SaltStack之Pillar和Jinja部署LVS+Keepalived+Haproxy

一、Pillar和Jinja简介

Pillar是Salt用来分发全局变量到所有minions的一个接口
官方文档介绍：http://docs.saltstack.cn/topics/pillar/index.html
Jinja加载工具为jinja模板提供了一个更强大的后端
官方文档介绍http://docs.saltstack.cn/ref/renderers/all/salt.renderers.jinja.html

二、部署haproxy+keepalived+nginx

本此实验的所以资源及源代码均已上传，需要的可以下载交流
下载地址：srv.tar.gz

1.环境部署安排：

系统：redhat6.5
server5：salt—master
server6：keepalived+haproxy
server7：keepalived+haproxy
server8：nginx
server9：nginx

2.在salt—master上创建top.sls

vim /srv/salt/top.slsbase:  'server6':    - keepalived.service    - haproxy.service  'server7':    - keepalived.service    - haproxy.service  'roles:nginx':    - match: grain    - nginx.service

3.在salt—master上创建my_grains.py

[root@server5 salt]# vim /srv/salt/_grains/my_grains.py#!/usr/bin/env pythondef my_grains():    grains = {}    grains['roles'] = 'nginx'    return grains

4.在salt-master上创建nginx部署

4.1 安装脚本install.sls

vim /srv/salt/nginx/install.slsinclude:  - pkg.nginxnginx-install:  file.managed:    - name: /mnt/nginx-1.12.0.tar.gz    - source: salt://nginx/files/nginx-1.12.0.tar.gz  cmd.run:    - name: cd /mnt && tar zxf nginx-1.12.0.tar.gz && cd nginx-1.12.0 && sed -i.bak 's/#define NGINX_VER          "nginx\/" NGINX_VERSION/#define NGINX_VER          "nginx"/g' src/core/nginx.h && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module && make && make install    - creates: /usr/local/nginx/usr/local/nginx/html/index.html:  file.managed:    - source: salt://nginx/files/index.html    - template: jinja

4.2 服务启动脚本service.sls

vim /srv/salt/nginx/service.slsinclude:  - nginx.install  - user.nginx/usr/local/nginx/conf/nginx.conf:  file.managed:    - source: salt://nginx/files/nginx.conf    - mode: 644/etc/init.d/nginx:  file.managed:    - source: salt://nginx/files/nginx    - mode: 755nginx-service:  service.running:    - name: nginx    - enable: true    - reload: true    - require:      - file: /etc/init.d/nginx    - watch:      - file: /usr/local/nginx/conf/nginx.conf

4.3 依赖安装脚本nginx.sls

vim /srv/salt/pkg/nginx.slsnginx-pkg:  pkg.installed:    - pkgs:      - gcc      - pcre-devel      - openssl-devel      - zlib-devel

4.4 pillar部署方案脚本web.sls

vim /srv/pillar/nginx/web.sls{% if grains['host'] == 'server7' %}bind: 172.25.27.7{% elif grains['host'] == 'server8' %}bind: 172.25.27.8{% endif %}

4.5 pillar脚本top.sls

vim /srv/pillar/top.slsbase:  'server7':    - nginx.web  'server8':    - nginx.web

4.6 用户创建脚本

vim /srv/salt/user/nginx.slsnginx:  user.present:    - uid: 800    - shell: /sbin/nologin    - home: /usr/local/nginx    - createhome: false

5.在salt-master上创建haproxy部署

5.1安装脚本

vim /srv/salt/haproxy/install.slsinclude:  - pkg.haproxy  - user.haproxyhaproxy-install:  file.managed:    - name: /mnt/haproxy-1.6.11.tar.gz    - source: salt://haproxy/files/haproxy-1.6.11.tar.gz  cmd.run:    - name: cd /mnt && tar zxf haproxy-1.6.11.tar.gz && cd haproxy-1.6.11 && make TARGET=linux26 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy && make TARGET=linux26 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy install    - creates: /usr/local/haproxy/etc/haproxy:  file.directory:    - mode: 755/etc/haproxy/haproxy.cfg:  file.managed:    - source: salt://haproxy/files/haproxy.cfg/etc/init.d/haproxy:  file.managed:    - source: salt://haproxy/files/haproxy    - mode: 755

5.2 服务启动脚本service.sls

vim /srv/salt/haproxy/service.slsinclude:  - haproxy.installhaproxy-service:  service.running:    - name: haproxy    - enable: true    - reload: true    - watch:      - file: /etc/haproxy/haproxy.cfg

5.3 依赖安装脚本nginx.sls

vim /srv/salt/pkg/haproxy.slshaproxy-pkg:  pkg.installed:    - pkgs:      - gcc      - pcre-devel      - openssl-devel      - zlib-devel

5.4 用户创建脚本

vim /srv/salt/user/haproxy.slshaproxy:  group.present:    - gid: 200  user.present:    - uid: 200    - gid: 200    - shell: /sbin/nologin    - home: /usr/local/haproxy    - createhome: false

6.在salt-master上创建keepalived部署

6.1安装脚本

vim /srv/salt/keepalived/install.sls{% set keepalived_version = '1.3.6' %}include:  - pkg.keepalivedkeepalived-install:  file.managed:    - name: /mnt/keepalived-{{keepalived_version}}.tar.gz    - source: salt://keepalived/files/keepalived-{{keepalived_version}}.tar.gz  cmd.run:    - name: cd /mnt && tar zxf keepalived-{{keepalived_version}}.tar.gz && cd keepalived-{{keepalived_version}} && ./configure --prefix=/usr/local/keepalived --with-init=SYSV && make && make install    - creates: /usr/local/keepalived/etc/sysconfig/keepalived:  file.managed:    - source: salt://keepalived/files/keepalived    - mode: 644    - user: root/etc/keepalived:  file.directory:    - mode: 755/etc/keepalived/keepalived.conf:  file.managed:    - source: salt://keepalived/files/keepalived.conf    - mode: 644    - template: jinja    {% if grains['fqdn'] == 'server6' %}    - STATE: MASTER    - PRIORITY: 100    {% elif grains['fqdn'] == 'server7' %}    - STATE: BACKUP    - PRIORITY: 50    {% endif %}/sbin/keepalived:  file.symlink:    - target: /usr/local/keepalived/sbin/keepalived/etc/init.d/keepalived:  file.managed:    - source: salt://keepalived/files/keepalived-init    - mode: 755

6.2 服务启动脚本service.sls

vim /srv/salt/keepalived/service.slsinclude:  - keepalived.installkeepalived-service:  service.running:    - name: keepalived    - enable: true    - reload: true    - watch:      - file: /etc/keepalived/keepalived.conf

6.3 依赖安装脚本keepalived.sls

vim /srv/salt/pkg/keepalived.slskeepalived-pkg:  pkg.installed:    - pkgs:      - gcc      - pcre-devel      - openssl-devel      - zlib-devel

6.4 keepalived 配置文件配置

! Configuration File for keepalivedglobal_defs {   notification_email {    root@localhost   }   notification_email_from keepalived@localhost   smtp_server 127.0.0.1   smtp_connect_timeout 30   router_id LVS_DEVEL   vrrp_skip_check_adv_addr#   vrrp_strict   vrrp_garp_interval 0   vrrp_gna_interval 0}vrrp_instance VI_1 {    state {{ STATE }}    interface eth0    virtual_router_id 51    priority {{ PRIORITY }}    advert_int 1    authentication {        auth_type PASS        auth_pass 1111    }    virtual_ipaddress {        172.25.27.100/24    }}virtual_server 172.25.27.100 80 {    delay_loop 6    lb_algo rr    lb_kind DR    persistence_timeout 50    protocol TCP    real_server 172.25.27.8 80 {        weight 1        TCP_CHECK {            connect_timeout 3            nb_get_retry 3            delay_before_retry 3        }    }    real_server 172.25.27.9 80 {        weight 1        TCP_CHECK {            connect_timeout 3            nb_get_retry 3            delay_before_retry 3        }    }}

7.安装部署

上面只是完成了脚本，巧妇难为无米之炊，我们还需要一些相应的包和配置文件来支持安装，这里不做详细介绍
最后配置下nginx的默认发布页

[root@server5 salt]# vim nginx/files/index.html<!DOCTYPE html><html><head><title>Welcome to nginx!</title><style>    body {        width: 35em;        margin: 0 auto;        font-family: Tahoma, Verdana, Arial, sans-serif;    }</style></head><body><h1>Welcome to nginx! {{ grains['host'] }}  </h1>       ##修改这里，用以区分<p>If you see this page, the nginx web server is successfully installed andworking. Further configuration is required.</p><p>For online documentation and support please refer to<a href="http://nginx.org/">nginx.org</a>.<br/>Commercial support is available at<a href="http://nginx.com/">nginx.com</a>.</p><p><em>Thank you for using nginx.</em></p></body></html>

再写一个测试页

vim /srv/salt/nginx/files/test.html<h1>data from {{ HOST }} <h1>

相应的/srv/salt/nginx/install.sls也要改动一下

vim /srv/salt/nginx/install.sls  ##在最后添加以下内容/usr/local/nginx/html/test.html:  file.managed:    - source: salt://nginx/files/test.html    - template: jinja    - HOST: {{ grains['host'] }}

最终的目录结构是这样的

[root@server5 srv]# tree.├── pillar│   ├── nginx│   │   └── web.sls│   └── top.sls└── salt    ├── haproxy    │   ├── files    │   │   ├── haproxy    │   │   ├── haproxy-1.6.11.tar.gz    │   │   └── haproxy.cfg    │   ├── install.sls    │   └── service.sls    ├── keepalived    │   ├── files    │   │   ├── keepalived    │   │   ├── keepalived-1.3.6.tar.gz    │   │   ├── keepalived.conf    │   │   └── keepalived-init    │   ├── install.sls    │   └── service.sls    ├── nginx    │   ├── files    │   │   ├── index.html    │   │   ├── nginx    │   │   ├── nginx-1.12.0.tar.gz    │   │   ├── nginx.conf    │   │   └── test.html    │   ├── install.sls    │   └── service.sls    ├── pkg    │   ├── haproxy.sls    │   ├── keepalived.sls    │   └── nginx.sls    ├── top.sls    └── user        ├── haproxy.sls        └── nginx.sls[root@server5 ~]# salt '*' saltutil.refresh_pillar     ##可不用执行[root@server5 salt]# salt server[8,9] saltutil.sync_grains              ##可不用执行[root@server5 salt]# salt '*' state.highstate

部署成功浏览器测试：

浏览器有缓存，我们通过shell查看轮询效果