Puppet扩展篇5-通过多进程增强master的负载均衡能力(nginx+mongrel)
2014-10-19 09:26
453 查看
零基础学习Puppet自动化配置管理系列文档当puppetmaster管理的主机越来越多时,puppetmaster本身性能会存在性能瓶颈问题,除了增加服务器扩充puppetmaster的数量增加puppetmaster整体性能外,也可以通过单台扩充puppetmaster的进程数来增加puppetmaster的性能。以下是通过nginx+mongrel负载均衡puppetmaster的进程,由nginx向所有puppetagent提供认证服务,除此之外的其他puppetmaster功能的实现由nginx转向puppetmaster其中一个进程去处理即可。而nginx的upstream字段里面所包含的地址填写为127.0.0.1指向puppetmaster进程,提高了安全性。备注:nginx+mongrel只支持puppet2.7之前版本(包括2.7版本在内)。
![](http://kisspuppet.com/img/weixin.jpg)
微信公众号QQ交流群:296934942
![](http://kisspuppet.com/img/contact1.jpg)
1、安装相关软件包
[root@puppetserver yum.repos.d]# yum install rubygem-mongrel nginx
2、增加puppet端口
[root@puppetserver yum.repos.d]# vim /etc/sysconfig/puppetmaster PUPPETMASTER_PORTS=( 18140 18141 18142 18143 ) PUPPETMASTER_EXTRA_OPTS="--servertype=mongrel --ssl_client_header=HTTP_X_SSL_SUBJECT"
3、配置nginx服务
添加upstream字段,注意ssl认证证书的路径[root@puppetserver nginx]# vim nginx.conf user nginx nginx; worker_processes 4; error_log /var/log/puppet/nginx-puppet.log notice; pid /var/run/nginx.pid; events { worker_connections 1024; } http { default_type application/octet-stream; sendfile on; tcp_nopush on; keepalive_timeout 65; tcp_nodelay on; large_client_header_buffers 16 4k; proxy_buffers 128 4k; upstream puppetmaster { server 127.0.0.1:18140; server 127.0.0.1:18141; server 127.0.0.1:18142; server 127.0.0.1:18143; } server { listen 8140; root /etc/puppet; ssl on; ssl_session_timeout 5m; ssl_certificate /var/lib/puppet/ssl/certs/puppetserver.kisspuppet.com.pem; ssl_certificate_key /var/lib/puppet/ssl/private_keys/puppetserver.kisspuppet.com.pem; ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem; ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem; ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA; ssl_verify_client optional; location / { proxy_pass http://puppetmaster; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Client-Verify $ssl_client_verify; proxy_set_header X-Client-DN $ssl_client_s_dn; proxy_set_header X-SSL-Subject $ssl_client_s_dn; proxy_set_header X-SSL-Issuer $ssl_client_i_dn; proxy_read_timeout 65; } } }
4、分别启动nginx服务和puppetmaster服务
[root@puppetserver1poc ~]# /etc/rc.d/init.d/nginx restart Stopping nginx: [FAILED] Starting nginx: [ OK ] [root@puppetserver1poc ~]# /etc/rc.d/init.d/puppetmaster start Starting puppetmaster: Port: 18140 [ OK ] Port: 18141 [ OK ] Port: 18142 [ OK ] Port: 18143 [ OK ]
5、查看监听端口
[root@puppetserver1poc ~]# netstat -nlp | grep 814 tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 6224/nginx tcp 0 0 127.0.0.1:18140 0.0.0.0:* LISTEN 6271/ruby tcp 0 0 127.0.0.1:18141 0.0.0.0:* LISTEN 6312/ruby tcp 0 0 127.0.0.1:18142 0.0.0.0:* LISTEN 6351/ruby tcp 0 0 127.0.0.1:18143 0.0.0.0:* LISTEN 6390/ruby 3.5.6 通过进程查看运行状况 [root@puppetserver1poc ~]# ps -ef | grep ruby puppet 5422 1 1 13:58 ? 00:00:22 /usr/bin/ruby /usr/sbin/puppetmasterd root 6431 1 0 14:10 ? 00:00:01 ruby /usr/sbin/mcollectived --pid=/var/run/mcollectived.pid --config=/etc/mcollective/server.cfg puppet 7139 1 0 14:25 ? 00:00:00 /usr/bin/ruby /usr/sbin/puppetmasterd --servertype=mongrel --servertype=mongrel --ssl_client_header=HTTP_X_SSL_SUBJECT --masterport=18140 --pidfile=/var/run/puppet/puppetmaster.18140.pid puppet 7171 1 0 14:25 ? 00:00:00 /usr/bin/ruby /usr/sbin/puppetmasterd --servertype=mongrel --servertype=mongrel --ssl_client_header=HTTP_X_SSL_SUBJECT --masterport=18141 --pidfile=/var/run/puppet/puppetmaster.18141.pid puppet 7203 1 0 14:25 ? 00:00:00 /usr/bin/ruby /usr/sbin/puppetmasterd --servertype=mongrel --servertype=mongrel --ssl_client_header=HTTP_X_SSL_SUBJECT --masterport=18142 --pidfile=/var/run/puppet/puppetmaster.18142.pid puppet 7235 1 0 14:25 ? 00:00:00 /usr/bin/ruby /usr/sbin/puppetmasterd --servertype=mongrel --servertype=mongrel --ssl_client_header=HTTP_X_SSL_SUBJECT --masterport=18143 --pidfile=/var/run/puppet/puppetmaster.18143.pid root 7243 3858 0 14:26 pts/3 00:00:00 grep ruby
6、通过日志查看运行状况
[root@puppetserver1poc nodes]# tailf /var/log/nginx/access.log 192.168.100.127 - - [25/Nov/2013:16:42:49 +0800] "POST /production/catalog/agent2.kisspuppet.com HTTP/1.1" 200 570 "-" "-" 192.168.100.127 - - [25/Nov/2013:16:42:52 +0800] "PUT /production/report/agent2.kisspuppet.com HTTP/1.1" 200 58 "-" "-" 192.168.100.126 - - [25/Nov/2013:16:42:54 +0800] "GET /production/file_metadatas/plugins?links=manage&checksum_type=md5&&ignore=---+%0A++-+%22.svn%22%0A++-+CVS%0A++-+%22.git%22&recurse=true HTTP/1.1" 404 56 "-" "-" 192.168.100.126 - - [25/Nov/2013:16:42:54 +0800] "GET /production/file_metadata/plugins? HTTP/1.1" 404 36 "-" "-" 192.168.100.126 - - [25/Nov/2013:16:42:55 +0800] "POST /production/catalog/agent1.kisspuppet.com HTTP/1.1" 200 570 "-" "-" 192.168.100.126 - - [25/Nov/2013:16:42:58 +0800] "PUT /production/report/agent1.kisspuppet.com HTTP/1.1" 200 58 "-" "-" 192.168.100.125 - - [25/Nov/2013:16:43:07 +0800] "GET
返回主目录
交流方式:
微信公众号:puppet2014,可微信搜索加入,也可以扫描以下二维码进行加入![](http://kisspuppet.com/img/weixin.jpg)
微信公众号QQ交流群:296934942
![](http://kisspuppet.com/img/contact1.jpg)
相关文章推荐
- Puppet扩展篇4-如何扩展master的SSL传输性能(nginx)
- Puppet master nginx 扩展提升性能(puppet自动化系列4)
- nginx 对多进程进行负载均衡(通过线程池来判断)
- 利用nginx和mongrel、unicorn 对puppet进行端口负载均衡
- Nginx学习(17)—Master进程的循环
- Nginx学习笔记(十七):master进程的循环工作
- Nginx源码分析-进程管理之master进程
- Nginx源码分析-进程管理之master进程
- Puppet扩展篇3-如何扩展master的SSL传输性能(apache) 推荐
- Puppet nginx+Mongrel安装配置篇
- Nginx源码分析-master和worker进程间的通信
- Nginx学习——进程模型(master 进程)
- Nginx源码分析--master和worker进程间的通信
- 通过MEF来创建具有扩展能力的WCF Creating WCF Service Extensibility through MEF (Managed Extensibility Framework)
- Nginx源码分析-master和worker进程间的通信
- 通过Lua解释器来扩展丰富nginx功能,实现复杂业务的处理 推荐
- nginx扩展直接生成应用,不用通过编程语言,实例
- 标题:深度分销的方向和尺度 内容:<P> 深度分销的方向和尺度<BR> 所谓深度分销,有人也称之为通路精耕细作,是通过减少原有渠道层次,并增强中间商分销能力或通过企
- nginx的worker-master启动之worker进程
- 通过Lua解释器来扩展丰富nginx功能