saltstack自动化运维系列⑥SaltStack实践安装配置HAproxy

saltstack自动化运维系列⑥SaltStack实践安装配置HAproxy

下载haproxy1.6.2.tar.gz
下载地址：http://www.haproxy.org/download/1.6/src/

1、编写功能模块

①首先编写依赖安装模块

pkg.installed这个路径是相对于prod即在配置/etc/salt/master的file_roots路径的相对路径

同理如果在test环境下也是相对/srv/salt/test路径

# mkdir -p /srv/salt/prod/pkg /srv/salt/prod/haproxy /srv/salt/prod/haproxy/files 
# cd /srv/salt/prod/pkg

# cat pkg-init.sls 
pkg-init:
pkg.installed:
- names:
- gcc
- gcc-c++
- glibc
- make
- autoconf
- openssl
- openssl-devel

 

②编写HAproxy状态模块

如何写状态模块？
安装一遍，记录安装步骤
手动安装步骤：
①安装依赖
# yum install gcc gcc-c++ glibc make autoconf openssl openssl-devel
cd /usr/local/
tar -zxf haproxy-1.6.2.tar.gz
cd /usr/local/haproxy-1.6.2

2、将配置文件，启动文件等拷贝到/srv/salt/prod/haproxy/files下

①获取启动脚本，并copy到/srv/salt/prod/haproxy/files/

# mv haproxy-1.6.2.tar.gz /srv/salt/prod/haproxy/files/
# cd /srv/salt/prod/haproxy/files/
# tar zxf haproxy-1.6.2.tar.gz
# cd haproxy-1.6.2/examples/
# vim haproxy.init
BIN=/usr/local/haporxy/sbin/$BASENAME

# cp haproxy.init /srv/salt/prod/haproxy/files/

# cd /srv/salt/prod/haproxy/files
# rm -rf haproxy-1.6.2

 

②编写install.sls
不在这里写配置文件，是为了解耦。因为安装和启动时原子操作，在哪都必须，但是配置文件，在不同环境下是不一样的

# cd /srv/salt/prod/haproxy/
# vim install.sls

include:
- pkg.pkg-init
haproxy-install: 
file.managed: 
- name: /usr/local/src/haproxy-1.6.2.tar.gz
- source: salt://haproxy/files/haproxy-1.6.2.tar.gz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src && tar zxf haproxy-1.6.2.tar.gz && cd haproxy-1.6.2 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
- unless: test -d /usr/local/haproxy
- require:
- pkg: pkg-init
- file: haproxy-install
haproxy-init:
file.managed:
- name: /etc/init.d/haproxy
- source: salt://haproxy/files/haproxy.init
- user: root
- group: root
- mode: 755
- require:
- cmd: haproxy-install
cmd.run:
- name: chkconfig --add haproxy
- unless: chkconfig --list | grep haproxy
- require:
- file: /etc/init.d/haproxy
net.ipv4.ip_nonlocal_bind:
sysctl.present:
- value: 1
haproxy-config-dir:
file.directory:
- name: /etc/haproxy
- user: root
- group: root
- mode: 755

 

# salt '*' state.sls haproxy.install env=prod
注：
直接拷贝上面的配置文件执行可能会出错，建议进入vim状态后，使用set list命令，确保$符号和配置之间没有空格
并且层级关系是2、4、6个空格
建议先执行测试然后再实际配置修改
# salt '*' state.sls haproxy.install env=prod test=True

3、编写业务引用

①HAproxy配置文件

# mkdir -p /srv/salt/prod/cluster/files
# cd /srv/salt/prod/cluster/files/ 
# vim /srv/salt/prod/cluster/files/haproxy-outside.cfg
global
maxconn 100000
chroot /usr/local/haproxy
uid 99 
gid 99
daemon
nbproc 1
pidfile /usr/local/haproxy/logs/haproxy.pid
log 127.0.0.1 local3 info
defaults
option http-keep-alive
maxconn 100000
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
listen stats
mode http
bind 0.0.0.0:8888
stats enable
stats uri /haproxy-status
stats auth haproxy:saltstack
frontend frontend_www_example_com
bind 192.168.3.11:80
mode http
option httplog
log global
default_backend backend_www_example_com
backend backend_www_example_com
option forwardfor header X-REAL-IP
option httpchk HEAD / HTTP/1.0
balance source
server web-node1 192.168.3.12:8080 check inter 2000 rise 30 fall 15
server web-node2 192.168.3.19:8080 check inter 2000 rise 30 fall 15

# cd ..
# vim /srv/salt/prod/cluster/haproxy-outside.sls
include:
- haproxy.install
haproxy-service:
file.managed:
- name: /etc/haproxy/haproxy.cfg
- source: salt://cluster/files/haproxy-outside.cfg
- user: root
- group: root
- mode: 644
service.running:
- name: haproxy
- enable: True
- reload: True
- require:
- cmd: haproxy-init
- watch:
- file: haproxy-service

# cd /srv/salt/base/
# vim top.sls
base:
'*':
- init.env_init
prod:
'*':
- cluster.haproxy-outside

 

执行安装配置
# salt '*' state.highstate

4、Web查看服务状态

从web登陆192.168.3.12:8888/haproxy-status
用户名和密码在/srv/salt/prod/cluster/files/haproxy-outside.cfg中
# grep 'auth' /srv/salt/prod/cluster/files/haproxy-outside.cfg
stats auth haproxy:saltstack

至此haproxy的配置完成