需要登陆操作,使用起来比较繁琐,工作效率低下.此时就需要 ...
- lua的多种实现方式(1-100的和)
function add( a, b ) return a + b end -- print( add( 10, 20 ) ) function loopT( T ) for i, v in ipai ...
- WORLD 文件选择的操作方法
1,按住鼠标左键拖动选择文本. 2,双击鼠标可选中光标前面一个字,如果光标左右两边是一个词,那么就会选中整个词. 3,三击-----整段. 4,光标(鼠标)移至文本左边(外面),变成向右倾斜的光标箭头 ...