Saltstack自动部署Haproxy+keepalived+nginx+memcache+php(fastcgi)
一系列:
部署Haproxy总的目录结构
[root@NEI-pudong-idc2E-wdjky.me srv]# tree salt/ salt/ ├── base │ ├── init │ │ ├── audit.sls │ │ ├── dns.sls │ │ ├── env_init.sls │ │ ├── epel.sls │ │ ├── files │ │ │ └── resolv.conf │ │ ├── history.sls │ │ └── sysctl.sls │ └── top.sls └── prod ├── cluster │ ├── files │ │ ├── haproxy-outside.cfg │ │ └── haproxy-outside.cfg.bak │ └── haproxy-outside.sls ├── haproxy │ ├── files │ │ ├── haproxy-1.4.24.tar.gz │ │ └── haproxy.init │ └── install.sls ├── keepalived │ └── files └── pkg └── pkg-init.sls
1.salt master 服务器上对 /etc/salt/master 配置文件进行多环境配置
file_roots: base: - /srv/salt/base prod: - /srv/salt/prod pillar_roots: base: - /srv/salt/pillar prod: - /srv/salt/pillar
2.创建目录结构
[root@NEI-pudong-idc2E-wdjky.me srv]# pwd /srv [root@NEI-pudong-idc2E-wdjky.me srv]# tree . ├── pillar │ ├── base │ └── prod └── salt ├── base └── prod
3.重启salt-master
/etc/init.d/salt-master restart
4.系统初始化
4.1.DNS配置
[root@NEI-pudong-idc2E-wdjky.me srv]# cat /srv/salt/base/init/dns.sls /etc/resolv.conf: file.managed: - source: salt://init/files/resolv.conf - user: root - group: root - mode: 644
4.2.History记录时间
[root@NEI-pudong-idc2E-wdjky.me srv]# cat /srv/salt/base/init/history.sls /etc/profile: file.managed: - text: - export HISTTIMEFORMAT="%F %T(`whoami`)"
4.3.命令操作审计
[root@NEI-pudong-idc2E-wdjky.me srv]# cat /srv/salt/base/init/audit.sls
/etc/bashrc:
file.append:
- text:
- export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):['pwd']"$msg"; }'
4.4.epel仓库
[root@NEI-pudong-idc2E-wdjky.me srv]# cat /srv/salt/base/init/epel.sls yum_rep_release: pkg.installed: - sources: - epel-release: http://mirrors.aliyun.com/epel/6/x86_64/epel-release-6-8.noarch.rpm - unless: rpm -qa|grep epel-release-6-8
4.5.初始化环境引用
[root@NEI-pudong-idc2E-wdjky.me srv]# cat /srv/salt/base/init/env_init.sls include: - init.dns - init.history - init.audit
5.Haproxy配置管理
5.1.pkg模块用来安装源码编译依赖包
[root@NEI-pudong-idc2E-wdjky.me prod]# cat /srv/salt/prod/pkg/pkg-init.sls pkg-init: pkg.installed: - names: - gcc - gcc-c++ - glibc - make - autoconf - openssl - openssl-devel
5.2.Haproxy服务配置
cd /usr/local/src/ cp haproxy-1.4.24.tar.gz /srv/salt/prod/haproxy/files tar xf haproxy-1.4.24.tar.gz cd /usr/local/src/haproxy-1.4.24/examples/ sed -i 's/\/usr\/sbin\/'\$BASENAME'/\/usr\/local\/haproxy\/sbin\/'\$BASENAME'/g' haproxy.init cp haproxy.init /srv/salt/prod/haproxy/files
5.3.编写Haproxy安装sls
[root@NEI-pudong-idc2E-wdjky.me haproxy]# cat /srv/salt/prod/haproxy/install.sls include: - pkg.pkg-init
haproxy-install: file.managed: - name: /usr/local/src/haproxy-1.4.24.tar.gz - source: salt://haproxy/files/haproxy-1.4.24.tar.gz - mode: 755 - user: root - group: root cmd.run: - name: cd /usr/local/src && tar xf haproxy-1.4.24.tar.gz && cd haproxy-1.4.24 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy - unless: test -d /usr/local/haproxy - require: - pkg: pkg-init - file: haproxy-install /etc/init.d/haproxy:
file.managed: - source: salt://haproxy/files/haproxy.init - mode: 755 - user: root - group: root - require: - cmd: haproxy-install haproxy-config-dir: file.directory: - name: /etc/haproxy - mode: 755 - user: root - group: root haproxy-init: cmd.run: - name: chkconfig --add haproxy - unless: chkconfig --list|grep haproxy - require: - file: /etc/init.d/haproxy
5.4.Haproxy业务应用
[root@NEI-pudong-idc2E-wdjky.me haproxy]# cat /srv/salt/prod/cluster/haproxy-outside.sls include: - haproxy.install haproxy-service: file.managed: - name: /etc/haproxy/haproxy.cfg - source: salt://cluster/files/haproxy-outside.cfg - user: root - group: root - mode: 644 service.running: - name: haproxy - enable: True - reload: True - require: - cmd: haproxy-init - watch: - file: haproxy-service
[root@NEI-pudong-idc2E-wdjky.me haproxy]# cat /srv/salt/prod/cluster/files/haproxy-outside.cfg global log 127.0.0.1:514 local0 warning chroot /usr/local/haproxy group haproxy user haproxy daemon nbproc 8 pidfile /usr/local/haproxy/logs/haproxy.pid maxconn 20000 spread-checks 3
defaults log global mode http #option httplog #option httpclose #option dontlognull #option forwardfor option redispatch #option abortonclose retries 3 #balance roundrobin #balance source #balance leastconn contimeout 5000 clitimeout 50000 srvtimeout 50000 #timeout check 2000
listen randolph_status bind *:80 mode http stats enable stats uri /admin?status #stats realm haproxty\ haproxy stats auth salt:randolph #stats auth admin1:admin1 stats hide-version #stats admin if TRUE #listen webserver #option httpchk HEAD /checkstatus.html HTTP/1.0 option httpclose option forwardfor balance roundrobin cookie SERVERID insert indirect timeout server 15s timeout connect 15s server web01 192.168.21.161:8082 check port 80 inter 5000 fall 5 server web02 192.168.21.163:8082 check port 80 inter 5000 fall 5
5.5.编写Haproxy安装sls
[root@NEI-pudong-idc2E-wdjky.me haproxy]# cat /srv/salt/prod/cluster/haproxy-outside.sls include: - haproxy.install haproxy-service: file.managed: - name: /etc/haproxy/haproxy.cfg - source: salt://cluster/files/haproxy-outside.cfg - user: root - group: root - mode: 644 service.running: - name: haproxy - enable: True - reload: True - require: - cmd: haproxy-init - watch: - file: haproxy-service
6.执行Haproxy状态
[root@NEI-pudong-idc2E-wdjky.me base]# cat top.sls base: jenkins.saltstack.me: - init.env_init prod: jenkins.saltstack.me: - cluster.haproxy-outside
持续更新 ......
