接上一篇博客
这次我们用四个虚拟机,
Server1 172.25.53.1 master minion
Server2 172.25.53.2 minion
Server3 172.25.53.3 minion
Server4 172.25.53.4 minion
Server1 server4配置yum源,因为他俩要作为keepalived
[root@server4 ~]# vim /etc/yum.repos.d/rhel-source.repo
[root@server4 ~]# cat /etc/yum.repos.d/rhel-source.repo
[rhel-source]
name=Red Hat Enterprise Linux $releasever - $basearch - Source
baseurl=http://172.25.53.250/rhel6.5
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
[salt]
name=saltstack
baseurl=http://172.25.53.250/rhel6
enabled=1
gpgcheck=0
[LoadBalancer]
name=LoadBalancer
baseurl=http://172.25.53.250/rhel6.5/LoadBalancer
我们将做的安装软件模块打包
[root@server1 salt]# cd nginx/
[root@server1 nginx]# vim install.sls
[root@server1 nginx]# cd ..
[root@server1 salt]# mkdir pkgs
[root@server1 salt]# cd pkgs/
[root@server1 pkgs]# ls
[root@server1 pkgs]# vim make.sls
[root@server1 pkgs]# cat make.sls
make-gcc:
pkg.installed:
- pkgs:
- pcre-devel
- openssl-devel
- gcc
- mailx
[root@server1 pkgs]# cd ..
[root@server1 salt]# cd nginx/
[root@server1 nginx]# ls
files install.sls service.sls users users.sls
[root@server1 nginx]# vim install.sls
[root@server1 nginx]# cat install.sls
include:
- pkgs.make
ngisx-install:
file.managed:
- name: /mnt/nginx-1.14.0.tar.gz
- source: salt://nginx/files/nginx-1.14.0.tar.gz
cmd.run:
- name: cd /mnt && tar zxf nginx-1.14.0.tar.gz && cd nginx-1.14.0 && sed -i.bak 's/#define NGINX_VER "nginx\/" NGINX_VERSION/#define NGINX_VER "nginx"/g' src/core/nginx.h && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-threads --with-file-aio &> /dev/null && make &>/dev/null &&make install &>/dev/null
- creates: /usr/local/nginx
[root@server1 nginx]# pwd
/srv/salt/nginx
开始部署
开始
[root@server1 ~]# cd /srv/salt/
[root@server1 salt]# ls
_grains haproxy httpd nginx pkgs top.sls
[root@server1 salt]# mkdir keepalived
[root@server1 salt]# cd keepalived/
[root@server1 keepalived]# vim install.sls
[root@server1 keepalived]# mkdir files
[root@server1 keepalived]# cd files/
[root@server1 files]# pwd
/srv/salt/keepalived/files
[root@server1 files]# ls
keepalived-2.0.6.tar.gz
[root@server1 files]# cd ..
一步一步来,然后同时在server4上试验代码的正确性
下列代码是通过实践的
[root@server1 keepalived]# vim install.sls
[root@server1 keepalived]# cat install.sls
include:
- pkgs.make
kp-install:
file.managed:
- name: /mnt/keepalived-2.0.6.tar.gz
- source: salt://keepalived/files/keepalived-2.0.6.tar.gz
cmd.run:
- name: cd /mnt && tar zxf keepalived-2.0.6.tar.gz && cd keepalived-2.0.6 && ./configure --prefix=/usr/local/keepalived --with-init=SYSV &> /dev/null && make &> /dev/null && make install &> /dev/null
- creates: /usr/local/keepalived
[root@server1 keepalived]# salt server4 state.sls keepalived.install
将脚本文件,配置文件传给server1以做编辑
[root@server4 init.d]# cd /usr/local/keepalived/etc/rc.d/init.d/
[root@server4 init.d]# ls
keepalived
[root@server4 init.d]# scp keepalived server1:/srv/salt/keepalived/files
[root@server4 init.d]# cd /usr/local/keepalived/etc/keepalived/
[root@server4 keepalived]# ls
keepalived.conf samples
[root@server4 keepalived]# scp keepalived.conf server1:/srv/salt/keepalived/files
[root@server1 files]# pwd
/srv/salt/keepalived/files
[root@server1 files]# ls
keepalived keepalived-2.0.6.tar.gz keepalived.conf
[root@server1 keepalived]# vim install.sls
include:
- pkgs.make
kp-install:
file.managed:
- name: /mnt/keepalived-2.0.6.tar.gz
- source: salt://keepalived/files/keepalived-2.0.6.tar.gz
cmd.run:
- name: cd /mnt && tar zxf keepalived-2.0.6.tar.gz && cd keepalived-2.0.6 && ./configure --prefix=/usr/local/keepalived --with-init=SYSV &> /dev/null && make &> /dev/null && make install &> /dev/null
- creates: /usr/local/keepalived
/etc/keepalived:
file.directory:
- mode: 755
/etc/sysconfig/keepalived:
file.symlink:
- target: /usr/local/keepalived/etc/sysconfig/keepalived
/sbin/keepalived:
file.symlink:
- target: /usr/local/keepalived/sbin/keepalived
[root@server1 keepalived]# salt server4 state.sls keepalived.install
[root@server4 keepalived]# ll /etc/sysconfig/keepalived
lrwxrwxrwx 1 root root 46 Aug 18 10:40 /etc/sysconfig/keepalived -> /usr/local/keepalived/etc/sysconfig/keepalived
[root@server4 keepalived]# ll /sbin/keepalived
lrwxrwxrwx 1 root root 37 Aug 18 10:40 /sbin/keepalived -> /usr/local/keepalived/sbin/keepalived
[root@server1 keepalived]# vim files/keepalived.conf
[root@server1 keepalived]# cat files/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state {{ STATE }}
interface eth0
virtual_router_id {{ VRID }}
priority {{ PRIORITY }}
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.53.100
}
}
[root@server1 pillar]# pwd
/srv/pillar
[root@server1 pillar]# vim top.sls
[root@server1 pillar]# cat top.sls
base:
'*':
- web.install
- keepalived.install
Vim service.sls
[root@server1 keepalived]# cat service.sls
include:
- keepalived.install
/etc/keepalived/keepalived.conf:
file.managed:
- source: salt://keepalived/files/keepalived.conf
- template: jinja
- context:
STATE: {{ pillar['state'] }}
VRID: {{ pillar['vrid'] }}
PRIORITY: {{ pillar['priority'] }}
kp-service:
file.managed:
- name: /etc/init.d/keepalived
- source: salt://keepalived/files/keepalived
- mode: 755
service.running:
- name: keepalived
- reload: True
- watch:
- file: /etc/keepalived/keepalived.conf
[root@server1 salt]# vim top.sls
[root@server1 salt]# cat top.sls
base:
'server1':
- haproxy.install
- keepalived.service
'server4':
- haproxy.install
- keepalived.service
'roles:apache':
- match: grain
- httpd.install
'roles:nginx':
- match: grain
- nginx.service
推送
[root@server1 salt]# salt '*' state.highstate
高可用负载均衡搭建完成
Vip现在在server1上
我们将server1,vip所在的keepalived关闭
服务并未受到影响
Vip转到server4上了
[root@server1 srv]# cd /opt/
[root@server1 opt]# vim check_haproxy.sh
[root@server1 opt]# cat check_haproxy.sh
#!/bin/bash
/etc/init.d/haproxy status &> /dev/null || /etc/init.d/haproxy restart &> /dev/null
if [ $? -ne 0 ];then
/etc/init.d/keepalived stop &> /dev/null
fi
[root@server1 opt]# chmod +x check_haproxy.sh
[root@server1 opt]# vim /srv/salt/keepalived/files/keepalived.conf
[root@server1 opt]# cat /srv/salt/keepalived/files/keepalived.conf
! Configuration File for keepalived
vrrp_script check_haproxy {
script "/opt/check_haproxy.sh"
interval 2
weight 2
}
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state {{ STATE }}
interface eth0
virtual_router_id {{ VRID }}
priority {{ PRIORITY }}
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.53.100
}
track_script {
check_haproxy
}
}
[root@server1 opt]# salt server1 state.sls keepalived.service
[root@server1 opt]# salt server4 state.sls keepalived.service
将server1haproxy启动脚本权限更改,vip会跳到server4
附一张结构图
[root@server1 srv]# tree .
.
├── pillar
│ ├── keepalived
│ │ └── install.sls
│ ├── top.sls
│ └── web
│ └── install.sls
└── salt
├── _grains
│ └── my_grains.py
├── haproxy
│ ├── files
│ │ └── haproxy.cfg
│ └── install.sls
├── httpd
│ ├── files
│ │ └── httpd.conf
│ ├── install.sls
│ └── lib.sls
├── keepalived
│ ├── files
│ │ ├── keepalived
│ │ ├── keepalived-2.0.6.tar.gz
│ │ └── keepalived.conf
│ ├── install.sls
│ └── service.sls
├── nginx
│ ├── files
│ │ ├── nginx
│ │ ├── nginx-1.14.0.tar.gz
│ │ └── nginx.conf
│ ├── install.sls
│ ├── service.sls
│ ├── users
│ └── users.sls
├── pkgs
│ └── make.sls
└── top.sls
15 directories, 22 files
其他玩法
把数据返回到mysql服务器
方法一:minion端
[root@server2 ~]# yum install -y MySQL-python.x86_64
[root@server2 ~]# vim /etc/salt/minion
[root@server2 ~]# /etc/init.d/salt-minion restart
Master端
[root@server1 ~]# yum install -y mysql-server
[root@server1 ~]# /etc/init.d/mysqld start
[root@server1 ~]# mysql
mysql> grant all on salt.* to salt@'172.25.53.%' identified by 'westos';
mysql> drop database salt;
[root@server1 ~]# vim test.sql
注释掉第十七行
[root@server1 ~]# cat test.sql
CREATE DATABASE `salt`
DEFAULT CHARACTER SET utf8
DEFAULT COLLATE utf8_general_ci;
USE `salt`;
--
-- Table structure for table `jids`
--
DROP TABLE IF EXISTS `jids`;
CREATE TABLE `jids` (
`jid` varchar(255) NOT NULL,
`load` mediumtext NOT NULL,
UNIQUE KEY `jid` (`jid`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
#CREATE INDEX jid ON jids(jid) USING BTREE;
--
-- Table structure for table `salt_returns`
--
DROP TABLE IF EXISTS `salt_returns`;
CREATE TABLE `salt_returns` (
`fun` varchar(50) NOT NULL,
`jid` varchar(255) NOT NULL,
`return` mediumtext NOT NULL,
`id` varchar(255) NOT NULL,
`success` varchar(10) NOT NULL,
`full_ret` mediumtext NOT NULL,
`alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
KEY `id` (`id`),
KEY `jid` (`jid`),
KEY `fun` (`fun`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
--
-- Table structure for table `salt_events`
--
DROP TABLE IF EXISTS `salt_events`;
CREATE TABLE `salt_events` (
`id` BIGINT NOT NULL AUTO_INCREMENT,
`tag` varchar(255) NOT NULL,
`data` mediumtext NOT NULL,
`alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
`master_id` varchar(255) NOT NULL,
PRIMARY KEY (`id`),
KEY `tag` (`tag`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
推送数据库
[root@server1 ~]# mysql < test.sql
随便推点东西
[root@server1 ~]# salt 'server2' test.ping --return mysql
server2:
True
[root@server1 ~]# mysql
mysql> use salt
mysql> show tables;
+----------------+
| Tables_in_salt |
+----------------+
| jids |
| salt_events |
| salt_returns |
+----------------+
3 rows in set (0.00 sec)
mysql> select * from salt_returns;
+-----------+----------------------+--------+---------+---------+-------------------------------------------------------------------------------------------------------------------------------------+---------------------+
| fun | jid | return | id | success | full_ret | alter_time |
+-----------+----------------------+--------+---------+---------+-------------------------------------------------------------------------------------------------------------------------------------+---------------------+
| test.ping | 20180818145719408228 | true | server2 | 1 | {"fun_args": [], "jid": "20180818145719408228", "return": true, "retcode": 0, "success": true, "fun": "test.ping", "id": "server2"} | 2018-08-18 14:57:19 |
+-----------+----------------------+--------+---------+---------+-------------------------------------------------------------------------------------------------------------------------------------+---------------------+
1 row in set (0.00 sec)
被记录了
第二种方式 强烈推荐,只需在master端
第二种方式,只在master端
[root@server1 ~]# yum install -y MySQL-python.x86_64
[root@server1 ~]# vim /etc/salt/master
[root@server1 ~]# /etc/init.d/salt-master restart
推送数据库,注意注释掉第十七行
[root@server1 ~]# cat test.sql
CREATE DATABASE `salt`
DEFAULT CHARACTER SET utf8
DEFAULT COLLATE utf8_general_ci;
USE `salt`;
--
-- Table structure for table `jids`
--
DROP TABLE IF EXISTS `jids`;
CREATE TABLE `jids` (
`jid` varchar(255) NOT NULL,
`load` mediumtext NOT NULL,
UNIQUE KEY `jid` (`jid`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
#CREATE INDEX jid ON jids(jid) USING BTREE;
--
-- Table structure for table `salt_returns`
--
DROP TABLE IF EXISTS `salt_returns`;
CREATE TABLE `salt_returns` (
`fun` varchar(50) NOT NULL,
`jid` varchar(255) NOT NULL,
`return` mediumtext NOT NULL,
`id` varchar(255) NOT NULL,
`success` varchar(10) NOT NULL,
`full_ret` mediumtext NOT NULL,
`alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
KEY `id` (`id`),
KEY `jid` (`jid`),
KEY `fun` (`fun`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
--
-- Table structure for table `salt_events`
--
DROP TABLE IF EXISTS `salt_events`;
CREATE TABLE `salt_events` (
`id` BIGINT NOT NULL AUTO_INCREMENT,
`tag` varchar(255) NOT NULL,
`data` mediumtext NOT NULL,
`alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
`master_id` varchar(255) NOT NULL,
PRIMARY KEY (`id`),
KEY `tag` (`tag`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
[root@server1 ~]# mysql < test.sql
推送不成功就看报错,最常见的是授权时把库建立了,需要删除,不然导入不了
mysql> drop database salt;
Query OK, 1 row affected (0.37 sec)
[root@server1 ~]# mysql
授权
mysql> grant all on salt.* to salt@localhost identified by 'westos';
Query OK, 0 rows affected (0.00 sec)
刷新
mysql> flush privileges;
随便推点东西
[root@server1 ~]# salt server3 cmd.run 'df -h'
[root@server1 ~]# mysql
mysql> use salt
Database changed
mysql> select * from salt_returns;
mysql> select * from salt_returns;
其他玩法
[root@server1 ~]# salt-key -L
Accepted Keys:
server1
server2
server3
server4
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@server1 ~]# salt-key -d server4
The following keys are going to be deleted:
Accepted Keys:
server4
Proceed? [N/y] y
Key for minion server4 deleteed.
[root@server1 ~]# salt-key -L
Accepted Keys:
server1
server2
server3
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@server4 ~]# /etc/init.d/salt-minion stop
Stopping salt-minion:root:server4 daemon: OK
[root@server4 ~]# chkconfig salt-minion off
[root@server4 ~]# /etc/init.d/haproxy stop
Stopping haproxy: [ OK ]
[root@server4 ~]# /etc/init.d/keepalived stop
Stopping keepalived: [ OK ]
[root@server4 ~]# yum install -y salt-master
[root@server4 ~]# cd /etc/salt/
[root@server4 salt]# vim master
[root@server4 salt]# /etc/init.d/salt-master start
[root@server1 ~]# yum install -y salt-syndic
[root@server1 salt]# vim master
[root@server1 salt]# /etc/init.d/salt-master stop
Stopping salt-master daemon: [ OK ]
[root@server1 salt]# /etc/init.d/salt-master start
Starting salt-master daemon: [ OK ]
[root@server1 salt]# vim master
[root@server1 salt]# /etc/init.d/salt-syndic start
Starting salt-syndic daemon: [ OK ]
[root@server1 salt]# salt-key -L
Accepted Keys:
server1
server2
server3
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@server3 tmp]# /etc/init.d/salt-minion stop
Stopping salt-minion:root:server3 daemon: OK
[root@server1 salt]# yum install -y salt-ssh
[root@server1 salt]# vim /etc/salt/roster
[root@server1 salt]# tail -n 5 /etc/salt/roster
server3:
host: 172.25.53.3
user: root
passwd: westos
[root@server1 salt]# pwd
/etc/salt
[root@server1 salt]# vim master
[root@server3 tmp]# /etc/init.d/salt-minion start
Starting salt-minion:root:server3 daemon: OK
[root@server1 salt]# yum install -y salt-api
[root@server1 salt]# cd /etc/pki/tls/private/
[root@server1 private]# openssl genrsa 1024 > localhost.key
Generating RSA private key, 1024 bit long modulus
.........++++++
............++++++
[root@server1 private]# ls
localhost.key
[root@server1 private]# cd ..
[root@server1 tls]# cd certs/
[root@server1 certs]# ls
ca-bundle.crt make-dummy-cert renew-dummy-cert
ca-bundle.trust.crt Makefile
[root@server1 certs]# ls
ca-bundle.crt localhost.crt Makefile
ca-bundle.trust.crt make-dummy-cert renew-dummy-cert
[root@server1 certs]# ll localhost.crt
-rw------- 1 root root 1029 Aug 18 17:15 localhost.crt
[root@server1 certs]# pwd
/etc/pki/tls/certs
[root@server1 certs]# cd /etc/salt/
[root@server1 salt]# ls
cloud cloud.maps.d master minion.d proxy
cloud.conf.d cloud.profiles.d master.d minion_id proxy.d
cloud.deploy.d cloud.providers.d minion pki roster
[root@server1 salt]# cd master.d/
[root@server1 master.d]# vim api.conf
[root@server1 master.d]# cat api.conf
rest_cherrypy:
port: 8000
ssl_crt: /etc/pki/tls/certs/localhost.crt
ssl_key: /etc/pki/tls/private/localhost.key
[root@server1 master.d]# vim auth.conf
[root@server1 master.d]# cat auth.conf
external_auth:
pam:
saltapi:
- '.*'
- '@where'
- '@runner'
- '@jobs'
[root@server1 master.d]# useradd saltapi
[root@server1 master.d]# passwd saltapi
[root@server1 master.d]# /etc/init.d/salt-master stop
Stopping salt-master daemon: [ OK ]
[root@server1 master.d]# /etc/init.d/salt-master status
salt-master is stopped
[root@server1 master.d]# /etc/init.d/salt-master start
Starting salt-master daemon: [ OK ]
[root@server1 master.d]# /etc/init.d/salt-api start
Starting salt-api daemon: [ OK ]
[root@server1 master.d]# curl -sSk https://localhost:8000/login \
> -H 'Accept: application/x-yaml' \
> -d username=saltapi \
> -d password=westos \
> -d eauth=pam
return:
- eauth: pam
expire: 1534627577.935442
perms:
- .*
- '@wheel'
- '@runner'
- '@jobs'
start: 1534584377.935441
token: 6cc8ebb8ed0451d04925eb17cc3254fe748b6d2f
user: saltapi
[root@server1 master.d]# curl -sSk https://localhost:8000 \
> -H 'Accept: application/x-yaml' \
> -H 'X-Auth-Token: 6cc8ebb8ed0451d04925eb17cc3254fe748b6d2f' \
> -d client=local \
> -d tgt='*' \
> -d fun=test.ping
return:
- server1: true
server2: true
server3: true