Saltstack自动化编译安装haproxy

主机环境：

master 192.168.199.130 rhel7.2
minion 192.168.199.66 rhel6.5
apache（real server） 192.168.199.216 192.168.199.218 rhel7.2

防火墙关闭，Selinux关闭

开始配置前请确保salt认证已经做好：

1. 编写haproxy安装所需依赖包安装配置文件：

为了统一管理所有服务安装的pre依赖包，这里新建了一个pkg目录

[root@lockey151 ~]# mkdir /srv/salt/pkg

[root@lockey151 ~]# cat /srv/salt/pkg/haproxy-pre.sls

pkg-init:
pkg.installed:
- pkgs:
- gcc-c++
- zlib-devel
- openssl-devel
- pcre-devel

2. haproxy运行用户配置文件创建

[root@lockey151 ~]# mkdir /src/salt/haproxy/files -p

[root@lockey151 salt]# cat user/haproxy.sls

haproxy:
group.present:
- gid: 200
user.present:
- uid: 200
- gid: 200
- shell: /sbin/nologin
- home: /usr/local/haproxy
- createhome: false

3. 编写haproxy安装正式配置文件：

[[root@lockey151 haproxy]# cat install.sls

include:
- pkg.haproxy-pre
- user.haproxy

haproxy-install:
file.managed:
- name: /mnt/haproxy-1.6.13.tar.gz#minion端源码文件位置
- source: salt://haproxy/files/haproxy-1.6.13.tar.gz

cmd.run:
- name: cd /mnt && tar zxf haproxy-1.6.13.tar.gz && cd haproxy-1.6.13 && make TARGET=linux26 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy && make TARGET=linux26 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy install
- creates: /usr/local/haproxy

/etc/haproxy:
file.directory:
- mode: 755

/etc/haproxy/haproxy.cfg:#配置文件
file.managed:
- source: salt://haproxy/files/haproxy.cfg

/etc/init.d/haproxy:#启动文件
file.managed:
- source: salt://haproxy/files/haproxy
- mode: 755

设置服务状态

[[root@lockey151 haproxy]# cat service.sls

include:
- haproxy.install

haproxy-service:
service.running:
- name: haproxy
- enable: true
- reload: true
- watch:
- file: /etc/haproxy/haproxy.cfg

推送内容配置完成请将源码包haproxy-*.tar.gz、配置文件haproxy.cfg，服务脚本文件haproxy放置到/srv/salt/haproxy/files/目录下，然后执行推送命令（一般执行前请先测试一下）

haproxy配置文件haproxy.cfg示例：

[[root@lockey151 haproxy]# cat files/haproxy.cfg

global
maxconn         10000
stats socket    /var/run/haproxy.stat mode 600 level admin
log             127.0.0.1 local0
uid             200
gid             200
chroot          /var/empty
daemon

defaults
mode            http
log             global
option          httplog
option          dontlognull
monitor-uri     /monitoruri
maxconn         8000
timeout client  30s
retries         2
option redispatch
timeout connect 5s
timeout server  5s

stats uri       /admin/stats

frontend public
bind            *:80
default_backend dynamic

backend dynamic
balance         roundrobin
server          web1 192.168.199.218:80 cookie s1 check inter 1000
server          web2 192.168.199.216:80 cookie s2 check inter 1000

haproxy服务脚本haproxy示例：

[[root@lockey151 haproxy]# cat files/haproxy

#!/bin/sh
#
# chkconfig: - 85 15
# description: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited \
#              for high availability environments.
# processname: haproxy
# config: /etc/haproxy/haproxy.cfg
# pidfile: /var/run/haproxy.pid

# Script Author: Simon Matter <simon.matter@invoca.ch>
# Version: 2004060600

# Source function library.
if [ -f /etc/init.d/functions ]; then
. /etc/init.d/functions
elif [ -f /etc/rc.d/init.d/functions ] ; then
. /etc/rc.d/init.d/functions
else
exit 0
fi

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0

# This is our service name
BASENAME=`basename $0`
if [ -L $0 ]; then
BASENAME=`find $0 -name $BASENAME -printf %l`
BASENAME=`basename $BASENAME`
fi

BIN=/usr/local/haproxy/sbin/$BASENAME

CFG=/etc/$BASENAME/$BASENAME.cfg
[ -f $CFG ] || exit 1

PIDFILE=/var/run/$BASENAME.pid
LOCKFILE=/var/lock/subsys/$BASENAME

RETVAL=0

start() {
quiet_check
if [ $? -ne 0 ]; then
echo "Errors found in configuration file, check it with '$BASENAME check'."
return 1
fi

echo -n "Starting $BASENAME: "
daemon $BIN -D -f $CFG -p $PIDFILE
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch $LOCKFILE
return $RETVAL
}

stop() {
echo -n "Shutting down $BASENAME: "
killproc $BASENAME -USR1
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f $LOCKFILE
[ $RETVAL -eq 0 ] && rm -f $PIDFILE
return $RETVAL
}

restart() {
quiet_check
if [ $? -ne 0 ]; then
echo "Errors found in configuration file, check it with '$BASENAME check'."
return 1
fi
stop
start
}

reload() {
if ! [ -s $PIDFILE ]; then
return 0
fi

quiet_check
if [ $? -ne 0 ]; then
echo "Errors found in configuration file, check it with '$BASENAME check'."
return 1
fi
$BIN -D -f $CFG -p $PIDFILE -sf $(cat $PIDFILE)
}

check() {
$BIN -c -q -V -f $CFG
}

quiet_check() {
$BIN -c -q -f $CFG
}

rhstatus() {
status $BASENAME
}

condrestart() {
[ -e $LOCKFILE ] && restart || :
}

# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
reload)
reload
;;
condrestart)
condrestart
;;
status)
rhstatus
;;
check)
check
;;
*)
echo $"Usage: $BASENAME {start|stop|restart|reload|condrestart|status|check}"
exit 1
esac

exit $?

配置完成之后目录结构如下：

4.测试配置并执行推送

[root@lockey151 haproxy]# salt rhel6-vm2 state.sls haproxy.service test=true

rhel6-vm2:
----------
ID: pkg-init
监控页面地址
- stats auth admin:lockey #管理帐号和密码
- stats refresh 5s #刷新频率
。。。

Summary for rhel6-vm2
------------
Succeeded: 9 (unchanged=6, changed=2)
Failed:    0
------------
Total states run:     9
Total run time:   1.270 s

结果如上说明配置无误，可以执行推送安装命令了

[root@lockey151 haproxy]# salt rhel6-vm2 state.sls haproxy.service

我推送安装出了点问题：



原因定位分析:

在minion端执行以下命令得到结果：

[root@rhel6-vm2 salt]# /etc/init.d/haproxy start

Starting haproxy: [ALERT] 288/003326 (3739) : Starting frontend public: cannot bind socket
[FAILED]

从提示可以知道端口被占用了无法绑定socket，检查了以下发现这边httpd服务开着，关闭之后在开启haproxy就咩问题了

5. 在minion端进行haproxy服务的验证

在命令行中测试负载均衡（216和218均衡出现）：



浏览器中查看主机状态：