saltstack一鍵部署高可用
一健推送apache
[[email protected] minions]# cd /etc/salt/
[[email protected] salt]# vim master
[[email protected] salt]# mkdir /srv/salt
[[email protected] salt]# cd /srv/salt/
[[email protected] salt]# mkdir apache
[[email protected] salt]# cd apache/
[[email protected] apache]# vim install.sls
apache-install:
pkg.installed:
- pkgs:
- httpd
- php
file.managed:
- name: /var/www/html/index.php
- source: salt://apache/files/index.php
- mode: 644
- user: root
- group: root
[[email protected] httpd]# salt server2 state.sls apache.install
[[email protected] apache]# vim service.sls
include:
- apache.install
apache-service:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: apache-service
[[email protected] apache]# cd files/
[[email protected] files]# ls
httpd.conf(從server2(apache端)scp過來) index.php
[[email protected] apache]# salt server2 state.sls apache.service
一健部署nginx
[[email protected] salt]# mkdir nginx
[[email protected] salt]# cd nginx
[[email protected] nginx]# mkdir files
[[email protected] nginx]# cd files
[[email protected] files]# ls
nginx-1.14.0.tar.gz nginx(可以從網上找一個啟動指令碼) nginx.conf(從server3scp)
[[email protected] files]# cd ..
[[email protected] nginx]# vim install.sls
include:
- pkgs.make
nginx-install:
pkg.installed:
- pkgs:
- gcc
- pcre-devel
- openssl-devel
file.managed:
- name: /mnt/nginx-1.14.0.tar.gz
- source: salt://nginx/files/nginx-1.14.0.tar.gz
cmd.run:
- name: cd /mnt && tar zxf nginx-1.14.0.tar.gz && cd nginx-1.14.0 && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && sed -i.bak 's/#define NGINX_VER "nginx\/" NGINX_VERSION/#define NGINX_VER "nginx"/g' src/core/nginx.h && ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-threads --with-file-aio &> /dev/null && make &> /dev/null && make install &> /dev/null
- creates: /usr/local/nginx
[[email protected] nginx]# salt server3 state.sls nginx.install
[[email protected] nginx]# vim service.sls
include:
- nginx.install
/usr/local/nginx/conf/nginx.conf:
file.managed:
- source: salt://nginx/files/nginx.conf
nginx-service:
file.managed:
- name: /etc/init.d/nginx
- source: salt://nginx/files/nginx
- mode: 755
service.running:
- name: nginx
- enable: True
- reload: True
- watch:
- file: /usr/local/nginx/conf/nginx.conf
[[email protected] nginx]# salt server3 state.sls nginx.service
[[email protected] nginx]# cd ..
[[email protected] salt]# mkdir pkgs
[[email protected] salt]# cd pkgs/
[[email protected] pkgs]# vim make.sls
gcc:
pkg.installed:
- pkgs:
- gcc
- pcre-devel
- openssl-devel
一健推送haproxy,實現負載均衡
[[email protected] salt]# mkdir haproxy
[[email protected] haproxy]# mkdir files
[[email protected] haproxy]# cd files/
[[email protected] files]# ls
haproxy-1.6.11.tar.gz haproxy.cfg haproxy.init
[[email protected] files]# cd ..
[[email protected] haproxy]# cd ..
[[email protected] salt]# mkdir users
[[email protected] salt]# cd users/
[[email protected] users]# vim haproxy.sls
haproxy-group:
group.present:
- name: haproxy
- gid: 200
haproxy:
user.present:
- uid: 200
- gid: 200
- home: /usr/local/haproxy
- createhome: False
- shell: /sbin/nologin
[[email protected] salt]# cd /srv/salt/haproxy/
[[email protected] haproxy]# vim install.sls
include:
- pkgs.make
- users.haproxy
haproxy-install:
file.managed:
- name: /mnt/haproxy-1.6.11.tar.gz
- source: salt://haproxy/files/haproxy-1.6.11.tar.gz
cmd.run:
- name: cd /mnt && tar zxf haproxy-1.6.11.tar.gz && cd haproxy-1.6.11 && make TARGET=linux2628 UES_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy && make TARGET=linux2628 UES_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy install
- creates: usr/local/haproxy
/etc/haproxy:
file.directory:
- mode: 755
/usr/sbin/haproxy:
file.symlink:
- target: /usr/local/haproxy/sbin/haproxy
[[email protected] haproxy]# salt server1 state.sls haproxy.install
沒有報錯即成功
[[email protected] mnt]# cd haproxy-1.6.11/examples
[[email protected] examples]# cp haproxy.init /srv/salt/haproxy/files
[[email protected] examples]# cp content-sw-sample.cfg /srv/salt/haproxy/files
[[email protected] haproxy]# cd /srv/salt/haproxy/files/
[[email protected] files]# ls
[[email protected] files]# mv content-sw-sample.cfg haproxy.cfg
[[email protected] files]# vim haproxy.cfg
global
maxconn 10000
stats socket /var/run/haproxy.stat mode 600 level admin
log 127.0.0.1 local0
uid 200
gid 200
chroot /var/empty
daemon
defaults
mode http
log global
option httplog
option dontlognull
monitor-uri /monitoruri
maxconn 8000
timeout client 30s
stats uri /admin/stats
retries 2
option redispatch
timeout connect 5s
timeout server 5s
timeout queue 30s
# The public 'www' address in the DMZ
frontend public
bind *:80 name clear
#bind 192.168.1.10:443 ssl crt /etc/haproxy/haproxy.pem
#use_backend static if { hdr_beg(host) -i img }
#use_backend static if { path_beg /img /css }
default_backend static
# The static backend backend for 'Host: img', /img and /css.
backend static
balance roundrobin
#option httpchk HEAD /favicon.ico
server statsrv1 172.25.8.2:80 check inter 1000
server statsrv2 172.25.8.3:80 check inter 1000
[[email protected] files]# cd ..
[[email protected] haproxy]# vim service.sls
include:
- haproxy.install
/etc/haproxy/haproxy.cfg:
file.managed:
- source: salt://haproxy/files/haproxy.cfg
haproxy-service:
file.managed:
- name: /etc/init.d/haproxy
- source: salt://haproxy/files/haproxy.init
- mode: 755
service.running:
- name: haproxy
- enable: True
- reload: True
- watch:
- file: /etc/haproxy/haproxy.cfg
[[email protected] haproxy]# salt server1 state.sls haproxy.service
無報錯即可
一鍵全推送
[[email protected] haproxy]# cd ..
[[email protected] salt]# vim top.sls
base:
'server2':
- apache.service
'server3':
- nginx.service
'server1':
- haproxy.service
[email protected] salt]# salt '*' state.highstate
一鍵推送高可用
[[email protected] salt]# vim /etc/salt/master
取消註釋
pillar_roots:
base:
- /srv/pillar
[[email protected] salt]# /etc/init.d/salt-master restart
[[email protected] srv]# cd ..
[[email protected] srv]# mkdir pillar
[[email protected] srv]# cd pillar/
[[email protected] pillar]# vim top.sls
base:
'*':
- web.install
- keepalived.install
[[email protected] pillar]# cd /srv/salt/apache/
[[email protected] apache]# vim service.sls
include:
- apache.install
apache-service:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- template: jinja
- context:
port: {{ pillar['port'] }}
bind: {{ pillar['bind'] }}
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: apache-service
[[email protected] apache]# vim /srv/pillar/web/install.sls (web目錄自己建立)
{% if grains['fqdn'] == 'server2' %}
webserver: httpd
bind: 172.25.8.2
port: 80
{% elif grains['fqdn'] == 'server3' %}
webserver: nginx
{% elif grains['fqdn'] == 'server1' %}
webserver: haproxy
{% endif %}
[[email protected] apache]# vim files/httpd.conf
Listen {{ bind }}:{{ port }}
推送keepalived
server4:
[[email protected] apache]# cd ..
[[email protected] salt]# mkdir keepalived
[[email protected] salt]# cd keepalived/
[[email protected] keepalived]# mkdir files
[[email protected] keepalived]# cd files/
[[email protected] files]# ls
keepalived-2.0.6.tar.gz
[[email protected] files]# cd ..
[[email protected] keepalived]# vim install.sls
include:
- pkgs.make
kp-install:
file.managed:
- name: /mnt/keepalived-2.0.6.tar.gz
- source: salt://keepalived/files/keepalived-2.0.6.tar.gz
cmd.run:
- name: cd /mnt && tar zxf keepalived-2.0.6.tar.gz && cd keepalived-2.0.6 && ./configure --prefix=/usr/local/keepalived --with-init=SYSV &> /dev/null && make &> /dev/null && make install &> /dev/null
- creates: /usr/local/keepalived
tu
[[email protected] keepalived]# salt server4 state.sls keepalived.install
[[email protected] keepalived]# cd files/
[[email protected] files]# ls
keepalived keepalived-2.0.6.tar.gz keepalived.conf
[[email protected] files]# cd ..
vim service.sls
[[email protected] keepalived]# cd files/
[[email protected] files]# vim keepalived.conf
global_defs {
notification_email {
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state {{ STATE }}
interface eth0
virtual_router_id {{ VRID }}
priority {{ PRIORITY }}
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.8.100
}
}
[[email protected] salt]# cd ..
[[email protected] keepalived]# vim service.sls
[[email protected] keepalived]# cd ..
[[email protected] salt]# cd ..
[[email protected] srv]# cd pillar/
[[email protected] pillar]# mkdir keepalived
[[email protected] pillar]# cd keepalived/
[[email protected] keepalived]# vim install.sls
{% if grains['fqdn'] == 'server1' %}
state: MASTER
vrid: 88
priority: 100
{% elif grains['fqdn'] == 'server4' %}
state: MASTER
vrid: 88
priority: 1
{% endif %}
tu
[[email protected] keepalived]# cd ..
[[email protected] salt]# vim top.sls
base:
'server4':
- haproxy.service
- keepalived.service
'server2':
- apache.service
'server3':
- nginx.service
'server1':
- haproxy.service
- keepalived.service
[[email protected] salt]# salt '*' state.highstate