saltsatck部署keepalived+ha
集群结构
salt-master:11
salt-minion:12-15
12 13:keepalived ha
14:nginx
15:apache
各部配置
[root@server1 salt]# tree .
.
|-- apache
| |-- files
| | |-- httpd.conf
| | `-- index.html
| `-- install.sls
|-- haproxy
| |-- files
| | `-- haproxy.cfg
| |-- install.sls
| `-- service.sls
|-- keepalived
| |-- files
| | |-- keepalived-2.0.19.tar.gz
| | `-- keepalived.conf
| |-- install.sls
| `-- service.sls
|-- nginx
| |-- files
| | |-- nginx-1.17.4.tar.gz
| | |-- nginx.conf
| | `-- nginx.service
| |-- install.sls
| `-- service.sls
`-- top.sls
8 directories, 16 files
keepalived
下载
keepalived-install:
pkg.installed:
- pkgs:
- gcc
- openssl-devel
- libnl-devel
file.managed:
- name: /mnt/keepalived-2.0.19.tar.gz
- source: salt://keepalived/files/keepalived-2.0.19.tar.gz
cmd.run:
- name: cd /mnt && tar zxf keepalived-2.0.19.tar.gz && cd keepalived-2.0.19 && ./configure --prefix=/usr/local/keepalived &> /dev/null && make &> /dev/null && make install &> /dev/null
- create: /usr/local/nginx
开启服务
include:
- keepalived.install
/etc/keepalived:
file.directory:
- user: root
- group: root
- mode: 644
- makedirs: True
/etc/keepalived/keepalived.conf:
file.managed:
- source: salt://keepalived/files/keepalived.conf
- mode: 644
- template: jinja
{% if grains['fqdn']== 'server2' %}
- STATE: MASTER
- PRIORITY: 100
{% elif grains['fqdn']== 'server3' %}
- STATE: BACKUP
- PRIORITY: 50
{% endif %}
keepalived-service:
service.running:
- name: keepalived
- reload: true
- watch:
- file: /etc/keepalived/keepalived.conf
配置文件
configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_script check_haproxy {
script "/opt/check_haproxy.sh"
interval 2
weight 2
}
vrrp_instance VI_1 {
state {{ STATE }}
interface eth0
virtual_router_id 51
priority {{ PRIORITY }}
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.70.100
}
track_script {
check_haproxy
}
}
}
ha
下载
haproxy-install:
pkg.installed:
- name: haproxy
打开服务
include:
- haproxy.install
haproxy-config:
file.managed:
- name: /etc/haproxy/haproxy.cfg
- source: salt://haproxy/files/haproxy.cfg
- user: root
- group: root
- mode: 644
- require:
- pkg: haproxy-install
haproxy-service:
service.running:
- name: haproxy
- enable: True
- require:
- pkg: haproxy-install
- file: haproxy-config
- watch:
- file: haproxy-config
配置文件
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
stats uri /status ##打开监控页面
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main *:80
default_backend app
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
balance roundrobin
server app1 172.25.70.14:80 check
server app2 172.25.70.15:80 check
nginx
下载
nginx-installed:
pkg.installed:
- pkgs:
- gcc
- pcre-devel
- openssl-devel
file.managed:
- name: /mnt/nginx-1.17.4.tar.gz
- source: salt://nginx/files/nginx-1.17.4.tar.gz
cmd.run:
- name: cd /mnt && tar zxf nginx-1.17.4.tar.gz && cd nginx-1.17.4 && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx --with-http_ssl_module &> /dev/null && make &> /dev/null && make install &> /dev/null
- create: /usr/local/nginx
添加服务到systemd
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
打开服务
include:
- nginx.install
/usr/local/nginx/conf/nginx.conf:
file.managed:
- source: salt://nginx/files/nginx.conf
nginx-service:
file.managed:
- name: /usr/lib/systemd/system/nginx.service
- source: salt://nginx/files/nginx.service
service.running:
- name: nginx
- reload: true
- watch:
- file: /usr/local/nginx/conf/nginx.conf
apache
下载打开
apache-install:
pkg.installed:
- pkgs:
- httpd
- httpd-tools
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
service.running:
- name: httpd
- watch:
- file: apache-install
apacheweb-html:
file.managed:
- name: /var/www/html/index.html
- source: salt://apache/files/index.html
随便给个默认发布页面
结果
[root@server1 salt]# curl 172.25.70.100 -I
HTTP/1.1 200 OK
Server: nginx/1.17.4
Date: Wed, 27 Nov 2019 15:37:29 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 26 Nov 2019 15:28:57 GMT
ETag: "5ddd44b9-264"
Accept-Ranges: bytes
[root@server1 salt]# curl 172.25.70.100 -I
HTTP/1.1 200 OK
Date: Wed, 27 Nov 2019 15:37:31 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux)
Last-Modified: Wed, 27 Nov 2019 10:52:35 GMT
ETag: "11-59851cb5c2074"
Accept-Ranges: bytes
Content-Length: 17
Content-Type: text/html; charset=UTF-8