- 系统架构图
一、初始化
1、salt环境配置,定义基础环境、生产环境(base、prod)
|
1
2
3
4
5
6
7
8
9
10
|
vim
/etc/salt/master
修改file_roots
file_roots:
base:
-
/srv/salt/base
prod:
-
/srv/salt/prod
mkdir
-p
/srv/salt/base
mkdir
-p
/srv/salt/prod
|
pillar配置
|
1
2
3
4
5
6
7
8
9
10
|
vim
/etc/salt/master
修改pillar_roots
pillar_roots:
base:
-
/srv/pillar/base
pord:
-
/srv/pillar/prod
mkdir
-p
/srv/pillar/base
mkdir
-p
/srv/pillar/prod
|
服务重启 systemctl restart salt-master
2、salt base环境初始化:
|
1
2
|
mkdir
-p
/srv/salt/base/init
# 环境初始化目录
mkdir
-p
/srv/salt/base/init/files
# 配置文件目录
|
1)dns配置
准备dns配置文件,放入/srv/salt/base/init/files目录下
cp /etc/resolv.conf /srv/salt/base/init/files/
|
1
2
3
4
5
6
7
|
vi
/srv/salt/base/init/dns
.sls
/etc/resolv
.conf:
file
.managed:
-
source
: salt:
//init/files/resolv
.conf
- user: root
- gourp: root
- mode: 644
|
2)histroy记录时间
|
1
2
3
4
5
|
vi
/srv/salt/base/init/history
.sls
/etc/profile
:
file
.append:
- text:
-
export
HISTTIMEFORMAT=
"%F %T `whoami` "
|
3)记录命令操作
|
1
2
3
4
5
|
vi
/srv/salt/base/init/audit
.sls
/etc/bashrc
:
file
.append:
- text:
-
export
PROMPT_COMMAND=
'{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }'
|
4)内核参数优化
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
vi
/srv/salt/base/init/sysctl
.sls
net.ipv4.ip_local_port_range:
sysctl.present:
- value: 10000 65000
fs.
file
-max:
sysctl.present:
- value: 2000000
net.ipv4.ip_forward:
sysctl.present:
- value: 1
vm.swappiness:
sysctl.present:
- value: 0
|
5)安装yum仓库
|
1
2
3
4
5
6
|
vi
/srv/salt/base/init/epel
.sls
yum_repo_release:
pkg.installed:
- sources:
- epel-release: http:
//mirrors
.aliyun.com
/epel/epel-release-latest-7
.noarch.rpm
- unless: rpm -qa |
grep
epel-release-latest-7
|
6)安装zabbix-agent
准备zabbix-agent配置文件,放入/srv/salt/base/init/files目录下
cp /etc/zabbix/zabbix_agentd.conf /srv/salt/base/init/files/
修改 vi /etc/zabbix/zabbix_agentd.conf
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
vi
/srv/salt/base/init/zabbix_agent
.sls
zabbix-agent:
pkg.installed:
- name: zabbix-agent
file
.managed:
- name:
/etc/zabbix/zabbix_agentd
.conf
-
source
: salt:
//init/files/zabbix_agentd
.conf
- template: jinja
- backup: minion
- defaults:
Server: {{ pillar[
'zabbix-agent'
][
'Zabbix_Server'
] }}
Hostname: {{ grains[
'fqdn'
] }}
- require:
- pkg: zabbix-agent
service.running:
-
enable
: True
-
watch
:
- pkg: zabbix-agent
-
file
: zabbix-agent
zabbix_agentd.d:
file
.directory:
- name:
/etc/zabbix/zabbix_agentd
.d
- watch_in:
- service: zabbix-agent
- require:
- pkg: zabbix-agent
-
file
: zabbix-agent
|
备注:“- backup: minion”表示备份,如果文件改动,会将之前的文件备份到/var/cache/salt/file_backup目录下
7)编写init.sls总文件,引用其它文件
|
1
2
3
4
5
6
7
8
|
vi
/srv/salt/base/init/init
.sls
include:
- init.dns
- init.
history
- init.audit
- init.sysctl
- init.epel
- init.zabbix_agent
|
执行命令: salt "*" state.sls init.init
执行结果
1 linux-node1.example.com: 2 ---------- 3 ID: /etc/resolv.conf 4 Function: file.managed 5 Result: True 6 Comment: File /etc/resolv.conf is in the correct state 7 Started: 04:39:32.998314 8 Duration: 181.548 ms 9 Changes: 10 ---------- 11 ID: /etc/profile 12 Function: file.append 13 Result: True 14 Comment: File /etc/profile is in correct state 15 Started: 04:39:33.180034 16 Duration: 6.118 ms 17 Changes: 18 ---------- 19 ID: /etc/bashrc 20 Function: file.append 21 Result: True 22 Comment: Appended 1 lines 23 Started: 04:39:33.186266 24 Duration: 6.608 ms 25 Changes: 26 ---------- 27 diff: 28 --- 29 30 +++ 31 32 @@ -90,3 +90,4 @@ 33 34 unset -f pathmunge 35 fi 36 # vim:ts=4:sw=4 37 +export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }' 38 ---------- 39 ID: net.ipv4.ip_local_port_range 40 Function: sysctl.present 41 Result: True 42 Comment: Updated sysctl value net.ipv4.ip_local_port_range = 10000 65000 43 Started: 04:39:33.261448 44 Duration: 212.528 ms 45 Changes: 46 ---------- 47 net.ipv4.ip_local_port_range: 48 10000 65000 49 ---------- 50 ID: fs.file-max 51 Function: sysctl.present 52 Result: True 53 Comment: Updated sysctl value fs.file-max = 2000000 54 Started: 04:39:33.474197 55 Duration: 122.497 ms 56 Changes: 57 ---------- 58 fs.file-max: 59 2000000 60 ---------- 61 ID: net.ipv4.ip_forward 62 Function: sysctl.present 63 Result: True 64 Comment: Updated sysctl value net.ipv4.ip_forward = 1 65 Started: 04:39:33.596905 66 Duration: 35.061 ms 67 Changes: 68 ---------- 69 net.ipv4.ip_forward: 70 1 71 ---------- 72 ID: vm.swappiness 73 Function: sysctl.present 74 Result: True 75 Comment: Updated sysctl value vm.swappiness = 0 76 Started: 04:39:33.632208 77 Duration: 36.226 ms 78 Changes: 79 ---------- 80 vm.swappiness: 81 0 82 ---------- 83 ID: yum_repo_release 84 Function: pkg.installed 85 Result: True 86 Comment: All specified packages are already installed 87 Started: 04:39:39.085699 88 Duration: 12627.626 ms 89 Changes: 90 ---------- 91 ID: zabbix-agent 92 Function: pkg.installed 93 Result: True 94 Comment: Package zabbix-agent is already installed 95 Started: 04:39:51.713592 96 Duration: 6.677 ms 97 Changes: 98 ---------- 99 ID: zabbix-agent 100 Function: file.managed 101 Name: /etc/zabbix/zabbix_agentd.conf 102 Result: True 103 Comment: File /etc/zabbix/zabbix_agentd.conf updated 104 Started: 04:39:51.720994 105 Duration: 152.077 ms 106 Changes: 107 ---------- 108 diff: 109 --- 110 +++ 111 @@ -90,7 +90,7 @@ 112 # 113 # Mandatory: no 114 # Default: 115 -Server={{ Server }} 116 +Server=192.168.137.11 117 118 ### Option: ListenPort 119 # Agent will listen on this port for connections from the server. 120 ---------- 121 ID: zabbix_agentd.d 122 Function: file.directory 123 Name: /etc/zabbix/zabbix_agentd.d 124 Result: True 125 Comment: Directory /etc/zabbix/zabbix_agentd.d is in the correct state 126 Started: 04:39:51.875082 127 Duration: 0.908 ms 128 Changes: 129 ---------- 130 ID: zabbix-agent 131 Function: service.running 132 Result: True 133 Comment: Service restarted 134 Started: 04:39:51.932698 135 Duration: 205.223 ms 136 Changes: 137 ---------- 138 zabbix-agent: 139 True 140 141 Summary for linux-node1.example.com 142 ------------- 143 Succeeded: 12 (changed=7) 144 Failed: 0 145 ------------- 146 Total states run: 12 147 Total run time: 13.593 s 148 linux-node2.example.com: 149 ---------- 150 ID: /etc/resolv.conf 151 Function: file.managed 152 Result: True 153 Comment: File /etc/resolv.conf is in the correct state 154 Started: 12:46:38.639870 155 Duration: 182.254 ms 156 Changes: 157 ---------- 158 ID: /etc/profile 159 Function: file.append 160 Result: True 161 Comment: Appended 1 lines 162 Started: 12:46:38.822236 163 Duration: 3.047 ms 164 Changes: 165 ---------- 166 diff: 167 --- 168 169 +++ 170 171 @@ -74,3 +74,4 @@ 172 173 174 unset i 175 unset -f pathmunge 176 +export HISTTIMEFORMAT="%F %T `whoami` " 177 ---------- 178 ID: /etc/bashrc 179 Function: file.append 180 Result: True 181 Comment: Appended 1 lines 182 Started: 12:46:38.825423 183 Duration: 3.666 ms 184 Changes: 185 ---------- 186 diff: 187 --- 188 189 +++ 190 191 @@ -90,3 +90,4 @@ 192 193 unset -f pathmunge 194 fi 195 # vim:ts=4:sw=4 196 +export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }' 197 ---------- 198 ID: net.ipv4.ip_local_port_range 199 Function: sysctl.present 200 Result: True 201 Comment: Updated sysctl value net.ipv4.ip_local_port_range = 10000 65000 202 Started: 12:46:39.011409 203 Duration: 132.499 ms 204 Changes: 205 ---------- 206 net.ipv4.ip_local_port_range: 207 10000 65000 208 ---------- 209 ID: fs.file-max 210 Function: sysctl.present 211 Result: True 212 Comment: Updated sysctl value fs.file-max = 2000000 213 Started: 12:46:39.144117 214 Duration: 33.556 ms 215 Changes: 216 ---------- 217 fs.file-max: 218 2000000 219 ---------- 220 ID: net.ipv4.ip_forward 221 Function: sysctl.present 222 Result: True 223 Comment: Updated sysctl value net.ipv4.ip_forward = 1 224 Started: 12:46:39.177821 225 Duration: 43.489 ms 226 Changes: 227 ---------- 228 net.ipv4.ip_forward: 229 1 230 ---------- 231 ID: vm.swappiness 232 Function: sysctl.present 233 Result: True 234 Comment: Updated sysctl value vm.swappiness = 0 235 Started: 12:46:39.221788 236 Duration: 39.882 ms 237 Changes: 238 ---------- 239 vm.swappiness: 240 0 241 ---------- 242 ID: yum_repo_release 243 Function: pkg.installed 244 Result: True 245 Comment: All specified packages are already installed 246 Started: 12:46:47.608597 247 Duration: 13989.554 ms 248 Changes: 249 ---------- 250 ID: zabbix-agent 251 Function: pkg.installed 252 Result: True 253 Comment: Package zabbix-agent is already installed 254 Started: 12:47:01.598548 255 Duration: 1.265 ms 256 Changes: 257 ---------- 258 ID: zabbix-agent 259 Function: file.managed 260 Name: /etc/zabbix/zabbix_agentd.conf 261 Result: True 262 Comment: File /etc/zabbix/zabbix_agentd.conf updated 263 Started: 12:47:01.600712 264 Duration: 82.425 ms 265 Changes: 266 ---------- 267 diff: 268 --- 269 +++ 270 @@ -90,8 +90,6 @@ 271 # 272 # Mandatory: no 273 # Default: 274 -# Server= 275 - 276 Server=192.168.137.11 277 278 ### Option: ListenPort 279 @@ -117,7 +115,7 @@ 280 # Mandatory: no 281 # Range: 0-100 282 # Default: 283 -StartAgents=3 284 +# StartAgents=3 285 286 ##### Active checks related 287 288 @@ -133,7 +131,7 @@ 289 # Default: 290 # ServerActive= 291 292 -#ServerActive=192.168.137.11 293 +ServerActive=192.168.137.11 294 295 ### Option: Hostname 296 # Unique, case sensitive hostname. 297 @@ -144,7 +142,7 @@ 298 # Default: 299 # Hostname= 300 301 -Hostname=linux-node2 302 +Hostname=Zabbix server 303 304 ### Option: HostnameItem 305 # Item used for generating Hostname if it is undefined. Ignored if Hostname is defined. 306 @@ -174,7 +172,7 @@ 307 # 308 # Mandatory: no 309 # Default: 310 -HostMetadataItem=system.uname 311 +# HostMetadataItem= 312 313 ### Option: RefreshActiveChecks 314 # How often list of active checks is refreshed, in seconds. 315 ---------- 316 ID: zabbix_agentd.d 317 Function: file.directory 318 Name: /etc/zabbix/zabbix_agentd.d 319 Result: True 320 Comment: Directory /etc/zabbix/zabbix_agentd.d is in the correct state 321 Started: 12:47:01.684357 322 Duration: 0.93 ms 323 Changes: 324 ---------- 325 ID: zabbix-agent 326 Function: service.running 327 Result: True 328 Comment: Service restarted 329 Started: 12:47:01.751277 330 Duration: 275.781 ms 331 Changes: 332 ---------- 333 zabbix-agent: 334 True 335 336 Summary for linux-node2.example.com 337 ------------- 338 Succeeded: 12 (changed=8) 339 Failed: 0 340 ------------- 341 Total states run: 12 342 Total run time: 14.788 s
8)创建top文件
|
1
2
3
4
|
vi
/srv/salt/base/top
.sls
base:
'*'
:
- init.init
|
测试 salt "*" state.highstate test=True
执行 salt "*" state.highstate
3、pillar base初始化
1)zabbix agent配置,指定zabbix server地址,用于sls文件引用
|
1
2
3
4
|
mkdir
-p
/srv/pillar/base/zabbix
vi
/srv/pillar/base/zabbix/agent
.sls
zabbix-agent:
Zabbix_Server: 192.168.137.11
|
编写top,引用/srv/pillar/base/zabbix/agent文件
|
1
2
3
4
|
vi
/srv/pillar/base/top
.sls
base:
'*'
:
- zabbix.agent
|
测试 salt '*' pillar.items
二、haproxy
官网 http://www.haproxy.com/
|
1
2
3
4
5
6
7
8
9
|
mkdir
-p
/srv/salt/prod/modules/haproxy
mkdir
-p
/srv/salt/prod/modules/keepalived
mkdir
-p
/srv/salt/prod/modules/memcached
mkdir
-p
/srv/salt/prod/modules/nginx
mkdir
-p
/srv/salt/prod/modules/php
mkdir
-p
/srv/salt/prod/modules/pkg
mkdir
-p
/srv/salt/prod/cluster
mkdir
-p
/srv/salt/prod/modules/haproxy/files/
mkdir
-p
/srv/salt/prod/cluster/files
|
1)系统gcc编译包等
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
vi
/srv/salt/prod/pkg/make
.sls
make
-pkg:
pkg.installed:
- names:
-
gcc
-
gcc
-c++
- glibc
-
make
- autoconf
- openssl
- openssl-devel
- pcre
- pcre-devel
|
2) 自安装
|
1
2
3
4
5
6
|
cd
/usr/local/src
tar
xvf haproxy-1.6.3.
tar
.gz
cd
haproxy-1.6.3/
make
TARGET=linux2628 PREFIX=
/usr/local/haproxy-1
.6.3
make
install
PREFIX=
/usr/local/haproxy-1
.6.3
ln
-s
/usr/local/haproxy-1
.6.3
/usr/local/haproxy
|
修改启动脚本,放入salt下
|
1
2
3
|
vi
/usr/local/src/haproxy-1
.6.3
/examples/haproxy
.init
BIN=
/usr/local/haproxy/sbin/
$BASENAME
cp
/usr/local/src/haproxy-1
.6.3
/examples/haproxy
.init
/srv/salt/prod/modules/haproxy/files/
|
haproxy-1.6.3.tar.gz安装包放入/srv/salt/prod/modules/haproxy/files/目录下
3)创建install.sls文件,用于安装haproxy
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
vi
/srv/salt/prod/modules/haproxy/install
.sls
include:
- modules.pkg.
make
haproxy-
install
:
file
.managed:
- name:
/usr/local/src/haproxy-1
.6.3.
tar
.gz
-
source
: salt:
//modules/haproxy/files/haproxy-1
.6.3.
tar
.gz
- mode: 755
- user: root
- group: root
cmd.run:
- name:
cd
/usr/local/src
&&
tar
zxf haproxy-1.6.3.
tar
.gz &&
cd
haproxy-1.6.3 &&
make
TARGET=linux2628 PREFIX=
/usr/local/haproxy-1
.6.3 &&
make
install
PREFIX=
/usr/local/haproxy-1
.6.3 &&
ln
-s
/usr/local/haproxy-1
.6.3
/usr/local/haproxy
- unless:
test
-L
/usr/local/haproxy
- require:
- pkg:
make
-pkg
-
file
: haproxy-
install
haproxy-init:
file
.managed:
- name:
/etc/init
.d
/haproxy
-
source
: salt:
//modules/haproxy/files/haproxy
.init
- mode: 755
- user: root
- group: root
- require_in:
-
file
: haproxy-
install
cmd.run:
- name: chkconfig --add haproxy
- unless: chkconfig --list|
grep
haproxy
net.ipv4.ip_nonlocal_bind:
sysctl.present:
- value: 1
haproxy-config-
dir
:
file
.directory:
- name:
/etc/haproxy
- mode: 755
- user: root
- group: root
|
备注: “- unless” 如果unless后面的命令返回为True,那么就不执行当前状态命令
4)创建haproxy配置文件
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
vi
/srv/salt/prod/cluster/files/haproxy-outside
.cfg
global
maxconn 100000
chroot
/usr/local/haproxy
uid 99
gid 99
daemon
nbproc 1
pidfile
/usr/local/haproxy/logs/haproxy
.pid
log 127.0.0.1 local3 info
defaults
option http-keep-alive
maxconn 100000
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
listen stats
mode http
bind 0.0.0.0:8888
stats
enable
stats uri
/haproxy-status
stats auth haproxy:saltstack
frontend frontend_www_example_com
bind 192.168.137.21:80
mode http
option httplog
log global
default_backend backend_www_example_com
backend backend_www_example_com
option forwardfor header X-REAL-IP
option httpchk HEAD / HTTP
/1
.0
balance
source
server web-node1 192.168.137.11:8080 check inter 2000 rise 30 fall 15
server web-node2 192.168.137.12:8080 check inter 2000 rise 30 fall 15
|
创建haproxy-outside.sls文件,用于配置haproxy
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
vi
/srv/salt/prod/cluster/haproxy-outside
.sls
include:
- modules.haproxy.
install
haproxy-service:
file
.managed:
- name:
/etc/haproxy/haproxy
.cfg
-
source
: salt:
//cluster/files/haproxy-outside
.cfg
- user: root
- group: root
- mode: 644
service.running:
- name: haproxy
-
enable
: True
- reload: True
- require:
- cmd: haproxy-
install
-
watch
:
-
file
: haproxy-service
|
5)配置top file
|
1
2
3
4
5
6
7
|
vi
/srv/pillar/base/top
.sls
base:
'*'
:
- zabbix.agent
prod:
'linux-node*'
:
- cluster.haproxy-outside
|
测试 salt "*" state.highstate test=True
执行 salt "*" state.highstate
结果:
三、keepalived
1)创建files目录,将keepalived-1.2.17.tar.gz安装包、keepalived.sysconfig、keepalived.init放入
|
1
|
mkdir
-p
/srv/salt/prod/modules/keepalived/files
|
2)创建install.sls文件
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
vi
/srv/salt/prod/modules/keepalived/install
.sls
{%
set
keepalived_tar =
'keepalived-1.2.17.tar.gz'
%}
{%
set
keepalived_source =
'salt://modules/keepalived/files/keepalived-1.2.17.tar.gz'
%}
keepalived-
install
:
file
.managed:
- name:
/usr/local/src/
{{ keepalived_tar }}
-
source
: {{ keepalived_source }}
- mode: 755
- user: root
- group: root
cmd.run:
- name:
cd
/usr/local/src
&&
tar
zxf {{ keepalived_tar }} &&
cd
keepalived-1.2.17 && .
/configure
--prefix=
/usr/local/keepalived
--disable-fwmark &&
make
&&
make
install
- unless:
test
-d
/usr/local/keepalived
- require:
-
file
: keepalived-
install
/etc/sysconfig/keepalived
:
file
.managed:
-
source
: salt:
//modules/keepalived/files/keepalived
.sysconfig
- mode: 644
- user: root
- group: root
/etc/init
.d
/keepalived
:
file
.managed:
-
source
: salt:
//modules/keepalived/files/keepalived
.init
- mode: 755
- user: root
- group: root
keepalived-init:
cmd.run:
- name: chkconfig --add keepalived
- unless: chkconfig --list |
grep
keepalived
- require:
-
file
:
/etc/init
.d
/keepalived
/etc/keepalived
:
file
.directory:
- user: root
- group: root
|
执行命令:salt '*' state.sls modules.keepalived.install saltenv=prod
3)创建keepalived配置文件haproxy-outside-keepalived.conf
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
! Configuration File
for
keepalived
global_defs {
notification_email {
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id {{ROUTEID}}
}
vrrp_instance haproxy_ha {
state {{STATEID}}
interface eth0
virtual_router_id 36
priority {{PRIORITYID}}
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.137.21
}
}
|
创建haproxy-outside-keepalived.sls
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
vi
/srv/salt/prod/cluster/haproxy-outside-keepalived
.sls
include:
- modules.keepalived.
install
keepalived-server:
file
.managed:
- name:
/etc/keepalived/keepalived
.conf
-
source
: salt:
//cluster/files/haproxy-outside-keepalived
.conf
- mode: 644
- user: root
- group: root
- template: jinja
{%
if
grains[
'fqdn'
] ==
'linux-node1.example.com'
%}
- ROUTEID: haproxy_ha
- STATEID: MASTER
- PRIORITYID: 150
{%
elif
grains[
'fqdn'
] ==
'linux-node2.example.com'
%}
- ROUTEID: haproxy_ha
- STATEID: BACKUP
- PRIORITYID: 100
{% endif %}
service.running:
- name: keepalived
-
enable
: True
-
watch
:
-
file
: keepalived-server
|
4)将keepalived加入top FILE
|
1
2
3
4
5
6
7
8
|
vi
/srv/salt/base/top
.sls
base:
'*'
:
- init.init
prod:
'linux-node*'
:
- cluster.haproxy-outside
- cluster.haproxy-outside-keepalived
|
测试 salt "*" state.highstate test=True
执行 salt "*" state.highstate