1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
[root@NEI-pudong-idc2E-wdjky.me srv]
# tree salt/
salt/
├── base
│ ├── init
│ │ ├── audit.sls
│ │ ├── dns.sls
│ │ ├── env_init.sls
│ │ ├── epel.sls
│ │ ├── files
│ │ │ └── resolv.conf
│ │ ├──
history
.sls
│ │ └── sysctl.sls
│ └──
top
.sls
└── prod
├── cluster
│ ├── files
│ │ ├── haproxy-outside.cfg
│ │ └── haproxy-outside.cfg.bak
│ └── haproxy-outside.sls
├── haproxy
│ ├── files
│ │ ├── haproxy-1.4.24.
tar
.gz
│ │ └── haproxy.init
│ └──
install
.sls
├── keepalived
│ └── files
└── pkg
└── pkg-init.sls
|
1
2
3
4
5
6
7
8
9
10
11
|
file_roots:
base:
-
/srv/salt/base
prod:
-
/srv/salt/prod
pillar_roots:
base:
-
/srv/salt/pillar
prod:
-
/srv/salt/pillar
|
1
2
3
4
5
6
7
8
9
10
|
[root@NEI-pudong-idc2E-wdjky.me srv]
# pwd
/srv
[root@NEI-pudong-idc2E-wdjky.me srv]
# tree
.
├── pillar
│ ├── base
│ └── prod
└── salt
├── base
└── prod
|
1
|
/etc/init
.d
/salt-master
restart
|
1
2
3
4
5
6
7
|
[root@NEI-pudong-idc2E-wdjky.me srv]# cat /srv/salt/base/init/dns.sls
/etc/resolv.conf:
file.managed:
- source: salt:
//init/files/resolv.conf
- user: root
- group: root
- mode: 644
|
1
2
3
4
5
|
[root@NEI-pudong-idc2E-wdjky.me srv]
# cat /srv/salt/base/init/history.sls
/etc/profile
:
file
.managed:
- text:
-
export
HISTTIMEFORMAT=
"%F %T(`whoami`)"
|
1
2
3
4
5
|
[root@NEI-pudong-idc2E-wdjky.me srv]
# cat /srv/salt/base/init/audit.sls
/etc/bashrc
:
file
.append:
- text:
-
export
PROMPT_COMMAND=
'{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):['
pwd
']"$msg"; }'
|
1
2
3
4
5
6
|
[root@NEI-pudong-idc2E-wdjky.me srv]
# cat /srv/salt/base/init/epel.sls
yum_rep_release:
pkg.installed:
- sources:
- epel-release: http:
//mirrors
.aliyun.com
/epel/6/x86_64/epel-release-6-8
.noarch.rpm
- unless: rpm -qa|
grep
epel-release-6-8
|
1
2
3
4
5
|
[root@NEI-pudong-idc2E-wdjky.me srv]
# cat /srv/salt/base/init/env_init.sls
include:
- init.dns
- init.
history
- init.audit
|
1
2
3
4
5
6
7
8
9
10
11
|
[root@NEI-pudong-idc2E-wdjky.me prod]
# cat /srv/salt/prod/pkg/pkg-init.sls
pkg-init:
pkg.installed:
- names:
- gcc
- gcc-c++
- glibc
-
make
- autoconf
- openssl
- openssl-devel
|
1
2
3
4
5
6
|
cd
/usr/local/src/
cp
haproxy-1.4.24.
tar
.gz
/srv/salt/prod/haproxy/files
tar
xf haproxy-1.4.24.
tar
.gz
cd
/usr/local/src/haproxy-1
.4.24
/examples/
sed
-i
's/\/usr\/sbin\/'
\$BASENAME
'/\/usr\/local\/haproxy\/sbin\/'
\$BASENAME
'/g'
haproxy.init
cp
haproxy.init
/srv/salt/prod/haproxy/files
|
1
2
3
|
[root@NEI-pudong-idc2E-wdjky.me haproxy]
# cat /srv/salt/prod/haproxy/install.sls
include:
- pkg.pkg-init
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
haproxy-
install
:
file
.managed:
- name:
/usr/local/src/haproxy-1
.4.24.
tar
.gz
-
source
: salt:
//haproxy/files/haproxy-1
.4.24.
tar
.gz
- mode: 755
- user: root
- group: root
cmd.run:
- name:
cd
/usr/local/src
&&
tar
xf haproxy-1.4.24.
tar
.gz &&
cd
haproxy-1.4.24 &&
make
TARGET=linux26 PREFIX=
/usr/local/haproxy
&&
make
install
PREFIX=
/usr/local/haproxy
- unless:
test
-d
/usr/local/haproxy
- require:
- pkg: pkg-init
-
file
: haproxy-
install
/etc/init
.d
/haproxy
:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
file
.managed:
-
source
: salt:
//haproxy/files/haproxy
.init
- mode: 755
- user: root
- group: root
- require:
- cmd: haproxy-
install
haproxy-config-
dir
:
file
.directory:
- name:
/etc/haproxy
- mode: 755
- user: root
- group: root
haproxy-init:
cmd.run:
- name: chkconfig --add haproxy
- unless: chkconfig --list|
grep
haproxy
- require:
-
file
:
/etc/init
.d
/haproxy
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
[root@NEI-pudong-idc2E-wdjky.me haproxy]
# cat /srv/salt/prod/cluster/haproxy-outside.sls
include:
- haproxy.
install
haproxy-service:
file
.managed:
- name:
/etc/haproxy/haproxy
.cfg
-
source
: salt:
//cluster/files/haproxy-outside
.cfg
- user: root
- group: root
- mode: 644
service.running:
- name: haproxy
-
enable
: True
- reload: True
- require:
- cmd: haproxy-init
-
watch
:
-
file
: haproxy-service
|
1
2
3
4
5
6
7
8
9
10
11
|
[root@NEI-pudong-idc2E-wdjky.me haproxy]
# cat /srv/salt/prod/cluster/files/haproxy-outside.cfg
global
log 127.0.0.1:514 local0 warning
chroot
/usr/local/haproxy
group haproxy
user haproxy
daemon
nbproc 8
pidfile
/usr/local/haproxy/logs/haproxy
.pid
maxconn 20000
spread-checks 3
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
defaults
log global
mode http
#option httplog
#option httpclose
#option dontlognull
#option forwardfor
option redispatch
#option abortonclose
retries 3
#balance roundrobin
#balance source
#balance leastconn
contimeout 5000
clitimeout 50000
srvtimeout 50000
#timeout check 2000
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
listen randolph_status
bind *:80
mode http
stats
enable
stats uri
/admin
?status
#stats realm haproxty\ haproxy
stats auth salt:randolph
#stats auth admin1:admin1
stats hide-version
#stats admin if TRUE
#listen webserver
#option httpchk HEAD /checkstatus.html HTTP/1.0
option httpclose
option forwardfor
balance roundrobin
cookie SERVERID insert indirect
timeout server 15s
timeout connect 15s
server web01 192.168.21.161:8082 check port 80 inter 5000 fall 5
server web02 192.168.21.163:8082 check port 80 inter 5000 fall 5
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
[root@NEI-pudong-idc2E-wdjky.me haproxy]
# cat /srv/salt/prod/cluster/haproxy-outside.sls
include:
- haproxy.
install
haproxy-service:
file
.managed:
- name:
/etc/haproxy/haproxy
.cfg
-
source
: salt:
//cluster/files/haproxy-outside
.cfg
- user: root
- group: root
- mode: 644
service.running:
- name: haproxy
-
enable
: True
- reload: True
- require:
- cmd: haproxy-init
-
watch
:
-
file
: haproxy-service
|
1
2
3
4
5
6
7
|
[root@NEI-pudong-idc2E-wdjky.me base]
# cat top.sls
base:
jenkins.saltstack.me:
- init.env_init
prod:
jenkins.saltstack.me:
- cluster.haproxy-outside
|