本文详细介绍了如何利用SaltStack在多台服务器上部署Keepalived、Haproxy和Nginx,实现高可用环境。包括基础环境配置、SaltStack服务端和客户端的安装,以及Keepalived、Haproxy和Nginx的配置与启动。通过SaltStack自动化管理,确保了集群的高效部署和维护。
SaltStack部署Keepalived、Haproxy、Nginx高可用
资源列表
一、基础环境
- 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
- 关闭内核安全机制
sed -i "s/^SELINUX=.*/SELINUX=disabled/g" /etc/selinux/config
- 时间同步
yum -y install chrony
systemctl start chronyd
systemctl enable chronyd
chronyc sources -v
- 设置主机名
hostnamectl set-hostname master.saltstack.com
hostnamectl set-hostname minion01.saltstack.com
hostnamectl set-hostname minion02.saltstack.com
- 添加hosts
cat >> /etc/hosts << EOF
192.168.186.131 master.saltstack.com
192.168.186.132 minion01.saltstack.com
192.168.186.133 minion02.saltstack.com
EOF
- 安装SaltStack源
所有机器安装
sudo rpm --import https://repo.saltproject.io/py3/redhat/7/x86_64/latest/SALTSTACK-GPG-KEY.pub
curl -fsSL https://repo.saltproject.io/py3/redhat/7/x86_64/latest.repo | sudo tee /etc/yum.repos.d/salt.repo
二、暗转SaltStack服务端
- 主控端(也就是 Master)上安装 SaltStack 软件
yum install -y salt-master
- 配置主控端
# 备份配置文件
cp /etc/salt/master{,_bak}
# 在配置文件最后一行添加
vi /etc/salt/master
file_roots:
base:
- /srv/salt/
- 主控端做完上述操作后启动 salt-master 服务
systemctl start salt-master
systemctl enable salt-master
三、安装SaltStack客户端
- 被控端(也就是两台 Minion)上安装 SaltStack 软件
yum install -y salt-minion
- 配置被控端
# 备份配置文件
cp /etc/salt/minion{,_bak}
# 在配置文件最后一行添加
vi /etc/salt/minion
master: master.saltstack.com
- 分别启动两台被控端服务
systemctl start salt-minion
systemctl enable salt-minion
- 配置通信认证
# 主控端和被控端通信是采用认证的方式,所以需要在主控端同意认证。执行 salt-key -L 命令显示所有的 Minion 的认证信息
# master节点执行
[root@master ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
minion01.saltstack.com
minion02.saltstack.com
Rejected Keys:
# 执行 salt-key -A 命令可以接受所有 Unaccepted Keys 状态的 Minion 的认证信息。接受 过程中会有交互,需要输入 y 字符
# master节点执行
[root@master ~]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
minion01.saltstack.com
minion02.saltstack.com
Proceed? [n/Y] Y
Key for minion minion01.saltstack.com accepted.
Key for minion minion02.saltstack.com accepted.
- 测试通信状态
[root@master ~]# salt '*' test.ping
minion01.saltstack.com:
True
minion02.saltstack.com:
True
四、SaltStack 部署 Keepalived
主控端master节点操作
- 在主控端创建 SaltStack 需要的目录
mkdir /srv/salt
- 通常情况下,编译安装软件需要用到 gcc、make 等这些基础环境软件包或者需要一些 依赖包,而很多被控端可能没有这些编译环境。这里把三个开源软件依赖的软件包一起先进 行安装,所以需要使用 SaltStack 进行配置依赖包安装。为了方便统一管理,创建不同目录进行区分
mkdir /srv/salt/pkg
vi /srv/salt/pkg/make.sls
######################################################################
make-pkg:
pkg.installed:
- pkgs:
- make
- gcc
- gcc-c++
- autoconf
- openssl
- openssl-devel
- pcre
- pcre-devel
- zlib
- zlib-devel
######################################################################
# 创建 Keepalived 目录
mkdir /srv/salt/keepalived
# 创建一个目录,用于存放 Keepalived 源码包和一些它的相关配置文件
mkdir /srv/salt/keepalived/files
# 首先从 Keepalived 官网下载源码包文件上传到/root 目录下,然后解压。本次案例中使 用是 1.2.13 版本
tar zxvf keepalived-1.2.13.tar.gz
# 拷贝源码包、启动服务文件、配置文件到 files 目录下
cp keepalived-1.2.13.tar.gz /srv/salt/keepalived/files
cp keepalived-1.2.13/keepalived/etc/init.d/keepalived.init /srv/salt/keepalived/files/keepalived
cp keepalived-1.2.13/keepalived/etc/keepalived/keepalived.conf /srv/salt/keepalived/files
cp keepalived-1.2.13/keepalived/etc/init.d/keepalived.sysconfig /srv/salt/keepalived/files/keepalived.sys
ls /srv/salt/keepalived/files/
#####################################################
[root@master ~]# ls /srv/salt/keepalived/files/
keepalived keepalived-1.2.13.tar.gz keepalived.conf keepalived.sys
##############################################################
- 修改keepalived配置文件,默认的 keepalived.conf 配置文件并不适合本案例的环境,需要修改,具体内容如下所示,提示:可新建 keepalived.conf 文件,粘贴以下内容,去掉注释,注意:备份好原文件
cp /srv/salt/keepalived/files/keepalived.conf{,_bak}
vi /srv/salt/keepalived/files/keepalived.conf
可将原内容全部删除,添加以下内容
##############################################################################
! Configuration File for keepalived
global_defs {
router_id HAPROXY-HA
}
vrrp_instance VI_1 {
{% if grains['fqdn'] == 'minion01.saltstack.com' %}
state MASTER
priority 100
{% elif grains['fqdn'] == 'minion02.saltstack.com' %}
state BACKUP
priority 99
{% endif %}
interface ens33
virtual_router_id 50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.186.200
}
}
##############################################################################
- 编写执行动作 install.sls 文件
vi /srv/salt/keepalived/install.sls
###############################################################################
include:
- pkg.make
keepalived-install:
file.managed:
- name: /usr/local/src/keepalived-1.2.13.tar.gz
- source: salt://keepalived/files/keepalived-1.2.13.tar.gz
cmd.run:
- name: cd /usr/local/src && tar zxf keepalived-1.2.13.tar.gz && cd keepalived-1.2.13 && ./configure --prefix=/usr/local/keepalived --with-init=SYSV && make && make install
- unless: test –d /usr/local/keepalived
- require:
- file: keepalived-install
/usr/sbin/keepalived:
file.symlink:
- target: /usr/local/keepalived/sbin/keepalived
/etc/keepalived:
file.directory:
- mode: 755
/etc/sysconfig/keepalived:
file.managed:
- source: salt://keepalived/files/keepalived.sys
- mode: 644
- user: root
/etc/init.d/keepalived:
file.managed:
- source: salt://keepalived/files/keepalived
- mode: 755
- user: root
cmd.run:
- name: chkconfig --add keepalived
- unless: chkconfig --list |grep keepalived
/etc/keepalived/keepalived.conf:
file.managed:
- source: salt://keepalived/files/keepalived.conf
- mode: 644
- template: jinja
###############################################################################
- 编写服务启动 service.sls
vi /srv/salt/keepalived/service.sls
##############################################################################
include:
- keepalived.install
keepalived-service:
service.running:
- name: keepalived
- enable: True
- reload: True
- watch:
- file: /etc/keepalived/keepalived.conf
##############################################################################
- 编写统一入口文件 top.sls
vi /srv/salt/top.sls
###############################################################################
base:
'minion0[1-2].saltstack.com':
- keepalived.service
#################################################################################
- 主控端向两台被控端推送安装 Keepalived
salt '*' state.highstate
最后回显能看到True即可
五、SaltStack 部署 Haproxy
主控端master节点操作
- 创建 haproxy 目录,目录结构和 keepalived 基本保持一致
mkdir /srv/salt/haproxy
mkdir /srv/salt/haproxy/files
# 从 Haproxy 官网下载 Haproxy 的源码包上传到/root 目录下,本案例使用版本为 1.5.19
tar zxvf haproxy-1.5.19.tar.gz
# 拷贝 Haproxy 的源码包、启动脚本、配置文件到 files 目录
cp /root/haproxy-1.5.19.tar.gz /srv/salt/haproxy/files/
cp /root/haproxy-1.5.19/examples/haproxy.cfg /srv/salt/haproxy/files
cp /root/haproxy-1.5.19/examples/haproxy.init /srv/salt/haproxy/files/haproxy
- 同样默认的 Haproxy 配置文件也不适合本案例的需求,所以需要做如下的修改
cp /srv/salt/haproxy/files/haproxy.cfg{,_bak}
# 保留第一行,删除其他所有文件,写入以下内容
vi /srv/salt/haproxy/files/haproxy.cfg
#################################################################################################
global
log 127.0.0.1 local0
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 10000
user haproxy
group haproxy
daemon
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 5000
listen stats *:10000
mode http
stats enable
stats uri /
stats refresh 5s
stats show-node
stats show-legends
stats hide-version
listen test 0.0.0.0:80
mode tcp
option tcplog
timeout client 10800s
timeout server 10800s
balance leastconn
option tcp-check
default-server port 8888 inter 2s downinter 5s rise 3 fall 2 slowstart 60s maxconn 5000 maxqueue 250 weight 100
server test-node1 minion01.saltstack.com:8888 check
server test-node2 minion02.saltstack.com:8888 check
#################################################################################################
- 从 Haproxy 的配置文件中,可以看到服务运行使用的是 haproxy 用户。编译安装不会 创建用户,所以需要在启动服务之前创建,编写 haproxy.sls 文件
mkdir /srv/salt/user
vi /srv/salt/user/haproxy.sls
###################################################################################
haproxy:
group.present:
- gid: 300
user.present:
- uid: 300
- gid: 300
- shell: /sbin/nologin
- home: /var/lib/haproxy
####################################################################################
- 编写 Haproxy 的安装 install.sls 文件
vi /srv/salt/haproxy/install.sls
#######################################################################################
include:
- user.haproxy
haproxy-install:
file.managed:
- name: /usr/local/src/haproxy-1.5.19.tar.gz
- source: salt://haproxy/files/haproxy-1.5.19.tar.gz
cmd.run:
- name: cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux2628 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
- unless: test -d /usr/local/haproxy
- require:
- file: haproxy-install
/usr/sbin/haproxy:
file.symlink:
- target: /usr/local/haproxy/sbin/haproxy
/etc/haproxy:
file.directory:
- mode: 755
/etc/haproxy/haproxy.cfg:
file.managed:
- source: salt://haproxy/files/haproxy.cfg
- mode: 644
/etc/init.d/haproxy:
file.managed:
- source: salt://haproxy/files/haproxy
- mode: 755
- user: root
cmd.run:
- name: chkconfig --add haproxy
- unless: chkconfig --list |grep haproxy
#######################################################################################
- 编写 service.sls 文件
vi /srv/salt/haproxy/service.sls
#########################################################################################
include:
- haproxy.install
haproxy-service:
service.running:
- name: haproxy
- enable: True
- reload: True
- watch:
- file: /etc/haproxy/haproxy.cfg
#########################################################################################
- 在入口 top.sls 文件中,增加 Haproxy 相关的操作
vi /srv/salt/top.sls
###########################################################################################
base:
'minion0[1-2].saltstack.com':
- keepalived.service
- haproxy.service
###########################################################################################
- 主控端向两台被控端推送安装 Haproxy
salt '*' state.highstate
最后回显能看到True即可
六、SaltStack 部署 Nginx
主控端master节点操作
- 创建 nginx 目录,目录结构还是保持一致
mkdir /srv/salt/nginx
mkdir /srv/salt/nginx/files
- 因为 Nginx 服务也需要使用 nginx 用户运行,所以需要创建 nginx 用户
vi /srv/salt/user/nginx.sls
#######################################################################################
nginx:
group.present:
- gid: 400
user.present:
- uid: 400
- gid: 400
- shell: /sbin/nologin
- home: /home/nginx
#######################################################################################
- 从 Nginx 官网下载源码包上传到/root 目录然后解压,本案例使用 1.12.0 版本
tar zxvf nginx-1.12.0.tar.gz
# 拷贝 Nginx 的源码包、配置文件到 files 目录
cp nginx-1.12.0.tar.gz /srv/salt/nginx/files
cp nginx-1.12.0/conf/nginx.conf /srv/salt/nginx/files
- 因为源码包里面没有启动 Nginx 服务脚本文件,加上本案例的 CentOS 7.3 系统采用 Systemctl 管理启动服务,所以需要手动创建一个启动文件 nginx.service
vi /srv/salt/nginx/files/nginx.service
#########################################################################################
[Unit]
Description=nginx service
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
PrivateTmp=true
[Install]
WantedBy=multi-user.target
#########################################################################################
- 为了区分两台 Nginx 节点首页显示不一样内容,创建一个 index.html 文件,内容如下 所示
!!!!!注意IP地址的修改 !!!!!
vi /srv/salt/nginx/files/index.html
##########################################################################################
{% if grains['fqdn'] == 'minion01.saltstack.com' %}
This is 192.168.186.132 node!
{% elif grains['fqdn'] == 'minion02.saltstack.com' %}
This is 192.168.186.133 node!
{% endif %}
##########################################################################################
- 编写 Nginx 的 install.sls 安装文件
vi /srv/salt/nginx/install.sls
###############################################################################################
include:
- user.nginx
nginx-install:
file.managed:
- name: /usr/local/src/nginx-1.12.0.tar.gz
- source: salt://nginx/files/nginx-1.12.0.tar.gz
cmd.run:
- name: cd /usr/local/src && tar zxf nginx-1.12.0.tar.gz && cd nginx-1.12.0 && ./configure --prefix=/usr/local/nginx && make && make install
- unless: test -d /usr/local/nginx
- require:
- file: nginx-install
/usr/local/nginx/conf/nginx.conf:
file.managed:
- source: salt://nginx/files/nginx.conf
- mode: 644
cmd.run:
- name: sed -i 's/#user nobody/user nginx/g' /usr/local/nginx/conf/nginx.conf && sed -i '0,/80/s/80/8888/' /usr/local/nginx/conf/nginx.conf
/usr/local/nginx/html/index.html:
file.managed:
- source: salt://nginx/files/index.html
- mode: 644
- template: jinja
nginx-init:
file.managed:
- name: /usr/lib/systemd/system/nginx.service
- source: salt://nginx/files/nginx.service
- mode: 644
- user: root
cmd.run:
- name: systemctl enable nginx
- unless: systemctl is-enabled nginx
###############################################################################################
- 编写 Nginx 的启动服务 service.sls 文件
vi /srv/salt/nginx/service.sls
#####################################################################################################
include:
- nginx.install
nginx-service:
service.running:
- name: nginx
- enable: True
- reload: True
- watch:
- file: /usr/local/nginx/conf/nginx.conf
#####################################################################################################
- 编写总入口文件 top.sls 文件,增加 Nginx 相关操作
vi /srv/salt/top.sls
####################################################################################################
base:
'minion0[1-2].saltstack.com':
- keepalived.service
- haproxy.service
- nginx.service
####################################################################################################
- 最后,在 salt-master 端给 salt-minion 端推送 top.sls 文件,实现在 Minion 端根据不同 需求自动安装 Keepalived、Haproxy、Nginx 服务并启动。如下命令第一次执行时间会比较 长,请耐心等待。每台 Minion 端成功执行 30 个 ID 任务
salt '*' state.highstate
回显True即可
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
