SaltStack实践（一）-- 安装配置HAproxy

234rew

1、编写功能模块

        1）首先编写依赖安装模块   

[iyunv@linux-node1 ~]# mkdir -p /srv/salt/prod/pkg /srv/salt/prod/haproxy /srv/salt/prod/haproxy/files
[iyunv@linux-node1 pkg]# vim pkg-init.sls
pkg-init:
pkg.installed:
   - names:
     - gcc
     - gcc-c++
     - glibc
     - make
     - autoconf
     - openssl
     - openssl-devel

      

        2）编写HAproxy状态模块

        

        如何写状态模块？1、安装一遍，将安装步骤记录;2、将配置文件，启动文件等cp到/srv/salt/prod/*/files下


            a）获取启动脚本，并copy到/srv/salt/prod/haproxy/files/

[iyunv@linux-node1 ~]# mv haproxy-1.6.2.tar.gz  /srv/salt/prod/haproxy/files/

[iyunv@linux-node1 ~]# cd /srv/salt/prod/haproxy/files/
[iyunv@linux-node1 files]# tar zxf haproxy-1.6.2.tar.gz

[iyunv@linux-node1 files]# cd haproxy-1.6.2/examples/
[iyunv@linux-node1 examples]# vim haproxy.init
35 BIN=/usr/local/haporxy/sbin/$BASENAME

[iyunv@linux-node1 examples]# cp haproxy.init  /srv/salt/prod/haproxy/files/

[iyunv@linux-node1 examples]# cd /srv/salt/prod/haproxy/files

[iyunv@linux-node1 files]# rm -rf haproxy-1.6.2


        b）编写install.sls


        不在这里写配置文件，是为了解耦。因为安装和启动时原子操作，在哪都必须，但是配置文件，在不同环境下是不一样的

[iyunv@linux-node1 examples]# cd /srv/salt/prod/haproxy/
[iyunv@linux-node1 haproxy]# vim install.sls   
include:
- pkg.pkg-init
haproxy-install:   
file.managed:   
   - name: /usr/local/src/haproxy-1.6.2.tar.gz
   - source: salt://haproxy/files/haproxy-1.6.2.tar.gz
   - user: root
   - group: root
   - mode: 755
cmd.run:        
   - name: cd /usr/local/src && tar zxf haproxy-1.6.2.tar.gz && cd haproxy-1.6.2 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
   - unless: test -d /usr/local/haproxy   
   - require:   
     - pkg: pkg-init
     - file: haproxy-install  
/etc/init.d/haproxy:  
file.managed:
   - source: salt://haproxy/files/haproxy.init
   - user: root
   - group: root
   - mode: 755
   - require:
     - cmd: haproxy-install
cmd.run:
   - name: chkconfig --add haproxy
   - unless: chkconfig --list | grep haproxy
   - require:
     - file: /etc/init.d/haproxy
net.ipv4.ip_nonlocal_bind:
sysctl.present:
   - value: 1
haproxy-config-dir:
file.directory:
   - name: /etc/haproxy
   - user: root
   - group: root
   - mode: 755


[iyunv@linux-node1 src]# salt 'linux-node1.*' state.sls haproxy.install env=prod
linux-node1.example.com:
----------
......

Summary
-------------
Succeeded: 13 (changed=3)
Failed:     0
-------------
Total states run:     13



    2、编写业务引用 - HAproxy配置文件


[iyunv@linux-node1 files]# mkdir -p /srv/salt/prod/cluster/files
[iyunv@linux-node1 files]# cd /srv/salt/prod/cluster/files/   
[iyunv@linux-node1 files]# vim haproxy-outside.cfg
global
maxconn 100000
chroot /usr/local/haproxy
uid 99  
gid 99
daemon
nbproc 1
pidfile /usr/local/haproxy/logs/haproxy.pid
log 127.0.0.1 local3 info
defaults
option http-keep-alive
maxconn 100000
mode http
timeout connect 5000ms
timeout client  50000ms
timeout server 50000ms
listen stats
mode http
bind 0.0.0.0:8888
stats enable
stats uri     /haproxy-status
stats auth    haproxy:saltstack
frontend frontend_www_example_com
bind 10.0.0.11:80
mode http
option httplog
log global
   default_backend backend_www_example_com
backend backend_www_example_com
option forwardfor header X-REAL-IP
option httpchk HEAD / HTTP/1.0
balance source
server web-node1  10.0.0.7:8080 check inter 2000 rise 30 fall 15   #
server web-node2  10.0.0.8:8080 check inter 2000 rise 30 fall 15
[iyunv@linux-node1 files]#cd ..
[iyunv@linux-node1 cluster]# vim haproxy-outside.sls
include:
- haproxy.install
haproxy-service:
file.managed:
   - name: /etc/haproxy/haproxy.cfg
   - source: salt://cluster/files/haproxy-outside.cfg
   - user: root
   - group: root
   - mode: 644
service.running:
   - name: haproxy
   - enable: True
   - reload: True
   - require:
     - cmd: haproxy-init
   - watch:
     - file: haproxy-service
[iyunv@linux-node1 ~]# cd /srv/salt/base/
[iyunv@linux-node1 base]# vim top.sls
base:
'*':
   - init.env_init
prod:
'linux-node[1-2].example.com':
   - cluster.haproxy-outside
[iyunv@linux-node1 base]# salt '*' state.highstate
linux-node1.example.com:
----------
......

Summary
-------------
Succeeded: 21 (unchanged=2, changed=1)
Failed:     0
-------------
Total states run:     21
linux-node2.example.com:
----------
......  
Summary
-------------
Succeeded: 21 (unchanged=9, changed=3)
Failed:     0
-------------
Total states run:     21


3、Web查看服务状态

    从web登陆10.0.0.7:8888/haproxy-status，用户名和密码在/srv/salt/prod/cluster/files/haproxy-outside.cfg中

[iyunv@linux-node1 base]# grep 'auth' /srv/salt/prod/cluster/files/haproxy-outside.cfg
stats auth    haproxy:saltstack

小五

为啥 我的客户端起不来啊 服务端手动能起来 客户端起不来 配置文件一模一样的