1.haproxy软件配置
cat install.sls ##安装haproxy,使用yum安装
haproxy:
pkg.installed
/etc/haproxy/haproxy.cfg:
file.managed:
- source: salt://haproxy/files/haproxy.cfg
cat service.sls ##安装开启haproxy服务
include:
- haproxy.install
lb:
service.running:
- name: haproxy
- reload: True
- watch:
- file: /etc/haproxy/haproxy.cfg
cd files/
cat haproxy.cfg ##haproxy配置文件
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
frontend http_front
bind 172.25.30.100:80
stats uri /haproxy?stats
default_backend http_back
backend http_back
balance roundrobin
option forwardfor header X-Forwarded-For
server node1 172.25.30.2:80 check inter 1000 rise 3 fall 3 weight 30 ##定义负载均衡
server node2 172.25.30.3:80 check inter 1000 rise 3 fall 3 weight 30
2.keepalived软件配置
cd ../../keepalived/
cat install.sls ##安装keepalived,定义变量
keepalived:
pkg.installed
/etc/keepalived/keepalived.conf:
file.managed:
- source: salt://keepalived/files/keepalived.conf
- user: root
- group: root
- mode: 644
- template: jinja
{% if grains['fqdn'] == 'server4' %}
id: LVS_DEVEL02
states: BACKUP
prior: 90
{% elif grains['fqdn'] == 'server5' %}
id: LVS_DEVEL01
states: MASTER
prior: 100
{% endif %}
cat service.sls ##安装并开启keepalived
include:
- keepalived.install
lb:
service.running:
- name: keepalived
- reload: True
- watch:
- file: /etc/keepalived/keepalived.conf
cd files/
cat keepalived.conf ##keepalived配置文件
global_defs {
smtp_connect_timeout 30
router_id {{ id }}
}
vrrp_instance VI_1 {
state {{ states }}
interface eth0
virtual_router_id 51
priority {{ prior }}
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.30.100
}
}
3.httpd配置
cd ../../apache
cat httpd.sls ##安装并开启httpd
install-httpd:
pkg.installed:
- pkgs:
- httpd
- php
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- user: root
- group: root
- mode: 644
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: install-httpd
cd files/
cat httpd.conf ##httpd配置文件,建议安装httpd后复制
ServerRoot "/etc/httpd"
#Listen 12.34.56.78:80
Listen 80
Include conf.modules.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
<Directory />
AllowOverride none
Require all denied
</Directory>
DocumentRoot "/var/www/html"
#
# Relax access to content within /var/www.
#
<Directory "/var/www">
AllowOverride None
# Allow open access:
Require all granted
</Directory>
# Further relax access to the default document root:
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ".ht*">
Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access_log" combined
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>
#
# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule mime_module>
TypesConfig /etc/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>
AddDefaultCharset UTF-8
<IfModule mime_magic_module>
MIMEMagicFile conf/magic
</IfModule>
EnableSendfile on
# Supplemental configuration
#
# Load config files in the "/etc/httpd/conf.d" directory, if any.
IncludeOptional conf.d/*.conf
文件位置结构图大致如下:
/srv/salt
.
├── apache
│ ├── files
│ │ └── httpd.conf
│ ├── httpd.sls
│ └── lib.sls
├── _grains
│ └── my_grains.py
├── haproxy
│ ├── files
│ │ └── haproxy.cfg
│ ├── install.sls
│ └── service.sls
├── keepalived
│ ├── files
│ │ └── keepalived.conf
│ ├── install.sls
│ └── service.sls
└── top.sls
推送部署时,按照上一篇博客,布置好节点环境:
salt server[4,5] state.sls keepalived.service ##4.5部署keepalived以及haproxy
salt server[4,5] state.sls haproxy.service
salt server[2,3] state.sls apache.install ##2,3部署httpd
效果如下:
负载均衡效果:
高可用效果:
此时VIP在server4上,停止keepalived服务后,VIP转移到server5上,并且负载均衡正常。