saltstack实现haproxy与keepalived高可用负载均衡集群

1.haproxy软件配置

cat install.sls 			##安装haproxy，使用yum安装
haproxy:
  pkg.installed

/etc/haproxy/haproxy.cfg:
  file.managed:
    - source: salt://haproxy/files/haproxy.cfg
cat service.sls 			##安装开启haproxy服务
include:
  - haproxy.install
lb:
  service.running:
    - name: haproxy
    - reload: True
    - watch:
      - file: /etc/haproxy/haproxy.cfg

cd files/
cat haproxy.cfg			##haproxy配置文件
global
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000


frontend http_front
    bind 172.25.30.100:80
    stats uri /haproxy?stats
    default_backend http_back
backend http_back
    balance roundrobin
    option forwardfor header X-Forwarded-For
    server node1 172.25.30.2:80 check inter 1000 rise 3 fall 3 weight 30			##定义负载均衡
    server node2 172.25.30.3:80 check inter 1000 rise 3 fall 3 weight 30

2.keepalived软件配置

cd ../../keepalived/
cat install.sls			##安装keepalived，定义变量
keepalived:
  pkg.installed

/etc/keepalived/keepalived.conf:
  file.managed:
    - source: salt://keepalived/files/keepalived.conf
    - user: root
    - group: root
    - mode: 644
    - template: jinja
      {% if grains['fqdn'] == 'server4' %}
      id: LVS_DEVEL02
      states: BACKUP
      prior: 90
      {% elif grains['fqdn'] == 'server5' %}
      id: LVS_DEVEL01
      states: MASTER
      prior: 100
      {% endif %}
cat service.sls 			##安装并开启keepalived
include:
  - keepalived.install

lb:
  service.running:
    - name: keepalived
    - reload: True
    - watch:
      - file: /etc/keepalived/keepalived.conf

cd files/
cat keepalived.conf		##keepalived配置文件
global_defs {
   smtp_connect_timeout 30 
   router_id {{ id }}
}

vrrp_instance VI_1 {
    state {{ states }}
    interface eth0
    virtual_router_id 51
    priority {{ prior }}
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
	172.25.30.100
    }
}

3.httpd配置

cd ../../apache
cat httpd.sls			##安装并开启httpd
install-httpd:
  pkg.installed:
    - pkgs:
      - httpd
      - php

  file.managed:
    - name: /etc/httpd/conf/httpd.conf
    - source: salt://apache/files/httpd.conf
    - user: root
    - group: root
    - mode: 644

  service.running:
    - name: httpd
    - enable: True
    - reload: True
    - watch:
       - file: install-httpd

cd files/
cat httpd.conf 				##httpd配置文件，建议安装httpd后复制
ServerRoot "/etc/httpd"

#Listen 12.34.56.78:80
Listen 80

Include conf.modules.d/*.conf

User apache
Group apache
ServerAdmin root@localhost
<Directory />
    AllowOverride none
    Require all denied
</Directory>


DocumentRoot "/var/www/html"

#
# Relax access to content within /var/www.
#
<Directory "/var/www">
    AllowOverride None
    # Allow open access:
    Require all granted
</Directory>

# Further relax access to the default document root:
<Directory "/var/www/html">
    
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>

#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>

#
# The following lines prevent .htaccess and .htpasswd files from being 
# viewed by Web clients. 
#
<Files ".ht*">
    Require all denied
</Files>

ErrorLog "logs/error_log"

LogLevel warn

<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>
    CustomLog "logs/access_log" combined
</IfModule>

<IfModule alias_module>
    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

</IfModule>

#
# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
</Directory>

<IfModule mime_module>
    TypesConfig /etc/mime.types

    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz

    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
</IfModule>

AddDefaultCharset UTF-8

<IfModule mime_magic_module>
  
    MIMEMagicFile conf/magic
</IfModule>


EnableSendfile on

# Supplemental configuration
#
# Load config files in the "/etc/httpd/conf.d" directory, if any.
IncludeOptional conf.d/*.conf

文件位置结构图大致如下：

/srv/salt

.
├── apache
│   ├── files
│   │   └── httpd.conf
│   ├── httpd.sls
│   └── lib.sls
├── _grains
│   └── my_grains.py
├── haproxy
│   ├── files
│   │   └── haproxy.cfg
│   ├── install.sls
│   └── service.sls
├── keepalived
│   ├── files
│   │   └── keepalived.conf
│   ├── install.sls
│   └── service.sls
└── top.sls

推送部署时，按照上一篇博客，布置好节点环境：

salt server[4,5] state.sls keepalived.service		##4.5部署keepalived以及haproxy
salt server[4,5] state.sls haproxy.service
salt server[2,3] state.sls apache.install		##2，3部署httpd

效果如下：


负载均衡效果：


高可用效果：

此时VIP在server4上，停止keepalived服务后，VIP转移到server5上，并且负载均衡正常。