Centos 7 Saltstack自动化部署Haproxy+Keepalived

本文涉及的产品
日志服务 SLS,月写入数据量 50GB 1个月
全局流量管理 GTM,标准版 1个月
公共DNS(含HTTPDNS解析),每月1000万次HTTP解析
简介:

master   node   10.10.10.1 

minion   node   10.10.10.2




# cat /etc/salt/master |grep -v "#" |grep -v "^ *$"

interface: 10.10.10.1

state_top: top.sls

file_roots:

  base:

    - /etc/salt/base

  prod:

    - /etc/salt/prod

pillar_roots:

  base:

    - /etc/salt/pillar/base

  prod:

    - /etc/salt/pillar/prod



# cat /etc/redhat-release

CentOS Linux release 7.2.1511 (Core)


[root@app-LT-177 etc]# cat /etc/salt/minion |grep -v "#" |grep -v "^ *$"

master: 10.10.10.1

id: 10.10.10.2


mkdir -p /etc/salt/base   创建file目录base 存放集群top.sls文件   

mkdir -p /etc/salt/base/init   存放初始化系统sls文件(dns等)

mkdir -p /etc/salt/prod   创建file目录prod

mkdir -p /etc/salt/prod/cluster/       定义集群启动和配置文件拉取

mkdir -p /etc/salt/prod/cluster/files/ 存放keepalived.conf和haproxy.cfg文件

mkdir -p /etc/salt/prod/haproxy/   存放haproxy安装sls

mkdir -p /etc/salt/prod/haproxy/files  存放haproxy安装包等

mkdir -p /etc/salt/prod/keepalived  存放keepalived安装sls

mkdir -p /etc/salt/prod/keepalived/files 存放keepalived安装包等

mkdir -p /etc/salt/prod/pkg/      存放集群相关的安装包

mkdir -p /etc/salt/pillar/     创建存放pillar目录

mkdir -p /etc/salt/pillar/base/  创建pillar目录base  存放pillar的top.sls文件

mkdir -p /etc/salt/pillar/base/webservice/  存放集群pillar的sls文件

mkdir -p /etc/salt/pillar/prod/   创建pillar目录prod



##########################################

注意格式              一定要注意格式

##########################################

#tree base/

base/

├── init

│   ├── dns.sls            ----------1

│   ├── env_init.sls     ----------2

│   ├── epel.sls           ----------3

│   ├── files           

│   │   └── resolv.conf----------4

│   ├── history.sls       ----------5

│   └── pkg

│       └── epel-release-latest-7.noarch.rpm----6

└── top.sls                  ----------7



1.dns.sls

/etc/resolv.conf:

  file.managed:

    - source: salt://init/files/resolv.conf

    - user: root

    - group: root

    - mode: 644


2.env_init.sls

include:

  - init.dns

  - init.history

  - init.epel


3.epel.sls 

epel-7:

  file.managed:

    - name: /etc/salt/epel-release-latest-7.noarch.rpm

    - source: salt://init/pkg/epel-release-latest-7.noarch.rpm

    - mode: 755

    - user: root

    - group: root


  cmd.run:

    - name:  rpm -ivh /etc/salt/epel-release-latest-7.noarch.rpm --nodeps --force && rpm -qa |grep epel-release-7-11.noarch



4.resolv.conf

nameserver 114.114.114.114


5.   history.sls

/etc/profile:

  file.append:

    - text:

      - export HISTTIMEFORMAT="%F %T `who`"


6.epel-release-latest-7.noarch.rpm

epel 7  rpm包


7.top.sls

base:

  '*':

    - init.env_init

prod:

  '*':

    - cluster.haproxy

    - cluster.keepalived-out



######################################


# tree prod/

prod/

├── cluster

│   ├── files                                  

│   │   ├── haproxy.cfg                    --------1

│   │   └── keepalived-out.conf       --------2

│   ├── haproxy.sls                           --------3

│   └── keepalived-out.sls               --------4

├── haproxy

│   ├── files                                     

│   │   ├── haproxy-1.7.9.tar.gz       --------5

│   │   └── haproxy.init                    --------6

│   └── install.sls                              --------7

├── keepalived

│   ├── files

│   │   ├── chk_haproxy.sh              --------8

│   │   ├── keepalived-1.2.1.tar.gz  --------9

│   │   ├── keepalived.init               --------10

│   │   ├── keepalived.rh.init           --------11

│   │   └── keepalived.sysconfig     --------12

│   └── install.sls                              --------13

└── pkg

    └── pkg-init.sls                            --------14



1.haproxy.cfg

global

    log 127.0.0.1 local3 info       

    maxconn 4096               

    uid 501                   

    gid 501                   

    daemon                       

    nbproc 1                       


defaults

    log    global

    mode    http           

    maxconn 4096       

    retries 3           

    option    redispatch   

    stats    uri  /haproxy   

    timeout connect 5000ms

    timeout client 50000ms

    timeout server 50000ms

    balance leastconn

    balance source

    option abortonclose


listen stats 

    bind 0.0.0.0:1080 

    mode http   

    option httplog   

    maxconn 10 

    stats uri /admin 

    stats auth admin:Pa$$w0rd   

    stats hide-version   

    stats admin if TRUE


frontend http-in

    bind *:8001

    mode http

    log  global

    option httplog

    option httpclose   


backend apache-server

    mode http

    balance roundrobin

    option httpchk GET /index.html

    cookie SERVERID insert indirect nocache

    server html-A ip:80 weight 1 cookie 3  check inter 2000 rise 2 fall 3

    server html-B ip:80 weight 1 cookie 4  check inter 2000 rise 2 fall 3


2.   keepalived-out.conf 

global_defs {                   

    notification_email {

        root@localhost

        }

    notification_email_from root@localhost

    smtp_server 127.0.0.1

    smtp_connect_timeout 30

    router_id haproxy1

    }

vrrp_script chk_haproxy {                         

    script "/etc/keepalived/chk_haproxy.sh"       

    interval 2                                    

    }


vrrp_instance VI_1 {               

    state ` state `               

    interface eth0               

    virtual_router_id 100           

    priority ` priority `               

    advert_int 1   

    authentication {

        auth_type PASS

        auth_pass 1111

        }

    track_script {                                

        chk_haproxy                               

        }   

    virtual_ipaddress {

        192.168.90.185

        }

    }


3.haproxy.sls

include:

  - haproxy.install

haproxy-service:

  file.managed:

    - name: /etc/haproxy/haproxy.cfg

    - source: salt://cluster/files/haproxy.cfg

    - user: root

    - group: root

    - mode: 644


  service.running:

    - name: haproxy

    - enable: True

    - reload: True

    - require:

      - cmd: haproxy-init

    - watch:

      - file: haproxy-service


4.keepalived-out.sls

include:

  - keepalived.install


keepalived-service:

  file.managed:

    - name: /etc/keepalived/keepalived.conf

    - source: salt://cluster/files/keepalived-out.conf

    - user: root

    - group: root

    - mode: 644

    - template: jinja

    - defaults:

        state: {{ pillar['state'] }}

        priority: {{ pillar['priority'] }}


  service.running:

    - name: keepalived

    - reload: True

    - enable: True

    - watch:

      - file: keepalived-service


5.haproxy-1.7.9.tar.gz  源码包


6.haproxy.init

#!/bin/sh

#

# chkconfig: - 85 15

# description: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited \

#              for high availability environments.

# processname: haproxy

# config: /etc/haproxy/haproxy.cfg

# pidfile: /var/run/haproxy.pid


# Script Author: Simon Matter <simon.matter@invoca.ch>

# Version: 2004060600


# Source function library.

if [ -f /etc/init.d/functions ]; then

  . /etc/init.d/functions

elif [ -f /etc/rc.d/init.d/functions ] ; then

  . /etc/rc.d/init.d/functions

else

  exit 0

fi


# Source networking configuration.

. /etc/sysconfig/network


# Check that networking is up.

[ ${NETWORKING} = "no" ] && exit 0


# This is our service name

BASENAME=`basename $0`

if [ -L $0 ]; then

  BASENAME=`find $0 -name $BASENAME -printf %l`

  BASENAME=`basename $BASENAME`

fi


BIN=/usr/local/haproxy/sbin/$BASENAME


CFG=/etc/$BASENAME/$BASENAME.cfg

[ -f $CFG ] || exit 1


PIDFILE=/var/run/$BASENAME.pid

LOCKFILE=/var/lock/subsys/$BASENAME


RETVAL=0


start() {

  quiet_check

  if [ $? -ne 0 ]; then

    echo "Errors found in configuration file, check it with '$BASENAME check'."

    return 1

  fi


  echo -n "Starting $BASENAME: "

  daemon $BIN -D -f $CFG -p $PIDFILE

  RETVAL=$?

  echo

  [ $RETVAL -eq 0 ] && touch $LOCKFILE

  return $RETVAL

}


stop() {

  echo -n "Shutting down $BASENAME: "

  killproc $BASENAME -USR1

  RETVAL=$?

  echo

  [ $RETVAL -eq 0 ] && rm -f $LOCKFILE

  [ $RETVAL -eq 0 ] && rm -f $PIDFILE

  return $RETVAL

}


restart() {

  quiet_check

  if [ $? -ne 0 ]; then

    echo "Errors found in configuration file, check it with '$BASENAME check'."

    return 1

  fi

  stop

  start

}


reload() {

  if ! [ -s $PIDFILE ]; then

    return 0

  fi


  quiet_check

  if [ $? -ne 0 ]; then

    echo "Errors found in configuration file, check it with '$BASENAME check'."

    return 1

  fi

  $BIN -D -f $CFG -p $PIDFILE -sf $(cat $PIDFILE)

}


check() {

  $BIN -c -q -V -f $CFG

}


quiet_check() {

  $BIN -c -q -f $CFG

}


rhstatus() {

  status $BASENAME

}


condrestart() {

  [ -e $LOCKFILE ] && restart || :

}


# See how we were called.

case "$1" in

  start)

    start

    ;;

  stop)

    stop

    ;;

  restart)

    restart

    ;;

  reload)

    reload

    ;;

  condrestart)

    condrestart

    ;;

  status)

    rhstatus

    ;;

  check)

    check

    ;;

  *)

    echo $"Usage: $BASENAME {start|stop|restart|reload|condrestart|status|check}"

    exit 1

esac

 

exit $?



7.install.sls

include:

  - pkg.pkg-init


haproxy-install:

  file.managed:

    - name: /usr/local/src/haproxy-1.7.9.tar.gz

    - source: salt://haproxy/files/haproxy-1.7.9.tar.gz

    - mode: 755

    - user: root

    - group: root


  cmd.run:

    - name: cd /usr/local/src && tar zxvf haproxy-1.7.9.tar.gz && cd haproxy-1.7.9 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy && mkdir -p /etc/haproxy

    - unless: test -d /usr/local/haproxy

    - require:

      - pkg: pkg-init

      - file: haproxy-install 



/etc/init.d/haproxy:

  file.managed:

    - source: salt://haproxy/files/haproxy.init

    - mode: 755

    - user: root

    - group: root

    - require:

      - cmd: haproxy-install


haproxy-init:

  cmd.run:

    - name: chkconfig --add haproxy

    - unless: chkconfig --list |grep haproxy

    - require:

      - file: /etc/init.d/haproxy





8.chk_haproxy.sh

#!/bin/bash

A=`ps -C haproxy --no-header | wc -l`

if [ $A -eq 0 ]

    then  /etc/init.d/haproxy start

        sleep 3

        if [ `ps -C haproxy --no-header | wc -l `  -eq 0 ]

        then  /etc/init.d/keepalived stop

        fi

fi


9.keepalived-1.2.1.tar.gz 源码包

10. keepalived.init 

#!/bin/sh

#

# Startup script for the Keepalived daemon

#

# processname: keepalived

# pidfile: /var/run/keepalived.pid

# config: /etc/keepalived/keepalived.conf

# chkconfig: - 21 79

# description: Start and stop Keepalived


# Source function library

. /etc/rc.d/init.d/functions


# Source configuration file (we set KEEPALIVED_OPTIONS there)

. /etc/sysconfig/keepalived


RETVAL=0


prog="keepalived"


start() {

    echo -n $"Starting $prog: "

    daemon /usr/local/keepalived/sbin/keepalived  ${KEEPALIVED_OPTIONS}

    RETVAL=$?

    echo

    [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog

}


stop() {

    echo -n $"Stopping $prog: "

    killproc keepalived

    RETVAL=$?

    echo

    [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog

}


reload() {

    echo -n $"Reloading $prog: "

    killproc keepalived -1

    RETVAL=$?

    echo

}


# See how we were called.

case "$1" in

    start)

        start

        ;;

    stop)

        stop

        ;;

    reload)

        reload

        ;;

    restart)

        stop

        start

        ;;

    condrestart)

        if [ -f /var/lock/subsys/$prog ]; then

            stop

            start

        fi

        ;;

    status)

        status keepalived

        ;;

    *)

        echo "Usage: $0 {start|stop|reload|restart|condrestart|status}"

        exit 1

esac


exit $RETVAL



11.keepalived.rh.init          

#!/bin/sh

#

# Startup script for the Keepalived daemon

#

# processname: keepalived

# pidfile: /var/run/keepalived.pid

# config: /etc/keepalived/keepalived.conf

# chkconfig: 35 21 79

# description: Start and stop Keepalived


# Global definitions

PID_FILE="/var/run/keepalived.pid"


# source function library

. /etc/init.d/functions


RETVAL=0


start() {

echo -n "Starting Keepalived for LVS: "

daemon /usr/local/keepalived/sbin/keepalived -D

RETVAL=$?

        echo

        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/keepalived

        return $RETVAL

}


stop() {

echo -n "Shutting down Keepalived for LVS: "

killproc keepalived

RETVAL=0

        echo

        [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/keepalived

        return $RETVAL

}


reload() {

echo -n "Reloading Keepalived config: "

killproc keepalived -1

RETVAL=$?

        echo

        return $RETVAL

}


# See how we were called.

case "$1" in

  start)

        start

        ;;

  stop)

        stop

        ;;

  restart)

        stop

        start

        ;;

  reload)

        reload

        ;;

  status)

        status keepalived

        ;;

  condrestart)

        [ -f /var/lock/subsys/keepalived ] && $0 restart || :

        ;;

  *)

echo "Usage: $0 {start|stop|restart|reload|condrestart|status}"

exit 1

esac


exit 0



12.keepalived.sysconfig 

# Options for keepalived. See `keepalived --help' output and keepalived(8) and

# keepalived.conf(5) man pages for a list of all options. Here are the most

# common ones :

#

# --vrrp               -P    Only run with VRRP subsystem.

# --check              -C    Only run with Health-checker subsystem.

# --dont-release-vrrp  -V    Dont remove VRRP VIPs & VROUTEs on daemon stop.

# --dont-release-ipvs  -I    Dont remove IPVS topology on daemon stop.

# --dump-conf          -d    Dump the configuration data.

# --log-detail         -D    Detailed log messages.

# --log-facility       -S    0-7 Set local syslog facility (default=LOG_DAEMON)

#


KEEPALIVED_OPTIONS="-D"



13.install.sls               

keepalived-install:

  file.managed:

    - name: /usr/local/src/keepalived-1.2.1.tar.gz

    - source: salt://keepalived/files/keepalived-1.2.1.tar.gz

    - mode: 755

    - user: root

    - group: root


  cmd.run:

    - name: cd /usr/local/src && tar zxf keepalived-1.2.1.tar.gz && cd keepalived-1.2.1 && ./configure --prefix=/usr/local/keepalived --disable-fwmark && make && make install PREFIX=/usr/local/keepalived && mkdir -p /etc/keepalived

    - unless: test -d /usr/local/keepalived

    - require:

      - pkg: pkg-init

      - file: keepalived-install


/etc/sysconfig/keepalived:

  file.managed:

    - source: salt://keepalived/files/keepalived.sysconfig

    - mode: 644

    - user: root

    - group: root



/etc/keepalived/chk_haproxy.sh:

  file.managed:

    - source: salt://keepalived/files/chk_haproxy.sh

    - mode: 755

    - user: root

    - group: root


/etc/init.d/keepalived:

  file.managed:

    - source: salt://keepalived/files/keepalived.rh.init

    - mode: 755

    - user: root

    - group: root

    - require:

      - cmd: keepalived-install


keepalived-init:

  cmd.run:

    - name: chkconfig --add keepalived

    - unless: chkconfig --list |grep keepalived

    - require:

      - file: /etc/init.d/keepalived


/etc/keepalived:

  file.directory:

    - user: root

    - group: root


14. pkg-init.sls                       

pkg-init:

  pkg.installed:

    - names:

      - gcc

      - gcc-c++

      - glibc

      - make

      - autoconf

      - httpd

      - httpd-devel



#########################################

# tree pillar/

pillar/

├── base

│   ├── top.sls        -----------1

│   └── webservice

│       └── web.sls    ----------2

└── prod



  1. top.sls 

base:

  '10.10.10.1':          minion  ip

    - webservice.web

  '10.10.10.2':

    - webservice.web




2.web.sls

{% if grains['host'] == 'app-LT-1' %}    主机名

state: MASTER

priority: 100

{% elif grains['host'] == 'app-LT-2' %}

state: BACKUP

priority: 50

{% endif %}



#salt '*' state.highstate test=True

#salt '*' state.highstate






      本文转自潘阔 51CTO博客,原文链接:http://blog.51cto.com/pankuo/1982628,如需转载请自行联系原作者




相关实践学习
日志服务之使用Nginx模式采集日志
本文介绍如何通过日志服务控制台创建Nginx模式的Logtail配置快速采集Nginx日志并进行多维度分析。
相关文章
|
7月前
|
Linux 开发工具 数据安全/隐私保护
Centos7:自动化配置vim | suoders信任列表添加普通用户
Centos7:自动化配置vim | suoders信任列表添加普通用户
70 0
|
7月前
|
数据可视化 Linux 网络安全
CentOS7.9下离线安装OctoMation编排自动化SOAR开源社区免费版
CentOS7.9下离线安装OctoMation编排自动化SOAR开源社区免费版
186 0
|
7月前
|
Shell
CentOS6.5自动化安装LAMP脚本
CentOS6.5自动化安装LAMP脚本
|
7月前
|
负载均衡 监控 Linux
CentOS6.5高可用集群LVS+Keepalived(DR模式)
CentOS6.5高可用集群LVS+Keepalived(DR模式)
|
7月前
|
关系型数据库 MySQL Linux
centos7下 Mysql+Keepalived 双主热备高可用图文配置详解
centos7下 Mysql+Keepalived 双主热备高可用图文配置详解
127 0
|
7月前
|
负载均衡 算法 Linux
百度搜索:蓝易云【Centos7系统Haproxy安装配置教程】
现在,HAProxy已经成功安装和配置在您的CentOS 7系统上。它将监听您配置的端口,并根据负载均衡策略将请求转发到后端服务器。您可以根据需要自定义更多的配置,如SSL终止、ACL和更复杂的负载均衡算法。请确保HAProxy的配置符合您的需求,并在进行更改之前备份配置文件,以防止意外的错误。
78 2
|
监控 安全 Linux
虚拟机CentOS的Nginx+keepalived 高可用集群配置主从模式
虚拟机CentOS的Nginx+keepalived 高可用集群配置主从模式
189 0
|
Linux 测试技术 Shell
Centos7下安装Dogtail GUI自动化测试工具并打开sniff工具过程中遇到的问题解决方法
Centos7下安装Dogtail GUI自动化测试工具并打开sniff工具过程中遇到的问题解决方法
307 0
Centos7下安装Dogtail GUI自动化测试工具并打开sniff工具过程中遇到的问题解决方法
|
数据可视化 jenkins 应用服务中间件
在阿里云Centos7.6上利用docker搭建Jenkins来自动化部署Django项目
一般情况下,将一个项目部署到生产环境的流程如下: 需求分析—原型设计—开发代码—内网部署-提交测试—确认上线—备份数据—外网更新-最终测试,如果发现外网部署的代码有异常,需要及时回滚。 整个过程相当复杂而漫长,其中还需要输入不少的命令,比如上传代码,git的拉取或者合并分支等等。
在阿里云Centos7.6上利用docker搭建Jenkins来自动化部署Django项目
|
Linux
CentOS7下部署Cobbler实现PXE+Kickstart自动化安装【脚本版】
CentOS7下部署Cobbler实现PXE+Kickstart自动化安装【脚本版】
251 0
CentOS7下部署Cobbler实现PXE+Kickstart自动化安装【脚本版】
下一篇
DataWorks