• saltstack之keepalived的安装配置


    使用saltstack编译安装keepalived:

    创建相应的目录,并在目录下创建相应的sls配置文件

    [root@node1 ~]# mkdir /srv/salt/prod/keepalived
    [root@node1 ~]# mkdir /srv/salt/prod/keepalived/files
    

     1、使用saltstack进行编译安装keepalived

    1.1将下载好的keepalived源码包放置在keepalived目录下面的files目录中(files目录提供需要用的源码包,文件等)

    [root@node1 etc]# pwd
    /usr/local/src/keepalived-1.3.6/keepalived/etc
    [root@node1 etc]# cp keepalived/keepalived.conf /srv/salt/prod/keepalived/files/
    [root@node1 etc]# cp init.d/keepalived /srv/salt/prod/keepalived/files/keepalived.init
    [root@node1 sysconfig]# pwd
    /usr/local/src/keepalived-1.3.6/keepalived/etc/sysconfig
    [root@node1 sysconfig]# cp keepalived /srv/salt/prod/keepalived/files/keepalived.sysconfig
    

     查看files目录下面文件:

    [root@node1 keepalived]# ll files/
    total 696
    -rw-r--r-- 1 root root 702570 Oct 10 22:21 keepalived-1.3.6.tar.gz
    -rwxr-xr-x 1 root root   1335 Oct 10 22:17 keepalived.init
    -rw-r--r-- 1 root root    667 Oct 10 22:28 keepalived.sysconfig
    

     1.2haproxy的源码包和启动脚本准备好后,开始进行安装keepalived

    [root@node1 keepalived]# pwd
    /srv/salt/prod/keepalived
    [root@node1 keepalived]# cat install.sls 
    include:
      - pkg.pkg-init
    
    keepalived-install:
      file.managed:
        - name: /usr/local/src/keepalived-1.3.6.tar.gz
        - source: salt://keepalived/files/keepalived-1.3.6.tar.gz
        - user: root
        - group: root
        - mode: 755
      cmd.run:
        - name: cd /usr/local/src/ && tar xf keepalived-1.3.6.tar.gz && cd keepalived-1.3.6 && ./configure --prefix=/usr/local/keepalived --disable-fwmark && make && make install
        - unless: test -d /usr/local/keepalived
        - require:
          - pkg: pkg-init
          - file: keepalived-install
      
    keepalived-init:
      file.managed:
        - name: /etc/init.d/keepalived
        - source: salt://keepalived/files/keepalived.init
        - user: root
        - group: root
        - mode: 755
      cmd.run:
        - name: chkconfig --add keepalived
        - unless: chkconfig --list|grep keepalived
        - require:
          - file: /etc/init.d/keepalived
          
    /etc/sysconfig/keepalived:
      file.managed:
        - source: salt://keepalived/files/keepalived.sysconfig
        - user: root
        - group: root
        - mode: 644
    
    /etc/keepalived:
      file.directory:
        - user: root
        - group: root
        - mode: 755
    

     总结上面配置文件包括:1、include进来编译环境 2、编译安装keepalived 3、添加keepalived脚本文件,并添加到系统服务中 4、复制keepalived.sysconfig文件 5、创建keepalived配置文件目录

    执行install.sls文件,安装keepalived:

    [root@node1 keepalived]# salt 'node1' state.sls keepalived.install saltenv=prod
    

     3、安装完keepalived后,并且keepalived已经有了启动脚本,接下来需要给keepalived提供配置文件,最后将keepalived服务开启,由于根据业务需求的不同,可能用到的keepalived的配置文件会有区别,

    所以这里将配置文件与keepalived的安装分隔开进行状态管理配置,以后minion的keepalived可以根据配置文件的不同而提供安装

    [root@node1 cluster]# pwd
    /srv/salt/prod/cluster
    [root@node1 cluster]# cat haproxy-outside-keepalived.sls    haproxy与keepalived结合使用的高可用
    include:
      - keepalived.install
    
    keepalived-service:
      file.managed:
        - name: /etc/keepalived/keepalived.conf
        - source: salt://cluster/files/haproxy-outside-keepalived.conf
        - user: root
        - group: root
        - mode: 644
        - template: jinja             jinja模板调用,使用变量
        {% if grains['fqdn'] == 'node1' %}             基于节点的fqdn信息来赋予变量值
        - ROUTEID: haproxy_node1
        - STATEID: MASTER
        - PRIORITYID: 150
        {% elif grains['fqdn'] == 'node2' %}
        - ROUTEID: haproxy_node2
        - STATEID: BACKUP
        - PRIORITYID: 100
        {% endif %}
      service.running:
        - name: keepalived
        - enable: True
        - reload: True
        - watch:
          - file: keepalived-service
    

      总结上述配置文件内容:1、include进来keepalived的安装 2、给各节点提供不同的配置文件,用到了jinja模板调用grains 3、开启keepalived服务,并开启自启动

    最后将keepalived项目添加到top.sls文件中:

    [root@node1 base]# cat top.sls 
    base:
      '*':
        - init.env_init
    
    prod:
      'node1':
        - cluster.haproxy-outside
        - cluster.haproxy-outside-keepalived
    

     整个keepalived项目构架图:

    [root@node1 keepalived]# tree
    .
    ├── files
    │   ├── keepalived-1.3.6.tar.gz
    │   ├── keepalived.init
    │   └── keepalived.sysconfig
    └── install.sls
    
    1 directory, 4 files
    [root@node1 keepalived]# cd ../cluster/
    [root@node1 cluster]# tree
    .
    ├── files
    │   ├── haproxy-outside.cfg
    │   └── haproxy-outside-keepalived.conf
    ├── haproxy-outside-keepalived.sls
    └── haproxy-outside.sls
    

     node1节点安装没有问题,那么更改top.sls中节点设置,将node2节点也给添加上:

    [root@node1 base]# cat top.sls 
    base:
      '*':
        - init.env_init
    
    prod:
      '*':                 只有两个节点,所以这里*代替了
        - cluster.haproxy-outside
        - cluster.haproxy-outside-keepalived
    

     执行状态配置文件:

    [root@node1 base]# salt '*' state.highstate
    

     查看node2状态:

    [root@node2 ~]# netstat -tunlp
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
    tcp        0      0 192.168.44.10:80            0.0.0.0:*                   LISTEN      16791/haproxy       
    tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1279/sshd           
    tcp        0      0 0.0.0.0:8090                0.0.0.0:*                   LISTEN      16791/haproxy       
    tcp        0      0 :::8080                     :::*                        LISTEN      14351/httpd         
    tcp        0      0 :::22                       :::*                        LISTEN      1279/sshd           
    udp        0      0 0.0.0.0:68                  0.0.0.0:*                               1106/dhclient
    

     可以看见haproxy已经监听起来了,监听在了一个不是自己实际ip的地址上

    查看node1的vip信息:

    [root@node1 files]# ifconfig
    eth0      Link encap:Ethernet  HWaddr 00:0C:29:86:2C:63  
              inet addr:192.168.44.134  Bcast:192.168.44.255  Mask:255.255.255.0
              inet6 addr: fe80::20c:29ff:fe86:2c63/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:230013 errors:0 dropped:0 overruns:0 frame:0
              TX packets:172530 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:130350592 (124.3 MiB)  TX bytes:19244347 (18.3 MiB)
    
    eth0:0    Link encap:Ethernet  HWaddr 00:0C:29:86:2C:63  
              inet addr:192.168.44.10  Bcast:0.0.0.0  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
    
    lo        Link encap:Local Loopback  
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:16436  Metric:1
              RX packets:145196 errors:0 dropped:0 overruns:0 frame:0
              TX packets:145196 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:12285984 (11.7 MiB)  TX bytes:12285984 (11.7 MiB)
    

     可以看见eth0:0就是vip,手动将keepalived停止,查看vip是否漂移到nide2?

    [root@node1 files]# /etc/init.d/keepalived stop
    Stopping keepalived:                                       [  OK  ]
    

     查看node2状态:

    [root@node2 ~]# ifconfig
    eth0      Link encap:Ethernet  HWaddr 00:0C:29:34:32:CB  
              inet addr:192.168.44.135  Bcast:192.168.44.255  Mask:255.255.255.0
              inet6 addr: fe80::20c:29ff:fe34:32cb/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:494815 errors:0 dropped:0 overruns:0 frame:0
              TX packets:357301 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:250265303 (238.6 MiB)  TX bytes:98088504 (93.5 MiB)
    
    eth0:0    Link encap:Ethernet  HWaddr 00:0C:29:34:32:CB  
              inet addr:192.168.44.10  Bcast:0.0.0.0  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
    
    lo        Link encap:Local Loopback  
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:16436  Metric:1
              RX packets:2953 errors:0 dropped:0 overruns:0 frame:0
              TX packets:2953 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:1272983 (1.2 MiB)  TX bytes:1272983 (1.2 MiB)
    

     于是haproxy结合keepalived的高可用基于saltstack安装成功,下面为haproxy和keepalived的简单配置文件:

    haproxy配置文件:

    [root@node1 files]# pwd
    /srv/salt/prod/cluster/files
    [root@node1 files]# cat haproxy-outside.cfg 
    #
    # This is a sample configuration. It illustrates how to separate static objects
    # traffic from dynamic traffic, and how to dynamically regulate the server load.
    #
    # It listens on 192.168.1.10:80, and directs all requests for Host 'img' or
    # URIs starting with /img or /css to a dedicated group of servers. URIs
    # starting with /admin/stats deliver the stats page.
    #
    
    global
            maxconn         10000
            stats socket    /var/run/haproxy.stat mode 600 level admin
            log             127.0.0.1 local0
            uid             200
            gid             200
            chroot          /var/empty
            daemon
    
    defaults
            mode    http
            timeout connect 5000ms
            timeout client 50000ms
            timeout server 50000ms
    
    # The public 'www' address in the DMZ
    frontend webserver
            bind    192.168.44.10:80
            default_backend web
            #bind            192.168.1.10:443 ssl crt /etc/haproxy/haproxy.pem
            mode    http
    
    listen  base_stats
            bind *:8090
            stats enable
            stats hide-version
            stats uri /haproxy?stats
            stats realm "haproxy statistics"
            stats auth wadeson:redhat
    
    # The static backend backend for 'Host: img', /img and /css.
    backend web
            balance         roundrobin
            retries         2
            server          web1 192.168.44.134:8080 check inter 1000
            server          web2 192.168.44.135:8080 check inter 1000
    

     keepalived配置文件:

    [root@node1 files]# cat haproxy-outside-keepalived.conf 
    ! Configuration File for keepalived
    
    global_defs {
       notification_email {
         json_hc@163.com
       }
       notification_email_from json_hc@163.com
       smtp_server smtp.163.com
       smtp_connect_timeout 30
       router_id {{ ROUTEID }}
    }
    
    vrrp_instance VI_1 {
        state {{ STATEID }}
        interface eth0
        virtual_router_id 51
        priority {{ PRIORITYID }}
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass password
        }
        virtual_ipaddress {
            192.168.44.10/24 dev eth0 label eth0:0
        }
    }
    

     查看高可用的负载效果:

     

  • 相关阅读:
    DVD X Player 5.5 PRO
    Freefloat FTP Server 1.0漏洞分析
    基于约束的SQL攻击
    Commons-Collections漏洞
    Code-Audit-Challenges-php-2
    GSM Sniffer环境--c118+osmocombb
    XXE (XML External Entity Injection) :XML外部实体注入
    hyperledger fabric学习(1)
    zero to one (4)
    zero to one (3)
  • 原文地址:https://www.cnblogs.com/jsonhc/p/7649651.html
Copyright © 2020-2023  润新知