本章主要介绍通过saltstack构建系统高可用架构,以满足业务需求。通过Haproxy实现负载均衡调度后端Nginx+PHP服务器,Keepalived实现系统高可用功能,Memcached存储session会话,后端数据库采用Mysql并且实现主从复制以及读写分离。
一、拓扑图
一、系统架构图
二、saltstack分层管理图
我们通过saltstack实现的整个系统环境可以分为三部分:
系统初始化:用于设定节点状态,如dns、history命令记录、系统内核参数设定等。
功能模块:用于整个系统的功能实现,如Nginx、Mysql、Haproxy、keepalived的安装和脚本文件配置下发等。
业务模块:用于引用一些差异型功能,如hapzory或keeplaived的配置文件下发,每个节点的配置参数是不一样的,我们称之为业务模块。
之所以将功能模块和业务模块分开来做这样的好处在于:
如haproxy的安装以及负载均衡配置的实现之所以分开来做,这样的好处在于随着节点数量不断的增加,差异性不断的扩大。我们安装都引用相同的安装脚本,但是每个节点的参数配置是不相同的,因此我们在业务模块上进行每个节点不同参数的实现。
实验环境:
| IP地址 | Saltstack角色 | 业务角色 | 主机名 | 系统环境 |
| 192.168.39.135 | master | Saltstack-server | centos | CentOS release 6.7 (Final) |
| 192.168.39.200 | minion | Haproxy、keealived | centos-test1 |
CentOS release 6.7 (Final) |
| 192.168.39.201 | minion | Haproxy、keealived | centos-test2 | CentOS release 6.7 (Final) |
| 192.168.39.202 | minion | Nginx+PHP、Mysql |
centos-test3 | CentOS release 6.7 (Final) |
| 192.168.39.203 | minion | Nginx+PHP、Mysql 、Memcached | centos-test4 | CentOS release 6.7 (Final) |
Saltstack的安装、配置、授权等可参考:https://blog.51cto.com/bovin/1984115
二、Salt-Minion端环境配置
一、系统初始化
我们将系统的每个节点都进行一定的系统初始化设定,如dns、history命令记录、系统内核参数设定等。首先,进入salt的base环境,我们所有的系统设定都在此环境下进行设定。
[root@centos files]# cd /srv/salt/base/
创建init目录,用于系统的整个初始化相关设定。
[root@centos base]# mkdir init
配置各个节点dns解析:
[root@centos init]# vim dns.sls
/etc/resolv.conf: file.managed: - source: salt://init/files/resolv.conf - user: root - group: root - mode: 644 - template: jinja - defaults: DNS_SERVER: 192.168.39.23
files下resolv.conf文件内容为:
[root@centos init]# cat files/resolv.conf
# Generated by NetworkManager
nameserver {{ DNS_SERVER }}
使各个节点history命令都记录时间:
[root@centos init]# vim history.sls
/etc/profile: file.append: - text: - export HISTTIMEFORMAT="%F %T `whoami`"
注:file模块通过append追加方式写入环境变量中
审计sls文件,将每个用户的命令都记录到/var/log/message文件中:
[root@centos init]# vim audit.sls
/etc/bashrc:
file.append:
- text:
- export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; }); logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg";}'
对节点的系统内核参数设定:
[root@centos init]# vim sysctl.sls
vm.swappiness: sysctl.present: - value: 0 net.ipv4.ip_local_port_range: sysctl.present: - value: 10000 65000 fs.file-max: sysctl.present: - value: 100000
引导以上各个功能模块:
[root@centos init]# vim env_init.sls
include: - init.dns - init.history - init.audit - init.sysctl
注:通过include进行模块引用
编写top file文件:
[root@centos base]# vim /srv/salt/base/top.sls
base: '*': - init.env_init
注:base环境下,init目录查找env_init文件
目录文件结构,如下:
在执行时我们可以通过指定参数,模拟执行:
[root@centos base]# salt '*' state.highstate test=True
注:test=True模拟执行方式
模拟执行完没有报错,我们可以放心去设定节点初始化环境了:
[root@centos base]# salt '*' state.highstate
三、前端高可用
根据整个系统架构图,我们可以分为两大部分来完成。前端高可用和后端上线服务,前端高可用主要包括haproxy和keepalived安装及配置。后端线上服务包括nginx、php、memcache、mysql的安装及配置。以下是haproxy和keepalived安装和配置。
一、功能模块之haproxy安装
功能模块分为:前端调度Haproxy,后端Nginx+PHP,数据库Mysql以及会话存储Memcached。以下是saltstack实现功能模块Haproxy的实例安装:
创建Haproxy模块的文件目录:
[root@centos ~]# mkdir /srv/salt/prod/pkg/
注:pkg目录用于存放软件安装包
[root@centos ~]# mkdir /srv/salt/prod/haproxy [root@centos ~]# mkdir /srv/salt/prod/haproxy/files
注:haproxy目录用于存放haroxy的安装脚本和文件
[root@centos ~]# cd /srv/salt/prod/pkg/
[root@centos pkg]# vim pkg-init.sls pkg-init: pkg.installed: - names: - gcc - gcc-c++ - glibc - make - autoconf - openssl - openssl-devel
注:pkg-init.sls用解决源码安装所需要的相关依赖
[root@centos ~]# cd /srv/salt/prod/haproxy
[root@centos haproxy]# vim install.sls include: #include haproxy源码包 - pkg.pkg-init haproxy-install: #安装haproxy 包括两个步骤:管理文件、执行cmd.run file.managed: - name: /usr/local/src/haproxy-1.6.2.tar.gz - source: salt://haproxy/files/haproxy-1.6.2.tar.gz - user: root - group: root - mode: 755 cmd.run: - name: cd /usr/local/src/ && tar -zxf haproxy-1.6.2.tar.gz && cd haproxy-1.6.2 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy - unless: test -d /usr/local/haproxy #判断haproxy目录是否存在,如果存在不在继续安装 - require: #执行完cmd.run后,如果执行成功,则继续。否则,不执行以下。 - pkg: pkg-init - file: haproxy-install haproxy-init: #定义haproxy-init,包括:拷贝haproxy启动脚本到相关路径下、添加系统服务 file.managed: - name: /etc/init.d/haproxy - source: salt://haproxy/files/haproxy.init - user: root - group: root - mode: 755 - require: - cmd: haproxy-install cmd.run: - name: chkconfig --add haproxy - unless: chkconfig --list | grep haproxy #如果有chkconfg .. 命令 不在执行name - require: - file: haproxy-init net.ipv4.ip_nonlocal_bind: #监听本地ip sysctl.present: - value: 1 haproxy-config-dir: #创建haproxy的目录 file.directory: - name: /etc/haproxy - user: root - group: root - mode: 755
注:salt文件相关参数介绍:
功能名称:requisites 功 能:处理状态间关系 常用方法: require #依赖某个状态 require_in #被某个状态依赖 watch #关注某个状态 watch_in #被某个状态关注 状态模块:状态间关系 功 能:条件判断,主要用于cmd状态模块 常用方法: -onlyif:检查的命令,仅当“onlyif”选项指向的命令返回true时才执行name定义的命令。 -unless;用于检查的命令,仅当“unless”选项指向的命令返回false时才执行name指向的命令。
目录结构,如下:
执行安装haproxy:
[root@centos haproxy]# salt 'centos-test[1-2]' state.sls haproxy.install env=prod
注:env=prod 指定prod目录下执行,如果不加此参数会默认从base环境下执行sls文件
可以看到执行haproxy安装成功了。
二、业务引用之Haproxy负载均衡的实现
Haproxy的安装我们选择源码包进行安装,我们通过文件管理模块进行haproxy的文件配置管理,需要将两个节点配置为负载均衡模式。
创建业务引用相关目录:
业务引用我们都是在cluster目录下进行。
[root@centos ~]# mkdir /srv/salt/prod/cluster #用于存放集群相关文件 [root@centos ~]# mkdir /srv/salt/prod/cluster/files [root@centos prod]# cd /srv/salt/prod/cluster/files/ #切换到此目录下创建salt文件
[root@centos files]# vim haproxy-outside.cfg #外网负载均衡配置文件 global maxconn 100000 chroot /usr/local/haproxy uid 99 gid 99 daemon nbproc 1 pidfile /usr/local/haproxy/logs/haproxy.pid log 127.0.0.1 local3 info #默认参数设置 defaults option http-keep-alive maxconn 100000 mode http timeout connect 5000ms timeout client 50000ms timeout server 50000ms #开启Haproxy Status状态监控,增加验证 listen stats mode http bind 0.0.0.0:8888 stats enable stats uri /haproxy-status stats auth haproxy:saltstack #前端设置 frontend frontend_www_example_com #bind 10.0.0.11:80 bind 192.168.39.100:80 mode http option httplog log global default_backend backend_www_example_com #后端设置 backend backend_www_example_com option forwardfor header X-REAL-IP option httpchk HEAD / HTTP/1.0 #balance source如果想要轮训则改为roundrobin balance source server web-node1 192.168.39.202:8080 check inter 2000 rise 30 fall 15 server web-node2 192.168.39.203:8080 check inter 2000 rise 30 fall 15
编写haproxy的salt文件:
salt文件主要涉及到haproxy的安装引用、对配置文件的下发、haproxy的服务启动等功能。
[root@centos cluster]# vim haproxy-outside.sls include: #include haproxy的安装文件 - haproxy.install haproxy-service: file.managed: #将source执行的haproxy配置文件,存放到name指定路径下 - name: /etc/haproxy/haproxy.cfg - source: salt://cluster/files/haproxy-outside.cfg - user: root - group: root - mode: 644 service.running: #启动haproxy服务 - name: haproxy - enable: True - reload: True #允许reload服务 - require: - cmd: haproxy-init #引用haproxy目录下install文件中的haproxy-init标签 - watch: #通过watch状态监控,如果配置文件发生改变 就reload - file: haproxy-service #haproxy-servcie标签下的file模块
注:此文件依赖于haproxy目录下的install.sls文件。
现在,可以编写top file文件,让其两个haproxy节点能够正常运行服务:
[root@centos cluster]# cd /srv/salt/base/
[root@centos base]# vim top.sls base: '*': - init.env_init prod: 'centos-test1': - cluster.haproxy-outside 'centos-test2': - cluster.haproxy-outside
编写完top file文件可以,执行高级模式来执行salt文件:
[root@centos base]# salt '*' state.highstate
可以看到已经执行成功,成功21项状态。
现在,我们可以通过浏览器访问haproxy管理界面:
在这里由于/var/www/html没有页面信息,健康检查会显示异常,所以需要在两个节点上创建html文件信息。
[root@centos-test1:/root] # echo ‘centos-test1’ > /var/www/html/index.html [root@centos-test2:/root] # echo ‘centos-test2’ > /var/www/html/index.html
三、功能模块之keepalived的安装
在keepalived安装之前,我们首先需要准备keepalived的安装包、启动脚本以及配置文件等。我们需要将所有的这些东西都放到keepalived/files目录下。
创建keepalived的相关目录:
[root@centos etc]# mkdir /srv/salt/prod/keepalived [root@centos etc]# mkdir /srv/salt/prod/keepalived/files
拷贝keepalived的相关文件:
[root@centos etc]# cp init.d/keepalived.init /srv/salt/prod/keepalived/files/ [root@centos etc]# cp keepalived/keepalived.conf /srv/salt/prod/keepalived/files/
keepalived.init-keepalived的启动脚本
#!/bin/sh
#
# Startup script for the Keepalived daemon
#
# processname: keepalived
# pidfile: /var/run/keepalived.pid
# config: /etc/keepalived/keepalived.conf
# chkconfig: - 21 79
# description: Start and stop Keepalived
# Source function library
. /etc/rc.d/init.d/functions
# Source configuration file (we set KEEPALIVED_OPTIONS there)
. /etc/sysconfig/keepalived
RETVAL=0
prog="keepalived"
start() {
echo -n $"Starting $prog: "
daemon /usr/local/keepalived/sbin/keepalived ${KEEPALIVED_OPTIONS}
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
}
stop() {
echo -n $"Stopping $prog: "
killproc keepalived
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog
}
reload() {
echo -n $"Reloading $prog: "
killproc keepalived -1
RETVAL=$?
echo
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
stop
start
;;
condrestart)
if [ -f /var/lock/subsys/$prog ]; then
stop
start
fi
;;
status)
status keepalived
RETVAL=$?
;;
*)
echo "Usage: $0 {start|stop|reload|restart|condrestart|status}"
RETVAL=1
esac
exit $RETVAL
keepalived.conf-keepalived的配置文件:
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
[email protected]
[email protected]
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.200.16
192.168.200.17
192.168.200.18
}
}
virtual_server 192.168.200.100 443 {
delay_loop 6
lb_algo rr
lb_kind NAT
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 192.168.201.100 443 {
weight 1
SSL_GET {
url {
path /
digest ff20ad2481f97b1754ef3e12ecd3a9cc
}
url {
path /mrtg/
digest 9b3a0c85a887a256d6939da88aabd8cd
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 10.10.10.2 1358 {
delay_loop 6
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
sorry_server 192.168.200.200 1358
real_server 192.168.200.2 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.200.3 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334c
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334c
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 10.10.10.3 1358 {
delay_loop 3
lb_algo rr
lb_kind NAT
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 192.168.200.4 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.200.5 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@centos keepalived]# cd /usr/local/keepalived/etc/sysconfig/ [root@centos sysconfig]# ls keepalived [root@centos sysconfig]# cp keepalived /srv/salt/prod/keepalived/files/keepalived.sysconfig
现在,我们查看files目录都有哪些东西:
[root@centos keepalived]# ls files/ keepalived-1.2.19.tar.gz keepalived.init keepalived.conf keepalived.sysconfig
准备好keepalived的相关文件之后,现在我们可以编写salt文件:
salt文件主要涉及到pkg-init脚本的引用,此脚本主要是解决安装前的依赖;keepalived-install标签用于安装keepalived;keepalived-init标签用于下发启动脚本以及将服务加入到系统启动中;/etc/sysconfg/keepalived标签用于下发配置文件到各个节点上。
[root@centos keepalived]# vim install.sls include: #引用pkg目录下pkg-init脚本 - pkg.pkg-init keepalived-install: file.managed: #file模块来拷贝keepalived的安装包 - name: /usr/local/src/keepalived-1.2.19.tar.gz - source: salt://keepalived/files/keepalived-1.2.19.tar.gz - usr: root - group: root - mode: 755 cmd.run: #cmd模块的- name函数来执行具体安装命令 - name: cd /usr/local/src && tar -zxf keepalived-1.2.19.tar.gz && cd keepalived-1.2.19 && ./configure --prefix=/usr/local/keepalived --disable-fwmark && make && make install - unless: test -d /usr/local/keepalived - require: #require状态依赖关系 - pkg: pkg-init - file: keepalived-install keepalived-init: file.managed: - name: /etc/init.d/keepalived - source: salt://keepalived/files/keepalived.init - usr: root - group: root - mode: 755 cmd.run: - name: chkconfig --add keepalived - unless: chkconfig --list | grep keepalived - require: - file: keepalived-init /etc/sysconfig/keepalived: file.managed: - source: salt://keepalived/files/keepalived.sysconfig - user: root - group: root - mode: 644 /etc/keepalived: file.directory: - user: root - group: root - mode: 755
目录文件结果为:
现在,我们开始执行salt文件:
[root@centos keepalived]# salt 'centos-test[1-2]' state.sls keepalived.install env=prod
四、业务引用之keepalived
同haproxy业务引用一样,我们同样在cluster目录下进行。
进入cluster目录:
[root@centos keepalived]# cd ../cluster/ [root@centos cluster]# pwd /srv/salt/prod/cluster
编写salt文件:
salt文件涉及到keepalived的安装的引用;每个节点的具体参数如何这里主要通过编写jiaja模版来实现每个节点参数的差异性。通过grains的fqdn来判断不同的主机名,实现不同主机不同参数。
[root@centos cluster]# vim haproxy-outside-keepalived.sls
include:
- keepalived.install
keepalived-service:
file.managed:
- name: /etc/keepalived/keepalived.conf
- source: salt://cluster/files/haproxy-outside-keepalived.conf
- user: root
- group: root
- mode: 644
- template: jinja
{% if grains['fqdn'] == 'centos-test1' %}
- ROUTEID: haproxy_ha
- STATEID: MASTER
- PRIORITYID: 150
{% elif grains['fqdn'] == 'centos-test2' %}
- ROUTEID: haproxy_ha
- STATEID: BACKUP
- PRIORITYID: 100
{% endif %}
service.running:
- name: keepalived
- enable: True
- watch:
- file: keepalived-service
keepalived差异性配置文件:
在keepalived安装脚本中,我们为了能够启动keepalived服务,我们在两个节点上都下发相同的keepalived配置文件,这次为了实现每个节点上的keepalived去配置不同的参数,需要下发一份差异性配置文件。
[root@centos cluster]# vim /srv/salt/prod/cluster/files/haproxy-outside-keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id {{ROUTEID}} # jinja模板变量
}
vrrp_instance haproxy_ha {
state {{STATEID}} # jinja模板变量
interface eth0
virtual_router_id 36
priority {{PRIORITYID}} # jinja模板变量
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.39.100
}
}
编写top文件:
将业务引用模块keepalived的haprox-outside-keepalived导入。
[root@centos base]# pwd /srv/salt/base [root@centos base]# ls init tmp top.sls
[root@centos base]# vim top.sls base: '*': - init.env_init prod: 'centos-test1': - cluster.haproxy-outside - cluster.haproxy-outside-keepalived 'centos-test2': - cluster.haproxy-outside - cluster.haproxy-outside-keepalived
通过salt高级模式执行:
[root@centos base]# salt '*' state.highstate
四、后端线上服务
完成前端高可用之后,我们就可以去完成线上服务了。线上服务包括nginx、php、memache、mysql等的安装及配置。
一、功能模块之nginx安装
创建nginx安装目录:
[root@centos ~]# mkdir /srv/salt/prod/nginx/
[root@centos ~]# mkdir /srv/salt/prod/nginx/files
将nginx安装包和脚本拷贝到files目录下
[root@centos nginx]# ls files/
解决安装nginx依赖关系:
[root@centos prod]# cat pkg/pkg-nginx.sls pkg-nginx: pkg.installed: - names: - openssl-devel - pcre-devel - zlib-devel
编写nginx安装sls文件:
[root@centos nginx]# pwd /srv/salt/prod/nginx
[root@centos nginx]# vim install.sls include: - pkg.pkg-nginx /usr/local/src: file.directory: - user: root - group: root - mode: 755 nginx-install: file.managed: - name: /usr/local/src/nginx-1.13.8.tar.gz - source: salt://nginx/files/nginx-1.13.8.tar.gz - user: root - group: root - mode: 755 cmd.run: - name: cd /usr/local/src/ && tar -zxf nginx-1.13.8.tar.gz && cd nginx-1.13.8 && ./configure --prefix=/usr/local/nginx && make && make install - unless: test -d /usr/local/nginx - require: - pkg: pkg-nginx - file: nginx-install nginx-init: file.managed: - name: /etc/init.d/nginx - source: salt://nginx/files/nginx.init - user: root - group: root - mode: 755 cmd.run: - name: chkconfig --add nginx - unless: chkconfig --list | grep nginx - require: - file: nginx-init /etc/nginx: file.directory: - user: root - group: root - mode: 755
目录结果为:
执行安装:
[root@centos prod]# salt 'centos-test[3-4]' state.sls nginx.install env=prod
二、业务模块之nginx配置管理
创建app目录用户nginx及php配置文件管理:
[root@centos ~]# mkdir /srv/salt/prod/app/ [root@centos ~]# mkdir /srv/salt/prod/app/files/ [root@centos ~]# mkdir /srv/salt/prod/app/files/nginx/ #用于存放nginx配置文件 [root@centos ~]# mkdir /srv/salt/prod/app/files/php/ #用于存放php配置文件
将需要的文件拷贝到files/nginx目录下:
i
编写sls文件进行配置文件管理下发:
[root@centos app]# ls files nginx.sls php.sls
[root@centos app]# vim nginx.sls
include:
- nginx.install
{% for s in ["fastcgi_params","mime.types","nginx.conf"] %}
nginx-{{s}}:
file.managed:
- name: /etc/nginx/{{s}}
- source: salt://app/files/nginx/{{s}}
- user: root
- group: root
- template: jinja
- mode: 644
service.running:
- name: nginx
- enable: True
- watch:
- file: nginx-nginx.conf
{% endfor %}
注:引用jinja模版,将fastcgi_params、mime.types、nginx.conf三个相关文件下发到节点的同一目录下。
执行文件:
[root@centos app]# salt 'centos-test[3-4]' state.sls app.nginx env=prod
三、功能模块之php安装
创建php安装目录:
[root@centos ~]# mkdir /srv/salt/prod/php [root@centos ~]# mkdir /srv/salt/prod/php/files/
将安装包拷贝到files目录下:
[root@centos prod]# ls php/files/ php-5.4.40.tar.bz2
解决php安装的依赖关系:
[root@centos php]# cat ../pkg/pkg-php.sls pkg-php: pkg.installed: - names: - libxml2-devel
编写sls文件:
[root@centos php]# vim install.sls include: - pkg.pkg-php php-install: file.managed: - name: /usr/local/src/php-5.4.40.tar.bz2 - source: salt://php/files/php-5.4.40.tar.bz2 - user: root - group: root - mode: 755 cmd.run: - name: cd /usr/local/src/ && tar xf php-5.4.40.tar.bz2 && cd php-5.4.40 && ./configure --prefix=/usr/local/php --enable-fpm --with-openssl && make && make install - unless: test -d /usr/local/php - require: - pkg: pkg-php - file: php-install
执行安装:
[root@centos prod]# salt 'centos-test[3-4]' state.sls php.install env=prod
四、业务模块之php配置管理
app目录结构:
php文件下发脚本内容为:
[root@centos app]# cat php.sls include: - php.install php-ini: file.managed: - name: /etc/php.ini - source: salt://app/files/php/php.ini - user: root - group: root - mode: 644 php-fpm-conf: file.managed: - name: /usr/local/php/etc/php-fpm.conf - source: salt://app/files/php/php-fpm.conf - user: root - group: root - mode: 644 php-init: file.managed: - name: /etc/init.d/php-fpm - source: salt://app/files/php/php-fpm.init - user: root - group: root - mode: 755 cmd.run: - name: chkconfig --add php-fpm - unless: chkconfig --list | grep php-fpm - require: - file: php-init service.running: - name: php-fpm - enable: True - watch: - file: php-ini
执行配置下发:
[root@centos app]# salt 'centos-test[3-4]' state.sls app.php env=prod
现在,将nginx.sls和php,sls写入top file文件:
[root@centos app]# cd /srv/salt/base/ [root@centos base]# ls init _modules tmp top.sls
编写top文件:
[root@centos base]# vim top.sls base: '*': - init.env_init prod: 'centos-test1': - cluster.haproxy-outside - cluster.haproxy-outside-keepalived 'centos-test2': - cluster.haproxy-outside - cluster.haproxy-outside-keepalived 'centos-test3': - app.nginx - app.php 'centos-test4': - app.nginx - app.php
五、Memcach安装
memcach通过yum来进行安装,创建memcache目录:
[root@centos base]# cd /srv/salt/prod/ [root@centos prod]# ls app cluster haproxy keepalived nginx php pkg [root@centos prod]# mkdir memcache [root@centos prod]# ls app cluster haproxy keepalived memcache nginx php pkg [root@centos prod]# cd memcache/
编写sls文件:
[root@centos memcache]# vim install.sls #memcache pkg install install-memcached: pkg.installed: - names: - memcached - php-pecl-memcache service.running: - name: memcached - enable: True #restart-phpfpm: restart-phpfpm: cmd.run: - names: - /etc/init.d/php-fpm restart
执行安装:
[root@centos memcache]# salt 'centos-test4' state.sls memcache.install env=prod
注:192.168.39.203作为memcache服务器
编写top file文件,将memcache安装脚本导入:
[root@centos ~]# cd /srv/salt/base/
[root@centos base]# vim top.sls base: '*': - init.env_init prod: 'centos-test1': - cluster.haproxy-outside - cluster.haproxy-outside-keepalived 'centos-test2': - cluster.haproxy-outside - cluster.haproxy-outside-keepalived 'centos-test3': - app.nginx - app.php 'centos-test4': - app.nginx - app.php - memcache.install
高级模式下执行sls:
[root@centos ~]# salt '*' state.highstate
注:mysql部分由于环境没有了没能再次更新博客,可以借鉴keeplived去下发文件,或者添加更加灵活的jinja模块去动态下发配置文件。