構成設計の考え方
- システム初期化: base環境に全ノード共通の状態(カーネルパラメータ、DNS、監視エージェントなど)を配置
- 機能モジュール: haproxy、nginx、php、memcachedなどのサービスごとにディレクトリを作成し、その中に状態定義を格納
- 業務モジュール: 業務単位で必要機能をincludeしてまとめる
1. file_rootsの設定とディレクトリ作成
# /etc/salt/master
file_roots:
base:
- /srv/salt/base
test:
- /srv/salt/test
prod:
- /srv/salt/prod
# master再起動
systemctl restart salt-master
# ディレクトリ作成
mkdir -p /srv/salt/{base,test,prod}
2. システム初期化モジュール
mkdir -p /srv/salt/base/init/files
cd /srv/salt/base
2.1 DNS設定
# /srv/salt/base/init/dns.sls
/etc/resolv.conf:
file.managed:
- source: salt://init/files/resolv.conf
- mode: 644
- user: root
- group: root
resolv.confの中身:
nameserver 192.168.10.1
2.2 履歴コマンドのタイムスタンプ表示
# /srv/salt/base/init/history.sls
/etc/profile:
file.append:
- text:
- export HISTTIMEFORMAT="%F %T \`whoami\`"
2.3 操作監査ログ
# /srv/salt/base/init/audit.sls
/etc/bashrc:
file.append:
- text:
- export PROMPT_COMMAND='{ msg=$(history 1|{ read x y;echo $y; });logger "[euid=$(whoami)]":$(who am i):[\`pwd\`]"$msg";}'
2.4 カーネルパラメータ調整
# /srv/salt/base/init/sysctl.sls
vm.swappiness:
sysctl.present:
- value: 0
net.ipv4.ip_local_port_range:
sysctl.present:
- value: 10000 65000
fs.file-max:
sysctl.present:
- value: 100000
2.5 一括includeファイル
# /srv/salt/base/init/env_init.sls
include:
- init.dns
- init.history
- init.audit
- init.sysctl
2.6 top.sls
# /srv/salt/base/top.sls
base:
'*':
- init.env_init
2.7 テスト実行
salt '*' state.highstate test=True
3. 機能モジュール – 基本パッケージ
mkdir -p /srv/salt/prod/pkg
# /srv/salt/prod/pkg/pkg-init.sls
pkg-bootstrap:
pkg.installed:
- names:
- gcc
- gcc-c++
- glibc
- make
- autoconf
- openssl
- openssl-devel
4. 機能モジュール – HAProxy
mkdir -p /srv/salt/prod/haproxy/files
# ソースファイル・起動スクリプトをfiles/に配置
# /srv/salt/prod/haproxy/install.sls
include:
- pkg.pkg-init
haproxy-build:
file.managed:
- name: /usr/local/src/haproxy-1.6.2.tar.gz
- source: salt://haproxy/files/haproxy-1.6.2.tar.gz
- mode: 755
cmd.run:
- name: cd /usr/local/src && tar xf haproxy-1.6.2.tar.gz && cd haproxy-1.6.2 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
- unless: test -d /usr/local/haproxy
- require:
- pkg: pkg-bootstrap
- file: haproxy-build
haproxy-service-script:
file.managed:
- name: /etc/init.d/haproxy
- source: salt://haproxy/files/haproxy.init
- mode: 755
cmd.run:
- name: chkconfig --add haproxy
- unless: chkconfig --list | grep haproxy
- require:
- file: haproxy-service-script
net.ipv4.ip_nonlocal_bind:
sysctl.present:
- value: 1
haproxy-config-dir:
file.directory:
- name: /etc/haproxy
- mode: 755
5. 業務モジュール – HAProxyクラスタ
mkdir -p /srv/salt/prod/cluster/files
# 設定ファイルを作成 (haproxy-outside.cfg)
# /srv/salt/prod/cluster/haproxy-outside.sls
include:
- haproxy.install
haproxy-cluster:
file.managed:
- name: /etc/haproxy/haproxy.cfg
- source: salt://cluster/files/haproxy-outside.cfg
- mode: 644
service.running:
- name: haproxy
- enable: True
- reload: True
- require:
- cmd: haproxy-service-script
- watch:
- file: haproxy-cluster
haproxy-outside.cfgの例(抜粋):
frontend frontend_www_example_com
bind 192.168.10.150:80
mode http
default_backend backend_www_example_com
backend backend_www_example_com
balance roundrobin
server web-node1 192.168.10.129:8080 check inter 2000
server web-node2 192.168.10.128:8080 check inter 2000
6. top.slsの拡張
# /srv/salt/base/top.sls
base:
'*':
- init.env_init
prod:
'web01':
- cluster.haproxy-outside
'web02':
- cluster.haproxy-outside
テスト:
salt '*' state.highstate test=True
salt '*' state.highstate
7. 機能モジュール – Keepalived
mkdir -p /srv/salt/prod/keepalived/files
# ソース・設定ファイルを準備
# /srv/salt/prod/keepalived/install.sls
include:
- pkg.pkg-init
keepalived-install:
file.managed:
- name: /usr/local/src/keepalived-1.2.19.tar.gz
- source: salt://keepalived/files/keepalived-1.2.19.tar.gz
cmd.run:
- name: cd /usr/local/src && tar xf keepalived-1.2.19.tar.gz && cd keepalived-1.2.19 && ./configure --prefix=/usr/local/keepalived --disable-fwmark && make && make install
- unless: test -d /usr/local/keepalived
- require:
- pkg: pkg-bootstrap
- file: keepalived-install
keepalived-init:
file.managed:
- name: /etc/init.d/keepalived
- source: salt://keepalived/files/keepalived.init
cmd.run:
- name: chkconfig --add keepalived
- unless: chkconfig --list | grep keepalived
/etc/sysconfig/keepalived:
file.managed:
- source: salt://keepalived/files/keepalived.sysconfig
/etc/keepalived:
file.directory:
- mode: 755
8. 業務モジュール – Keepalived+HAProxy
# /srv/salt/prod/cluster/files/haproxy-outside-keepalived.cfg
# Jinja変数を用いたテンプレート
global_defs {
notification_email {
admin@example.com
}
router_id {{ ROUTEID }}
}
vrrp_instance haproxy_ha {
state {{ STATEID }}
interface eth2
virtual_router_id 36
priority {{ PRIORITYID }}
virtual_ipaddress {
192.168.10.130
}
}
# /srv/salt/prod/cluster/haproxy-outside-keepalived.sls
include:
- keepalived.install
keepalived-service:
file.managed:
- name: /etc/keepalived/keepalived.conf
- source: salt://cluster/files/haproxy-outside-keepalived.cfg
- template: jinja
- defaults:
ROUTEID: haproxy_ha
{% if grains['fqdn'] == 'web01' %}
STATEID: MASTER
PRIORITYID: 150
{% elif grains['fqdn'] == 'web02' %}
STATEID: BACKUP
PRIORITYID: 100
{% endif %}
service.running:
- name: keepalived
- enable: True
- watch:
- file: keepalived-service
9. top.sls最終版
base:
'*':
- init.env_init
prod:
'web01':
- cluster.haproxy-outside
- cluster.haproxy-outside-keepalived
'web02':
- cluster.haproxy-outside
- cluster.haproxy-outside-keepalived
全体テスト:
salt '*' state.highstate
10. Zabbix Agentの導入(Pillar利用)
# /etc/salt/master
pillar_roots:
base:
- /srv/pillar/base
mkdir -p /srv/pillar/base
# /srv/pillar/base/top.sls
base:
'*':
- zabbix
# /srv/pillar/base/zabbix.sls
zabbix-agent:
Zabbix_Server: 192.168.10.129
# /srv/salt/base/init/zabbix_agent.sls
zabbix-agent-install:
pkg.installed:
- name: zabbix-agent
file.managed:
- name: /etc/zabbix/zabbix_agentd.conf
- source: salt://init/files/zabbix_agentd.conf
- template: jinja
- defaults:
Server: {{ pillar['zabbix-agent']['Zabbix_Server'] }}
- require:
- pkg: zabbix-agent-install
service.running:
- name: zabbix-agent
- enable: True
- watch:
- pkg: zabbix-agent-install
- file: zabbix-agent-install
テンプレートファイル:
# /srv/salt/base/init/files/zabbix_agentd.conf
Server={{ Server }}
env_init.slsに追記:
include:
- init.dns
- init.history
- init.audit
- init.sysctl
- init.zabbix_agent
トラブルシューティング
Keepalived VIPが設定できない場合は/var/log/messagesを確認。スペース不足や設定ミスを修正。