saltstack实践案例
master某个配置参考案例
[root@]# cat /etc/salt/master file_ignore_regex: - '/\.git($|/)' file_ignore_glob: - '*.pyc' - '*.bak' - '*.swp' file_roots: base: - /srv/salt # dev: # - /opt/saltconfig/salt pillar_roots: base: - /srv/pillar # dev: # - /opt/saltconfig/pillar autosign_file: /etc/salt/autosign.conf worker_threads: 32 return: mysql mysql.host: 'salt-return.xx.com' mysql.user: 'salt' mysql.pass: 'saltreturn' mysql.db: 'salt' mysql.port: xxx #mongo.db: 'pillar' #mongo.host: 'localhost' #mongo.user: 'pillar' #mongo.password: '590xxx69' # #ext_pillar: # - mongo: {} [root@]#
minion配置
mine_functions: network.interfaces: [] network.interface_ip: - bond0 mine_interval: 2
在SaltStack中,autosign_file是一个配置参数,用于指定一个文件路径,该文件包含了用于自动签证的匹配项。当Minions的公钥与autosign_file中的匹配项相匹配时,Master会自动接受该Minion的公钥,无需手动进行签证。
默认情况下,autosign_file的路径是/etc/salt/autosign.conf。在该文件中,可以指定字符串或正则表达式来匹配Minions的公钥。
例如,如果想要自动接受所有Minions的公钥,可以将autosign_file设置为一个包含空字符串的文件,或者使用正则表达式匹配所有Minions的公钥。
需要注意的是,使用autosign_file可以提高自动化程度,但也可能会带来安全风险。因此,在使用该功能时,应谨慎配置并确保autosign_file中的匹配项正确无误,以避免潜在的安全漏洞。
环境配置
查看默认配置
file的
[root@mcw01 ~]# vim /etc/salt/master ##### File Server settings ##### ########################################## # Salt runs a lightweight file server written in zeromq to deliver files to # minions. This file server is built into the master daemon and does not # require a dedicated port. # The file server works on environments passed to the master, each environment # can have multiple root directories, the subdirectories in the multiple file # roots cannot match, otherwise the downloaded files will not be able to be # reliably ensured. A base environment is required to house the top file. # Example: # file_roots: # base: # - /srv/salt/ # dev: # - /srv/salt/dev/services # - /srv/salt/dev/states # prod: # - /srv/salt/prod/services # - /srv/salt/prod/states # #file_roots: # base: # - /srv/salt # # The master_roots setting configures a master-only copy of the file_roots dictionary, # used by the state compiler. #master_roots: # base: # - /srv/salt-master
pillar的
##### Pillar settings ##### ########################################## # Salt Pillars allow for the building of global data that can be made selectively # available to different minions based on minion grain filtering. The Salt # Pillar is laid out in the same fashion as the file server, with environments, # a top file and sls files. However, pillar data does not need to be in the # highstate format, and is generally just key/value pairs. #pillar_roots: # base: # - /srv/pillar # #ext_pillar: # - hiera: /etc/hiera.yaml # - cmd_yaml: cat /etc/salt/yaml # A list of paths to be recursively decrypted during pillar compilation. # Entries in this list can be formatted either as a simple string, or as a # key/value pair, with the key being the pillar location, and the value being # the renderer to use for pillar decryption. If the former is used, the # renderer specified by decrypt_pillar_default will be used. #decrypt_pillar: # - 'foo:bar': gpg # - 'lorem:ipsum:dolor'
配置路径,创建目录结构并重启master
[root@mcw01 ~]# vim /etc/salt/master [root@mcw01 ~]# tail -10 /etc/salt/master file_roots: base: - /srv/salt/base prod: - /srv/salt/prod pillar_roots: base: - /srv/pillar/base prod: - /srv/pillar/prod [root@mcw01 ~]# mkdir -p /srv/salt/base /srv/salt/prod [root@mcw01 ~]# mkdir -p /srv/pillar/base /srv/pillar/prod [root@mcw01 ~]# systemctl restart salt-master [root@mcw01 ~]#
yaml编写
编写规则案例
冒号:
my_key: my_value
python 中映射为:
{'my_key':'my_value'}
my_key:
my_value
python 中映射为:
{'my_key':'my_value'}
字典嵌套:
first_level_dict_key:
second_leve_dict_key: value_in_second_level_dict
在Python中映射:
{
'first_level_dict_key':{
'second_level_dict_key': 'value_in_second_level_dict'
}
}
短横杠:
- list_value_one
- list_value_two
- list_value_three
如下:
my_dictionary:
- list_value_one
- list_value_two
- list_value_three
在python中映射为:
{
'my_dictionary':[
'list_value_one','list_value_two',
'list_value_three'
]
}
jinja使用技巧
如何区分模板文件
如下,通过- template:jinja指令声明了zabbix_agentd.conf是一个jinja模板文件,同时使用pillar为其设置了一个变量,salt在解析yaml之前会先执行pillar那行,获取到server对应的设置。
如果我们也需要类似的这种,在某种场景下部分文件需要jinjia渲染,那么就用这个字段去判断,给类似于pillar的地方,进行渲染,参考这种方式做我们自己的渲染。
/etc/zabbix_agentd.conf: file.managed: - name: /etc/zabbix_agentd.conf - source: salt://zabbix/files/zabbix_agentd.conf - template: jinja - defaults: Server: {{ pillar['zabbix-agent']['Zabbix_Server'] }}
jinjia的基本使用
jinjia逻辑关系
sls里面可以直接用判断,但是非sls文件需要标记使用模板是jinja渲染
cat pillar/keepalived/zzvm_proxy.sls keepalived: config_dir_path: zzvmproxy {% if grains['id'] == 'vm-proxy001.zz.mcw.com' %} vip: 10.111.15.101 name: vm-proxy001.zz state: MASTER interface: eth0 virtual_router_id: 52 priority: 180 unicast_src_ip: 10.111.14.46 unicast_peer: 10.111.14.36 {% elif grains['id'] == 'vm-proxy002.zz.mcw.com' %} vip: 10.111.15.101 name: vm-proxy002.zz state: BACKUP interface: eth0 virtual_router_id: 52 priority: 130 unicast_src_ip: 10.111.14.36 unicast_peer: 10.111.14.46 {% endif %}
{% set ali = ['ali-cn-zjk'] %}
{% set zz = ['zz'] %}
{% if grains['idc_region'] in ali %}
xxxx
{% elif grains['idc_region'] in zz %}
xxxxx
{% elif "ios" in grains['fqdn'] %}
xxxx
{% else %}
xxxx
{% endif %}
系统初始化
dns配置
有内网dns服务器的时候。用下面管理resolv.conf文件
创建sls文件,添加文件过去。给这个文件添加一行标记
[root@mcw01 ~]# tree /srv/ /srv/ ├── pillar │ ├── base │ └── prod └── salt ├── base └── prod 6 directories, 0 files [root@mcw01 ~]# mkdir /srv/salt/base/init [root@mcw01 ~]# vim /srv/salt/base/init/dns.sls [root@mcw01 ~]# mkdir /srv/salt/base/init/files [root@mcw01 ~]# cp /etc/resolv.conf //srv/salt/base/init/files/ [root@mcw01 ~]# vim //srv/salt/base/init/files/resolv.conf [root@mcw01 ~]# cat /srv/salt/base/init/files/resolv.conf # Generated by NetworkManager #salt tongbu by mcw nameserver 223.5.5.5 [root@mcw01 ~]#
查看文件内容并解读一下:
[root@mcw01 ~]# tree /srv/ /srv/ ├── pillar │ ├── base │ └── prod └── salt ├── base │ └── init │ ├── dns.sls │ └── files │ └── resolv.conf └── prod 8 directories, 2 files [root@mcw01 ~]# cat /srv/salt/base/init/dns.sls /etc/resolv.conf: file.managed: - source: salt://init/files/resolv.conf - user: root - group: root - mode: 644 [root@mcw01 ~]# cat /srv/salt/base/init/files/resolv.conf # Generated by NetworkManager #salt tongbu by mcw nameserver 223.5.5.5 [root@mcw01 ~]#
#需要将机器的/etc/resolv.conf文件用file.managed管理起来,如果文件不存在会创建的。这个文件内容,来源于salt文件设置的root下的init下resolv.conf文件。生成这个文件后,
#它是root用户和用户组的,是644的权限
查看mcw04目前的文件是这样的,应该说是所有的节点都是这样的
[root@mcw04 ~]# cat /etc/resolv.conf # Generated by NetworkManager nameserver 223.5.5.5 [root@mcw04 ~]#
执行一下,在master上
[root@mcw01 ~]# salt mcw04 state.sls init/dns mcw04: ---------- ID: /etc/resolv.conf Function: file.managed Result: True Comment: File /etc/resolv.conf updated Started: 00:49:52.285098 Duration: 154.86 ms Changes: ---------- diff: --- +++ @@ -1,2 +1,3 @@ # Generated by NetworkManager +#salt tongbu by mcw nameserver 223.5.5.5 Summary for mcw04 ------------ Succeeded: 1 (changed=1) Failed: 0 ------------ Total states run: 1 Total run time: 154.860 ms [root@mcw01 ~]#
如下,可以看到,mcw04上已经是同步的文件了。权限也没有问题
[root@mcw04 ~]# cat /etc/resolv.conf # Generated by NetworkManager #salt tongbu by mcw nameserver 223.5.5.5 [root@mcw04 ~]#
[root@mcw04 ~]# ls -lh /etc/resolv.conf
-rw-r--r-- 1 root root 71 Jan 20 00:49 /etc/resolv.conf
[root@mcw04 ~]#
history记录时间
创建sls文件。给目标主机的/etc/profile文件,追加下面的文本信息
[root@mcw01 ~]# vim /srv/salt/base/init/history.sls [root@mcw01 ~]# cat /srv/salt/base/init/history.sls /etc/profile: file.append: - text: - export HISTIMEFORMAT="%F %T `whoami` " [root@mcw01 ~]#
查看目标主机文件后四行
[root@mcw04 ~]# tail -4 /etc/profile unset -f pathmunge export JAVA_HOME=/usr/local/jdk export HADOOP_HOME=/opt/hadoop export PATH=${JAVA_HOME}/bin:${HADOOP_HOME}/bin:${HADOOP_HOME}/sbin:$PATH [root@mcw04 ~]#
执行命令
[root@mcw01 ~]# salt mcw04 state.sls init/history mcw04: ---------- ID: /etc/profile Function: file.append Result: True Comment: Appended 1 lines Started: 09:03:23.738302 Duration: 18.121 ms Changes: ---------- diff: --- +++ @@ -77,3 +77,4 @@ export JAVA_HOME=/usr/local/jdk export HADOOP_HOME=/opt/hadoop export PATH=${JAVA_HOME}/bin:${HADOOP_HOME}/bin:${HADOOP_HOME}/sbin:$PATH +export HISTIMEFORMAT="%F %T `whoami` " Summary for mcw04 ------------ Succeeded: 1 (changed=1) Failed: 0 ------------ Total states run: 1 Total run time: 18.121 ms [root@mcw01 ~]# [root@mcw01 ~]#
查看目标主机,已经新增这条文本信息
[root@mcw04 ~]# tail -4 /etc/profile export JAVA_HOME=/usr/local/jdk export HADOOP_HOME=/opt/hadoop export PATH=${JAVA_HOME}/bin:${HADOOP_HOME}/bin:${HADOOP_HOME}/sbin:$PATH export HISTIMEFORMAT="%F %T `whoami` " [root@mcw04 ~]#
重复执行salt 同步命令,不会重复添加这个文本。当目标主机最后面加了内容a=‘b’之后,原本追加的不在最后一行了。master上再执行salt state.sls同步命令,目标主机还是之前只追加的一条,也就是不会重复追加
[root@mcw04 ~]# tail -3 /etc/profile export PATH=${JAVA_HOME}/bin:${HADOOP_HOME}/bin:${HADOOP_HOME}/sbin:$PATH export HISTIMEFORMAT="%F %T `whoami` " a='b' [root@mcw04 ~]#
命令操作审计
使用logger将输入的命令写入到messages,后期可以用elk等相关收集日志,做处理
[root@mcw01 ~]# vim /srv/salt/base/init/audit.sls [root@mcw01 ~]# cat /srv/salt/base/init/audit.sls /etc/bashrc: file.append: - text: - export PORMPT_COMMADN='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):['pwd']"$msg"; }' [root@mcw01 ~]# salt mcw04 state.sls init/audit mcw04: ---------- ID: /etc/bashrc Function: file.append Result: True Comment: Appended 1 lines Started: 09:16:49.906260 Duration: 19.483 ms Changes: ---------- diff: --- +++ @@ -90,3 +90,4 @@ unset -f pathmunge fi # vim:ts=4:sw=4 +export PORMPT_COMMADN='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):['pwd']"$msg"; }' Summary for mcw04 ------------ Succeeded: 1 (changed=1) Failed: 0 ------------ Total states run: 1 Total run time: 19.483 ms [root@mcw01 ~]#
查看目标主机,已经追加了这行文本了
[root@mcw04 ~]# tail -1 /etc/bashrc export PORMPT_COMMADN='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):['pwd']"$msg"; }' [root@mcw04 ~]#
但是执行命令后,没有看到写入到messages文件,有时间验证下
[root@mcw04 ~]# ls \ anaconda-ks.cfg filebeat-6.5.2-x86_64.rpm jdk-8u191-linux-x64.tar.gz nohup.out usr 1.py apache-tomcat-8.5.88 hadoop-2.8.5.tar.gz mcw.txt original-ks.cfg a apache-tomcat-8.5.88.tar.gz ip_forward~ node_exporter-0.16.0.linux-amd64.tar.gz python3yizhuang.tar.gz [root@mcw04 ~]# tail /var/log/messages Jan 20 06:01:01 mcw04 systemd: Started Session 24 of user root. Jan 20 06:01:01 mcw04 systemd: Starting Session 24 of user root. Jan 20 07:01:01 mcw04 systemd: Started Session 25 of user root. Jan 20 07:01:01 mcw04 systemd: Starting Session 25 of user root. Jan 20 08:01:01 mcw04 systemd: Started Session 26 of user root. Jan 20 08:01:01 mcw04 systemd: Starting Session 26 of user root. Jan 20 08:10:10 mcw04 systemd: Starting Cleanup of Temporary Directories... Jan 20 08:10:10 mcw04 systemd: Started Cleanup of Temporary Directories. Jan 20 09:01:01 mcw04 systemd: Started Session 27 of user root. Jan 20 09:01:01 mcw04 systemd: Starting Session 27 of user root. [root@mcw04 ~]#
内核参数优化
下面是个对的配置
[root@mcw01 ~]# cat /srv/salt/base/init/sysctl.sls net.ipv4.ip_local_port_range: sysctl.present: - value: 10000 65000 fs.file-max: sysctl.present: - value: 2000000 net.ipv4.ip_forward: sysctl.present: - value: 1 vm.swappiness: sysctl.present: - value: 0 [root@mcw01 ~]#
下面是整个过程,包括错误的配置:
当最后一条,命令写错了
[root@mcw01 ~]# cat /srv/salt/base/init/sysctl.sls net.ipv4.ip_local_port_range: sysctl.present: - value: 10000 65000 fs.file-max: sysctl.present: - value: 2000000 net.ipv4.ip_forward: sysctl.present: - value: 1 vm.swappiness: systcll.present: - value: 0 [root@mcw01 ~]#
操作之前查看
[root@mcw04 ~]# sysctl -n net.ipv4.ip_local_port_range fs.file-max net.ipv4.ip_forward vm.swappiness 4000 65000 148235 0 30 [root@mcw04 ~]#
操作之后查看,最后一个没有修改,是因为写错了,最后一个
[root@mcw04 ~]# sysctl -n net.ipv4.ip_local_port_range fs.file-max net.ipv4.ip_forward vm.swappiness 10000 65000 2000000 1 30 [root@mcw04 ~]#
操作执行过程:
[root@mcw01 ~]# salt mcw04 state.sls init/sysctl mcw04: ---------- ID: net.ipv4.ip_local_port_range Function: sysctl.present Result: True Comment: Updated sysctl value net.ipv4.ip_local_port_range = 10000 65000 Started: 09:27:02.474380 Duration: 18.778 ms Changes: ---------- net.ipv4.ip_local_port_range: 10000 65000 ---------- ID: fs.file-max Function: sysctl.present Result: True Comment: Updated sysctl value fs.file-max = 2000000 Started: 09:27:02.493391 Duration: 11.656 ms Changes: ---------- fs.file-max: 2000000 ---------- ID: net.ipv4.ip_forward Function: sysctl.present Result: True Comment: Updated sysctl value net.ipv4.ip_forward = 1 Started: 09:27:02.505592 Duration: 11.877 ms Changes: ---------- net.ipv4.ip_forward: 1 ---------- ID: vm.swappiness Function: systcll.present Result: False Comment: State 'systcll.present' was not found in SLS 'init/sysctl' Reason: 'systcll.present' is not available. Changes: Summary for mcw04 ------------ Succeeded: 3 (changed=3) Failed: 1 ------------ Total states run: 4 Total run time: 42.311 ms ERROR: Minions returned with non-zero exit code [root@mcw01 ~]#
epel仓库
正确配置:
[root@mcw01 ~]# cat /srv/salt/base/init/epel.sls yum_repo_release: pkg.installed: - sources: - epel-release: https://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm - unless: rpm -qa | grep epel [root@mcw01 ~]#
先把mcw04原来的备份
[root@mcw04 ~]# mv /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel.repobak [root@mcw04 ~]# rpm -qa|grep epel [root@mcw04 ~]#
配置过程如下:
多次配置错了,且报错了
[root@mcw01 ~]# vim /srv/salt/base/init/epel.sls [root@mcw01 ~]# cat /srv/salt/base/init/epel.sls yum_repo_release: pkg.installed: - sources: - epel-release: http://mirrors.aliyun.com/epel/6/x86_64/epel-relese-6-8.noarch.rpm - unless: rpm -qa|grep epel-release-6-8 [root@mcw01 ~]# salt mcw04 state.sls init/epel mcw04: ---------- ID: yum_repo_release Function: pkg.installed Result: False Comment: An error was encountered while installing package(s): Error: HTTP 404: Not Found reading /epel/6/x86_64/epel-relese-6-8.noarch.rpm Started: 23:40:54.002813 Duration: 28001.159 ms Changes: Summary for mcw04 ------------ Succeeded: 0 Failed: 1 ------------ Total states run: 1 Total run time: 28.001 s ERROR: Minions returned with non-zero exit code [root@mcw01 ~]# [root@mcw01 ~]# vim /srv/salt/base/init/epel.sls [root@mcw01 ~]# cat /srv/salt/base/init/epel.sls yum_repo_release: pkg.installed: - sources: - epel-release: https://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm - unless: rpm -qa|grep epel [root@mcw01 ~]# salt mcw04 state.sls init/epel mcw04: ---------- ID: yum_repo_release Function: pkg.installed Result: False Comment: An exception occurred in this state: Traceback (most recent call last): File "/usr/lib/python3.6/site-packages/salt/state.py", line 2180, in call *cdata["args"], **cdata["kwargs"] File "/usr/lib/python3.6/site-packages/salt/loader/lazy.py", line 149, in __call__ return self.loader.run(run_func, *args, **kwargs) File "/usr/lib/python3.6/site-packages/salt/loader/lazy.py", line 1201, in run return self._last_context.run(self._run_as, _func_or_method, *args, **kwargs) File "/usr/lib/python3.6/site-packages/contextvars/__init__.py", line 38, in run return callable(*args, **kwargs) File "/usr/lib/python3.6/site-packages/salt/loader/lazy.py", line 1216, in _run_as return _func_or_method(*args, **kwargs) File "/usr/lib/python3.6/site-packages/salt/loader/lazy.py", line 1249, in wrapper return f(*args, **kwargs) File "/usr/lib/python3.6/site-packages/salt/states/pkg.py", line 1904, in installed **kwargs File "/usr/lib/python3.6/site-packages/salt/loader/lazy.py", line 149, in __call__ return self.loader.run(run_func, *args, **kwargs) File "/usr/lib/python3.6/site-packages/salt/loader/lazy.py", line 1201, in run return self._last_context.run(self._run_as, _func_or_method, *args, **kwargs) File "/usr/lib/python3.6/site-packages/contextvars/__init__.py", line 38, in run return callable(*args, **kwargs) File "/usr/lib/python3.6/site-packages/salt/loader/lazy.py", line 1216, in _run_as return _func_or_method(*args, **kwargs) File "/usr/lib/python3.6/site-packages/salt/modules/yumpkg.py", line 1450, in install name, pkgs, sources, saltenv=saltenv, normalize=normalize, **kwargs File "/usr/lib/python3.6/site-packages/salt/loader/lazy.py", line 149, in __call__ return self.loader.run(run_func, *args, **kwargs) File "/usr/lib/python3.6/site-packages/salt/loader/lazy.py", line 1201, in run return self._last_context.run(self._run_as, _func_or_method, *args, **kwargs) File "/usr/lib/python3.6/site-packages/contextvars/__init__.py", line 38, in run return callable(*args, **kwargs) File "/usr/lib/python3.6/site-packages/salt/loader/lazy.py", line 1216, in _run_as return _func_or_method(*args, **kwargs) File "/usr/lib/python3.6/site-packages/salt/modules/pkg_resource.py", line 151, in parse_targets "an invalid protocol".format(pkg_src, pkg_name) salt.exceptions.SaltInvocationError: Path rpm -qa|grep epel for package unless is either not absolute or an invalid protocol Started: 23:43:59.374470 Duration: 5805.984 ms Changes: Summary for mcw04 ------------ Succeeded: 0 Failed: 1 ------------ Total states run: 1 Total run time: 5.806 s ERROR: Minions returned with non-zero exit code [root@mcw01 ~]# vim /srv/salt/base/init/epel.sls [root@mcw01 ~]# cat /srv/salt/base/init/epel.sls yum_repo_release: pkg.installed: - sources: - epel-release: https://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm - unless: rpm -qa|grep epel [root@mcw01 ~]# salt mcw04 state.sls init/epel mcw04: Data failed to compile: ---------- Rendering SLS 'base:init/epel' failed: while parsing a block mapping in "<unicode string>", line 2, column 3 did not find expected key in "<unicode string>", line 5, column 3 ERROR: Minions returned with non-zero exit code [root@mcw01 ~]# s
https://mirrors.aliyun.com/epel/
包的地址是上面找的,找这个包地址
unless的位置写对,没有写对会报错
写对之后,执行成功
[root@mcw01 ~]# cat /srv/salt/base/init/epel.sls yum_repo_release: pkg.installed: - sources: - epel-release: https://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm - unless: rpm -qa | grep epel [root@mcw01 ~]# salt mcw04 state.sls init/epel mcw04: ---------- ID: yum_repo_release Function: pkg.installed Result: True Comment: The following packages were installed/updated: epel-release Started: 23:51:32.345174 Duration: 8092.604 ms Changes: ---------- epel-release: ---------- new: 7-14 old: Summary for mcw04 ------------ Succeeded: 1 (changed=1) Failed: 0 ------------ Total states run: 1 Total run time: 8.093 s [root@mcw01 ~]#
客户端再看,已经安装上yum源了
[root@mcw04 ~]# rpm -qa|grep epel epel-release-7-14.noarch [root@mcw04 ~]# ls /etc/yum.repos.d/ CentOS-Base.repo CentOS-Debuginfo.repo CentOS-Media.repo CentOS-Vault.repo epel.repobak glusterfs.repo CentOS-CR.repo CentOS-fasttrack.repo CentOS-Sources.repo epel.repo epel-testing.repo salt.repo [root@mcw04 ~]# ls /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel.repo [root@mcw04 ~]# less /etc/yum.repos.d/epel.repo [root@mcw04 ~]# tail /etc/yum.repos.d/epel.repo [epel-source] name=Extra Packages for Enterprise Linux 7 - $basearch - Source # It is much more secure to use the metalink, but if you wish to use a local mirror # place it's address here. #baseurl=http://download.example/pub/epel/7/source/tree/ metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-source-7&arch=$basearch&infra=$infra&content=$contentdir failovermethod=priority enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 gpgcheck=1 [root@mcw04 ~]#
zabbix agent安装
要给这个主机安装,先装上zabbix仓库
[root@mcw02 ~]# rpm -ivh https://repo.zabbix.com/zabbix/4.0/rhel/7/x86_64/zabbix-release-4.0-1.el7.noarch.rpm Retrieving https://repo.zabbix.com/zabbix/4.0/rhel/7/x86_64/zabbix-release-4.0-1.el7.noarch.rpm warning: /var/tmp/rpm-tmp.qW9ZSJ: Header V4 RSA/SHA512 Signature, key ID a14fe591: NOKEY Preparing... ################################# [100%] Updating / installing... 1:zabbix-release-4.0-1.el7 ################################# [100%] [root@mcw02 ~]# [root@mcw02 ~]#
涉及到的几个文件的编写
[root@mcw01 ~]# tree /srv/ /srv/ ├── pillar │ ├── base │ │ ├── top.sls │ │ └── zabbix.sls │ └── prod └── salt ├── base │ └── init │ ├── audit.sls │ ├── dns.sls │ ├── epel.sls │ ├── files │ │ ├── resolv.conf │ │ └── zabbix_agentd.conf │ ├── history.sls │ ├── sysctl.sls │ └── zabbix_agent.sls └── prod 8 directories, 10 files
[root@mcw01 ~]# cat /srv/pillar/base/top.sls #先从top里,设置所有机器都能读取zabbix.sls下的配置。然后pillar从top.sls开始,
# 找到zabbix.sls下的,就是一个字典{'zabbix-agent':{'Zabbix_Server': '10.0.0.14'}} base: '*': - zabbix [root@mcw01 ~]# cat /srv/pillar/base/zabbix.sls zabbix-agent: Zabbix_Server: 10.0.0.14
#当zabbix-agent的安装包函数好了之后,执行zabbix-agent的文件管理;监控zabbix-agent的包和文件管理,好了之后,执行zabbix-agent的服务运行,运行为开启;监控zabbix-agent的服务管理
#好了之后,并且子啊zabbix-agnet的包安装函数执行完后,文件管理执行完之后,才执行zabbix-agentd.conf.d,执行它下面的文件目录函数,创建目录名称是/etc/zabbix_agentd.conf.d [root@mcw01 ~]# cat /srv/salt/base/init/zabbix_agent.sls #安装包;从pillar读取数据,渲染生成配置文件,运行服务; zabbix-agent: pkg.installed: - name: zabbix-agent file.managed: - name: /etc/zabbix_agentd.conf - source: salt://init/files/zabbix_agentd.conf - template: jinja - defaults: Server: {{ pillar['zabbix-agent']['Zabbix_Server'] }} - require: - pkg: zabbix-agent service.running: - enable: True - watch: - pkg: zabbix-agent - file: zabbix-agent zabbix_agentd.conf.d: file.directory: - name: /etc/zabbix_agentd.conf.d - watch_in: - service: zabbix-agent - require: - pkg: zabbix-agent - file: zabbix-agent
#上面文件管理,因为指明了,管理的是/etc/zabbix_agentd.conf的文件。需要在目标主机创建或更新这个文件,源头是salt里面的zabbix_agetd.conf文件
#使用jinja语法来渲染,所以这个源文件中使用了jinja语法,里面使用的变量是Server,所以文件管理下的默认下面,定义了这个键。而这个键Server的值,是个变量,
#是从pillar里面定义的变量生成的。{'zabbix-agent':{'Zabbix_Server': '10.0.0.14'}},是如下格式,所以pillar就是个字典,这里用这种方式获取到ip地址,作为Server这个变量的值
#然后管理的源文件里面使用Server这个变量也会渲染成这个ip,并生成配置文件,成为目标主机上管理的那个文件/etc/zabbix_agentd.conf文件 [root@mcw01 ~]# tail -5 /srv/salt/base/init/files/zabbix_agentd.conf # Mandatory: no # Default: # TLSCipherAll= Include=/etc/zabbix_agentd.conf.d/ Server={{ Server }} [root@mcw01 ~]#
执行同步这个配置状态
[root@mcw01 ~]# vim /srv/salt/base/init/zabbix_agent.sls [root@mcw01 ~]# salt mcw02 state.sls init/zabbix_agent mcw02: ---------- ID: zabbix-agent Function: pkg.installed Result: True Comment: All specified packages are already installed Started: 19:07:27.931826 Duration: 1027.719 ms Changes: ---------- ID: zabbix-agent Function: file.managed Name: /etc/zabbix_agentd.conf Result: True Comment: File /etc/zabbix_agentd.conf updated Started: 19:07:28.962457 Duration: 362.209 ms Changes: ---------- diff: New file mode: 0644 ---------- ID: zabbix_agentd.conf.d Function: file.directory Name: /etc/zabbix_agentd.conf.d Result: True Comment: Started: 19:07:29.327890 Duration: 3.319 ms Changes: ---------- /etc/zabbix_agentd.conf.d: ---------- directory: new ---------- ID: zabbix-agent Function: service.running Result: True Comment: Service zabbix-agent has been enabled, and is running Started: 19:07:29.331434 Duration: 355.079 ms Changes: ---------- zabbix-agent: True Summary for mcw02 ------------ Succeeded: 4 (changed=3) Failed: 0 ------------ Total states run: 4 Total run time: 1.748 s [root@mcw01 ~]# [root@mcw01 ~]# [root@mcw01 ~]# [root@mcw01 ~]# salt mcw02 state.sls init/zabbix_agent mcw02: ---------- ID: zabbix-agent Function: pkg.installed Result: True Comment: All specified packages are already installed Started: 19:14:21.728845 Duration: 1312.857 ms Changes: ---------- ID: zabbix-agent Function: file.managed Name: /etc/zabbix_agentd.conf Result: True Comment: File /etc/zabbix_agentd.conf is in the correct state Started: 19:14:23.046190 Duration: 54.313 ms Changes: ---------- ID: zabbix_agentd.conf.d Function: file.directory Name: /etc/zabbix_agentd.conf.d Result: True Comment: The directory /etc/zabbix_agentd.conf.d is in the correct state Started: 19:14:23.102109 Duration: 2.482 ms Changes: ---------- ID: zabbix-agent Function: service.running Result: True Comment: Service zabbix-agent is already enabled, and is running Started: 19:14:23.104751 Duration: 84.692 ms Changes: ---------- zabbix-agent: True Summary for mcw02 ------------ Succeeded: 4 (changed=1) Failed: 0 ------------ Total states run: 4 Total run time: 1.454 s [root@mcw01 ~]#
执行完后,看目标主机上效果
可以看到,虽然服务启动的,但是配置文件使用的是默认安装的/etc/zabbix/zabbix_agentd.conf配置,而不是我们salt配置生成的/etc/zabbix_agentd.conf。但是查看生成的/etc/zabbix_agentd.conf,结果上是符合预期的。服务端Server配置,的确是用pillar里面那个变量ip生成的。
[root@mcw02 ~]# systemctl status zabbix-agent ● zabbix-agent.service - Zabbix Agent Loaded: loaded (/usr/lib/systemd/system/zabbix-agent.service; enabled; vendor preset: disabled) Active: active (running) since Sun 2024-01-21 19:14:23 CST; 18s ago Process: 33943 ExecStop=/bin/kill -SIGTERM $MAINPID (code=exited, status=0/SUCCESS) Process: 33987 ExecStart=/usr/sbin/zabbix_agentd -c $CONFFILE (code=exited, status=0/SUCCESS) Main PID: 33989 (zabbix_agentd) CGroup: /system.slice/zabbix-agent.service ├─33989 /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf ├─33990 /usr/sbin/zabbix_agentd: collector [idle 1 sec] ├─33991 /usr/sbin/zabbix_agentd: listener #1 [waiting for connection] ├─33992 /usr/sbin/zabbix_agentd: listener #2 [waiting for connection] ├─33993 /usr/sbin/zabbix_agentd: listener #3 [waiting for connection] └─33994 /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec] Jan 21 19:14:23 mcw02 systemd[1]: Starting Zabbix Agent... Jan 21 19:14:23 mcw02 systemd[1]: PID file /run/zabbix/zabbix_agentd.pid not readable (yet?) after start. Jan 21 19:14:23 mcw02 systemd[1]: Started Zabbix Agent. [root@mcw02 ~]# ls /etc/zabbix/ zabbix_agentd.conf zabbix_agentd.d [root@mcw02 ~]# ls /etc/zabbix/zabbix_agentd.d/ userparameter_mysql.conf [root@mcw02 ~]# ls /etc/zabbix_agentd.conf /etc/zabbix_agentd.conf [root@mcw02 ~]# ls /etc/zabbix_agentd.conf.d/ [root@mcw02 ~]# tail /etc/zabbix_agentd.conf # Example for GnuTLS: # NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509 # Example for OpenSSL: # EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128 # # Mandatory: no # Default: # TLSCipherAll= Include=/etc/zabbix_agentd.conf.d/ Server=10.0.0.14 [root@mcw02 ~]#
为啥启动的不是我们自己生成的服务器配置呢,这是因为服务启动文件里面,就不是指定的我们生成的配置路径,我们可以把这个 配置,也有salt管理起来
[root@mcw02 ~]# cat /usr/lib/systemd/system/zabbix-agent.service [Unit] Description=Zabbix Agent After=syslog.target After=network.target [Service] Environment="CONFFILE=/etc/zabbix/zabbix_agentd.conf" EnvironmentFile=-/etc/sysconfig/zabbix-agent Type=forking Restart=on-failure PIDFile=/run/zabbix/zabbix_agentd.pid KillMode=control-group ExecStart=/usr/sbin/zabbix_agentd -c $CONFFILE ExecStop=/bin/kill -SIGTERM $MAINPID RestartSec=10s User=zabbix Group=zabbix [Install] WantedBy=multi-user.target [root@mcw02 ~]#
此时我们需要修改一下
[root@mcw01 ~]# tree /srv/ /srv/ ├── pillar │ ├── base │ │ ├── top.sls │ │ └── zabbix.sls │ └── prod └── salt ├── base │ └── init │ ├── audit.sls │ ├── dns.sls │ ├── epel.sls │ ├── files │ │ ├── resolv.conf │ │ ├── zabbix_agentd.conf │ │ └── zabbix-agent.service │ ├── history.sls │ ├── sysctl.sls │ └── zabbix_agent.sls └── prod 8 directories, 11 files [root@mcw01 ~]# cat /srv/pillar/base/top.sls base: '*': - zabbix [root@mcw01 ~]# cat /srv/pillar/base/zabbix.sls zabbix-agent: Zabbix_Server: 10.0.0.14 zabbixagentconf: /etc/zabbix_agentd.conf [root@mcw01 ~]# cat /srv/salt/base/init/zabbix_agent.sls zabbix-agent: pkg.installed: - name: zabbix-agent file.managed: - name: /etc/zabbix_agentd.conf - source: salt://init/files/zabbix_agentd.conf - template: jinja - defaults: Server: {{ pillar['zabbix-agent']['Zabbix_Server'] }} - require: - pkg: zabbix-agent service.running: - enable: True - watch: - pkg: zabbix-agent - file: zabbix-agent zabbix_agentd.conf.d: file.directory: - name: /etc/zabbix_agentd.conf.d - watch_in: - service: zabbix-agent - require: - pkg: zabbix-agent - file: zabbix-agent zabbix-agent.service: file.managed: - name: /usr/lib/systemd/system/zabbix-agent.service - source: salt://init/files/zabbix-agent.service - template: jinja - defaults: zabbixagentconf: {{ pillar['zabbix-agent']['zabbixagentconf'] }} - require: - service: zabbix-agent service.running: - enable: True - restart: True - watch: - pkg: zabbix-agent - file: zabbix-agent - file: zabbix-agent.service [root@mcw01 ~]# cat /srv/salt/base/init/files/zabbix-agent.service [Unit] Description=Zabbix Agent After=syslog.target After=network.target [Service] Environment="CONFFILE={{ zabbixagentconf }}" EnvironmentFile=-/etc/sysconfig/zabbix-agent Type=forking Restart=on-failure PIDFile=/run/zabbix/zabbix_agentd.pid KillMode=control-group ExecStart=/usr/sbin/zabbix_agentd -c $CONFFILE ExecStop=/bin/kill -SIGTERM $MAINPID RestartSec=10s User=zabbix Group=zabbix [Install] WantedBy=multi-user.target [root@mcw01 ~]#
执行一下,因为设置了,当发现
[root@mcw01 ~]# salt mcw02 state.sls init/zabbix_agent mcw02: ---------- ID: zabbix-agent Function: pkg.installed Result: True Comment: All specified packages are already installed Started: 20:08:39.984390 Duration: 1062.564 ms Changes: ---------- ID: zabbix-agent Function: file.managed Name: /etc/zabbix_agentd.conf Result: True Comment: File /etc/zabbix_agentd.conf is in the correct state Started: 20:08:41.050037 Duration: 97.242 ms Changes: ---------- ID: zabbix_agentd.conf.d Function: file.directory Name: /etc/zabbix_agentd.conf.d Result: True Comment: The directory /etc/zabbix_agentd.conf.d is in the correct state Started: 20:08:41.149787 Duration: 1.914 ms Changes: ---------- ID: zabbix-agent Function: service.running Result: True Comment: The service zabbix-agent is already running Started: 20:08:41.151886 Duration: 139.773 ms Changes: ---------- ID: zabbix-agent.service Function: file.managed Name: /usr/lib/systemd/system/zabbix-agent.service Result: True Comment: File /usr/lib/systemd/system/zabbix-agent.service updated Started: 20:08:41.292505 Duration: 22.567 ms Changes: ---------- diff: --- +++ @@ -4,7 +4,7 @@ After=network.target [Service] -Environment="CONFFILE=/etc/zabbix_agentd.c" +Environment="CONFFILE=/etc/zabbix_agentd.conf" EnvironmentFile=-/etc/sysconfig/zabbix-agent Type=forking Restart=on-failure ---------- ID: zabbix-agent.service Function: service.running Result: True Comment: Service restarted Started: 20:08:41.386038 Duration: 56.397 ms Changes: ---------- zabbix-agent.service: True Summary for mcw02 ------------ Succeeded: 6 (changed=2) Failed: 0 ------------ Total states run: 6 Total run time: 1.380 s [root@mcw01 ~]#
因为上面设置了,watch - file: zabbix-agent.service ,所以当这个 文件发生了改变,那么就会触发服务重启
如下,因为第一次我salt配置写错了,这个文件已经改变了,但是重启步骤是失败的。后来我修改正确salt配置,再次执行,但是这个启动文件因为已经改成终态了,这次就没有修改,所以没有触发重启agent。于是我把启动文件的启动配置,去掉nf,再次salt服务端执行这个配置同步。然后首先会把启动文件同步正确,因为启动文件发生了改变,所以触发重启zabbix-agent服务,于是,查看服务状态,可以看到使用的是我们自己定义的配置文件/etc/zabbix_agentd.conf,而不是安装这个包时默认的配置文件/etc/zabbix/zabbix_agentd.conf了
[root@mcw02 ~]# cat /usr/lib/systemd/system/zabbix-agent.service [Unit] Description=Zabbix Agent After=syslog.target After=network.target [Service] Environment="CONFFILE=/etc/zabbix_agentd.c" EnvironmentFile=-/etc/sysconfig/zabbix-agent Type=forking Restart=on-failure PIDFile=/run/zabbix/zabbix_agentd.pid KillMode=control-group ExecStart=/usr/sbin/zabbix_agentd -c $CONFFILE ExecStop=/bin/kill -SIGTERM $MAINPID RestartSec=10s User=zabbix Group=zabbix [Install] WantedBy=multi-user.target [root@mcw02 ~]# [root@mcw02 ~]# [root@mcw02 ~]# systemctl status zabbix-agent ● zabbix-agent.service - Zabbix Agent Loaded: loaded (/usr/lib/systemd/system/zabbix-agent.service; enabled; vendor preset: disabled) Active: active (running) since Sun 2024-01-21 20:08:41 CST; 8s ago Process: 34727 ExecStop=/bin/kill -SIGTERM $MAINPID (code=exited, status=0/SUCCESS) Process: 34729 ExecStart=/usr/sbin/zabbix_agentd -c $CONFFILE (code=exited, status=0/SUCCESS) Main PID: 34731 (zabbix_agentd) CGroup: /system.slice/zabbix-agent.service ├─34731 /usr/sbin/zabbix_agentd -c /etc/zabbix_agentd.conf ├─34732 /usr/sbin/zabbix_agentd: collector [idle 1 sec] ├─34733 /usr/sbin/zabbix_agentd: listener #1 [waiting for connection] ├─34734 /usr/sbin/zabbix_agentd: listener #2 [waiting for connection] └─34735 /usr/sbin/zabbix_agentd: listener #3 [waiting for connection] Jan 21 20:08:41 mcw02 systemd[1]: Starting Zabbix Agent... Jan 21 20:08:41 mcw02 systemd[1]: PID file /run/zabbix/zabbix_agentd.pid not readable (yet?) after start. Jan 21 20:08:41 mcw02 systemd[1]: Started Zabbix Agent. [root@mcw02 ~]# [root@mcw02 ~]# cat /usr/lib/systemd/system/zabbix-agent.service [Unit] Description=Zabbix Agent After=syslog.target After=network.target [Service] Environment="CONFFILE=/etc/zabbix_agentd.conf" EnvironmentFile=-/etc/sysconfig/zabbix-agent Type=forking Restart=on-failure PIDFile=/run/zabbix/zabbix_agentd.pid KillMode=control-group ExecStart=/usr/sbin/zabbix_agentd -c $CONFFILE ExecStop=/bin/kill -SIGTERM $MAINPID RestartSec=10s User=zabbix Group=zabbix [Install] WantedBy=multi-user.target [root@mcw02 ~]#
服务管理的另一个案例参考
下面是服务状态管理的sls写法 [root@salt-master apache]# cat install-rpm.sls httpd: #状态ID service.running: #服务状态运行 - enable: True #允许开机启动 - reload: True #允许reload服务,默认restart - require: #服务运行依赖于下面红色区域httpd是否安装 - pkg: httpd - watch:: #每次发现下面文件变化reloadnginx - file: /etc/httpd/conf/httpd.conf pkg.installed: #salt的yum安装包 - name: httpd #安装包名 file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://apache/files/httpd.conf
初始化环境引用
把初始化环境的state文件统一归类都放在一个state文件里面,然后再把这个文件,加到root目录下的top.sls里面。这样执行state.highstate的时候,就会从salt的root目录下的top.sls开始执行同步配置。
[root@mcw01 ~]# vim /srv/salt/base/init/env_init.sls [root@mcw01 ~]# vim /srv/salt/base/top.sls [root@mcw01 ~]# cat /srv/salt/base/top.sls base: '*': - init.env_init [root@mcw01 ~]# cat /srv/salt/base/init/env_init.sls include: - init.dns - init.history - init.audit - init.sysctl - init.epel #- init.zabbix_agent [root@mcw01 ~]# tree /srv/ /srv/ ├── pillar │ ├── base │ │ ├── top.sls │ │ └── zabbix.sls │ └── prod └── salt ├── base │ ├── init │ │ ├── audit.sls │ │ ├── dns.sls │ │ ├── env_init.sls │ │ ├── epel.sls │ │ ├── files │ │ │ ├── resolv.conf │ │ │ ├── zabbix_agentd.conf │ │ │ └── zabbix-agent.service │ │ ├── history.sls │ │ ├── sysctl.sls │ │ └── zabbix_agent.sls │ └── top.sls └── prod 8 directories, 13 files [root@mcw01 ~]#
执行之前,查看某一项
[root@mcw01 ~]# cat /etc/resolv.conf # Generated by NetworkManager nameserver 223.5.5.5 [root@mcw01 ~]#
生产环境中,每次执行状态,强烈建议先进行测试。下面就是测试
[root@mcw01 ~]# salt '*' state.highstate test=True mcw04: ---------- ID: /etc/resolv.conf Function: file.managed Result: True Comment: The file /etc/resolv.conf is in the correct state Started: 21:38:29.954539 Duration: 54.09 ms Changes: ---------- ID: /etc/profile Function: file.append Result: True Comment: File /etc/profile is in correct state Started: 21:38:30.009035 Duration: 8.958 ms Changes: ---------- ID: /etc/bashrc Function: file.append Result: True Comment: File /etc/bashrc is in correct state Started: 21:38:30.018167 Duration: 4.788 ms Changes: ---------- ID: net.ipv4.ip_local_port_range Function: sysctl.present Result: True Comment: Sysctl value net.ipv4.ip_local_port_range = 10000 65000 is already set Started: 21:38:30.027643 Duration: 146.727 ms Changes: ---------- ID: fs.file-max Function: sysctl.present Result: True Comment: Sysctl value fs.file-max = 2000000 is already set Started: 21:38:30.174586 Duration: 7.174 ms Changes: ---------- ID: net.ipv4.ip_forward Function: sysctl.present Result: True Comment: Sysctl value net.ipv4.ip_forward = 1 is already set Started: 21:38:30.181938 Duration: 6.812 ms Changes: ---------- ID: vm.swappiness Function: sysctl.present Result: True Comment: Sysctl value vm.swappiness = 0 is already set Started: 21:38:30.188963 Duration: 13.37 ms Changes: ---------- ID: yum_repo_release Function: pkg.installed Result: True Comment: unless condition is true Started: 21:38:31.450474 Duration: 1918.639 ms Changes: Summary for mcw04 ------------ Succeeded: 8 Failed: 0 ------------ Total states run: 8 Total run time: 2.161 s mcw03: ---------- ID: /etc/resolv.conf Function: file.managed Result: None Comment: The file /etc/resolv.conf is set to be changed Note: No changes made, actual changes may be different due to other states. Started: 21:38:30.269758 Duration: 93.687 ms Changes: ---------- diff: --- +++ @@ -1,2 +1,3 @@ # Generated by NetworkManager +#salt tongbu by mcw nameserver 223.5.5.5 ---------- ID: /etc/profile Function: file.append Result: None Comment: File /etc/profile is set to be updated Started: 21:38:30.363625 Duration: 4.447 ms Changes: ---------- diff: --- +++ @@ -74,3 +74,4 @@ unset i unset -f pathmunge +export HISTIMEFORMAT="%F %T `whoami` " ---------- ID: /etc/bashrc Function: file.append Result: None Comment: File /etc/bashrc is set to be updated Started: 21:38:30.368213 Duration: 3.876 ms Changes: ---------- diff: --- +++ @@ -90,3 +90,4 @@ unset -f pathmunge fi # vim:ts=4:sw=4 +export PORMPT_COMMADN='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):['pwd']"$msg"; }' ---------- ID: net.ipv4.ip_local_port_range Function: sysctl.present Result: None Comment: Sysctl option net.ipv4.ip_local_port_range set to be changed to 10000 65000 Started: 21:38:30.492115 Duration: 14.442 ms Changes: ---------- ID: fs.file-max Function: sysctl.present Result: None Comment: Sysctl option fs.file-max set to be changed to 2000000 Started: 21:38:30.506837 Duration: 7.093 ms Changes: ---------- ID: net.ipv4.ip_forward Function: sysctl.present Result: None Comment: Sysctl option net.ipv4.ip_forward set to be changed to 1 Started: 21:38:30.514295 Duration: 8.235 ms Changes: ---------- ID: vm.swappiness Function: sysctl.present Result: None Comment: Sysctl option vm.swappiness set to be changed to 0 Started: 21:38:30.522777 Duration: 4.947 ms Changes: ---------- ID: yum_repo_release Function: pkg.installed Result: None Comment: The following packages would be installed/updated: epel-release Started: 21:38:32.009846 Duration: 3410.343 ms Changes: ---------- installed: ---------- epel-release: ---------- new: installed old: Summary for mcw03 ------------ Succeeded: 8 (unchanged=8, changed=4) Failed: 0 ------------ Total states run: 8 Total run time: 3.547 s mcw02: ---------- ID: /etc/resolv.conf Function: file.managed Result: None Comment: The file /etc/resolv.conf is set to be changed Note: No changes made, actual changes may be different due to other states. Started: 21:38:30.205775 Duration: 100.353 ms Changes: ---------- diff: --- +++ @@ -1,2 +1,3 @@ # Generated by NetworkManager +#salt tongbu by mcw nameserver 223.5.5.5 ---------- ID: /etc/profile Function: file.append Result: None Comment: File /etc/profile is set to be updated Started: 21:38:30.306438 Duration: 31.654 ms Changes: ---------- diff: --- +++ @@ -78,3 +78,4 @@ export JAVA_HOME=/usr/local/jdk export HADOOP_HOME=/opt/hadoop export PATH=${JAVA_HOME}/bin:/opt/hadoop/sbin/:${HADOOP_HOME}/bin:$PATH +export HISTIMEFORMAT="%F %T `whoami` " ---------- ID: /etc/bashrc Function: file.append Result: None Comment: File /etc/bashrc is set to be updated Started: 21:38:30.338243 Duration: 31.526 ms Changes: ---------- diff: --- +++ @@ -90,3 +90,4 @@ unset -f pathmunge fi # vim:ts=4:sw=4 +export PORMPT_COMMADN='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):['pwd']"$msg"; }' ---------- ID: net.ipv4.ip_local_port_range Function: sysctl.present Result: None Comment: Sysctl option net.ipv4.ip_local_port_range set to be changed to 10000 65000 Started: 21:38:30.518197 Duration: 271.7 ms Changes: ---------- ID: fs.file-max Function: sysctl.present Result: None Comment: Sysctl option fs.file-max set to be changed to 2000000 Started: 21:38:30.790375 Duration: 49.186 ms Changes: ---------- ID: net.ipv4.ip_forward Function: sysctl.present Result: None Comment: Sysctl option net.ipv4.ip_forward set to be changed to 1 Started: 21:38:30.839951 Duration: 10.306 ms Changes: ---------- ID: vm.swappiness Function: sysctl.present Result: None Comment: Sysctl option vm.swappiness set to be changed to 0 Started: 21:38:30.850666 Duration: 11.544 ms Changes: ---------- ID: yum_repo_release Function: pkg.installed Result: None Comment: The following packages would be installed/updated: epel-release Started: 21:38:33.226082 Duration: 3518.017 ms Changes: ---------- installed: ---------- epel-release: ---------- new: installed old: Summary for mcw02 ------------ Succeeded: 8 (unchanged=8, changed=4) Failed: 0 ------------ Total states run: 8 Total run time: 4.024 s mcw01: ---------- ID: /etc/resolv.conf Function: file.managed Result: None Comment: The file /etc/resolv.conf is set to be changed Note: No changes made, actual changes may be different due to other states. Started: 21:38:30.263510 Duration: 130.851 ms Changes: ---------- diff: --- +++ @@ -1,2 +1,3 @@ # Generated by NetworkManager +#salt tongbu by mcw nameserver 223.5.5.5 ---------- ID: /etc/profile Function: file.append Result: None Comment: File /etc/profile is set to be updated Started: 21:38:30.394548 Duration: 12.506 ms Changes: ---------- diff: --- +++ @@ -78,3 +78,4 @@ export HADOOP_HOME=/opt/hadoop export PATH=${JAVA_HOME}/bin:${HADOOP_HOME}/bin:$PATH export PATH=/usr/local/bin:$PATH +export HISTIMEFORMAT="%F %T `whoami` " ---------- ID: /etc/bashrc Function: file.append Result: None Comment: File /etc/bashrc is set to be updated Started: 21:38:30.407218 Duration: 8.792 ms Changes: ---------- diff: --- +++ @@ -90,3 +90,4 @@ unset -f pathmunge fi # vim:ts=4:sw=4 +export PORMPT_COMMADN='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):['pwd']"$msg"; }' ---------- ID: net.ipv4.ip_local_port_range Function: sysctl.present Result: None Comment: Sysctl option net.ipv4.ip_local_port_range set to be changed to 10000 65000 Started: 21:38:30.517066 Duration: 338.453 ms Changes: ---------- ID: fs.file-max Function: sysctl.present Result: None Comment: Sysctl option fs.file-max set to be changed to 2000000 Started: 21:38:30.855819 Duration: 21.904 ms Changes: ---------- ID: net.ipv4.ip_forward Function: sysctl.present Result: None Comment: Sysctl option net.ipv4.ip_forward set to be changed to 1 Started: 21:38:30.878039 Duration: 15.628 ms Changes: ---------- ID: vm.swappiness Function: sysctl.present Result: None Comment: Sysctl option vm.swappiness set to be changed to 0 Started: 21:38:30.894243 Duration: 18.172 ms Changes: ---------- ID: yum_repo_release Function: pkg.installed Result: None Comment: The following packages would be installed/updated: epel-release Started: 21:38:33.505212 Duration: 8170.088 ms Changes: ---------- installed: ---------- epel-release: ---------- new: installed old: Summary for mcw01 ------------ Succeeded: 8 (unchanged=8, changed=4) Failed: 0 ------------ Total states run: 8 Total run time: 8.716 s [root@mcw01 ~]#
测试完成之后,可以看到没有改变
[root@mcw01 ~]# cat /etc/resolv.conf # Generated by NetworkManager nameserver 223.5.5.5 [root@mcw01 ~]#
这次是直接执行
[root@mcw01 ~]# salt '*' state.highstate
[root@mcw01 ~]# salt '*' state.highstate mcw04: ---------- ID: /etc/resolv.conf Function: file.managed Result: True Comment: File /etc/resolv.conf is in the correct state Started: 21:42:34.235965 Duration: 55.936 ms Changes: ---------- ID: /etc/profile Function: file.append Result: True Comment: File /etc/profile is in correct state Started: 21:42:34.292065 Duration: 7.791 ms Changes: ---------- ID: /etc/bashrc Function: file.append Result: True Comment: File /etc/bashrc is in correct state Started: 21:42:34.299993 Duration: 3.367 ms Changes: ---------- ID: net.ipv4.ip_local_port_range Function: sysctl.present Result: True Comment: Sysctl value net.ipv4.ip_local_port_range = 10000 65000 is already set Started: 21:42:34.307249 Duration: 18.77 ms Changes: ---------- ID: fs.file-max Function: sysctl.present Result: True Comment: Sysctl value fs.file-max = 2000000 is already set Started: 21:42:34.326404 Duration: 11.83 ms Changes: ---------- ID: net.ipv4.ip_forward Function: sysctl.present Result: True Comment: Sysctl value net.ipv4.ip_forward = 1 is already set Started: 21:42:34.338527 Duration: 7.342 ms Changes: ---------- ID: vm.swappiness Function: sysctl.present Result: True Comment: Sysctl value vm.swappiness = 0 is already set Started: 21:42:34.346499 Duration: 21.213 ms Changes: ---------- ID: yum_repo_release Function: pkg.installed Result: True Comment: unless condition is true Started: 21:42:36.760458 Duration: 1472.676 ms Changes: Summary for mcw04 ------------ Succeeded: 8 Failed: 0 ------------ Total states run: 8 Total run time: 1.599 s mcw02: ---------- ID: /etc/resolv.conf Function: file.managed Result: True Comment: File /etc/resolv.conf updated Started: 21:42:35.541973 Duration: 47.744 ms Changes: ---------- diff: --- +++ @@ -1,2 +1,3 @@ # Generated by NetworkManager +#salt tongbu by mcw nameserver 223.5.5.5 ---------- ID: /etc/profile Function: file.append Result: True Comment: Appended 1 lines Started: 21:42:35.589906 Duration: 8.72 ms Changes: ---------- diff: --- +++ @@ -78,3 +78,4 @@ export JAVA_HOME=/usr/local/jdk export HADOOP_HOME=/opt/hadoop export PATH=${JAVA_HOME}/bin:/opt/hadoop/sbin/:${HADOOP_HOME}/bin:$PATH +export HISTIMEFORMAT="%F %T `whoami` " ---------- ID: /etc/bashrc Function: file.append Result: True Comment: Appended 1 lines Started: 21:42:35.598909 Duration: 6.583 ms Changes: ---------- diff: --- +++ @@ -90,3 +90,4 @@ unset -f pathmunge fi # vim:ts=4:sw=4 +export PORMPT_COMMADN='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):['pwd']"$msg"; }' ---------- ID: net.ipv4.ip_local_port_range Function: sysctl.present Result: True Comment: Updated sysctl value net.ipv4.ip_local_port_range = 10000 65000 Started: 21:42:35.610101 Duration: 163.781 ms Changes: ---------- net.ipv4.ip_local_port_range: 10000 65000 ---------- ID: fs.file-max Function: sysctl.present Result: True Comment: Updated sysctl value fs.file-max = 2000000 Started: 21:42:35.774186 Duration: 64.57 ms Changes: ---------- fs.file-max: 2000000 ---------- ID: net.ipv4.ip_forward Function: sysctl.present Result: True Comment: Updated sysctl value net.ipv4.ip_forward = 1 Started: 21:42:35.839090 Duration: 14.334 ms Changes: ---------- net.ipv4.ip_forward: 1 ---------- ID: vm.swappiness Function: sysctl.present Result: True Comment: Updated sysctl value vm.swappiness = 0 Started: 21:42:35.853832 Duration: 15.413 ms Changes: ---------- vm.swappiness: 0 ---------- ID: yum_repo_release Function: pkg.installed Result: True Comment: The following packages were installed/updated: epel-release Started: 21:42:41.534962 Duration: 13671.436 ms Changes: ---------- epel-release: ---------- new: 7-14 old: Summary for mcw02 ------------ Succeeded: 8 (changed=8) Failed: 0 ------------ Total states run: 8 Total run time: 13.993 s mcw03: ---------- ID: /etc/resolv.conf Function: file.managed Result: True Comment: File /etc/resolv.conf updated Started: 21:42:34.422063 Duration: 74.895 ms Changes: ---------- diff: --- +++ @@ -1,2 +1,3 @@ # Generated by NetworkManager +#salt tongbu by mcw nameserver 223.5.5.5 ---------- ID: /etc/profile Function: file.append Result: True Comment: Appended 1 lines Started: 21:42:34.497184 Duration: 12.325 ms Changes: ---------- diff: --- +++ @@ -74,3 +74,4 @@ unset i unset -f pathmunge +export HISTIMEFORMAT="%F %T `whoami` " ---------- ID: /etc/bashrc Function: file.append Result: True Comment: Appended 1 lines Started: 21:42:34.509655 Duration: 4.676 ms Changes: ---------- diff: --- +++ @@ -90,3 +90,4 @@ unset -f pathmunge fi # vim:ts=4:sw=4 +export PORMPT_COMMADN='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):['pwd']"$msg"; }' ---------- ID: net.ipv4.ip_local_port_range Function: sysctl.present Result: True Comment: Updated sysctl value net.ipv4.ip_local_port_range = 10000 65000 Started: 21:42:34.517698 Duration: 32.789 ms Changes: ---------- net.ipv4.ip_local_port_range: 10000 65000 ---------- ID: fs.file-max Function: sysctl.present Result: True Comment: Updated sysctl value fs.file-max = 2000000 Started: 21:42:34.550730 Duration: 12.706 ms Changes: ---------- fs.file-max: 2000000 ---------- ID: net.ipv4.ip_forward Function: sysctl.present Result: True Comment: Updated sysctl value net.ipv4.ip_forward = 1 Started: 21:42:34.564214 Duration: 32.179 ms Changes: ---------- net.ipv4.ip_forward: 1 ---------- ID: vm.swappiness Function: sysctl.present Result: True Comment: Updated sysctl value vm.swappiness = 0 Started: 21:42:34.597219 Duration: 16.579 ms Changes: ---------- vm.swappiness: 0 ---------- ID: yum_repo_release Function: pkg.installed Result: True Comment: The following packages were installed/updated: epel-release Started: 21:42:36.500283 Duration: 19741.44 ms Changes: ---------- epel-release: ---------- new: 7-14 old: Summary for mcw03 ------------ Succeeded: 8 (changed=8) Failed: 0 ------------ Total states run: 8 Total run time: 19.928 s mcw01: ---------- ID: /etc/resolv.conf Function: file.managed Result: True Comment: File /etc/resolv.conf updated Started: 21:42:35.036988 Duration: 86.667 ms Changes: ---------- diff: --- +++ @@ -1,2 +1,3 @@ # Generated by NetworkManager +#salt tongbu by mcw nameserver 223.5.5.5 ---------- ID: /etc/profile Function: file.append Result: True Comment: Appended 1 lines Started: 21:42:35.123922 Duration: 38.29 ms Changes: ---------- diff: --- +++ @@ -78,3 +78,4 @@ export HADOOP_HOME=/opt/hadoop export PATH=${JAVA_HOME}/bin:${HADOOP_HOME}/bin:$PATH export PATH=/usr/local/bin:$PATH +export HISTIMEFORMAT="%F %T `whoami` " ---------- ID: /etc/bashrc Function: file.append Result: True Comment: Appended 1 lines Started: 21:42:35.162664 Duration: 13.843 ms Changes: ---------- diff: --- +++ @@ -90,3 +90,4 @@ unset -f pathmunge fi # vim:ts=4:sw=4 +export PORMPT_COMMADN='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):['pwd']"$msg"; }' ---------- ID: net.ipv4.ip_local_port_range Function: sysctl.present Result: True Comment: Updated sysctl value net.ipv4.ip_local_port_range = 10000 65000 Started: 21:42:35.180432 Duration: 22.047 ms Changes: ---------- net.ipv4.ip_local_port_range: 10000 65000 ---------- ID: fs.file-max Function: sysctl.present Result: True Comment: Updated sysctl value fs.file-max = 2000000 Started: 21:42:35.202840 Duration: 9.548 ms Changes: ---------- fs.file-max: 2000000 ---------- ID: net.ipv4.ip_forward Function: sysctl.present Result: True Comment: Updated sysctl value net.ipv4.ip_forward = 1 Started: 21:42:35.212718 Duration: 68.604 ms Changes: ---------- net.ipv4.ip_forward: 1 ---------- ID: vm.swappiness Function: sysctl.present Result: True Comment: Updated sysctl value vm.swappiness = 0 Started: 21:42:35.281773 Duration: 37.783 ms Changes: ---------- vm.swappiness: 0 ---------- ID: yum_repo_release Function: pkg.installed Result: True Comment: The following packages were installed/updated: epel-release Started: 21:42:38.014032 Duration: 23956.97 ms Changes: ---------- epel-release: ---------- new: 7-14 old: Summary for mcw01 ------------ Succeeded: 8 (changed=8) Failed: 0 ------------ Total states run: 8 Total run time: 24.234 s [root@mcw01 ~]#
执行完成之后,检查下,就可以看到某个配置已经是新的了
[root@mcw01 ~]# cat /etc/resolv.conf # Generated by NetworkManager #salt tongbu by mcw nameserver 223.5.5.5 [root@mcw01 ~]#
定时同步salt配置的方法
salt state.highstate
如果您希望使用SaltStack中的state.highstate模块定时执行,您可以使用Salt的cron表达式或Salt的定时任务功能。
- 使用cron表达式:
在Salt配置文件(通常为/etc/salt/master)中,找到schedule部分,并添加以下内容:
schedule: highstate_daily: function: state.highstate cron: - every 24 hours
这将设置一个计划任务,每天定时执行state.highstate。
每天执行一次的参考
schedule: highstate_daily: function: state.highstate minutes: 0 hours: 0
每小时执行一次的参考
schedule: highstate_hourly: function: state.highstate minutes: 0 hours: 1
每分钟执行一次的参考
schedule: highstate_minute: function: state.highstate minutes: 1
可以每5秒一次吗?回答如下:
在SaltStack中,state.highstate命令用于同步整个状态树。然而,Salt本身并不直接支持每5秒执行一次state.highstate。Salt的定时任务通常是以更长的时间间隔(如分钟、小时或天)来设置的。
如果你希望每5秒同步一次状态,这可能意味着你的状态树变化非常频繁,或者你正在尝试实现某种特定的同步策略。在这种情况下,你可能需要考虑其他解决方案,而不是依赖Salt的定时任务。
如果你确实需要每5秒执行一次同步,你可以考虑使用外部工具或脚本来调用salt-call命令,并通过cron作业或其他调度机制每5秒运行这个外部工具或脚本。例如,你可以使用一个简单的shell脚本或Python脚本,通过cron作业每5秒调用一次该脚本,该脚本再调用salt-call state.highstate。
请注意,频繁地同步整个状态树可能会对系统性能产生影响,并可能导致不必要的网络流量和计算负载。在实施这样的策略之前,请确保你了解其潜在的影响,并评估是否真的需要如此频繁的同步。
修改添加,每分钟一次的配置
[root@mcw01 ~]# tail -14 /etc/salt/master file_roots: base: - /srv/salt/base prod: - /srv/salt/prod pillar_roots: base: - /srv/pillar/base prod: - /srv/pillar/prod schedule: highstate_minute: function: state.highstate minutes: 1 [root@mcw01 ~]#
重启master
[root@mcw01 ~]# systemctl restart salt-master
将配置改错
[root@mcw01 ~]# vim /etc/resolv.conf [root@mcw01 ~]# cat /etc/resolv.conf # Generated by NetworkManager #salt tongbu by mcw gaicuo nameserver 223.5.5.5 [root@mcw01 ~]#
结果报错了
[root@mcw01 ~]# less /var/log/salt/master 2024-01-21 22:02:13,993 [salt.utils.schedule:875 ][ERROR ][82697] Unhandled exception running state.highstate Traceback (most recent call last): File "/usr/lib/python3.6/site-packages/salt/utils/schedule.py", line 777, in handle_func message=self.functions.missing_fun_string(func) File "/usr/lib/python3.6/site-packages/salt/utils/error.py", line 29, in raise_error raise ex(message) Exception: 'state.highstate' is not available.
2. 使用Salt的定时任务功能:
首先,在您的Salt环境中,使用salt-run命令来创建定时任务。打开终端,输入以下命令:
salt-run state.ScheduledJob create_job 'salt state.highstate' 'cron(* * * *)'
这将创建一个每天执行的定时任务。您可以根据需要更改cron表达式以设置不同的执行频率。
无论您选择哪种方法,确保在配置更改后重新加载Salt master服务,以使更改生效。
注意:上述方法仅适用于SaltStack的环境和配置。根据您使用的具体环境和配置,可能会有所不同。请根据您的实际情况进行适当的调整。
salt-call state.highstate
如果您想使用 salt-call 命令来定时执行 state.highstate,您可以使用以下方法:
- 使用cron表达式:
在您的系统上,打开cron配置文件(通常是 /etc/crontab 或 /etc/cron.d/ 目录下的文件)。在文件中,您可以添加一个新的cron作业来定期执行 salt-call state.highstate 命令。
例如,如果您希望每天凌晨1点执行 salt-call state.highstate,您可以添加以下行:
javascript复制代码
| 0 1 * * * root salt-call state.highstate |
保存并关闭文件后,cron作业将按照您设置的计划自动执行。
2. 使用定时任务工具:
您还可以使用系统提供的定时任务工具来定期执行 salt-call state.highstate。具体方法取决于您使用的操作系统和定时任务工具。常见的定时任务工具包括 cron、anacron、systemd 等。
使用定时任务工具时,您需要创建一个新的定时任务,指定要执行的命令(在这种情况下是 salt-call state.highstate),并设置适当的执行频率。根据您使用的工具和配置,具体的步骤可能会有所不同。
请注意,为了成功执行 salt-call 命令,您的系统上必须已经安装了SaltStack软件,并且您的用户帐户必须具有适当的权限。此外,确保在配置更改后重新启动定时任务服务或重新加载cron作业,以便使更改生效。
这些方法中的选择取决于您的具体需求和系统配置。选择适合您环境和需求的解决方案,并根据需要进行适当的调整。
haproxy配置管理
创建目录结构
[root@mcw01 ~]# tree /srv/ /srv/ ├── pillar │ ├── base │ │ ├── top.sls │ │ └── zabbix.sls │ └── prod └── salt ├── base │ ├── init │ │ ├── audit.sls │ │ ├── dns.sls │ │ ├── env_init.sls │ │ ├── epel.sls │ │ ├── files │ │ │ ├── resolv.conf │ │ │ ├── zabbix_agentd.conf │ │ │ └── zabbix-agent.service │ │ ├── history.sls │ │ ├── sysctl.sls │ │ └── zabbix_agent.sls │ └── top.sls └── prod 8 directories, 13 files [root@mcw01 ~]# mkdir /srv/salt/prod/pkg -p [root@mcw01 ~]# mkdir /srv/salt/prod/haproxy/files -p [root@mcw01 ~]# mkdir /srv/salt/prod/keepalived/files -p [root@mcw01 ~]#
pkg配置
[root@mcw01 ~]# vim /srv/salt/prod/pkg/pkg-init.sls [root@mcw01 ~]# cat /srv/salt/prod/pkg/pkg-init.sls pkg-init: pkg.installed: - names: - gcc - gcc-c++ - glibc - make - autoconf - openssl - openssl-devel [root@mcw01 ~]#
执行报错了
[root@mcw01 ~]# salt mcw03 state.sls pkg/pkg-init mcw03: Data failed to compile: ---------- No matching sls found for 'pkg/pkg-init' in env 'base' ERROR: Minions returned with non-zero exit code [root@mcw01 ~]#
修改base,
[root@mcw01 ~]# tail -16 /etc/salt/master file_roots: base: - /srv/salt/ mbase: - /srv/salt/base prod: - /srv/salt/prod pillar_roots: base: - /srv/pillar/base prod: - /srv/pillar/prod schedule: highstate_minute: function: state.highstate minutes: 1 [root@mcw01 ~]#
再次执行安装
[root@mcw01 ~]# salt mcw03 state.sls prod/pkg/pkg-init mcw03: ---------- ID: pkg-init Function: pkg.installed Name: gcc Result: True Comment: All specified packages are already installed Started: 01:10:08.934913 Duration: 1038.382 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: gcc-c++ Result: True Comment: All specified packages are already installed Started: 01:10:09.973704 Duration: 38.567 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: glibc Result: True Comment: All specified packages are already installed Started: 01:10:10.012561 Duration: 22.516 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: make Result: True Comment: All specified packages are already installed Started: 01:10:10.035372 Duration: 33.593 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: autoconf Result: True Comment: All specified packages are already installed Started: 01:10:10.069263 Duration: 33.301 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: openssl Result: True Comment: All specified packages are already installed Started: 01:10:10.102750 Duration: 32.557 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: openssl-devel Result: True Comment: The following packages were installed/updated: openssl-devel Started: 01:10:10.135522 Duration: 61334.854 ms Changes: ---------- e2fsprogs: ---------- new: 1.42.9-19.el7 old: 1.42.9-10.el7 e2fsprogs-libs: ---------- new: 1.42.9-19.el7 old: 1.42.9-10.el7 keyutils-libs-devel: ---------- new: 1.5.8-3.el7 old: krb5-devel: ---------- new: 1.15.1-55.el7_9 old: krb5-libs: ---------- new: 1.15.1-55.el7_9 old: 1.15.1-8.el7 libcom_err: ---------- new: 1.42.9-19.el7 old: 1.42.9-10.el7 libcom_err-devel: ---------- new: 1.42.9-19.el7 old: libkadm5: ---------- new: 1.15.1-55.el7_9 old: libselinux-devel: ---------- new: 2.5-15.el7 old: libsepol-devel: ---------- new: 2.5-10.el7 old: libss: ---------- new: 1.42.9-19.el7 old: 1.42.9-10.el7 libverto-devel: ---------- new: 0.2.5-4.el7 old: openssl: ---------- new: 1:1.0.2k-26.el7_9 old: 1:1.0.2k-8.el7 openssl-devel: ---------- new: 1:1.0.2k-26.el7_9 old: openssl-libs: ---------- new: 1:1.0.2k-26.el7_9 old: 1:1.0.2k-8.el7 pcre-devel: ---------- new: 8.32-17.el7 old: zlib: ---------- new: 1.2.7-21.el7_9 old: 1.2.7-17.el7 zlib-devel: ---------- new: 1.2.7-21.el7_9 old: Summary for mcw03 ------------ Succeeded: 7 (changed=1) Failed: 0 ------------ Total states run: 7 Total run time: 62.534 s [root@mcw01 ~]#
在执行配置同步的过程中,可以看到目标机器在安装包
[root@mcw03 ~]# ps -ef|grep yum root 92532 92485 5 01:10 ? 00:00:02 /usr/bin/python /usr/bin/yum -y install openssl-devel root 92683 2060 0 01:11 pts/0 00:00:00 grep --color=auto yum [root@mcw03 ~]# ps -ef|grep yum root 92696 2060 0 01:11 pts/0 00:00:00 grep --color=auto yum [root@mcw03 ~]#
也可以用其它办法:既然它是找环境base,那么将prod的,也作为列表元素之一,放到base下面。这样重启之后,prod目录下的,也是可以找到的。
file_roots: base: - /srv/salt/base - /srv/salt/prod
[root@mcw01 examples]# salt mcw03 state.sls pkg/pkg-init mcw03: ---------- ID: pkg-init Function: pkg.installed Name: gcc Result: True Comment: All specified packages ar
haproxy服务配置
通过https://www.haproxy.org/ 下载包,1.5的包
之前配置的prod不行,这样配置,也能找到第二个根目录下的文件
file_roots: base: - /srv/salt/base - /srv/salt/prod
查看之前创建的目录
[root@mcw01 ~]# tree /srv/ /srv/ ├── pillar │ ├── base │ │ ├── top.sls │ │ └── zabbix.sls │ └── prod └── salt ├── base │ ├── init │ │ ├── audit.sls │ │ ├── dns.sls │ │ ├── env_init.sls │ │ ├── epel.sls │ │ ├── files │ │ │ ├── resolv.conf │ │ │ ├── zabbix_agentd.conf │ │ │ └── zabbix-agent.service │ │ ├── history.sls │ │ ├── sysctl.sls │ │ └── zabbix_agent.sls │ └── top.sls └── prod ├── haproxy │ └── files ├── keepalived │ └── files └── pkg └── pkg-init.sls 13 directories, 14 files [root@mcw01 ~]#
将软件包复制到salt里面
[root@mcw01 ~]# cd /usr/local/src/ [root@mcw01 src]# ls [root@mcw01 src]# rz -E rz waiting to receive. [root@mcw01 src]# ls haproxy-1.5.19.tar.gz [root@mcw01 src]# mkdir /srv/salt/test/haproxy/files/ -p [root@mcw01 src]# cp haproxy-1.5.19.tar.gz /srv/salt/test/haproxy/files/ [root@mcw01 src]# tar haproxy-1.5.19.tar.gz tar: Old option `g' requires an argument. Try `tar --help' or `tar --usage' for more information. [root@mcw01 src]# tar xf haproxy-1.5.19.tar.gz [root@mcw01 src]# ls haproxy-1.5.19 haproxy-1.5.19.tar.gz [root@mcw01 src]# cd /usr/local/src/haproxy-1.5.19/examples/ [root@mcw01 examples]# ls ../ CHANGELOG contrib CONTRIBUTING doc ebtree examples include LICENSE Makefile README ROADMAP src SUBVERS tests VERDATE VERSION [root@mcw01 examples]# ls acl-content-sw.cfg check.conf debug2ansi examples.cfg haproxy.spec linux-2.4.21-40.EL-custom.diff stats_haproxy.sh url-switching.cfg auth.cfg config.rc.haproxy debug2html haproxy-1.1.21-flx.1.pkg haproxy.vim option-http_proxy.cfg tarpit.cfg build.cfg content-sw-sample.cfg debugfind haproxy.cfg init.haproxy rc.highsock test-section-kw.cfg check cttproxy-src.cfg errorfiles haproxy.init init.haproxy.flx0 ssl.cfg transparent_proxy.cfg [root@mcw01 examples]# sed -i 's/\/usr\/sbin\/'\$BASENAME/\/usr\/local\/\/haproxy\/sbin\/'\$BASENAME'/g' haproxy.init ^C #这步省略,我这个版本的,原本就跟替换后的结果是相同的,不需要再替换这一步 [root@mcw01 examples]# cp haproxy.init /srv/salt/test/haproxy/files/ [root@mcw01 examples]# ls /srv/salt/test/haproxy/files/ haproxy-1.5.19.tar.gz haproxy.init [root@mcw01 examples]#
编写haproxy安装sls
[root@mcw01 examples]# tree /srv/salt/prod/ /srv/salt/prod/ ├── haproxy │ ├── files │ └── install.sls ├── keepalived │ └── files └── pkg └── pkg-init.sls 5 directories, 2 files [root@mcw01 examples]# cat /srv/salt/prod/haproxy/install.sls include: - pkg.pkg-init haproxy-install: file.managed: - name: /usr/local/src/haproxy-1.5.19.tar.gz - source: salt://haproxy/files/haproxy-1.5.19.tar.gz - mode: 755 - user: root - group: root cmd.run: - name: cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy - unless: test -d /usr/local/haproxy - require: - pkg: pkg-init - file: haproxy-install /etc/init.d/haproxy: file.managed: - source: salt://haproxy/files/haproxy.init - mode: 755 - user: root - group: root - require: - cmd: haproxy-install net.ipv4.ip_nonlocal_bind: sysctl.present: - value: 1 haproxy-config-dir: file.directory: - name: /etc/haproxy - mode: 755 - user: root - group: root haproxy-init: cmd.rum: - name: chkconfig --add haproxy - unless: chkconfig --list|grep haproxy - require: - file: /etc/init.d/haproxy [root@mcw01 examples]#
执行报错了
[root@mcw01 examples]# cat /srv/salt/prod/haproxy/install.sls ^C [root@mcw01 examples]# vim /srv/salt/prod/haproxy/install.sls [root@mcw01 examples]# [root@mcw01 examples]# salt mcw03 state.sls haproxy/install mcw03: ---------- ID: pkg-init Function: pkg.installed Name: gcc Result: True Comment: All specified packages are already installed Started: 00:35:21.276030 Duration: 925.27 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: gcc-c++ Result: True Comment: All specified packages are already installed Started: 00:35:22.201509 Duration: 26.511 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: glibc Result: True Comment: All specified packages are already installed Started: 00:35:22.228177 Duration: 23.531 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: make Result: True Comment: All specified packages are already installed Started: 00:35:22.252043 Duration: 26.759 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: autoconf Result: True Comment: All specified packages are already installed Started: 00:35:22.278967 Duration: 21.453 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: openssl Result: True Comment: All specified packages are already installed Started: 00:35:22.300596 Duration: 23.296 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: openssl-devel Result: True Comment: All specified packages are already installed Started: 00:35:22.324050 Duration: 31.88 ms Changes: ---------- ID: haproxy-install Function: file.managed Name: /usr/local/src/haproxy-1.5.19.tar.gz Result: False Comment: Source file salt://haproxy/files/haproxy-1.5.19.tar.gz not found in saltenv 'base' Started: 00:35:22.359999 Duration: 21.367 ms Changes: ---------- ID: haproxy-install Function: cmd.run Name: cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy Result: False Comment: One or more requisite failed: haproxy/install.haproxy-install Started: 00:35:22.382768 Duration: 0.006 ms Changes: ---------- ID: /etc/init.d/haproxy Function: file.managed Result: False Comment: One or more requisite failed: haproxy/install.haproxy-install Started: 00:35:22.382960 Duration: 0.003 ms Changes: ---------- ID: net.ipv4.ip_nonlocal_bind Function: sysctl.present Result: True Comment: Updated sysctl value net.ipv4.ip_nonlocal_bind = 1 Started: 00:35:22.383404 Duration: 14.245 ms Changes: ---------- net.ipv4.ip_nonlocal_bind: 1 ---------- ID: haproxy-config-dir Function: file.directory Name: /etc/haproxy Result: True Comment: Started: 00:35:22.397982 Duration: 2.186 ms Changes: ---------- /etc/haproxy: ---------- directory: new ---------- ID: haproxy-init Function: cmd.rum Name: chkconfig --add haproxy Result: False Comment: One or more requisite failed: haproxy/install./etc/init.d/haproxy Started: 00:35:23.263348 Duration: 0.021 ms Changes: Summary for mcw03 ------------ Succeeded: 9 (changed=2) Failed: 4 ------------ Total states run: 13 Total run time: 1.117 s ERROR: Minions returned with non-zero exit code [root@mcw01 examples]#
缺少包,再次执行
[root@mcw01 src]# ls haproxy-1.5.19 haproxy-1.5.19.tar.gz [root@mcw01 src]# cp haproxy-1.5.19.tar.gz /srv/salt/prod/haproxy/files/ [root@mcw01 src]# tree /srv/salt/prod/ /srv/salt/prod/ ├── haproxy │ ├── files │ │ └── haproxy-1.5.19.tar.gz │ └── install.sls ├── keepalived │ └── files └── pkg └── pkg-init.sls 5 directories, 3 files [root@mcw01 src]# salt mcw03 state.sls haproxy/install
查看执行结果,还是报错,还是缺少一个文件
[root@mcw01 src]# salt mcw03 state.sls haproxy/install mcw03: ---------- ID: pkg-init Function: pkg.installed Name: gcc Result: True Comment: All specified packages are already installed Started: 00:39:39.727217 Duration: 988.523 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: gcc-c++ Result: True Comment: All specified packages are already installed Started: 00:39:40.716133 Duration: 40.366 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: glibc Result: True Comment: All specified packages are already installed Started: 00:39:40.756791 Duration: 33.061 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: make Result: True Comment: All specified packages are already installed Started: 00:39:40.790037 Duration: 29.214 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: autoconf Result: True Comment: All specified packages are already installed Started: 00:39:40.819403 Duration: 37.064 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: openssl Result: True Comment: All specified packages are already installed Started: 00:39:40.856826 Duration: 38.02 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: openssl-devel Result: True Comment: All specified packages are already installed Started: 00:39:40.895079 Duration: 20.466 ms Changes: ---------- ID: haproxy-install Function: file.managed Name: /usr/local/src/haproxy-1.5.19.tar.gz Result: True Comment: File /usr/local/src/haproxy-1.5.19.tar.gz updated Started: 00:39:40.917930 Duration: 67.767 ms Changes: ---------- mode: 0755 ---------- ID: haproxy-install Function: cmd.run Name: cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy Result: True Comment: Command "cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy" run Started: 00:39:40.987423 Duration: 20662.639 ms Changes: ---------- pid: 87266 retcode: 0 stderr: stdout: gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" \ -DBUILD_TARGET='"linux26"' \ -DBUILD_ARCH='""' \ -DBUILD_CPU='"generic"' \ -DBUILD_CC='"gcc"' \ -DBUILD_CFLAGS='"-O2 -g -fno-strict-aliasing"' \ -DBUILD_OPTIONS='""' \ -c -o src/haproxy.o src/haproxy.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/sessionhash.o src/sessionhash.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/base64.o src/base64.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/protocol.o src/protocol.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/uri_auth.o src/uri_auth.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/standard.o src/standard.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/buffer.o src/buffer.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/log.o src/log.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/task.o src/task.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/chunk.o src/chunk.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/channel.o src/channel.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/listener.o src/listener.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/time.o src/time.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/fd.o src/fd.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/pipe.o src/pipe.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/regex.o src/regex.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/cfgparse.o src/cfgparse.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/server.o src/server.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/checks.o src/checks.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/queue.o src/queue.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/frontend.o src/frontend.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/proxy.o src/proxy.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/peers.o src/peers.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/arg.o src/arg.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/stick_table.o src/stick_table.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/proto_uxst.o src/proto_uxst.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/connection.o src/connection.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/proto_http.o src/proto_http.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/raw_sock.o src/raw_sock.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/appsession.o src/appsession.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/backend.o src/backend.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/lb_chash.o src/lb_chash.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/lb_fwlc.o src/lb_fwlc.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/lb_fwrr.o src/lb_fwrr.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/lb_map.o src/lb_map.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/lb_fas.o src/lb_fas.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/stream_interface.o src/stream_interface.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/dumpstats.o src/dumpstats.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/proto_tcp.o src/proto_tcp.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/session.o src/session.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/hdr_idx.o src/hdr_idx.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/ev_select.o src/ev_select.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/signal.o src/signal.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/acl.o src/acl.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/sample.o src/sample.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/memory.o src/memory.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/freq_ctr.o src/freq_ctr.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/auth.o src/auth.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/compression.o src/compression.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/payload.o src/payload.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/hash.o src/hash.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/pattern.o src/pattern.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/map.o src/map.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/ev_poll.o src/ev_poll.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/ev_epoll.o src/ev_epoll.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o ebtree/ebtree.o ebtree/ebtree.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o ebtree/eb32tree.o ebtree/eb32tree.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o ebtree/eb64tree.o ebtree/eb64tree.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o ebtree/ebmbtree.o ebtree/ebmbtree.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o ebtree/ebsttree.o ebtree/ebsttree.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o ebtree/ebimtree.o ebtree/ebimtree.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o ebtree/ebistree.o ebtree/ebistree.c gcc -g -o haproxy src/haproxy.o src/sessionhash.o src/base64.o src/protocol.o src/uri_auth.o src/standard.o src/buffer.o src/log.o src/task.o src/chunk.o src/channel.o src/listener.o src/time.o src/fd.o src/pipe.o src/regex.o src/cfgparse.o src/server.o src/checks.o src/queue.o src/frontend.o src/proxy.o src/peers.o src/arg.o src/stick_table.o src/proto_uxst.o src/connection.o src/proto_http.o src/raw_sock.o src/appsession.o src/backend.o src/lb_chash.o src/lb_fwlc.o src/lb_fwrr.o src/lb_map.o src/lb_fas.o src/stream_interface.o src/dumpstats.o src/proto_tcp.o src/session.o src/hdr_idx.o src/ev_select.o src/signal.o src/acl.o src/sample.o src/memory.o src/freq_ctr.o src/auth.o src/compression.o src/payload.o src/hash.o src/pattern.o src/map.o src/ev_poll.o src/ev_epoll.o ebtree/ebtree.o ebtree/eb32tree.o ebtree/eb64tree.o ebtree/ebmbtree.o ebtree/ebsttree.o ebtree/ebimtree.o ebtree/ebistree.o -lcrypt gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" \ -DSBINDIR='"/usr/local/haproxy/sbin"' \ -c -o src/haproxy-systemd-wrapper.o src/haproxy-systemd-wrapper.c gcc -g -o haproxy-systemd-wrapper src/haproxy-systemd-wrapper.o -lcrypt install -d "/usr/local/haproxy/sbin" install haproxy "/usr/local/haproxy/sbin" install -d "/usr/local/haproxy/share/man"/man1 install -m 644 doc/haproxy.1 "/usr/local/haproxy/share/man"/man1 install -d "/usr/local/haproxy/doc/haproxy" for x in configuration architecture haproxy-en haproxy-fr; do \ install -m 644 doc/$x.txt "/usr/local/haproxy/doc/haproxy" ; \ done ---------- ID: /etc/init.d/haproxy Function: file.managed Result: False Comment: Source file salt://haproxy/files/haproxy.init not found in saltenv 'base' Started: 00:40:01.650927 Duration: 12.386 ms Changes: ---------- ID: net.ipv4.ip_nonlocal_bind Function: sysctl.present Result: True Comment: Sysctl value net.ipv4.ip_nonlocal_bind = 1 is already set Started: 00:40:01.663479 Duration: 7.979 ms Changes: ---------- ID: haproxy-config-dir Function: file.directory Name: /etc/haproxy Result: True Comment: The directory /etc/haproxy is in the correct state Started: 00:40:01.671656 Duration: 1.432 ms Changes: ---------- ID: haproxy-init Function: cmd.rum Name: chkconfig --add haproxy Result: False Comment: One or more requisite failed: haproxy/install./etc/init.d/haproxy Started: 00:40:01.680467 Duration: 0.007 ms Changes: Summary for mcw03 ------------- Succeeded: 11 (changed=2) Failed: 2 ------------- Total states run: 13 Total run time: 21.939 s ERROR: Minions returned with non-zero exit code [root@mcw01 src]#
将缺少的文件复制过去
[root@mcw01 src]# tree /srv/salt/prod/ /srv/salt/prod/ ├── haproxy │ ├── files │ │ └── haproxy-1.5.19.tar.gz │ └── install.sls ├── keepalived │ └── files └── pkg └── pkg-init.sls 5 directories, 3 files [root@mcw01 src]# tree /srv/salt/test/ /srv/salt/test/ └── haproxy └── files ├── haproxy-1.5.19.tar.gz └── haproxy.init 2 directories, 2 files [root@mcw01 src]# cp /srv/salt/test/haproxy/files/haproxy.init /srv/salt/prod/haproxy/files/ [root@mcw01 src]# tree /srv/salt/prod/ /srv/salt/prod/ ├── haproxy │ ├── files │ │ ├── haproxy-1.5.19.tar.gz │ │ └── haproxy.init │ └── install.sls ├── keepalived │ └── files └── pkg └── pkg-init.sls 5 directories, 4 files [root@mcw01 src]# cat /srv/salt/prod/haproxy/install.sls include: - pkg.pkg-init haproxy-install: file.managed: - name: /usr/local/src/haproxy-1.5.19.tar.gz - source: salt://haproxy/files/haproxy-1.5.19.tar.gz - mode: 755 - user: root - group: root cmd.run: - name: cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy - unless: test -d /usr/local/haproxy - require: - pkg: pkg-init - file: haproxy-install /etc/init.d/haproxy: file.managed: - source: salt://haproxy/files/haproxy.init - mode: 755 - user: root - group: root - require: - cmd: haproxy-install net.ipv4.ip_nonlocal_bind: sysctl.present: - value: 1 haproxy-config-dir: file.directory: - name: /etc/haproxy - mode: 755 - user: root - group: root haproxy-init: cmd.rum: - name: chkconfig --add haproxy - unless: chkconfig --list|grep haproxy - require: - file: /etc/init.d/haproxy [root@mcw01 src]#
再次执行,又报错了,命令函数写错了,cmd.run写成了cmd.rum了
[root@mcw01 src]# salt mcw03 state.sls haproxy/install mcw03: ---------- ID: pkg-init Function: pkg.installed Name: gcc Result: True Comment: All specified packages are already installed Started: 00:44:38.843061 Duration: 1064.83 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: gcc-c++ Result: True Comment: All specified packages are already installed Started: 00:44:39.908294 Duration: 35.306 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: glibc Result: True Comment: All specified packages are already installed Started: 00:44:39.943884 Duration: 34.928 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: make Result: True Comment: All specified packages are already installed Started: 00:44:39.979057 Duration: 24.292 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: autoconf Result: True Comment: All specified packages are already installed Started: 00:44:40.003643 Duration: 25.319 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: openssl Result: True Comment: All specified packages are already installed Started: 00:44:40.029109 Duration: 43.477 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: openssl-devel Result: True Comment: All specified packages are already installed Started: 00:44:40.072950 Duration: 36.01 ms Changes: ---------- ID: haproxy-install Function: file.managed Name: /usr/local/src/haproxy-1.5.19.tar.gz Result: True Comment: File /usr/local/src/haproxy-1.5.19.tar.gz is in the correct state Started: 00:44:40.113134 Duration: 41.0 ms Changes: ---------- ID: haproxy-install Function: cmd.run Name: cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy Result: True Comment: unless condition is true Started: 00:44:40.156209 Duration: 654.739 ms Changes: ---------- ID: /etc/init.d/haproxy Function: file.managed Result: True Comment: File /etc/init.d/haproxy updated Started: 00:44:40.811531 Duration: 21.497 ms Changes: ---------- diff: New file mode: 0755 ---------- ID: net.ipv4.ip_nonlocal_bind Function: sysctl.present Result: True Comment: Sysctl value net.ipv4.ip_nonlocal_bind = 1 is already set Started: 00:44:40.833260 Duration: 15.599 ms Changes: ---------- ID: haproxy-config-dir Function: file.directory Name: /etc/haproxy Result: True Comment: The directory /etc/haproxy is in the correct state Started: 00:44:40.849302 Duration: 2.777 ms Changes: ---------- ID: haproxy-init Function: cmd.rum Name: chkconfig --add haproxy Result: False Comment: State 'cmd.rum' was not found in SLS 'haproxy/install' Reason: 'cmd.rum' is not available. Changes: Summary for mcw03 ------------- Succeeded: 12 (changed=1) Failed: 1 ------------- Total states run: 13 Total run time: 2.000 s ERROR: Minions returned with non-zero exit code [root@mcw01 src]#
最终正确的文件,如下:,查看并成功运行。
[root@mcw01 src]# vim /srv/salt/prod/haproxy/install.sls [root@mcw01 src]# cat /srv/salt/prod/haproxy/install.sls include: - pkg.pkg-init haproxy-install: file.managed: - name: /usr/local/src/haproxy-1.5.19.tar.gz - source: salt://haproxy/files/haproxy-1.5.19.tar.gz - mode: 755 - user: root - group: root cmd.run: - name: cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy - unless: test -d /usr/local/haproxy - require: - pkg: pkg-init - file: haproxy-install /etc/init.d/haproxy: file.managed: - source: salt://haproxy/files/haproxy.init - mode: 755 - user: root - group: root - require: - cmd: haproxy-install net.ipv4.ip_nonlocal_bind: sysctl.present: - value: 1 haproxy-config-dir: file.directory: - name: /etc/haproxy - mode: 755 - user: root - group: root haproxy-init: cmd.run: - name: chkconfig --add haproxy - unless: chkconfig --list|grep haproxy - require: - file: /etc/init.d/haproxy [root@mcw01 src]# [root@mcw01 src]# salt mcw03 state.sls haproxy/install mcw03: ---------- ID: pkg-init Function: pkg.installed Name: gcc Result: True Comment: All specified packages are already installed Started: 00:48:32.115575 Duration: 970.154 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: gcc-c++ Result: True Comment: All specified packages are already installed Started: 00:48:33.085998 Duration: 32.891 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: glibc Result: True Comment: All specified packages are already installed Started: 00:48:33.119140 Duration: 33.562 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: make Result: True Comment: All specified packages are already installed Started: 00:48:33.153022 Duration: 37.877 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: autoconf Result: True Comment: All specified packages are already installed Started: 00:48:33.191196 Duration: 41.239 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: openssl Result: True Comment: All specified packages are already installed Started: 00:48:33.232630 Duration: 25.606 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: openssl-devel Result: True Comment: All specified packages are already installed Started: 00:48:33.258384 Duration: 43.201 ms Changes: ---------- ID: haproxy-install Function: file.managed Name: /usr/local/src/haproxy-1.5.19.tar.gz Result: True Comment: File /usr/local/src/haproxy-1.5.19.tar.gz is in the correct state Started: 00:48:33.305648 Duration: 33.311 ms Changes: ---------- ID: haproxy-install Function: cmd.run Name: cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy Result: True Comment: unless condition is true Started: 00:48:33.340854 Duration: 527.499 ms Changes: ---------- ID: /etc/init.d/haproxy Function: file.managed Result: True Comment: File /etc/init.d/haproxy is in the correct state Started: 00:48:33.868895 Duration: 10.524 ms Changes: ---------- ID: net.ipv4.ip_nonlocal_bind Function: sysctl.present Result: True Comment: Sysctl value net.ipv4.ip_nonlocal_bind = 1 is already set Started: 00:48:33.879567 Duration: 9.255 ms Changes: ---------- ID: haproxy-config-dir Function: file.directory Name: /etc/haproxy Result: True Comment: The directory /etc/haproxy is in the correct state Started: 00:48:33.889016 Duration: 2.71 ms Changes: ---------- ID: haproxy-init Function: cmd.run Name: chkconfig --add haproxy Result: True Comment: Command "chkconfig --add haproxy" run Started: 00:48:33.892271 Duration: 137.161 ms Changes: ---------- pid: 88381 retcode: 0 stderr: stdout: Summary for mcw03 ------------- Succeeded: 13 (changed=1) Failed: 0 ------------- Total states run: 13 Total run time: 1.905 s [root@mcw01 src]#
服务没有起来,有问题啊,手动查看也有问题
[root@mcw03 src]# systemctl status haproxy ● haproxy.service - SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Loaded: loaded (/etc/rc.d/init.d/haproxy; bad; vendor preset: disabled) Active: inactive (dead) Docs: man:systemd-sysv-generator(8) [root@mcw03 src]# ps -ef|grep haproxy root 88442 2060 0 00:49 pts/0 00:00:00 grep --color=auto haproxy [root@mcw03 src]# ps -ef|grep 88381 root 88464 2060 0 00:50 pts/0 00:00:00 grep --color=auto 88381 [root@mcw03 src]# [root@mcw03 src]# [root@mcw03 src]# /etc/init.d/haproxy status /etc/init.d/haproxy: line 26: [: =: unary operator expected [root@mcw03 src]#
应该是缺少配置文件呢,等后面配置文件的sls也加进来,再试试
[root@mcw03 src]# ls /etc/haproxy/
[root@mcw03 src]#
创建目录
[root@mcw01 src]# mkdir -p /srv/salt/prod/cluster/files
[root@mcw01 src]# tree /srv/salt/prod/ /srv/salt/prod/ ├── cluster │ ├── files │ │ └── haproxy-outside.cfg │ └── haproxy-outside.sls ├── haproxy │ ├── files │ │ ├── haproxy-1.5.19.tar.gz │ │ └── haproxy.init │ └── install.sls ├── keepalived │ └── files └── pkg └── pkg-init.sls 7 directories, 6 files [root@mcw01 src]#
添加文件
[root@mcw01 src]# cat /srv/salt/prod/cluster/haproxy-outside.sls include: - haproxy.install haproxy-service: file.managed: - name: /etc/haproxy/haproxy.cfg - source: salt://cluster/files/haproxy-outside.cfg - user: root - group: root - mode: 644 service.running: - name: haproxy - enable: True - reload: True - require: - cmd: haproxy-init - watch: - file: haproxy-service [root@mcw01 src]#
修改文件和添加配置文件
[root@mcw01 src]# cat /srv/salt/base/top.sls base: #'*': # - init.env_init 'mcw03': - cluster.haproxy-outside #prod: # '*': # - [root@mcw01 src]# cat /srv/salt/prod/cluster/files/haproxy-outside.cfg global maxconn 100000 chroot /usr/local/haproxy uid 99 gid 99 daemon nbproc 1 pidfile /usr/local/haproxy/logs/haproxy.pid log 127.0.0.1 local3 info defaults option http-keep-alive maxconn 100000 mode http timeout connect 5000ms timeout client 50000ms timeout server 50000ms listen stats mode http bind 0.0.0.0:8888 stats enable stats uri /haproxy-status stats auth haproxy:saltstack frontend frontend_www_example_com bind 10.0.0.12:80 mode http option httplog log global default_backend backend_www_example_com backend backend_www_example_com option forwardfor header X-REAL-IP option httpchk HEAD / HTTP/1.0 balance source server web-node1 10.0.0.12:8080 check inter 2000 rise 30 fall 15 server web-node2 10.0.0.13:8080 check inter 2000 rise 30 fall 15 [root@mcw01 src]#
测试执行
[root@mcw01 src]# salt 'mcw03' state.highstate test=True mcw03: ---------- ID: pkg-init Function: pkg.installed Name: gcc Result: True Comment: All specified packages are already installed Started: 22:28:00.723363 Duration: 1229.922 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: gcc-c++ Result: True Comment: All specified packages are already installed Started: 22:28:01.953756 Duration: 27.991 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: glibc Result: True Comment: All specified packages are already installed Started: 22:28:01.981920 Duration: 20.301 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: make Result: True Comment: All specified packages are already installed Started: 22:28:02.002444 Duration: 23.738 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: autoconf Result: True Comment: All specified packages are already installed Started: 22:28:02.026507 Duration: 40.997 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: openssl Result: True Comment: All specified packages are already installed Started: 22:28:02.067700 Duration: 24.875 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: openssl-devel Result: True Comment: All specified packages are already installed Started: 22:28:02.092736 Duration: 23.694 ms Changes: ---------- ID: haproxy-install Function: file.managed Name: /usr/local/src/haproxy-1.5.19.tar.gz Result: True Comment: The file /usr/local/src/haproxy-1.5.19.tar.gz is in the correct state Started: 22:28:02.119144 Duration: 27.377 ms Changes: ---------- ID: haproxy-install Function: cmd.run Name: cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy Result: True Comment: unless condition is true Started: 22:28:02.148068 Duration: 556.231 ms Changes: ---------- ID: /etc/init.d/haproxy Function: file.managed Result: None Comment: The file /etc/init.d/haproxy is set to be changed Note: No changes made, actual changes may be different due to other states. Started: 22:28:02.705024 Duration: 21.972 ms Changes: ---------- diff: --- +++ @@ -23,7 +23,7 @@ . /etc/sysconfig/network # Check that networking is up. -#[ ${NETWORKING} = "no" ] && exit 0 +[ ${NETWORKING} = "no" ] && exit 0 # This is our service name BASENAME=`basename $0` ---------- ID: net.ipv4.ip_nonlocal_bind Function: sysctl.present Result: True Comment: Sysctl value net.ipv4.ip_nonlocal_bind = 1 is already set Started: 22:28:02.727160 Duration: 9.324 ms Changes: ---------- ID: haproxy-config-dir Function: file.directory Name: /etc/haproxy Result: True Comment: The directory /etc/haproxy is in the correct state Started: 22:28:02.736711 Duration: 1.699 ms Changes: ---------- ID: haproxy-init Function: cmd.run Name: chkconfig --add haproxy Result: True Comment: unless condition is true Started: 22:28:02.738806 Duration: 25.726 ms Changes: ---------- ID: haproxy-service Function: file.managed Name: /etc/haproxy/haproxy.cfg Result: None Comment: The file /etc/haproxy/haproxy.cfg is set to be changed Note: No changes made, actual changes may be different due to other states. Started: 22:28:02.764955 Duration: 5.6 ms Changes: ---------- newfile: /etc/haproxy/haproxy.cfg ---------- ID: haproxy-service Function: service.running Name: haproxy Result: None Comment: Service is set to be started Started: 22:28:02.801808 Duration: 10.57 ms Changes: Summary for mcw03 ------------- Succeeded: 15 (unchanged=3, changed=2) Failed: 0 ------------- Total states run: 15 Total run time: 2.050 s [root@mcw01 src]#
执行运行失败
[root@mcw01 src]# salt 'mcw03' state.highstate mcw03: ---------- ID: pkg-init Function: pkg.installed Name: gcc Result: True Comment: All specified packages are already installed Started: 22:47:47.131421 Duration: 1089.371 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: gcc-c++ Result: True Comment: All specified packages are already installed Started: 22:47:48.221340 Duration: 23.014 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: glibc Result: True Comment: All specified packages are already installed Started: 22:47:48.244504 Duration: 21.096 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: make Result: True Comment: All specified packages are already installed Started: 22:47:48.265773 Duration: 20.691 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: autoconf Result: True Comment: All specified packages are already installed Started: 22:47:48.286626 Duration: 25.173 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: openssl Result: True Comment: All specified packages are already installed Started: 22:47:48.311975 Duration: 20.41 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: openssl-devel Result: True Comment: All specified packages are already installed Started: 22:47:48.332569 Duration: 19.971 ms Changes: ---------- ID: haproxy-install Function: file.managed Name: /usr/local/src/haproxy-1.5.19.tar.gz Result: True Comment: File /usr/local/src/haproxy-1.5.19.tar.gz is in the correct state Started: 22:47:48.356558 Duration: 29.845 ms Changes: ---------- ID: haproxy-install Function: cmd.run Name: cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy Result: True Comment: unless condition is true Started: 22:47:48.387878 Duration: 500.222 ms Changes: ---------- ID: /etc/init.d/haproxy Function: file.managed Result: True Comment: File /etc/init.d/haproxy updated Started: 22:47:48.888483 Duration: 16.809 ms Changes: ---------- diff: --- +++ @@ -23,7 +23,7 @@ . /etc/sysconfig/network # Check that networking is up. -#[ ${NETWORKING} = "no" ] && exit 0 +[ ${NETWORKING} = "no" ] && exit 0 # This is our service name BASENAME=`basename $0` ---------- ID: net.ipv4.ip_nonlocal_bind Function: sysctl.present Result: True Comment: Sysctl value net.ipv4.ip_nonlocal_bind = 1 is already set Started: 22:47:48.905437 Duration: 14.792 ms Changes: ---------- ID: haproxy-config-dir Function: file.directory Name: /etc/haproxy Result: True Comment: The directory /etc/haproxy is in the correct state Started: 22:47:48.920614 Duration: 3.165 ms Changes: ---------- ID: haproxy-init Function: cmd.run Name: chkconfig --add haproxy Result: True Comment: unless condition is true Started: 22:47:48.924845 Duration: 71.718 ms Changes: ---------- ID: haproxy-service Function: file.managed Name: /etc/haproxy/haproxy.cfg Result: True Comment: File /etc/haproxy/haproxy.cfg updated Started: 22:47:48.996828 Duration: 29.268 ms Changes: ---------- diff: New file mode: 0644 ---------- ID: haproxy-service Function: service.running Name: haproxy Result: False Comment: Running scope as unit run-9252.scope. Job for haproxy.service failed because the control process exited with error code. See "systemctl status haproxy.service" and "journalctl -xe" for details. Started: 22:47:49.225110 Duration: 52.381 ms Changes: Summary for mcw03 ------------- Succeeded: 14 (changed=2) Failed: 1 ------------- Total states run: 15 Total run time: 1.938 s ERROR: Minions returned with non-zero exit code [root@mcw01 src]#
发现错误,缺少文件
[root@mcw03 src]# /etc/rc.d/init.d/haproxy start
Starting haproxy (via systemctl): Job for haproxy.service failed because the control process exited with error code. See "systemctl status haproxy.service" and "journalctl -xe" for details.
[FAILED]
[root@mcw03 src]# systemctl status haproxy.service
● haproxy.service - SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments.
Loaded: loaded (/etc/rc.d/init.d/haproxy; bad; vendor preset: disabled)
Active: failed (Result: exit-code) since Tue 2024-01-23 23:20:45 CST; 12s ago
Docs: man:systemd-sysv-generator(8)
Process: 10525 ExecStart=/etc/rc.d/init.d/haproxy start (code=exited, status=1/FAILURE)
Jan 23 23:20:45 mcw03 systemd[1]: Starting SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments....
Jan 23 23:20:45 mcw03 haproxy[10525]: /etc/rc.d/init.d/haproxy: line 26: [: =: unary operator expected
Jan 23 23:20:45 mcw03 haproxy[10525]: /etc/rc.d/init.d/haproxy: line 40: /usr/sbin/haproxy: No such file or directory
Jan 23 23:20:45 mcw03 systemd[1]: haproxy.service: control process exited, code=exited status=1
Jan 23 23:20:45 mcw03 haproxy[10525]: Errors found in configuration file, check it with 'haproxy check'.
Jan 23 23:20:45 mcw03 systemd[1]: Failed to start SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments..
Jan 23 23:20:45 mcw03 systemd[1]: Unit haproxy.service entered failed state.
Jan 23 23:20:45 mcw03 systemd[1]: haproxy.service failed.
[root@mcw03 src]
复制一份过去,然后手动启动,可以看到成功启动
[root@mcw03 src]# ls /usr/sbin/ha halt hardlink [root@mcw03 src]# ls /usr/local/ bin/ games/ include/ lib/ libexec/ node_exporter/ sbin/ src/ etc/ haproxy/ jdk/ lib64/ mysqld_exporter/ prometheus/ share/ [root@mcw03 src]# ls /usr/local/src/haproxy-1.5.19 haproxy-1.5.19/ haproxy-1.5.19.tar.gz [root@mcw03 src]# which haproxy /usr/bin/which: no haproxy in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin) [root@mcw03 src]# rpm -qa|grep haproxy [root@mcw03 src]# ls /usr/local/ bin etc games haproxy include jdk lib lib64 libexec mysqld_exporter node_exporter prometheus sbin share src [root@mcw03 src]# ls /usr/local/src/ haproxy-1.5.19 haproxy-1.5.19.tar.gz [root@mcw03 src]# ls /usr/local/src/haproxy-1.5.19 CHANGELOG contrib CONTRIBUTING doc ebtree examples haproxy haproxy-systemd-wrapper include LICENSE Makefile README ROADMAP src SUBVERS tests VERDATE VERSION [root@mcw03 src]# ls /usr/local/src/haproxy-1.5.19/haproxy /usr/local/src/haproxy-1.5.19/haproxy [root@mcw03 src]# cp /usr/local/src/haproxy-1.5.19/haproxy /usr/sbin/ [root@mcw03 src]# /etc/rc.d/init.d/haproxy start Starting haproxy (via systemctl): [ OK ] [root@mcw03 src]#
上面是手动改的,现在给salt加上这个步骤,不用手动改。先将服务停止
[root@mcw03 src]# /etc/init.d/haproxy stop Stopping haproxy (via systemctl): [ OK ] [root@mcw03 src]# /etc/init.d/haproxy status /etc/init.d/haproxy: line 26: [: =: unary operator expected ● haproxy.service - SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Loaded: loaded (/etc/rc.d/init.d/haproxy; bad; vendor preset: disabled) Active: inactive (dead) Docs: man:systemd-sysv-generator(8) Jan 23 23:20:45 mcw03 systemd[1]: Unit haproxy.service entered failed state. Jan 23 23:20:45 mcw03 systemd[1]: haproxy.service failed. Jan 23 23:23:33 mcw03 systemd[1]: Starting SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments.... Jan 23 23:23:33 mcw03 haproxy[10697]: /etc/rc.d/init.d/haproxy: line 26: [: =: unary operator expected Jan 23 23:23:33 mcw03 haproxy[10697]: Starting haproxy: [ OK ] Jan 23 23:23:33 mcw03 systemd[1]: Started SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments.. Jan 23 23:34:52 mcw03 systemd[1]: Stopping SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments.... Jan 23 23:34:52 mcw03 haproxy[11165]: /etc/rc.d/init.d/haproxy: line 26: [: =: unary operator expected Jan 23 23:34:52 mcw03 haproxy[11165]: Shutting down haproxy: [ OK ] Jan 23 23:34:52 mcw03 systemd[1]: Stopped SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments.. [root@mcw03 src]#
将目标主机的这个文件删除
[root@mcw03 src]# rm -rf /usr/sbin/haproxy
[root@mcw03 src]#
添加一个添加haproxy命令的配置
[root@mcw01 src]# vim /srv/salt/prod/cluster/haproxy-outside.sls [root@mcw01 src]# cat /srv/salt/prod/cluster/haproxy-outside.sls include: - haproxy.install haproxy: file.managed: - name: /usr/sbin/haproxy - source: salt://cluster/files/haproxy - user: root - group: root - mode: 755 haproxy-service: file.managed: - name: /etc/haproxy/haproxy.cfg - source: salt://cluster/files/haproxy-outside.cfg - user: root - group: root - mode: 644 service.running: - name: haproxy - enable: True - reload: True - require: - cmd: haproxy-init - file: haproxy - watch: - file: haproxy-service [root@mcw01 src]# cp /root/haproxy /srv/salt/prod/cluster/files/ [root@mcw01 src]#
master上执行成功
[root@mcw01 src]# salt mcw03 state.highstate mcw03: ---------- ID: pkg-init Function: pkg.installed Name: gcc Result: True Comment: All specified packages are already installed Started: 23:39:14.502776 Duration: 940.212 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: gcc-c++ Result: True Comment: All specified packages are already installed Started: 23:39:15.443234 Duration: 24.621 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: glibc Result: True Comment: All specified packages are already installed Started: 23:39:15.468037 Duration: 21.226 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: make Result: True Comment: All specified packages are already installed Started: 23:39:15.489413 Duration: 21.662 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: autoconf Result: True Comment: All specified packages are already installed Started: 23:39:15.511245 Duration: 26.949 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: openssl Result: True Comment: All specified packages are already installed Started: 23:39:15.538486 Duration: 33.289 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: openssl-devel Result: True Comment: All specified packages are already installed Started: 23:39:15.571954 Duration: 32.013 ms Changes: ---------- ID: haproxy-install Function: file.managed Name: /usr/local/src/haproxy-1.5.19.tar.gz Result: True Comment: File /usr/local/src/haproxy-1.5.19.tar.gz is in the correct state Started: 23:39:15.608014 Duration: 25.331 ms Changes: ---------- ID: haproxy-install Function: cmd.run Name: cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy Result: True Comment: unless condition is true Started: 23:39:15.634704 Duration: 598.874 ms Changes: ---------- ID: /etc/init.d/haproxy Function: file.managed Result: True Comment: File /etc/init.d/haproxy is in the correct state Started: 23:39:16.233983 Duration: 18.095 ms Changes: ---------- ID: net.ipv4.ip_nonlocal_bind Function: sysctl.present Result: True Comment: Sysctl value net.ipv4.ip_nonlocal_bind = 1 is already set Started: 23:39:16.252472 Duration: 13.377 ms Changes: ---------- ID: haproxy-config-dir Function: file.directory Name: /etc/haproxy Result: True Comment: The directory /etc/haproxy is in the correct state Started: 23:39:16.266183 Duration: 2.574 ms Changes: ---------- ID: haproxy-init Function: cmd.run Name: chkconfig --add haproxy Result: True Comment: unless condition is true Started: 23:39:16.269202 Duration: 15.923 ms Changes: ---------- ID: haproxy Function: file.managed Name: /usr/sbin/haproxy Result: True Comment: File /usr/sbin/haproxy updated Started: 23:39:16.285430 Duration: 125.112 ms Changes: ---------- diff: New file mode: 0755 ---------- ID: haproxy-service Function: file.managed Name: /etc/haproxy/haproxy.cfg Result: True Comment: File /etc/haproxy/haproxy.cfg is in the correct state Started: 23:39:16.410733 Duration: 10.156 ms Changes: ---------- ID: haproxy-service Function: service.running Name: haproxy Result: True Comment: Service haproxy has been enabled, and is running Started: 23:39:16.421692 Duration: 149.967 ms Changes: ---------- haproxy: True Summary for mcw03 ------------- Succeeded: 16 (changed=2) Failed: 0 ------------- Total states run: 16 Total run time: 2.059 s [root@mcw01 src]#
目标主机上查看,服务正常运行
[root@mcw03 src]# /etc/init.d/haproxy status /etc/init.d/haproxy: line 26: [: =: unary operator expected ● haproxy.service - SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Loaded: loaded (/etc/rc.d/init.d/haproxy; bad; vendor preset: disabled) Active: active (running) since Tue 2024-01-23 23:39:16 CST; 46s ago Docs: man:systemd-sysv-generator(8) Main PID: 11714 (haproxy) CGroup: /system.slice/haproxy.service └─11714 /usr/sbin/haproxy -D -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid Jan 23 23:39:16 mcw03 systemd[1]: Starting SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments.... Jan 23 23:39:16 mcw03 haproxy[11705]: /etc/rc.d/init.d/haproxy: line 26: [: =: unary operator expected Jan 23 23:39:16 mcw03 haproxy[11705]: Starting haproxy: [ OK ] Jan 23 23:39:16 mcw03 systemd[1]: Started SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments.. [root@mcw03 src]#
keepalived配置管理
软件包准备
https://www.keepalived.org/download.html
[root@mcw01 src]# ls haproxy-1.5.19 haproxy-1.5.19.tar.gz [root@mcw01 src]# wget https://www.keepalived.org/software/keepalived-1.2.17.tar.gz --2024-01-25 00:00:33-- https://www.keepalived.org/software/keepalived-1.2.17.tar.gz Resolving www.keepalived.org (www.keepalived.org)... 91.121.30.175, 2001:41d0:1:71af::1 Connecting to www.keepalived.org (www.keepalived.org)|91.121.30.175|:443... connected. ERROR: cannot verify www.keepalived.org's certificate, issued by ‘/C=US/O=Let's Encrypt/CN=R3’: Issued certificate has expired. To connect to www.keepalived.org insecurely, use `--no-check-certificate'. [root@mcw01 src]# wget https://www.keepalived.org/software/keepalived-1.2.17.tar.gz --no-check-certificate --2024-01-25 00:00:45-- https://www.keepalived.org/software/keepalived-1.2.17.tar.gz Resolving www.keepalived.org (www.keepalived.org)... 91.121.30.175, 2001:41d0:1:71af::1 Connecting to www.keepalived.org (www.keepalived.org)|91.121.30.175|:443... connected. WARNING: cannot verify www.keepalived.org's certificate, issued by ‘/C=US/O=Let's Encrypt/CN=R3’: Issued certificate has expired. HTTP request sent, awaiting response... 200 OK Length: 368827 (360K) [application/octet-stream] Saving to: ‘keepalived-1.2.17.tar.gz’ 100%[===============================================================================================================================================>] 368,827 676KB/s in 0.5s 2024-01-25 00:00:46 (676 KB/s) - ‘keepalived-1.2.17.tar.gz’ saved [368827/368827] [root@mcw01 src]# ls haproxy-1.5.19 haproxy-1.5.19.tar.gz keepalived-1.2.17.tar.gz [root@mcw01 src]# tar xf keepalived-1.2.17.tar.gz [root@mcw01 src]# ls haproxy-1.5.19 haproxy-1.5.19.tar.gz keepalived-1.2.17 keepalived-1.2.17.tar.gz [root@mcw01 src]# cd keepalived-1.2.17/ [root@mcw01 keepalived-1.2.17]# ls AUTHOR bin ChangeLog configure configure.in CONTRIBUTORS COPYING doc genhash INSTALL install-sh keepalived keepalived.spec.in lib Makefile.in README TODO VERSION [root@mcw01 keepalived-1.2.17]# tree /srv/salt/prod/ /srv/salt/prod/ ├── cluster │ ├── files │ │ ├── haproxy │ │ └── haproxy-outside.cfg │ └── haproxy-outside.sls ├── haproxy │ ├── files │ │ ├── haproxy-1.5.19.tar.gz │ │ └── haproxy.init │ └── install.sls ├── keepalived │ └── files └── pkg └── pkg-init.sls 7 directories, 7 files [root@mcw01 keepalived-1.2.17]# cp keepalived/etc/init.d/keepalived.init /srv/salt/prod/keepalived/files/ [root@mcw01 keepalived-1.2.17]# cp keepalived/etc/init.d/keepalived.sysconfig /srv/salt/prod/keepalived/files/ [root@mcw01 keepalived-1.2.17]# ls /usr/local/ bin doc etc games include jdk Kibana_Hanization-master lib lib64 libexec python3 sbin share src [root@mcw01 keepalived-1.2.17]# grep "daemon keepadlived" /srv/salt/prod/keepalived/files/keepalived.init [root@mcw01 keepalived-1.2.17]# grep "daemon keepalived" /srv/salt/prod/keepalived/files/keepalived.init #因为是安装到下面指定目录,所以启动路径改成我们需要的路径 daemon keepalived ${KEEPALIVED_OPTIONS} [root@mcw01 keepalived-1.2.17]# vim /srv/salt/prod/keepalived/files/keepalived.init [root@mcw01 keepalived-1.2.17]# grep "daemon " /srv/salt/prod/keepalived/files/keepalived.init daemon /usr/local/keepalived/sbin/keepalived ${KEEPALIVED_OPTIONS} [root@mcw01 keepalived-1.2.17]#
查看文件
[root@mcw01 keepalived]# tree /srv/salt/prod/ /srv/salt/prod/ ├── cluster │ ├── files │ │ ├── haproxy │ │ ├── haproxy-outside.cfg │ │ └── haproxy-outside-keepalived.conf │ ├── haproxy-outside-keepalived.sls │ └── haproxy-outside.sls ├── haproxy │ ├── files │ │ ├── haproxy-1.5.19.tar.gz │ │ └── haproxy.init │ └── install.sls ├── keepalived │ ├── files │ │ ├── keepalived-1.2.17.tar.gz │ │ ├── keepalived.init │ │ └── keepalived.sysconfig │ └── install.sls └── pkg └── pkg-init.sls 7 directories, 13 files [root@mcw01 keepalived]# [root@mcw01 keepalived]# [root@mcw01 keepalived]# cat /srv/salt/prod/keepalived/install.sls keepalived-install: file.managed: - name: /usr/local/src/keepalived-1.2.17.tar.gz - source: salt://keepalived/files/keepalived-1.2.17.tar.gz - mode: 755 - user: root - group: root cmd.run: - name: cd /usr/local/src && tar zxf keepalived-1.2.17.tar.gz && cd keepalived-1.2.17 && ./configure --prefix=/user/local/keepalived --disable-fwmark && make && make install - unless: test -d /usr/local/keepalived - require: - file: keepalived-install /etc/sysconfig/keepalived: file.managed: - source: salt://keepalived/files/keepalived.sysconfig - mode: 644 - user: root - group: root /etc/init.d/keepalived: file.managed: - source: salt:/keepalived/files/keepalived.init - mode: 755 - user: root - group: root keepalived-init: cmd.run: - name: chkconfig --add keepalived - unless: chkconfig --list | grep keepalived - require: - file: /etc/init.d/keepalived /etc/keepalived: file.directory: - user: root - group: root [root@mcw01 keepalived]# cat /srv/salt/prod/cluster/files/haproxy-outside-keepalived.conf ! Configuration File for keepalived glabal_defs { notification_email { saltstack@example.com } notification_eamil_from keepalived@example.com smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id {{ ROUTEID }} } vrrp_instance haproxy_ha { state {{STATEID}} interface ens33 virtual_router_id 36 priority {{PRIORITYID}} advert_int 1 authentication { auth_type PASS auth_pass 111 } virtual_ipaddress { 10.0.0.99 } } [root@mcw01 keepalived]# cat /srv/salt/prod/cluster/haproxy-outside.sls include: - haproxy.install haproxy: file.managed: - name: /usr/sbin/haproxy - source: salt://cluster/files/haproxy - user: root - group: root - mode: 755 haproxy-service: file.managed: - name: /etc/haproxy/haproxy.cfg - source: salt://cluster/files/haproxy-outside.cfg - user: root - group: root - mode: 644 service.running: - name: haproxy - enable: True - reload: True - require: - cmd: haproxy-init - file: haproxy - watch: - file: haproxy-service [root@mcw01 keepalived]# cat /srv/salt/base/top.sls base: #'*': # - init.env_init 'mcw03': - cluster.haproxy-outside - cluster.haproxy-outside-keepalived 'mcw02': - cluster.haproxy-outside - cluster.haproxy-outside-keepalived #prod: # '*': # - [root@mcw01 keepalived]# tree /srv/salt/prod/cluster/ /srv/salt/prod/cluster/ ├── files │ ├── haproxy │ ├── haproxy-outside.cfg │ └── haproxy-outside-keepalived.conf ├── haproxy-outside-keepalived.sls └── haproxy-outside.sls 1 directory, 5 files [root@mcw01 keepalived]#
[root@mcw01 mcw02]# cat /srv/salt/prod/cluster/haproxy-outside-keepalived.sls include: - keepalived.install keepalived-server: file.managed: - name: /etc/keepalived/keepalived.conf - source: salt://cluster/files/haproxy-outside-keepalived.conf - mode: 644 - user: root - group: root - template: jinja {% if grains['fqdn'] == 'mcw02' %} - ROUTEID: haproxy_ha - STARTID: MASTER - PRIORITYID: 150 {% elif grains['fqdn'] == 'mcw03' %} - ROUTEID: haproxy_ha - STARTID: BACKUP - PRIORITYID: 100 {% endif %} service.running: - name: keepalived - enable: True - watch: - file: keepalived-server [root@mcw01 mcw02]#
测试通过
[root@mcw01 mcw02]# salt -L 'mcw02,mcw03' state.highstate test=True mcw03: ---------- ID: pkg-init Function: pkg.installed Name: gcc Result: True Comment: All specified packages are already installed Started: 01:46:40.282390 Duration: 959.569 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: gcc-c++ Result: True Comment: All specified packages are already installed Started: 01:46:41.242237 Duration: 23.914 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: glibc Result: True Comment: All specified packages are already installed Started: 01:46:41.266348 Duration: 31.227 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: make Result: True Comment: All specified packages are already installed Started: 01:46:41.297742 Duration: 36.202 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: autoconf Result: True Comment: All specified packages are already installed Started: 01:46:41.334529 Duration: 69.075 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: openssl Result: True Comment: All specified packages are already installed Started: 01:46:41.404036 Duration: 40.938 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: openssl-devel Result: True Comment: All specified packages are already installed Started: 01:46:41.445376 Duration: 41.017 ms Changes: ---------- ID: haproxy-install Function: file.managed Name: /usr/local/src/haproxy-1.5.19.tar.gz Result: True Comment: The file /usr/local/src/haproxy-1.5.19.tar.gz is in the correct state Started: 01:46:41.491824 Duration: 19.868 ms Changes: ---------- ID: haproxy-install Function: cmd.run Name: cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy Result: True Comment: unless condition is true Started: 01:46:41.512879 Duration: 603.512 ms Changes: ---------- ID: /etc/init.d/haproxy Function: file.managed Result: True Comment: The file /etc/init.d/haproxy is in the correct state Started: 01:46:42.116843 Duration: 6.994 ms Changes: ---------- ID: net.ipv4.ip_nonlocal_bind Function: sysctl.present Result: True Comment: Sysctl value net.ipv4.ip_nonlocal_bind = 1 is already set Started: 01:46:42.123994 Duration: 10.658 ms Changes: ---------- ID: haproxy-config-dir Function: file.directory Name: /etc/haproxy Result: True Comment: The directory /etc/haproxy is in the correct state Started: 01:46:42.134854 Duration: 1.702 ms Changes: ---------- ID: haproxy-init Function: cmd.run Name: chkconfig --add haproxy Result: True Comment: unless condition is true Started: 01:46:42.137149 Duration: 23.376 ms Changes: ---------- ID: haproxy Function: file.managed Name: /usr/sbin/haproxy Result: True Comment: The file /usr/sbin/haproxy is in the correct state Started: 01:46:42.160946 Duration: 12.376 ms Changes: ---------- ID: haproxy-service Function: file.managed Name: /etc/haproxy/haproxy.cfg Result: True Comment: The file /etc/haproxy/haproxy.cfg is in the correct state Started: 01:46:42.173660 Duration: 6.874 ms Changes: ---------- ID: haproxy-service Function: service.running Name: haproxy Result: True Comment: The service haproxy is already running Started: 01:46:42.181795 Duration: 35.496 ms Changes: ---------- ID: keepalived-install Function: file.managed Name: /usr/local/src/keepalived-1.2.17.tar.gz Result: None Comment: The file /usr/local/src/keepalived-1.2.17.tar.gz is set to be changed Note: No changes made, actual changes may be different due to other states. Started: 01:46:42.217774 Duration: 10.788 ms Changes: ---------- newfile: /usr/local/src/keepalived-1.2.17.tar.gz ---------- ID: keepalived-install Function: cmd.run Name: cd /usr/local/src && tar zxf keepalived-1.2.17.tar.gz && cd keepalived-1.2.17 && ./configure --prefix=/user/local/keepalived --disable-fwmark && make && make install Result: None Comment: Command "cd /usr/local/src && tar zxf keepalived-1.2.17.tar.gz && cd keepalived-1.2.17 && ./configure --prefix=/user/local/keepalived --disable-fwmark && make && make install" would have been executed Started: 01:46:42.229281 Duration: 20.871 ms Changes: ---------- ID: /etc/sysconfig/keepalived Function: file.managed Result: None Comment: The file /etc/sysconfig/keepalived is set to be changed Note: No changes made, actual changes may be different due to other states. Started: 01:46:42.250592 Duration: 7.709 ms Changes: ---------- newfile: /etc/sysconfig/keepalived ---------- ID: /etc/init.d/keepalived Function: file.managed Result: None Comment: The file /etc/init.d/keepalived is set to be changed Note: No changes made, actual changes may be different due to other states. Started: 01:46:42.258484 Duration: 5.565 ms Changes: ---------- newfile: /etc/init.d/keepalived ---------- ID: keepalived-init Function: cmd.run Name: chkconfig --add keepalived Result: None Comment: Command "chkconfig --add keepalived" would have been executed Started: 01:46:42.264632 Duration: 29.862 ms Changes: ---------- ID: /etc/keepalived Function: file.directory Result: None Comment: The following files will be changed: /etc/keepalived: directory - new Started: 01:46:42.295033 Duration: 4.475 ms Changes: ---------- /etc/keepalived: ---------- directory: new ---------- ID: keepalived-server Function: file.managed Name: /etc/keepalived/keepalived.conf Result: None Comment: The file /etc/keepalived/keepalived.conf is set to be changed Note: No changes made, actual changes may be different due to other states. Started: 01:46:42.299672 Duration: 20.725 ms Changes: ---------- newfile: /etc/keepalived/keepalived.conf ---------- ID: keepalived-server Function: service.running Name: keepalived Result: None Comment: Service is set to be started Started: 01:46:42.332139 Duration: 11.527 ms Changes: Summary for mcw03 ------------- Succeeded: 24 (unchanged=8, changed=5) Failed: 0 ------------- Total states run: 24 Total run time: 2.034 s mcw02: ---------- ID: pkg-init Function: pkg.installed Name: gcc Result: True Comment: All specified packages are already installed Started: 01:46:40.533683 Duration: 1195.472 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: gcc-c++ Result: True Comment: All specified packages are already installed Started: 01:46:41.729530 Duration: 23.885 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: glibc Result: True Comment: All specified packages are already installed Started: 01:46:41.753645 Duration: 33.878 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: make Result: True Comment: All specified packages are already installed Started: 01:46:41.787686 Duration: 34.503 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: autoconf Result: True Comment: All specified packages are already installed Started: 01:46:41.822451 Duration: 24.02 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: openssl Result: True Comment: All specified packages are already installed Started: 01:46:41.846726 Duration: 25.317 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: openssl-devel Result: True Comment: All specified packages are already installed Started: 01:46:41.872226 Duration: 24.18 ms Changes: ---------- ID: haproxy-install Function: file.managed Name: /usr/local/src/haproxy-1.5.19.tar.gz Result: None Comment: The file /usr/local/src/haproxy-1.5.19.tar.gz is set to be changed Note: No changes made, actual changes may be different due to other states. Started: 01:46:41.900398 Duration: 25.106 ms Changes: ---------- newfile: /usr/local/src/haproxy-1.5.19.tar.gz ---------- ID: haproxy-install Function: cmd.run Name: cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy Result: None Comment: Command "cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy" would have been executed Started: 01:46:41.928434 Duration: 717.738 ms Changes: ---------- ID: /etc/init.d/haproxy Function: file.managed Result: None Comment: The file /etc/init.d/haproxy is set to be changed Note: No changes made, actual changes may be different due to other states. Started: 01:46:42.646565 Duration: 6.112 ms Changes: ---------- newfile: /etc/init.d/haproxy ---------- ID: net.ipv4.ip_nonlocal_bind Function: sysctl.present Result: None Comment: Sysctl option net.ipv4.ip_nonlocal_bind set to be changed to 1 Started: 01:46:42.652846 Duration: 20.61 ms Changes: ---------- ID: haproxy-config-dir Function: file.directory Name: /etc/haproxy Result: None Comment: The following files will be changed: /etc/haproxy: directory - new Started: 01:46:42.674006 Duration: 8.439 ms Changes: ---------- /etc/haproxy: ---------- directory: new ---------- ID: haproxy-init Function: cmd.run Name: chkconfig --add haproxy Result: None Comment: Command "chkconfig --add haproxy" would have been executed Started: 01:46:42.683574 Duration: 106.019 ms Changes: ---------- ID: haproxy Function: file.managed Name: /usr/sbin/haproxy Result: None Comment: The file /usr/sbin/haproxy is set to be changed Note: No changes made, actual changes may be different due to other states. Started: 01:46:42.789817 Duration: 39.857 ms Changes: ---------- newfile: /usr/sbin/haproxy ---------- ID: haproxy-service Function: file.managed Name: /etc/haproxy/haproxy.cfg Result: None Comment: The file /etc/haproxy/haproxy.cfg is set to be changed Note: No changes made, actual changes may be different due to other states. Started: 01:46:42.829836 Duration: 63.699 ms Changes: ---------- newfile: /etc/haproxy/haproxy.cfg ---------- ID: haproxy-service Function: service.running Name: haproxy Result: None Comment: Service is set to be started Started: 01:46:42.907094 Duration: 35.839 ms Changes: ---------- ID: keepalived-install Function: file.managed Name: /usr/local/src/keepalived-1.2.17.tar.gz Result: None Comment: The file /usr/local/src/keepalived-1.2.17.tar.gz is set to be changed Note: No changes made, actual changes may be different due to other states. Started: 01:46:42.943212 Duration: 14.595 ms Changes: ---------- newfile: /usr/local/src/keepalived-1.2.17.tar.gz ---------- ID: keepalived-install Function: cmd.run Name: cd /usr/local/src && tar zxf keepalived-1.2.17.tar.gz && cd keepalived-1.2.17 && ./configure --prefix=/user/local/keepalived --disable-fwmark && make && make install Result: None Comment: Command "cd /usr/local/src && tar zxf keepalived-1.2.17.tar.gz && cd keepalived-1.2.17 && ./configure --prefix=/user/local/keepalived --disable-fwmark && make && make install" would have been executed Started: 01:46:42.958386 Duration: 42.407 ms Changes: ---------- ID: /etc/sysconfig/keepalived Function: file.managed Result: None Comment: The file /etc/sysconfig/keepalived is set to be changed Note: No changes made, actual changes may be different due to other states. Started: 01:46:43.001234 Duration: 31.827 ms Changes: ---------- newfile: /etc/sysconfig/keepalived ---------- ID: /etc/init.d/keepalived Function: file.managed Result: None Comment: The file /etc/init.d/keepalived is set to be changed Note: No changes made, actual changes may be different due to other states. Started: 01:46:43.033374 Duration: 48.859 ms Changes: ---------- newfile: /etc/init.d/keepalived ---------- ID: keepalived-init Function: cmd.run Name: chkconfig --add keepalived Result: None Comment: Command "chkconfig --add keepalived" would have been executed Started: 01:46:43.083779 Duration: 27.519 ms Changes: ---------- ID: /etc/keepalived Function: file.directory Result: None Comment: The following files will be changed: /etc/keepalived: directory - new Started: 01:46:43.111741 Duration: 4.287 ms Changes: ---------- /etc/keepalived: ---------- directory: new ---------- ID: keepalived-server Function: file.managed Name: /etc/keepalived/keepalived.conf Result: None Comment: The file /etc/keepalived/keepalived.conf is set to be changed Note: No changes made, actual changes may be different due to other states. Started: 01:46:43.116411 Duration: 84.637 ms Changes: ---------- newfile: /etc/keepalived/keepalived.conf ---------- ID: keepalived-server Function: service.running Name: keepalived Result: None Comment: Service is set to be started Started: 01:46:43.293330 Duration: 61.269 ms Changes: Summary for mcw02 ------------- Succeeded: 24 (unchanged=17, changed=10) Failed: 0 ------------- Total states run: 24 Total run time: 2.700 s [root@mcw01 mcw02]#
执行报错,缺少某个启动文件
[root@mcw01 mcw02]# [root@mcw01 mcw02]# salt -L 'mcw02,mcw03' state.highstate mcw03: ---------- ID: pkg-init Function: pkg.installed Name: gcc Result: True Comment: All specified packages are already installed Started: 01:49:35.484492 Duration: 2177.553 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: gcc-c++ Result: True Comment: All specified packages are already installed Started: 01:49:37.662398 Duration: 42.23 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: glibc Result: True Comment: All specified packages are already installed Started: 01:49:37.704784 Duration: 51.958 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: make Result: True Comment: All specified packages are already installed Started: 01:49:37.757097 Duration: 44.407 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: autoconf Result: True Comment: All specified packages are already installed Started: 01:49:37.801877 Duration: 40.599 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: openssl Result: True Comment: All specified packages are already installed Started: 01:49:37.842824 Duration: 52.336 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: openssl-devel Result: True Comment: All specified packages are already installed Started: 01:49:37.895326 Duration: 100.169 ms Changes: ---------- ID: haproxy-install Function: file.managed Name: /usr/local/src/haproxy-1.5.19.tar.gz Result: True Comment: File /usr/local/src/haproxy-1.5.19.tar.gz is in the correct state Started: 01:49:38.000276 Duration: 63.132 ms Changes: ---------- ID: haproxy-install Function: cmd.run Name: cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy Result: True Comment: unless condition is true Started: 01:49:38.066695 Duration: 1013.114 ms Changes: ---------- ID: /etc/init.d/haproxy Function: file.managed Result: True Comment: File /etc/init.d/haproxy is in the correct state Started: 01:49:39.081008 Duration: 19.596 ms Changes: ---------- ID: net.ipv4.ip_nonlocal_bind Function: sysctl.present Result: True Comment: Sysctl value net.ipv4.ip_nonlocal_bind = 1 is already set Started: 01:49:39.100935 Duration: 24.155 ms Changes: ---------- ID: haproxy-config-dir Function: file.directory Name: /etc/haproxy Result: True Comment: The directory /etc/haproxy is in the correct state Started: 01:49:39.125755 Duration: 4.695 ms Changes: ---------- ID: haproxy-init Function: cmd.run Name: chkconfig --add haproxy Result: True Comment: unless condition is true Started: 01:49:39.131780 Duration: 42.08 ms Changes: ---------- ID: haproxy Function: file.managed Name: /usr/sbin/haproxy Result: True Comment: File /usr/sbin/haproxy is in the correct state Started: 01:49:39.174823 Duration: 41.173 ms Changes: ---------- ID: haproxy-service Function: file.managed Name: /etc/haproxy/haproxy.cfg Result: True Comment: File /etc/haproxy/haproxy.cfg is in the correct state Started: 01:49:39.216337 Duration: 20.643 ms Changes: ---------- ID: haproxy-service Function: service.running Name: haproxy Result: True Comment: The service haproxy is already running Started: 01:49:39.239061 Duration: 36.84 ms Changes: ---------- ID: keepalived-install Function: file.managed Name: /usr/local/src/keepalived-1.2.17.tar.gz Result: True Comment: File /usr/local/src/keepalived-1.2.17.tar.gz updated Started: 01:49:39.276193 Duration: 36.023 ms Changes: ---------- diff: New file mode: 0755 ---------- ID: keepalived-install Function: cmd.run Name: cd /usr/local/src && tar zxf keepalived-1.2.17.tar.gz && cd keepalived-1.2.17 && ./configure --prefix=/user/local/keepalived --disable-fwmark && make && make install Result: True Comment: Command "cd /usr/local/src && tar zxf keepalived-1.2.17.tar.gz && cd keepalived-1.2.17 && ./configure --prefix=/user/local/keepalived --disable-fwmark && make && make install" run Started: 01:49:39.313341 Duration: 16880.229 ms Changes: ---------- pid: 128302 retcode: 0 stderr: configure: WARNING: keepalived will be built without libnl support. ar: creating libipvs.a stdout: checking for gcc... gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ISO C89... none needed checking for a BSD-compatible install... /usr/bin/install -c checking for strip... strip checking how to run the C preprocessor... gcc -E checking for grep that handles long lines and -e... /usr/bin/grep checking for egrep... /usr/bin/grep -E checking for ANSI C header files... yes checking for sys/wait.h that is POSIX.1 compatible... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking fcntl.h usability... yes checking fcntl.h presence... yes checking for fcntl.h... yes checking syslog.h usability... yes checking syslog.h presence... yes checking for syslog.h... yes checking for unistd.h... (cached) yes checking sys/ioctl.h usability... yes checking sys/ioctl.h presence... yes checking for sys/ioctl.h... yes checking sys/time.h usability... yes checking sys/time.h presence... yes checking for sys/time.h... yes checking openssl/ssl.h usability... yes checking openssl/ssl.h presence... yes checking for openssl/ssl.h... yes checking openssl/md5.h usability... yes checking openssl/md5.h presence... yes checking for openssl/md5.h... yes checking openssl/err.h usability... yes checking openssl/err.h presence... yes checking for openssl/err.h... yes checking whether ETHERTYPE_IPV6 is declared... yes checking for crypt in -lcrypt... yes checking for MD5_Init in -lcrypto... yes checking for SSL_CTX_new in -lssl... yes checking for nl_socket_alloc in -lnl-3... no checking for nl_socket_modify_cb in -lnl... no checking for kernel version... 3.10.0 checking for IPVS syncd support... yes checking for kernel macvlan support... yes checking for an ANSI C-conforming const... yes checking for pid_t... yes checking whether time.h and sys/time.h may both be included... yes checking whether gcc needs -traditional... no checking for working memcmp... yes checking return type of signal handlers... void checking for gettimeofday... yes checking for select... yes checking for socket... yes checking for strerror... yes checking for strtol... yes checking for uname... yes configure: creating ./config.status config.status: creating Makefile config.status: creating genhash/Makefile config.status: creating keepalived/core/Makefile config.status: creating lib/config.h config.status: creating keepalived.spec config.status: creating keepalived/Makefile config.status: creating lib/Makefile config.status: creating keepalived/vrrp/Makefile config.status: creating keepalived/check/Makefile config.status: creating keepalived/libipvs-2.6/Makefile Keepalived configuration ------------------------ Keepalived version : 1.2.17 Compiler : gcc Compiler flags : -g -O2 Extra Lib : -lssl -lcrypto -lcrypt Use IPVS Framework : Yes IPVS sync daemon support : Yes IPVS use libnl : No fwmark socket support : No Use VRRP Framework : Yes Use VRRP VMAC : Yes SNMP support : No SHA1 support : No Use Debug flags : No make -C lib || exit 1; make[1]: Entering directory `/usr/local/src/keepalived-1.2.17/lib' gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c memory.c gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c utils.c gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c notify.c gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c timer.c gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c scheduler.c gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c vector.c gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c list.c gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c html.c gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c parser.c gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c signals.c gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c logger.c gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c list_head.c gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c buffer.c gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c command.c gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c vty.c make[1]: Leaving directory `/usr/local/src/keepalived-1.2.17/lib' make -C keepalived make[1]: Entering directory `/usr/local/src/keepalived-1.2.17/keepalived' make[2]: Entering directory `/usr/local/src/keepalived-1.2.17/keepalived/core' gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c main.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c daemon.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c pidfile.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c layer4.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c smtp.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c global_data.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c global_parser.c make[2]: Leaving directory `/usr/local/src/keepalived-1.2.17/keepalived/core' make[2]: Entering directory `/usr/local/src/keepalived-1.2.17/keepalived/check' gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c check_daemon.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c check_data.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c check_parser.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c check_api.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c check_tcp.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c check_http.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c check_ssl.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c check_smtp.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c check_misc.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c ipwrapper.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c ipvswrapper.c make[2]: Leaving directory `/usr/local/src/keepalived-1.2.17/keepalived/check' make[2]: Entering directory `/usr/local/src/keepalived-1.2.17/keepalived/vrrp' gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_daemon.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_print.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_data.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_parser.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_notify.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_scheduler.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_sync.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_index.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_netlink.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_arp.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_if.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_track.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_ipaddress.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_iproute.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_ipsecah.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_ndisc.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_vmac.c make[2]: Leaving directory `/usr/local/src/keepalived-1.2.17/keepalived/vrrp' make[2]: Entering directory `/usr/local/src/keepalived-1.2.17/keepalived/libipvs-2.6' gcc -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -DLIBIPVS_DONTUSE_NL -Wall -Wunused -c -o libipvs.o libipvs.c gcc -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -DLIBIPVS_DONTUSE_NL -Wall -Wunused -c -o ip_vs_nl_policy.o ip_vs_nl_policy.c ar rv libipvs.a libipvs.o ip_vs_nl_policy.o a - libipvs.o a - ip_vs_nl_policy.o rm libipvs.o ip_vs_nl_policy.o make[2]: Leaving directory `/usr/local/src/keepalived-1.2.17/keepalived/libipvs-2.6' Building ../bin/keepalived strip ../bin/keepalived Make complete make[1]: Leaving directory `/usr/local/src/keepalived-1.2.17/keepalived' make -C genhash make[1]: Entering directory `/usr/local/src/keepalived-1.2.17/genhash' gcc -I../lib -g -O2 -D_WITHOUT_SO_MARK_ -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -c -o main.o main.c gcc -I../lib -g -O2 -D_WITHOUT_SO_MARK_ -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -c -o sock.o sock.c gcc -I../lib -g -O2 -D_WITHOUT_SO_MARK_ -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -c -o layer4.o layer4.c gcc -I../lib -g -O2 -D_WITHOUT_SO_MARK_ -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -c -o http.o http.c gcc -I../lib -g -O2 -D_WITHOUT_SO_MARK_ -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -c -o ssl.o ssl.c Building ../bin/genhash strip ../bin/genhash Make complete make[1]: Leaving directory `/usr/local/src/keepalived-1.2.17/genhash' Make complete make -C keepalived install make[1]: Entering directory `/usr/local/src/keepalived-1.2.17/keepalived' install -d /user/local/keepalived/sbin install -m 700 ../bin/keepalived /user/local/keepalived/sbin/ install -d /user/local/keepalived/etc/rc.d/init.d install -m 755 etc/init.d/keepalived.init /user/local/keepalived/etc/rc.d/init.d/keepalived install -d /user/local/keepalived/etc/sysconfig install -m 644 etc/init.d/keepalived.sysconfig /user/local/keepalived/etc/sysconfig/keepalived install -d /user/local/keepalived/etc/keepalived/samples install -m 644 etc/keepalived/keepalived.conf /user/local/keepalived/etc/keepalived/ install -m 644 ../doc/samples/* /user/local/keepalived/etc/keepalived/samples/ install -d /user/local/keepalived/share/man/man5 install -d /user/local/keepalived/share/man/man8 install -m 644 ../doc/man/man5/keepalived.conf.5 /user/local/keepalived/share/man/man5 install -m 644 ../doc/man/man8/keepalived.8 /user/local/keepalived/share/man/man8 make[1]: Leaving directory `/usr/local/src/keepalived-1.2.17/keepalived' make -C genhash install make[1]: Entering directory `/usr/local/src/keepalived-1.2.17/genhash' install -d /user/local/keepalived/bin install -m 755 ../bin/genhash /user/local/keepalived/bin/ install -d /user/local/keepalived/share/man/man1 install -m 644 ../doc/man/man1/genhash.1 /user/local/keepalived/share/man/man1 make[1]: Leaving directory `/usr/local/src/keepalived-1.2.17/genhash' mkdir -p /usr/share/snmp/mibs/ cp -f doc/VRRP-MIB /usr/share/snmp/mibs/ cp -f doc/KEEPALIVED-MIB /usr/share/snmp/mibs/ ---------- ID: /etc/sysconfig/keepalived Function: file.managed Result: True Comment: File /etc/sysconfig/keepalived updated Started: 01:49:56.194085 Duration: 24.548 ms Changes: ---------- diff: New file mode: 0644 ---------- ID: /etc/init.d/keepalived Function: file.managed Result: True Comment: File /etc/init.d/keepalived updated Started: 01:49:56.219173 Duration: 26.57 ms Changes: ---------- diff: New file mode: 0755 ---------- ID: keepalived-init Function: cmd.run Name: chkconfig --add keepalived Result: True Comment: Command "chkconfig --add keepalived" run Started: 01:49:56.247446 Duration: 116.178 ms Changes: ---------- pid: 129689 retcode: 0 stderr: stdout: ---------- ID: /etc/keepalived Function: file.directory Result: True Comment: Started: 01:49:56.364156 Duration: 5.18 ms Changes: ---------- /etc/keepalived: ---------- directory: new ---------- ID: keepalived-server Function: file.managed Name: /etc/keepalived/keepalived.conf Result: True Comment: File /etc/keepalived/keepalived.conf updated Started: 01:49:56.369644 Duration: 24.391 ms Changes: ---------- diff: New file mode: 0644 ---------- ID: keepalived-server Function: service.running Name: keepalived Result: False Comment: Running scope as unit run-129727.scope. Job for keepalived.service failed because the control process exited with error code. See "systemctl status keepalived.service" and "journalctl -xe" for details. Started: 01:49:56.647439 Duration: 60.41 ms Changes: Summary for mcw03 ------------- Succeeded: 23 (changed=7) Failed: 1 ------------- Total states run: 24 Total run time: 20.948 s mcw02: ---------- ID: pkg-init Function: pkg.installed Name: gcc Result: True Comment: All specified packages are already installed Started: 01:49:36.147214 Duration: 2971.556 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: gcc-c++ Result: True Comment: All specified packages are already installed Started: 01:49:39.119106 Duration: 64.874 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: glibc Result: True Comment: All specified packages are already installed Started: 01:49:39.184586 Duration: 64.749 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: make Result: True Comment: All specified packages are already installed Started: 01:49:39.250001 Duration: 47.093 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: autoconf Result: True Comment: All specified packages are already installed Started: 01:49:39.297506 Duration: 44.491 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: openssl Result: True Comment: All specified packages are already installed Started: 01:49:39.342719 Duration: 55.146 ms Changes: ---------- ID: pkg-init Function: pkg.installed Name: openssl-devel Result: True Comment: All specified packages are already installed Started: 01:49:39.398257 Duration: 63.738 ms Changes: ---------- ID: haproxy-install Function: file.managed Name: /usr/local/src/haproxy-1.5.19.tar.gz Result: True Comment: File /usr/local/src/haproxy-1.5.19.tar.gz updated Started: 01:49:39.471701 Duration: 1305.964 ms Changes: ---------- diff: New file mode: 0755 ---------- ID: haproxy-install Function: cmd.run Name: cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy Result: True Comment: Command "cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy" run Started: 01:49:40.783093 Duration: 48751.066 ms Changes: ---------- pid: 82843 retcode: 0 stderr: stdout: gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" \ -DBUILD_TARGET='"linux26"' \ -DBUILD_ARCH='""' \ -DBUILD_CPU='"generic"' \ -DBUILD_CC='"gcc"' \ -DBUILD_CFLAGS='"-O2 -g -fno-strict-aliasing"' \ -DBUILD_OPTIONS='""' \ -c -o src/haproxy.o src/haproxy.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/sessionhash.o src/sessionhash.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/base64.o src/base64.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/protocol.o src/protocol.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/uri_auth.o src/uri_auth.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/standard.o src/standard.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/buffer.o src/buffer.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/log.o src/log.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/task.o src/task.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/chunk.o src/chunk.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/channel.o src/channel.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/listener.o src/listener.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/time.o src/time.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/fd.o src/fd.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/pipe.o src/pipe.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/regex.o src/regex.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/cfgparse.o src/cfgparse.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/server.o src/server.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/checks.o src/checks.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/queue.o src/queue.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/frontend.o src/frontend.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/proxy.o src/proxy.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/peers.o src/peers.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/arg.o src/arg.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/stick_table.o src/stick_table.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/proto_uxst.o src/proto_uxst.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/connection.o src/connection.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/proto_http.o src/proto_http.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/raw_sock.o src/raw_sock.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/appsession.o src/appsession.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/backend.o src/backend.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/lb_chash.o src/lb_chash.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/lb_fwlc.o src/lb_fwlc.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/lb_fwrr.o src/lb_fwrr.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/lb_map.o src/lb_map.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/lb_fas.o src/lb_fas.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/stream_interface.o src/stream_interface.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/dumpstats.o src/dumpstats.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/proto_tcp.o src/proto_tcp.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/session.o src/session.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/hdr_idx.o src/hdr_idx.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/ev_select.o src/ev_select.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/signal.o src/signal.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/acl.o src/acl.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/sample.o src/sample.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/memory.o src/memory.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/freq_ctr.o src/freq_ctr.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/auth.o src/auth.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/compression.o src/compression.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/payload.o src/payload.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/hash.o src/hash.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/pattern.o src/pattern.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/map.o src/map.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/ev_poll.o src/ev_poll.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/ev_epoll.o src/ev_epoll.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o ebtree/ebtree.o ebtree/ebtree.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o ebtree/eb32tree.o ebtree/eb32tree.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o ebtree/eb64tree.o ebtree/eb64tree.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o ebtree/ebmbtree.o ebtree/ebmbtree.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o ebtree/ebsttree.o ebtree/ebsttree.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o ebtree/ebimtree.o ebtree/ebimtree.c gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o ebtree/ebistree.o ebtree/ebistree.c gcc -g -o haproxy src/haproxy.o src/sessionhash.o src/base64.o src/protocol.o src/uri_auth.o src/standard.o src/buffer.o src/log.o src/task.o src/chunk.o src/channel.o src/listener.o src/time.o src/fd.o src/pipe.o src/regex.o src/cfgparse.o src/server.o src/checks.o src/queue.o src/frontend.o src/proxy.o src/peers.o src/arg.o src/stick_table.o src/proto_uxst.o src/connection.o src/proto_http.o src/raw_sock.o src/appsession.o src/backend.o src/lb_chash.o src/lb_fwlc.o src/lb_fwrr.o src/lb_map.o src/lb_fas.o src/stream_interface.o src/dumpstats.o src/proto_tcp.o src/session.o src/hdr_idx.o src/ev_select.o src/signal.o src/acl.o src/sample.o src/memory.o src/freq_ctr.o src/auth.o src/compression.o src/payload.o src/hash.o src/pattern.o src/map.o src/ev_poll.o src/ev_epoll.o ebtree/ebtree.o ebtree/eb32tree.o ebtree/eb64tree.o ebtree/ebmbtree.o ebtree/ebsttree.o ebtree/ebimtree.o ebtree/ebistree.o -lcrypt gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" \ -DSBINDIR='"/usr/local/haproxy/sbin"' \ -c -o src/haproxy-systemd-wrapper.o src/haproxy-systemd-wrapper.c gcc -g -o haproxy-systemd-wrapper src/haproxy-systemd-wrapper.o -lcrypt install -d "/usr/local/haproxy/sbin" install haproxy "/usr/local/haproxy/sbin" install -d "/usr/local/haproxy/share/man"/man1 install -m 644 doc/haproxy.1 "/usr/local/haproxy/share/man"/man1 install -d "/usr/local/haproxy/doc/haproxy" for x in configuration architecture haproxy-en haproxy-fr; do \ install -m 644 doc/$x.txt "/usr/local/haproxy/doc/haproxy" ; \ done ---------- ID: /etc/init.d/haproxy Function: file.managed Result: True Comment: File /etc/init.d/haproxy updated Started: 01:50:29.535183 Duration: 53.164 ms Changes: ---------- diff: New file mode: 0755 ---------- ID: net.ipv4.ip_nonlocal_bind Function: sysctl.present Result: True Comment: Updated sysctl value net.ipv4.ip_nonlocal_bind = 1 Started: 01:50:29.588848 Duration: 52.616 ms Changes: ---------- net.ipv4.ip_nonlocal_bind: 1 ---------- ID: haproxy-config-dir Function: file.directory Name: /etc/haproxy Result: True Comment: Started: 01:50:29.642121 Duration: 6.386 ms Changes: ---------- /etc/haproxy: ---------- directory: new ---------- ID: haproxy-init Function: cmd.run Name: chkconfig --add haproxy Result: True Comment: Command "chkconfig --add haproxy" run Started: 01:50:29.649848 Duration: 5568.311 ms Changes: ---------- pid: 83116 retcode: 0 stderr: stdout: ---------- ID: haproxy Function: file.managed Name: /usr/sbin/haproxy Result: True Comment: File /usr/sbin/haproxy updated Started: 01:50:35.218705 Duration: 148.676 ms Changes: ---------- diff: New file mode: 0755 ---------- ID: haproxy-service Function: file.managed Name: /etc/haproxy/haproxy.cfg Result: True Comment: File /etc/haproxy/haproxy.cfg updated Started: 01:50:35.367538 Duration: 19.605 ms Changes: ---------- diff: New file mode: 0644 ---------- ID: haproxy-service Function: service.running Name: haproxy Result: False Comment: Running scope as unit run-83165.scope. Job for haproxy.service failed because the control process exited with error code. See "systemctl status haproxy.service" and "journalctl -xe" for details. Started: 01:50:36.216065 Duration: 90.32 ms Changes: ---------- ID: keepalived-install Function: file.managed Name: /usr/local/src/keepalived-1.2.17.tar.gz Result: True Comment: File /usr/local/src/keepalived-1.2.17.tar.gz updated Started: 01:50:36.306696 Duration: 39.633 ms Changes: ---------- diff: New file mode: 0755 ---------- ID: keepalived-install Function: cmd.run Name: cd /usr/local/src && tar zxf keepalived-1.2.17.tar.gz && cd keepalived-1.2.17 && ./configure --prefix=/user/local/keepalived --disable-fwmark && make && make install Result: True Comment: Command "cd /usr/local/src && tar zxf keepalived-1.2.17.tar.gz && cd keepalived-1.2.17 && ./configure --prefix=/user/local/keepalived --disable-fwmark && make && make install" run Started: 01:50:36.347241 Duration: 18522.212 ms Changes: ---------- pid: 83185 retcode: 0 stderr: configure: WARNING: keepalived will be built without libnl support. ar: creating libipvs.a stdout: checking for gcc... gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ISO C89... none needed checking for a BSD-compatible install... /usr/bin/install -c checking for strip... strip checking how to run the C preprocessor... gcc -E checking for grep that handles long lines and -e... /usr/bin/grep checking for egrep... /usr/bin/grep -E checking for ANSI C header files... yes checking for sys/wait.h that is POSIX.1 compatible... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking fcntl.h usability... yes checking fcntl.h presence... yes checking for fcntl.h... yes checking syslog.h usability... yes checking syslog.h presence... yes checking for syslog.h... yes checking for unistd.h... (cached) yes checking sys/ioctl.h usability... yes checking sys/ioctl.h presence... yes checking for sys/ioctl.h... yes checking sys/time.h usability... yes checking sys/time.h presence... yes checking for sys/time.h... yes checking openssl/ssl.h usability... yes checking openssl/ssl.h presence... yes checking for openssl/ssl.h... yes checking openssl/md5.h usability... yes checking openssl/md5.h presence... yes checking for openssl/md5.h... yes checking openssl/err.h usability... yes checking openssl/err.h presence... yes checking for openssl/err.h... yes checking whether ETHERTYPE_IPV6 is declared... yes checking for crypt in -lcrypt... yes checking for MD5_Init in -lcrypto... yes checking for SSL_CTX_new in -lssl... yes checking for nl_socket_alloc in -lnl-3... no checking for nl_socket_modify_cb in -lnl... no checking for kernel version... 3.10.0 checking for IPVS syncd support... yes checking for kernel macvlan support... yes checking for an ANSI C-conforming const... yes checking for pid_t... yes checking whether time.h and sys/time.h may both be included... yes checking whether gcc needs -traditional... no checking for working memcmp... yes checking return type of signal handlers... void checking for gettimeofday... yes checking for select... yes checking for socket... yes checking for strerror... yes checking for strtol... yes checking for uname... yes configure: creating ./config.status config.status: creating Makefile config.status: creating genhash/Makefile config.status: creating keepalived/core/Makefile config.status: creating lib/config.h config.status: creating keepalived.spec config.status: creating keepalived/Makefile config.status: creating lib/Makefile config.status: creating keepalived/vrrp/Makefile config.status: creating keepalived/check/Makefile config.status: creating keepalived/libipvs-2.6/Makefile Keepalived configuration ------------------------ Keepalived version : 1.2.17 Compiler : gcc Compiler flags : -g -O2 Extra Lib : -lssl -lcrypto -lcrypt Use IPVS Framework : Yes IPVS sync daemon support : Yes IPVS use libnl : No fwmark socket support : No Use VRRP Framework : Yes Use VRRP VMAC : Yes SNMP support : No SHA1 support : No Use Debug flags : No make -C lib || exit 1; make[1]: Entering directory `/usr/local/src/keepalived-1.2.17/lib' gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c memory.c gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c utils.c gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c notify.c gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c timer.c gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c scheduler.c gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c vector.c gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c list.c gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c html.c gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c parser.c gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c signals.c gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c logger.c gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c list_head.c gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c buffer.c gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c command.c gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c vty.c make[1]: Leaving directory `/usr/local/src/keepalived-1.2.17/lib' make -C keepalived make[1]: Entering directory `/usr/local/src/keepalived-1.2.17/keepalived' make[2]: Entering directory `/usr/local/src/keepalived-1.2.17/keepalived/core' gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c main.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c daemon.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c pidfile.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c layer4.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c smtp.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c global_data.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c global_parser.c make[2]: Leaving directory `/usr/local/src/keepalived-1.2.17/keepalived/core' make[2]: Entering directory `/usr/local/src/keepalived-1.2.17/keepalived/check' gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c check_daemon.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c check_data.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c check_parser.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c check_api.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c check_tcp.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c check_http.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c check_ssl.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c check_smtp.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c check_misc.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c ipwrapper.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c ipvswrapper.c make[2]: Leaving directory `/usr/local/src/keepalived-1.2.17/keepalived/check' make[2]: Entering directory `/usr/local/src/keepalived-1.2.17/keepalived/vrrp' gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_daemon.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_print.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_data.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_parser.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_notify.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_scheduler.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_sync.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_index.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_netlink.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_arp.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_if.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_track.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_ipaddress.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_iproute.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_ipsecah.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_ndisc.c gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_vmac.c make[2]: Leaving directory `/usr/local/src/keepalived-1.2.17/keepalived/vrrp' make[2]: Entering directory `/usr/local/src/keepalived-1.2.17/keepalived/libipvs-2.6' gcc -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -DLIBIPVS_DONTUSE_NL -Wall -Wunused -c -o libipvs.o libipvs.c gcc -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -DLIBIPVS_DONTUSE_NL -Wall -Wunused -c -o ip_vs_nl_policy.o ip_vs_nl_policy.c ar rv libipvs.a libipvs.o ip_vs_nl_policy.o a - libipvs.o a - ip_vs_nl_policy.o rm libipvs.o ip_vs_nl_policy.o make[2]: Leaving directory `/usr/local/src/keepalived-1.2.17/keepalived/libipvs-2.6' Building ../bin/keepalived strip ../bin/keepalived Make complete make[1]: Leaving directory `/usr/local/src/keepalived-1.2.17/keepalived' make -C genhash make[1]: Entering directory `/usr/local/src/keepalived-1.2.17/genhash' gcc -I../lib -g -O2 -D_WITHOUT_SO_MARK_ -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -c -o main.o main.c gcc -I../lib -g -O2 -D_WITHOUT_SO_MARK_ -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -c -o sock.o sock.c gcc -I../lib -g -O2 -D_WITHOUT_SO_MARK_ -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -c -o layer4.o layer4.c gcc -I../lib -g -O2 -D_WITHOUT_SO_MARK_ -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -c -o http.o http.c gcc -I../lib -g -O2 -D_WITHOUT_SO_MARK_ -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -c -o ssl.o ssl.c Building ../bin/genhash strip ../bin/genhash Make complete make[1]: Leaving directory `/usr/local/src/keepalived-1.2.17/genhash' Make complete make -C keepalived install make[1]: Entering directory `/usr/local/src/keepalived-1.2.17/keepalived' install -d /user/local/keepalived/sbin install -m 700 ../bin/keepalived /user/local/keepalived/sbin/ install -d /user/local/keepalived/etc/rc.d/init.d install -m 755 etc/init.d/keepalived.init /user/local/keepalived/etc/rc.d/init.d/keepalived install -d /user/local/keepalived/etc/sysconfig install -m 644 etc/init.d/keepalived.sysconfig /user/local/keepalived/etc/sysconfig/keepalived install -d /user/local/keepalived/etc/keepalived/samples install -m 644 etc/keepalived/keepalived.conf /user/local/keepalived/etc/keepalived/ install -m 644 ../doc/samples/* /user/local/keepalived/etc/keepalived/samples/ install -d /user/local/keepalived/share/man/man5 install -d /user/local/keepalived/share/man/man8 install -m 644 ../doc/man/man5/keepalived.conf.5 /user/local/keepalived/share/man/man5 install -m 644 ../doc/man/man8/keepalived.8 /user/local/keepalived/share/man/man8 make[1]: Leaving directory `/usr/local/src/keepalived-1.2.17/keepalived' make -C genhash install make[1]: Entering directory `/usr/local/src/keepalived-1.2.17/genhash' install -d /user/local/keepalived/bin install -m 755 ../bin/genhash /user/local/keepalived/bin/ install -d /user/local/keepalived/share/man/man1 install -m 644 ../doc/man/man1/genhash.1 /user/local/keepalived/share/man/man1 make[1]: Leaving directory `/usr/local/src/keepalived-1.2.17/genhash' mkdir -p /usr/share/snmp/mibs/ cp -f doc/VRRP-MIB /usr/share/snmp/mibs/ cp -f doc/KEEPALIVED-MIB /usr/share/snmp/mibs/ ---------- ID: /etc/sysconfig/keepalived Function: file.managed Result: True Comment: File /etc/sysconfig/keepalived updated Started: 01:50:54.870569 Duration: 39.673 ms Changes: ---------- diff: New file mode: 0644 ---------- ID: /etc/init.d/keepalived Function: file.managed Result: True Comment: File /etc/init.d/keepalived updated Started: 01:50:54.910556 Duration: 23.857 ms Changes: ---------- diff: New file mode: 0755 ---------- ID: keepalived-init Function: cmd.run Name: chkconfig --add keepalived Result: True Comment: Command "chkconfig --add keepalived" run Started: 01:50:54.935930 Duration: 185.211 ms Changes: ---------- pid: 84572 retcode: 0 stderr: stdout: ---------- ID: /etc/keepalived Function: file.directory Result: True Comment: Started: 01:50:55.121590 Duration: 3.436 ms Changes: ---------- /etc/keepalived: ---------- directory: new ---------- ID: keepalived-server Function: file.managed Name: /etc/keepalived/keepalived.conf Result: True Comment: File /etc/keepalived/keepalived.conf updated Started: 01:50:55.125209 Duration: 32.225 ms Changes: ---------- diff: New file mode: 0644 ---------- ID: keepalived-server Function: service.running Name: keepalived Result: False Comment: Running scope as unit run-84609.scope. Job for keepalived.service failed because the control process exited with error code. See "systemctl status keepalived.service" and "journalctl -xe" for details. Started: 01:50:55.445060 Duration: 148.211 ms Changes: Summary for mcw02 ------------- Succeeded: 22 (changed=15) Failed: 2 ------------- Total states run: 24 Total run time: 78.302 s ERROR: Minions returned with non-zero exit code [root@mcw01 mcw02]#
查看状态,可以知道缺少这个文件,那么给这个文件复制一份或者是添加个软连接
[root@mcw03 src]# systemctl status keepalived.service ● keepalived.service - SYSV: Start and stop Keepalived Loaded: loaded (/etc/rc.d/init.d/keepalived; bad; vendor preset: disabled) Active: failed (Result: exit-code) since Fri 2024-01-26 01:49:56 CST; 32s ago Docs: man:systemd-sysv-generator(8) Process: 129729 ExecStart=/etc/rc.d/init.d/keepalived start (code=exited, status=1/FAILURE) Jan 26 01:49:56 mcw03 systemd[1]: Starting SYSV: Start and stop Keepalived... Jan 26 01:49:56 mcw03 keepalived[129729]: Starting keepalived: /bin/bash: /usr/local/keepalived/sbin/keepalived: No such file or directory Jan 26 01:49:56 mcw03 keepalived[129729]: [FAILED] Jan 26 01:49:56 mcw03 systemd[1]: keepalived.service: control process exited, code=exited status=1 Jan 26 01:49:56 mcw03 systemd[1]: Failed to start SYSV: Start and stop Keepalived. Jan 26 01:49:56 mcw03 systemd[1]: Unit keepalived.service entered failed state. Jan 26 01:49:56 mcw03 systemd[1]: keepalived.service failed. [root@mcw03 src]#
mcw03上面虽然启动失败,但是编译好了,命令文件是存在的,复制到mcw01
[root@mcw03 ~]# ls /usr/local/src/keepalived-1.2.17/bin/ genhash keepalived [root@mcw03 ~]# ls /usr/local/src/keepalived-1.2.17/bin/keepalived /usr/local/src/keepalived-1.2.17/bin/keepalived [root@mcw03 ~]# scp -rp /usr/local/src/keepalived-1.2.17/bin/keepalived 10.0.0.11:/root/ root@10.0.0.11's password: /usr/local/python3/bin/python3: Error while finding module specification for 'virtualenvwrapper.hook_loader' (ModuleNotFoundError: No module named 'virtualenvwrapper') virtualenvwrapper.sh: There was a problem running the initialization hooks. If Python could not import the module virtualenvwrapper.hook_loader, check that virtualenvwrapper has been installed for VIRTUALENVWRAPPER_PYTHON=/usr/local/python3/bin/python3 and that PATH is set properly. keepalived 100% 248KB 75.9MB/s 00:00 [root@mcw03 ~]#
MCW01上将keepalived复制到salt文件目录下
[root@mcw01 ~]# cp keepalived /srv/salt/prod/keepalived/files/ [root@mcw01 ~]# ls -lh /srv/salt/prod/keepalived/files/keepalived -rwxr-xr-x 1 root root 249K Jan 26 23:47 /srv/salt/prod/keepalived/files/keepalived [root@mcw01 ~]#
需要在服务运行之前,给添加keepalived,到对应的路径下。所以服务启动的时候也要写上这个文件复制过去之后,再运行
[root@mcw01 ~]# tree /srv/salt/prod/ /srv/salt/prod/ ├── cluster │ ├── files │ │ ├── haproxy │ │ ├── haproxy-outside.cfg │ │ └── haproxy-outside-keepalived.conf │ ├── haproxy-outside-keepalived.sls │ └── haproxy-outside.sls ├── haproxy │ ├── files │ │ ├── haproxy-1.5.19.tar.gz │ │ └── haproxy.init │ └── install.sls ├── keepalived │ ├── files │ │ ├── keepalived │ │ ├── keepalived-1.2.17.tar.gz │ │ ├── keepalived.init │ │ └── keepalived.sysconfig │ └── install.sls └── pkg └── pkg-init.sls 7 directories, 14 files [root@mcw01 ~]# vim /srv/salt/prod/keepalived/install.sls [root@mcw01 ~]# cat /srv/salt/prod/keepalived/install.sls keepalived-install: file.managed: - name: /usr/local/src/keepalived-1.2.17.tar.gz - source: salt://keepalived/files/keepalived-1.2.17.tar.gz - mode: 755 - user: root - group: root cmd.run: - name: cd /usr/local/src && tar zxf keepalived-1.2.17.tar.gz && cd keepalived-1.2.17 && ./configure --prefix=/user/local/keepalived --disable-fwmark && make && make install - unless: test -d /usr/local/keepalived - require: - file: keepalived-install /etc/sysconfig/keepalived: file.managed: - source: salt://keepalived/files/keepalived.sysconfig - mode: 644 - user: root - group: root /etc/init.d/keepalived: file.managed: - source: salt://keepalived/files/keepalived.init - mode: 755 - user: root - group: root keepalived-init: cmd.run: - name: chkconfig --add keepalived - unless: chkconfig --list | grep keepalived - require: - file: /etc/init.d/keepalived /etc/keepalived: file.directory: - user: root - group: root [root@mcw01 ~]# vim /srv/salt/prod/keepalived/install.sls [root@mcw01 ~]# cat /srv/salt/prod/keepalived/install.sls keepalived-install: file.managed: - name: /usr/local/src/keepalived-1.2.17.tar.gz - source: salt://keepalived/files/keepalived-1.2.17.tar.gz - mode: 755 - user: root - group: root cmd.run: - name: cd /usr/local/src && tar zxf keepalived-1.2.17.tar.gz && cd keepalived-1.2.17 && ./configure --prefix=/user/local/keepalived --disable-fwmark && make && make install - unless: test -d /usr/local/keepalived - require: - file: keepalived-install /etc/sysconfig/keepalived: file.managed: - source: salt://keepalived/files/keepalived.sysconfig - mode: 644 - user: root - group: root /etc/init.d/keepalived: file.managed: - source: salt://keepalived/files/keepalived.init - mode: 755 - user: root - group: root /usr/local/keepalived/sbin/keepalived: file.managed: - source: salt://keepalived/files/keepalived - mode: 755 - user: root - group: root keepalived-init: cmd.run: - name: chkconfig --add keepalived - unless: chkconfig --list | grep keepalived - require: - file: /etc/init.d/keepalived - file: /usr/local/keepalived/sbin/keepalived /etc/keepalived: file.directory: - user: root - group: root [root@mcw01 ~]#
执行后报错了:
Changes: ---------- ID: /usr/local/keepalived/sbin/keepalived Function: file.managed Result: False Comment: Parent directory not present Started: 00:19:10.345561 Duration: 23.055 ms Changes: ---------- ID: keepalived-init Function: cmd.run Name: chkconfig --add keepalived Result: False Comment: One or more requisite failed: keepalived.install./usr/local/keepalived/sbin/keepalived Started: 00:19:10.369491 Duration: 0.004 ms Changes: ---------- ID: /etc/keepalived
导致后面的服务也没有起来
---------- ID: keepalived-server Function: service.running Name: keepalived Result: False Comment: Running scope as unit run-5620.scope. Job for keepalived.service failed because the control process exited with error code. See "systemctl status keepalived.service" and "journalctl -xe" for details. Started: 00:19:10.386502 Duration: 46.448 ms Changes:
需要先将目录创建出来
[root@mcw03 ~]# ls /usr/local/
bin etc games haproxy include jdk lib lib64 libexec mysqld_exporter node_exporter prometheus sbin share src
[root@mcw03 ~]#
多级目录需要添加下面参数,不然报错没有目录
/path/to/parent/directory:
file.directory:
- makedirs: True
再次查看,我添加下面的配置,名字是随意起的,xiaoma。然后多级目录的创建。name就是要创建的目录名称。再后面的keepalived文件复制到这个目录下,就需要等待这个xiaoma结束,之所以两个不放在一起,会报错,报错类似于file重复吧,还是啥的
[root@mcw01 ~]# vim /srv/salt/prod/keepalived/install.sls [root@mcw01 ~]# cat /srv/salt/prod/keepalived/install.sls keepalived-install: file.managed: - name: /usr/local/src/keepalived-1.2.17.tar.gz - source: salt://keepalived/files/keepalived-1.2.17.tar.gz - mode: 755 - user: root - group: root cmd.run: - name: cd /usr/local/src && tar zxf keepalived-1.2.17.tar.gz && cd keepalived-1.2.17 && ./configure --prefix=/user/local/keepalived --disable-fwmark && make && make install - unless: test -d /usr/local/keepalived - require: - file: keepalived-install /etc/sysconfig/keepalived: file.managed: - source: salt://keepalived/files/keepalived.sysconfig - mode: 644 - user: root - group: root /etc/init.d/keepalived: file.managed: - source: salt://keepalived/files/keepalived.init - mode: 755 - user: root - group: root xiaoma: file.directory: - name: /usr/local/keepalived/sbin/ - makedirs: True /usr/local/keepalived/sbin/keepalived: file.managed: - source: salt://keepalived/files/keepalived - mode: 755 - user: root - group: root - reeuire: - file: xiaoma keepalived-init: cmd.run: - name: chkconfig --add keepalived - unless: chkconfig --list | grep keepalived - require: - file: /etc/init.d/keepalived - file: /usr/local/keepalived/sbin/keepalived /etc/keepalived: file.directory: - user: root - group: root [root@mcw01 ~]#
上面执行,之后,这里正常了
但是此时还是有一个报错,就是haproxy服务,在mcw02上没有起来的报错
---------- ID: haproxy-service Function: service.running Name: haproxy Result: False Comment: Running scope as unit run-7574.scope. Job for haproxy.service failed because the control process exited with error code. See "systemctl status haproxy.service" and "journalctl -xe" for details. Started: 00:38:58.614534 Duration: 39.239 ms Changes: ----------
之所以没有起来,是mcw02节点,80端口被nginx占用了,haproxy不能绑定80端口了
[root@mcw02 ~]# systemctl status haproxy.service ● haproxy.service - SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Loaded: loaded (/etc/rc.d/init.d/haproxy; bad; vendor preset: disabled) Active: failed (Result: exit-code) since Sat 2024-01-27 00:38:58 CST; 5min ago Docs: man:systemd-sysv-generator(8) Jan 27 00:38:58 mcw02 systemd[1]: Starting SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments.... Jan 27 00:38:58 mcw02 haproxy[7575]: /etc/rc.d/init.d/haproxy: line 26: [: =: unary operator expected Jan 27 00:38:58 mcw02 haproxy[7575]: Starting haproxy: [ALERT] 026/003858 (7583) : Starting frontend frontend_www_example_com: cannot bind socket [10.0.0.12:80] Jan 27 00:38:58 mcw02 haproxy[7575]: [FAILED] Jan 27 00:38:58 mcw02 systemd[1]: haproxy.service: control process exited, code=exited status=1 Jan 27 00:38:58 mcw02 systemd[1]: Failed to start SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments.. Jan 27 00:38:58 mcw02 systemd[1]: Unit haproxy.service entered failed state. Jan 27 00:38:58 mcw02 systemd[1]: haproxy.service failed. [root@mcw02 ~]# hostname -I 10.0.0.12 10.0.0.99 [root@mcw02 ~]# ss -lntup|grep 80 tcp LISTEN 0 511 *:80 *:* users:(("nginx",pid=1608,fd=8),("nginx",pid=1607,fd=8)) [root@mcw02 ~]#
这是我们zabbix的端口。那么换成mcw03 04两个机器,而不是02机器吧
14也是zabbix,记不清了
那就选01和03吧
[root@mcw01 ~]# vim /srv/salt/base/top.sls [root@mcw01 ~]# cat /srv/salt/base/top.sls base: #'*': # - init.env_init 'mcw03': - cluster.haproxy-outside - cluster.haproxy-outside-keepalived 'mcw01': - cluster.haproxy-outside - cluster.haproxy-outside-keepalived #prod: # '*': # - [root@mcw01 ~]#
然后再次执行,报错了,这是因为有配置没修改成mcw01,导致没有生成相关配置roudteid
---------- ID: /etc/keepalived Function: file.directory Result: True Comment: Started: 00:53:57.669911 Duration: 1.623 ms Changes: ---------- /etc/keepalived: ---------- directory: new ---------- ID: keepalived-server Function: file.managed Name: /etc/keepalived/keepalived.conf Result: False Comment: Unable to manage file: Jinja variable 'ROUTEID' is undefined Started: 00:53:57.671628 Duration: 198.605 ms Changes: ---------- ID: keepalived-server Function: service.running Name: keepalived Result: False Comment: One or more requisite failed: cluster.haproxy-outside-keepalived.keepalived-server Started: 00:53:57.870727 Duration: 0.004 ms Changes: Summary for mcw01 ------------- Succeeded: 24 (changed=15) Failed: 2
修改成判断mcw01
[root@mcw01 ~]# cat /srv/salt/prod/cluster/haproxy-outside-keepalived.sls include: - keepalived.install keepalived-server: file.managed: - name: /etc/keepalived/keepalived.conf - source: salt://cluster/files/haproxy-outside-keepalived.conf - mode: 644 - user: root - group: root - template: jinja {% if grains['fqdn'] == 'mcw02' %} - ROUTEID: haproxy_ha - STARTID: MASTER - PRIORITYID: 150 {% elif grains['fqdn'] == 'mcw03' %} - ROUTEID: haproxy_ha - STARTID: BACKUP - PRIORITYID: 100 {% endif %} service.running: - name: keepalived - enable: True - watch: - file: keepalived-server [root@mcw01 ~]# vim /srv/salt/prod/cluster/haproxy-outside-keepalived.sls [root@mcw01 ~]# cat /srv/salt/prod/cluster/haproxy-outside-keepalived.sls include: - keepalived.install keepalived-server: file.managed: - name: /etc/keepalived/keepalived.conf - source: salt://cluster/files/haproxy-outside-keepalived.conf - mode: 644 - user: root - group: root - template: jinja {% if grains['fqdn'] == 'mcw01' %} - ROUTEID: haproxy_ha - STARTID: MASTER - PRIORITYID: 150 {% elif grains['fqdn'] == 'mcw03' %} - ROUTEID: haproxy_ha - STARTID: BACKUP - PRIORITYID: 100 {% endif %} service.running: - name: keepalived - enable: True - watch: - file: keepalived-server [root@mcw01 ~]#
执行完之后,之前在mcw02上启动的keepaliveed并不会停止删除掉
[root@mcw02 ~]# ps -ef|grep keep root 8818 1 0 00:39 ? 00:00:00 /usr/local/keepalived/sbin/keepalived -D root 8820 8818 0 00:39 ? 00:00:00 /usr/local/keepalived/sbin/keepalived -D root 8821 8818 0 00:39 ? 00:00:00 /usr/local/keepalived/sbin/keepalived -D root 9062 1859 0 00:59 pts/0 00:00:00 grep --color=auto keep [root@mcw02 ~]#
查看vip0.99并没有在mcw01上创建,
[root@mcw01 ~]# grep ens33 /srv/* -r /srv/salt/prod/cluster/files/haproxy-outside-keepalived.conf: interface ens33 [root@mcw01 ~]# cat /srv/salt/prod/cluster/files/haproxy-outside-keepalived.conf ! Configuration File for keepalived glabal_defs { notification_email { saltstack@example.com } notification_eamil_from keepalived@example.com smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id {{ ROUTEID }} } vrrp_instance haproxy_ha { state {{STARTID}} interface ens33 virtual_router_id 36 priority {{PRIORITYID}} advert_int 1 authentication { auth_type PASS auth_pass 111 } virtual_ipaddress { 10.0.0.99 } } [root@mcw01 ~]# [root@mcw01 ~]# [root@mcw01 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:0b:af:8b brd ff:ff:ff:ff:ff:ff inet 10.0.0.11/24 brd 10.0.0.255 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::f32c:166d:40de:8f2e/64 scope link valid_lft forever preferred_lft forever inet6 fe80::495b:ff7:d185:f95d/64 scope link tentative dadfailed valid_lft forever preferred_lft forever inet6 fe80::9335:fbc:5cf6:ad83/64 scope link tentative dadfailed valid_lft forever preferred_lft forever 3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:0b:af:95 brd ff:ff:ff:ff:ff:ff [root@mcw01 ~]#
这是因为在mcw02,虽然因为80端口被占用,haproxy没有起来,但是keepalived之前已经部署了 ,改为mcw01上部署之后,mcw02这个节点还是在用这个ip。
[root@mcw02 ~]# ps -ef|grep keep root 8818 1 0 00:39 ? 00:00:00 /usr/local/keepalived/sbin/keepalived -D root 8820 8818 0 00:39 ? 00:00:00 /usr/local/keepalived/sbin/keepalived -D root 8821 8818 0 00:39 ? 00:00:00 /usr/local/keepalived/sbin/keepalived -D root 9062 1859 0 00:59 pts/0 00:00:00 grep --color=auto keep [root@mcw02 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:af:9b:98 brd ff:ff:ff:ff:ff:ff inet 10.0.0.12/24 brd 10.0.0.255 scope global ens33 valid_lft forever preferred_lft forever inet 10.0.0.99/32 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::9335:fbc:5cf6:ad83/64 scope link valid_lft forever preferred_lft forever 3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:af:9b:a2 brd ff:ff:ff:ff:ff:ff [root@mcw02 ~]# ss -lntup|grep 80 tcp LISTEN 0 511 *:80 *:* users:(("nginx",pid=1608,fd=8),("nginx",pid=1607,fd=8)) [root@mcw02 ~]#
直接把mcw02上的服务停掉,这个vip也释放出来了
[root@mcw02 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:af:9b:98 brd ff:ff:ff:ff:ff:ff inet 10.0.0.12/24 brd 10.0.0.255 scope global ens33 valid_lft forever preferred_lft forever inet 10.0.0.99/32 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::9335:fbc:5cf6:ad83/64 scope link valid_lft forever preferred_lft forever 3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:af:9b:a2 brd ff:ff:ff:ff:ff:ff [root@mcw02 ~]# ss -lntup|grep 80 tcp LISTEN 0 511 *:80 *:* users:(("nginx",pid=1608,fd=8),("nginx",pid=1607,fd=8)) [root@mcw02 ~]# [root@mcw02 ~]# systemctl stop keepalived.service [root@mcw02 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:af:9b:98 brd ff:ff:ff:ff:ff:ff inet 10.0.0.12/24 brd 10.0.0.255 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::9335:fbc:5cf6:ad83/64 scope link valid_lft forever preferred_lft forever 3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:af:9b:a2 brd ff:ff:ff:ff:ff:ff [root@mcw02 ~]#
10.0.0.99释放出来后,mcw01作为主节点,没做什么操作,立刻使用这个vip了
[root@mcw01 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:0b:af:8b brd ff:ff:ff:ff:ff:ff inet 10.0.0.11/24 brd 10.0.0.255 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::f32c:166d:40de:8f2e/64 scope link valid_lft forever preferred_lft forever inet6 fe80::495b:ff7:d185:f95d/64 scope link tentative dadfailed valid_lft forever preferred_lft forever inet6 fe80::9335:fbc:5cf6:ad83/64 scope link tentative dadfailed valid_lft forever preferred_lft forever 3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:0b:af:95 brd ff:ff:ff:ff:ff:ff [root@mcw01 ~]# [root@mcw01 ~]# [root@mcw01 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:0b:af:8b brd ff:ff:ff:ff:ff:ff inet 10.0.0.11/24 brd 10.0.0.255 scope global ens33 valid_lft forever preferred_lft forever inet 10.0.0.99/32 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::f32c:166d:40de:8f2e/64 scope link valid_lft forever preferred_lft forever inet6 fe80::495b:ff7:d185:f95d/64 scope link tentative dadfailed valid_lft forever preferred_lft forever inet6 fe80::9335:fbc:5cf6:ad83/64 scope link tentative dadfailed valid_lft forever preferred_lft forever 3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:0b:af:95 brd ff:ff:ff:ff:ff:ff [root@mcw01 ~]#
可以看到salt把 haproxy和keepavlived都装上了。将机器keepalived停掉,
[root@mcw01 ~]# ss -lntup|grep 80 tcp LISTEN 0 16384 10.0.0.12:80 *:* users:(("haproxy",pid=15945,fd=5)) tcp LISTEN 0 80 :::3306 :::* users:(("mysqld",pid=1800,fd=15)) [root@mcw01 ~]# ps -ef|grep keep root 18353 1 0 00:59 ? 00:00:00 /usr/local/keepalived/sbin/keepalived -D root 18355 18353 0 00:59 ? 00:00:00 /usr/local/keepalived/sbin/keepalived -D root 18356 18353 0 00:59 ? 00:00:00 /usr/local/keepalived/sbin/keepalived -D root 19600 1957 0 01:11 pts/0 00:00:00 grep --color=auto keep [root@mcw01 ~]# pkill keep [root@mcw01 ~]# ps -ef|grep keep root 19617 1957 0 01:11 pts/0 00:00:00 grep --color=auto keep [root@mcw01 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:0b:af:8b brd ff:ff:ff:ff:ff:ff inet 10.0.0.11/24 brd 10.0.0.255 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::f32c:166d:40de:8f2e/64 scope link valid_lft forever preferred_lft forever inet6 fe80::495b:ff7:d185:f95d/64 scope link tentative dadfailed valid_lft forever preferred_lft forever inet6 fe80::9335:fbc:5cf6:ad83/64 scope link tentative dadfailed valid_lft forever preferred_lft forever 3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:0b:af:95 brd ff:ff:ff:ff:ff:ff [root@mcw01 ~]#
vip里面漂移到备节点上了
[root@mcw03 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:ae:54:49 brd ff:ff:ff:ff:ff:ff inet 10.0.0.13/24 brd 10.0.0.255 scope global ens33 valid_lft forever preferred_lft forever inet 10.0.0.99/32 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::495b:ff7:d185:f95d/64 scope link valid_lft forever preferred_lft forever inet6 fe80::9335:fbc:5cf6:ad83/64 scope link tentative dadfailed valid_lft forever preferred_lft forever 3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:ae:54:53 brd ff:ff:ff:ff:ff:ff [root@mcw03 ~]#
启动主节点,vip又漂移回来了
[root@mcw01 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:0b:af:8b brd ff:ff:ff:ff:ff:ff inet 10.0.0.11/24 brd 10.0.0.255 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::f32c:166d:40de:8f2e/64 scope link valid_lft forever preferred_lft forever inet6 fe80::495b:ff7:d185:f95d/64 scope link tentative dadfailed valid_lft forever preferred_lft forever inet6 fe80::9335:fbc:5cf6:ad83/64 scope link tentative dadfailed valid_lft forever preferred_lft forever 3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:0b:af:95 brd ff:ff:ff:ff:ff:ff [root@mcw01 ~]# [root@mcw01 ~]# [root@mcw01 ~]# systemctl start keepalived [root@mcw01 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:0b:af:8b brd ff:ff:ff:ff:ff:ff inet 10.0.0.11/24 brd 10.0.0.255 scope global ens33 valid_lft forever preferred_lft forever inet 10.0.0.99/32 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::f32c:166d:40de:8f2e/64 scope link valid_lft forever preferred_lft forever inet6 fe80::495b:ff7:d185:f95d/64 scope link tentative dadfailed valid_lft forever preferred_lft forever inet6 fe80::9335:fbc:5cf6:ad83/64 scope link tentative dadfailed valid_lft forever preferred_lft forever 3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:0b:af:95 brd ff:ff:ff:ff:ff:ff [root@mcw01 ~]#
mcw03作为备,就没有了vip了
[root@mcw03 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:ae:54:49 brd ff:ff:ff:ff:ff:ff inet 10.0.0.13/24 brd 10.0.0.255 scope global ens33 valid_lft forever preferred_lft forever inet 10.0.0.99/32 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::495b:ff7:d185:f95d/64 scope link valid_lft forever preferred_lft forever inet6 fe80::9335:fbc:5cf6:ad83/64 scope link tentative dadfailed valid_lft forever preferred_lft forever 3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:ae:54:53 brd ff:ff:ff:ff:ff:ff [root@mcw03 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:ae:54:49 brd ff:ff:ff:ff:ff:ff inet 10.0.0.13/24 brd 10.0.0.255 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::495b:ff7:d185:f95d/64 scope link valid_lft forever preferred_lft forever inet6 fe80::9335:fbc:5cf6:ad83/64 scope link tentative dadfailed valid_lft forever preferred_lft forever 3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:ae:54:53 brd ff:ff:ff:ff:ff:ff [root@mcw03 ~]#
其它state文件暂时省略 ,以后补充
理解扩展grains流程
创建这个目录,目录下写python程序,程序中定义函数,然后返回一个字典。目前mcw03是没有list这个grains的
[root@mcw01 ~]# mkdir /srv/salt/_grains [root@mcw01 ~]# vim /srv/salt/_grains/example.py [root@mcw01 ~]# cat /srv/salt/_grains/example.py #!/usr/bin/python def grains(): local={} test={'key':'vaule','key1':'value1','key2':'vaule2'} local['list'] = [1,2,3,4] local['string'] = 'str' local['dict'] = test return local [root@mcw01 ~]# salt mcw03 grains.item list mcw03: ---------- list: [root@mcw01 ~]#
mcw03缓存中没有这个文件的
[root@mcw03 ~]# ls /var/cache/ abrt-di ldconfig man salt yum [root@mcw03 ~]# [root@mcw03 ~]# ls /var/cache/salt/ minion [root@mcw03 ~]# ls /var/cache/salt/minion/ accumulator extmods extrn_files file_backup files highstate.cache.p module_refresh pkg_refresh proc sls.p [root@mcw03 ~]# ls /var/cache/salt/minion/extmods/ [root@mcw03 ~]#
同步上面写的脚本到minion
[root@mcw01 ~]# salt mcw03 saltutil.sync_grains
mcw03:
[root@mcw01 ~]#
还是结果是没有看到。我们应该是将目录创建的文件的root目录下
[root@mcw01 ~]# ls /srv/salt/ base _grains prod test [root@mcw01 ~]# ls /srv/salt/base/ init top.sls [root@mcw01 ~]# tail -20 /etc/salt/master|head ############################################ # Allow the raw_shell parameter to be used when calling Salt SSH client via API #netapi_allow_raw_shell: True file_roots: base: - /srv/salt/base - /srv/salt/prod prod: - /srv/salt/prod # prod: [root@mcw01 ~]# mv /srv/salt/_grains /srv/salt/base/ [root@mcw01 ~]#
然后我们执行,就可以看到这个grains了
[root@mcw01 ~]# salt mcw03 saltutil.sync_grains mcw03: - grains.example [root@mcw01 ~]#
远程可看到这个文件同步到mcw03上了
[root@mcw01 ~]# salt mcw03 cmd.run 'ls /var/cache/salt/minion/extmods/' mcw03: grains [root@mcw01 ~]# salt mcw03 cmd.run 'ls /var/cache/salt/minion/extmods/grains' mcw03: __pycache__ example.py [root@mcw01 ~]#
minion上可以查看到
[root@mcw03 ~]# ls /var/cache/salt/minion/extmods/ grains [root@mcw03 ~]# ls /var/cache/salt/minion/extmods/grains/ example.py __pycache__ [root@mcw03 ~]# cat /var/cache/salt/minion/extmods/grains/example.py #!/usr/bin/python def grains(): local={} test={'key':'vaule','key1':'value1','key2':'vaule2'} local['list'] = [1,2,3,4] local['string'] = 'str' local['dict'] = test return local [root@mcw03 ~]#
master上查看minion上多个项
[root@mcw01 ~]# salt mcw03 grains.item list string dict mcw03: ---------- dict: ---------- key: vaule key1: value1 key2: vaule2 list: - 1 - 2 - 3 - 4 string: str [root@mcw01 ~]#
扩展grains案例
通过命令等等获取机器信息,做下处理,然后作为键值对返回这个函数名可以自己定义
[root@mcw01 ~]# ls /srv/salt/base/_grains/ example.py info.py [root@mcw01 ~]# cat /srv/salt/base/_grains/* #!/usr/bin/python def grains(): local={} test={'key':'vaule','key1':'value1','key2':'vaule2'} local['list'] = [1,2,3,4] local['string'] = 'str' local['dict'] = test return local #!/usr/bin/python import commands def role(): information={} information['disk_num'] = commands.getoutput('fdisk -l|grep Disk|wc -l') information['disk_big'] = commands.getoutput("fdisk -l|grep Disk|grep /dev/sda|awk '{print $3}'") return information [root@mcw01 ~]#
上面的没有成功,比如下面的测试,字典的名称是local才能获取到键值对数据,不然没有获取到
[root@mcw01 ~]# cat /srv/salt/base/_grains/xiaoma.py #!/usr/bin/python def mcw(): mcwdic={} mcwdit['myname'] = 'machangwei' return mcwdir [root@mcw01 ~]# salt mcw03 saltutil.sync_grains mcw03: - grains.xiaoma [root@mcw01 ~]# salt mcw03 grains.item myname mcw03: ---------- myname: [root@mcw01 ~]#
函数名可以改变,但是返回的字典名称,好像得是local才可以符合预期获取到数值
[root@mcw01 ~]# cat /srv/salt/base/_grains/xiaoma.py #!/usr/bin/python def mcw(): local={} local['myname'] = 'machangwei' return local [root@mcw01 ~]# salt mcw03 saltutil.sync_grains mcw03: - grains.xiaoma [root@mcw01 ~]# salt mcw03 grains.item myname mcw03: ---------- myname: machangwei [root@mcw01 ~]#
根本原因好像是command获取的值,这里不能用,是不是可以其它方法获取值用呢
[root@mcw01 ~]# vim /srv/salt/base/_grains/info.py [root@mcw01 ~]# cat /srv/salt/base/_grains/info.py #!/usr/bin/python #import commands def role(): local={} local['disknum'] = commands.getoutput('fdisk -l|grep Disk|wc -l') local['diskbig'] = commands.getoutput("fdisk -l|grep Disk|grep /dev/sda|awk '{print $3}'") return local [root@mcw01 ~]# [root@mcw01 ~]# salt mcw03 saltutil.sync_grains mcw03: - grains.info [root@mcw01 ~]# salt mcw03 grains.item disknum mcw03: ---------- disknum: [root@mcw01 ~]# vim /srv/salt/base/_grains/info.py [root@mcw01 ~]# cat /srv/salt/base/_grains/info.py #!/usr/bin/python #import commands def role(): local={} local['disknum'] = 1#commands.getoutput('fdisk -l|grep Disk|wc -l') local['diskbig'] = 2#commands.getoutput("fdisk -l|grep Disk|grep /dev/sda|awk '{print $3}'") return local [root@mcw01 ~]# salt mcw03 saltutil.sync_grains mcw03: - grains.info [root@mcw01 ~]# salt mcw03 grains.item disknum mcw03: ---------- disknum: 1 [root@mcw01 ~]#
再看,感觉还是跟commands有关
[root@mcw01 ~]# cat /srv/salt/base/_grains/info.py #!/usr/bin/python import commands def role(): local={} local['disknum'] = 1#commands.getoutput('fdisk -l|grep Disk|wc -l') local['diskbig'] = 2#commands.getoutput("fdisk -l|grep Disk|grep /dev/sda|awk '{print $3}'") return local [root@mcw01 ~]# salt mcw03 grains.item disknum mcw03: ---------- disknum: [root@mcw01 ~] [root@mcw01 ~]# vim /srv/salt/base/_grains/info.py [root@mcw01 ~]# cat /srv/salt/base/_grains/info.py #!/usr/bin/python #import commands def role(): local={} local['disknum'] = 1#commands.getoutput('fdisk -l|grep Disk|wc -l') local['diskbig'] = 2#commands.getoutput("fdisk -l|grep Disk|grep /dev/sda|awk '{print $3}'") return local [root@mcw01 ~]# salt mcw03 saltutil.sync_grains mcw03: - grains.info [root@mcw01 ~]# salt mcw03 grains.item disknum mcw03: ---------- disknum: 1 [root@mcw01 ~]#
把commands改成subprocess,就可以实现符合预期的了
[root@mcw01 ~]# vim /srv/salt/base/_grains/info.py [root@mcw01 ~]# cat /srv/salt/base/_grains/info.py #!/usr/bin/python import subprocess def role(): local={} local['disknum'] = subprocess.getoutput('fdisk -l|grep Disk|wc -l') local['diskbig'] = subprocess.getoutput("fdisk -l|grep Disk|grep /dev/sda|awk '{print $3}'") return local [root@mcw01 ~]# [root@mcw01 ~]# salt mcw03 saltutil.sync_grains mcw03: - grains.info [root@mcw01 ~]# salt mcw03 grains.item disknum mcw03: ---------- disknum: 5 [root@mcw01 ~]# vim /srv/salt/base/_grains/info.py [root@mcw01 ~]# cat /srv/salt/base/_grains/info.py #!/usr/bin/python import subprocess def role(): local={} local['disk_num'] = subprocess.getoutput('fdisk -l|grep Disk|wc -l') local['disk_big'] = subprocess.getoutput("fdisk -l|grep Disk|grep /dev/sda|awk '{print $3}'") return local [root@mcw01 ~]# salt mcw03 saltutil.sync_grains mcw03: - grains.info [root@mcw01 ~]# salt mcw03 grains.item disk_num disk_big mcw03: ---------- disk_big: 21.5 disk_num: 5 [root@mcw01 ~]#
理解扩展module原理
查看一个案例
[root@mcw01 ~]# cat /usr/lib/python3.6/site-packages/salt/modules/dig.py """ Compendium of generic DNS utilities. The 'dig' command line tool must be installed in order to use this module. """ import logging import re import salt.utils.network import salt.utils.path log = logging.getLogger(__name__) __virtualname__ = "dig" def __virtual__(): """ Only load module if dig binary is present """ if salt.utils.path.which("dig"): return __virtualname__ return ( False, "The dig execution module cannot be loaded: the dig binary is not in the path.", ) def check_ip(addr): """ Check if address is a valid IP. returns True if valid, otherwise False. CLI Example: .. code-block:: bash salt ns1 dig.check_ip 127.0.0.1 salt ns1 dig.check_ip 1111:2222:3333:4444:5555:6666:7777:8888 """ try: addr = addr.rsplit("/", 1) except AttributeError: # Non-string passed return False if salt.utils.network.is_ipv4(addr[0]): try: if 1 <= int(addr[1]) <= 32: return True except ValueError: # Non-int subnet notation return False except IndexError: # No subnet notation used (i.e. just an IPv4 address) return True if salt.utils.network.is_ipv6(addr[0]): try: if 8 <= int(addr[1]) <= 128: return True except ValueError: # Non-int subnet notation return False except IndexError: # No subnet notation used (i.e. just an IPv4 address) return True return False def A(host, nameserver=None): """ Return the A record for ``host``. Always returns a list. CLI Example: .. code-block:: bash salt ns1 dig.A www.google.com """ dig = ["dig", "+short", str(host), "A"] if nameserver is not None: dig.append("@{}".format(nameserver)) cmd = __salt__["cmd.run_all"](dig, python_shell=False) # In this case, 0 is not the same as False if cmd["retcode"] != 0: log.warning( "dig returned exit code '%s'. Returning empty list as fallback.", cmd["retcode"], ) return [] # make sure all entries are IPs return [x for x in cmd["stdout"].split("\n") if check_ip(x)] def AAAA(host, nameserver=None): """ Return the AAAA record for ``host``. Always returns a list. CLI Example: .. code-block:: bash salt ns1 dig.AAAA www.google.com """ dig = ["dig", "+short", str(host), "AAAA"] if nameserver is not None: dig.append("@{}".format(nameserver)) cmd = __salt__["cmd.run_all"](dig, python_shell=False) # In this case, 0 is not the same as False if cmd["retcode"] != 0: log.warning( "dig returned exit code '%s'. Returning empty list as fallback.", cmd["retcode"], ) return [] # make sure all entries are IPs return [x for x in cmd["stdout"].split("\n") if check_ip(x)] def NS(domain, resolve=True, nameserver=None): """ Return a list of IPs of the nameservers for ``domain`` If ``resolve`` is False, don't resolve names. CLI Example: .. code-block:: bash salt ns1 dig.NS google.com """ dig = ["dig", "+short", str(domain), "NS"] if nameserver is not None: dig.append("@{}".format(nameserver)) cmd = __salt__["cmd.run_all"](dig, python_shell=False) # In this case, 0 is not the same as False if cmd["retcode"] != 0: log.warning( "dig returned exit code '%s'. Returning empty list as fallback.", cmd["retcode"], ) return [] if resolve: ret = [] for ns_host in cmd["stdout"].split("\n"): for ip_addr in A(ns_host, nameserver): ret.append(ip_addr) return ret return cmd["stdout"].split("\n") def SPF(domain, record="SPF", nameserver=None): """ Return the allowed IPv4 ranges in the SPF record for ``domain``. If record is ``SPF`` and the SPF record is empty, the TXT record will be searched automatically. If you know the domain uses TXT and not SPF, specifying that will save a lookup. CLI Example: .. code-block:: bash salt ns1 dig.SPF google.com """ spf_re = re.compile(r"(?:\+|~)?(ip[46]|include):(.+)") cmd = ["dig", "+short", str(domain), record] if nameserver is not None: cmd.append("@{}".format(nameserver)) result = __salt__["cmd.run_all"](cmd, python_shell=False) # In this case, 0 is not the same as False if result["retcode"] != 0: log.warning( "dig returned exit code '%s'. Returning empty list as fallback.", result["retcode"], ) return [] if result["stdout"] == "" and record == "SPF": # empty string is successful query, but nothing to return. So, try TXT # record. return SPF(domain, "TXT", nameserver) sections = re.sub('"', "", result["stdout"]).split() if not sections or sections[0] != "v=spf1": return [] if sections[1].startswith("redirect="): # Run a lookup on the part after 'redirect=' (9 chars) return SPF(sections[1][9:], "SPF", nameserver) ret = [] for section in sections[1:]: try: mechanism, address = spf_re.match(section).groups() except AttributeError: # Regex was not matched continue if mechanism == "include": ret.extend(SPF(address, "SPF", nameserver)) elif mechanism in ("ip4", "ip6") and check_ip(address): ret.append(address) return ret def MX(domain, resolve=False, nameserver=None): """ Return a list of lists for the MX of ``domain``. If the ``resolve`` argument is True, resolve IPs for the servers. It's limited to one IP, because although in practice it's very rarely a round robin, it is an acceptable configuration and pulling just one IP lets the data be similar to the non-resolved version. If you think an MX has multiple IPs, don't use the resolver here, resolve them in a separate step. CLI Example: .. code-block:: bash salt ns1 dig.MX google.com """ dig = ["dig", "+short", str(domain), "MX"] if nameserver is not None: dig.append("@{}".format(nameserver)) cmd = __salt__["cmd.run_all"](dig, python_shell=False) # In this case, 0 is not the same as False if cmd["retcode"] != 0: log.warning( "dig returned exit code '%s'. Returning empty list as fallback.", cmd["retcode"], ) return [] stdout = [x.split() for x in cmd["stdout"].split("\n")] if resolve: return [(lambda x: [x[0], A(x[1], nameserver)[0]])(x) for x in stdout] return stdout def TXT(host, nameserver=None): """ Return the TXT record for ``host``. Always returns a list. CLI Example: .. code-block:: bash salt ns1 dig.TXT google.com """ dig = ["dig", "+short", str(host), "TXT"] if nameserver is not None: dig.append("@{}".format(nameserver)) cmd = __salt__["cmd.run_all"](dig, python_shell=False) if cmd["retcode"] != 0: log.warning( "dig returned exit code '%s'. Returning empty list as fallback.", cmd["retcode"], ) return [] return [i for i in cmd["stdout"].split("\n")] # Let lowercase work, since that is the convention for Salt functions a = A aaaa = AAAA ns = NS spf = SPF mx = MX [root@mcw01 ~]#
还有些其它的省略,回头补充
用户添加
cat salt/users/vax.sls vayu: user.present: - fullname: vax - shell: /bin/bash - home: /home/vax - uid: 3006 ssh_auth.present: - user: vax - comment: vax - names: - ssh-rsa AAAAxxxxx
#cat pillar/users/portal.sls users: zhucxi: fullname: zhuxxi shell: /bin/bash home: /home/zhuxxqi uid: 2030 disable_password: True groups: - axxxxgroup ssh_keys: - ssh-rsa AAxxxmebw==
# cat salt/users/work.sls work: user.present: - fullname: work - shell: /bin/bash - home: /home/work - uid: 3000 {%- if grains['saltversioninfo'][0] >= 3001 %} - usergroup: True {%- else %} - gid_from_name: True {%- endif %} ssh_auth.present: - user: work - comment: work - names: - ssh-rsa Ax7Pju7Wf5 - ssh-rsa
浙公网安备 33010602011771号