架构图
模块化部署
系统模块:系统优化,内核参数,网络参数
功能模块:如:nginx,tomcat,
业务模块:
1.在salt-master端修改配置文件
[root@01 salt]# vim /etc/salt/master
file_roots:
base: #初始环境
- /srv/salt/base
prod: #生产环境
- /srv/salt/prod
test: #测试环境
- /srv/salt/test
[root@01 salt]# tree . ├── base │ ├── init │ │ ├── audit.sls │ │ ├── dns.sls │ │ ├── env_init.sls │ │ ├── files │ │ │ └── resolv.conf │ │ ├── history.sls │ │ └── sysctl.sls │ └── top.sls ├── base.tar.gz ├── prod │ ├── cluster │ │ ├── files │ │ │ └── haproxy-outside.cfg │ │ └── haproxy-outside.sls │ ├── haproxy │ │ ├── files │ │ │ ├── haproxy-1.6.9.tar.gz │ │ │ └── haproxy.init │ │ └── install.sls │ └── pkg │ └── pkg-init.sls └── test 10 directories, 14 files
2.创建目录
mkdir /srv/salt/prod/pkg ##生产上一些包放在这
mkdir /srv/salt/prod/haproxy
mkdir /srv/salt/prod/haproxy/files #haproxy 包文件
mkdir /srv/salt/prod/cluster #安装前端后端
mkdir /srv/salt/prod/cluster/files #haproxy配置文件
3.配置salt系统环境
[root@01 base]# pwd
/srv/salt/base
[root@01 base]# cat top.sls
base:
'*':
- init.env_init #初始环境
prod: #生产环境
'wawa01': #主机名称
- cluster.haproxy-outside
'www.wawa8888.com':
- cluster.haproxy-outside
haproxy依赖的包,这里单独写在一个sls,有条理点
[root@01 ~]# cd /srv/salt/prod/pkg/
[root@01 pkg]# ls
pkg-init.sls
[root@01 pkg]# cat pkg-init.sls
pkg-init:
pkg.installed:
- names:
- gcc
- gcc-c++
- glibc
- make
- autoconf
- openssl
- openssl-devel
4.写haproxy状态文件
[root@01 haproxy]# cd /srv/salt/prod/haproxy
[root@01 haproxy]# ls
files install.sls
[root@01 haproxy]# cat install.sls
include:
- pkg.pkg-init
haproxy-install:
file.managed: #两个空格
- name: /usr/local/src/haproxy-1.6.9.tar.gz #四个空格右边一个空格
- source: salt://haproxy/files/haproxy-1.6.9.tar.gz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src && tar zxf haproxy-1.6.9.tar.gz && cd haproxy-1.6.9 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
- unless: test -d /usr/local/haproxy
- require:
- pkg: pkg-init
- file: haproxy-install
/etc/init.d/haproxy:
file.managed:
- source: salt://haproxy/files/haproxy.init
- user: root
- group: root
- mode: 755
- require:
- cmd: haproxy-install
cmd.run:
- name: chkconfig --add haproxy
- unless: chkconfig --list | grep haproxy
- require:
- file: /etc/init.d/haproxy
net.ipv4.ip_nonlocal_bind:
sysctl.present:
- value: 1
haproxy-config-dir:
file.directory:
- name: /etc/haproxy
- user: root
- group: root
- mode: 755
5.初始文件修改,
haproxy-1.6.9.tar.gz #提前放好包
[root@01 files]# ls haproxy-1.6.9.tar.gz haproxy.init [root@01 files]# [root@01 files]# [root@01 files]# grep "BIN=" haproxy.init BIN=/usr/local/haproxy/sbin/$BASENAME
[root@01 cluster]# cd /srv/salt/prod/cluster
[root@01 cluster]# ls
files haproxy-outside.sls
[root@01 cluster]# cat haproxy-outside.sls
include:
- haproxy.install
haproxy-service:
file.managed:
- name: /etc/haproxy/haproxy.cfg
- source: salt://cluster/files/haproxy-outside.cfg
- user: root
- group: root
- mode: 644
service.running:
- name: haproxy
- enable: True
- reload: True
- require:
- cmd: /etc/init.d/haproxy
- watch:
- file: haproxy-service
cd /srv/salt/prod/cluster/files
[root@01 files]# ls
haproxy-outside.cfg
[root@01 files]# cat haproxy-outside.cfg
global
maxconn 100000
chroot /usr/local/haproxy
uid 99
gid 99
daemon
nbproc 1
pidfile /usr/local/haproxy/logs/haproxy.pid
log 127.0.0.1 local3 info
defaults
option http-keep-alive
maxconn 100000
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
listen stats
mode http
bind 0.0.0.0:6666
stats enable
stats uri /haproxy-status
stats auth haproxy:saltstack
frontend frontend_www_example_com
bind 192.168.1.66:80
mode http
option httplog
log global
default_backend backend_www_example_com
backend backend_www_example_com
option forwardfor header X-REAL-IP
option httpchk HEAD / HTTP/1.0
balance source
server web-node1 192.168.1.100:2222 check inter 2000 rise 30 fall 15
server web-node2 192.168.1.111:3333 check inter 2000 rise 30 fall 15
重启 systemctl restart salt-master
测试 salt '*' state.highstate test=True
高级模式执行 salt '*' state.highstate