Saltstack部署keepalived高可用
实验环境:
server6 172.25.0.122 (keepalived haproxy)
server7 172.25.0.123 (httpd)
server8 172.25.0.124 (nginx)
server9 172.25.0.125 (keepalived haproxy)
[root@server6 ~]# cd /srv/salt/
[root@server6 salt]# mkdir keepalived
[root@server6 salt]# cd keepalived
[root@server6 keepalived]# mkdir files
[root@server6 keepalived]# cd files/
[root@server6 files]# ls
keepalived-2.0.6.tar.gz
编写安装脚本
[root@server6 keepalived]# vim install.sls
keepalived-install:
pkg.installed:
- pkgs:
- gcc
- pcre-devel
- openssl-devel
file.managed:
- name: /mnt/keepalived-2.0.6.tar.gz
- source: salt://keepalived/files/keepalived-2.0.6.tar.gz
cmd.run:
- name: cd /mnt && tar zxf keepalived-2.0.6.tar.gz && cd keepalived-2.0.6 && ./configure --prefix=/usr/local/keepalived --with-init=SYSV &> /dev/null && make &> /dev/null && make install &> /dev/null
- creates: /usr/local/keepalived
推送
[root@server6 keepalived-2.0.6]# salt server6 state.sls keepalived.install
server6:
----------
ID: keepalived-install
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 19:31:52.627068
Duration: 373.621 ms
Changes:
----------
ID: keepalived-install
Function: file.managed
Name: /mnt/keepalived-2.0.6.tar.gz
Result: True
Comment: File /mnt/keepalived-2.0.6.tar.gz is in the correct state
Started: 19:31:53.002126
Duration: 49.933 ms
Changes:
----------
ID: keepalived-install
Function: cmd.run
Name: cd /mnt && tar zxf keepalived-2.0.6.tar.gz && cd keepalived-2.0.6 && ./configure --prefix=/usr/local/keepalived --with-init=SYSV &> /dev/null && make &> /dev/null && make install &> /dev/null
Result: True
Comment: /usr/local/keepalived exists
Started: 19:31:53.052648
Duration: 0.335 ms
Changes:
Summary for server6
------------
Succeeded: 3
Failed: 0
------------
Total states run: 3
Total run time: 423.889 ms
编辑keepalived配置文件及启动脚本
[root@server6 init.d]# cd /usr/local/keepalived/
[root@server6 keepalived]# cd etc/rc.d/init.d/
[root@server6 init.d]# ls
keepalived
[root@server6 init.d]# scp keepalived server6:/srv/salt/keepalived/files/ //keepalived的调用脚本
[root@server6 etc]# pwd
/usr/local/keepalived/etc
[root@server6 etc]# cd keepalived/
[root@server6 keepalived]# ls
keepalived.conf samples
[root@server6 keepalived]# scp keepalived.conf server6:/srv/salt/keepalived/files/ //keepalived配置文件
修改安装脚本
[root@server6 keepalived]# salt server6 state.sls keepalived.install
keepalived-install:
pkg.installed:
- pkgs:
- gcc
- pcre-devel
- openssl-devel
file.managed:
- name: /mnt/keepalived-2.0.6.tar.gz
- source: salt://keepalived/files/keepalived-2.0.6.tar.gz
cmd.run:
- name: cd /mnt && tar zxf keepalived-2.0.6.tar.gz && cd keepalived-2.0.6 && ./configure --prefix=/usr/local/keepalived --with-init=SYSV &> /dev/null && make &> /dev/null && make install &> /dev/null
- creates: /usr/local/keepalived
/etc/keepalived:
file.directory:
- mode: 755
/etc/sysconfig/keepalived:
file.symlink: //制作软链接
- target: /usr/local/keepalived/etc/sysconfig/keepalived
/sbin/keepalived:
file.symlink:
- target: /usr/local/keepalived/sbin/keepalived
推送
[root@server6 keepalived]# salt server6 state.sls keepalived.install
server6:
----------
ID: /etc/keepalived
Function: file.directory
Result: True
Comment: Directory /etc/keepalived updated
Started: 19:50:29.758851
Duration: 0.546 ms
Changes:
----------
/etc/keepalived:
New Dir
----------
ID: /etc/sysconfig/keepalived
Function: file.symlink
Result: True
Comment: Created new symlink /etc/sysconfig/keepalived -> /usr/local/keepalived/etc/sysconfig/keepalived
Started: 19:50:29.759477
Duration: 0.934 ms
Changes:
----------
new:
/etc/sysconfig/keepalived
----------
ID: /sbin/keepalived
Function: file.symlink
Result: True
Comment: Created new symlink /sbin/keepalived -> /usr/local/keepalived/sbin/keepalived
Started: 19:50:29.760490
Duration: 74.754 ms
Changes:
----------
new:
/sbin/keepalived
Summary for server6
------------
Succeeded: 6 (changed=3)
Failed: 0
------------
Total states run: 6
Total run time: 504.930 ms
编写keepalived运行脚本并推送到server6上
[root@server6 keepalived]# vim service.sls
include:
- keepalived.install
/etc/keepalived/keepalived.conf:
file.managed:
- source: salt://keepalived/files/keepalived.conf
- template: jinja
- context:
STATE: {{ pillar['state'] }}
VRID: {{ pillar['vrid'] }}
PRIORITY: {{ pillar['priority'] }}
keepalived-service:
file.managed:
- name: /etc/init.d/keepalived
- source: salt://keepalived/files/keepalived
- mode: 755
service.running:
- name: keepalived
- reload: True
- watch:
- file: /etc/keepalived/keepalived.conf
[root@server6 keepalived]# cd /srv/pillar/
[root@server6 pillar]# mkdir keepalived
[root@server6 pillar]# cd keepalived/
[root@server6 keepalived]# cp ../web/install.sls .
[root@server6 keepalived]# vim install.sls
{% if grains['fqdn'] == 'server6' %}
state: MASTER
vrid: 40
priority: 100
{% elif grains['fqdn'] == 'server9' %}
state: MASTER
vrid: 40
priority: 80
{% endif %}
编辑配置文件keepalived.conf
[root@server6 files]# vim keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state {{ STATE }}
interface eth0
virtual_router_id {{ VRID }}
priority {{ PRIORITY }}
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.0.120/24
}
}
推送到server6
[root@server6 keepalived]# salt server6 state.sls keepalived.service
----------
ID: keepalived-service
Function: file.managed
Name: /etc/init.d/keepalived
Result: True
Comment: File /etc/init.d/keepalived is in the correct state
Started: 22:51:41.844975
Duration: 24.662 ms
Changes:
----------
ID: keepalived-service
Function: service.running
Name: keepalived
Result: True
Comment: The service keepalived is already running
Started: 22:51:41.870340
Duration: 23.866 ms
Changes:
Summary for server6
------------
Succeeded: 9
Failed: 0
------------
Total states run: 9
Total run time: 491.928 ms
编辑top.sls一键推送
[root@server6 salt]# vim top.sls
base:
'server6':
- haproxy.service
- keepalived.service
'roles:apache':
- match: grain
- httpd.service
'roles:nginx':
- match: grain
- nginx.service
'server9':
- keepalived.service
- haproxy.service
[root@server6 salt]# salt '*' state.highstate
----------
ID: keepalived-service
Function: file.managed
Name: /etc/init.d/keepalived
Result: True
Comment: File /etc/init.d/keepalived updated
Started: 23:07:29.230790
Duration: 125.136 ms
Changes:
----------
diff:
New file
mode:
0755
----------
ID: keepalived-service
Function: service.running
Name: keepalived
Result: True
Comment: Started Service keepalived
Started: 23:07:29.365928
Duration: 124.092 ms
Changes:
----------
keepalived:
True
----------
ID: harpoxy-service
Function: service.running
Name: haproxy
Result: True
Comment: Service haproxy has been enabled, and is running
Started: 11:46:48.118296
Duration: 105.457 ms
Changes:
----------
haproxy:
True
Summary for server9
-------------
Succeeded: 19 (changed=10)
Failed: 0
-------------
Total states run: 19
Total run time: 29.134 s
查看Vip
[root@server6 salt]# ip addr
1: lo: mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:b3:78:44 brd ff:ff:ff:ff:ff:ff
inet 172.25.0.122/24 brd 172.25.0.255 scope global eth0
inet 172.25.0.120/24 scope global secondary eth0
inet6 fe80::5054:ff:feb3:7844/64 scope link
valid_lft forever preferred_lft forever
网页测试,访问VIP:http://172.25.0.120/
测试高可用,关闭Vip所在的keepalived
[root@server6 salt]# /etc/init.d/keepalived stop
Stopping keepalived: [ OK ]
vip自动转移到server9上
[root@server9 ~]# ip addr
1: lo: mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:84:88:c2 brd ff:ff:ff:ff:ff:ff
inet 172.25.0.125/24 brd 172.25.0.255 scope global eth0
inet 172.25.0.120/24 scope global secondary eth0
inet6 fe80::5054:ff:fe84:88c2/64 scope link
valid_lft forever preferred_lft forever
网页仍然可以正常访问,实现高可用。
