• puppet 横向扩展(二)


    概述

    横向扩展实验之二 – 在不同的机器上扩展puppet master 的个数.

    实验环境

    master 和 node 都是 debian 7.7 i686 系统
    2个 puppet master 在机器A上, 另1个在机器B上, 都是 apache 虚拟主机

    实验步骤

    机器B 的环境

    安装puppetmaster 以及 apache passenger

    apt-get install apache2
    apt-get install puppetmaster-passenger
    

    配置 1 个apache虚拟主机作为 puppetmaster

    类似机器A, 但是不做负载均衡相关过的配置, 并且只配置一个 worker

    # 删除默认的 puppetmaster 虚拟主机服务
    root@master-2:~# rm /etc/apache2/sites-enabled/puppetmaster
    rm: remove symbolic link `/etc/apache2/sites-enabled/puppetmaster'? y
    
    # 配置一个 apache 虚拟机作为 puppetmaster 的前端
    root@master-2:~# cat /etc/apache2/sites-available/puppetmaster_worker.conf
    Listen 8140
    <VirtualHost *:8140>
      SSLEngine off
    
      # Obtain Authentication Information from Client Request Headers
      SetEnvIf X-Client-Verify "(.*)" SSL_CLIENT_VERIFY=$1
      SetEnvIf X-SSL-Client-DN "(.*)" SSL_CLIENT_S_DN=$1
    
      PassengerEnabled On
      DocumentRoot /usr/share/puppet/rack/puppetmasterd/public
      <Directory /usr/share/puppet/rack/puppetmasterd>
        Options None
        AllowOverride None
        Order allow,deny
        allow from all
      </Directory>
    
      # log settings
      ErrorLog /var/log/apache2/puppetmaster_worker_error.log
      CustomLog /var/log/apache2/puppetmaster_worker_access.log combined
    
    </VirtualHost>
    
    # 设置好apache虚拟主机, 重启apache2服务
    root@master-2:~# cd /etc/apache2/sites-enabled/
    root@master-2:/etc/apache2/sites-enabled# ll
    total 0
    lrwxrwxrwx 1 root root 26 Dec 14 21:48 000-default -> ../sites-available/default
    root@master-2:/etc/apache2/sites-enabled# ln -s ../sites-available/puppetmaster_worker.conf puppet_worker
    root@master-2:/etc/apache2/sites-enabled# ll
    total 0
    lrwxrwxrwx 1 root root 26 Dec 14 21:48 000-default -> ../sites-available/default
    lrwxrwxrwx 1 root root 43 Jan  7 19:59 puppet_worker -> ../sites-available/puppetmaster_worker.conf
    root@master-2:/etc/apache2/sites-enabled# service  apache2 restart
    [ ok ] Restarting web server: apache2 ... waiting .
    

    机器A 的环境

    就用 puppet横向扩展(一) 中所使用的环境就行
    上面的机器B 配置好之后, 把机器B 的apache虚拟机也加到 机器A 的负载均衡配置中.

    root@master-1:~# cat /etc/apache2/sites-available/puppetmaster_proxy.conf
    # Available back-end worker virtual hosts
    # NOTE the use of cleartext unencrypted HTTP.
    <Proxy balancer://puppetmaster>
      BalancerMember http://127.0.0.1:18140
      BalancerMember http://127.0.0.1:18141
      BalancerMember http://192.168.1.101:8140
    </Proxy>
    
    Listen 8140
    <VirtualHost *:8140>
      SSLEngine on
      # SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA
      SSLProtocol ALL +SSLv3 +TLSv1
      SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
      #SSLProtocol ALL -SSLv2
      #SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP
      # Puppet master should generate initial CA certificate.
      # ensure certs are located in /var/lib/puppet/ssl
      SSLCertificateFile /var/lib/puppet/ssl/certs/master-1.puppet.com.pem
      SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/master-1.puppet.com.pem
      SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
      SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
      SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
      # optional to all CSR request, required if certificates distributed to client during provisioning.
      SSLVerifyClient optional
      SSLVerifyDepth 1
      SSLOptions +StdEnvVars
    
      # The following client headers record authentication information for downstream workers.
      RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
      RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
      RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
    
      <Location />
        SetHandler balancer-manager
        Order allow,deny
        Allow from all
      </Location>
    
      ProxyPass / balancer://puppetmaster/
      ProxyPassReverse / balancer://puppetmaster/
      ProxyPreserveHost On
    
      # log settings
      ErrorLog /var/log/apache2/balancer_error.log
      CustomLog /var/log/apache2/balancer_access.log combined
      CustomLog /var/log/apache2/balancer_ssl_requests.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x "%r" %b"
    
    </VirtualHost>
    root@master-1:~# service apache2 restart
    [ ok ] Restarting web server: apache2 ... waiting .
    

    主要就是加入 [BalancerMember http://192.168.1.101:8140] 的配置.

    测试配置结果

    默认的负载均衡

    # master-1 上执行, 清理log, 重启 apache2 服务
    root@master-1:~# rm  /var/log/apache2/* -rf
    root@master-1:~# service apache2 restart
    [ ok ] Restarting web server: apache2 ... waiting .
    root@master-1:~# ll /var/log/apache2/
    total 4
    -rw-r--r-- 1 root root   0 Jan  7 20:14 access.log
    -rw-r--r-- 1 root root   0 Jan  7 20:14 balancer_access.log
    -rw-r--r-- 1 root root   0 Jan  7 20:14 balancer_error.log
    -rw-r--r-- 1 root root   0 Jan  7 20:14 balancer_ssl_requests.log
    -rw-r--r-- 1 root root 155 Jan  7 20:14 error.log
    -rw-r--r-- 1 root root   0 Jan  7 20:14 other_vhosts_access.log
    -rw-r--r-- 1 root root   0 Jan  7 20:14 puppetmaster_worker_access_1.log
    -rw-r--r-- 1 root root   0 Jan  7 20:14 puppetmaster_worker_access_2.log
    -rw-r--r-- 1 root root   0 Jan  7 20:14 puppetmaster_worker_error_1.log
    -rw-r--r-- 1 root root   0 Jan  7 20:14 puppetmaster_worker_error_2.log
    
    # master-2 上执行, 清理log, 重启 apache2 服务
    root@master-2:/etc/apache2/sites-enabled# rm /var/log/apache2/* -rf
    root@master-2:/etc/apache2/sites-enabled# service apache2 restart
    [ ok ] Restarting web server: apache2 ... waiting .
    root@master-2:/etc/apache2/sites-enabled# ll /var/log/apache2/
    total 4
    -rw-r--r-- 1 root root   0 Jan  7 20:15 access.log
    -rw-r--r-- 1 root root 155 Jan  7 20:15 error.log
    -rw-r--r-- 1 root root   0 Jan  7 20:15 other_vhosts_access.log
    -rw-r--r-- 1 root root   0 Jan  7 20:15 puppetmaster_worker_access.log
    -rw-r--r-- 1 root root   0 Jan  7 20:15 puppetmaster_worker_error.log
    
    # node-1 上执行
    root@node-1:~# puppet agent -t
    Info: Retrieving pluginfacts
    Info: Retrieving plugin
    Info: Caching catalog for node-1.puppet.com
    Info: Applying configuration version '1420633009'
    Notice: Finished catalog run in 0.02 seconds
    
    # master-1 上查看 log 结果
    root@master-1:~# ll /var/log/apache2/
    total 20
    -rw-r--r-- 1 root root   0 Jan  7 20:14 access.log
    -rw-r--r-- 1 root root 821 Jan  7 20:16 balancer_access.log
    -rw-r--r-- 1 root root   0 Jan  7 20:14 balancer_error.log
    -rw-r--r-- 1 root root 903 Jan  7 20:16 balancer_ssl_requests.log
    -rw-r--r-- 1 root root 155 Jan  7 20:14 error.log
    -rw-r--r-- 1 root root   0 Jan  7 20:14 other_vhosts_access.log
    -rw-r--r-- 1 root root 300 Jan  7 20:16 puppetmaster_worker_access_1.log
    -rw-r--r-- 1 root root 309 Jan  7 20:16 puppetmaster_worker_access_2.log
    -rw-r--r-- 1 root root   0 Jan  7 20:14 puppetmaster_worker_error_1.log
    -rw-r--r-- 1 root root   0 Jan  7 20:14 puppetmaster_worker_error_2.log
    root@master-1:~# cat /var/log/apache2/balancer_access.log
    192.168.1.120 - - [07/Jan/2015:20:16:40 +0800] "GET /production/node/node-1.puppet.com?transaction_uuid=2d53569c-b6bf-4396-87b4-c0c341379d3c&fail_on_404=true HTTP/1.1" 200 10466 "-" "Ruby"
    192.168.1.120 - - [07/Jan/2015:20:16:41 +0800] "GET /production/file_metadatas/pluginfacts?links=manage&recurse=true&ignore=.svn&ignore=CVS&ignore=.git&checksum_type=md5 HTTP/1.1" 200 569 "-" "Ruby"
    192.168.1.120 - - [07/Jan/2015:20:16:42 +0800] "GET /production/file_metadatas/plugins?links=manage&recurse=true&ignore=.svn&ignore=CVS&ignore=.git&checksum_type=md5 HTTP/1.1" 200 569 "-" "Ruby"
    192.168.1.120 - - [07/Jan/2015:20:16:49 +0800] "POST /production/catalog/node-1.puppet.com HTTP/1.1" 200 869 "-" "Ruby"
    192.168.1.120 - - [07/Jan/2015:20:16:49 +0800] "PUT /production/report/node-1.puppet.com HTTP/1.1" 200 298 "-" "Ruby"
    root@master-1:~# cat /var/log/apache2/puppetmaster_worker_access_1.log
    127.0.0.1 - - [07/Jan/2015:20:16:40 +0800] "GET /production/node/node-1.puppet.com?transaction_uuid=2d53569c-b6bf-4396-87b4-c0c341379d3c&fail_on_404=true HTTP/1.1" 200 5122 "-" "Ruby"
    127.0.0.1 - - [07/Jan/2015:20:16:49 +0800] "POST /production/catalog/node-1.puppet.com HTTP/1.1" 200 867 "-" "Ruby"
    root@master-1:~# cat /var/log/apache2/puppetmaster_worker_access_2.log
    127.0.0.1 - - [07/Jan/2015:20:16:41 +0800] "GET /production/file_metadatas/pluginfacts?links=manage&recurse=true&ignore=.svn&ignore=CVS&ignore=.git&checksum_type=md5 HTTP/1.1" 200 567 "-" "Ruby"
    127.0.0.1 - - [07/Jan/2015:20:16:49 +0800] "PUT /production/report/node-1.puppet.com HTTP/1.1" 200 296 "-" "Ruby"
    
    # master-2 上查看 log 结果
    root@master-2:/etc/apache2/sites-enabled# ll /var/log/apache2/
    total 8
    -rw-r--r-- 1 root root   0 Jan  7 20:15 access.log
    -rw-r--r-- 1 root root 155 Jan  7 20:15 error.log
    -rw-r--r-- 1 root root   0 Jan  7 20:15 other_vhosts_access.log
    -rw-r--r-- 1 root root 195 Jan  7 20:16 puppetmaster_worker_access.log
    -rw-r--r-- 1 root root   0 Jan  7 20:15 puppetmaster_worker_error.log
    root@master-2:/etc/apache2/sites-enabled# cat /var/log/apache2/puppetmaster_worker_access.log
    192.168.1.100 - - [07/Jan/2015:20:16:42 +0800] "GET /production/file_metadatas/plugins?links=manage&recurse=true&ignore=.svn&ignore=CVS&ignore=.git&checksum_type=md5 HTTP/1.1" 200 567 "-" "Ruby"
    

    从上面的log中可以看出, master-1 上的worker_1 和 worker_2 分别处理了 2 个请求,
    master-2 上的 worker 处理了 1 个请求.

    其他情况

    可以仿照 puppet 横向扩展(一) 中设置其中一个 worker 挂了之后的负载均衡的反应.
    比如删除 master-1 或者 master-2 中的apache虚拟主机配置, 然后看负载均衡的效果.

    我做了尝试, 就不在这里一一列举了. 有问题欢迎一起交流.

  • 相关阅读:
    BTree和B+Tree详解
    python小技巧01递归解释内嵌
    Python实战171201筛选数据
    学术网站
    现代科技新闻
    人工智能——深度学习介绍
    时区缩写
    centos7忘记root密码
    centos7正确关机重启
    虚拟化漫谈
  • 原文地址:https://www.cnblogs.com/wang_yb/p/4298601.html
Copyright © 2020-2023  润新知