运维自动化工具 Saltstack 实现keepalived高可用集群

接上一篇博客

这次我们用四个虚拟机,
Server1 172.25.53.1 master minion
Server2 172.25.53.2 minion
Server3 172.25.53.3 minion
Server4 172.25.53.4 minion
Server1 server4配置yum源,因为他俩要作为keepalived
[root@server4 ~]# vim /etc/yum.repos.d/rhel-source.repo 
[root@server4 ~]# cat /etc/yum.repos.d/rhel-source.repo 
[rhel-source]
name=Red Hat Enterprise Linux $releasever - $basearch - Source
baseurl=http://172.25.53.250/rhel6.5
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release


[salt]
name=saltstack
baseurl=http://172.25.53.250/rhel6
enabled=1
gpgcheck=0


[LoadBalancer]
name=LoadBalancer
baseurl=http://172.25.53.250/rhel6.5/LoadBalancer

我们将做的安装软件模块打包

[root@server1 salt]# cd nginx/
[root@server1 nginx]# vim install.sls 
[root@server1 nginx]# cd ..
[root@server1 salt]# mkdir pkgs
[root@server1 salt]# cd pkgs/
[root@server1 pkgs]# ls
[root@server1 pkgs]# vim make.sls
[root@server1 pkgs]# cat make.sls
make-gcc:
  pkg.installed:
    - pkgs:
      - pcre-devel
      - openssl-devel
      - gcc
      - mailx

这里写图片描述

[root@server1 pkgs]# cd ..
[root@server1 salt]# cd nginx/
[root@server1 nginx]# ls
files  install.sls  service.sls  users  users.sls
[root@server1 nginx]# vim install.sls 
[root@server1 nginx]# cat install.sls 
include:
  - pkgs.make
ngisx-install:
  file.managed:
    - name: /mnt/nginx-1.14.0.tar.gz
    - source: salt://nginx/files/nginx-1.14.0.tar.gz

  cmd.run:
    - name: cd /mnt && tar zxf nginx-1.14.0.tar.gz && cd nginx-1.14.0 && sed -i.bak 's/#define NGINX_VER          "nginx\/" NGINX_VERSION/#define NGINX_VER          "nginx"/g' src/core/nginx.h && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-threads --with-file-aio &> /dev/null && make &>/dev/null &&make install &>/dev/null
    - creates: /usr/local/nginx

[root@server1 nginx]# pwd
/srv/salt/nginx

这里写图片描述

开始部署

开始

[root@server1 ~]# cd /srv/salt/
[root@server1 salt]# ls
_grains  haproxy  httpd  nginx  pkgs  top.sls
[root@server1 salt]# mkdir keepalived
[root@server1 salt]# cd keepalived/
[root@server1 keepalived]# vim install.sls
[root@server1 keepalived]# mkdir files
[root@server1 keepalived]# cd files/
[root@server1 files]# pwd
/srv/salt/keepalived/files
[root@server1 files]# ls
keepalived-2.0.6.tar.gz
[root@server1 files]# cd ..



一步一步来,然后同时在server4上试验代码的正确性

下列代码是通过实践的
[root@server1 keepalived]# vim install.sls
[root@server1 keepalived]# cat install.sls 
include:
  - pkgs.make

kp-install:
  file.managed:
    - name: /mnt/keepalived-2.0.6.tar.gz
    - source: salt://keepalived/files/keepalived-2.0.6.tar.gz
  cmd.run:
    - name: cd /mnt && tar zxf keepalived-2.0.6.tar.gz && cd keepalived-2.0.6 && ./configure --prefix=/usr/local/keepalived --with-init=SYSV &> /dev/null && make &> /dev/null && make install &> /dev/null
- creates: /usr/local/keepalived

这里写图片描述

[root@server1 keepalived]# salt server4 state.sls keepalived.install
这里写图片描述
这里写图片描述

将脚本文件,配置文件传给server1以做编辑
[root@server4 init.d]# cd /usr/local/keepalived/etc/rc.d/init.d/
[root@server4 init.d]# ls
keepalived
[root@server4 init.d]# scp keepalived server1:/srv/salt/keepalived/files

这里写图片描述

[root@server4 init.d]# cd /usr/local/keepalived/etc/keepalived/
[root@server4 keepalived]# ls
keepalived.conf  samples
[root@server4 keepalived]# scp keepalived.conf server1:/srv/salt/keepalived/files




[root@server1 files]# pwd
/srv/salt/keepalived/files
[root@server1 files]# ls
keepalived  keepalived-2.0.6.tar.gz  keepalived.conf


[root@server1 keepalived]# vim install.sls
include:
  - pkgs.make

kp-install:
  file.managed:
    - name: /mnt/keepalived-2.0.6.tar.gz
    - source: salt://keepalived/files/keepalived-2.0.6.tar.gz
  cmd.run:
    - name: cd /mnt && tar zxf keepalived-2.0.6.tar.gz && cd keepalived-2.0.6 && ./configure --prefix=/usr/local/keepalived --with-init=SYSV &> /dev/null && make &> /dev/null && make install &> /dev/null
    - creates: /usr/local/keepalived

/etc/keepalived:
  file.directory:
    - mode: 755

/etc/sysconfig/keepalived:
  file.symlink:
    - target: /usr/local/keepalived/etc/sysconfig/keepalived

/sbin/keepalived:
  file.symlink:
    - target: /usr/local/keepalived/sbin/keepalived

[root@server1 keepalived]# salt server4 state.sls keepalived.install



[root@server4 keepalived]# ll /etc/sysconfig/keepalived 
lrwxrwxrwx 1 root root 46 Aug 18 10:40 /etc/sysconfig/keepalived -> /usr/local/keepalived/etc/sysconfig/keepalived
[root@server4 keepalived]# ll /sbin/keepalived 
lrwxrwxrwx 1 root root 37 Aug 18 10:40 /sbin/keepalived -> /usr/local/keepalived/sbin/keepalived

这里写图片描述

[root@server1 keepalived]# vim files/keepalived.conf 
[root@server1 keepalived]# cat files/keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {
    root@localhost
   }
   notification_email_from keepalived@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   #vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    state {{ STATE }}
    interface eth0
    virtual_router_id {{ VRID }}
    priority {{ PRIORITY }}
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.25.53.100
    }
}

这里写图片描述
这里写图片描述

[root@server1 pillar]# pwd
/srv/pillar
[root@server1 pillar]# vim top.sls 
[root@server1 pillar]# cat top.sls 
base:
  '*':
    - web.install
    - keepalived.install




Vim service.sls
[root@server1 keepalived]# cat service.sls 
include:
  - keepalived.install

/etc/keepalived/keepalived.conf:
  file.managed:
    - source: salt://keepalived/files/keepalived.conf
    - template: jinja
    - context:
        STATE: {{ pillar['state'] }}
        VRID: {{ pillar['vrid'] }}
        PRIORITY: {{ pillar['priority'] }}


kp-service:
  file.managed:
    - name: /etc/init.d/keepalived
    - source: salt://keepalived/files/keepalived
    - mode: 755
  service.running:
    - name: keepalived
    - reload: True
    - watch:
      - file: /etc/keepalived/keepalived.conf










[root@server1 salt]# vim top.sls 
[root@server1 salt]# cat top.sls 
base:
  'server1':
    - haproxy.install
    - keepalived.service
  'server4':
    - haproxy.install
    - keepalived.service
  'roles:apache':
    - match: grain
    - httpd.install
  'roles:nginx':
    - match: grain
    - nginx.service


推送
[root@server1 salt]# salt '*' state.highstate
高可用负载均衡搭建完成

这里写图片描述
这里写图片描述

Vip现在在server1上

这里写图片描述
这里写图片描述
我们将server1,vip所在的keepalived关闭
这里写图片描述

服务并未受到影响

这里写图片描述
Vip转到server4上了

这里写图片描述
这里写图片描述

[root@server1 srv]# cd /opt/
[root@server1 opt]# vim check_haproxy.sh
[root@server1 opt]# cat check_haproxy.sh 
#!/bin/bash

/etc/init.d/haproxy status &> /dev/null || /etc/init.d/haproxy restart &> /dev/null 

if [ $? -ne 0 ];then
/etc/init.d/keepalived stop &> /dev/null
fi
[root@server1 opt]# chmod +x check_haproxy.sh 



[root@server1 opt]# vim /srv/salt/keepalived/files/keepalived.conf 

这里写图片描述
这里写图片描述

[root@server1 opt]# cat /srv/salt/keepalived/files/keepalived.conf
! Configuration File for keepalived

vrrp_script check_haproxy {
    script "/opt/check_haproxy.sh"
    interval 2
    weight 2
}

global_defs {
   notification_email {
    root@localhost
   }
   notification_email_from keepalived@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   #vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    state {{ STATE }}
    interface eth0
    virtual_router_id {{ VRID }}
    priority {{ PRIORITY }}
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.25.53.100
    }
    track_script {
    check_haproxy
    }
}
[root@server1 opt]# salt server1 state.sls keepalived.service
[root@server1 opt]# salt server4 state.sls keepalived.service
将server1haproxy启动脚本权限更改,vip会跳到server4

这里写图片描述
这里写图片描述
这里写图片描述

附一张结构图


[root@server1 srv]# tree .
.
├── pillar
│   ├── keepalived
│   │   └── install.sls
│   ├── top.sls
│   └── web
│       └── install.sls
└── salt
    ├── _grains
    │   └── my_grains.py
    ├── haproxy
    │   ├── files
    │   │   └── haproxy.cfg
    │   └── install.sls
    ├── httpd
    │   ├── files
    │   │   └── httpd.conf
    │   ├── install.sls
    │   └── lib.sls
    ├── keepalived
    │   ├── files
    │   │   ├── keepalived
    │   │   ├── keepalived-2.0.6.tar.gz
    │   │   └── keepalived.conf
    │   ├── install.sls
    │   └── service.sls
    ├── nginx
    │   ├── files
    │   │   ├── nginx
    │   │   ├── nginx-1.14.0.tar.gz
    │   │   └── nginx.conf
    │   ├── install.sls
    │   ├── service.sls
    │   ├── users
    │   └── users.sls
    ├── pkgs
    │   └── make.sls
    └── top.sls

15 directories, 22 files

其他玩法
这里写图片描述
这里写图片描述
这里写图片描述
这里写图片描述
这里写图片描述
这里写图片描述
这里写图片描述
这里写图片描述

把数据返回到mysql服务器
方法一:minion端
[root@server2 ~]# yum install -y MySQL-python.x86_64
[root@server2 ~]# vim /etc/salt/minion

这里写图片描述

[root@server2 ~]# /etc/init.d/salt-minion restart



Master端


[root@server1 ~]# yum install -y mysql-server
[root@server1 ~]# /etc/init.d/mysqld start

[root@server1 ~]# mysql
mysql> grant all on salt.* to salt@'172.25.53.%' identified by 'westos';

mysql> drop database salt;




[root@server1 ~]# vim test.sql
注释掉第十七行
[root@server1 ~]# cat test.sql 
CREATE DATABASE  `salt`
  DEFAULT CHARACTER SET utf8
  DEFAULT COLLATE utf8_general_ci;

USE `salt`;

--
-- Table structure for table `jids`
--

DROP TABLE IF EXISTS `jids`;
CREATE TABLE `jids` (
  `jid` varchar(255) NOT NULL,
  `load` mediumtext NOT NULL,
  UNIQUE KEY `jid` (`jid`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
#CREATE INDEX jid ON jids(jid) USING BTREE;

--
-- Table structure for table `salt_returns`
--

DROP TABLE IF EXISTS `salt_returns`;
CREATE TABLE `salt_returns` (
  `fun` varchar(50) NOT NULL,
  `jid` varchar(255) NOT NULL,
  `return` mediumtext NOT NULL,
  `id` varchar(255) NOT NULL,
  `success` varchar(10) NOT NULL,
  `full_ret` mediumtext NOT NULL,
  `alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
  KEY `id` (`id`),
  KEY `jid` (`jid`),
  KEY `fun` (`fun`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

--
-- Table structure for table `salt_events`
--

DROP TABLE IF EXISTS `salt_events`;
CREATE TABLE `salt_events` (
`id` BIGINT NOT NULL AUTO_INCREMENT,
`tag` varchar(255) NOT NULL,
`data` mediumtext NOT NULL,
`alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
`master_id` varchar(255) NOT NULL,
PRIMARY KEY (`id`),
KEY `tag` (`tag`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
推送数据库
[root@server1 ~]# mysql < test.sql


随便推点东西
[root@server1 ~]# salt 'server2' test.ping --return mysql
server2:
    True


[root@server1 ~]# mysql

mysql> use salt
mysql> show tables;
+----------------+
| Tables_in_salt |
+----------------+
| jids           |
| salt_events    |
| salt_returns   |
+----------------+
3 rows in set (0.00 sec)

mysql> select * from salt_returns;
+-----------+----------------------+--------+---------+---------+-------------------------------------------------------------------------------------------------------------------------------------+---------------------+
| fun       | jid                  | return | id      | success | full_ret                                                                                                                            | alter_time          |
+-----------+----------------------+--------+---------+---------+-------------------------------------------------------------------------------------------------------------------------------------+---------------------+
| test.ping | 20180818145719408228 | true   | server2 | 1       | {"fun_args": [], "jid": "20180818145719408228", "return": true, "retcode": 0, "success": true, "fun": "test.ping", "id": "server2"} | 2018-08-18 14:57:19 |
+-----------+----------------------+--------+---------+---------+-------------------------------------------------------------------------------------------------------------------------------------+---------------------+
1 row in set (0.00 sec)
被记录了

第二种方式 强烈推荐,只需在master端

第二种方式,只在master端

[root@server1 ~]#  yum install -y MySQL-python.x86_64

[root@server1 ~]# vim /etc/salt/master

这里写图片描述


[root@server1 ~]# /etc/init.d/salt-master restart


推送数据库,注意注释掉第十七行

[root@server1 ~]# cat test.sql 
CREATE DATABASE  `salt`
  DEFAULT CHARACTER SET utf8
  DEFAULT COLLATE utf8_general_ci;

USE `salt`;

--
-- Table structure for table `jids`
--

DROP TABLE IF EXISTS `jids`;
CREATE TABLE `jids` (
  `jid` varchar(255) NOT NULL,
  `load` mediumtext NOT NULL,
  UNIQUE KEY `jid` (`jid`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
#CREATE INDEX jid ON jids(jid) USING BTREE;

--
-- Table structure for table `salt_returns`
--

DROP TABLE IF EXISTS `salt_returns`;
CREATE TABLE `salt_returns` (
  `fun` varchar(50) NOT NULL,
  `jid` varchar(255) NOT NULL,
  `return` mediumtext NOT NULL,
  `id` varchar(255) NOT NULL,
  `success` varchar(10) NOT NULL,
  `full_ret` mediumtext NOT NULL,
  `alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
  KEY `id` (`id`),
  KEY `jid` (`jid`),
  KEY `fun` (`fun`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

--
-- Table structure for table `salt_events`
--

DROP TABLE IF EXISTS `salt_events`;
CREATE TABLE `salt_events` (
`id` BIGINT NOT NULL AUTO_INCREMENT,
`tag` varchar(255) NOT NULL,
`data` mediumtext NOT NULL,
`alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
`master_id` varchar(255) NOT NULL,
PRIMARY KEY (`id`),
KEY `tag` (`tag`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
[root@server1 ~]# mysql < test.sql


推送不成功就看报错,最常见的是授权时把库建立了,需要删除,不然导入不了
mysql> drop database salt;
Query OK, 1 row affected (0.37 sec)



[root@server1 ~]# mysql
授权
mysql> grant all on salt.* to salt@localhost identified by 'westos';
Query OK, 0 rows affected (0.00 sec)
刷新
mysql> flush privileges;


随便推点东西
[root@server1 ~]# salt server3 cmd.run 'df -h'

这里写图片描述

[root@server1 ~]# mysql

mysql> use salt
Database changed
mysql> select * from salt_returns;

这里写图片描述
这里写图片描述
mysql> select * from salt_returns;
这里写图片描述

其他玩法

这里写图片描述
这里写图片描述
这里写图片描述


[root@server1 ~]# salt-key -L
Accepted Keys:
server1
server2
server3
server4
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@server1 ~]# salt-key -d server4
The following keys are going to be deleted:
Accepted Keys:
server4
Proceed? [N/y] y
Key for minion server4 deleteed.
[root@server1 ~]# salt-key -L
Accepted Keys:
server1
server2
server3
Denied Keys:
Unaccepted Keys:
Rejected Keys:

这里写图片描述

[root@server4 ~]# /etc/init.d/salt-minion stop
Stopping salt-minion:root:server4 daemon: OK
[root@server4 ~]# chkconfig salt-minion off
[root@server4 ~]# /etc/init.d/haproxy stop
Stopping haproxy:                                          [  OK  ]
[root@server4 ~]# /etc/init.d/keepalived stop
Stopping keepalived:                                       [  OK  ]

这里写图片描述

[root@server4 ~]# yum install -y salt-master






[root@server4 ~]# cd /etc/salt/
[root@server4 salt]# vim master

这里写图片描述
[root@server4 salt]# /etc/init.d/salt-master start
这里写图片描述

[root@server1 ~]# yum install -y salt-syndic

[root@server1 salt]# vim master

这里写图片描述


[root@server1 salt]# /etc/init.d/salt-master stop
Stopping salt-master daemon:                               [  OK  ]
[root@server1 salt]# /etc/init.d/salt-master start
Starting salt-master daemon:                               [  OK  ]
[root@server1 salt]# vim master
[root@server1 salt]# /etc/init.d/salt-syndic start
Starting salt-syndic daemon:                               [  OK  ]
[root@server1 salt]# salt-key -L
Accepted Keys:
server1
server2
server3
Denied Keys:
Unaccepted Keys:
Rejected Keys:

这里写图片描述
这里写图片描述
这里写图片描述

[root@server3 tmp]# /etc/init.d/salt-minion stop
Stopping salt-minion:root:server3 daemon: OK
[root@server1 salt]# yum install -y salt-ssh


[root@server1 salt]# vim /etc/salt/roster 
[root@server1 salt]# tail -n 5 /etc/salt/roster

server3:
  host: 172.25.53.3
  user: root
  passwd: westos



[root@server1 salt]# pwd
/etc/salt
[root@server1 salt]# vim master

这里写图片描述
这里写图片描述
这里写图片描述

[root@server3 tmp]# /etc/init.d/salt-minion start
Starting salt-minion:root:server3 daemon: OK


[root@server1 salt]# yum install -y salt-api

[root@server1 salt]# cd /etc/pki/tls/private/

这里写图片描述

[root@server1 private]# openssl genrsa 1024 > localhost.key
Generating RSA private key, 1024 bit long modulus
.........++++++
............++++++


[root@server1 private]# ls
localhost.key
[root@server1 private]# cd .. 
[root@server1 tls]# cd certs/
[root@server1 certs]# ls
ca-bundle.crt        make-dummy-cert  renew-dummy-cert
ca-bundle.trust.crt  Makefile

这里写图片描述

[root@server1 certs]# ls
ca-bundle.crt        localhost.crt    Makefile
ca-bundle.trust.crt  make-dummy-cert  renew-dummy-cert
[root@server1 certs]# ll localhost.crt 
-rw------- 1 root root 1029 Aug 18 17:15 localhost.crt
[root@server1 certs]# pwd
/etc/pki/tls/certs
[root@server1 certs]# cd /etc/salt/
[root@server1 salt]# ls
cloud           cloud.maps.d       master    minion.d   proxy
cloud.conf.d    cloud.profiles.d   master.d  minion_id  proxy.d
cloud.deploy.d  cloud.providers.d  minion    pki        roster
[root@server1 salt]# cd master.d/
[root@server1 master.d]# vim api.conf
[root@server1 master.d]# cat api.conf 
rest_cherrypy:
  port: 8000
  ssl_crt: /etc/pki/tls/certs/localhost.crt
  ssl_key: /etc/pki/tls/private/localhost.key

这里写图片描述


[root@server1 master.d]# vim auth.conf
[root@server1 master.d]# cat auth.conf 
external_auth:
  pam:
    saltapi:
      - '.*'
      - '@where'
      - '@runner'
      - '@jobs'




[root@server1 master.d]# useradd saltapi
[root@server1 master.d]# passwd saltapi



[root@server1 master.d]# /etc/init.d/salt-master stop
Stopping salt-master daemon:                               [  OK  ]
[root@server1 master.d]# /etc/init.d/salt-master status
salt-master is stopped
[root@server1 master.d]# /etc/init.d/salt-master start
Starting salt-master daemon:                               [  OK  ]
[root@server1 master.d]# /etc/init.d/salt-api start
Starting salt-api daemon:                                  [  OK  ]

这里写图片描述

[root@server1 master.d]# curl -sSk https://localhost:8000/login \
>     -H 'Accept: application/x-yaml' \
>     -d username=saltapi \
>     -d password=westos \
>     -d eauth=pam
return:
- eauth: pam
  expire: 1534627577.935442
  perms:
  - .*
  - '@wheel'
  - '@runner'
  - '@jobs'
  start: 1534584377.935441
  token: 6cc8ebb8ed0451d04925eb17cc3254fe748b6d2f
  user: saltapi



[root@server1 master.d]# curl -sSk https://localhost:8000 \
>     -H 'Accept: application/x-yaml' \
> -H 'X-Auth-Token: 6cc8ebb8ed0451d04925eb17cc3254fe748b6d2f' \
> -d client=local \
> -d tgt='*' \
> -d fun=test.ping
return:
- server1: true
  server2: true
  server3: true

这里写图片描述
这里写图片描述

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值