Hi,
i'm actually using puppet+mongrel for 630 servers. Performances are
correct, but we need to reboot the puppetmaster every 3 hours because
of memory problems :-(
I decided to migrate to a configuration puppet+apache2+passanger on a
Ubuntu 10.04 system.
During my tests, everything was working correctly but when i moved in
production with the 630 servers, performances was very bad: most of
the clients could not retreived their configurations (with an error
message "err: Configuration retrieval timed out") and the puppetmaster
has a high load (load=~20 with 10 puppetmaster launched, load=4 with 1
puppetmaster launched).
I check everywhere what could be wrong on my system without finding
something :-(
Maybe one here may have a clue ?
Thanks !!
My configuration:
OS: ubuntu 10.04
puppetmaster 0.25.4-2ubuntu6
libapache2-mod-passenger 2.2.7debian-1
My installation procedure (maybe could help) :
$ apt-get install puppetmaster
$ update-rc.d -f puppetmaster remove
$ perl -i -pe's...@^start=yes@START=no@' /etc/default/puppetmaster
$ mkdir /etc/puppet/run
$ chown puppet:root /etc/puppet/run
$ apt-get install apache2 libapache2-mod-passenger rails librack-
ruby
$ a2enmod ssl
$ a2enmod headers
=> configure Apache and passanger
$ cat > /etc/apache2/mods-available/passenger.conf << EOF
<IfModule mod_passenger.c>
PassengerRoot /usr
PassengerRuby /usr/bin/ruby
PassengerHighPerformance on
PassengerMaxPoolSize 10
PassengerPoolIdleTime 300
PassengerUseGlobalQueue on
PassengerStatThrottleRate 120
RackAutoDetect Off
RackBaseURI /
RailsAutoDetect Off
</IfModule>
EOF
$ cat > /etc/apache2/sites-available/puppetmasterd << EOF
# you probably want to tune these settings
PassengerHighPerformance on
PassengerMaxPoolSize 1
PassengerPoolIdleTime 1500
# PassengerMaxRequests 1000
PassengerStatThrottleRate 120
RackAutoDetect Off
RailsAutoDetect Off
Listen 8140
<VirtualHost *:8140>
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLCertificateFile /var/lib/puppet/ssl/certs/
frcrbvesrv0029.ymagis.net.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/
frcrbvesrv0029.ymagis.net.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
# CRL checking should be enabled; if you have problems with
Apache complaining about the CRL,
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
ErrorLog /var/log/apache2/puppetmaster-error.log
CustomLog /var/log/apache2/puppetmaster-access.log combined
CustomLog /var/log/apache2/puppetmaster-ssl_request.log "%t %h
%{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
DocumentRoot /etc/puppet/rack/public
RackBaseURI /
<Directory /etc/puppet/rack/>
Options None
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>
EOF
$ a2ensite puppetmasterd
mkdir -p /etc/puppet/rack/public
# ex: http://www.puppetlabs.com/downloads/puppet/puppet-0.25.0beta1.tar.gz
# see the file ext/rack/README
cat > /etc/puppet/rack/config.ru << EOF
# a config.ru, for use with every rack-compatible webserver.
# SSL needs to be handled outside this, though.
# if puppet is not in your RUBYLIB:
# $:.push('/opt/puppet/lib')
$0 = "puppetmasterd"
require 'puppet'
# if you want debugging:
# ARGV << "--debug"
ARGV << "--rack"
require 'puppet/application/puppetmasterd'
# we're usually running inside a Rack::Builder.new {} block,
# therefore we need to call run *here*.
run Puppet::Application[:puppetmasterd].run
EOF
chown puppet:root /etc/puppet/rack/config.ru
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
