Chinaunix首页 | 论坛 | 博客
  • 博客访问: 7173724
  • 博文数量: 3857
  • 博客积分: 6409
  • 博客等级: 准将
  • 技术积分: 15948
  • 用 户 组: 普通用户
  • 注册时间: 2008-09-02 16:48
个人简介

迷彩 潜伏 隐蔽 伪装

文章分类

全部博文(3857)

文章存档

2017年(5)

2016年(63)

2015年(927)

2014年(677)

2013年(807)

2012年(1241)

2011年(67)

2010年(7)

2009年(36)

2008年(28)

分类: 架构设计与优化

2015-08-20 21:19:10

搭建Puppet负载均衡之Nginx+passenger

[日期:2013-04-28] 来源:Linux社区  作者:tntdba [字体:  ]
6,与passenger的结合 
# mkdir -p /etc/puppet/rack/public 
# cp /usr/share/puppet/ext/rack/files/config.ru /etc/puppet/rack/ 
# chown -R puppet:puppet /etc/puppet/rack/ 
# nginx.conf里面具体的内容如下 


user www www; 

worker_processes 1; 

error_log /usr/local/nginx/logs/error.log; 
#error_log logs/error.log notice; 
#error_log logs/error.log info; 

pid /usr/local/nginx/nginx.pid; 

#Specifies the value for maximum file descriptors that can be opened by this process. 
worker_rlimit_nofile 65535; 

events { 
use epoll; 
worker_connections 65535; 


http { 
server_tokens off; 
include mime.types; 
default_type application/octet-stream; 

log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 
'$status $body_bytes_sent "$http_referer" ' 
'"$http_user_agent" "$http_x_forwarded_for"'; 

#access_log logs/access.log main; 

charset utf-8; 

server_names_hash_bucket_size 128; 
client_header_buffer_size 32k; 
large_client_header_buffers 4 64k; 
client_max_body_size 8m; 

tcp_nopush on; 
tcp_nodelay on; 
keepalive_timeout 60; 
fastcgi_intercept_errors on; 
fastcgi_connect_timeout 300; 
fastcgi_send_timeout 300; 
fastcgi_read_timeout 300; 
fastcgi_buffer_size 64k; 
fastcgi_buffers 4 64k; 
fastcgi_busy_buffers_size 128k; 
fastcgi_temp_file_write_size 128k; 

open_file_cache max=65535 inactive=10s; 
open_file_cache_valid 30s; 
open_file_cache_min_uses 1; 

gzip on; 
gzip_min_length 1k; 
gzip_buffers 4 16k; 
gzip_http_version 1.0; 
gzip_comp_level 2; 
gzip_types text/plain application/x-javascript text/css application/xml; 
gzip_vary on; 

# Passenger needed for puppet 
passenger_root /usr/lib/ruby/gems/1.8/gems/passenger-3.0.19; 
passenger_ruby /usr/bin/ruby; 
passenger_max_pool_size 15; 
index index.html index.htm index.php; 

server { 
listen 80; 
server_name localhost; 

#access_log logs/host.access.log main; 

location / { 
root html; 
index index.php index.html index.htm ; 


error_page 500 502 503 504 /50x.html; 
location = /50x.html { 
root html; 


location ~ \.php$ { 
root html; 
#fastcgi_pass 127.0.0.1:9000; 
fastcgi_pass unix:/dev/shm/php.socket; 
fastcgi_index index.php; 
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; 
include fastcgi_params; 




server { 
listen 8140 ssl; 
server_name client.domain.com; 

passenger_enabled on; 
passenger_set_cgi_param HTTP_X_CLIENT_DN $ssl_client_s_dn; 
passenger_set_cgi_param HTTP_X_CLIENT_VERIFY $ssl_client_verify; 

access_log /usr/local/nginx/logs/puppet_access.log; 
error_log /usr/local/nginx/logs/puppet_error.log; 

root /etc/puppet/rack/public; 

ssl_certificate /var/lib/puppet/ssl/certs/client.domain.com.pem; 
ssl_certificate_key /var/lib/puppet/ssl/private_keys/client.domain.com.pem; 
ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem; 
ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem; 
ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA; 
ssl_prefer_server_ciphers on; 
ssl_verify_client optional; 
ssl_verify_depth 1; 
ssl_session_cache shared:SSL:128m; 
ssl_session_timeout 5m; 




注意下,我这里puppet server的hostname 是client.domain.com,至于具体的key路径之类的 大家自己按各自的环境自己改 
然后调整下puppet.conf 
[main] 

[agent] 
server = client.domain.com

[master] 
certname = client.domain.com

7,验证 
启动nginx
# lsof -i:8140 
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME 
nginx 20855 root 9u IPv4 421091 0t0 TCP *:8140 (LISTEN) 
nginx 20856 www 9u IPv4 421091 0t0 TCP *:8140 (LISTEN) 
可以发现8140端口已经起来 
# puppet agent --test --server client.domain.com 
Info: Retrieving plugin 
Info: Caching catalog for client.domain.com 
Info: Applying configuration version '1366960369' 
Notice: Finished catalog run in 0.16 seconds 
发现已能正常使用 
# tail /usr/local/nginx/log/puppet_access.log 查看nginx日志 
192.168.200.220 - - [26/Apr/2013:21:12:15 +0800] "GET /production/node/client.domain.com? HTTP/1.1" 200 3502 "-" "-" 
192.168.200.220 - - [26/Apr/2013:21:12:16 +0800] "GET /production/file_metadatas/plugins?&links=manage&recurse=true&checksum_type=md5&ignore=---+%0A++-+%22.svn%22%0A++-+CVS%0A++-+%22.git%22 HTTP/1.1" 200 283 "-" "-" 
192.168.200.220 - - [26/Apr/2013:21:12:17 +0800] "POST /production/catalog/client.domain.com HTTP/1.1" 200 1033 "-" "-" 
192.168.200.220 - - [26/Apr/2013:21:12:17 +0800] "PUT /production/report/client.domain.com HTTP/1.1" 200 14 "-" "-" 
已经有记录, 

8.调整 
如果puppetmaster服务已经做成开机启动,记得关掉 
# chkconfig puppetmaster off 
# chkconfig nginx on
阅读(742) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~