SaltStack自動部署nginx、apache、實現haproxy負載均衡叢集
一、Saltstack 自動化運維工具
什麼是saltstack
• Saltstack是基於python開發的一套C/S架構配置管理工具
• 使用SSL證書籤方的方式進行認證管理
• 底層使用ZeroMQ訊息佇列pub/sub方式通訊 – 號稱世界上最快的訊息佇列ZeroMQ能快速在成千上萬臺主機上進行各種操作 – 採用RSA Key方式確認身 主要功能
• Saltstack最主要的兩個功能是:配置管理與遠端執行
• Saltstack不只是一個配置管理工具,還是一個雲端計算與資料中心架構編排的利器
• Saltstack已經支援Docker相關模組
• 在友好地支援各大雲平臺之後,配合Saltstack的Mine實時發現功能可以實現各種雲平臺業務的自動擴充套件
SaltStack架構
• SaltStack基於C/S架構 – 伺服器端稱作Master – 客戶端稱作Minion • 可以實現傳統處理方式,即:客戶端傳送請求給伺服器,伺服器收到請求後處理請求,再將結果返回 • 也可以使用訊息佇列中的釋出與訂閱(pub/sub)服務模式 實驗環境: rhel6.5 server1 salt-master salt-minion haproxy server2 salt-minion httpd server3 salt-minion nginx
二、SaltStack 原始碼編譯nginx
1. 安裝SaltStack
- 配置yum源
[rhel-source] name=Red Hat Enterprise Linux $releasever - $basearch - Source baseurl=http://172.25.77.250/rhel6.5 enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release [salt] name=saltstack baseurl=http://172.25.77.250/saltstack/rhel6 enabled=1 gpgcheck=0
- serevr1上安裝salt-master minion
yum list salt-*
[[email protected] salt]# yum install -y salt-minion
[[email protected] salt]# vim /etc/salt/minion
修改master
[[email protected] salt]# vim /etc/salt/master //檔案裡面不能使用Tab,直接用空格鍵
534 file_roots:
535 base:
536 - /srv/salt
[[email protected] salt]# mkdir /srv/salt
[[email protected] salt]# /etc/init.d/salt-minion start
[[email protected] salt]# /etc/init.d/salt-master start
- server2,server3 安裝minion 步驟同serevr1
- 測試公鑰
[[email protected] salt]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
server1
Proceed? [n/Y] y
Key for minion server1 accepted.
[[email protected] salt]# salt-key -L
Accepted Keys:
server1
server2
server3
Denied Keys:
Unaccepted Keys:
Rejected Keys:
2.原始碼編譯nginx
- 建立nginx使用者
在/srv/salt/下建立users目錄,在users目錄下編寫建立nginx使用者的檔案nginx.sls
[[email protected] master]# cd /srv/salt/
[[email protected] salt]# mkdir nginx
[[email protected] salt]# mkdir users //存放nginx使用者資訊
[[email protected] salt]# cd users
[[email protected] users]# cat nginx.sls
nginx-group:
group.present:
- name: nginx
- gid: 800
nginx-user:
user.present:
- name: nginx
- uid: 800
- gid: 800
- shell: /sbin/nologin
- createhome: False
- home: /usr/local/nginx
- 編譯nginx
[[email protected] salt]# cd nginx/
[[email protected] nginx]# ls
files install.sls
[[email protected] nginx]# cat install.sls
nginx_install:
pkg.installed:
- pkgs:
- gcc-c++
- openssl-devel
- pcre-devel
- zlib-devel
file.managed:
- name: /root/nginx-1.14.0.tar.gz
- source: salt://nginx/files/nginx-1.14.0.tar.gz
cmd.run:
- name: cd /root/ && tar zxf nginx-1.14.0.tar.gz && cd nginx-1.14.0 && sed -i.bak 's/#define NGINX_VER "nginx\/" NGINX_VERSION/#define NGINX_VER "nginx"/g' src/core/nginx.h && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx --with-file-aio --with-threads --with-http_ssl_module --with-http_stub_status_module &> /dev/null && make &>/dev/null && make install &>/dev/null
- creates: /usr/local/nginx
[[email protected] nginx]# salt server3 state.sls nginx.install
推送給server3 進行編譯安裝nginx
推送編譯安裝成功 在server3處 1)將指令碼傳送到 server1 :/srv/salt/nginx/files/ 2)將/usr/local/nginx/conf/nginx.conf 傳送到server1 :/srv/salt/nginx/files/
- nginx管理啟動指令碼
[[email protected] files]# ls
nginx nginx-1.14.0.tar.gz nginx.conf
[[email protected] nginx]# cat service.sls
include:
- nginx.install
nginx-service:
file.managed:
- name: /usr/local/nginx/conf/nginx.conf
- source: salt://nginx/files/nginx.conf
service.running:
- name: nginx
- enable: True
- reload: True
- watch:
- file: nginx-service
推送nginx啟動指令碼到server3
salt server3 state.sls nginx.service
在server3 端檢視nginx 是否開啟 [[email protected] init.d]# netstat -antlp | grep nginx tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 5156/nginx [[email protected] init.d]# 到此nginx的自動編譯安裝開啟完成 ** **
三、部署安裝apache && 開啟apache服務
**
[[email protected] master]# cd /srv/salt/
[[email protected] salt]# mkdir apache
[[email protected] salt]# cd apache
[[email protected] apache]# vim apache.sls //部署指令碼,檔案裡面不能使用Tab,直接用空格鍵
[[email protected] apache]# cat install.sls
apache-install:
pkg.installed:
- pkgs:
- httpd
- php
file.managed:
- name: /var/www/html/index.php
- source: salt://apache/files/index.php
- mode: 644
- user: root
- group: root
ap-service:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: apache-service
[[email protected] apache]# cat service.sls
include:
- apache.install
apache-service:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: apache-service
[[email protected] files]# ls
httpd.conf index.php
[[email protected] files]# cat index.php
<?php
phpinfo()
?>
推送給server2 salt server2 state.sls
四、saltstack多節點推送實現haproxy負載均衡叢集
1.在server1上安裝haproxy 完善yun源
[rhel-source]
name=Red Hat Enterprise Linux $releasever - $basearch - Source baseurl=http://172.25.77.250/rhel6.5
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
[salt]
name=saltstack
baseurl=http://172.25.77.250/saltstack/rhel6
enabled=1
gpgcheck=0
[LoadBalancer]
name=LoadBalancer
baseurl=http://172.25.77.250/rhel6.5/LoadBalancer
gpgcheck=0
[[email protected] haproxy]# vim install.sls //編輯部署haproxy指令碼
[[email protected] haproxy]# cat install.sls
include:
- pkgs.make
haproxy-install:
file.managed:
- name: /mnt/haproxy-1.6.11.tar.gz
- source: salt://haproxy/files/haproxy-1.6.11.tar.gz
cmd.run:
- name: cd /mnt && tar zxf haproxy-1.6.11.tar.gz && cd haproxy-1.6.11 && make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy && make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy install
- creates: /usr/local/haproxy
推送進行安裝
[[email protected] haproxy]# cd /mnt/
[[email protected] mnt]# ls
haproxy-1.6.11 haproxy-1.6.11.tar.gz
[[email protected] mnt]# cd haproxy-1.6.11
[[email protected] haproxy-1.6.11]# find -name *init*
./examples/haproxy.init
./examples/init.haproxy
[[email protected] haproxy-1.6.11]# cd examples/
[[email protected] examples]# cp haproxy.init /srv/salt/haproxy/files/
[[email protected] examples]# cp content-sw-sample.cfg /srv/salt/haproxy/files/
[[email protected] /]# cd /srv/salt/haproxy/
[[email protected] haproxy]# cd files/
[[email protected] files]# ls
content-sw-sample.cfg haproxy-1.6.11.tar.gz haproxy.init
[[email protected] files]# mv content-sw-sample.cfg haproxy.cfg
在/srv/salt/下建立user目錄,在user目錄下建立haproxy使用者的檔案haproxy.sls
[[email protected] salt]# mkdir user
[[email protected] salt]# cd user
[[email protected] user]# vim haproxy.sls
haproxy:
group.present:
- name: haproxy
- gid: 200
user.present:
- uid: 200
- gid: 200
- shell: /sbin/nologin
- home: /usr/local/haproxy
- createhome: False
在/srv/salt/下建立pkgs目錄,在pkgs目錄下編寫安裝依賴包的檔案make.sls
[[email protected] salt]# cd pkgs
[[email protected] pkgs]# cat make.sls
make-install:
pkg.installed:
- pkgs:
- gcc
- pcre-devel
- openssl-devel
- zlib-devel
[[email protected] haproxy]# vim install.sls
[[email protected] haproxy]# cat install.sls
include:
- pkgs.make
- user.haproxy
haproxy-install:
file.managed:
- name: /mnt/haproxy-1.6.11.tar.gz
- source: salt://haproxy/files/haproxy-1.6.11.tar.gz
cmd.run:
- name: cd /mnt && tar zxf haproxy-1.6.11.tar.gz && cd haproxy-1.6.11 && make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy && make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy install
- creates: /usr/local/haproxy
/etc/haproxy:
file.directory:
- mode: 755
/usr/sbin/haproxy:
file.symlink:
- target: /usr/local/haproxy/sbin/haproxy
[[email protected] files]# vim haproxy.cfg //修改配置檔案
63 frontend main *:80
64 default_backend app
65
66 backend app
67 balance roundrobin
68 server app1 172.25.77.2:80 check
69 server app2 172.25.77.3:80 check
[[email protected] haproxy]# vim service.sls
[[email protected] haproxy]# cat service.sls
include:
- haproxy.install
/etc/haproxy/haproxy.cfg:
file.managed:
- source: salt://haproxy/files/haproxy.cfg
/etc/init.d/haproxy:
file.managed:
- source: salt://haproxy/files/haproxy.init
- mode: 755
haproxy-service:
service.running:
- name: haproxy
- enable: True
- reload: True
- watch:
- file: /etc/haproxy/haproxy.cfg
[[email protected] files]# salt server1 state.sls haproxy.service
2.在網頁測試:不斷重新整理頁面,實現負載均衡
3.多節點推送 在/srv/salt/目錄下編寫top.sls檔案
[[email protected] salt]# cat top.sls
base:
'server1':
- haproxy.service
'server2':
- apache.service
'server3':
- nginx.service
在salt-master端給salt-minion端推top.sls檔案,實現在minion端安裝haproxy,apache,nginx