puppet負荷等化nginx+mongrel
- yum install -y rubygem-mongrel
- echo -e "PUPPETMASTER_PORTS=( 18140 18141 18142 18143 18144 )\nPUPPETMASTER_EXTRA_OPTS=\"—servertype=mongrel --ssl_client_header=HTTP_X_SSL_SUBJECT\"" > /etc/sysconfig/puppetmaster
- useradd www
- groupadd www
- CORE_NUM=`cat /proc/cpuinfo | grep "model name" | wc -l`
- cd $path
- tar -zxvf pcre-8.10.tar.gz
- cd pcre-8.10/
- make clean
- ./configure --disable-shared --with-pic
- make && make install
- cd ../
- tar -zxvf nginx-1.2.1.tar.gz
- cd ./nginx-1.2.1/
- ./configure --prefix=$path_nginx --with-http_stub_status_module --with-http_ssl_module
- make && make install
- touch $path_nginx/html/index.php
- process () {
- ZERO=`for((i=1;i<=$CORE_NUM;i++));do echo -n "0";done;`
- for (( i = $CORE_NUM; i > o; i-- )); do
- echo -n ${ZERO:0:$i-1}"1"${ZERO:$i}" "
- done
- }
- sed -i "s/worker_processes.*/worker_processes $CORE_NUM;
worker_cpu_affinity $(process);/" $path_nginx/conf/nginx.conf
- sed -i "s/#user.*/user www www;/" $path_nginx/conf/nginx.conf
- sed -i "s/index.html index.htm;/index.php &/" $path_nginx/conf/nginx.conf
- sed -i "47 a#
location ~ \\\.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html/\$fastcgi_script_name;
include fastcgi_params;
include fastcgi.conf;}#" $path_nginx/conf/nginx.conf
-
- ###### ##########################
- sed -i "s/^http {/&
server_tokens off;/" $path_nginx/conf/nginx.conf
- ###################################nginx ########################################
- #sed -i "s#^path_nginx=.*#path_nginx=$path_nginx#" $path/nginxd
- cp $path/nginxd /etc/init.d/
- mv $path_nginx/conf/nginx.conf $path_nginx/conf/nginx.conf.bak
- mv $path/nginx.conf $path_nginx/conf
- chmod 755 /etc/init.d/nginxd
- chkconfig --add nginxd
- chkconfig nginxd on
- kill -9 `/usr/sbin/lsof -i:8140 | grep 8140 |awk '{print $2}'`
- echo "############################################"
- echo " status "
- service nginxd start
- service puppetmaster start
注意:nginx.confの内容は以下の通りです.自分の環境に合わせて修正してください.
- user www www;
- worker_processes 1;
- worker_cpu_affinity 1 ;
-
- error_log logs/error.log;
- #error_log logs/error.log notice;
- #error_log logs/error.log info;
-
- pid /usr/local/nginx/nginx.pid;
-
-
- events {
- worker_connections 1024;
- }
-
-
- http {
- server_tokens off;
- include mime.types;
- default_type application/octet-stream;
-
- #log_format main '$remote_addr - $remote_user [$time_local] "$request" '
- # '$status $body_bytes_sent "$http_referer" '
- # '"$http_user_agent" "$http_x_forwarded_for"';
-
- #access_log logs/access.log main;
-
- sendfile on;
- #tcp_nopush on;
-
- #keepalive_timeout 0;
- keepalive_timeout 65;
- upstream puppetmaster {
- server 127.0.0.1:18140;
- server 127.0.0.1:18141;
- server 127.0.0.1:18142;
- server 127.0.0.1:18143;
- server 127.0.0.1:18144;
- }
- #gzip on;
- server {
- listen 8140;
- root /etc/puppet;
- access_log /usr/local/nginx/logs/puppet_access.log;
- error_log /usr/local/nginx/logs/puppet_error.log;
- ssl on;
- ssl_session_timeout 5m;
- # Puppetmaster
- ssl_certificate /var/lib/puppet/ssl/certs/server.domain.com.pem;
- ssl_certificate_key /var/lib/puppet/ssl/private_keys/server.domain.com.pem;
- ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem;
- ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem;
- ssl_verify_client optional;
- # File sections
- location /production/file_content/files/ {
- types { }
- default_type application/x-raw;
- # , files
- alias /etc/puppet/files/;
- }
- # Modules files sections
- location ~ /production/file_content/modules/.+/ {
- root /etc/puppet/modules;
- types { }
- default_type application/x-raw;
- #rewrite ^/production/file_content/modules/(.+)/(.+)$ /$1/files/$2 break;
- rewrite ^/production/file_content/modules/([^/]+)/(.+)$ /$1/files/$2 break;
- }
- location / {
- # puppetmaster
- proxy_pass http://puppetmaster;
- proxy_redirect off;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Client-Verify $ssl_client_verify;
- proxy_set_header X-SSL-Subject $ssl_client_s_dn;
- proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
- proxy_buffer_size 10m;
- proxy_buffers 1024 10m;
- proxy_busy_buffers_size 10m;
- proxy_temp_file_write_size 10m;
- proxy_read_timeout 120;
- }
-
- }
- }
また、シナリオのnginxdとは、nginxの起動スクリプトのことで、以下の内容があります.
- #!/bin/sh
- #
- # nginx - this script starts and stops the nginx daemin
- #
- # chkconfig: - 85 15
- # description: Nginx is an HTTP(S) server, HTTP(S) reverse \
- # proxy and IMAP/POP3 proxy server
- # processname: nginx
- # config: /usr/local/nginx/conf/nginx.conf
- # pidfile: /usr/local/nginx/logs/nginx.pid
-
- # Source function library.
- . /etc/rc.d/init.d/functions
-
- # Source networking configuration.
- . /etc/sysconfig/network
-
- # Check that networking is up.
- [ "$NETWORKING" = "no" ] && exit 0
-
- nginx="/usr/local/nginx/sbin/nginx"
- prog=$(basename $nginx)
-
- NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"
-
- lockfile=/var/lock/subsys/nginx
-
- start() {
- [ -x $nginx ] || exit 5
- [ -f $NGINX_CONF_FILE ] || exit 6
- echo -n $"Starting $prog: "
- daemon $nginx -c $NGINX_CONF_FILE
- retval=$?
- echo
- [ $retval -eq 0 ] && touch $lockfile
- return $retval
- }
-
- stop() {
- echo -n $"Stopping $prog: "
- killproc $prog -QUIT
- retval=$?
- echo
- [ $retval -eq 0 ] && rm -f $lockfile
- return $retval
- }
-
- restart() {
- configtest || return $?
- stop
- start
- }
-
- reload() {
- configtest || return $?
- echo -n $"Reloading $prog: "
- killproc $nginx -HUP
- RETVAL=$?
- echo
- }
-
- force_reload() {
- restart
- }
-
- configtest() {
- $nginx -t -c $NGINX_CONF_FILE
- }
-
- rh_status() {
- status $prog
- }
-
- rh_status_q() {
- rh_status >/dev/null 2>&1
- }
-
- case "$1" in
- start)
- rh_status_q && exit 0
- $1
- ;;
- stop)
- rh_status_q || exit 0
- $1
- ;;
- restart|configtest)
- $1
- ;;
- reload)
- rh_status_q || exit 7
- $1
- ;;
- force-reload)
- force_reload
- ;;
- status)
- rh_status
- ;;
- condrestart|try-restart)
- rh_status_q || exit 0
- ;;
- *)
- echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
- exit 2
- esac
これで大体のシリーズシナリオは終わりました.
Puppetについては、実際にはfuncと組み合わせて使用することもできます.具体的なインストール過程は広さんのブログを探すことができます.
また、最近、saltという自動化された導入ツールがあることを知ったばかりで、最近テストしてもいい感じなので、勉強を続けることにしました.saltのインストールプロセスについてはすでにリリースされており、興味があれば一緒に勉強することができます.
OVER!!!!