上篇文章讲了saltstack的初始化基础安装。
咱们在这里讲讲项目的部署。咱们以haproxy+keepalive+httpd 来实现web平台的集群部署。
1. 部署yum安装环境
这个安装环境是除了上一节初始化之外的yum安装包
[root@test1 pkg]# pwd
/srv/salt/prod/pkg
[root@test1 pkg]# cat pkg-init.sls
pkg-init:
pkg.installed:
- names:
- gcc
- gcc-c++
- glibc
- make
- autoconf
- openssl
- openssl-devel
大家可以测试一下啊
salt '*' state.sls pkg..pkg-init env=prod
答案是没问题的。
2. 部署haproxy
在部署之前,咱们想想如果让我们自己来弄,应该有几步。
a。下载软件包
b。 解压。安装
c。 修改配置文件
d。 修改启动文件
e。 启动。
没错了。咱们就按照这个思考方法来部署
[root@test1 haproxy]# pwd
/srv/salt/prod/haproxy
[root@test1 haproxy]# cat install.sls
include:
- pkg.pkg-init
haproxy-install:
file.managed:
- name: /usr/local/src/haproxy-1.5.3.tar.gz
- source: salt://haproxy/files/haproxy-1.5.3.tar.gz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src && tar zxf haproxy-1.5.3.tar.gz && cd haproxy-1.5.3 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
- unless: test -d /usr/local/haproxy
- require:
- pkg: pkg-init
- file: haproxy-install
haproxy-init:
file.managed:
- name: /etc/init.d/haproxy
- source: salt://haproxy/files/haproxy-init
- user: root
- group: root
- mode: 644
cmd.run:
- name: chkconfig --add haproxy
- unless: chkconfig --list | grep haproxy
- require:
- file: /etc/init.d/haproxy
net.ipv4.ip_nonlocal_bind:
sysctl.present:
- value: 1
haproxy-config-dir:
file.directory:
- name: /etc/haproxy
- mode: 755
- user: root
- group: root
我喜欢把启动脚本和安装脚本分开,上边只是定义了安装和开机启动项目,大。当然最后加的这两个说明一下
net.ipv4.ip_nonlocal_bind: 这个值是cat /proc/sys/net/ipv4/ip_nonlocal_bind 里边的值,默认是0 。改成1 。是为了在你的连接断开时,让你的服务也可以启动并绑定在一个指定的地址上。
haproxy-config-dir: 这个值是指定配置文件目录
这里要注意haproxy/files/haproxy-init 这个文件需要给执行权限。
当然上边定义的启动脚本的配置文件是这样写的。
[root@test1 files]# pwd
/srv/salt/prod/haproxy/files
[root@test1 files]# cat haproxy-init
######################################
#!/bin/sh
#
# chkconfig: - 85 15
# description: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited \
# for high availability environments.
# processname: haproxy
# config: /etc/haproxy/haproxy.cfg
# pidfile: /var/run/haproxy.pid
# Script Author: Simon Matter <[email protected]>
# Version: 2004060600
# Source function library.
if [ -f /etc/init.d/functions ]; then
. /etc/init.d/functions
elif [ -f /etc/rc.d/init.d/functions ] ; then
. /etc/rc.d/init.d/functions
else
exit 0
fi
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
# This is our service name
BASENAME=`basename $0`
if [ -L $0 ]; then
BASENAME=`find $0 -name $BASENAME -printf %l`
BASENAME=`basename $BASENAME`
fi
[ -f /etc/$BASENAME/$BASENAME.cfg ] || exit 1
RETVAL=0
start() {
/usr/local/haproxy/sbin/$BASENAME -c -q -f /etc/$BASENAME/$BASENAME.cfg
####这里必须和你安装haproxy的目录一致###
if [ $? -ne 0 ]; then
echo "Errors found in configuration file, check it with '$BASENAME check'."
return 1
fi
echo -n "Starting $BASENAME: "
daemon /usr/local/haproxy/sbin/$BASENAME -D -f /etc/$BASENAME/$BASENAME.cfg -p /var/run/$BASENAME.pid
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$BASENAME
return $RETVAL
}
stop() {
echo -n "Shutting down $BASENAME: "
killproc $BASENAME -USR1
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$BASENAME
[ $RETVAL -eq 0 ] && rm -f /var/run/$BASENAME.pid
return $RETVAL
}
restart() {
/usr/local/haproxy/sbin/$BASENAME -c -q -f /etc/$BASENAME/$BASENAME.cfg
if [ $? -ne 0 ]; then
echo "Errors found in configuration file, check it with '$BASENAME check'."
return 1
fi
stop
start
}
reload() {
/usr/local/haproxy/sbin/$BASENAME -c -q -f /etc/$BASENAME/$BASENAME.cfg
if [ $? -ne 0 ]; then
echo "Errors found in configuration file, check it with '$BASENAME check'."
return 1
fi
/usr/local/haproxy/sbin/$BASENAME -D -f /etc/$BASENAME/$BASENAME.cfg -p /var/run/$BASENAME.pid -sf $(cat /var/run/$BASENAME.pid)
}
check() {
/usr/local/haproxy/sbin/$BASENAME -c -q -V -f /etc/$BASENAME/$BASENAME.cfg
}
rhstatus() {
status $BASENAME
}
condrestart() {
[ -e /var/lock/subsys/$BASENAME ] && restart || :
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
reload)
reload
;;
condrestart)
condrestart
;;
status)
rhstatus
;;
check)
check
;;
*)
echo $"Usage: $BASENAME {start|stop|restart|reload|condrestart|status|check}"
exit 1
esac
exit $?
######################################
好了。到这里了,咱们就定义启动吧。
说到这里,有的朋友会问了,如果我们公司haproxy使用了很多,那如何定义呢。咱们在这里不妨以haproxy-oustside.sls来定义web集群通向外网的haproy
[root@test1 cluster]# pwd
/srv/salt/prod/cluster
[root@test1 cluster]# cat haproxy-outside.sls
include:
- haproxy.install
haproxy-service:
file.managed:
- name: /etc/haproxy/haproxy.cfg
- source: salt://cluster/files/haproxy-outside.cfg
- user: root
- group: root
- mode: 644
cmd.run:
- name: chmod +x /etc/init.d/haproxy
- require:
- file: haproxy-init
service.running:
- name: haproxy
- enable: True
- reload: True
- require:
- cmd: haproxy-init
- watch:
- file: haproxy-service
配置文件为:
[root@test1 files]# pwd
/srv/salt/prod/cluster/files
[root@test1 files]# cat haproxy-outside.cfg
######################################
global
maxconn 100000
chroot /usr/local/haproxy
uid 99
gid 99
daemon
nbproc 1
pidfile /usr/local/haproxy/logs/haproxy.pid
log 127.0.0.1 local3 info
defaults
option http-keep-alive
maxconn 100000
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
listen stats
mode http
bind 0.0.0.0:8888
stats enable
stats uri /haproxy-status
stats auth haproxy:saltstack
frontend frontend_www_example_com
bind 10.0.0.11:80
mode http
option httplog
log global
default_backend backend_www_example_com
backend backend_www_example_com
option forwardfor header X-REAL-IP
option httpchk HEAD / HTTP/1.0
balance source
server web-node1 10.0.0.7:8080 check inter 2000 rise 30 fall 15
server web-node2 10.0.0.8:8080 check inter 2000 rise 30 fall 15
######################################