saltstack實現一鍵部署keepalived+haproxy的高可用負載均衡叢集
阿新 • • 發佈:2018-12-21
配置環境
| 主機名 | ip | 服務 |
|---|---|---|
| server1 | 172.25.1.1 | salt-master、salt-minion haproxy、keepalived |
| server2 | 172.25.1.2 | salt-minion , httpd |
| server3 | 172.25.1.3 | salt-minion , nginx |
| server4 | 172.25.1.4 | salt-minion , haproxy、keepalived |
keepalived的安裝部署
建立salt指令碼存放目錄
[[email protected] salt]# cd /srv/salt
[[email protected] salt]# mkdir keepalived
[[email protected] keepalived]# mkdir file #配置檔案和軟體包存放目錄
編輯安裝指令碼
[[email protected] keepalived]# vim make.sls #編輯安裝指令碼 include: - haproxy.yum #使用了haproxy中的yum源安裝指令碼 /mnt/libnfnetlink-devel-1.0.0-1.el6.x86_64.rpm: #依賴性,映象中沒有,因此需要手動裝 file.managed: - source: salt://keepalived/file/libnfnetlink-devel-1.0.0-1.el6.x86_64.rpm keepalived-install: pkg.installed: #依賴性 - pkgs: - libnl-devel - openssl-devel - iptables-devel - gcc file.managed: #keepalived的安裝包 - name: /mnt/keepalived-2.0.6.tar.gz - source: salt://keepalived/file/keepalived-2.0.6.tar.gz cmd.run: #需要執行的shell命令 - name: cd /mnt && yum install -y libnfnetlink-devel-1.0.0-1.el6.x86_64.rpm && tar zxf keepalived-2.0.6.tar.gz && cd keepalived-2.0.6 && ./configure --prefix=/usr/local/keepalived --with-init=SYSV && make && make install - create: /usr/local/keepalived #如果此目錄存在則不進行安裝 /etc/keepalived: #修改檔案許可權 file.directory: - mode: 755 /etc/sysconfig/keepalived: #建立檔案軟連結,將target中的目錄連結到此位置 file.symlink: - target: /usr/local/keepalived/etc/sysconfig/keepalived /sbin/keepalived: file.symlink: - target: /usr/local/keepalived/sbin/keepalived
keepalived服務的啟動指令碼
[[email protected] keepalived]# vim service.sls include: - keepalived.make #包含了keepalived的安裝指令碼,實現一鍵部署 /etc/keepalived/keepalived.conf: file.managed: #檔案管理 - source: salt://keepalived/file/keepalived.conf - template: jinja #使用了jinja模組 - context: STATE: {{ pillar['state'] }} #使用了pillar定義變數 PRIORITY: {{ pillar['priority'] }} /opt/check_haproxy.sh: file.managed: - source: salt://keepalived/file/check_haproxy.sh - mode: 755 keepalived-service: file.managed: - name: /etc/init.d/keepalived - source: salt://keepalived/file/keepalived - mode: 755 service.running: - enable: keepalived - name: keepalived - reload: True - watch: - file: /etc/keepalived/keepalived.conf
keepalived指令碼中需要的file
[[email protected] file]# cd /srv/salt/keepalived/file
[[email protected] file]# ls
check_haproxy.sh keepalived.conf
keepalived libnfnetlink-devel-1.0.0-1.el6.x86_64.rpm
keepalived-2.0.6.tar.gz
keepalived中對haproxy的健康檢查指令碼
[[email protected] file]# cat check_haproxy.sh
#!bin/bash
/etc/init.d/haproxy status &> /dev/null || /etc/init.d/haproxy restart &> /dev/null
# 如果haproxy的狀態是開啟的,不做任何事情,如果haproxy的狀態是關閉的,那麼重新開啟haproxy
if [ $? -ne 0 ];then
/etc/init.d/keepalived stop &> /dev/null
fi
# 如果重新開啟haproxy的操作返回值非0,那麼說明haproxy出現故障,此時由指令碼關閉keepalived,將提供服務的節點轉移
keepalived的配置檔案
[[email protected] file]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_script check_haproxy {
script "/opt/check_haproxy.sh"
interval 2
weight 2
}
vrrp_instance VI_1 {
state {{ STATE }} #pillar值
interface eth0
virtual_router_id 51
priority {{ PRIORITY }} #pillar值
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.1.100
}
track_script { #需要寫在vip的後面
check_haproxy
}
}
}
keepalived的啟動指令碼
[[email protected] file]# cat keepalived
#!/bin/sh
#
# Startup script for the Keepalived daemon
#
# processname: keepalived
# pidfile: /var/run/keepalived.pid
# config: /etc/keepalived/keepalived.conf
# chkconfig: - 21 79
# description: Start and stop Keepalived
# Source function library
. /etc/rc.d/init.d/functions
# Source configuration file (we set KEEPALIVED_OPTIONS there)
. /etc/sysconfig/keepalived
RETVAL=0
prog="keepalived"
start() {
echo -n $"Starting $prog: "
daemon keepalived ${KEEPALIVED_OPTIONS}
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
}
stop() {
echo -n $"Stopping $prog: "
killproc keepalived
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog
}
reload() {
echo -n $"Reloading $prog: "
killproc keepalived -1
RETVAL=$?
echo
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
stop
start
;;
condrestart)
if [ -f /var/lock/subsys/$prog ]; then
stop
start
fi
;;
status)
status keepalived
RETVAL=$?
;;
*)
echo "Usage: $0 {start|stop|reload|restart|condrestart|status}"
RETVAL=1
esac
exit $RETVAL
keepalived中需要用到的pillar定義
[[email protected] web]# vim /srv/pillar/web/install.sls
{% if grains['fqdn'] == 'server1' %}
state: MASTER
priority: 100
{% elif grains['fqdn'] == 'server4' %}
state: BACKUP
priority: 50
{% endif %}
[[email protected] pillar]# cd /srv/pillar
[[email protected] pillar]# vim top.sls
base:
'*':
- web.install
全域性推送指令碼
[[email protected] salt]# vim /srv/salt/top.sls
base:
'server1':
- haproxy.service
- keepalived.service
'server4':
- haproxy.service
- keepalived.service
'server2':
- apache.install
'server3':
- nginx.service
測試
訪問vip,實現了nginx和apache輪詢訪問
[[email protected] ~]# curl 172.25.1.100
this is nginx!!!!
[[email protected] ~]# curl 172.25.1.100
this is apache
[[email protected] ~]# curl 172.25.1.100
this is nginx!!!!
[[email protected] ~]# curl 172.25.1.100
this is apache
[[email protected] ~]# curl 172.25.1.100
this is nginx!!!!
vip新增到了master(server1)中
[[email protected] salt]# ip add show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:37:6b:32 brd ff:ff:ff:ff:ff:ff
inet 172.25.1.1/24 brd 172.25.1.255 scope global eth0
inet 172.25.1.100/32 scope global eth0
inet6 fe80::5054:ff:fe37:6b32/64 scope link
valid_lft forever preferred_lft forever
keepalived中對haproxy健康檢查指令碼
[[email protected] ~]# /etc/init.d/haproxy stop
Shutting down haproxy: [確定]
[[email protected] ~]# /etc/init.d/haproxy status #發現停掉haproxy以後,服務自動啟動
haproxy (pid 13370) 正在執行...
使haproxy無法自動啟動
[[email protected] init.d]# mv haproxy /mnt
[[email protected] mnt]# ./haproxy stop
Shutting down haproxy: [確定]
[[email protected] mnt]# ./haproxy status
haproxy 已停
[[email protected] mnt]# ip add #vip轉移
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:37:6b:32 brd ff:ff:ff:ff:ff:ff
inet 172.25.1.1/24 brd 172.25.1.255 scope global eth0
inet6 fe80::5054:ff:fe37:6b32/64 scope link
valid_lft forever preferred_lft forever
##vip轉移到server4中
[[email protected] rpmbuild]# ip add show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:59:6c:d8 brd ff:ff:ff:ff:ff:ff
inet 172.25.1.4/24 brd 172.25.1.255 scope global eth0
inet 172.25.1.100/32 scope global eth0
inet6 fe80::5054:ff:fe59:6cd8/64 scope link
valid_lft forever preferred_lft forever