配置管理
haproxy的安装部署
haproxy各版本安装包下载路径https://www.haproxy.org/download/1.6/src/,跳转地址为http,改为https即可
创建相关目录
# 创建配置目录 [root@linux-node1 ~]# mkdir /srv/salt/prod/pkg/ [root@linux-node1 ~]# mkdir /srv/salt/prod/haproxy/ # 启动脚本、配置文件放在这里 [root@linux-node1 ~]# mkdir /srv/salt/prod/haproxy/files
编写pkg-init文件
[root@linux-node1 ~]# cd /srv/salt/prod/pkg/ [root@linux-node1 pkg]# vim pkg-init.sls pkg-init: # ID describepkg.installed: # pkg模块 installed方法- names:- gcc- gcc-c++- glibc- make- autoconf- openssl- openssl-devel
编写方法:
首先自己先安装一遍,然后将步骤移植到sls文件中。
[root@linux-node1 prod]# cd /srv/salt/prod/haproxy/files/ [root@linux-node1 files]# ll -rw-r--r-- 1 root root 1538976 11月 7 09:04 haproxy-1.6.2.tar.gz [root@linux-node1 files]# cp haproxy-1.6.2.tar.gz /usr/local/src/ [root@linux-node1 files]# cd /usr/local/src/ [root@linux-node1 src]# tar zxf haproxy-1.6.2.tar.gz [root@linux-node1 src]# cd haproxy-1.6.2 [root@linux-node1 haproxy-1.6.2]# make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
修改启动文件
[root@linux-node1 examples]# pwd /usr/local/src/haproxy-1.6.2/examples [root@linux-node1 examples]# vim haproxy.init BIN=/usr/local/haproxy/sbin/$BASENAME # 拷贝启动文件到salt目录 [root@linux-node1 examples]# cp haproxy.init /srv/salt/prod/haproxy/files/
编写安装文件
[root@linux-node1 examples]# cd /srv/salt/prod/haproxy/ [root@linux-node1 haproxy]# vim install.slsinclude: # 导入pkg目录下的pkg-init.sls文件- pkg.pkg-inithaproxy-install: # 定义声明一个ID,方便调用,如果不写,就必须在这儿写上下面name声明,表文件路径file.managed: # file模块下的managed方法- name: /usr/local/src/haproxy-1.6.2.tar.gz # name声明,文件路径。说明:minion端是没有这个路径和文件的,但是它会从下面source路径将文件拷贝到该路径,没有文件夹就创建
- source: salt://haproxy/files/haproxy-1.6.2.tar.gz # 文件源,minion端从这里拷贝- user: root # 用户- group: root # 组- mode: 755 # 权限cmd.run: # 执行命令- name: cd /usr/local/src/ && tar zxf haproxy-1.6.2.tar.gz && cd haproxy-1.6.2 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy- unless: test -d /usr/local/haproxy # 判断是否存在,unless返回值是false时,才执行命令- require: # 依赖下面的内容- pkg: pkg-init # pkg是模块- file: haproxy-install # file也是模块 格式: - 模块: ID 依赖文件如果有ID声明就写ID声明,如果没有就写name声明haproxy-init: # 定义声明一个IDfile.managed: - name: /etc/init.d/haproxy- source: salt://haproxy/files/haproxy.init #修改启动文件并将其放入该目录- user: root- group: root- mode: 755- require:- cmd: haproxy-installcmd.run:- name: chkconfig --add haproxy- unless: chkconfig --list |grep haproxy- require:- file: haproxy-initnet.ipv4.ip_nonlocal_bind: # 定义声明一个IDsysctl.present: # 修改系统的kernel值- value: 1 # 改值为1haproxy-config-dir: file.directory:- name: /etc/haproxy- user: root- group: root- mode: 755
查看安装文件并执行
[root@linux-node1 haproxy]# pwd /srv/salt/prod/haproxy [root@linux-node1 haproxy]# tree . ├── files │ ├── haproxy-1.6.2.tar.gz │ └── haproxy.init └── install.sls # 单个执行,另外需要指定环境是prod,不指定默认为base [root@linux-node1 haproxy]# salt 'linux-node1.*' state.sls haproxy.install saltenv='prod'
注意上面的saltenv对应的master配置文件为
file_roots:base:- /srv/salt/basetest:- /srv/salt/testdev:- /srv/salt/dev/services- /srv/salt/dev/statesprod:- /srv/salt/prod
编辑配置文件
# 编辑top文件 [root@linux-node1 cluster]# cd /srv/salt/base/ [root@linux-node1 base]# vim top.sls base:'*':- init.env_init prod:'linux-node1.example.com':- cluster.haproxy-outside'linux-node2.example.com':- cluster.haproxy-outside
修改后端RS的端口
[root@linux-node1 base]# vim /etc/httpd/conf/httpd.conf
# 端口改成8080,与上面haproxy的配置一样
测试通过后,执行高级状态
[root@linux-node1 base]# salt '*' state.highstate test=True [root@linux-node1 base]# salt '*' state.highstate
在RS上设置index.html
分别色设置,没有的话会报错403
[root@linux-node2 ~]# vim /var/www/html/index.html
访问haproxy的状态
# 用户名密码在haproxy-outside.cfg中配置
keepalived的安装部署
首先自己安装一次
[root@linux-node1 base]# cd /usr/local/src [root@linux-node1 src]# wget http://www.keepalived.org/software/keepalived-1.2.19.tar.gz [root@linux-node1 src]# tar zxf keepalived-1.2.19.tar.gz [root@linux-node1 src]# cd keepalived-1.2.19 [root@linux-node1 keepalived-1.2.19]# ./configure --prefix=/usr/local/keepalived --disable-fwmark [root@linux-node1 keepalived-1.2.19]# make && make install
建立文件放置目录
[root@linux-node1 etc]# pwd /usr/local/src/keepalived-1.2.19/keepalived/etc [root@linux-node1 etc]# mkdir /srv/salt/prod/keepalived/ [root@linux-node1 etc]# mkdir /srv/salt/prod/keepalived/files [root@linux-node1 etc]# cp init.d/keepalived.init /srv/salt/prod/keepalived/files/ [root@linux-node1 etc]# cp keepalived/keepalived.conf /srv/salt/prod/keepalived/files/ [root@linux-node1 etc]# cp /usr/local/src/keepalived-1.2.19.tar.gz /srv/salt/prod/keepalived/files/ [root@linux-node1 init.d]# cp /usr/local/src/keepalived-1.2.19/keepalived/etc/init.d/keepalived.sysconfig /srv/salt/prod/keepalived/files/ # files中的文件有 [root@linux-node1 sysconfig]# cd /srv/salt/prod/keepalived/files/ [root@linux-node1 files]# ll 总用量 336 -rw-r--r-- 1 root root 330164 1月 2 23:47 keepalived-1.2.19.tar.gz -rw-r--r-- 1 root root 3562 1月 2 23:46 keepalived.conf -rwxr-xr-x 1 root root 1335 1月 2 23:51 keepalived.init -rw-r--r-- 1 root root 667 1月 3 00:13 keepalived.sysconfig
修改启动脚本
[root@linux-node1 files]# vim keepalived.init
daemon /usr/local/keepalived/sbin/keepalived ${KEEPALIVED_OPTIONS}
编辑安装文件
[root@linux-node1 keepalived]# pwd /srv/salt/prod/keepalived [root@linux-node1 keepalived]# cat install.sls include:- pkg.pkg-initkeepalived-install:file.managed:- name: /usr/local/src/keepalived-1.2.19.tar.gz- source: salt://keepalived/files/keepalived-1.2.19.tar.gz- user: root- group: root- mode: 755cmd.run:- name: cd /usr/local/src && tar zxf keepalived-1.2.19.tar.gz && cd keepalived-1.2.19 && ./configure --prefix=/usr/local/keepalived --disable-fwmark && make && make install && ln -s /usr/local/keepalived/sbin/keepalived /usr/sbin- unless: test -d /usr/local/keepalived- require:- pkg: pkg-init- file: keepalived-installkeepalived-init:file.managed:- name: /etc/init.d/keepalived- source: salt://keepalived/files/keepalived.init- user: root- group: root- mode: 755cmd.run:- name: chkconfig --add keepalived- unless: chkconfig --list | grep keepalived- require:- file: keepalived-init/etc/sysconfig/keepalived:file.managed:- source: salt://keepalived/files/keepalived.sysconfig- user: root- group: root- mode: 644keepalived-config: //配置文件这块在这儿只是举个例子,实际是在下面单独配置修改(因为在实际应用中,每个keepalived的配置文件都不相同,这里就需要用到jinja对应传参)file.managed: - name: /etc/keepalived/keepalived.conf - source: salt://keepalived/files/keepalived.conf- user: root - group: root - mode: 644/etc/keepalived:file.directory:- user: root- group: root- mode: 755
执行安装
[root@linux-node1 keepalived]# salt '*' state.sls keepalived.install env=prod
业务模块
keepalived的配置文件
[root@linux-node1 ~]# cd /srv/salt/prod/cluster/files/ [root@linux-node1 files]# vim haproxy-outside-keepalived.conf! Configuration File for keepalived global_defs {notification_email {saltstack@example.com}notification_email_from keepalived@example.comsmtp_server 127.0.0.1smtp_connect_timeout 30router_id {{ROUTEID}} }vrrp_instance haproxy_ha { state {{STATEID}} interface eth0virtual_router_id 36 priority {{PRIORITYID}}advert_int 1 authentication { auth_type PASSauth_pass 1111}virtual_ipaddress {10.0.0.11 # 这个VIP在haproxy的配置文件中也有} }
keepalived的启动文件
其中定义了上面需要的变量,用到了jinja模版
[root@linux-node1 cluster]# cd /srv/salt/prod/cluster/ [root@linux-node1 cluster]# vim haproxy-outside-keepalived.sls include:- keepalived.installkeepalived-service:file.managed:- name: /etc/keepalived/keepalived.conf- source: salt://cluster/files/haproxy-outside-keepalived.conf- user: root- group: root- mode: 644- template: jinja{% if grains['fqdn'] == 'linux-node1.example.com' %}- ROUTEID: haproxy_ha //格式 变量: 值- STATEID: MASTER- PRIORITYID: 150{% elif grains['fqdn'] == 'linux-node2.example.com' %}- ROUTEID: haproxy_ha- STATEID: BACKUP- PRIORITYID: 100{% endif %}service.running:- name: keepalived- enable: True- watch:- file: keepalived-service
注:require依赖监听软件包是否安装(没有安装就安装),watch是监听文件是否发生改变(发生改变就执行相应功能,如上例则为:监听文件改变,如果改变就重启服务)
编辑top文件
[root@linux-node1 base]# cd /srv/salt/base/ [root@linux-node1 base]# cat top.sls base:'*':- init.env_init prod:'linux-node1.example.com':- cluster.haproxy-outside- cluster.haproxy-outside-keepalived //配置sls文件,其中include有keepalived.install,即执行该配置sls文件即可执行keepalived安装sls'linux-node2.example.com':- cluster.haproxy-outside- cluster.haproxy-outside-keepalived
执行高级状态
先单独执行下,看有没有错误在执行高级状态
[root@linux-node1 cluster]# salt '*' state.sls cluster.haproxy-outside-keepalived env=prod [root@linux-node1 cluster]# salt '*' state.highstate
查看结果
[root@linux-node1 base]# ip a |grep eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000inet 10.0.0.7/24 brd 10.0.0.255 scope global eth0inet 10.0.0.11/32 scope global eth0当master的keepaliveddown掉后,VIP会飘到backup上
haproxy的调度设置
[root@linux-node1 base]# grep "balance" /srv/salt/prod/cluster/files/haproxy-outside.cfg balance roundrobin #轮询;source:固定不变可以在haproxy-status页面上查看到变化
如图
zabbix-agent的安装部署
开启pillar
[root@linux-node1 init]# vim /etc/salt/master pillar_roots:base:- /srv/pillar/base[root@linux-node1 init]# mkdir /srv/pillar/base [root@linux-node1 init]# /etc/init.d/salt-master restart Stopping salt-master daemon: [确定] Starting salt-master daemon: [确定]
编写zabbix-agent安装文件
[root@linux-node1 base]# cd /srv/salt/base/init/ [root@linux-node1 init]# vim zabbix_agent.sls zabbix-agent-install:pkg.installed:- name: zabbix-agentfile.managed:- name: /etc/zabbix/zabbix_agentd.conf- source: salt://init/files/zabbix_agentd.conf- template: jinja- defaults:Server: {{ pillar['zabbix-agent']['Zabbix_Server'] }}- require:- pkg: zabbix-agent-installservice.running:- name: zabbix-agent- enable: True- watch:- pkg: zabbix-agent-install- file: zabbix-agent-install
编写top文件
[root@linux-node1 base]# cd /srv/pillar/base/ [root@linux-node1 base]# vim top.sls base:'*':- zabbix
编写zabbix.sls
[root@linux-node1 base]# vim zabbix.sls zabbix-agent:Zabbix_Server: 10.0.0.7 这里对应上面Server: {{ pillar['zabbix-agent']['Zabbix_Server'] }}
配置文件拷贝修改
[root@linux-node1 base]# cd /srv/salt/base/init/files [root@linux-node1 init]# cp /etc/zabbix/zabbix_agentd.conf .[root@linux-node1 init]# grep 'Server' zabbix_agentd.conf Server={{ Server }} # 对应上面zabbix_agent.sls中的server
编辑env_init文件
[root@linux-node1 init]# vim env_init.sls include:- init.dns- init.history- init.audit- init.sysctl- init.zabbix_agent [root@linux-node1 init]# tree /srv/salt/base/init/ /srv/salt/base/init/ ├── audit.sls ├── dns.sls ├── env_init.sls ├── files │ ├── resolv.conf │ └── zabbix_agentd.conf ├── history.sls ├── sysctl.sls └── zabbix_agent.sls
另外epel的sls文件
[root@linux-node1 init]# vim epel.slsyum_repo_release:pkg.installed:- sources:- epel-release: http://mirrors.aliyun.com/epel/6/x86_64/epel-release-6-8.noarch.rpm- unless: rpm -qa | grep epel-release-6-8
安装libevent
[root@linux-node1 ~]# cd /srv/salt/prod/ [root@linux-node1 prod]# mkdir -pv libevent/files [root@linux-node1 prod]# cd /srv/salt/prod/libevent [root@linux-node1 libevent]# vim install.sls libevent-source-install:file.managed:- name: /usr/local/src/libevent-2.0.22-stable.tar.gz- source: salt://libevent/files/libevent-2.0.22-stable.tar.gz- user: root- group: root- mode: 644cmd.run:- name: cd /usr/local/src && tar zxf libevent-2.0.22-stable.tar.gz && cd libevent-2.0.22-stable && ./configure --prefix=/usr/local/libevent && make && make install- unless: test -d /usr/local/libevent- require:- file: libevent-source-install[root@linux-node1 libevent]# pwd /srv/salt/prod/libevent [root@linux-node1 libevent]# tree . ├── files │ └── libevent-2.0.22-stable.tar.gz └── install.sls[root@linux-node1 files]# salt '*' state.sls libevent.install env=prod [root@linux-node1 files]# salt '*' state.highstate
新建用户,且不允许登录
[root@linux-node1 prod]# mkdir user [root@linux-node1 prod]# cd user/ [root@linux-node1 user]# vim www.sls www-user-group:group.present:- name: www- gid: 1000user.present:- name: www- fullname: www- shell: /sbin/nologin- uid: 1000- gid: 1000
安装memcahe
[root@linux-node1 prod]# cd /srv/salt/prod/ [root@linux-node1 prod]# mkdir -p memcache/files [root@linux-node1 prod]# cd memcache/files/ [root@linux-node1 files]# cp memcached-1.4.24.tar.gz /usr/local/src/[root@linux-node1 memcache]# vim install.sls include:- libevent.install # 将libevent文件包含进来memcached-source-install:file.managed:- name: /usr/local/src/memcached-1.4.24.tar.gz- source: salt://memcached/files/memcached-1.4.24.tar.gz- user: root- group: root- mode: 644cmd.run:- name: cd /usr/local/src && tar zxf memcached-1.4.24.tar.gz && cd memcached-1.4.24&& ./configure --prefix=/usr/local/memcached --enable-64bit --with-libevent=/usr/local/libevent && make && make install- unless: test -d /usr/local/memcached- require:- cmd: libevent-source-install # libevent的ID- file: memcached-source-install
安装pcre
[root@linux-node1 prod]# mkdir /srv/salt/prod/pcre/files -p [root@linux-node1 prod]# cd /srv/salt/prod/pcre/files/ [root@linux-node1 files]# cp pcre-8.37.tar.gz /usr/local/src/ [root@linux-node1 prod]# cd /srv/salt/prod/pcre [root@linux-node1 pcre]# cat install.sls pcre-source-install:file.managed:- name: /usr/local/src/pcre-8.37.tar.gz- source: salt://pcre/files/pcre-8.37.tar.gz- user: root- group: root- mode: 755cmd.run:- name: cd /usr/local/src && tar zxf pcre-8.37.tar.gz && cd pcre-8.37 && ./configure --prefix=/usr/local/pcre && make && make install- unless: test -d /usr/local/pcre- require:- file: pcre-source-install
安装nginx
[root@linux-node1 nginx]# mkdir -p /srv/salt/prod/nginx/files [root@linux-node1 nginx]# cd /srv/salt/prod/nginx/files/ [root@linux-node1 files]# cp nginx-1.9.1.tar.gz /usr/local/src/ [root@linux-node1 nginx]# cat install.sls include:- pcre.install- user.www- pkg.pkg-init nginx-source-install:file.managed:- name: /usr/local/src/nginx-1.9.1.tar.gz- source: salt://nginx/files/nginx-1.9.1.tar.gz- user: root- group: root- mode: 755cmd.run:- name: cd /usr/local/src && tar zxf nginx-1.9.1.tar.gz && cd nginx-1.9.1&& ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-http_stub_status_module --with-file-aio --with-http_dav_module --with-pcre=/usr/local/src/pcre-8.37 && make && make install && chown -R www:www /usr/local/nginx- unless: test -d /usr/local/nginx- require:- user: www-user-group- file: nginx-source-install- pkg: pkg-init- cmd: pcre-source-install[root@linux-node1 nginx]# cat service.sls include:- nginx.installnginx-init:file.managed:- name: /etc/init.d/nginx- source: salt://nginx/files/nginx-init- mode: 755- user: root- group: rootcmd.run:- name: chkconfig --add nginx- unless: chkconfig --list | grep nginx- require:- file: nginx-init/usr/local/nginx/conf/nginx.conf:file.managed:- source: salt://nginx/files/nginx.conf- user: www- group: www- mode: 644 nginx-service:file.directory:- name: /usr/local/nginx/conf/vhost- require:- cmd: nginx-source-installservice.running:- name: nginx- enable: True- reload: True- require:- cmd: nginx-init- watch:- file: /usr/local/nginx/conf/nginx.conf[root@linux-node1 nginx]# tree . ├── files │ ├── nginx-1.9.1.tar.gz │ ├── nginx.conf │ └── nginx-init ├── install.sls └── service.sls
PHP+memcahce/redis的安装
基础环境
[root@linux-node1 ~]# mkdir /srv/salt/prod/php/files -p [root@linux-node1 ~]# cd /srv/salt/prod/php/files/ [root@linux-node1 files]# ll 总用量 18120 -rw-r--r-- 1 root root 2362 11月 14 23:06 init.d.php-fpm -rw-r--r-- 1 root root 36459 11月 14 23:06 memcache-2.2.7.tgz -rw-r--r-- 1 root root 18281659 11月 14 23:06 php-5.6.9.tar.gz -rw-r--r-- 1 root root 22252 11月 14 23:06 php-fpm.conf.default -rw-r--r-- 1 root root 69599 11月 14 23:06 php.ini-production -rw-r--r-- 1 root root 134340 11月 14 23:06 redis-2.2.7.tgz
安装文件
[root@linux-node1 files]# cd .. [root@linux-node1 php]# vim install.sls pkg-php:pkg.installed:- names:- mysql-devel- openssl-devel- swig- libjpeg-turbo- libjpeg-turbo-devel- libpng- libpng-devel- freetype- freetype-devel- libxml2- libxml2-devel- zlib- zlib-devel- libcurl- libcurl-develphp-source-install:file.managed:- name: /usr/local/src/php-5.6.9.tar.gz- source: salt://php/files/php-5.6.9.tar.gz- user: root- group: root- mode: 755cmd.run:- name: cd /usr/local/src && tar zxf php-5.6.9.tar.gz && cd php-5.6.9&& ./configure --prefix=/usr/local/php-fastcgi --with-pdo-mysql=mysqlnd --with-mysqli=mysqlnd --with-mysql=mysqlnd --with-jpeg-dir --with-png-dir --with-zlib --enable-xml --with-libxml-dir --with-curl --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --enable-mbregex --with-openssl --enable-mbstring --with-gd --enable-gd-native-ttf --with-freetype-dir=/usr/lib64 --with-gettext=/usr/lib64 --enable-sockets --with-xmlrpc --enable-zip --enable-soap --disable-debug --enable-opcache --enable-zip --with-config-file-path=/usr/local/php-fastcgi/etc --enable-fpm --with-fpm-user=www --with-fpm-group=www && make && make install- require:- file: php-source-install- user: www-user-group- unless: test -d /usr/local/php-fastcgipdo-plugin:cmd.run:- name: cd /usr/local/src/php-5.6.9/ext/pdo_mysql/ && /usr/local/php-fastcgi/bin/phpize && ./configure --with-php-config=/usr/local/php-fastcgi/bin/php-config && make&& make install- unless: test -f /usr/local/php-fastcgi/lib/php/extensions/*/pdo_mysql.so- require:- cmd: php-source-installphp-ini:file.managed:- name: /usr/local/php-fastcgi/etc/php.ini- source: salt://php/files/php.ini-production- user: root- group: root- mode: 644php-fpm:file.managed:- name: /usr/local/php-fastcgi/etc/php-fpm.conf- source: salt://php/files/php-fpm.conf.default- user: root- group: root- mode: 644php-fastcgi-service:file.managed:- name: /etc/init.d/php-fpm- source: salt://php/files/init.d.php-fpm- user: root- group: root- mode: 755cmd.run:- name: chkconfig --add php-fpm- unless: chkconfig --list | grep php-fpm- require:- file: php-fastcgi-serviceservice.running:- name: php-fpm- enable: True- require:- cmd: php-fastcgi-service- watch:- file: php-ini- file: php-fpm
memcache
[root@linux-node1 php]# cat php-memcache.sls memcache-plugin:file.managed:- name: /usr/local/src/memcache-2.2.7.tgz- source: salt://php/files/memcache-2.2.7.tgz- user: root- group: root- mode: 755cmd.run:- name: cd /usr/local/src && tar zxf memcache-2.2.7.tgz && cd memcache-2.2.7&& /usr/local/php-fastcgi/bin/phpize && ./configure --enable-memcache --with-php-config=/usr/local/php-fastcgi/bin/php-config && make&& make install- unless: test -f /usr/local/php-fastcgi/lib/php/extensions/*/memcache.sorequire:- file: memcache-plugin- cmd: php-install/usr/local/php-fastcgi/etc/php.ini:file.append:- text:- extension=memcache.so
redis
[root@linux-node1 php]# cat php-redis.sls redis-plugin:file.managed:- name: /usr/local/src/phpredis-2.2.7.tgz- source: salt://php/files/phpredis-2.2.7.tgz- user: root- group: root- mode: 755cmd.run:- name: cd /usr/local/src && tar zxf phpredis-2.2.7.tgz && cd phpredis-2.2.7&& /usr/local/php-fastcgi/bin/phpize && ./configure --with-php-config=/usr/local/php-fastcgi/bin/php-config && make&& make install- unless: test -f /usr/local/php-fastcgi/lib/php/extensions/*/redis.sorequire:- file: redis-plugin- cmd: php-install/usr/local/php-fastcgi/etc/php.ini:file.append:- text:- extension=redis.so
出处:http://www.cnblogs.com/caoxiaojian/
:落地微服务架构到直销系统(事件存储))
)
