本章主要介紹通過saltstack建構系統高可用架構,以滿足業務需求。通過Haproxy實作負載均衡排程後端Nginx+PHP伺服器,Keepalived實作系統高可用功能,Memcached存儲session會話,後端資料庫采用Mysql并且實作主從複制以及讀寫分離。
一、拓撲圖
一、系統架構圖
我們通過saltstack實作的整個系統環境可以分為三部分:
系統初始化:用于設定節點狀态,如dns、history指令記錄、系統核心參數設定等。
功能子產品:用于整個系統的功能實作,如Nginx、Mysql、Haproxy、keepalived的安裝和腳本檔案配置下發等。
業務子產品:用于引用一些差異型功能,如hapzory或keeplaived的配置檔案下發,每個節點的配置參數是不一樣的,我們稱之為業務子產品。
之是以将功能子產品和業務子產品分開來做這樣的好處在于:
如haproxy的安裝以及負載均衡配置的實作之是以分開來做,這樣的好處在于随着節點數量不斷的增加,差異性不斷的擴大。我們安裝都引用相同的安裝腳本,但是每個節點的參數配置是不相同的,是以我們在業務子產品上進行每個節點不同參數的實作。
實驗環境:
| IP位址 | Saltstack角色 | 業務角色 | 主機名 | 系統環境 |
| 192.168.39.135 | master | Saltstack-server | centos | CentOS release 6.7 (Final) |
| 192.168.39.200 | minion | Haproxy、keealived | centos-test1 | |
| 192.168.39.201 | centos-test2 | |||
| 192.168.39.202 | Nginx+PHP、Mysql | centos-test3 | ||
| 192.168.39.203 | Nginx+PHP、Mysql 、Memcached | centos-test4 |
Saltstack的安裝、配置、授權等可參考:http://blog.51cto.com/bovin/1984115
二、Salt-Minion端環境配置
一、系統初始化
我們将系統的每個節點都進行一定的系統初始化設定,如dns、history指令記錄、系統核心參數設定等。首先,進入salt的base環境,我們所有的系統設定都在此環境下進行設定。
[root@centos files]# cd /srv/salt/base/ 建立init目錄,用于系統的整個初始化相關設定。
[root@centos base]# mkdir init 配置各個節點dns解析:
[root@centos init]# vim dns.sls /etc/resolv.conf:
file.managed:
- source: salt://init/files/resolv.conf
- user: root
- group: root
- mode: 644
- template: jinja
- defaults:
DNS_SERVER: 192.168.39.23 files下resolv.conf檔案内容為:
[root@centos init]# cat files/resolv.conf
# Generated by NetworkManager
nameserver {{ DNS_SERVER }} 使各個節點history指令都記錄時間:
[root@centos init]# vim history.sls /etc/profile:
file.append:
- text:
- export HISTTIMEFORMAT="%F %T `whoami`" 注:file子產品通過append追加方式寫入環境變量中
審計sls檔案,将每個使用者的指令都記錄到/var/log/message檔案中:
[root@centos init]# vim audit.sls /etc/bashrc:
file.append:
- text:
- export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; }); logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg";}' 對節點的系統核心參數設定:
[root@centos init]# vim sysctl.sls vm.swappiness:
sysctl.present:
- value: 0
net.ipv4.ip_local_port_range:
sysctl.present:
- value: 10000 65000
fs.file-max:
sysctl.present:
- value: 100000 引導以上各個功能子產品:
[root@centos init]# vim env_init.sls include:
- init.dns
- init.history
- init.audit
- init.sysctl 注:通過include進行子產品引用
編寫top file檔案:
[root@centos base]# vim /srv/salt/base/top.sls base:
'*':
- init.env_init 注:base環境下,init目錄查找env_init檔案
目錄檔案結構,如下:
在執行時我們可以通過指定參數,模拟執行:
[root@centos base]# salt '*' state.highstate test=True 注:test=True模拟執行方式
模拟執行完沒有報錯,我們可以放心去設定節點初始化環境了:
[root@centos base]# salt '*' state.highstate 三、前端高可用
根據整個系統架構圖,我們可以分為兩大部分來完成。前端高可用和後端上線服務,前端高可用主要包括haproxy和keepalived安裝及配置。後端線上服務包括nginx、php、memcache、mysql的安裝及配置。以下是haproxy和keepalived安裝和配置。
一、功能子產品之haproxy安裝
功能子產品分為:前端排程Haproxy,後端Nginx+PHP,資料庫Mysql以及會話存儲Memcached。以下是saltstack實作功能子產品Haproxy的執行個體安裝:
建立Haproxy子產品的檔案目錄:
[root@centos ~]# mkdir /srv/salt/prod/pkg/ 注:pkg目錄用于存放軟體安裝包
[root@centos ~]# mkdir /srv/salt/prod/haproxy
[root@centos ~]# mkdir /srv/salt/prod/haproxy/files 注:haproxy目錄用于存放haroxy的安裝腳本和檔案
[root@centos ~]# cd /srv/salt/prod/pkg/ [root@centos pkg]# vim pkg-init.sls
pkg-init:
pkg.installed:
- names:
- gcc
- gcc-c++
- glibc
- make
- autoconf
- openssl
- openssl-devel 注:pkg-init.sls用解決源碼安裝所需要的相關依賴
[root@centos ~]# cd /srv/salt/prod/haproxy [root@centos haproxy]# vim install.sls
include: #include haproxy源碼包
- pkg.pkg-init
haproxy-install: #安裝haproxy 包括兩個步驟:管理檔案、執行cmd.run
file.managed:
- name: /usr/local/src/haproxy-1.6.2.tar.gz
- source: salt://haproxy/files/haproxy-1.6.2.tar.gz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src/ && tar -zxf haproxy-1.6.2.tar.gz && cd haproxy-1.6.2 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
- unless: test -d /usr/local/haproxy #判斷haproxy目錄是否存在,如果存在不在繼續安裝
- require: #執行完cmd.run後,如果執行成功,則繼續。否則,不執行以下。
- pkg: pkg-init
- file: haproxy-install
haproxy-init: #定義haproxy-init,包括:拷貝haproxy啟動腳本到相關路徑下、添加系統服務
file.managed:
- name: /etc/init.d/haproxy
- source: salt://haproxy/files/haproxy.init
- user: root
- group: root
- mode: 755
- require:
- cmd: haproxy-install
cmd.run:
- name: chkconfig --add haproxy
- unless: chkconfig --list | grep haproxy #如果有chkconfg .. 指令 不在執行name
- require:
- file: haproxy-init
net.ipv4.ip_nonlocal_bind: #監聽本地ip
sysctl.present:
- value: 1
haproxy-config-dir: #建立haproxy的目錄
file.directory:
- name: /etc/haproxy
- user: root
- group: root
- mode: 755 注:salt檔案相關參數介紹:
功能名稱:requisites
功 能:處理狀态間關系
常用方法:
require #依賴某個狀态
require_in #被某個狀态依賴
watch #關注某個狀态
watch_in #被某個狀态關注
狀态子產品:狀态間關系
功 能:條件判斷,主要用于cmd狀态子產品
常用方法:
-onlyif:檢查的指令,僅當“onlyif”選項指向的指令傳回true時才執行name定義的指令。
-unless;用于檢查的指令,僅當“unless”選項指向的指令傳回false時才執行name指向的指令。 目錄結構,如下:
執行安裝haproxy:
[root@centos haproxy]# salt 'centos-test[1-2]' state.sls haproxy.install env=prod 注:env=prod 指定prod目錄下執行,如果不加此參數會預設從base環境下執行sls檔案
可以看到執行haproxy安裝成功了。
二、業務引用之Haproxy負載均衡的實作
Haproxy的安裝我們選擇源碼包進行安裝,我們通過檔案管理子產品進行haproxy的檔案配置管理,需要将兩個節點配置為負載均衡模式。
建立業務引用相關目錄:
業務引用我們都是在cluster目錄下進行。
[root@centos ~]# mkdir /srv/salt/prod/cluster #用于存放叢集相關檔案
[root@centos ~]# mkdir /srv/salt/prod/cluster/files
[root@centos prod]# cd /srv/salt/prod/cluster/files/ #切換到此目錄下建立salt檔案 [root@centos files]# vim haproxy-outside.cfg #外網負載均衡配置檔案
global
maxconn 100000
chroot /usr/local/haproxy
uid 99
gid 99
daemon
nbproc 1
pidfile /usr/local/haproxy/logs/haproxy.pid
log 127.0.0.1 local3 info
#預設參數設定
defaults
option http-keep-alive
maxconn 100000
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
#開啟Haproxy Status狀态監控,增加驗證
listen stats
mode http
bind 0.0.0.0:8888
stats enable
stats uri /haproxy-status
stats auth haproxy:saltstack
#前端設定
frontend frontend_www_example_com
#bind 10.0.0.11:80
bind 192.168.39.100:80
mode http
option httplog
log global
default_backend backend_www_example_com
#後端設定
backend backend_www_example_com
option forwardfor header X-REAL-IP
option httpchk HEAD / HTTP/1.0
#balance source如果想要輪訓則改為roundrobin
balance source
server web-node1 192.168.39.202:8080 check inter 2000 rise 30 fall 15
server web-node2 192.168.39.203:8080 check inter 2000 rise 30 fall 15 編寫haproxy的salt檔案:
salt檔案主要涉及到haproxy的安裝引用、對配置檔案的下發、haproxy的服務啟動等功能。
[root@centos cluster]# vim haproxy-outside.sls
include: #include haproxy的安裝檔案
- haproxy.install
haproxy-service:
file.managed: #将source執行的haproxy配置檔案,存放到name指定路徑下
- name: /etc/haproxy/haproxy.cfg
- source: salt://cluster/files/haproxy-outside.cfg
- user: root
- group: root
- mode: 644
service.running: #啟動haproxy服務
- name: haproxy
- enable: True
- reload: True #允許reload服務
- require:
- cmd: haproxy-init #引用haproxy目錄下install檔案中的haproxy-init标簽
- watch: #通過watch狀态監控,如果配置檔案發生改變 就reload
- file: haproxy-service #haproxy-servcie标簽下的file子產品 注:此檔案依賴于haproxy目錄下的install.sls檔案。
現在,可以編寫top file檔案,讓其兩個haproxy節點能夠正常運作服務:
[root@centos cluster]# cd /srv/salt/base/ [root@centos base]# vim top.sls
base:
'*':
- init.env_init
prod:
'centos-test1':
- cluster.haproxy-outside
'centos-test2':
- cluster.haproxy-outside 編寫完top file檔案可以,執行進階模式來執行salt檔案:
[root@centos base]# salt '*' state.highstate 可以看到已經執行成功,成功21項狀态。
現在,我們可以通過浏覽器通路haproxy管理界面:
在這裡由于/var/www/html沒有頁面資訊,健康檢查會顯示異常,是以需要在兩個節點上建立html檔案資訊。
[root@centos-test1:/root]
# echo ‘centos-test1’ > /var/www/html/index.html
[root@centos-test2:/root]
# echo ‘centos-test2’ > /var/www/html/index.html 三、功能子產品之keepalived的安裝
在keepalived安裝之前,我們首先需要準備keepalived的安裝包、啟動腳本以及配置檔案等。我們需要将所有的這些東西都放到keepalived/files目錄下。
建立keepalived的相關目錄:
[root@centos etc]# mkdir /srv/salt/prod/keepalived
[root@centos etc]# mkdir /srv/salt/prod/keepalived/files 拷貝keepalived的相關檔案:
[root@centos etc]# cp init.d/keepalived.init /srv/salt/prod/keepalived/files/
[root@centos etc]# cp keepalived/keepalived.conf /srv/salt/prod/keepalived/files/ keepalived.init-keepalived的啟動腳本
#!/bin/sh
#
# Startup script for the Keepalived daemon
#
# processname: keepalived
# pidfile: /var/run/keepalived.pid
# config: /etc/keepalived/keepalived.conf
# chkconfig: - 21 79
# description: Start and stop Keepalived
# Source function library
. /etc/rc.d/init.d/functions
# Source configuration file (we set KEEPALIVED_OPTIONS there)
. /etc/sysconfig/keepalived
RETVAL=0
prog="keepalived"
start() {
echo -n $"Starting $prog: "
daemon /usr/local/keepalived/sbin/keepalived ${KEEPALIVED_OPTIONS}
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
}
stop() {
echo -n $"Stopping $prog: "
killproc keepalived
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog
}
reload() {
echo -n $"Reloading $prog: "
killproc keepalived -1
RETVAL=$?
echo
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
stop
start
;;
condrestart)
if [ -f /var/lock/subsys/$prog ]; then
stop
start
fi
;;
status)
status keepalived
RETVAL=$?
;;
*)
echo "Usage: $0 {start|stop|reload|restart|condrestart|status}"
RETVAL=1
esac
exit $RETVAL keepalived.conf-keepalived的配置檔案:
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
[email protected]
[email protected]
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.200.16
192.168.200.17
192.168.200.18
}
}
virtual_server 192.168.200.100 443 {
delay_loop 6
lb_algo rr
lb_kind NAT
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 192.168.201.100 443 {
weight 1
SSL_GET {
url {
path /
digest ff20ad2481f97b1754ef3e12ecd3a9cc
}
url {
path /mrtg/
digest 9b3a0c85a887a256d6939da88aabd8cd
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 10.10.10.2 1358 {
delay_loop 6
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
sorry_server 192.168.200.200 1358
real_server 192.168.200.2 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.200.3 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334c
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334c
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 10.10.10.3 1358 {
delay_loop 3
lb_algo rr
lb_kind NAT
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 192.168.200.4 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.200.5 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
} [root@centos keepalived]# cd /usr/local/keepalived/etc/sysconfig/
[root@centos sysconfig]# ls
keepalived
[root@centos sysconfig]# cp keepalived /srv/salt/prod/keepalived/files/keepalived.sysconfig 現在,我們檢視files目錄都有哪些東西:
[root@centos keepalived]# ls files/
keepalived-1.2.19.tar.gz keepalived.init
keepalived.conf keepalived.sysconfig 準備好keepalived的相關檔案之後,現在我們可以編寫salt檔案:
salt檔案主要涉及到pkg-init腳本的引用,此腳本主要是解決安裝前的依賴;keepalived-install标簽用于安裝keepalived;keepalived-init标簽用于下發啟動腳本以及将服務加入到系統啟動中;/etc/sysconfg/keepalived标簽用于下發配置檔案到各個節點上。
[root@centos keepalived]# vim install.sls
include: #引用pkg目錄下pkg-init腳本
- pkg.pkg-init
keepalived-install:
file.managed: #file子產品來拷貝keepalived的安裝包
- name: /usr/local/src/keepalived-1.2.19.tar.gz
- source: salt://keepalived/files/keepalived-1.2.19.tar.gz
- usr: root
- group: root
- mode: 755
cmd.run: #cmd子產品的- name函數來執行具體安裝指令
- name: cd /usr/local/src && tar -zxf keepalived-1.2.19.tar.gz && cd keepalived-1.2.19 && ./configure --prefix=/usr/local/keepalived --disable-fwmark && make && make install
- unless: test -d /usr/local/keepalived
- require: #require狀态依賴關系
- pkg: pkg-init
- file: keepalived-install
keepalived-init:
file.managed:
- name: /etc/init.d/keepalived
- source: salt://keepalived/files/keepalived.init
- usr: root
- group: root
- mode: 755
cmd.run:
- name: chkconfig --add keepalived
- unless: chkconfig --list | grep keepalived
- require:
- file: keepalived-init
/etc/sysconfig/keepalived:
file.managed:
- source: salt://keepalived/files/keepalived.sysconfig
- user: root
- group: root
- mode: 644
/etc/keepalived:
file.directory:
- user: root
- group: root
- mode: 755 目錄檔案結果為:
現在,我們開始執行salt檔案:
[root@centos keepalived]# salt 'centos-test[1-2]' state.sls keepalived.install env=prod 四、業務引用之keepalived
同haproxy業務引用一樣,我們同樣在cluster目錄下進行。
進入cluster目錄:
[root@centos keepalived]# cd ../cluster/
[root@centos cluster]# pwd
/srv/salt/prod/cluster 編寫salt檔案:
salt檔案涉及到keepalived的安裝的引用;每個節點的具體參數如何這裡主要通過編寫jiaja模版來實作每個節點參數的差異性。通過grains的fqdn來判斷不同的主機名,實作不同主機不同參數。
[root@centos cluster]# vim haproxy-outside-keepalived.sls
include:
- keepalived.install
keepalived-service:
file.managed:
- name: /etc/keepalived/keepalived.conf
- source: salt://cluster/files/haproxy-outside-keepalived.conf
- user: root
- group: root
- mode: 644
- template: jinja
{% if grains['fqdn'] == 'centos-test1' %}
- ROUTEID: haproxy_ha
- STATEID: MASTER
- PRIORITYID: 150
{% elif grains['fqdn'] == 'centos-test2' %}
- ROUTEID: haproxy_ha
- STATEID: BACKUP
- PRIORITYID: 100
{% endif %}
service.running:
- name: keepalived
- enable: True
- watch:
- file: keepalived-service keepalived差異性配置檔案:
在keepalived安裝腳本中,我們為了能夠啟動keepalived服務,我們在兩個節點上都下發相同的keepalived配置檔案,這次為了實作每個節點上的keepalived去配置不同的參數,需要下發一份差異性配置檔案。
[root@centos cluster]# vim /srv/salt/prod/cluster/files/haproxy-outside-keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id {{ROUTEID}} # jinja模闆變量
}
vrrp_instance haproxy_ha {
state {{STATEID}} # jinja模闆變量
interface eth0
virtual_router_id 36
priority {{PRIORITYID}} # jinja模闆變量
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.39.100
}
} 編寫top檔案:
将業務引用子產品keepalived的haprox-outside-keepalived導入。
[root@centos base]# pwd
/srv/salt/base
[root@centos base]# ls
init tmp top.sls [root@centos base]# vim top.sls
base:
'*':
- init.env_init
prod:
'centos-test1':
- cluster.haproxy-outside
- cluster.haproxy-outside-keepalived
'centos-test2':
- cluster.haproxy-outside
- cluster.haproxy-outside-keepalived 通過salt進階模式執行:
[root@centos base]# salt '*' state.highstate 四、後端線上服務
完成前端高可用之後,我們就可以去完成線上服務了。線上服務包括nginx、php、memache、mysql等的安裝及配置。
一、功能子產品之nginx安裝
建立nginx安裝目錄:
[root@centos ~]# mkdir /srv/salt/prod/nginx/ [root@centos ~]# mkdir /srv/salt/prod/nginx/files 将nginx安裝包和腳本拷貝到files目錄下
[root@centos nginx]# ls files/ 解決安裝nginx依賴關系:
[root@centos prod]# cat pkg/pkg-nginx.sls
pkg-nginx:
pkg.installed:
- names:
- openssl-devel
- pcre-devel
- zlib-devel 編寫nginx安裝sls檔案:
[root@centos nginx]# pwd
/srv/salt/prod/nginx [root@centos nginx]# vim install.sls
include:
- pkg.pkg-nginx
/usr/local/src:
file.directory:
- user: root
- group: root
- mode: 755
nginx-install:
file.managed:
- name: /usr/local/src/nginx-1.13.8.tar.gz
- source: salt://nginx/files/nginx-1.13.8.tar.gz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src/ && tar -zxf nginx-1.13.8.tar.gz && cd nginx-1.13.8 && ./configure --prefix=/usr/local/nginx && make && make install
- unless: test -d /usr/local/nginx
- require:
- pkg: pkg-nginx
- file: nginx-install
nginx-init:
file.managed:
- name: /etc/init.d/nginx
- source: salt://nginx/files/nginx.init
- user: root
- group: root
- mode: 755
cmd.run:
- name: chkconfig --add nginx
- unless: chkconfig --list | grep nginx
- require:
- file: nginx-init
/etc/nginx:
file.directory:
- user: root
- group: root
- mode: 755 目錄結果為:
執行安裝:
[root@centos prod]# salt 'centos-test[3-4]' state.sls nginx.install env=prod 二、業務子產品之nginx配置管理
建立app目錄使用者nginx及php配置檔案管理:
[root@centos ~]# mkdir /srv/salt/prod/app/
[root@centos ~]# mkdir /srv/salt/prod/app/files/
[root@centos ~]# mkdir /srv/salt/prod/app/files/nginx/ #用于存放nginx配置檔案
[root@centos ~]# mkdir /srv/salt/prod/app/files/php/ #用于存放php配置檔案 将需要的檔案拷貝到files/nginx目錄下:
i
編寫sls檔案進行配置檔案管理下發:
[root@centos app]# ls
files nginx.sls php.sls [root@centos app]# vim nginx.sls
include:
- nginx.install
{% for s in ["fastcgi_params","mime.types","nginx.conf"] %}
nginx-{{s}}:
file.managed:
- name: /etc/nginx/{{s}}
- source: salt://app/files/nginx/{{s}}
- user: root
- group: root
- template: jinja
- mode: 644
service.running:
- name: nginx
- enable: True
- watch:
- file: nginx-nginx.conf
{% endfor %} 注:引用jinja模版,将fastcgi_params、mime.types、nginx.conf三個相關檔案下發到節點的同一目錄下。
執行檔案:
[root@centos app]# salt 'centos-test[3-4]' state.sls app.nginx env=prod 三、功能子產品之php安裝 建立php安裝目錄:
[root@centos ~]# mkdir /srv/salt/prod/php
[root@centos ~]# mkdir /srv/salt/prod/php/files/ 将安裝包拷貝到files目錄下:
[root@centos prod]# ls php/files/
php-5.4.40.tar.bz2 解決php安裝的依賴關系:
[root@centos php]# cat ../pkg/pkg-php.sls
pkg-php:
pkg.installed:
- names:
- libxml2-devel 編寫sls檔案:
[root@centos php]# vim install.sls
include:
- pkg.pkg-php
php-install:
file.managed:
- name: /usr/local/src/php-5.4.40.tar.bz2
- source: salt://php/files/php-5.4.40.tar.bz2
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src/ && tar xf php-5.4.40.tar.bz2 && cd php-5.4.40 && ./configure --prefix=/usr/local/php --enable-fpm --with-openssl && make && make install
- unless: test -d /usr/local/php
- require:
- pkg: pkg-php
- file: php-install [root@centos prod]# salt 'centos-test[3-4]' state.sls php.install env=prod 四、業務子產品之php配置管理
app目錄結構:
php檔案下發腳本内容為:
[root@centos app]# cat php.sls
include:
- php.install
php-ini:
file.managed:
- name: /etc/php.ini
- source: salt://app/files/php/php.ini
- user: root
- group: root
- mode: 644
php-fpm-conf:
file.managed:
- name: /usr/local/php/etc/php-fpm.conf
- source: salt://app/files/php/php-fpm.conf
- user: root
- group: root
- mode: 644
php-init:
file.managed:
- name: /etc/init.d/php-fpm
- source: salt://app/files/php/php-fpm.init
- user: root
- group: root
- mode: 755
cmd.run:
- name: chkconfig --add php-fpm
- unless: chkconfig --list | grep php-fpm
- require:
- file: php-init
service.running:
- name: php-fpm
- enable: True
- watch:
- file: php-ini 執行配置下發:
[root@centos app]# salt 'centos-test[3-4]' state.sls app.php env=prod 現在,将nginx.sls和php,sls寫入top file檔案:
[root@centos app]# cd /srv/salt/base/
[root@centos base]# ls
init _modules tmp top.sls [root@centos base]# vim top.sls
base:
'*':
- init.env_init
prod:
'centos-test1':
- cluster.haproxy-outside
- cluster.haproxy-outside-keepalived
'centos-test2':
- cluster.haproxy-outside
- cluster.haproxy-outside-keepalived
'centos-test3':
- app.nginx
- app.php
'centos-test4':
- app.nginx
- app.php 五、Memcach安裝
memcach通過yum來進行安裝,建立memcache目錄:
[root@centos base]# cd /srv/salt/prod/
[root@centos prod]# ls
app cluster haproxy keepalived nginx php pkg
[root@centos prod]# mkdir memcache
[root@centos prod]# ls
app cluster haproxy keepalived memcache nginx php pkg
[root@centos prod]# cd memcache/ [root@centos memcache]# vim install.sls
#memcache pkg install
install-memcached:
pkg.installed:
- names:
- memcached
- php-pecl-memcache
service.running:
- name: memcached
- enable: True
#restart-phpfpm:
restart-phpfpm:
cmd.run:
- names:
- /etc/init.d/php-fpm restart [root@centos memcache]# salt 'centos-test4' state.sls memcache.install env=prod 注:192.168.39.203作為memcache伺服器
編寫top file檔案,将memcache安裝腳本導入:
[root@centos ~]# cd /srv/salt/base/ [root@centos base]# vim top.sls
base:
'*':
- init.env_init
prod:
'centos-test1':
- cluster.haproxy-outside
- cluster.haproxy-outside-keepalived
'centos-test2':
- cluster.haproxy-outside
- cluster.haproxy-outside-keepalived
'centos-test3':
- app.nginx
- app.php
'centos-test4':
- app.nginx
- app.php
- memcache.install 進階模式下執行sls:
[root@centos ~]# salt '*' state.highstate