Saltstack自动化运维Saltstack部署haproxy+Keepalived高可用web集群

部署准备

server10 : salt-master
server11: salt-minion nginx
server12: salt-minion http
server13:salt-minion haproxy-master
server14: salt-minion haproxy-backup
VIP:172.25.65.10

保证saltstack正常工作&＃xff0c;在server10上查看可以查看到

部署HAproxy&＃43;Keepalived高可用集群

部署http

在server12 IP&＃xff1a;172.25.65.12

[root&＃64;server10 ~]# mkdir /srv/salt
[root&＃64;server10 salt]# mkdir apache
[root&＃64;server10 apache]# vim install.sls ##http安装apache-install: ##唯一性声明pkg.installed: ##下载- pkgs: - httpd- httpd-toolsfile.managed: ##文件管理- name: /etc/httpd/conf/httpd.conf ##将source&＃xff1a;的文件放到远程主机的该位置&＃xff0c;相当于ansible中的dest- source: salt://apache/files/httpd.conf ##源文件位置&＃xff0c;相当于ansible中的srcservice.running:- name: httpd- reload: true ##watch监控文件,如果文件发生改变&＃xff0c;那么执行reload这个动作。- watch: - file: apache-install


• 在远程主机server12上部署http &＃xff0c;主要运行时所在的目录

[root&＃64;server10 apache]# salt server12 state.sls apache.install


部署Nginx(源码安装)

[root&＃64;server10 files]# mkdir /srv/salt/nginx
[root&＃64;server10 files]# mkdir /srv/salt/nginx/files
[root&＃64;server10 files]# pwd
/srv/salt/nginx/files
[root&＃64;server10 files]# ls
nginx-1.17.4.tar.gz nginx.conf nginx.service


&＃61;&＃61;在此同样需要在一个主机上tar zxf nginx-1.17.4.tar.gz来获得

[root&＃64;server11 conf]# pwd
/mnt/nginx-1.17.4
[root&＃64;server11 conf]# cp nginx.conf /srv/salt/nginx/files


• 下面这个文件的作用是为了使nginx可以使用systemctl命令方式进行启动

[root&＃64;server10 files]# cat nginx.service
[Unit]
Description&＃61;The NGINX HTTP and reverse proxy server
After&＃61;syslog.target network.target remote-fs.target nss-lookup.target[Service]
Type&＃61;forking
PIDFile&＃61;/usr/local/nginx/logs/nginx.pid
ExecStartPre&＃61;/usr/local/nginx/sbin/nginx -t
ExecStart&＃61;/usr/local/nginx/sbin/nginx
ExecReload&＃61;/usr/local/nginx/sbin/nginx -s reload
ExecStop&＃61;/bin/kill -s QUIT $MAINPID
PrivateTmp&＃61;true[Install]
WantedBy&＃61;multi-user.target


[root&＃64;server10 nginx]# pwd
/srv/salt/nginx
[root&＃64;server10 nginx]# ls
files install.sls service.sls


• 安装文件

[root&＃64;server10 nginx]# cat install.sls
nginx-install:pkg.installed: ##安装所需要的依赖性文件- pkgs:- gcc- pcre-devel- openssl-develfile.managed:- name: /mnt/nginx-1.17.4.tar.gz- source: salt://nginx/files/nginx-1.17.4.tar.gzcmd.run: ##shell 进行解压、编译、安装- name: cd /mnt && tar zxf nginx-1.17.4.tar.gz && cd nginx-1.17.4 && sed -i.bak &＃39;s/CFLAGS&＃61;"$CFLAGS -g"/#CFLAGS&＃61;"$CFLAGS -g"/g&＃39; auto/cc/gcc && ./configure --prefix&＃61;/usr/local/nginx --with-http_ssl_module &> /dev/null && make &> /dev/null && make install &> /dev/null- creates: /usr/local/nginx


• 启动、重载Nginx

[root&＃64;server10 nginx]# cat service.sls
include:- nginx.install/usr/local/nginx/conf/nginx.conf:file.managed:- source: salt://nginx/files/nginx.confnginx-service:file.managed:- name: /usr/lib/systemd/system/nginx.service- source: salt://nginx/files/nginx.serviceservice.running:- name: nginx- reload: true- watch:- file: /usr/local/nginx/conf/nginx.conf



[root&＃64;server10 salt]# salt server11 state.sls nginx.install


• 测试
  
  将server11中 nginx默认发布页面进行修改方便测试

[root&＃64;server11 conf]# cat /usr/local/nginx/html/index.html
welcom to nginx


将server12中 http默认发布页面进行修改方便测试

[root&＃64;server12 mnt]# cat /var/www/html/index.html
hello world


部署HAproxy

[root&＃64;server10 salt]# ls
apache haproxy nginx top.sls
[root&＃64;server10 salt]# cd haproxy/
[root&＃64;server10 haproxy]# ls
files install.sls


• haproxy安装

[root&＃64;server10 haproxy]# cat install.sls
haproxy-install:pkg.installed:- pkgs:- haproxy- httpd-toolsfile.managed:- name: /etc/haproxy/haproxy.cfg- source: salt://haproxy/files/haproxy.cfgservice.running:- name: haproxy- reload: true- watch:- file: haproxy-install


[root&＃64;server10 files]# pwd
/srv/salt/haproxy/files
[root&＃64;server10 files]# vim haproxy.cfg


[root&＃64;server10 salt]# salt server13 state.sls haproxy.install


• 测试&＃xff1a;
  
  
  在server14上也进行haproxy的安装&＃xff0c;测试方式与server13一样&＃xff0c;先确保两台主机haproxy都正常

[root&＃64;server10 salt]# salt server13 state.sls haproxy.install


部署keepalived

• 创建keepalived目录

[root&＃64;server10 salt]# mkdir keepalived
[root&＃64;server10 salt]# cd keepalived
[root&＃64;server10 keepalived]# mkdir files


• 在server10上先安装keepalived&＃xff0c;将文件拷贝到/srv/salt/keepalived/files/

[root&＃64;server10 apache]# yum install keepalived -y
[root&＃64;server10 apache]# cd /etc/keepalived/
[root&＃64;server10 keepalived]# ls
keepalived.conf
[root&＃64;server10 keepalived]# cp keepalived.conf /srv/salt/keepalived/files/


• 修改配置文件
  为了方便以后的远程部署&＃xff0c;因为有master和backup状态&＃xff0c;所以将files下的keepalived.conf 分为keepalivedmaster.conf 和 keepalivedbackup.conf 两个文件&＃xff0c;把安装文件也分为两个installm.sls和installb.sls,这样需要部署mater和backup的时候只需要将对应的文件进行执行推送即可。

[root&＃64;server10 files]# ls
keepalived.conf
[root&＃64;server10 files]# mv keepalived.conf keepalivedmaster.conf
[root&＃64;server10 files]# ls
keepalivedmaster.conf
[root&＃64;server10 files]# cp keepalivedmaster.conf keepalivedback.conf


主配置文件

[root&＃64;server10 files]# cat keepalivedmaster.conf


[root&＃64;server10 files]# cat keepalivedback.conf


[root&＃64;server10 salt]# cd keepalived/
[root&＃64;server10 keepalived]# lsfiles installb.sls installm.sls
[root&＃64;server10 keepalived]# cat installm.sls [root&＃64;server10 keepalived]# cat installm.sls
keepalived-install:pkg.installed:- pkgs:- keepalivedfile.managed:- name: /etc/keepalived/keepalived.conf- source: salt://keepalived/files/keepalivedmaster.confservice.running:- name: keepalived- reload: true- watch:- file: keepalived-install


[root&＃64;server10 keepalived]# cat installb.sls
keepalived-install:pkg.installed:- pkgs:- keepalivedfile.managed:- name: /etc/keepalived/keepalived.conf- source: salt://keepalived/files/keepalivedback.confservice.running:- name: keepalived- reload: true- watch:- file: keepalived-install


[root&＃64;server10 salt]# salt server13 state.sls keepalived.installb


[root&＃64;server10 salt]# salt server14 state.sls keepalived.installb


测试:
在server13上查看VIP
因为server13是master&＃xff0c;所以VIP首先在server13上

[root&＃64;server13 keepalived]# ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 52:54:00:94:90:d2 brd ff:ff:ff:ff:ff:ffinet 172.25.65.13/24 brd 172.25.65.255 scope global eth0valid_lft forever preferred_lft foreverinet 172.25.65.100/32 scope global eth0valid_lft forever preferred_lft foreverinet6 fe80::5054:ff:fe94:90d2/64 scope link valid_lft forever preferred_lft forever


server14(haproxy-backup上此时并没有VIP)

[root&＃64;server14 salt]# ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 52:54:00:af:6e:57 brd ff:ff:ff:ff:ff:ffinet 172.25.65.14/24 brd 172.25.65.255 scope global eth0valid_lft forever preferred_lft foreverinet6 fe80::5054:ff:feaf:6e57/64 scope link valid_lft forever preferred_lft forever


访问VIP 172.25.65.100正常

模仿故障&＃xff0c;将haproxy-master上的keepalived关掉

[root&＃64;server13 keepalived]# systemctl stop keepalived


查看server13上发现已经没有VIP

VIP漂移到server14&＃xff08;haproxy-backup&＃xff09;上

此时从外部访问,依然正常&＃xff0c;则Haproxy&＃43;keepalived的高可用搭建成功