承接上篇博客
配置管理
haproxy的安装部署
创建相关目录
# 创建配置目录
[root@linux-node1 ~]# mkdir /srv/salt/prod/pkg/
[root@linux-node1 ~]# mkdir /srv/salt/prod/haproxy/
# 启动脚本、配置文件放在这里
[root@linux-node1 ~]# mkdir /srv/salt/prod/haproxy/files
编写pkg-init文件
[root@linux-node1 ~]# cd /srv/salt/prod/pkg/
[root@linux-node1 pkg]# vim pkg-init.sls
pkg-init: # ID describe
pkg.installed: # pkg模块 installed方法
- names:
- gcc
- gcc-c++
- glibc
- make
- autoconf
- openssl
- openssl-devel
编写方法:
首先自己先安装一遍,然后将步骤移植到sls文件中。
[root@linux-node1 prod]# cd /srv/salt/prod/haproxy/files/
[root@linux-node1 files]# ll
-rw-r--r-- 1 root root 1538976 11月 7 09:04 haproxy-1.6.2.tar.gz
[root@linux-node1 files]# cp haproxy-1.6.2.tar.gz /usr/local/src/
[root@linux-node1 files]# cd /usr/local/src/
[root@linux-node1 src]# tar zxf haproxy-1.6.2.tar.gz
[root@linux-node1 src]# cd haproxy-1.6.2
[root@linux-node1 haproxy-1.6.2]# make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
修改启动文件
[root@linux-node1 examples]# pwd
/usr/local/src/haproxy-1.6.2/examples
[root@linux-node1 examples]# vim haproxy.init
BIN=/usr/local/haproxy/sbin/$BASENAME
# 拷贝启动文件到salt目录
[root@linux-node1 examples]# cp haproxy.init /srv/salt/prod/haproxy/files/
编写安装文件
[root@linux-node1 examples]# cd /srv/salt/prod/haproxy/
[root@linux-node1 haproxy]# vim install.sls include: # 导入pkg目录下的pkg-init.sls文件
- pkg.pkg-init haproxy-install: # 定义声明一个ID
file.managed: # file模块下的managed方法
- name: /usr/local/src/haproxy-1.6.2.tar.gz # 文件名:拷贝minion端这里,文件名是haproxy-1.6.2.tar.gz
- source: salt://haproxy/files/haproxy-1.6.2.tar.gz # 从这里拷贝
- user: root # 用户
- group: root # 组
- mode: 755 # 权限
cmd.run: # 执行命令
- name: cd /usr/local/src/ && tar zxf haproxy-1.6.2.tar.gz && cd haproxy-1.6.2 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
- unless: test -d /usr/local/haproxy # 判断是否存在,unless返回值是false时,才执行命令
- require: # 依赖下面的内容
- pkg: pkg-init # pkg是模块
- file: haproxy-install # file也是模块 haproxy-init: # 定义声明一个ID
file.managed:
- name: /etc/init.d/haproxy
- source: salt://haproxy/files/haproxy.init
- user: root
- group: root
- mode: 755
- require:
- cmd: haproxy-install
cmd.run:
- name: chkconfig --add haproxy
- unless: chkconfig --list |grep haproxy
- require:
- file: haproxy-init net.ipv4.ip_nonlocal_bind: # 定义声明一个ID
sysctl.present: # 修改系统的kernel值
- value: 1 # 改值为1 haproxy-config-dir:
file.directory:
- name: /etc/haproxy
- user: root
- group: root
- mode: 755
查看安装文件并执行
[root@linux-node1 haproxy]# pwd
/srv/salt/prod/haproxy
[root@linux-node1 haproxy]# tree
.
├── files
│ ├── haproxy-1.6.2.tar.gz
│ └── haproxy.init
└── install.sls
# 单个执行,另外需要指定环境是prod,不指定默认为base
[root@linux-node1 haproxy]# salt 'linux-node1.*' state.sls haproxy.install env=prod
编辑配置文件
# 编辑top文件
[root@linux-node1 cluster]# cd /srv/salt/base/
[root@linux-node1 base]# vim top.sls
base:
'*':
- init.env_init
prod:
'linux-node1.example.com':
- cluster.haproxy-outside
'linux-node2.example.com':
- cluster.haproxy-outside
修改后端RS的端口
[root@linux-node1 base]# vim /etc/httpd/conf/httpd.conf
# 端口改成8080,与上面haproxy的配置一样
测试通过后,执行高级状态
[root@linux-node1 base]# salt '*' state.highstate test=True
[root@linux-node1 base]# salt '*' state.highstate
在RS上设置index.html
分别色设置,没有的话会报错403
[root@linux-node2 ~]# vim /var/www/html/index.html
访问haproxy的状态
# 用户名密码在haproxy-outside.cfg中配置
keepalived的安装部署
首先自己安装一次
[root@linux-node1 base]# cd /usr/local/src
[root@linux-node1 src]# wget http://www.keepalived.org/software/keepalived-1.2.19.tar.gz
[root@linux-node1 src]# tar zxf keepalived-1.2.19.tar.gz
[root@linux-node1 src]# cd keepalived-1.2.19
[root@linux-node1 keepalived-1.2.19]# ./configure --prefix=/usr/local/keepalived --disable-fwmark
[root@linux-node1 keepalived-1.2.19]# make && make install
建立文件放置目录
[root@linux-node1 etc]# pwd
/usr/local/src/keepalived-1.2.19/keepalived/etc
[root@linux-node1 etc]# mkdir /srv/salt/prod/keepalived/
[root@linux-node1 etc]# mkdir /srv/salt/prod/keepalived/files
[root@linux-node1 etc]# cp init.d/keepalived.init /srv/salt/prod/keepalived/files/
[root@linux-node1 etc]# cp keepalived/keepalived.conf /srv/salt/prod/keepalived/files/
[root@linux-node1 etc]# cp /usr/local/src/keepalived-1.2.19.tar.gz /srv/salt/prod/keepalived/files/
[root@linux-node1 init.d]# cp /usr/local/src/keepalived-1.2.19/keepalived/etc/init.d/keepalived.sysconfig /srv/salt/prod/keepalived/files/
# files中的文件有
[root@linux-node1 sysconfig]# cd /srv/salt/prod/keepalived/files/
[root@linux-node1 files]# ll
总用量 336
-rw-r--r-- 1 root root 330164 1月 2 23:47 keepalived-1.2.19.tar.gz
-rw-r--r-- 1 root root 3562 1月 2 23:46 keepalived.conf
-rwxr-xr-x 1 root root 1335 1月 2 23:51 keepalived.init
-rw-r--r-- 1 root root 667 1月 3 00:13 keepalived.sysconfig
修改启动脚本
[root@linux-node1 files]# vim keepalived.init
daemon /usr/local/keepalived/sbin/keepalived ${KEEPALIVED_OPTIONS}
编辑安装文件
[root@linux-node1 keepalived]# pwd
/srv/salt/prod/keepalived
[root@linux-node1 keepalived]# cat install.sls
include:
- pkg.pkg-init keepalived-install:
file.managed:
- name: /usr/local/src/keepalived-1.2.19.tar.gz
- source: salt://keepalived/files/keepalived-1.2.19.tar.gz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src && tar zxf keepalived-1.2.19.tar.gz && cd keepalived-1.2.19 && ./configure --prefix=/usr/local/keepalived --disable-fwmark && make && make install
- unless: test -d /usr/local/keepalived
- require:
- pkg: pkg-init
- file: keepalived-install keepalived-init:
file.managed:
- name: /etc/init.d/keepalived
- source: salt://keepalived/files/keepalived.init
- user: root
- group: root
- mode: 755
cmd.run:
- name: chkconfig --add keepalived
- unless: chkconfig --list | grep keepalived
- require:
- file: keepalived-init /etc/sysconfig/keepalived:
file.managed:
- source: salt://keepalived/files/keepalived.sysconfig
- user: root
- group: root
- mode: 644 /etc/keepalived:
file.directory:
- user: root
- group: root
- mode: 755
执行安装
[root@linux-node1 keepalived]# salt '*' state.sls keepalived.install env=prod
业务模块
keepalived的配置文件
[root@linux-node1 ~]# cd /srv/salt/prod/cluster/files/
[root@linux-node1 files]# vim haproxy-outside-keepalived.conf ! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id {{ROUTEID}}
} vrrp_instance haproxy_ha {
state {{STATEID}}
interface eth0
virtual_router_id 36
priority {{PRIORITYID}}
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.11 # 这个VIP在haproxy的配置文件中也有
}
}
keepalived的启动文件
其中定义了上面需要的变量,用到了jinja模版
[root@linux-node1 cluster]# cd /srv/salt/prod/cluster/
[root@linux-node1 cluster]# vim haproxy-outside-keepalived.sls
include:
- keepalived.install keepalived-service:
file.managed:
- name: /etc/keepalived/keepalived.conf
- source: salt://cluster/files/haproxy-outside-keepalived.conf
- user: root
- group: root
- mode: 644
- template: jinja
{% if grains['fqdn'] == 'linux-node1.example.com' %}
- ROUTEID: haproxy_ha
- STATEID: MASTER
- PRIORITYID: 150
{% elif grains['fqdn'] == 'linux-node2.example.com' %}
- ROUTEID: haproxy_ha
- STATEID: BACKUP
- PRIORITYID: 100
{% endif %} service.running:
- name: keepalived
- enable: True
- watch:
- file: keepalived-service
编辑top文件
[root@linux-node1 base]# cd /srv/salt/base/
[root@linux-node1 base]# cat top.sls
base:
'*':
- init.env_init
prod:
'linux-node1.example.com':
- cluster.haproxy-outside
- cluster.haproxy-outside-keepalived
'linux-node2.example.com':
- cluster.haproxy-outside
- cluster.haproxy-outside-keepalived
执行高级状态
先单独执行下,看有没有错误在执行高级状态
[root@linux-node1 cluster]# salt '*' state.sls cluster.haproxy-outside-keepalived env=prod
[root@linux-node1 cluster]# salt '*' state.highstate
查看结果
[root@linux-node1 base]# ip a |grep eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
inet 10.0.0.7/24 brd 10.0.0.255 scope global eth0
inet 10.0.0.11/32 scope global eth0 当master的keepaliveddown掉后,VIP会飘到backup上
haproxy的调度设置
[root@linux-node1 base]# grep "balance" /srv/salt/prod/cluster/files/haproxy-outside.cfg
balance roundrobin #轮询;source:固定不变 可以在haproxy-status页面上查看到变化
如图
zabbix-agent的安装部署
开启pillar
[root@linux-node1 init]# vim /etc/salt/master
pillar_roots:
base:
- /srv/pillar/base [root@linux-node1 init]# mkdir /srv/pillar/base
[root@linux-node1 init]# /etc/init.d/salt-master restart
Stopping salt-master daemon: [确定]
Starting salt-master daemon: [确定]
编写zabbix-agent安装文件
[root@linux-node1 base]# cd /srv/salt/base/init/
[root@linux-node1 init]# vim zabbix_agent.sls
zabbix-agent-install:
pkg.installed:
- name: zabbix-agent
file.managed:
- name: /etc/zabbix/zabbix_agentd.conf
- source: salt://init/files/zabbix_agentd.conf
- template: jinja
- defaults:
Server: {{ pillar['zabbix-agent']['Zabbix_Server'] }}
- require:
- pkg: zabbix-agent-install
service.running:
- name: zabbix-agent
- enable: True
- watch:
- pkg: zabbix-agent-install
- file: zabbix-agent-install
编写top文件
[root@linux-node1 base]# cd /srv/pillar/base/
[root@linux-node1 base]# vim top.sls
base:
'*':
- zabbix
编写zabbix.sls
[root@linux-node1 base]# vim zabbix.sls
zabbix-agent:
Zabbix_Server: 10.0.0.7
这里对应上面Server: {{ pillar['zabbix-agent']['Zabbix_Server'] }}
配置文件拷贝修改
[root@linux-node1 base]# cd /srv/salt/base/init/files
[root@linux-node1 init]# cp /etc/zabbix/zabbix_agentd.conf . [root@linux-node1 init]# grep 'Server' zabbix_agentd.conf
Server={{ Server }} # 对应上面zabbix_agent.sls中的server
编辑env_init文件
[root@linux-node1 init]# vim env_init.sls
include:
- init.dns
- init.history
- init.audit
- init.sysctl
- init.zabbix_agent
[root@linux-node1 init]# tree /srv/salt/base/init/
/srv/salt/base/init/
├── audit.sls
├── dns.sls
├── env_init.sls
├── files
│ ├── resolv.conf
│ └── zabbix_agentd.conf
├── history.sls
├── sysctl.sls
└── zabbix_agent.sls
另外epel的sls文件
[root@linux-node1 init]# vim epel.sls yum_repo_release:
pkg.installed:
- sources:
- epel-release: http://mirrors.aliyun.com/epel/6/x86_64/epel-release-6-8.noarch.rpm
- unless: rpm -qa | grep epel-release-6-8
安装libevent
[root@linux-node1 ~]# cd /srv/salt/prod/
[root@linux-node1 prod]# mkdir -pv libevent/files
[root@linux-node1 prod]# cd /srv/salt/prod/libevent
[root@linux-node1 libevent]# vim install.sls
libevent-source-install:
file.managed:
- name: /usr/local/src/libevent-2.0.22-stable.tar.gz
- source: salt://libevent/files/libevent-2.0.22-stable.tar.gz
- user: root
- group: root
- mode: 644
cmd.run:
- name: cd /usr/local/src && tar zxf libevent-2.0.22-stable.tar.gz && cd libevent-2.0.22-stable && ./configure --prefix=/usr/local/libevent && make && make install
- unless: test -d /usr/local/libevent
- require:
- file: libevent-source-install [root@linux-node1 libevent]# pwd
/srv/salt/prod/libevent
[root@linux-node1 libevent]# tree
.
├── files
│ └── libevent-2.0.22-stable.tar.gz
└── install.sls [root@linux-node1 files]# salt '*' state.sls libevent.install env=prod
[root@linux-node1 files]# salt '*' state.highstate
新建用户,且不允许登录
[root@linux-node1 prod]# mkdir user
[root@linux-node1 prod]# cd user/
[root@linux-node1 user]# vim www.sls
www-user-group:
group.present:
- name: www
- gid: 1000
user.present:
- name: www
- fullname: www
- shell: /sbin/nologin
- uid: 1000
- gid: 1000
安装memcahe
[root@linux-node1 prod]# cd /srv/salt/prod/
[root@linux-node1 prod]# mkdir -p memcache/files
[root@linux-node1 prod]# cd memcache/files/
[root@linux-node1 files]# cp memcached-1.4.24.tar.gz /usr/local/src/ [root@linux-node1 memcache]# vim install.sls
include:
- libevent.install # 将libevent文件包含进来 memcached-source-install:
file.managed:
- name: /usr/local/src/memcached-1.4.24.tar.gz
- source: salt://memcached/files/memcached-1.4.24.tar.gz
- user: root
- group: root
- mode: 644
cmd.run:
- name: cd /usr/local/src && tar zxf memcached-1.4.24.tar.gz && cd memcached-1.4.24&& ./configure --prefix=/usr/local/memcached --enable-64bit --with-libevent=/usr/local/libevent && make && make install
- unless: test -d /usr/local/memcached
- require:
- cmd: libevent-source-install # libevent的ID
- file: memcached-source-install
安装pcre
[root@linux-node1 prod]# mkdir /srv/salt/prod/pcre/files -p
[root@linux-node1 prod]# cd /srv/salt/prod/pcre/files/
[root@linux-node1 files]# cp pcre-8.37.tar.gz /usr/local/src/
[root@linux-node1 prod]# cd /srv/salt/prod/pcre
[root@linux-node1 pcre]# cat install.sls
pcre-source-install:
file.managed:
- name: /usr/local/src/pcre-8.37.tar.gz
- source: salt://pcre/files/pcre-8.37.tar.gz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src && tar zxf pcre-8.37.tar.gz && cd pcre-8.37 && ./configure --prefix=/usr/local/pcre && make && make install
- unless: test -d /usr/local/pcre
- require:
- file: pcre-source-install
安装nginx
[root@linux-node1 nginx]# mkdir -p /srv/salt/prod/nginx/files
[root@linux-node1 nginx]# cd /srv/salt/prod/nginx/files/
[root@linux-node1 files]# cp nginx-1.9.1.tar.gz /usr/local/src/
[root@linux-node1 nginx]# cat install.sls
include:
- pcre.install
- user.www
- pkg.pkg-init
nginx-source-install:
file.managed:
- name: /usr/local/src/nginx-1.9.1.tar.gz
- source: salt://nginx/files/nginx-1.9.1.tar.gz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src && tar zxf nginx-1.9.1.tar.gz && cd nginx-1.9.1&& ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-http_stub_status_module --with-file-aio --with-http_dav_module --with-pcre=/usr/local/src/pcre-8.37 && make && make install && chown -R www:www /usr/local/nginx
- unless: test -d /usr/local/nginx
- require:
- user: www-user-group
- file: nginx-source-install
- pkg: pkg-init
- cmd: pcre-source-install [root@linux-node1 nginx]# cat service.sls
include:
- nginx.install nginx-init:
file.managed:
- name: /etc/init.d/nginx
- source: salt://nginx/files/nginx-init
- mode: 755
- user: root
- group: root
cmd.run:
- name: chkconfig --add nginx
- unless: chkconfig --list | grep nginx
- require:
- file: nginx-init /usr/local/nginx/conf/nginx.conf:
file.managed:
- source: salt://nginx/files/nginx.conf
- user: www
- group: www
- mode: 644 nginx-service:
file.directory:
- name: /usr/local/nginx/conf/vhost
- require:
- cmd: nginx-source-install
service.running:
- name: nginx
- enable: True
- reload: True
- require:
- cmd: nginx-init
- watch:
- file: /usr/local/nginx/conf/nginx.conf [root@linux-node1 nginx]# tree
.
├── files
│ ├── nginx-1.9.1.tar.gz
│ ├── nginx.conf
│ └── nginx-init
├── install.sls
└── service.sls
PHP+memcahce/redis的安装
基础环境
[root@linux-node1 ~]# mkdir /srv/salt/prod/php/files -p
[root@linux-node1 ~]# cd /srv/salt/prod/php/files/
[root@linux-node1 files]# ll
总用量 18120
-rw-r--r-- 1 root root 2362 11月 14 23:06 init.d.php-fpm
-rw-r--r-- 1 root root 36459 11月 14 23:06 memcache-2.2.7.tgz
-rw-r--r-- 1 root root 18281659 11月 14 23:06 php-5.6.9.tar.gz
-rw-r--r-- 1 root root 22252 11月 14 23:06 php-fpm.conf.default
-rw-r--r-- 1 root root 69599 11月 14 23:06 php.ini-production
-rw-r--r-- 1 root root 134340 11月 14 23:06 redis-2.2.7.tgz
安装文件
[root@linux-node1 files]# cd ..
[root@linux-node1 php]# vim install.sls
pkg-php:
pkg.installed:
- names:
- mysql-devel
- openssl-devel
- swig
- libjpeg-turbo
- libjpeg-turbo-devel
- libpng
- libpng-devel
- freetype
- freetype-devel
- libxml2
- libxml2-devel
- zlib
- zlib-devel
- libcurl
- libcurl-devel php-source-install:
file.managed:
- name: /usr/local/src/php-5.6.9.tar.gz
- source: salt://php/files/php-5.6.9.tar.gz
- user: root
- group: root
- mode: 755 cmd.run:
- name: cd /usr/local/src && tar zxf php-5.6.9.tar.gz && cd php-5.6.9&& ./configure --prefix=/usr/local/php-fastcgi --with-pdo-mysql=mysqlnd --with-mysqli=mysqlnd --with-mysql=mysqlnd --with-jpeg-dir --with-png-dir --with-zlib --enable-xml --with-libxml-dir --with-curl --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --enable-mbregex --with-openssl --enable-mbstring --with-gd --enable-gd-native-ttf --with-freetype-dir=/usr/lib64 --with-gettext=/usr/lib64 --enable-sockets --with-xmlrpc --enable-zip --enable-soap --disable-debug --enable-opcache --enable-zip --with-config-file-path=/usr/local/php-fastcgi/etc --enable-fpm --with-fpm-user=www --with-fpm-group=www && make && make install
- require:
- file: php-source-install
- user: www-user-group
- unless: test -d /usr/local/php-fastcgi pdo-plugin:
cmd.run:
- name: cd /usr/local/src/php-5.6.9/ext/pdo_mysql/ && /usr/local/php-fastcgi/bin/phpize && ./configure --with-php-config=/usr/local/php-fastcgi/bin/php-config && make&& make install
- unless: test -f /usr/local/php-fastcgi/lib/php/extensions/*/pdo_mysql.so
- require:
- cmd: php-source-install php-ini:
file.managed:
- name: /usr/local/php-fastcgi/etc/php.ini
- source: salt://php/files/php.ini-production
- user: root
- group: root
- mode: 644 php-fpm:
file.managed:
- name: /usr/local/php-fastcgi/etc/php-fpm.conf
- source: salt://php/files/php-fpm.conf.default
- user: root
- group: root
- mode: 644 php-fastcgi-service:
file.managed:
- name: /etc/init.d/php-fpm
- source: salt://php/files/init.d.php-fpm
- user: root
- group: root
- mode: 755
cmd.run:
- name: chkconfig --add php-fpm
- unless: chkconfig --list | grep php-fpm
- require:
- file: php-fastcgi-service
service.running:
- name: php-fpm
- enable: True
- require:
- cmd: php-fastcgi-service
- watch:
- file: php-ini
- file: php-fpm
memcache
[root@linux-node1 php]# cat php-memcache.sls
memcache-plugin:
file.managed:
- name: /usr/local/src/memcache-2.2.7.tgz
- source: salt://php/files/memcache-2.2.7.tgz
- user: root
- group: root
- mode: 755 cmd.run:
- name: cd /usr/local/src && tar zxf memcache-2.2.7.tgz && cd memcache-2.2.7&& /usr/local/php-fastcgi/bin/phpize && ./configure --enable-memcache --with-php-config=/usr/local/php-fastcgi/bin/php-config && make&& make install
- unless: test -f /usr/local/php-fastcgi/lib/php/extensions/*/memcache.so
require:
- file: memcache-plugin
- cmd: php-install /usr/local/php-fastcgi/etc/php.ini:
file.append:
- text:
- extension=memcache.so
redis
[root@linux-node1 php]# cat php-redis.sls
redis-plugin:
file.managed:
- name: /usr/local/src/phpredis-2.2.7.tgz
- source: salt://php/files/phpredis-2.2.7.tgz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src && tar zxf phpredis-2.2.7.tgz && cd phpredis-2.2.7&& /usr/local/php-fastcgi/bin/phpize && ./configure --with-php-config=/usr/local/php-fastcgi/bin/php-config && make&& make install
- unless: test -f /usr/local/php-fastcgi/lib/php/extensions/*/redis.so
require:
- file: redis-plugin
- cmd: php-install /usr/local/php-fastcgi/etc/php.ini:
file.append:
- text:
- extension=redis.so