实验环境:
角色
主机名
IP 地址master
master.saltstack.com192.168.9.233
minion01.saltstack.com192.168.9.234
minion02.saltstack.com192.168.9.235
实验步骤:
全部主机:
hostnamectl set-hostname master.saltstack.com
hostnamectl set-hostname minion01.saltstack.com
hostnamectl set-hostname minion02.saltstack.com
cat << EOF >> /etc/hosts
192.168.10.101 master.saltstack.com
192.168.10.102 minion01.saltstack.com
192.168.10.105 minion02.saltstack.com
EOF
master:
rpm -ivh https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
yum clean all
yum install -y epel-release salt-master
[root@master ~]# vim /etc/salt/master
修改以下内容:
interface: 192.168.1.10
auto_accept: True
minion01:
rpm -ivh https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
yum clean all
yum install -y epel-release salt-master
vim /etc/salt/minion
修改以下内容:
master: 192.168.1.10
id: minion01.saltstack.com
minion02:
rpm -ivh https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
yum clean all
yum install -y epel-release salt-master
vim /etc/salt/minion
修改以下内容:
master: 192.168.1.10
id: minion02.saltstack.com
配置主控端
vim /etc/salt/master
file_roots:
base:
systemctl start salt-master
systemctl enable salt-master
配置被控端
vim /etc/salt/minion
master: master.saltstack.com //指定主控端 IP 地址
systemctl start salt-minion
systemctl enable salt-minion
配置通信认证
执行 salt-key -L 命令显示所有的 Minion 的认证信息
salt-key -L
执行 salt-key -A 命令可以接受所有 Unaccepted Keys 状态的 Minion 的认证信息
salt-key -A
测试通信状态
salt '*' test.ping
SaltStack 部署 Keepalived
mkdir /srv/salt
mkdir /srv/salt/pkg
vim /srv/salt/pkg/make.sls
make-pkg:
pkg.installed:
- pkgs:
- make
- gcc
- gcc-c++
- autoconf
- openssl
- openssl-devel
- pcre
- pcre-devel
- zlib
mkdir /srv/salt/keepalived
mkdir /srv/salt/keepalived/files
wget 192.168.10.103/package/keepalived-1.2.13.tar.gz
tar zxvf keepalived-1.2.13.tar.gz
cp keepalived-1.2.13.tar.gz /srv/salt/keepalived/files
cp keepalived-1.2.13/keepalived/etc/init.d/keepalived.init /srv/salt/keepalived/files/keepalived
cp keepalived-1.2.13/keepalived/etc/keepalived/keepalived.conf /srv/salt/keepalived/files
ls /srv/salt/keepalived/files/
keepalived keepalived-1.2.13.tar.gz keepalived.conf keepalived.sys
vim /srv/salt/keepalived/files/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id HAPROXY-HA
}
vrrp_instance VI_1 {
{% if grains['fqdn'] == 'minion01.saltstack.com' %}
state MASTER
priority 100
{% elif grains['fqdn'] == 'minion02.saltstack.com' %}
state BACKUP
priority 99
{% endif %}
interface eth0
virtual_router_id 50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.9.228
}
vim /srv/salt/keepalived/install.sls
include:
- pkg.make
keepalived-install:
file.managed:
- name: /usr/local/src/keepalived-1.2.13.tar.gz
- source: salt://keepalived/files/keepalived-1.2.13.tar.gz
cmd.run:
- name: cd /usr/local/src && tar zxf keepalived-1.2.13.tar.gz && cd keepalived-1.2.13 && ./configure --prefix=/usr/local/keepalived --with-init=SYSV && make && make install
- unless: test -d /usr/local/keepalived
- require:
- file: keepalived-install
/usr/sbin/keepalived:
file.symlink:
- target: /usr/local/keepalived/sbin/keepalived
/etc/keepalived:
file.directory:
- mode: 755
/etc/sysconfig/keepalived:
file.managed:
- source: salt://keepalived/files/keepalived.sys
- mode: 644
- user: root
/etc/init.d/keepalived:
file.managed:
- source: salt://keepalived/files/keepalived
- mode: 755
- user: root
cmd.run:
- name: chkconfig --add keepalived
- unless: chkconfig --list |grep keepalived
/etc/keepalived/keepalived.conf:
file.managed:
- source: salt://keepalived/files/keepalived.conf
- mode: 644
vim /srv/salt/keepalived/service.sls
include:
- keepalived.install
keepalived-service:
service.running:- name: keepalived
- enable: True
- reload: True
- watch:
vim /srv/salt/top.sls
base:
'minion0[1-2].saltstack.com':
salt '*' state.highstate
SaltStack 部署 Haproxy
mkdir /srv/salt/haproxy
mkdir /srv/salt/haproxy/files
wget 192.168.10.103/package/haproxy-1.5.19.tar.gz
tar zxvf haproxy-1.5.19.tar.gz
cp /root/haproxy-1.5.19.tar.gz /srv/salt/haproxy/files/
cp /root/haproxy-1.5.19/examples/haproxy.cfg /srv/salt/haproxy/files
cp /root/haproxy-1.5.19/examples/haproxy.init /srv/salt/haproxy/files/haproxy
ls /srv/salt/haproxy/files
haproxy haproxy-1.5.19.tar.gz haproxy.cfg
vim /srv/salt/haproxy/files/haproxy.cfg
global
log 127.0.0.1 local0
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 10000
user haproxy
gid haproxy
daemon
defaults
log global
mode http
option httplog
option dontlognull
option http-server-close
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout check 10s
maxconn 5000
listen stats *:10000
mode http
stats enable
stats uri /
stats refresh 5s
stats show-node
stats show-legends
stats hide-version
listen test 0.0.0.0:80
mode tcp
option tcplog
timeout client 10800s
timeout server 10800s
balance leastconn
option tcp-check
default-server port 8888 inter 2s downinter 5s rise 3 fall 2 slowstart 60s maxconn 5000 maxqueue 250 weight 100
server test-node1 minion01.saltstack.com:8888 check
mkdir /srv/salt/user
vim /srv/salt/user/haproxy.sls
haproxy:
group.present:
- gid: 300
user.present:
- uid: 300
- gid: 300
- shell: /sbin/nologin
vim /srv/salt/haproxy/install.sls
include:
- user.haproxy
haproxy-install:
file.managed:- name: /usr/local/src/haproxy-1.5.19.tar.gz
- source: salt://haproxy/files/haproxy-1.5.19.tar.gz
cmd.run: - name: cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux2628 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
- unless: test -d /usr/local/haproxy
- require:
- file: haproxy-install
/usr/sbin/haproxy:
file.symlink:
- file: haproxy-install
- target: /usr/local/haproxy/sbin/haproxy
/etc/haproxy:
file.directory: - mode: 755
/etc/haproxy/haproxy.cfg:
file.managed: - source: salt://haproxy/files/haproxy.cfg
- mode: 644
/etc/init.d/haproxy:
file.managed: - source: salt://haproxy/files/haproxy
- mode: 755
- user: root
cmd.run: - name: chkconfig --add haproxy
vim /srv/salt/haproxy/service.sls
include:
- haproxy.install
haproxy-service:
service.running:- name: haproxy
- enable: True
- reload: True
- watch:
vim /srv/salt/top.sls
base:
'minion0[1-2].saltstack.com':
- keepalived.service
salt '*' state.highstate
SaltStack 部署 Nginx
mkdir /srv/salt/nginx
mkdir /srv/salt/nginx/files
vim /srv/salt/user/nginx.sls
nginx:
group.present:
- gid: 400
user.present:
- uid: 400
- gid: 400
- shell: /sbin/nologin
wget 192.168.10.103/package/nginx-1.12.0.tar.gz
tar zxvf nginx-1.12.0.tar.gz
cp nginx-1.12.0.tar.gz /srv/salt/nginx/files
cp nginx-1.12.0/conf/nginx.conf /srv/salt/nginx/files
vim /srv/salt/nginx/files/nginx.service
[Unit]
Description=nginx service
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
PrivateTmp=true
[Install]
vim /srv/salt/nginx/files/index.html
{% if grains['fqdn'] == 'minion01.saltstack.com' %}
This is 192.168.9.234 node!
{% elif grains['fqdn'] == 'minion02.saltstack.com' %}
This is 192.168.9.235 node!
{% endif %}
ls /srv/salt/nginx/files/
index.html nginx-1.12.0.tar.gz nginx.conf nginx.service
vim /srv/salt/nginx/install.sls
include:
- user.nginx
nginx-install:
file.managed:- name: /usr/local/src/nginx-1.12.0.tar.gz
- source: salt://nginx/files/nginx-1.12.0.tar.gz
cmd.run: - name: cd /usr/local/src && tar zxf nginx-1.12.0.tar.gz && cd nginx-1.12.0 && ./configure --prefix=/usr/local/nginx && make && make install
- unless: test -d /usr/local/nginx
- require:
- file: nginx-install
/usr/local/nginx/conf/nginx.conf:
file.managed:
- file: nginx-install
- source: salt://nginx/files/nginx.conf
- mode: 644
cmd.run: - name: sed -i 's/#user nobody/user nginx/g' /usr/local/nginx/conf/nginx.conf && sed -i '0,/80/s/80/8888/' /usr/local/nginx/conf/nginx.conf
/usr/local/nginx/html/index.html:
file.managed: - source: salt://nginx/files/index.html
- mode: 644
- template: jinja
nginx-init:
file.managed: - name: /usr/lib/systemd/system/nginx.service
- source: salt://nginx/files/nginx.service
- mode: 644
- user: root
cmd.run: - name: systemctl enable nginx
vim /srv/salt/nginx/service.sls
include:
- nginx.install
nginx-service:
service.running:- name: nginx
- enable: True
- reload: True
- watch:
vim /srv/salt/top.sls
base:
'minion0[1-2].saltstack.com':
- keepalived.service
- haproxy.service
salt '*' state.highstate
tree /srv/salt/
/srv/salt/
├── haproxy
│ ├── files
│ │ ├── haproxy
│ │ ├── haproxy-1.5.19.tar.gz
│ │ └── haproxy.cfg
│ ├── install.sls
│ └── service.sls
├── keepalived
│ ├── files
│ │ ├── keepalived
│ │ ├── keepalived-1.2.13.tar.gz
│ │ ├── keepalived.conf
│ │ └── keepalived.sys
│ ├── install.sls
│ └── service.sls
├── nginx
│ ├── files
│ │ ├── index.html
│ │ ├── nginx-1.12.0.tar.gz
│ │ ├── nginx.conf
│ │ └── nginx.service
│ ├── install.sls
│ └── service.sls
├── pkg
│ └── make.sls
├── top.sls
└── user
├── haproxy.sls
└── nginx.sls
验证部署结果
登录两台 Minion 节点
查看 Keepalived 状态
ps -ef | grep keepalived
查看 VIP 状态如下
ip a | grep 192.168.9.228
查看 Haproxy 的状态
ps -ef | grep haproxy
查看 Nginx 的状态
ps -ef | grep nginx
通过 VIP 地址,查看 Haproxy 的状态
192.168.9.228:10000
在 Master 控制主机上,访问 VIP 地址
curl http://192.168.9.228
curl http://192.168.9.228
做一个破坏性测试,关闭 minion01.saltstack.com 主机ip a | grep 192.168.9.228
ip a | grep 192.168.9.228
查看 Haproxy 的状态,显示 minion01.saltstack.com 主机已宕机
在控制主机上再次访问 VIP 地址,后端一个 Nginx 节点正常提供服务
curl http://192.168.9.228
curl http://192.168.9.228
