Centos 7 Saltstack自动化部署Haproxy+Keepalived-阿里云开发者社区

master node 10.10.10.1

minion node 10.10.10.2

# cat /etc/salt/master |grep -v "#" |grep -v "^ *$"

interface: 10.10.10.1

state_top: top.sls

file_roots:

base:

- /etc/salt/base

prod:

- /etc/salt/prod

pillar_roots:

base:

- /etc/salt/pillar/base

prod:

- /etc/salt/pillar/prod

# cat /etc/redhat-release

CentOS Linux release 7.2.1511 (Core)

[root@app-LT-177 etc]# cat /etc/salt/minion |grep -v "#" |grep -v "^ *$"

master: 10.10.10.1

id: 10.10.10.2

mkdir -p /etc/salt/base 创建file目录base 存放集群top.sls文件

mkdir -p /etc/salt/base/init 存放初始化系统sls文件（dns等）

mkdir -p /etc/salt/prod 创建file目录prod

mkdir -p /etc/salt/prod/cluster/ 定义集群启动和配置文件拉取

mkdir -p /etc/salt/prod/cluster/files/ 存放keepalived.conf和haproxy.cfg文件

mkdir -p /etc/salt/prod/haproxy/ 存放haproxy安装sls

mkdir -p /etc/salt/prod/haproxy/files 存放haproxy安装包等

mkdir -p /etc/salt/prod/keepalived 存放keepalived安装sls

mkdir -p /etc/salt/prod/keepalived/files 存放keepalived安装包等

mkdir -p /etc/salt/prod/pkg/ 存放集群相关的安装包

mkdir -p /etc/salt/pillar/ 创建存放pillar目录

mkdir -p /etc/salt/pillar/base/ 创建pillar目录base 存放pillar的top.sls文件

mkdir -p /etc/salt/pillar/base/webservice/ 存放集群pillar的sls文件

mkdir -p /etc/salt/pillar/prod/ 创建pillar目录prod

##########################################

注意格式一定要注意格式

##########################################

#tree base/

base/

├── init

│ ├── dns.sls ----------1

│ ├── env_init.sls ----------2

│ ├── epel.sls ----------3

│ ├── files

│ │ └── resolv.conf----------4

│ ├── history.sls ----------5

│ └── pkg

│ └── epel-release-latest-7.noarch.rpm----6

└── top.sls ----------7

1.dns.sls

/etc/resolv.conf:

file.managed:

- source: salt://init/files/resolv.conf

- user: root

- group: root

- mode: 644

2.env_init.sls

include:

- init.dns

- init.history

- init.epel

3.epel.sls

epel-7:

file.managed:

- name: /etc/salt/epel-release-latest-7.noarch.rpm

- source: salt://init/pkg/epel-release-latest-7.noarch.rpm

- mode: 755

- user: root

- group: root

cmd.run:

- name: rpm -ivh /etc/salt/epel-release-latest-7.noarch.rpm --nodeps --force && rpm -qa |grep epel-release-7-11.noarch

4.resolv.conf

nameserver 114.114.114.114

5. history.sls

/etc/profile:

file.append:

- text:

- export HISTTIMEFORMAT="%F %T `who`"

6.epel-release-latest-7.noarch.rpm

epel 7 rpm包

7.top.sls

base:

'*':

- init.env_init

prod:

'*':

- cluster.haproxy

- cluster.keepalived-out

######################################

# tree prod/

prod/

├── cluster

│ ├── files

│ │ ├── haproxy.cfg --------1

│ │ └── keepalived-out.conf --------2

│ ├── haproxy.sls --------3

│ └── keepalived-out.sls --------4

├── haproxy

│ ├── files

│ │ ├── haproxy-1.7.9.tar.gz --------5

│ │ └── haproxy.init --------6

│ └── install.sls --------7

├── keepalived

│ ├── files

│ │ ├── chk_haproxy.sh --------8

│ │ ├── keepalived-1.2.1.tar.gz --------9

│ │ ├── keepalived.init --------10

│ │ ├── keepalived.rh.init --------11

│ │ └── keepalived.sysconfig --------12

│ └── install.sls --------13

└── pkg

└── pkg-init.sls --------14

1.haproxy.cfg

global

log 127.0.0.1 local3 info

maxconn 4096

uid 501

gid 501

daemon

nbproc 1

defaults

log global

mode http

maxconn 4096

retries 3

option redispatch

stats uri /haproxy

timeout connect 5000ms

timeout client 50000ms

timeout server 50000ms

balance leastconn

balance source

option abortonclose

listen stats

bind 0.0.0.0:1080

mode http

option httplog

maxconn 10

stats uri /admin

stats auth admin:Pa$$w0rd

stats hide-version

stats admin if TRUE

frontend http-in

bind *:8001

mode http

log global

option httplog

option httpclose

backend apache-server

mode http

balance roundrobin

option httpchk GET /index.html

cookie SERVERID insert indirect nocache

server html-A ip:80 weight 1 cookie 3 check inter 2000 rise 2 fall 3

server html-B ip:80 weight 1 cookie 4 check inter 2000 rise 2 fall 3

2. keepalived-out.conf

global_defs {

notification_email {

root@localhost

}

notification_email_from root@localhost

smtp_server 127.0.0.1

smtp_connect_timeout 30

router_id haproxy1

}

vrrp_script chk_haproxy {

script "/etc/keepalived/chk_haproxy.sh"

interval 2

}

vrrp_instance VI_1 {

state ` state `

interface eth0

virtual_router_id 100

priority ` priority `

advert_int 1

authentication {

auth_type PASS

auth_pass 1111

}

track_script {

chk_haproxy

}

virtual_ipaddress {

192.168.90.185

}

3.haproxy.sls

include:

- haproxy.install

haproxy-service:

file.managed:

- name: /etc/haproxy/haproxy.cfg

- source: salt://cluster/files/haproxy.cfg

- user: root

- group: root

- mode: 644

service.running:

- name: haproxy

- enable: True

- reload: True

- require:

- cmd: haproxy-init

- watch:

- file: haproxy-service

4.keepalived-out.sls

include:

- keepalived.install

keepalived-service:

file.managed:

- name: /etc/keepalived/keepalived.conf

- source: salt://cluster/files/keepalived-out.conf

- user: root

- group: root

- mode: 644

- template: jinja

- defaults:

state: {{ pillar['state'] }}

priority: {{ pillar['priority'] }}

service.running:

- name: keepalived

- reload: True

- enable: True

- watch:

- file: keepalived-service

5.haproxy-1.7.9.tar.gz 源码包

6.haproxy.init

#!/bin/sh

# chkconfig: - 85 15

# description: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited \

# for high availability environments.

# processname: haproxy

# config: /etc/haproxy/haproxy.cfg

# pidfile: /var/run/haproxy.pid

# Script Author: Simon Matter <simon.matter@invoca.ch>

# Version: 2004060600

# Source function library.

if [ -f /etc/init.d/functions ]; then

. /etc/init.d/functions

elif [ -f /etc/rc.d/init.d/functions ] ; then

. /etc/rc.d/init.d/functions

else

exit 0

# Source networking configuration.

. /etc/sysconfig/network

# Check that networking is up.

[ ${NETWORKING} = "no" ] && exit 0

# This is our service name

BASENAME=`basename $0`

if [ -L $0 ]; then

BASENAME=`find $0 -name $BASENAME -printf %l`

BASENAME=`basename $BASENAME`

BIN=/usr/local/haproxy/sbin/$BASENAME

CFG=/etc/$BASENAME/$BASENAME.cfg

[ -f $CFG ] || exit 1

PIDFILE=/var/run/$BASENAME.pid

LOCKFILE=/var/lock/subsys/$BASENAME

RETVAL=0

start() {

quiet_check

if [ $? -ne 0 ]; then

echo "Errors found in configuration file, check it with '$BASENAME check'."

return 1

echo -n "Starting $BASENAME: "

daemon $BIN -D -f $CFG -p $PIDFILE

RETVAL=$?

echo

[ $RETVAL -eq 0 ] && touch $LOCKFILE

return $RETVAL

}

stop() {

echo -n "Shutting down $BASENAME: "

killproc $BASENAME -USR1

RETVAL=$?

echo

[ $RETVAL -eq 0 ] && rm -f $LOCKFILE

[ $RETVAL -eq 0 ] && rm -f $PIDFILE

return $RETVAL

}

restart() {

quiet_check

if [ $? -ne 0 ]; then

echo "Errors found in configuration file, check it with '$BASENAME check'."

return 1

stop

start

}

reload() {

if ! [ -s $PIDFILE ]; then

return 0

quiet_check

if [ $? -ne 0 ]; then

echo "Errors found in configuration file, check it with '$BASENAME check'."

return 1

$BIN -D -f $CFG -p $PIDFILE -sf $(cat $PIDFILE)

}

check() {

$BIN -c -q -V -f $CFG

}

quiet_check() {

$BIN -c -q -f $CFG

}

rhstatus() {

status $BASENAME

}

condrestart() {

[ -e $LOCKFILE ] && restart || :

}

# See how we were called.

case "$1" in

start)

start

;;

stop)

stop

;;

restart)

restart

;;

reload)

reload

;;

condrestart)

condrestart

;;

status)

rhstatus

;;

check)

check

;;

echo $"Usage: $BASENAME {start|stop|restart|reload|condrestart|status|check}"

exit 1

esac

exit $?

7.install.sls

include:

- pkg.pkg-init

haproxy-install:

file.managed:

- name: /usr/local/src/haproxy-1.7.9.tar.gz

- source: salt://haproxy/files/haproxy-1.7.9.tar.gz

- mode: 755

- user: root

- group: root

cmd.run:

- name: cd /usr/local/src && tar zxvf haproxy-1.7.9.tar.gz && cd haproxy-1.7.9 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy && mkdir -p /etc/haproxy

- unless: test -d /usr/local/haproxy

- require:

- pkg: pkg-init

- file: haproxy-install

/etc/init.d/haproxy:

file.managed:

- source: salt://haproxy/files/haproxy.init

- mode: 755

- user: root

- group: root

- require:

- cmd: haproxy-install

haproxy-init:

cmd.run:

- name: chkconfig --add haproxy

- unless: chkconfig --list |grep haproxy

- require:

- file: /etc/init.d/haproxy

8.chk_haproxy.sh

#!/bin/bash

A=`ps -C haproxy --no-header | wc -l`

if [ $A -eq 0 ]

then /etc/init.d/haproxy start

sleep 3

if [ `ps -C haproxy --no-header | wc -l ` -eq 0 ]

then /etc/init.d/keepalived stop

9.keepalived-1.2.1.tar.gz 源码包

10. keepalived.init

#!/bin/sh

# Startup script for the Keepalived daemon

# processname: keepalived

# pidfile: /var/run/keepalived.pid

# config: /etc/keepalived/keepalived.conf

# chkconfig: - 21 79

# description: Start and stop Keepalived

# Source function library

. /etc/rc.d/init.d/functions

# Source configuration file (we set KEEPALIVED_OPTIONS there)

. /etc/sysconfig/keepalived

RETVAL=0

prog="keepalived"

start() {

echo -n $"Starting $prog: "

daemon /usr/local/keepalived/sbin/keepalived ${KEEPALIVED_OPTIONS}

RETVAL=$?

echo

[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog

}

stop() {

echo -n $"Stopping $prog: "

killproc keepalived

RETVAL=$?

echo

[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog

}

reload() {

echo -n $"Reloading $prog: "

killproc keepalived -1

RETVAL=$?

echo

}

# See how we were called.

case "$1" in

start)

start

;;

stop)

stop

;;

reload)

reload

;;

restart)

stop

start

;;

condrestart)

if [ -f /var/lock/subsys/$prog ]; then

stop

start

;;

status)

status keepalived

;;

echo "Usage: $0 {start|stop|reload|restart|condrestart|status}"

exit 1

esac

exit $RETVAL

11.keepalived.rh.init

#!/bin/sh

# Startup script for the Keepalived daemon

# processname: keepalived

# pidfile: /var/run/keepalived.pid

# config: /etc/keepalived/keepalived.conf

# chkconfig: 35 21 79

# description: Start and stop Keepalived

# Global definitions

PID_FILE="/var/run/keepalived.pid"

# source function library

. /etc/init.d/functions

RETVAL=0

start() {

echo -n "Starting Keepalived for LVS: "

daemon /usr/local/keepalived/sbin/keepalived -D

RETVAL=$?

echo

[ $RETVAL -eq 0 ] && touch /var/lock/subsys/keepalived

return $RETVAL

}

stop() {

echo -n "Shutting down Keepalived for LVS: "

killproc keepalived

RETVAL=0

echo

[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/keepalived

return $RETVAL

}

reload() {

echo -n "Reloading Keepalived config: "

killproc keepalived -1

RETVAL=$?

echo

return $RETVAL

}

# See how we were called.

case "$1" in

start)

start

;;

stop)

stop

;;

restart)

stop

start

;;

reload)

reload

;;

status)

status keepalived

;;

condrestart)

[ -f /var/lock/subsys/keepalived ] && $0 restart || :

;;

echo "Usage: $0 {start|stop|restart|reload|condrestart|status}"

exit 1

esac

exit 0

12.keepalived.sysconfig

# Options for keepalived. See `keepalived --help' output and keepalived(8) and

# keepalived.conf(5) man pages for a list of all options. Here are the most

# common ones :

# --vrrp -P Only run with VRRP subsystem.

# --check -C Only run with Health-checker subsystem.

# --dont-release-vrrp -V Dont remove VRRP VIPs & VROUTEs on daemon stop.

# --dont-release-ipvs -I Dont remove IPVS topology on daemon stop.

# --dump-conf -d Dump the configuration data.

# --log-detail -D Detailed log messages.

# --log-facility -S 0-7 Set local syslog facility (default=LOG_DAEMON)

KEEPALIVED_OPTIONS="-D"

13.install.sls

keepalived-install:

file.managed:

- name: /usr/local/src/keepalived-1.2.1.tar.gz

- source: salt://keepalived/files/keepalived-1.2.1.tar.gz

- mode: 755

- user: root

- group: root

cmd.run:

- name: cd /usr/local/src && tar zxf keepalived-1.2.1.tar.gz && cd keepalived-1.2.1 && ./configure --prefix=/usr/local/keepalived --disable-fwmark && make && make install PREFIX=/usr/local/keepalived && mkdir -p /etc/keepalived

- unless: test -d /usr/local/keepalived

- require:

- pkg: pkg-init

- file: keepalived-install

/etc/sysconfig/keepalived:

file.managed:

- source: salt://keepalived/files/keepalived.sysconfig

- mode: 644

- user: root

- group: root

/etc/keepalived/chk_haproxy.sh:

file.managed:

- source: salt://keepalived/files/chk_haproxy.sh

- mode: 755

- user: root

- group: root

/etc/init.d/keepalived:

file.managed:

- source: salt://keepalived/files/keepalived.rh.init

- mode: 755

- user: root

- group: root

- require:

- cmd: keepalived-install

keepalived-init:

cmd.run:

- name: chkconfig --add keepalived

- unless: chkconfig --list |grep keepalived

- require:

- file: /etc/init.d/keepalived

/etc/keepalived:

file.directory:

- user: root

- group: root

14. pkg-init.sls

pkg-init:

pkg.installed:

- names:

- gcc

- gcc-c++

- glibc

- make

- autoconf

- httpd

- httpd-devel

#########################################

# tree pillar/

pillar/

├── base

│ ├── top.sls -----------1

│ └── webservice

│ └── web.sls ----------2

└── prod

top.sls

base:

'10.10.10.1': minion ip

- webservice.web

'10.10.10.2':

- webservice.web

2.web.sls

{% if grains['host'] == 'app-LT-1' %} 主机名

state: MASTER

priority: 100

{% elif grains['host'] == 'app-LT-2' %}

state: BACKUP

priority: 50

{% endif %}

#salt '*' state.highstate test=True

#salt '*' state.highstate

本文转自潘阔 51CTO博客，原文链接：http://blog.51cto.com/pankuo/1982628，如需转载请自行联系原作者

Centos 7 Saltstack自动化部署Haproxy+Keepalived

热门文章

最新文章

相关课程

相关电子书

相关实验场景

推荐镜像