安装以下依赖包:
yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel lrzsz memcache
(可以先安装,操作时就只是检查)下载以下软件包:
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.37.tar.gz##可用yum
wget http://nginx.org/download/nginx-1.9.6.tar.gz
wget http://keepalived.org/software/keepalived-1.2.19.tar.gz
wget http://cn2.php.net/get/php-5.6.15.tar.gz/from/this/mirror
部署Haproxy
[root@linux-node1haproxy]# vim /etc/salt/master file_roots: base: - /srv/salt/base prod: - /srv/salt/prod test: - /srv/salt/test [root@linux-node1haproxy]# /etc/init.d/salt-master restart
###修改完配置文件要重启才能生效
[root@linux-node1~]# mkdir /srv/salt/prod/pkg –p ##生产上一些包放在这 [root@linux-node1~]# mkdir /srv/salt/prod/haproxy [root@linux-node1~]# mkdir /srv/salt/prod/haproxy/files [root@linux-node1pkg]# vim pkg-init.sls ##安装包的初始化 pkg-init: ##ID pkg.installed: - names: - gcc - gcc-c++ - glibc - make - autoconf - openssl - openssl-devel - pcre-devel ###nginx需要 [root@linux-node1prod]# cp /home/reid/tools/haproxy-1.6.2.tar.gz haproxy/files/
操作方法:第一次先用手动安装一次,然后再用salt来写一次
[root@linux-node1prod]# cp /home/reid/tools/haproxy-1.6.2.tar.gz haproxy/files/ [root@linux-node1prod]# cd haproxy/files/ [root@linux-node1files]# ls haproxy-1.6.2.tar.gz [root@linux-node1files]# cp haproxy-1.6.2.tar.gz /usr/local/src/ [root@linux-node1files]# tar zxf haproxy-1.6.2.tar.gz [root@linux-node1files]# cd haproxy-1.6.2 [[email protected]]# make TARGET=linux26 PREFIX=/usr/local/haproxy && makeinstall PREFIX=/usr/local/haproxy [[email protected]]# cd examples/ [root@linux-node1examples]# vim haproxy.init BIN=/usr/local/haproxy/sbin/$BASENAME ##修改脚本路径
编写sls安装haproxy
[root@linux-node1examples]# cp haproxy.init /srv/salt/prod/haproxy/files/ [root@linux-node1examples]# cd /srv/salt/prod/haproxy/ [root@linux-node1haproxy]# vim install.sls include: ##先把包include - pkg.pkg-init haproxy-install: file.managed: - name: /usr/local/src/haproxy-1.6.2.tar.gz - source: salt://haproxy/files/haproxy-1.6.2.tar.gz ##放包根据file_roots来设 - user: root - group: root - mode: 755 cmd.run: ##安装 - name: cd/usr/local/src && tar zxf haproxy-1.6.2.tar.gz &&cdhaproxy-1.6.2 && make TARGET=linux26 PREFIX=/usr/local/haproxy&&make install PREFIX=/usr/local/haproxy - unless: test -d /usr/local/haproxy ###如果不存在返回false时就执行 - require: - pkg: pkg-init ##依赖于这些包 - file: haproxy-install ##haproxy-install下有一个文件模块,依赖于这个,一个ID下一个模块只能使用一次 haproxy-init: ##加入开机启动服务 file.managed: -name: /etc/init.d/haproxy - source: salt://haproxy/files/haproxy.init - user: root - group: root - mode: 755 - require: - cmd: haproxy-install ####haproxy-install下面一个cmd的模块,依赖于这个 cmd.run: -name: chkconfig --add haproxy - unless: chkconfig --list |grep haproxy - require: - file: /etc/init.d/haproxy net.ipv4.ip_nonlocal_bind: #监听非本地IP ,负载均衡的机器上只有一个IP,所以要修改一个内核参数 sysctl.present: - value: 1 haproxy-config-dir: ###创建一个目录,放文件到里面 file.directory: - name: /etc/haproxy - user: root - group: root - mode: 755
Note:监听非本地IP ,负载均衡的机器上只有一个IP,所以要修改一个内核参数
[root@linux-node1~]# cat /proc/sys/net/ipv4/ip_nonlocal_bind 0
状态间关系:
unless:用于检查的命令仅当“unless”选项指向的命令返回false时才执行name指向的命令
require:我依赖某个状态,它执行了我才执行
[root@linux-node1haproxy]# salt 'linux-node1.*' state.sls haproxy.install env=prod
统一管理haproxy配置文件
[root@linux-node1~]# mkdir /srv/salt/prod/cluster [root@linux-node1~]# mkdir /srv/salt/prod/cluster/files ##把配置放里面 [root@linux-node1~]# cd /srv/salt/prod/cluster/files/ [root@linux-node1files]# vim haproxy-outside.cfg ##外网负载均衡 global maxconn 100000 chroot /usr/local/haproxy uid 99 gid 99 daemon nbproc 1 pidfile /usr/local/haproxy/logs/haproxy.pid log 127.0.0.1 local3 info defaults option http-keep-alive maxconn 100000 mode http timeout connect 5000ms timeout client 50000ms timeout server 50000ms listen stats mode http stats uri /haproxy-status stats auth haproxy:saltstack frontend frontend_www_example_com bind10.0.0.11:80 mode http option httplog log global default_backend backend_www_example_com backend backend_www_example_com option forwardfor header X-REAL-IP option httpchk HEAD / HTTP/1.0 balanceroundrobin server web-node1 10.0.0.7:8080 check inter 2000 rise 30 fall 15 server web-node2 10.0.0.8:8080 check inter 2000 rise 30 fall 15 ###生产建议除了负载均衡都监听80,可以用普通用户来起 cluster目录下写haproxy相关的配置,配置文件的管理和服务的管理—》思路先安装---配置---再起 [root@linux-node1cluster]# vim haproxy-outside.sls include: - haproxy.install haproxy-service: file.managed: - name: /etc/haproxy/haproxy.cfg - source:salt://cluster/files/haproxy-outside.cfg - user: root - group: root - mode: 644 service.running: ##启动服务 - name: haproxy - enable: True ###开机自启动 - reload: True ###不加,配置文件变化了会restart - require: - cmd: haproxy-init - watch: ##监控配置文件的变化 - file: haproxy-service [root@linux-node1cluster]# vim /srv/salt/base/top.sls base: '*': - init.env_init prod: 'linux-node1.example.com': - cluster.haproxy-outside 'linux-node2.example.com': - cluster.haproxy-outside [root@linux-node1~]# salt '*' state.highstate
添加首页测试:
Apache的监听端口要修改
Listen:8080
/etc/init.d/httpd restart ###linux-node2上没有安装 [root@linux-node1~]# echo "linux-node1" >>/var/www/html/index.html [root@linux-node2~]# echo "linux-node2" >>/var/www/html/index.html http://10.0.0.7:8888/haproxy-status bind 0.0.0.0:8888 stats enable
部署keepalived
准备启动脚本:
[root@linux-node1etc]# mkdir /srv/salt/prod/keepalived/files -p [root@linux-node1etc]# cp /usr/local/src/keepalived-1.2.19/keepalived/etc/init.d/keepalived.init/srv/salt/prod/keepalived/files/ [root@linux-node1etc]# cp /usr/local/src/keepalived-1.2.19/keepalived/etc/keepalived/keepalived.conf /srv/salt/prod/keepalived/files/ [root@linux-node1etc]# cd /srv/salt/prod/keepalived/files/ [root@linux-node1files]# ls keepalived.conf keepalived.init [root@linux-node1files]# vimkeepalived.init ###启动脚本 start(){ echo -n $"Starting $prog: " daemon /usr/local/keepalived/sbin/keepalived${KEEPALIVED_OPTIONS}
编写keepalived的sls
[root@linux-node1files]# cd .. [root@linux-node1keepalived]# vim install.sls ##安装 include: ##先include要安装的基础包 - pkg.pkg-init keepalived-install: ##安装 file.managed: - name:/usr/local/src/keepalived-1.2.19.tar.gz - source:salt://keepalived/files/keepalived-1.2.19.tar.gz ###存放安装包 - user: root - group: root - mode: 755 cmd.run: ###编译 - name: cd/usr/local/src && tar zxf keepalived-1.2.19.tar.gz && cdkeepalived-1.2.19 && ./config ure --prefix=/usr/local/keepalived --disable-fwmark&& make && make install - unless: test -d /usr/local/keepalived - require: - pkg: pkg-init - file:keepalived-install keepalived-init: ###以下是管理配置文件 file.managed: - name:/etc/init.d/keepalived - source:salt://keepalived/files/keepalived.init - user: root - group: root - mode: 755 cmd.run: ###设置开机启动 - name: chkconfig--add keepalived - unless:chkconfig --list | grep keepalived - require: - file:keepalived-init /etc/sysconfig/keepalived: file.managed: - source:salt://keepalived/files/keepalived.sysconfig - user: root - group: root - mode: 644 /etc/keepalived: file.directory: - user: root - group: root - mode: 755
准备Keepalived配置文件
[root@linux-node1sysconfig]# cp /usr/local/keepalived/etc/sysconfig/keepalived/srv/salt/prod/keepalived/files/keepalived.sysconfig [root@linux-node1sysconfig]# vim keepalived ====》KEEPALIVED_OPTIONS="-D" [root@linux-node1keepalived]# ll files/ 总用量 12 -rw-r--r--1 root root 3562 11月 21 13:33 keepalived.conf -rwxr-xr-x1 root root 1335 11月 21 13:39 keepalived.init -rw-r--r--1 root root 667 11月 21 13:59 keepalived.sysconfig -rw-r--r--1 root root 330164 11月 21 14:26 keepalived-1.2.19.tar.gz [root@linux-node1keepalived]# salt '*' state.sls keepalived.install env=prod
keepalived的引用
[root@linux-node1~]# cd /srv/salt/prod/cluster/files/ [root@linux-node1files]# cat haproxy-outside-keepalived.conf ###keepalived的配置文件 !Configuration File for keepalived global_defs{ notification_email { [email protected] } [email protected] smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id `ROUTEID` } vrrp_instancehaproxy_ha { state `STATEID` interfaceeth0 virtual_router_id 36 priority `PRIORITYID` advert_int 1 authentication{ auth_typePASS auth_pass 1111 } virtual_ipaddress { 10.0.0.11 } } [root@linux-node1cluster]# ls files haproxy-outside.sls [root@linux-node1cluster]# vim haproxy-outside-keepalived.sls include: - keepalived.install keepalived-service: file.managed: - name: /etc/keepalived/keepalived.conf - source:salt://cluster/files/haproxy-outside-keepalived.conf - user: root - group: root - mode: 644 - template: jinja {% if grains['fqdn'] == 'linux-node1.example.com' %} - ROUTEID:haproxy_ha - STATEID: MASTER - PRIORITYID: 150 {% elifgrains['fqdn'] == 'linux-node2.example.com' %} - ROUTEID:haproxy_ha - STATEID: BACKUP - PRIORITYID: 100 {% endif %} service.running: - name: keepalived - enable: True - watch: - file: keepalived-service [root@linux-node1cluster]# salt '*' state.sls cluster.haproxy-outside-keepalived env=prodtest=True [root@linux-node1cluster]# salt '*' state.sls cluster.haproxy-outside-keepalived env=prod [root@linux-node1salt]# vim base/top.sls base: '*': - init.env_init prod: 'linux-node1.example.com': - cluster.haproxy-outside - cluster.haproxy-outside-keepalived 'linux-node2.example.com': - cluster.haproxy-outside - cluster.haproxy-outside-keepalived [root@linux-node1prod]# salt '*' state.highstate [root@linux-node1prod]# ip add| grep 11 inet 10.0.0.11/32 scope global eth0 [root@linux-node1prod]# /etc/init.d/keepalived stop [root@linux-node2~]# ip add |grep 11 inet 10.0.0.11/32 scope global eth0
统一用户记管理
[root@linux-node1~]# mkdir /srv/salt/prod/user [root@linux-node1user]# vim www.sls ##web的管理用户 www-user-group: group.present: - name: www - gid: 1000 user.present: - name: www - fullname: www - shell: /sbin/nologin - uid: 1000 - gid: 1000 [root@linux-node1user]# salt '*' state.sls user.www env=prod test=True [root@linux-node1user]# salt '*' state.sls user.www env=prod [root@linux-node1user]# vim mysql.sls ###mysql管理用户 mysql-user-group: group.present: - name: mysql - gid: 501 user.present: - name: mysql - fullname: mysql - shell: /sbin/nologin - uid: 501 - gid: 501 [root@linux-node1user]# salt '*' state.sls user.mysql env=prod test=True [root@linux-node1user]# salt '*' state.sls user.mysql env=prod
部署Nginx
[root@linux-node1~]# tree /srv/salt/prod/nginx/ /srv/salt/prod/nginx/ ├── files │ ├── nginx-1.9.6.tar.gz │ └── nginx.init ###启动脚本 └── install.sls [root@linux-node1~]# tree /srv/salt/prod/cluster/ /srv/salt/prod/cluster/ ├── files │ ├── haproxy-outside.cfg │ ├──haproxy-outside-keepalived.conf │ └── nginx-web.conf ##配置文件 ├── haproxy-outside-keepalived.sls ├── haproxy-outside.sls └── nginx-web.sls ###管理配置文件 [root@linux-node1~]# cat /srv/salt/prod/nginx/install.sls include: - pkg.pkg-init nginx-install: file.managed: - name: /usr/local/src/nginx-1.9.6.tar.gz - source:salt://nginx/files/nginx-1.9.6.tar.gz - user: root - group: root - mode: 755 cmd.run: - name: cd/usr/local/src && tar zxf nginx-1.9.6.tar.gz && cd nginx-1.9.6&&./configure --prefix=/usr/local/nginx --user=www --group=www--with-http_ssl_module --with-http_stub_status_module && make&& make install - unless: test -d/usr/local/nginx - pkg: pkg-init - file:nginx-install nginx-init: file.managed: - name:/etc/init.d/nginx - source:salt://nginx/files/nginx.init - user: root - group: root - mode: 755 - require: - cmd:nginx-install cmd.run: - name: chkconfig--add nginx - unless:chkconfig --list | grep nginx - require: - file:/etc/init.d/nginx [root@linux-node1~]# cat /srv/salt/prod/cluster/nginx-web.sls include: - nginx.install nginx-service: file.managed: - name:/usr/local/nginx/conf/nginx.conf - source:salt://cluster/files/nginx-web.conf service.running: - name: nginx - enable: True - reload: True - require: - cmd:nginx-init - watch: - file:nginx-service [root@linux-node1~]# cat /srv/salt/base/top.sls base: '*': - init.env_init prod: 'linux-node1.example.com': - cluster.haproxy-outside - cluster.haproxy-outside-keepalived -cluster.nginx-web 'linux-node2.example.com': - cluster.haproxy-outside - cluster.haproxy-outside-keepalived -cluster.nginx-web
部署PHP
[root@linux-node1~]# tree /srv/salt/prod/php/ /srv/salt/prod/php/ ├── files │ ├── php-5.6.15.tar.gz │ ├── php-fpm.conf ###修改下启动用户为www │ └── php.init └── install.sls [root@linux-node1~]# tree /srv/salt/prod/cluster/ /srv/salt/prod/cluster/ ├── files │ ├── haproxy-outside.cfg │ ├──haproxy-outside-keepalived.conf │ ├── nginx-web.conf │ └── php.ini ├── haproxy-outside-keepalived.sls ├── haproxy-outside.sls ├── nginx-web.sls └── php-web.sls [root@linux-node1~]# cat /srv/salt/prod/php/install.sls include: - pkg.pkg-init php-install: file.managed: - name:/usr/local/src/php-5.6.15.tar.gz - source:salt://php/files/php-5.6.15.tar.gz - user: root - group: root - mode: 755 cmd.run: - name: cd/usr/local/src/ && tar xf php-5.6.15.tar.gz && cd php-5.6.15&& ./configure --prefix=/usr/local/php --with-mysql --with-jpeg-dir--with-png-dir --with-zlib --enable-xml --with-libxml-dir --with-curl--enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --enable-mbregex--with-openssl --enable-mbstring --with-gd --enable-gd-native-ttf--enable-sockets --with-xmlrpc --enable-zip --enable-soap --disable-debug--enable-opcache --enable-zip --with-config-file-path=/usr/local/php/etc--enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx && make&& make install - unless: test -d/usr/local/php - pkg: pkg-init - file:php-install php-conf: file.managed: - name:/usr/local/php/etc/php-fpm.conf - source:salt://php/files/php-fpm.conf ###启动需要的文件 - user: root - group: root - mode: 644 - require: - cmd:php-install php-init: file.managed: - name:/etc/init.d/php - source:salt://php/files/php.init ###启动脚本 - user: root - group: root - mode: 755 - require: - cmd:php-install cmd.run: - name: chkconfig--add php - unless:chkconfig --list | grep php - require: - file:/etc/init.d/php [root@linux-node1~]# cat /srv/salt/prod/cluster/php-web.sls include: - php.install php-service: file.managed: - name:/usr/local/php/etc/php.ini ###配置文件 - source:salt://cluster/files/php.ini service.running: - name: php - enable: True - reload: True - require: - cmd: php-init - watch: - file:php-service [root@linux-node1~]# cat /srv/salt/prod/cluster/files/nginx-web.conf ###需要修改,前期部署可以一下实现,可以根据不同的站点对业务配置管理 worker_processes 1; events{ worker_connections 1024; } http{ include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; server { listen 8081; server_name www.reid.org; root html/blog; index index.php index.html index.htm; location ~ .*\.(php|php5)?$ ###支持PHP { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi.conf; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } } salt'*' state.sls php.install env=prod test=True salt'*' state.sls php.install env=prod salt'*' state.higtstate
测试:
部署Memcached
[root@linux-node1~]#tree /srv/salt/prod/memcached/ /srv/salt/prod/memcached/ ├── files │ └── memcached-1.4.13.tar.gz ├── install.sls ├── memcached.sls └── service.sls [root@linux-node1~]# mkdir /srv/salt/prod/libevent/files -p [root@linux-node1~]# mkdir /srv/salt/prod/memcached/files –p 安装libevent [root@linux-node1~]# vim /srv/salt/prod/libevent/install.sls libevent-source-install: file.managed: - name:/usr/local/src/libevent-1.4.13-stable.tar.gz - source:salt://libevent/files/libevent-1.4.13-stable.tar.gz - user: root - group: root - mode: 644 cmd.run: - name: cd /usr/local/src && tarzxf libevent-1.4.13-stable.tar.gz && cd libevent-1.4.13-stable&& ./config ure--prefix=/usr/local/libevent && make && make install - unless: test -d /usr/local/libevent - require: - file: libevent-source-install 安装memcached [root@linux-node1~]# vim /srv/salt/prod/memcached/install.sls include: - libevent.install memcached-source-install: file.managed: - name: /usr/local/src/memcached-1.4.13.tar.gz - source:salt://memcached/files/memcached-1.4.13.tar.gz - user: root - group: root - mode: 644 cmd.run: - name: cd /usr/local/src && tarzxf memcached-1.4.13.tar.gz && cd memcached-1.4.13 &&./configure --prefix =/usr/local/memcached--enable-64bit --with-libevent=/usr/local/libevent && make &&make install - unless: test -d /usr/local/memcached - require: - cmd: libevent-source-install - file: memcached-source-install 启动memcached [root@linux-node1~]# vim /srv/salt/prod/memcached/service.sls include: - memcached.install - user.www memcached.service: cmd.run: - name: /usr/local/memcached/bin/memcached-d -m 128 -p 11211 -c 8096 -u www - unless: netstat -tnlp|grep 11211 - require: - cmd: memcached-source-install - user: www-user-group 在top file上定义 [root@linux-node1~]# vim /srv/salt/base/top.sls base: '*': - init.env_init prod: 'linux-node1.example.com': - cluster.haproxy-outside - cluster.haproxy-outside-keepalived - cluster.nginx-web - cluster.php-web - cluster.mysql - memcached.service 'linux-node2.example.com': - cluster.haproxy-outside - cluster.haproxy-outside-keepalived - cluster.nginx-web - cluster.php-web - cluster.mysql - memcached.service [root@linux-node1~]# netstat -ntlp|grep 11211 tcp 0 0 0.0.0.0:11211 0.0.0.0:* LISTEN 9485/memcached tcp 0 0 :::11211 :::* LISTEN 9485/memcached [root@linux-node2~]# netstat -ntlp|grep 11211 tcp 0 0 0.0.0.0:11211 0.0.0.0:* LISTEN 5137/memcached tcp 0 0 :::11211 :::* LISTEN 5137/memcached PHP Memcache [root@linux-node1~]# vim /srv/salt/prod/php/php-memcache.sls memcache-plugin: file.managed: - name: /usr/local/src/memcache-2.2.5.tgz - source: salt://php/files/memcache-2.2.5.tgz - user: root - group: root - mode: 755 cmd.run: - name: cd /usr/local/src && tarzxf memcache-2.2.5.tgz && cd memcache-2.2.5 &&/usr/local/php/bin/phpize & &./configure --enable-memcache --with-php-config=/usr/local/php/bin/php-config&& make && make install - unless: test -f/usr/local/php/lib/php/extensions/*/memcache.so - require: - file: memcache-plugin /usr/local/php/etc/php.ini: file.append: - text: - extension=memcache.so
部署MySQL(生产上不建议主从用salt部署)
[root@linux-node1~]# tree /srv/salt/prod/mysql/ /srv/salt/prod/mysql/ ├── files │ ├── my-medium.cnf ##配置文件 │ ├── mysql-5.1.72.tar.gz ##安装包 │ └── mysql.server ###启动脚本 └── install.sls ###安装文件 [root@linux-node1~]# cat /srv/salt/prod/mysql/install.sls include: - pkg.pkg-init - user.mysql mysql-install: file.managed: - name: /usr/local/src/mysql-5.1.72.tar.gz - source:salt://mysql/files/mysql-5.1.72.tar.gz - user: root - group: root - mode: 755 cmd.run: - name: cd /usr/local/src && tar xfmysql-5.1.72.tar.gz && cd mysql-5.1.72 && ./configure--prefix=/usr/local/mysql--with-unix-socket-path=/usr/local/mysql/tmp/mysql.sock --localstatedir=/usr/local/mysql/data--enable-assembler --enable-thread-safe-client --with-mysqld-user=mysql--with-big-tables --without-debug --with-pthread --enable-assembler--with-extra-charsets=complex --with-readline --with-ssl --with-embedded-server--enable-local-infile --with-plugins=partition,innobase--with-mysqld-ldflags=-all-static --with-client-ldflags=-all-static &&make && make install - unless: test -d /usr/local/mysql - require: - file: mysql-install - pkg: pkg-init mysql-data-dir: file.directory: - name: /usr/local/mysql/data - user: mysql - group: mysql - require: - user: mysql cmd.run: - name: cd /usr/local/mysql/bin/ &&./mysql_install_db --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data/--user=mysql - require: - cmd: mysql-install mysql-config-file: file.managed: - name: /etc/my.cnf - source: salt://mysql/files/my-medium.cnf - user: root - group: root - mode: 644 mysql-init: file.managed: - name: /etc/init.d/mysqld - source: salt://mysql/files/mysql.server - user: root - group: root - mode: 755 - require: - cmd: mysql-install - file: mysql-config-file cmd.run: - name: chkconfig --add mysqld - unless: chkconfig --list | grep mysqld - require: - file: /etc/init.d/mysqld service.running: - name: mysqld - enable: True - require: - file: /etc/init.d/mysqld [root@linux-node1~]# salt '*' state.sls mysql.install env=prod