SaltStack-02Haproxy以及Keepalived配置

1.首先我们不在base环境下面做在,prod环境下面。确保/etc/salt/master中没有注释prod这一行：

# Example:
file_roots:
  base:
    - /srv/salt/base
  dev:
    - /srv/salt/dev/services
    - /srv/salt/dev/states
  prod:
    - /srv/salt/prod

2.在prod环境下面创建如下文件

目录结构为：

root@ubuntu2:/srv/salt/prod# tree . -L 3
.
├── cluster
│   ├── files
│   │   └── haproxy-outside.cfg
│   └── haproxy-outside.sls
├── haproxy
│   ├── files
│   │   ├── haproxy-1.7-dev6
│   │   ├── haproxy-1.7-dev6.zip
│   │   └── haproxy.init
│   └── install.sls
└── pkg
    └── pkg-init.sls

haproxy-1.7-dev6.zip下载路径：https://github.com/haproxy/haproxy/tree/v1.7-dev6

各个文件内容：

install.sls
include:        #引入基础包安装模块
  - pkg.pkg-init

haproxy-install:
  file.managed:
    - name: /usr/local/src/haproxy-1.7-dev6.zip
    - source: salt://haproxy/files/haproxy-1.7-dev6.zip
    - user: root
    - group: root
    - mode: 755
  cmd.run:
    - name: cd /usr/local/src && unzip haproxy-1.7-dev6.zip && cd haproxy-1.7-dev6 && make TARGET=linux2628 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
    - unless: test -d /usr/local/haproxy #如果没有安装haproxy才进行安装
    - require:
      - pkg: pkg-init
      - file: haproxy-install

haproxy-init:
  file.managed:
    - name: /etc/init.d/haproxy
    - source: salt://haproxy/files/haproxy.init
    - user: root
    - group: root
    - mode: 755
    - require:
      - cmd: haproxy-install
  cmd.run:
    - name: chkconfig --add haproxy
    - unless: chkconfig --list | grep haproxy
    - require:
      - file: haproxy-init

#配置可以监听本机以外的其他IP
net.ipv4.ip_nonlocal_bind:
  sysctl.present:
    - value: 1

haproxy-config-dir:
  file.directory:
    - name: /etc/haproxy
    - user: root
    - group: root
    - mode: 755

haproxy.init 为解压后的安装包内haproxy-1.7-dev6/examples/haproxy.init 第35行更改为一下内容：
BIN=/usr/local/haproxy/sbin/$BASENAME

pkg/pkg-init.sls

pkg-init:
  pkg.installed:
    - names:
      - gcc
      - gcc-c++
      - glibc
      - make
      - autoconf
      - openssl
      - openssl-devel

#外网负载均衡配置

cluster/haproxy-outside.sls

include:   
  - haproxy.install

haproxy-service:
  file.managed:
    - name: /etc/haproxy/haproxy.cfg
    - source: salt://cluster/files/haproxy-outside.cfg
    - user: root
    - group: root
    - mode: 644
  service.running:
    - name: haproxy
    - enable: True
    - reload: True #watch下面的文件发生变化就reload服务
    - require:
      - cmd: haproxy-init # haproxy.install 中的ID
    - watch:
      - file: haproxy-service #自身的file

cluster/files/haproxy-outside.cfg

global
maxconn 100000
chroot /usr/local/haproxy
uid 99
gid 99
daemon
nbproc 1
pidfile /usr/local/haproxy/logs/haproxy.pid
log 127.0.0.1 local3 info

defaults
option http-keep-alive
maxconn 100000
mode http
timeout connect 5000ms
timeout client 5000ms
timeout server 5000ms

listen stats
mode http
bind 0.0.0.0:8888
stats enable
stats uri /haproxy-status
stats auth haproxy:saltstack

frontend frontend_www_example_com
#VIP

bind 192.168.1.8:80
mode http
option httplog
log global
    default_backend backend_www_example_com

backend backend_www_example_com
option forwardfor header X-REAL-IP
option httpchk HEAD / HTTP/1.0
balance source

#记住要事前在两台node上面安装httpd并配置/etc/httpd/conf/httpd.conf中Listen 8081,负载均衡服务监听80端口，监听8081可以用普通用户启动
server web-mode1 192.168.1.6:8081 check inter 2000 rise 30 fall 15
server web-mode2 192.168.1.5:8081 check inter 2000 rise 30 fall 15

最后一步，top.sls中/srv/salt/base/top.sls

base:
  '*':
    - init.env_init

prod:
  'centser1,centser2':
    - match: list
    - cluster.haproxy-outside

实用命令salt  '*' state.highstate 部署两台centos web servers.

打开192.168.1.6:8888 登陆 haproxy/saltstack，

注意 status部分可能为Down，在/var/www/html下面随便创建一个index.html，刷新页面即可