1.haproxy软件配置
cat install.sls ##安装haproxy,使用yum安装 haproxy: pkg.installed /etc/haproxy/haproxy.cfg: file.managed: - source: salt://haproxy/files/haproxy.cfg cat service.sls ##安装开启haproxy服务 include: - haproxy.install lb: service.running: - name: haproxy - reload: True - watch: - file: /etc/haproxy/haproxy.cfg cd files/ cat haproxy.cfg ##haproxy配置文件 global log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon # turn on stats unix socket stats socket /var/lib/haproxy/stats #--------------------------------------------------------------------- # common defaults that all the 'listen' and 'backend' sections will # use if not designated in their block #--------------------------------------------------------------------- defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 frontend http_front bind 172.25.30.100:80 stats uri /haproxy?stats default_backend http_back backend http_back balance roundrobin option forwardfor header X-Forwarded-For server node1 172.25.30.2:80 check inter 1000 rise 3 fall 3 weight 30 ##定义负载均衡 server node2 172.25.30.3:80 check inter 1000 rise 3 fall 3 weight 302.keepalived软件配置
cd ../../keepalived/ cat install.sls ##安装keepalived,定义变量 keepalived: pkg.installed /etc/keepalived/keepalived.conf: file.managed: - source: salt://keepalived/files/keepalived.conf - user: root - group: root - mode: 644 - template: jinja {% if grains['fqdn'] == 'server4' %} id: LVS_DEVEL02 states: BACKUP prior: 90 {% elif grains['fqdn'] == 'server5' %} id: LVS_DEVEL01 states: MASTER prior: 100 {% endif %} cat service.sls ##安装并开启keepalived include: - keepalived.install lb: service.running: - name: keepalived - reload: True - watch: - file: /etc/keepalived/keepalived.conf cd files/ cat keepalived.conf ##keepalived配置文件 global_defs { smtp_connect_timeout 30 router_id {{ id }} } vrrp_instance VI_1 { state {{ states }} interface eth0 virtual_router_id 51 priority {{ prior }} advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.25.30.100 } }3.httpd配置
cd ../../apache cat httpd.sls ##安装并开启httpd install-httpd: pkg.installed: - pkgs: - httpd - php file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://apache/files/httpd.conf - user: root - group: root - mode: 644 service.running: - name: httpd - enable: True - reload: True - watch: - file: install-httpd cd files/ cat httpd.conf ##httpd配置文件,建议安装httpd后复制 ServerRoot "/etc/httpd" #Listen 12.34.56.78:80 Listen 80 Include conf.modules.d/*.conf User apache Group apache ServerAdmin root@localhost <Directory /> AllowOverride none Require all denied </Directory> DocumentRoot "/var/www/html" # # Relax access to content within /var/www. # <Directory "/var/www"> AllowOverride None # Allow open access: Require all granted </Directory> # Further relax access to the default document root: <Directory "/var/www/html"> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory> # # DirectoryIndex: sets the file that Apache will serve if a directory # is requested. # <IfModule dir_module> DirectoryIndex index.html </IfModule> # # The following lines prevent .htaccess and .htpasswd files from being # viewed by Web clients. # <Files ".ht*"> Require all denied </Files> ErrorLog "logs/error_log" LogLevel warn <IfModule log_config_module> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common <IfModule logio_module> # You need to enable mod_logio.c to use %I and %O LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio </IfModule> CustomLog "logs/access_log" combined </IfModule> <IfModule alias_module> ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" </IfModule> # # "/var/www/cgi-bin" should be changed to whatever your ScriptAliased # CGI directory exists, if you have that configured. # <Directory "/var/www/cgi-bin"> AllowOverride None Options None Require all granted </Directory> <IfModule mime_module> TypesConfig /etc/mime.types AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddType text/html .shtml AddOutputFilter INCLUDES .shtml </IfModule> AddDefaultCharset UTF-8 <IfModule mime_magic_module> MIMEMagicFile conf/magic </IfModule> EnableSendfile on # Supplemental configuration # # Load config files in the "/etc/httpd/conf.d" directory, if any. IncludeOptional conf.d/*.conf文件位置结构图大致如下:
/srv/salt . ├── apache │ ├── files │ │ └── httpd.conf │ ├── httpd.sls │ └── lib.sls ├── _grains │ └── my_grains.py ├── haproxy │ ├── files │ │ └── haproxy.cfg │ ├── install.sls │ └── service.sls ├── keepalived │ ├── files │ │ └── keepalived.conf │ ├── install.sls │ └── service.sls └── top.sls推送部署时,按照上一篇博客,布置好节点环境:
salt server[4,5] state.sls keepalived.service ##4.5部署keepalived以及haproxy salt server[4,5] state.sls haproxy.service salt server[2,3] state.sls apache.install ##2,3部署httpd效果如下: 负载均衡效果: 高可用效果: 此时VIP在server4上,停止keepalived服务后,VIP转移到server5上,并且负载均衡正常。
