概要

unicorn 和之前的 passenger 的设计理念不同, 究竟谁更好其实还得看具体的使用场景.

但是我觉得 unicorn 有个比 passenger 好的地方就是不用重新编译 nginx.

nginx + unicorn 配置

package 安装

root@master-1:~# apt-get install nginx

root@master-1:~# apt-get install ruby-dev

root@master-1:~# gem install unicorn

配置文件设置

配置 unicorn

root@master-1:~# cat /usr/share/puppet/rack/puppetmasterd/unicorn.conf

worker_processes 8

    #working_directory "/etc/puppet"

    working_directory "/usr/share/puppet/rack/puppetmasterd"

    listen '/var/run/puppet/puppetmaster_unicorn.sock', :backlog => 512

    timeout 120

    pid "/var/run/puppet/puppetmaster_unicorn.pid"

    preload_app true

    if GC.respond_to?(:copy_on_write_friendly=)

      GC.copy_on_write_friendly = true

    end

    before_fork do |server, worker|

      old_pid = "#{server.config[:pid]}.oldbin"

      if File.exists?(old_pid); server.pid != old_pid

        begin

          Process.kill("QUIT", File.read(old_pid).to_i)

        rescue Errno::ENOENT, Errno::ESRCH

          # someone else did our job for us

        end

      end

    end

配置nginx

root@master-1:~# cat /etc/nginx/conf.d/puppet-unicorn.conf

upstream puppetmaster_unicorn {

      server unix:/var/run/puppet/puppetmaster_unicorn.sock fail_timeout=0;

}

server {

listen 8140;

    ssl on;

    ssl_session_timeout 5m;

    ssl_certificate /var/lib/puppet/ssl/certs/master-1.puppet.com.pem;

    ssl_certificate_key /var/lib/puppet/ssl/private_keys/master-1.puppet.com.pem;

    ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem;

    ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA;

    ssl_verify_client optional;

    root /usr/share/empty;

    proxy_set_header Host $host;

    proxy_set_header X-Real-IP $remote_addr;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_set_header X-Client-Verify $ssl_client_verify;

    proxy_set_header X-Client-DN $ssl_client_s_dn;

    proxy_set_header X-SSL-Issuer $ssl_client_i_dn;

    proxy_read_timeout 120;

location / {

    proxy_pass http://puppetmaster_unicorn;

    proxy_redirect off;

    }

}

测试配置结果

# master 上清除证书

root@master-1:/# puppet cert list --all

+ "master-1.puppet.com" (SHA256) 38:79:AE:E8:BF:04:EB:F5:C5:D0:62:08:35:D0:4A:13:A7:D4:F4:63:D7:C8:E4:D3:54:1E:35:E3:9F:70:A2:FE (alt names: "DNS:master-1.puppet.com", "DNS:puppet", "DNS:puppet.puppet.com")

+ "node-1.puppet.com"   (SHA256) 2A:3B:D4:A7:D2:29:50:AC:06:38:B7:16:AC:B8:F7:0C:4F:74:2A:28:6D:1F:00:D7:72:BB:C2:BE:6E:70:ED:AA

root@master-1:/# puppet cert clean node-1.puppet.com

Notice: Revoked certificate with serial 7

Notice: Removing file Puppet::SSL::Certificate node-1.puppet.com at '/var/lib/puppet/ssl/ca/signed/node-1.puppet.com.pem'

Notice: Removing file Puppet::SSL::Certificate node-1.puppet.com at '/var/lib/puppet/ssl/certs/node-1.puppet.com.pem'

root@master-1:/# puppet cert -c node-1.puppet.com

Notice: Revoked certificate with serial 5

Notice: Revoked certificate with serial 7

# master 上启动nginx 和 unicorn

root@master-1:/# nginx

root@master-1:/# cd /etc/puppet

root@master-1:/etc/puppet# unicorn -c unicorn.conf

# agent 上清除原有的证书

root@node-1:~# rm -rf /var/lib/puppet/ssl/*

# agent 重新生成证书

root@node-1:~# puppet agent  -t

Info: Creating a new SSL key for node-1.puppet.com

Info: Caching certificate for ca

Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml

Info: Creating a new SSL certificate request for node-1.puppet.com

Info: Certificate Request fingerprint (SHA256): 41:BF:7B:CB:6A:2B:B4:1B:F3:36:14:8E:EF:F7:61:38:60:A2:59:DC:0E:1C:A2:CE:E5:31:0F:80:CD:7E:B3:D0

Info: Caching certificate for ca

Exiting; no certificate found and waitforcert is disabled

# master 上对证书进行签名

root@master-1:/# puppet cert list

  "node-1.puppet.com" (SHA256) 41:BF:7B:CB:6A:2B:B4:1B:F3:36:14:8E:EF:F7:61:38:60:A2:59:DC:0E:1C:A2:CE:E5:31:0F:80:CD:7E:B3:D0

root@master-1:/# puppet cert sign node-1.puppet.com

Notice: Signed certificate request for node-1.puppet.com

Notice: Removing file Puppet::SSL::CertificateRequest node-1.puppet.com at '/var/lib/puppet/ssl/ca/requests/node-1.puppet.com.pem'

# agent 上再次连接 master

root@node-1:~# puppet agent  -t

Info: Caching certificate for node-1.puppet.com

Info: Caching certificate_revocation_list for ca

Info: Caching certificate for node-1.puppet.com

Info: Retrieving pluginfacts

Info: Retrieving plugin

Info: Caching catalog for node-1.puppet.com

Info: Applying configuration version '1421053002'

Notice: Finished catalog run in 0.02 seconds

nginx 负载均衡

上述方式中, 1个 nginx <> 1个 unicorn

下面配置 nginx 的负载均衡的方式, 即 1个 nginx <> 2个 unicorn

niginx.conf 修改如下:

root@master-1:~# cat /etc/nginx/conf.d/puppet-unicorn.conf

upstream puppetmaster_unicorn {

      server unix:/var/run/puppet/puppetmaster_unicorn.sock fail_timeout=0;

      server unix:/var/run/puppet/puppetmaster_unicorn-1.sock fail_timeout=0;

}

server {

listen 8140;

    ssl on;

    ssl_session_timeout 5m;

    ssl_certificate /var/lib/puppet/ssl/certs/master-1.puppet.com.pem;

    ssl_certificate_key /var/lib/puppet/ssl/private_keys/master-1.puppet.com.pem;

    ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem;

    ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA;

    ssl_verify_client optional;

    root /usr/share/empty;

    proxy_set_header Host $host;

    proxy_set_header X-Real-IP $remote_addr;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_set_header X-Client-Verify $ssl_client_verify;

    proxy_set_header X-Client-DN $ssl_client_s_dn;

    proxy_set_header X-SSL-Issuer $ssl_client_i_dn;

    proxy_read_timeout 120;

location / {

    proxy_pass http://puppetmaster_unicorn;

    proxy_redirect off;

    }

}

再建立一个 puppetmaster

root@master-1:~# cd /usr/share/puppet/rack/

root@master-1:/usr/share/puppet/rack# cp -r puppetmasterd/ puppetmaster-1d/

# 修改 puppetmaster-1d 中的 unicorn.conf

root@master-1:/usr/share/puppet/rack# cat puppetmaster-1d/unicorn.conf

worker_processes 8

    #working_directory "/etc/puppet"

    working_directory "/usr/share/puppet/rack/puppetmaster-1d"

    listen '/var/run/puppet/puppetmaster_unicorn-1.sock', :backlog => 512

    timeout 120

    pid "/var/run/puppet/puppetmaster_unicorn-1.pid"

    preload_app true

    if GC.respond_to?(:copy_on_write_friendly=)

      GC.copy_on_write_friendly = true

    end

    before_fork do |server, worker|

      old_pid = "#{server.config[:pid]}.oldbin"

      if File.exists?(old_pid); server.pid != old_pid

        begin

          Process.kill("QUIT", File.read(old_pid).to_i)

        rescue Errno::ENOENT, Errno::ESRCH

          # someone else did our job for us

        end

      end

    end

启动 nginx, puppetmasterd puppetmaster-1d, 然后就可以接受 agent 的请求了.

root@master-1:~# nginx -s reload

root@master-1:~# unicorn -c /usr/share/puppet/rack/puppetmasterd/unicorn.conf

root@master-1:~# unicorn -c /usr/share/puppet/rack/puppetmaster-1d/unicorn.conf

补充说明

上面的 unicorn 是在命令行启动的, 也可以把它做成 /etc/init.d 中的服务随系统自动启动.

参考网址:

puppet master 用 nginx + unicorn 作为前端的更多相关文章

  1. Puppet master nginx 扩展提升性能(puppet自动化系列4)

    puppet使用SSL(https)协议来进行通讯,默认情况下,puppet server端使用基于Ruby的WEBRick HTTP服务器.由于WEBRick HTTP服务器在处理agent端的性能 ...

  2. Advacned Puppet: Puppet Master性能调优

    本文是Advanced Puppet系列的第一篇:Puppet master性能调优,谈一谈如何优化和提高C/S架构下master端的性能. 故事情节往往惊人地类似:你是一名使用Puppet管理线上业 ...

  3. Configure Puppet Master with Passenger and Apache on Centos

    What is Passenger? Passenger (AKA mod_rails or mod_rack) is an Apache 2.x module which lets you run ...

  4. Nginx + unicorn 运行多个Rails应用程序

    PS:第一次写的很详细,可惜发布失败,然后全没了,这是第二次,表示只贴代码,剩下的自己领悟好了,这就是所谓的一鼓作气再而衰吧,希望没有第三次. 版本: ruby 2.1.0 rails 4.0.2 n ...

  5. WEBrick/Rack Puppet Master

    Puppet's Services: The WEBrick Puppet Master Puppet master is the application that compiles configur ...

  6. Puppet master/agent installation on RHEL7

    ==================================================================================================== ...

  7. 部署puppet master/agent模型

    自己画的一个简单的架构图 agent端每隔30分钟到master端请求与自己相关的catalog. 各节点时间要同步. 依赖DNS,各节点能通过主机名能解析. 1.同步时间 # yum install ...

  8. puppet master/agent

    puppet master/agent 配置 安装 master: yum install puppet-server agent: yum install puppet 自动签名 puppet的ma ...

  9. 自动化运维工具之Puppet master/agent模型、站点清单和puppet多环境设定

    前文我们了解了puppe中模块的使用,回顾请参考https://www.cnblogs.com/qiuhom-1874/p/14086315.html:今天我来了解下puppet的master/age ...

随机推荐

  1. python模块导入细节

    python模块导入细节 官方手册:https://docs.python.org/3/tutorial/modules.html 可执行文件和模块 python源代码文件按照功能可以分为两种类型: ...

  2. linux学习基础1

    简介 包含计算机组成,发行.核心思想.主要目录,一些命令ifconfig.echo.tty.startx.export.pwd.history.shutdown.poweroff.reboot.hwc ...

  3. python面向对象学习(二)基本语法

    目录 1. dir内置函数 2. 定义简单的类(只包含方法) 2.1 定义只包含方法的类 2.2 创建对象 2.3 编写第一个面向对象程序 3. 方法中的self参数 3.1 案例改造 -- 给对象添 ...

  4. python基础学习(十三)函数进阶

    目录 1. 函数参数和返回值的作用 1.1 无参数,无返回值 1.2 无参数,有返回值 1.3 有参数,无返回值 1.4 有参数,有返回值 2. 函数的返回值进阶 例子:显示当前的湿度和温度 例子:交 ...

  5. 反射demo(拷贝一个对象)

    经过了上一次对反射的初步认知,最近又接触到了后,做了一个小demo,感觉这次带了一点理解去做的,比第一次接触反射好了许多. 上次学习的链接,有一些反射用的基础语句.https://www.cnblog ...

  6. js 1.变量提升 2.条件语句 3.循环语句 4.加号+的使用

    1.变量提升 变量提升是浏览器的一个功能,在运行js 代码执行前,浏览器会给js一个全局作用域叫 window,window 分两个模块,一个叫运营模块,内存模块找到当前作用域下的所有带var和fun ...

  7. java框架之springmvc

    一.HelloWorld程序 (1)导包:四个spring 核心包(core.beans.context.expression).一个aop包.两个 web 包和一个logging 包: (2)配置 ...

  8. Web前端开发必备

    前端学习相关书籍 关于书籍 HTML.CSS 类别书籍,都是大同小异,在当当网.卓越网搜索一下很多推荐.如果感觉学的差不多了,可以关注一下<CSS禅意花园>,这个很有影响力. Javasc ...

  9. 进入root提示Authentication failure错误

    新安装Ubuntu 18.4,想进入root角色,提示“Authentication failure” 失败. 因为是新安装,并无root的密码,所以需要新增加: sudo passwd root,之 ...

  10. 【Wyn Enterprise BI知识库】 什么是商业智能 ZT

    商业智能(Business Intelligence,BI),又称商务智能,指用现代数据仓库技术.在线分析处理技术.数据挖掘和数据展现技术进行数据分析以实现商业价值. 图1:商业智能(BI)系统 商业 ...