使用Apache+Passenger部署高性能PuppetMaster

前言：

最近在服务器系统上安装了最新的Puppet客户端，发现跟老版本的PuppetMaster做同步时出现了一些问题，警告类的信息很好解决，注释掉配置文件templatedir该行即可，后来又对PuppetMaster做了次升级，直接升为最新的3.6.1，随后发现PuppetMaster默认安装的WEBrick的web服务器性能较低且最新版本3.6.1存在bug以至于无法同时接受多台Agent客户端请求，因此使用Apache+Passenger方案替代原WEBrick，提高并发性能，同时解决bug带来的问题

环境：

Ubuntu 12.04 64-LTS

PuppetMaster: 3.6.1（升级前版本为3.4.3）

PuppetAgent: 3.6.1

1、安装Apache2

$sudoapt-getinstallapache2ruby1.8-devrubygems 
$sudoa2enmodssl 
$sudoa2enmodheaders

2、安装Rack/Passenger

$sudogeminstallrackpassenger 
$sudopassenger-install-apache2-module 
#按提示解决软件依赖关系后，再次运行命令安装passenger模块 
PleaseedityourApacheconfigurationfile,andaddtheselines: 
 
LoadModulepassenger_module/var/lib/gems/1.8/gems/passenger-4.0.44/buildout/apache2/mod_passenger.so 
<IfModulemod_passenger.c> 
PassengerRoot/var/lib/gems/1.8/gems/passenger-4.0.44 
PassengerDefaultRuby/usr/bin/ruby1.8 
</IfModule> 
 
$sudomkdir/etc/puppet/rack 
$sudomkdir/etc/puppet/rack/{public,tmp} 
$sudoscp/usr/share/puppet/ext/rack/config.ru/etc/puppet/rack/ 
$sudochown-Rpuppet:root/etc/puppet/rack

3、配置Puppet虚拟主机文件

$sudocp/usr/share/puppet/ext/rack/example-passenger-vhost.conf/etc/apache2/sites-available/puppet.conf 
$sudovim/etc/apache2/sites-available/puppet.conf 
#按之前的提示添加如下内容 
LoadModulepassenger_module/var/lib/gems/1.8/gems/passenger-4.0.44/buildout/apache2/mod_passenger.so 
<IfModulemod_passenger.c> 
PassengerRoot/var/lib/gems/1.8/gems/passenger-4.0.44 
PassengerDefaultRuby/usr/bin/ruby1.8 
PassengerHighPerformanceon 
PassengerMaxPoolSize12 
PassengerPoolIdleTime1500 
#PassengerMaxRequests1000 
PassengerStatThrottleRate120 
#RackAutoDetectOff#注释该行 
#RailsAutoDetectOff#注释该行 
</IfModule> 
 
Listen8140 
 
<VirtualHost*:8140> 
SSLEngineon 
SSLProtocolALL-SSLv2 
SSLCipherSuiteALL:!aNULL:!eNULL:!DES:!3DES:!IDEA:!SEED:!DSS:!PSK:!RC4:!MD5:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXP 
SSLHonorCipherOrderon 
#修改为SSL实际路径及文件名 
SSLCertificateFile/var/lib/puppet/ssl/certs/test.cominggo.com.pem 
SSLCertificateKeyFile/var/lib/puppet/ssl/private_keys/test.cominggo.com.pem 
SSLCertificateChainFile/var/lib/puppet/ssl/certs/ca.pem 
SSLCACertificateFile/var/lib/puppet/ssl/certs/ca.pem 
#IfApachecomplainsaboutinvalidsignaturesontheCRL,youcantrydisabling 
#CRLcheckingbycommentingthenextline,butthisisnotrecommended. 
SSLCARevocationFile/var/lib/puppet/ssl/crl.pem 
SSLVerifyClientoptional 
SSLVerifyDepth1 
#The`ExportCertData`optionisneededforagentcertificateexpirationwarnings 
SSLOptions+StdEnvVars+ExportCertData 
 
#Thisheaderneedstobesetifusingaloadbalancerorproxy 
RequestHeaderunsetX-Forwarded-For 
 
RequestHeadersetX-SSL-Subject%{SSL_CLIENT_S_DN}e 
RequestHeadersetX-Client-DN%{SSL_CLIENT_S_DN}e 
RequestHeadersetX-Client-Verify%{SSL_CLIENT_VERIFY}e 
 
DocumentRoot/etc/puppet/rack/public/ 
RackBaseURI/ 
<Directory/etc/puppet/rack/> 
OptionsNone 
AllowOverrideNone 
Orderallow,deny 
allowfromall 
</Directory> 
##Logging#设置Puppet访问日志（可选，默认日志为other_vhosts_access.log） 
ErrorLog"/var/log/apache2/puppet_error.log"
ServerSignatureOff 
CustomLog"/var/log/apache2/puppet_access.log"combined 
</VirtualHost> 
 
$cd/etc/apache2/sites-available/ 
$sudoa2ensitepuppet.conf

4、移除WEBrick服务（puppetmaster），并重启Apache服务

$sudoupdate-rc.d-fpuppetmasterremove 
$sudo/etc/init.d/apache2restart 
$sudoss-talnp|grepapache2 
LISTEN0128*:8140*:*users:(("apache2",30037,5),("apache2",29472,5),("apache2",29467,5)) 
LISTEN0128*:80*:*users:(("apache2",30037,3),("apache2",29472,3),("apache2",29467,3)) 
LISTEN0128*:443*:*users:(("apache2",30037,4),("apache2",29472,4),("apache2",29467,4))

5、验证是否部署成功

1）访问HTTPS服务

#访问页面：https://test.cominggo.com:8140/ 
Theenvironmentmustbepurelyalphanumeric,not''

2）PuppetAgent节点运行测试

#PuppetAgent： 
$sudopuppetagent-t 
 
#PuppetMaster：查看apache访问日志是否有200状态请求 
$sudotail/var/log/apache2/puppet_access.log 
172.16.2.22--[20/Jun/2014:19:11:53+0800]"GET/production/file_metadata/modules/zabbix/check.sh?source_permissions=use&links=manageHTTP/1.1"2005987"-""-" 
172.16.2.22--[20/Jun/2014:19:11:53+0800]"GET/production/file_metadata/modules/zabbix/zabbix-release_2.2-1+precise_all.deb?source_permissions=use&links=manageHTTP/1.1"2006003"-""-" 
172.16.2.22--[20/Jun/2014:19:11:53+0800]"GET/production/file_metadata/modules/zabbix/game.conf?source_permissions=use&links=manageHTTP/1.1"2005971"-""-" 
172.16.2.22--[20/Jun/2014:19:11:53+0800]"GET/production/file_metadatas/modules/game/release/data?checksum_type=md5&recurse=true&links=manageHTTP/1.1"20044519"-""-" 
172.16.2.22--[20/Jun/2014:19:11:54+0800]"GET/production/file_metadata/modules/zabbix/netif.py?source_permissions=use&links=manageHTTP/1.1"2005987"-""-" 
172.16.2.22--[20/Jun/2014:19:11:56+0800]"PUT/production/report/t1.cominggo.comHTTP/1.1"2005683"-""-"