Saltstack配置管理-功能模块-安装haproxy
配置管理,我们分了3层
最底层是系统初始化部分
倒数二层是功能模块,就是具体的产品的安装了
假如你的环境需要nginx,php,memcache,haproxy这4个功能模块
为了方便管理,你至少要创建4个目录
由于编译安装中用到一些依赖的包需要提前安装,我们又可以单独建立一个包管理的目录
操作如下
[root@master base]# cd
[root@master ~]# mkdir /srv/salt/prod/pkg
[root@master ~]# mkdir /srv/salt/prod/haproxy
[root@master ~]# mkdir /srv/salt/prod/haproxy/files
[root@master ~]# cd /srv/salt/prod/pkg/
[root@master pkg]# vim pkg-init.sls
[root@master pkg]# cat pkg-init.sls
pkg-init:
pkg.installed:
- names:
- gcc
- gcc-c++
- glibc
- make
- autoconf
- openssl
- openssl-devel
[root@master pkg]#
目录结构如下
[root@master pkg]# cd /srv/salt/prod/
[root@master prod]# tree
.
├── haproxy
│ └── files
└── pkg
└── pkg-init.sls
3 directories, 1 file
[root@master prod]#
1、由于是源码安装,先找台系统版本一致的机器把haproxy执行源码安装,把安装过程用到的命令采集出来
这里我们找一台机器10.0.1.174这个区安装haproxy
为了保持环境一致,除了系统版本一致外,最好yum源也一致,先手动安装编译环境
[root@mysql ~]# yum install gcc gcc-c++ make autoconf openssl openssl-devel glibc -y Loaded plugins: fastestmirror, refresh-packagekit, security Setting up Install Process Loading mirror speeds from cached hostfile * base: mirrors.zju.edu.cn * epel: mirrors.tuna.tsinghua.edu.cn * extras: mirrors.zju.edu.cn * updates: centos.ustc.edu.cn Package gcc-4.4.7-17.el6.x86_64 already installed and latest version Package gcc-c++-4.4.7-17.el6.x86_64 already installed and latest version Package 1:make-3.81-23.el6.x86_64 already installed and latest version Package autoconf-2.63-5.1.el6.noarch already installed and latest version Package openssl-1.0.1e-48.el6_8.3.x86_64 already installed and latest version Package openssl-devel-1.0.1e-48.el6_8.3.x86_64 already installed and latest version Package glibc-2.12-1.192.el6.x86_64 already installed and latest version Nothing to do [root@mysql ~]#
2、把源码包统一放在一个目录下,以后这也是minion机器的放的位置
[root@mysql src]# cd /usr/local/src/ [root@mysql src]# rz -E rz waiting to receive. [root@mysql src]# ls haproxy-1.6.2.tar.gz [root@mysql src]# tar xfz haproxy-1.6.2.tar.gz [root@mysql src]# cd haproxy-1.6.2 [root@mysql haproxy-1.6.2]#
3、执行如下命令编译和安装
haproxy 直接就是make && make install, 没有configure的步骤
make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
至此安装部分完成。
4、采集命令
把所有命令拷贝过来,通过&&连接起来 cd /usr/local/src/ && tar xfz haproxy-1.6.2.tar.gz && cd haproxy-1.6.2 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
5、搜集安装包和需要的文件
启动脚本的修改,找到BIN路径,修改成正确,如下,其余不用动
[root@mysql haproxy-1.6.2]# pwd /usr/local/src/haproxy-1.6.2 [root@mysql haproxy-1.6.2]# ls CHANGELOG ebtree include README tests contrib examples LICENSE ROADMAP VERDATE CONTRIBUTING haproxy MAINTAINERS src VERSION doc haproxy-systemd-wrapper Makefile SUBVERS [root@mysql haproxy-1.6.2]# cd examples/ [root@mysql examples]# vim haproxy.init [root@mysql examples]# grep BIN= haproxy.init BIN=/usr/local/haproxy/sbin/$BASENAME [root@mysql examples]#
把这个文件放到master机器的此目录下
[root@master files]# pwd /srv/salt/prod/haproxy/files [root@master files]# ls haproxy.init [root@master files]#
把源码包也上传到这个目录下统一管理
[root@master files]# ls haproxy-1.6.2.tar.gz haproxy.init [root@master files]#
6、在master机器上编写安装脚本
下面是个初步的脚本,把yum依赖的包include进来即可,注意相对路径,是在prod下面的pkg下面的pkg-init.sls配置文件
haproxy-install是个id,可以随便写,但是最好要通俗易懂
[root@master haproxy]# vim install.sls
include:
- pkg.pkg-init
haproxy-install:
file.namaged:
- name: /usr/local/src/haproxy-1.6.2.tar.gz
- source: salt://haproxy/files/haproxy-1.6.2.tar.gz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src/ && tar xfz haproxy-1.6.2.tar.gz && cd haproxy-1.6.2 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
上面脚本还不够完善,因为它每次执行都会重新编译安装一遍。
可以添加判断语句
脚本如下
test -d /usr/local/haproxy 如果目录存在,就为真,不存在就为假,这样minion机器上不存在haproxy目录时才去安装它
[root@master haproxy]# vim install.sls
include:
- pkg.pkg-init
haproxy-install:
file.namaged:
- name: /usr/local/src/haproxy-1.6.2.tar.gz
- source: salt://haproxy/files/haproxy-1.6.2.tar.gz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src/ && tar xfz haproxy-1.6.2.tar.gz && cd haproxy-1.6.2 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
- unless: test -d /usr/local/haproxy
继续优化,如果需要编译的依赖包没安装成功,而执行下面的haproxy-install步骤的话,肯定会报错
为了防止这种问题,官方给出如下功能模块
require下面的每个模块只能出现一次,比如,pkg和file只能出现一次。它们冒号后面的是你定义的id
include你可以理解为把文件内容复制进来,之所以使用include就是为了解耦
使用require的主要原因是防止上面的安装失败,因为只要上面的安装失败,后面的一定会报错的
[root@master haproxy]# vim install.sls
include:
- pkg.pkg-init
haproxy-install:
file.namaged:
- name: /usr/local/src/haproxy-1.6.2.tar.gz
- source: salt://haproxy/files/haproxy-1.6.2.tar.gz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src/ && tar xfz haproxy-1.6.2.tar.gz && cd haproxy-1.6.2 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
- unless: test -d /usr/local/haproxy
- require:
- pkg: pkg-init
- file: haproxy-install
注意:上面的pkg-init是include pkg.pkg-init文件里的你定义的id。 另外注意id是唯一的
另外一个id下面的某一个模块只能出现一次,haproxy-install这个id下面有文件管理模块,cmd.run模块
[root@master pkg]# pwd
/srv/salt/prod/pkg
[root@master pkg]# ls
pkg-init.sls
[root@master pkg]# cat pkg-init.sls
pkg-init:
pkg.installed:
- names:
- gcc
- gcc-c++
- glibc
- make
- autoconf
- openssl
- openssl-devel
[root@master pkg]#
继续优化
由于启动脚本也要传到minion上,
由于一个id下面只能出现一个模块,因此启动脚本还需要再写到一个新的id下面。
第一行这里是个name声明。 上面写了id声明其实为了include的时候方便,好调用
最后一行指的是haproxy-install下面的cmd模块。 一个id下面同样的模块只能有一次
此时,脚本内容如下
[root@master haproxy]# cat install.sls
include:
- pkg.pkg-init
haproxy-install:
file.managed:
- name: /usr/local/src/haproxy-1.6.2.tar.gz
- source: salt://haproxy/files/haproxy-1.6.2.tar.gz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src/ && tar xfz haproxy-1.6.2.tar.gz && cd haproxy-1.6.2 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
- unless: test -d /usr/local/haproxy
- require:
- pkg: pkg-init
- file: haproxy-install
/etc/init.d/haproxy:
file.managed:
- source: salt://haproxy/files/haproxy.init
- user: root
- group: root
- mode: 755
- require:
- cmd: haproxy-install
[root@master haproxy]#
继续完善
minion有一个内核参数需要修改,这个参数作用可以用来监听非本地ip,也就是改了之后可以监听别人的ip
默认是0,需要改为1
[root@minion01 ~]# cat /proc/sys/net/ipv4/ip_nonlocal_bind 0 [root@minion01 ~]#
把这个修改项加入到install.sls配置文件里
[root@master haproxy]# cat install.sls
include:
- pkg.pkg-init
haproxy-install:
file.managed:
- name: /usr/local/src/haproxy-1.6.2.tar.gz
- source: salt://haproxy/files/haproxy-1.6.2.tar.gz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src/ && tar xfz haproxy-1.6.2.tar.gz && cd haproxy-1.6.2 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
- unless: test -d /usr/local/haproxy
- require:
- pkg: pkg-init
- file: haproxy-install
/etc/init.d/haproxy:
file.managed:
- source: salt://haproxy/files/haproxy.init
- user: root
- group: root
- mode: 755
- require:
- cmd: haproxy-install
net.ipv4.ip_nonlocal_bind:
sysctl.present:
- value: 1
[root@master haproxy]#
继续补充
另外创建一个目录,用于存放配置文件。 调用了file.directory 方法,创建一个目录
[root@master haproxy]# cat install.sls
include:
- pkg.pkg-init
haproxy-install:
file.managed:
- name: /usr/local/src/haproxy-1.6.2.tar.gz
- source: salt://haproxy/files/haproxy-1.6.2.tar.gz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src/ && tar xfz haproxy-1.6.2.tar.gz && cd haproxy-1.6.2 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
- unless: test -d /usr/local/haproxy
- require:
- pkg: pkg-init
- file: haproxy-install
/etc/init.d/haproxy:
file.managed:
- source: salt://haproxy/files/haproxy.init
- user: root
- group: root
- mode: 755
- require:
- cmd: haproxy-install
net.ipv4.ip_nonlocal_bind:
sysctl.present:
- value: 1
haproxy-config-dir:
file.directory:
- name: /etc/haproxy
- user: root
- group: root
- mode: 755
[root@master haproxy]#
继续优化一下,把启动脚本加入系统服务里,同时在这之前做一个unless判断,如果有了就不执行了
[root@master haproxy]# cat install.sls
include:
- pkg.pkg-init
haproxy-install:
file.managed:
- name: /usr/local/src/haproxy-1.6.2.tar.gz
- source: salt://haproxy/files/haproxy-1.6.2.tar.gz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src/ && tar xfz haproxy-1.6.2.tar.gz && cd haproxy-1.6.2 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
- unless: test -d /usr/local/haproxy
- require:
- pkg: pkg-init
- file: haproxy-install
/etc/init.d/haproxy:
file.managed:
- source: salt://haproxy/files/haproxy.init
- user: root
- group: root
- mode: 755
- require:
- cmd: haproxy-install
net.ipv4.ip_nonlocal_bind:
sysctl.present:
- value: 1
haproxy-config-dir:
file.directory:
- name: /etc/haproxy
- user: root
- group: root
- mode: 755
haproxy-init:
cmd.run:
- name: chkconfig --add haproxy
- unless: chkconfig --list | grep haproxy
[root@master haproxy]#
上面的一些配置调整下顺序,可以合并一些
/etc/init.d/haproxy: file.managed:
和下面可以合并到一起
haproxy-init:
下面早这样显得更加清晰明了
分为
安装依赖包
编译安装包
创建配置目录
替换启动脚本,加入系统服务
修改内核参数
[root@master haproxy]# cat install.sls
include:
- pkg.pkg-init
haproxy-install:
file.managed:
- name: /usr/local/src/haproxy-1.6.2.tar.gz
- source: salt://haproxy/files/haproxy-1.6.2.tar.gz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src/ && tar xfz haproxy-1.6.2.tar.gz && cd haproxy-1.6.2 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
- unless: test -d /usr/local/haproxy
- require:
- pkg: pkg-init
- file: haproxy-install
haproxy-config-dir:
file.directory:
- name: /etc/haproxy
- user: root
- group: root
- mode: 755
haproxy-init:
file.managed:
- source: salt://haproxy/files/haproxy.init
- name: /etc/init.d/haproxy
- user: root
- group: root
- mode: 755
- require:
- cmd: haproxy-install
cmd.run:
- name: chkconfig --add haproxy
- unless: chkconfig --list | grep haproxy
- require:
- file: haproxy-init
net.ipv4.ip_nonlocal_bind:
sysctl.present:
- value: 1
[root@master haproxy]#
7、测试执行。
注意执行时的相对路径为prod下面的haproxy下面的install.sls文件
下面还不能执行,因为它默认以base为基准环境的。
[root@master haproxy]# salt 'minion01' state.sls haproxy.install
需要更改下环境,加入env=prod
[root@master haproxy]# salt 'minion01' state.sls haproxy.install env=prod
执行前先测试下语法
[root@master haproxy]# salt 'minion01' state.sls haproxy.install env=prod test=True
先对minion01执行
[root@master haproxy]# salt 'minion01' state.sls haproxy.install env=prod test=True
minion01:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc
Result: True
Comment: Package gcc is already installed.
Started: 00:13:35.109771
Duration: 1021.903 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: glibc
Result: True
Comment: Package glibc is already installed.
Started: 00:13:36.131853
Duration: 0.392 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl
Result: True
Comment: Package openssl is already installed.
Started: 00:13:36.132297
Duration: 0.204 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl-devel
Result: None
Comment: The following packages are set to be installed/updated: openssl-devel
Started: 00:13:36.132660
Duration: 6151.188 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: autoconf
Result: True
Comment: Package autoconf is already installed.
Started: 00:13:42.284082
Duration: 0.498 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc-c++
Result: True
Comment: Package gcc-c++ is already installed.
Started: 00:13:42.284643
Duration: 0.32 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: make
Result: True
Comment: Package make is already installed.
Started: 00:13:42.285021
Duration: 0.265 ms
Changes:
----------
ID: haproxy-install
Function: file.managed
Name: /usr/local/src/haproxy-1.6.2.tar.gz
Result: None
Comment: The file /usr/local/src/haproxy-1.6.2.tar.gz is set to be changed
Started: 00:13:42.287394
Duration: 6.023 ms
Changes:
----------
newfile:
/usr/local/src/haproxy-1.6.2.tar.gz
----------
ID: haproxy-install
Function: cmd.run
Name: cd /usr/local/src/ && tar xfz haproxy-1.6.2.tar.gz && cd haproxy-1.6.2 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
Result: None
Comment: Command "cd /usr/local/src/ && tar xfz haproxy-1.6.2.tar.gz && cd haproxy-1.6.2 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy" would have been executed
Started: 00:13:42.306558
Duration: 5.2 ms
Changes:
----------
ID: haproxy-config-dir
Function: file.directory
Name: /etc/haproxy
Result: None
Comment: The following files will be changed:
/etc/haproxy: directory - new
Started: 00:13:42.312015
Duration: 0.596 ms
Changes:
----------
ID: haproxy-init
Function: file.managed
Name: /etc/init.d/haproxy
Result: None
Comment: The file /etc/init.d/haproxy is set to be changed
Started: 00:13:42.312797
Duration: 2.457 ms
Changes:
----------
newfile:
/etc/init.d/haproxy
----------
ID: haproxy-init
Function: cmd.run
Name: chkconfig --add haproxy
Result: None
Comment: Command "chkconfig --add haproxy" would have been executed
Started: 00:13:42.315640
Duration: 29.487 ms
Changes:
----------
ID: net.ipv4.ip_nonlocal_bind
Function: sysctl.present
Result: None
Comment: Sysctl option net.ipv4.ip_nonlocal_bind set to be changed to 1
Started: 00:13:42.345758
Duration: 15.01 ms
Changes:
Summary
------------
Succeeded: 13 (unchanged=7, changed=2)
Failed: 0
------------
Total states run: 13
[root@master haproxy]#
显示无异常,去掉test,然后执行
由于执行过程打印东西太多,这里只粘贴后部分
ID: haproxy-config-dir
Function: file.directory
Name: /etc/haproxy
Result: True
Comment: Directory /etc/haproxy updated
Started: 00:18:33.811215
Duration: 58.435 ms
Changes:
----------
/etc/haproxy:
New Dir
----------
ID: haproxy-init
Function: file.managed
Name: /etc/init.d/haproxy
Result: True
Comment: File /etc/init.d/haproxy updated
Started: 00:18:33.870191
Duration: 29.092 ms
Changes:
----------
diff:
New file
mode:
0755
----------
ID: haproxy-init
Function: cmd.run
Name: chkconfig --add haproxy
Result: True
Comment: Command "chkconfig --add haproxy" run
Started: 00:18:33.901244
Duration: 63.336 ms
Changes:
----------
pid:
12612
retcode:
0
stderr:
stdout:
----------
ID: net.ipv4.ip_nonlocal_bind
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.ip_nonlocal_bind = 1
Started: 00:18:33.966223
Duration: 19.02 ms
Changes:
----------
net.ipv4.ip_nonlocal_bind:
1
Summary
-------------
Succeeded: 13 (changed=7)
Failed: 0
-------------
Total states run: 13
[root@master haproxy]#
一个好的配置管理文件支持多次执行而不报错
[root@master haproxy]# salt 'minion01' state.sls haproxy.install env=prod
minion01:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc
Result: True
Comment: Package gcc is already installed.
Started: 00:20:40.519033
Duration: 1009.595 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: glibc
Result: True
Comment: Package glibc is already installed.
Started: 00:20:41.528770
Duration: 0.551 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl
Result: True
Comment: Package openssl is already installed.
Started: 00:20:41.529382
Duration: 0.233 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl-devel
Result: True
Comment: Package openssl-devel is already installed.
Started: 00:20:41.529665
Duration: 0.31 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: autoconf
Result: True
Comment: Package autoconf is already installed.
Started: 00:20:41.530024
Duration: 0.242 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc-c++
Result: True
Comment: Package gcc-c++ is already installed.
Started: 00:20:41.530314
Duration: 0.212 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: make
Result: True
Comment: Package make is already installed.
Started: 00:20:41.530573
Duration: 0.292 ms
Changes:
----------
ID: haproxy-install
Function: file.managed
Name: /usr/local/src/haproxy-1.6.2.tar.gz
Result: True
Comment: File /usr/local/src/haproxy-1.6.2.tar.gz is in the correct state
Started: 00:20:41.532769
Duration: 8.86 ms
Changes:
----------
ID: haproxy-install
Function: cmd.run
Name: cd /usr/local/src/ && tar xfz haproxy-1.6.2.tar.gz && cd haproxy-1.6.2 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
Result: True
Comment: unless execution succeeded
Started: 00:20:41.542658
Duration: 6.244 ms
Changes:
----------
ID: haproxy-config-dir
Function: file.directory
Name: /etc/haproxy
Result: True
Comment: Directory /etc/haproxy is in the correct state
Started: 00:20:41.549086
Duration: 0.834 ms
Changes:
----------
ID: haproxy-init
Function: file.managed
Name: /etc/init.d/haproxy
Result: True
Comment: File /etc/init.d/haproxy is in the correct state
Started: 00:20:41.550087
Duration: 2.897 ms
Changes:
----------
ID: haproxy-init
Function: cmd.run
Name: chkconfig --add haproxy
Result: True
Comment: unless execution succeeded
Started: 00:20:41.553362
Duration: 31.036 ms
Changes:
----------
ID: net.ipv4.ip_nonlocal_bind
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.ip_nonlocal_bind = 1 is already set
Started: 00:20:41.585118
Duration: 14.902 ms
Changes:
Summary
-------------
Succeeded: 13
Failed: 0
-------------
Total states run: 13
[root@master haproxy]#
minion01上验证
[root@minion01 ~]# ll /usr/local/haproxy/ total 12 drwxr-xr-x 3 root root 4096 Jan 2 00:18 doc drwxr-xr-x 2 root root 4096 Jan 2 00:18 sbin drwxr-xr-x 3 root root 4096 Jan 2 00:18 share [root@minion01 ~]# chkconfig --list haproxy haproxy 0:off 1:off 2:off 3:off 4:off 5:off 6:off [root@minion01 ~]# cat /proc/sys/net/ipv4/ip_nonlocal_bind 1 [root@minion01 ~]#