- Puppet 2.7 Cookbook
- John Arundel
- 750字
- 2021-04-02 18:19:58
Scaling Puppet using Passenger
If your Puppet infrastructure's starting to creak at the seams, the culprit could be the Puppetmaster's web server. Puppet ships with a simple web server called Webrick to handle client connections to the Puppetmaster. Webrick is not really considered suitable for using Puppet in production; with more than a few servers as it can bring the Puppetmaster to its knees.
Mongrel is sometimes suggested as an alternative as it is a little better than Webrick, but not much. In order to scale Puppet to hundreds of servers, the preferred approach is to switch to a high-performance web server such as Apache using the Passenger (mod_rails) extension.
Puppet comes with the necessary configuration to run under Passenger, so all you need to do is install Apache and Passenger, and add a suitable virtual host. The following example uses Ubuntu 10.04. You can find instructions on the Puppet Labs website for how to do the same in Red Hat Linux, CentOS, and other distributions at http://projects.puppetlabs.com/projects/1/wiki/Using_Passenger.
Getting ready
It will be helpful if you have available the source tarball for the version of Puppet you're running, because it provides several template files and configuration snippets which you can use to set up Passenger. For example, if you're running Puppet 2.7.1, download this file:
If you are using a different version, you will find a suitable download link at http://puppetlabs.com. Unpack the source tarball with:
tar xzf puppet-2.7.1.tar.gz
How to do it...
- Install Apache and Passenger, plus associated dependencies:
# apt-get install apache2 libapache2-mod-passenger rails librack-ruby libmysql-ruby # gem install rack
- Create the necessary directories for Passenger to find the Puppet configuration:
/etc/puppet/rack/etc/puppet/rack/publicThese directories should be owned by
rootand set mode0755. - Create the
config.rufile which will tell Passenger how to start the Puppet application. You can use the example file provided with the Puppet distribution:# cp /tmp/puppet-2.7.1/ext/rack/files/config.ru /etc/puppet/rack/ # chown puppet /etc/puppet/rack/config.ru
For Puppet 2.7.1, it has the following contents:
# a config.ru, for use with every rack-compatible webserver. # SSL needs to be handled outside this, though. # if puppet is not in your RUBYLIB: # $:.unshift('/opt/puppet/lib') $0 = "master" # if you want debugging: # ARGV << "--debug" ARGV << "--rack" require 'puppet/application/master' # we're usually running inside a Rack::Builder.new {} block, # therefore we need to call run *here*. run Puppet::Application[:master].run
- You now need to create a virtual host for Apache to listen on the correct port and send requests to the Puppet application. Again, you can use the example provided with the Puppet distribution:
# cp /tmp/puppet-2.7.1/ext/rack/files/apache2.conf /etc/apache2/sites-available/puppetmasterd # a2ensite puppetmasterd
The file contents will look something like this:
# you probably want to tune these settings PassengerHighPerformance on PassengerMaxPoolSize 12 PassengerPoolIdleTime 1500 # PassengerMaxRequests 1000 PassengerStatThrottleRate 120 RackAutoDetect Off RailsAutoDetect Off Listen 8140 <VirtualHost *:8140> SSLEngine on SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP SSLCertificateFile /etc/puppet/ssl/certs/cookbook.bitfieldconsulting.com.pem SSLCertificateKeyFile /etc/puppet/ssl/private_keys/cookbook.bitfieldconsulting.com.pem SSLCertificateChainFile /etc/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /etc/puppet/ssl/ca/ca_crt.pem # If Apache complains about invalid signatures on the CRL, you can try disabling # CRL checking by commenting the next line, but this is not recommended. SSLCARevocationFile /etc/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars DocumentRoot /etc/puppet/rack/public/ RackBaseURI / <Directory /etc/puppet/rack/> Options None AllowOverride None Order allow,deny allow from all </Directory> </VirtualHost> - Edit this file to set the values of the
SSLCertificateFileandSSLCertificateKeyFileto your own certificates (it's easiest to create these certificates if you've already run Puppet at least once). - You will also need to enable Passenger and
mod_sslin Apache:# a2enmod passenger ssl - Add the following lines to your
/etc/puppet/puppet.conf:ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY
- Stop your existing Puppetmaster if it is running.
- Start Apache as follows:
# /etc/init.d/apache2 restart - If everything has worked, you will be able to run Puppet as usual:
# puppet agent --test info: Caching catalog for cookbook.bitfieldconsulting.com info: Applying configuration version '1294145142' notice: Finished catalog run in 0.25 seconds
How it works...
Instead of using Puppet's built-in web server, which is rather slow and can only handle one connection at a time, you'll now be using the high-performance multi-threaded Apache web server. Puppet is embedded as an application using the Rack framework, which is much more efficient. You should find that you can handle many more clients and more frequent Puppet runs using the "Apache + Passenger" configuration, and that the impact on server memory and performance is less than using the standard Puppetmaster daemon.
There's more...
Here is an example Puppet manifest that will implement the preceding steps for you (on an Ubuntu system):
class puppet::passenger {
package { [ "apache2-mpm-worker",
"libapache2-mod-passenger",
"librack-ruby",
"libmysql-ruby" ]:
ensure => installed,
}
service { "apache2":
enable => true,
ensure => running,
require => Package["apache2-mpm-worker"],
}
package { "rack":
provider => gem,
ensure => installed,
}
file { [ "/etc/puppet/rack",
"/etc/puppet/rack/public" ]:
ensure => directory,
mode => "755",
}
file { "/etc/puppet/rack/config.ru":
source => "puppet:///modules/puppet/config.ru",
owner => "puppet",
}
file { "/etc/apache2/sites-available/puppetmasterd":
source => "puppet:///modules/puppet/puppetmasterd.conf",
}
file { "/etc/apache2/sites-enabled/puppetmasterd":
ensure => symlink,
target => "/etc/apache2/sites-available/puppetmasterd",
}
exec { "/usr/sbin/a2enmod ssl":
creates => "/etc/apache2/mods-enabled/ssl.load",
}
}
Once you're up and running with Passenger, you can use the following command to restart the Puppetmaster application:
# service apache2 restart
To monitor that Passenger is running, check for the process named ApplicationPoolServerExecutable.
You can also load-balance Passenger instances in the same way that you would for a regular web application.
For more details, or if you run into problems, consult the Puppet-on-Passenger documentation at: http://projects.puppetlabs.com/projects/1/wiki/Using_Passenger
See also
- Creating decentralized Puppet architecture in this chapter
- Painter繪畫實(shí)例教程
- Blender 3D 2.49 Architecture, Buidlings, and Scenery
- UG NX 9.0中文版 基礎(chǔ)教程 (UG工程師成才之路)
- SPSS進(jìn)階分析與實(shí)務(wù)
- Maya 2019三維動(dòng)畫基礎(chǔ)案例教程
- SolidWorks2014基礎(chǔ)實(shí)例教程
- 中文版AutoCAD 2022基礎(chǔ)教程
- SOLIDWORKS Visualize 實(shí)例詳解(微視頻版)
- 中文版Photoshop CC平面設(shè)計(jì)從入門到精通(唯美)
- Premiere Pro CC 2018基礎(chǔ)教程(第3版)
- ANSYS Workbench中文版超級(jí)學(xué)習(xí)手冊(cè)
- UG NX 8.0模具設(shè)計(jì)教程
- PostgreSQL 9.0 High Performance
- WCF Multi/tier Services Development with LINQ
- 中文版Photoshop CS6完全自學(xué)手冊(cè)(超值版)