没有合适的资源?快使用搜索试试~ 我知道了~
资源详情
资源评论
资源推荐
CHAPTER
4
Scaling
Puppet
You've
seen
that
the
Puppet
agent
and
master
require
very
little
work
to
gel
up
and
running
on
a
handful
of
nudes
using
the
default
configuration.
It
is,
however,
a
significantly
more
involved
undertaking
to
scale
Puppet
to
handle
hundreds
of
nodes.
Yet
many
installations
are
successfully
using
Puppet
to
manage
hundreds,
thousands,
and
tens
of
thousands
of
nudes.
In
this
chapter,
we
cover
a
number
of
proven
strategies
that
are
employed
to
scale
Puppet.
•
You'll
see
how
to
enable
a
single
Puppet
master
system
to
handle
hundreds
[if
nodes
using
the
Apache
web
server.
*
We
also
demonstrate
how
to
configure
more
than
one
Puppet
master
system
to
handle
thousands
of
nodes
using
a
load
balancer.
*
Throughout,
we
make
a
number
of
recommendations
to
help
you
avoid
the
common
pitfalls
related
to
performance
and
scalahility,
*
We
will
demonstrate
a
masterless
Puppet
configuration,
In
which
each
node
has
a
full
checkout
of
the
puppet
code
and
runs
puppet
apply
locally,
usually
via
cron.
Thi$
approach
enables
infinite
scalability
and
redundancy;
the
nodes
no
longer
share
any
single
bottleneck.
*
Finally,
you’ll
learn
how
to
measure
the
performance
of
the
Puppet
master
infrastructure
in
order
to
determine
when
it's
time
to
add
more
capacity.
We
also
provide
two
small
scripts
to
avoid
the
"thundering-
herd
effect*'
and
to
measure
catalog
compilation
Lime.
First,
though,
we
to
need
review
some
of
Lhe
challenges
you'll
he
facing
along
Lhe
way*
Identifying
the
Challenges
Earlier
in
the
hunk,
you
learned
a
bit
ahcuL
Puppet's
client-server
cunfigu
ration
and
the
use
[if
SSL
to
secure
connections
between
the
agent
and
the
master.
Puppet
uses
SSL,
specifically
the
HTTPS
protocol,
to
communicate,
Asa
result,
when
we’re
scaling
Pup
pet
we
are
in
fact
scaling
a
web
service,
and
many
of
the
problems
(and
the
solutions)
overlap
with
those
of
traditional
web
scaling,
Consequendy,
the
two
challenges
we’re
going
to
need
to
address
when
scaling
Puppet
are
these:
•
Scaling
the
transport
•
Scaling
SSL
The
first
challenge
requires
that
we
increase
the
performance
and
potential
number
of
possible
master
and
agent
connections.
The
second
requires
that
we
implement
good
management
of
the
SSL
certificates
that
secure
Lhe
connection
helween
the
master
and
the
agent.
Both
challenges
require
changes
to
Puppet's
out-
of-
Lhe
-box
configuration,
97
CHAPTER
4
SCALING
PUPPET
In
Chapter
1
we
started
the
Puppet
Master
using
the
puppet
master
command.
The
default
Puppet
Master
configuration
makes
use
of
the
Web
rick
Ruby-based
HTTP
server.
Puppet
ships
Wehrick
to
eliminate
Lhe
need
to
set
up
a
web
server
like
Apache
to
handle
HTTPS
requests
immediately.
While
the
Wehrick
server
provides
quick
and
easy
testing,
it
does
not
provide
a
scalable
solution
and
should
not
be
used
except
to
evaluate,
test,
and
develop
Puppet
installations.
Tn
production
situations,
a
more
robust
web
server
such
as
Apache
orNginx
is
necessary
to
handle
the
number
of
client
requests.
Therefore,
the
first
order
of
business
wThen
scaling
Puppet
is
to
replace
the
default
Wehrick
HTTP
server.
In
the
following
section,
we
first
replace
Wehrick
with
Lhe
Apache
web
server
[in
a
single
Puppet
master
system
and
then
show
how
this
strategy
can
be
extended
to
multiple
Puppet
master
systems
working
behind
a
load
balancer,
The
second
change
to
Pup
pet’s
out-of-the-box
configuration
is
the
management
of
the
SSL
certificates
that
Puppet
uses
to
secure
Lhe
connection
hetween
agent
and
master.
The
Puppet
master
stores
a
copy
of
every
certificate
issued,
along
with
a
revocation
list
This
information
needs
to
he
kept
in
sync
across
the
Puppet
worker
nodes.
So,
together
with
the
transport
mechanism
between
the
agent
and
master,
we'll
explore
the
two
main
options
of
handling
SSL
certificates
in
a
scalable
Puppet
deployment:
*
Using
a
single
Certificate
Authority
(CA)
Puppet
master
*
Distributing
the
same
CA
across
multiple
Puppet
masters
Running
the
Puppet
Master
with
Apache
and
Passenger
The
first
scaling
example
wTere
going
to
demonstrate
is
the
combination
of
the
Apache
web
server
with
a
module
called
Phusion
Passenger,
which
is
also
known
as
mod_rails,
mod_pa55enger,
or
just
Passenger.
Passenger
is
an
Apache
module
that
allows
the
embedding
of
Ruby
applications,
much
as
mod
php
or
mod_perl
allow
the
embedding
of
THr
and
Perl
applications.
The
Passenger
module
is
not
a
standard
module
that
ships
with
Apache
web
server
and,
as
a
result,
must
be
installed
separately.
Passenger
Is
available
as
a
RubyGem
package,
or
it
may
be
downloaded
and
installed
from
http:
//www.modrails.
com/.
In
some
distributions,
Passenger
maybe
available
from
packages.
We
will
discuss
installing
Passenger
In
depth.
For
networks
of
one
10
two
thousand
Puppet-
managed
nodes,
a
single
Puppet
master
system
running
inside
Apache
with
Passenger
is
often
sufficient
Later
in
this
chapter,
we
will
examine
how
to
run
multiple
Puppet
master
systems
to
provide
high
availability
or
support
for
an
even
larger
number
of
Puppet-
managed
nodes.
These
more
complex
configurations
will
all
build
on
the
baste
Apache
and
Passenger
configuration
we
introduce
tO
yOU
here.
We
will
also
build
upon
the
Puppet
master
configuration
w
e
created
in
Chapter
2
and
the
environment
structure
we
introduced
in
Chapter
3.
First,
you
need
to
install
Apache
and
Passenger,
and
then
configure
Apache
to
handle
the
SSL
authentication
and
verification
of
the
Puppet
agent,
and
finally
connect
Apache
to
the
Tuppet
master
and
ensure
that
everything
is
working
as
expected.
As
we
scale
Puppet
up,
it
is
important
to
draw*
the
distinction
between
the
idea
of
a
front-end
HTTP
request
handler
and
a
back-end
Puppet
master
worker
process.
The
front-
end
request
handler
is
responsible
for
accepting
the
TCP
connection
from
the
Puppet
agent,
selecting
an
appropriate
hack-
end
worker,
muting
the
request
to
the
worker,
accepting
the
response,
and
finally
serving
it
back
to
the
Puppet
agent.
This
distinction
between
a
front-end
request
handler
and
a
back-end
worker
process
is
a
common
concept
when
scaling
web
services.
Installing
Apache
and
Passenger
To
get
started,
you
need
to
install
Apache
and
Passenger.
Both
are
relatively
simple
and
easy
to
set
up.
Installing
Apache
and
Passenger
on
Debian/Ubuntu
LTS
Installing
a
Puppet
master
on
Debian/Ubuntu
is
trivial
because
Puppet
Labs
supplies
a
package
from
its
apt.puppetlabs.com
repository
to
do
all
the
work.
98
CHAPTER
4
SCALING
PUPPET
First,
setup
the
apt.
puppet
labs,
com
repository
as
described
in
Chapter
1.
Second,
install
the
puppetlabs-
passenger
package:
root
@pro-
puppet
-master:”#
apt-get
install
puppetmaster
-passenger
This
will
install
all
the
dependencies
and
set
up
your
Puppet
master
for
use.
You
can
copy
your
modules
and
manifests
from
earlier
chapters
into
/etc
/puppet.
The
package
has
created
a
certificate
authority
for
you
by
detecting
Lhe
machine’s
fully
qualified
domain
name
(FQDN)
and
has
started
the
service.
Somewhat
confusingly,
the
Puppet
master
is
controlled
through
the
service
apaches,
so
for
instance
restarting
the
Puppet
master
looks
like
this:
root@pro-puppet-master:,~#
service
apache2
restart
Mote
When
you
revoke
a
certificate
on
the
Puppet
master,
it
won’t
take
effect
until
Apache
is
restarted.
This
is
because
Apache
only
reads
the
CRL
(Certificate
Revocation
List)
file
on
startup.
When
debugging
certificate
and
SSL
errors
anywhere
in
the
Puppet
toolchain,
it
is
a
good
idea
to
restart
Apache
frequently,
because
it
does
a
lot
of
certificate
caching.
If
appropriate,
disable
the
Webrick
server;
root@pro-puppet-master-ubuntu:'''#
update-rc.
d
-f
puppetmaster
remove
Installing
Apache
and
Passenger
on
Enterprise
Linux
Precompiled
Passenger
packages
may
not
be
available
for
your
platform,
however,
making
configuration
a
little
more
complex.
This
section
covers
the
installation
of
Apache
and
Passenger
on
the
Enterprise
Linux
family
of
systems
such
as
CentOS,
RedHat
Enterprise
Linux,
and
Oracle
Enterprise
Linux,
Begin
by
installing
the
Puppet
Labs
yum
repository,
as
explained
in
Chapter
1.
Then
install
the
puppet-
server
package.
Also
run
puppet
-master
once
to
generate
all
necessary
certificates.
Finally
disable
the
Puppet
Webrick
server.
Listing
4-1
summarizes
the
setup
sequence.
Listing
4-1.
Initial
Puppet
master
setup
on
Enterprise
Linux
[rootlfflpro-
pup
pet
-mas
ter-
centos
~]ff
yum
install
puppet-
server
[root@pro-puppet-master-centos
~]#
puppet
master
[root@pro-
puppet-master-
centos
']#
pgrep
-If
puppet
725
/usr/bin/ruby
/usr/bin/puppet
master
[root@pro-puppet-master-cento5
~]#
Is
/etc/init.
d/puppet*
puppetmaster
puppetqueue
puppet
[rootlfflpro-
pup
pet
-mas
ter-
centos
~]ft
/etc/init.
d/puppet
stop
Stopping
puppet
agent:
[rootppro-
puppet-master
-centos
~]ff
/etc/init.d/puppetmaster
stop
Stopping
puppetmaster:
[root@pro-puppet-master-centos
~]#
/etc/init.d/puppetqueue
stop
Stopping
puppet
queue:
[rootUpro-
pup
pet
-mas
ter-
centos
“]#
chkconfig
puppetmaster
off
[FAILED]
[
OK
]
[FAILED]
99
CHAPTER
4
SCALING
PUPPET
Note
The
failed
messages
in
the
output
simply
mean
those
services
were
off
to
begin
with.
Turning
them
off
here
is
just
for
clarity
to
the
reader.
Puppet
Queue
is
legacy
and
should
always
be
off.
剩余69页未读,继续阅读
duohejia
- 粉丝: 3
- 资源: 4
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- mybatis动态sql及其JAVA示例
- 微软常用运行库 游戏运行库 VC++各个版本
- 微信小程序开发教程.pptx
- MyBatis动态SQL是一种强大的特性,它允许我们在SQL语句中根据条件动态地添加或删除某些部分,从而实现更加灵活和高效的数据
- 锐捷网络认证中心网络管理.pdf
- MyBatis动态SQL是一种强大的特性,它允许我们在SQL语句中根据条件动态地添加或删除某些部分,从而实现更加灵活和高效的数据
- SD8233LF是一款用于单按键触摸及接近感应开关,其用途是替代传统的机械型开关芯片IC
- 基于YOLOv5的烟雾火焰检测算法研究
- 基于STM32的联合调试侦听设备解决方案原理图PCB源文件调试工具视频(大赛作品)
- MyBatis动态SQL是一种强大的特性,它允许我们在SQL语句中根据条件动态地添加或删除某些部分,从而实现更加灵活和高效的数据
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功
评论0