SaltStack一键部署负载均衡和高可用

一、负载均衡的部署

server1 haproxy (调度器)

server2 apache

server3 nginx

1)在server1上首先安装salt-minion服务。并把自身添加在节点中（交换密钥）。在上一节中有salt-minion的添加。

2）启动server1的salt-minion服务

# 此时server1中节点状态(server4的节点为了高可用准备的)

3）在server1 中添加haproxy的安装脚本和用户

---> cd /srv/salt

---> mkdir haproxy

---> cd haproxy

---> vim haproxy.sls

include:
- pkgs.make
- users.haproxy
haproxy-install:
file.managed:
    - name: /mnt/haproxy-1.6.11.tar.gz
    - source: salt://haproxy/files/haproxy-1.6.11.tar.gz
cmd.run:
    - name: cd /mnt && tar zxf haproxy-1.6.11.tar.gz && cd haproxy-1.6.11 && make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy && make ARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy install
    - creates: /usr/local/haproxy

/etc/haproxy:
file.directory:
    - mode: 755

/usr/sbin/haproxy:
file.symlink:
    - target: /usr/local/haproxy/sbin/haproxy

---> cd /srv/salt/users/

---> vim haporxy.sls # haproxy用户脚本如下

haproxy-group:
group.present:
    - name: haproxy
    - gid: 200
haproxy:
user.present:
    - uid: 200
    - gid: 200
    - home: /usr/local/haproxy
    - createhome: False

- shell: /sbin/nologin

---> cd /srv/salt/pkgs

---> vim make.sls # 安装软件的脚本

gcc-make:

pkg.installed:
    - pkgs:
      - gcc
      - pcre-devel
      - openssl-devel

4)将haproxy的配置文件移动到相应的目录(注意，执行完haproxy的安装命令才可以生成配置文件)

---> cp /etc/haproxy/haproxy.cfg /srv/salt/haproxy/files/

5）编写haproxy的服务启动脚本

---> vim haproxy/service.sls

include:
- haproxy.install
/etc/haproxy/haproxy.cfg:
file.managed:
    - source: salt://haproxy/files/haproxy.cfg

haproxy_service:
file.managed:
    - name: /etc/init.d/haproxy
    - source: salt://haproxy/files/haproxy.init          # haproxy的启动脚本
    - mode: 755

service.running:
    - name: haproxy
    - enable: True
    - reload: True
    - watch:
      - file: /etc/haproxy/haproxy.cfg

6）修改haproxy的配置文件

---> vim /srv/salt/haproxy/files/haproxy.cfg

global
        maxconn         10000
        stats socket    /var/run/haproxy.stat mode 600 level admin
        log             127.0.0.1 local0
        uid             200
        gid             200
        chroot          /var/empty
        daemon
defaults
        mode            http
        log             global
        option          httplog
        option          dontlognull
        monitor-uri     /monitoruri
        maxconn         8000
        timeout client 30s
        retries         2
        option redispatch
        timeout connect 5s
        timeout server 30s
        timeout queue   30s
        stats uri       /admin/stats
# The public 'www' address in the DMZ
frontend public
        bind            *:80 name clear
        default_backend dynamic

# the application servers go here
backend dynamic
        balance         roundrobin
        fullconn        4000
        server          dynsrv1 172.25.2.2:80 check inter 1000      # 后端服务器的ip和端口
        server          dynsrv2 172.25.2.3:80 check inter 1000

7) 在server1中推送haproxy，server2中推送apache服务，server3上推送nginx服务

---> salt server1 state.sls haproxy.service

---> salt server2 state.sls apache.service # 在上节中编写的apache和nginx服务的脚本

---> salt server3 state.sls nginx.service

7）在浏览器中测试

# server2和server3的nginx和hpptd出现轮询

二、server1实现负载均衡的高级推

1)首先关闭之前推送的服务

server1：

---> /etc/init.d/haproxy stop

server2:

---> /etc/init.d/httpd stop

server3:

---> /etc/init.d/nginx stop

2)编写top.sls脚本，实现一键推送

---> vim /srv/salt/top.sls # 在对应的主机推送对应的服务

base:
'server1':
    - haproxy.service
    - keepalived.service
'server2':
    - apache.service
'server3':
    - nginx.service

---> salt '*' state.highstate # 此时是没有问题的

3）在浏览器中测试结果。和之前的结果是一样的。

三、grains和pillar

grains和pillar是saltstack的两个重要的组件，用来做数据系统的，可以取客户端基本信息数据或主控端数据（也相当创建一个可以代表主机的变量）。主要区别在于：

grains是minion第一次启动的时候采集的静态数据，可以用在salt模块和其他模块中；当minion重启时也会采集信息，并向master回报。

pillar是动态数据，随时可变的。只要在master端修改了，一般都会立即生效。

（一）grains的配置

方法1：

1）在server2的minion中打开grains

---> vim /etc/salt/mimion # 取消120-122的注释

---> /etc/init.d/salt-minion restart # 重启服务

2）在master端获取grains的键值

---> salt '*' grains.item roles # 我们可以看到在server2中roles对应的值为apache

方法2：

1）在server3中/etc/salt目录下编辑grains配置文件

---> vim /etc/salt/grains

2）在master端查看grains项的键值(此时需要刷新才可以看到server3的值)

方法3：

1）在server1中进行如下操作

---> cd /srv/salt

---> mkdir _grains

---> cd _grains

---> vim my_grains.py # 设置hello对应的值为world

2）在server1中查看

# 注意：_grains目录下的变量设置，会覆盖所有其他minion端的设置。

（二）pillar的配置

pillar用于给特定的minion定义任何我们需要的数据，这些数据可以被salt的其他组件使用。有时，环境所需，需要为不同的主机推送不同的变量时，可以使用pillar。也可以对不共享的数据进行特定的操作，即只对特定的minion进行数据的传输。

1)编辑server1中的master文件，并重启服务

---> vim /etc/salt/master # 取消对pillar选项的注释

---> /etc/init.d/salt-master restart

2）刷新锁与节点的pillar

---> salt '*' saltutil.refresh_pillar

3)编辑存储的键值对

---> mkdir /srv/pillar

---> mkdir web

---> vim web/install.sls

{% if grains['fqdn'] == 'server2' %}
webserver: httpd
{% elif grains['fqdn'] == 'server3' %}
webserver: nginx
{% elif grains['fqdn'] == 'server1' %}
webserver: haproxy
{% endif %}

---> vim top.sls

base:
'*':
- web.install

4)在master中刷新所有节点，并查看pillar的值

---> salt '*' saltutil.refresh_pillar

---> salt '*' pillar.items

(三)jinja模块的使用

方法1：

1）在server1的httpd执行的时候，添加jinja模块

apache-service:
file.managed:
    - name: /etc/httpd/conf/httpd.conf
    - source: salt://apache/files/httpd.conf
    - template: jinja
    - context:
      port: 8080        # 添加ip和端口
      bind: 172.25.2.2

service.running:
    - name: httpd
    - enable: False
    - reload: True
    - watch:
      - file: apache-service

2)在server1的httpd配置文件中修改ip和端口号

---> vim /srv/satl/apache/files/httpd.conf

3)推动apache服务，并在server2中查看端口信息

---> salt server2 state.sls apache.service

server2:

方法2：

1）在server1中httpd下编辑文件

---> vim /srv/salt/apache/lib.sls # 内容如下，设置端口为80

{% set port=80 %}

2）在httpd配置文件

---> vim /srv/salt/apache/files/httpd.conf # 在第一行添加如下内容

3）推动httpd服务，并在server2中查看端口信息。此时server2端口为80

# 注意：lib.sls的级别高于jinja模块的配置。

方法3：

1）在servre1中修改httpd的脚本文件

---> vim /srv/salt/apache/service.sls

include:

- apache.install
apache-service:
file.managed:
    - name: /etc/httpd/conf/httpd.conf
    - source: salt://apache/files/httpd.conf
    - template: jinja
    - context:
      port: 8080
      bind: {{grains['ipv4'][-1]}}          # 切片表示ip

service.running:
    - name: httpd
    - enable: False
    - reload: True
    - watch:
      - file: apache-service

2）推送后，在server2中查看端口，此时端口为8080 。（此时需要注释掉之前的httpd.conf中的第一行）

方法4：

1）修改pillar的内容

---> vim /src/pillar/web/install.sls

2)在httpd配置文件中修改如下：

四、keepalived实现的高可用集群的部署

server1 haproxy keepalived

server4 haproxy keepalived（server4启动salt-minion服务）

server2 apache

server3 nginx

1）在server1中编写keepalived的安装脚本

---> mkdir -p /srv/salt/keepalived/files

---> cd /srv/salt/keepalived

---> vim install.sls # 进行keepalived的安装

include:
- pkgs.make

kp-install:
file.managed:
    - name: /mnt/keepalived-2.0.6.tar.gz
    - source: salt://keepalived/files/keepalived-2.0.6.tar.gz
cmd.run:
    - name: cd /mnt && tar zxf keepalived-2.0.6.tar.gz && cd keepalived-2.0.6 && ./configure --prefix=/usr/local/keepalived --with-init=SYSV &> /dev/null && make &> /dev/null && make install &> /dev/null
    - creates: /usr/local/keepalived

/etc/keepalived:
file.directory:
    - mode: 755

/sbin/keepalived:
file.symlink:
    - target: /usr/local/keepalived/sbin/keepalived

/etc/sysconfig/keepalived:
file.symlink:
    - target: /usr/local/keepalived/etc/sysconfig/keepalived

/etc/init.d/keepalived:
file.managed:
    - source: salt://keepalived/files/keepalived         # 把keepalived的启动脚本推送到/etc/init.d目录下
    - mode: 755

---> salt server4 state.sls keepalived.install # 执行安装推送

2）执行完keepalived的安装推送的之后，把配置文件移动到keepalived/files目录下

---> scp /usr/local/keepalived/etc/rc.d/init.d/keepalived server1:/src/salt/keepalived/files # 复制执行脚本到server1中

---> scp /usr/local/keepalived/etc/keepalived/keepalived.conf server1:/src/salt/keepalived/files # 复制配置文件到server1中

3)修改server1中keepalvied的配置文件

---> vim /srv/salt/keepalived/files/keepalived.conf

! Configuration File for keepalived

global_defs {
   notification_email {
        root@localhost
   }
   notification_email_from keepalived@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   #vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}
vrrp_instance VI_1 {
    state {{ STATE }}             # 状态为变量（server1和4分别为主从）
    interface eth0
    virtual_router_id {{ VRID }} # 标示符id也用变量表示
    priority {{ PRT }}            # 优先级
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.25.2.100                # 修改虚拟ip
    }
}

4）编写keepalived的服务启动脚本

---> vim /src/salt/keepalived/service.sls

include:
- keepalived.install
kp-service:
file.managed:
    - name: /etc/keepalived/keepalived.conf
    - source: salt://keepalived/files/keepalived.conf
    - template: jinja
    - context:
      STATE: {{ pillar['state'] }}
      VRID: {{ pillar['vrid'] }}
      PRT: {{ pillar['prt'] }}
service.running:
    - name: keepalived
    - reload: True
    - watch:
      - file: kp-service

5）因为我们用到了jiaja模板和pillar值，所以在pillar中编辑模板

---> cd /srv/pillar

---> mkdir keepalived

---> cd keepalived

---> vim install.sls # 在server1和4中，给变量赋值

{% if grains['fqdn'] == 'server1' %}
state: MASTER
vrid: 2
prt: 100
{% elif grains['fqdn'] == 'server4' %}
state: BACKUP
vrid: 2
prt: 50
{% endif %}

---> cd /srv/pillar

---> vim top.sls

base:
'*':
- web.install
- keepalived.install

6)编辑全部节点的推送文件top.sls

---> cd /srv/salt

---> vim top.sls

base:
'server1':
    - haproxy.service
    - keepalived.service
'server4':
    - haproxy.service
    - keepalived.service
'server2':
    - apache.service
'server3':
    - nginx.service

7)server1中执行top.sls文件，向所有节点安装和部署服务

---> salt '*' state.highstate

8)在浏览器中测试。可以显示虚拟ip的负载均衡

# 此时，我们可以发现，server1作为调度器。当server1的keepalived服务关闭之后，vip会自动切换到server4中。此时，nginx和apache服务还是可用的。

posted @ 2018-10-20 23:43 UTHN_B 阅读(552) 评论(0) 编辑收藏举报

刷新页面返回顶部