saltstack之keepalived的安装配置

使用saltstack编译安装keepalived：

创建相应的目录，并在目录下创建相应的sls配置文件

[root@node1 ~]# mkdir /srv/salt/prod/keepalived
[root@node1 ~]# mkdir /srv/salt/prod/keepalived/files

1、使用saltstack进行编译安装keepalived

1.1将下载好的keepalived源码包放置在keepalived目录下面的files目录中（files目录提供需要用的源码包，文件等）

[root@node1 etc]# pwd
/usr/local/src/keepalived-1.3.6/keepalived/etc
[root@node1 etc]# cp keepalived/keepalived.conf /srv/salt/prod/keepalived/files/
[root@node1 etc]# cp init.d/keepalived /srv/salt/prod/keepalived/files/keepalived.init
[root@node1 sysconfig]# pwd
/usr/local/src/keepalived-1.3.6/keepalived/etc/sysconfig
[root@node1 sysconfig]# cp keepalived /srv/salt/prod/keepalived/files/keepalived.sysconfig

查看files目录下面文件：

[root@node1 keepalived]# ll files/
total 696
-rw-r--r-- 1 root root 702570 Oct 10 22:21 keepalived-1.3.6.tar.gz
-rwxr-xr-x 1 root root   1335 Oct 10 22:17 keepalived.init
-rw-r--r-- 1 root root    667 Oct 10 22:28 keepalived.sysconfig

1.2haproxy的源码包和启动脚本准备好后，开始进行安装keepalived

[root@node1 keepalived]# pwd
/srv/salt/prod/keepalived
[root@node1 keepalived]# cat install.sls
include:
  - pkg.pkg-init

keepalived-install:
  file.managed:
    - name: /usr/local/src/keepalived-1.3.6.tar.gz
    - source: salt://keepalived/files/keepalived-1.3.6.tar.gz
    - user: root
    - group: root
    - mode: 755
  cmd.run:
    - name: cd /usr/local/src/ && tar xf keepalived-1.3.6.tar.gz && cd keepalived-1.3.6 && ./configure --prefix=/usr/local/keepalived --disable-fwmark && make && make install
    - unless: test -d /usr/local/keepalived
    - require:
      - pkg: pkg-init
      - file: keepalived-install

keepalived-init:
  file.managed:
    - name: /etc/init.d/keepalived
    - source: salt://keepalived/files/keepalived.init
    - user: root
    - group: root
    - mode: 755
  cmd.run:
    - name: chkconfig --add keepalived
    - unless: chkconfig --list|grep keepalived
    - require:
      - file: /etc/init.d/keepalived

/etc/sysconfig/keepalived:
  file.managed:
    - source: salt://keepalived/files/keepalived.sysconfig
    - user: root
    - group: root
    - mode: 644

/etc/keepalived:
  file.directory:
    - user: root
    - group: root
    - mode: 755

总结上面配置文件包括：1、include进来编译环境 2、编译安装keepalived 3、添加keepalived脚本文件，并添加到系统服务中 4、复制keepalived.sysconfig文件 5、创建keepalived配置文件目录

执行install.sls文件，安装keepalived：

[root@node1 keepalived]# salt 'node1' state.sls keepalived.install saltenv=prod

3、安装完keepalived后，并且keepalived已经有了启动脚本，接下来需要给keepalived提供配置文件，最后将keepalived服务开启，由于根据业务需求的不同，可能用到的keepalived的配置文件会有区别，

所以这里将配置文件与keepalived的安装分隔开进行状态管理配置，以后minion的keepalived可以根据配置文件的不同而提供安装

[root@node1 cluster]# pwd
/srv/salt/prod/cluster
[root@node1 cluster]# cat haproxy-outside-keepalived.sls    haproxy与keepalived结合使用的高可用
include:
  - keepalived.install

keepalived-service:
  file.managed:
    - name: /etc/keepalived/keepalived.conf
    - source: salt://cluster/files/haproxy-outside-keepalived.conf
    - user: root
    - group: root
    - mode: 644
    - template: jinja             jinja模板调用，使用变量
    {% if grains['fqdn'] == 'node1' %}             基于节点的fqdn信息来赋予变量值
    - ROUTEID: haproxy_node1
    - STATEID: MASTER
    - PRIORITYID: 150
    {% elif grains['fqdn'] == 'node2' %}
    - ROUTEID: haproxy_node2
    - STATEID: BACKUP
    - PRIORITYID: 100
    {% endif %}
  service.running:
    - name: keepalived
    - enable: True
    - reload: True
    - watch:
      - file: keepalived-service

总结上述配置文件内容：1、include进来keepalived的安装 2、给各节点提供不同的配置文件，用到了jinja模板调用grains 3、开启keepalived服务，并开启自启动

最后将keepalived项目添加到top.sls文件中：

[root@node1 base]# cat top.sls
base:
  '*':
    - init.env_init

prod:
  'node1':
    - cluster.haproxy-outside
    - cluster.haproxy-outside-keepalived

整个keepalived项目构架图：

[root@node1 keepalived]# tree
.
├── files
│   ├── keepalived-1.3.6.tar.gz
│   ├── keepalived.init
│   └── keepalived.sysconfig
└── install.sls

1 directory, 4 files
[root@node1 keepalived]# cd ../cluster/
[root@node1 cluster]# tree
.
├── files
│   ├── haproxy-outside.cfg
│   └── haproxy-outside-keepalived.conf
├── haproxy-outside-keepalived.sls
└── haproxy-outside.sls

node1节点安装没有问题，那么更改top.sls中节点设置，将node2节点也给添加上：

[root@node1 base]# cat top.sls
base:
  '*':
    - init.env_init

prod:
  '*':                 只有两个节点，所以这里*代替了
    - cluster.haproxy-outside
    - cluster.haproxy-outside-keepalived

执行状态配置文件：

[root@node1 base]# salt '*' state.highstate

查看node2状态：

[root@node2 ~]# netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 192.168.44.10:80            0.0.0.0:*                   LISTEN      16791/haproxy
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1279/sshd
tcp        0      0 0.0.0.0:8090                0.0.0.0:*                   LISTEN      16791/haproxy
tcp        0      0 :::8080                     :::*                        LISTEN      14351/httpd
tcp        0      0 :::22                       :::*                        LISTEN      1279/sshd
udp        0      0 0.0.0.0:68                  0.0.0.0:*                               1106/dhclient

可以看见haproxy已经监听起来了，监听在了一个不是自己实际ip的地址上

查看node1的vip信息：

[root@node1 files]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0C:29:86:2C:63
          inet addr:192.168.44.134  Bcast:192.168.44.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe86:2c63/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:230013 errors:0 dropped:0 overruns:0 frame:0
          TX packets:172530 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:130350592 (124.3 MiB)  TX bytes:19244347 (18.3 MiB)

eth0:0    Link encap:Ethernet  HWaddr 00:0C:29:86:2C:63
          inet addr:192.168.44.10  Bcast:0.0.0.0  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:145196 errors:0 dropped:0 overruns:0 frame:0
          TX packets:145196 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:12285984 (11.7 MiB)  TX bytes:12285984 (11.7 MiB)

可以看见eth0:0就是vip，手动将keepalived停止，查看vip是否漂移到nide2？

[root@node1 files]# /etc/init.d/keepalived stop
Stopping keepalived:                                       [  OK  ]

查看node2状态：

[root@node2 ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0C:29:34:32:CB
          inet addr:192.168.44.135  Bcast:192.168.44.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe34:32cb/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:494815 errors:0 dropped:0 overruns:0 frame:0
          TX packets:357301 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:250265303 (238.6 MiB)  TX bytes:98088504 (93.5 MiB)

eth0:0    Link encap:Ethernet  HWaddr 00:0C:29:34:32:CB
          inet addr:192.168.44.10  Bcast:0.0.0.0  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:2953 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2953 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1272983 (1.2 MiB)  TX bytes:1272983 (1.2 MiB)

于是haproxy结合keepalived的高可用基于saltstack安装成功，下面为haproxy和keepalived的简单配置文件：

haproxy配置文件：

[root@node1 files]# pwd
/srv/salt/prod/cluster/files
[root@node1 files]# cat haproxy-outside.cfg
#
# This is a sample configuration. It illustrates how to separate static objects
# traffic from dynamic traffic, and how to dynamically regulate the server load.
#
# It listens on 192.168.1.10:80, and directs all requests for Host 'img' or
# URIs starting with /img or /css to a dedicated group of servers. URIs
# starting with /admin/stats deliver the stats page.
#

global
        maxconn         10000
        stats socket    /var/run/haproxy.stat mode 600 level admin
        log             127.0.0.1 local0
        uid             200
        gid             200
        chroot          /var/empty
        daemon

defaults
        mode    http
        timeout connect 5000ms
        timeout client 50000ms
        timeout server 50000ms

# The public 'www' address in the DMZ
frontend webserver
        bind    192.168.44.10:80
        default_backend web
        #bind            192.168.1.10:443 ssl crt /etc/haproxy/haproxy.pem
        mode    http

listen  base_stats
        bind *:8090
        stats enable
        stats hide-version
        stats uri /haproxy?stats
        stats realm "haproxy statistics"
        stats auth wadeson:redhat

# The static backend backend for 'Host: img', /img and /css.
backend web
        balance         roundrobin
        retries         2
        server          web1 192.168.44.134:8080 check inter 1000
        server          web2 192.168.44.135:8080 check inter 1000

keepalived配置文件：

[root@node1 files]# cat haproxy-outside-keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {
     json_hc@163.com
   }
   notification_email_from json_hc@163.com
   smtp_server smtp.163.com
   smtp_connect_timeout 30
   router_id {{ ROUTEID }}
}

vrrp_instance VI_1 {
    state {{ STATEID }}
    interface eth0
    virtual_router_id 51
    priority {{ PRIORITYID }}
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass password
    }
    virtual_ipaddress {
        192.168.44.10/24 dev eth0 label eth0:0
    }
}

查看高可用的负载效果：