saltstack实践案例
master某个配置参考案例
[root@]# cat /etc/salt/master
file_ignore_regex:
- '/\.git($|/)' file_ignore_glob:
- '*.pyc'
- '*.bak'
- '*.swp' file_roots:
base:
- /srv/salt
# dev:
# - /opt/saltconfig/salt pillar_roots:
base:
- /srv/pillar
# dev:
# - /opt/saltconfig/pillar autosign_file: /etc/salt/autosign.conf worker_threads: 32 return: mysql
mysql.host: 'salt-return.xx.com'
mysql.user: 'salt'
mysql.pass: 'saltreturn'
mysql.db: 'salt'
mysql.port: xxx #mongo.db: 'pillar'
#mongo.host: 'localhost'
#mongo.user: 'pillar'
#mongo.password: '590xxx69'
#
#ext_pillar:
# - mongo: {} [root@]#
minion配置
mine_functions:
network.interfaces: []
network.interface_ip:
- bond0
mine_interval: 2
在SaltStack中,autosign_file是一个配置参数,用于指定一个文件路径,该文件包含了用于自动签证的匹配项。当Minions的公钥与autosign_file中的匹配项相匹配时,Master会自动接受该Minion的公钥,无需手动进行签证。
默认情况下,autosign_file的路径是/etc/salt/autosign.conf。在该文件中,可以指定字符串或正则表达式来匹配Minions的公钥。
例如,如果想要自动接受所有Minions的公钥,可以将autosign_file设置为一个包含空字符串的文件,或者使用正则表达式匹配所有Minions的公钥。
需要注意的是,使用autosign_file可以提高自动化程度,但也可能会带来安全风险。因此,在使用该功能时,应谨慎配置并确保autosign_file中的匹配项正确无误,以避免潜在的安全漏洞。
环境配置
查看默认配置
file的
[root@mcw01 ~]# vim /etc/salt/master
##### File Server settings #####
##########################################
# Salt runs a lightweight file server written in zeromq to deliver files to
# minions. This file server is built into the master daemon and does not
# require a dedicated port. # The file server works on environments passed to the master, each environment
# can have multiple root directories, the subdirectories in the multiple file
# roots cannot match, otherwise the downloaded files will not be able to be
# reliably ensured. A base environment is required to house the top file.
# Example:
# file_roots:
# base:
# - /srv/salt/
# dev:
# - /srv/salt/dev/services
# - /srv/salt/dev/states
# prod:
# - /srv/salt/prod/services
# - /srv/salt/prod/states
#
#file_roots:
# base:
# - /srv/salt
# # The master_roots setting configures a master-only copy of the file_roots dictionary,
# used by the state compiler.
#master_roots:
# base:
# - /srv/salt-master
pillar的
##### Pillar settings #####
##########################################
# Salt Pillars allow for the building of global data that can be made selectively
# available to different minions based on minion grain filtering. The Salt
# Pillar is laid out in the same fashion as the file server, with environments,
# a top file and sls files. However, pillar data does not need to be in the
# highstate format, and is generally just key/value pairs.
#pillar_roots:
# base:
# - /srv/pillar
#
#ext_pillar:
# - hiera: /etc/hiera.yaml
# - cmd_yaml: cat /etc/salt/yaml # A list of paths to be recursively decrypted during pillar compilation.
# Entries in this list can be formatted either as a simple string, or as a
# key/value pair, with the key being the pillar location, and the value being
# the renderer to use for pillar decryption. If the former is used, the
# renderer specified by decrypt_pillar_default will be used.
#decrypt_pillar:
# - 'foo:bar': gpg
# - 'lorem:ipsum:dolor'
配置路径,创建目录结构并重启master
[root@mcw01 ~]# vim /etc/salt/master
[root@mcw01 ~]# tail -10 /etc/salt/master
file_roots:
base:
- /srv/salt/base
prod:
- /srv/salt/prod
pillar_roots:
base:
- /srv/pillar/base
prod:
- /srv/pillar/prod
[root@mcw01 ~]# mkdir -p /srv/salt/base /srv/salt/prod
[root@mcw01 ~]# mkdir -p /srv/pillar/base /srv/pillar/prod
[root@mcw01 ~]# systemctl restart salt-master
[root@mcw01 ~]#
yaml编写
编写规则案例
冒号:
my_key: my_value
python 中映射为:
{'my_key':'my_value'}
my_key:
my_value
python 中映射为:
{'my_key':'my_value'}
字典嵌套:
first_level_dict_key:
second_leve_dict_key: value_in_second_level_dict
在Python中映射:
{
'first_level_dict_key':{
'second_level_dict_key': 'value_in_second_level_dict'
}
}
短横杠:
- list_value_one
- list_value_two
- list_value_three
如下:
my_dictionary:
- list_value_one
- list_value_two
- list_value_three
在python中映射为:
{
'my_dictionary':[
'list_value_one','list_value_two',
'list_value_three'
]
}
jinja使用技巧
如何区分模板文件
如下,通过- template:jinja指令声明了zabbix_agentd.conf是一个jinja模板文件,同时使用pillar为其设置了一个变量,salt在解析yaml之前会先执行pillar那行,获取到server对应的设置。
如果我们也需要类似的这种,在某种场景下部分文件需要jinjia渲染,那么就用这个字段去判断,给类似于pillar的地方,进行渲染,参考这种方式做我们自己的渲染。
/etc/zabbix_agentd.conf:
file.managed:
- name: /etc/zabbix_agentd.conf
- source: salt://zabbix/files/zabbix_agentd.conf
- template: jinja
- defaults:
Server: {{ pillar['zabbix-agent']['Zabbix_Server'] }}
jinjia的基本使用
jinjia逻辑关系
sls里面可以直接用判断,但是非sls文件需要标记使用模板是jinja渲染
cat pillar/keepalived/zzvm_proxy.sls
keepalived:
config_dir_path: zzvmproxy
{% if grains['id'] == 'vm-proxy001.zz.mcw.com' %}
vip: 10.111.15.101
name: vm-proxy001.zz
state: MASTER
interface: eth0
virtual_router_id: 52
priority: 180
unicast_src_ip: 10.111.14.46
unicast_peer: 10.111.14.36
{% elif grains['id'] == 'vm-proxy002.zz.mcw.com' %}
vip: 10.111.15.101
name: vm-proxy002.zz
state: BACKUP
interface: eth0
virtual_router_id: 52
priority: 130
unicast_src_ip: 10.111.14.36
unicast_peer: 10.111.14.46
{% endif %}
系统初始化
dns配置
有内网dns服务器的时候。用下面管理resolv.conf文件
创建sls文件,添加文件过去。给这个文件添加一行标记
[root@mcw01 ~]# tree /srv/
/srv/
├── pillar
│ ├── base
│ └── prod
└── salt
├── base
└── prod 6 directories, 0 files
[root@mcw01 ~]# mkdir /srv/salt/base/init
[root@mcw01 ~]# vim /srv/salt/base/init/dns.sls
[root@mcw01 ~]# mkdir /srv/salt/base/init/files
[root@mcw01 ~]# cp /etc/resolv.conf //srv/salt/base/init/files/
[root@mcw01 ~]# vim //srv/salt/base/init/files/resolv.conf
[root@mcw01 ~]# cat /srv/salt/base/init/files/resolv.conf
# Generated by NetworkManager
#salt tongbu by mcw
nameserver 223.5.5.5
[root@mcw01 ~]#
查看文件内容并解读一下:
[root@mcw01 ~]# tree /srv/
/srv/
├── pillar
│ ├── base
│ └── prod
└── salt
├── base
│ └── init
│ ├── dns.sls
│ └── files
│ └── resolv.conf
└── prod 8 directories, 2 files
[root@mcw01 ~]# cat /srv/salt/base/init/dns.sls
/etc/resolv.conf:
file.managed:
- source: salt://init/files/resolv.conf
- user: root
- group: root
- mode: 644
[root@mcw01 ~]# cat /srv/salt/base/init/files/resolv.conf
# Generated by NetworkManager
#salt tongbu by mcw
nameserver 223.5.5.5
[root@mcw01 ~]#
#需要将机器的/etc/resolv.conf文件用file.managed管理起来,如果文件不存在会创建的。这个文件内容,来源于salt文件设置的root下的init下resolv.conf文件。生成这个文件后,
#它是root用户和用户组的,是644的权限
查看mcw04目前的文件是这样的,应该说是所有的节点都是这样的
[root@mcw04 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 223.5.5.5
[root@mcw04 ~]#
执行一下,在master上
[root@mcw01 ~]# salt mcw04 state.sls init/dns
mcw04:
----------
ID: /etc/resolv.conf
Function: file.managed
Result: True
Comment: File /etc/resolv.conf updated
Started: 00:49:52.285098
Duration: 154.86 ms
Changes:
----------
diff:
---
+++
@@ -1,2 +1,3 @@
# Generated by NetworkManager
+#salt tongbu by mcw
nameserver 223.5.5.5 Summary for mcw04
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 154.860 ms
[root@mcw01 ~]#
如下,可以看到,mcw04上已经是同步的文件了。权限也没有问题
[root@mcw04 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
#salt tongbu by mcw
nameserver 223.5.5.5
[root@mcw04 ~]#
[root@mcw04 ~]# ls -lh /etc/resolv.conf
-rw-r--r-- 1 root root 71 Jan 20 00:49 /etc/resolv.conf
[root@mcw04 ~]#
history记录时间
创建sls文件。给目标主机的/etc/profile文件,追加下面的文本信息
[root@mcw01 ~]# vim /srv/salt/base/init/history.sls
[root@mcw01 ~]# cat /srv/salt/base/init/history.sls
/etc/profile:
file.append:
- text:
- export HISTIMEFORMAT="%F %T `whoami` "
[root@mcw01 ~]#
查看目标主机文件后四行
[root@mcw04 ~]# tail -4 /etc/profile
unset -f pathmunge
export JAVA_HOME=/usr/local/jdk
export HADOOP_HOME=/opt/hadoop
export PATH=${JAVA_HOME}/bin:${HADOOP_HOME}/bin:${HADOOP_HOME}/sbin:$PATH
[root@mcw04 ~]#
执行命令
[root@mcw01 ~]# salt mcw04 state.sls init/history
mcw04:
----------
ID: /etc/profile
Function: file.append
Result: True
Comment: Appended 1 lines
Started: 09:03:23.738302
Duration: 18.121 ms
Changes:
----------
diff:
--- +++ @@ -77,3 +77,4 @@ export JAVA_HOME=/usr/local/jdk
export HADOOP_HOME=/opt/hadoop
export PATH=${JAVA_HOME}/bin:${HADOOP_HOME}/bin:${HADOOP_HOME}/sbin:$PATH
+export HISTIMEFORMAT="%F %T `whoami` " Summary for mcw04
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 18.121 ms
[root@mcw01 ~]#
[root@mcw01 ~]#
查看目标主机,已经新增这条文本信息
[root@mcw04 ~]# tail -4 /etc/profile
export JAVA_HOME=/usr/local/jdk
export HADOOP_HOME=/opt/hadoop
export PATH=${JAVA_HOME}/bin:${HADOOP_HOME}/bin:${HADOOP_HOME}/sbin:$PATH
export HISTIMEFORMAT="%F %T `whoami` "
[root@mcw04 ~]#
重复执行salt 同步命令,不会重复添加这个文本。当目标主机最后面加了内容a=‘b’之后,原本追加的不在最后一行了。master上再执行salt state.sls同步命令,目标主机还是之前只追加的一条,也就是不会重复追加
[root@mcw04 ~]# tail -3 /etc/profile
export PATH=${JAVA_HOME}/bin:${HADOOP_HOME}/bin:${HADOOP_HOME}/sbin:$PATH
export HISTIMEFORMAT="%F %T `whoami` "
a='b'
[root@mcw04 ~]#
命令操作审计
使用logger将输入的命令写入到messages,后期可以用elk等相关收集日志,做处理
[root@mcw01 ~]# vim /srv/salt/base/init/audit.sls
[root@mcw01 ~]# cat /srv/salt/base/init/audit.sls
/etc/bashrc:
file.append:
- text:
- export PORMPT_COMMADN='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):['pwd']"$msg"; }'
[root@mcw01 ~]# salt mcw04 state.sls init/audit
mcw04:
----------
ID: /etc/bashrc
Function: file.append
Result: True
Comment: Appended 1 lines
Started: 09:16:49.906260
Duration: 19.483 ms
Changes:
----------
diff:
--- +++ @@ -90,3 +90,4 @@ unset -f pathmunge
fi
# vim:ts=4:sw=4
+export PORMPT_COMMADN='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):['pwd']"$msg"; }' Summary for mcw04
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 19.483 ms
[root@mcw01 ~]#
查看目标主机,已经追加了这行文本了
[root@mcw04 ~]# tail -1 /etc/bashrc
export PORMPT_COMMADN='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):['pwd']"$msg"; }'
[root@mcw04 ~]#
但是执行命令后,没有看到写入到messages文件,有时间验证下
[root@mcw04 ~]# ls
\ anaconda-ks.cfg filebeat-6.5.2-x86_64.rpm jdk-8u191-linux-x64.tar.gz nohup.out usr
1.py apache-tomcat-8.5.88 hadoop-2.8.5.tar.gz mcw.txt original-ks.cfg
a apache-tomcat-8.5.88.tar.gz ip_forward~ node_exporter-0.16.0.linux-amd64.tar.gz python3yizhuang.tar.gz
[root@mcw04 ~]# tail /var/log/messages
Jan 20 06:01:01 mcw04 systemd: Started Session 24 of user root.
Jan 20 06:01:01 mcw04 systemd: Starting Session 24 of user root.
Jan 20 07:01:01 mcw04 systemd: Started Session 25 of user root.
Jan 20 07:01:01 mcw04 systemd: Starting Session 25 of user root.
Jan 20 08:01:01 mcw04 systemd: Started Session 26 of user root.
Jan 20 08:01:01 mcw04 systemd: Starting Session 26 of user root.
Jan 20 08:10:10 mcw04 systemd: Starting Cleanup of Temporary Directories...
Jan 20 08:10:10 mcw04 systemd: Started Cleanup of Temporary Directories.
Jan 20 09:01:01 mcw04 systemd: Started Session 27 of user root.
Jan 20 09:01:01 mcw04 systemd: Starting Session 27 of user root.
[root@mcw04 ~]#
内核参数优化
下面是个对的配置
[root@mcw01 ~]# cat /srv/salt/base/init/sysctl.sls
net.ipv4.ip_local_port_range:
sysctl.present:
- value: 10000 65000
fs.file-max:
sysctl.present:
- value: 2000000
net.ipv4.ip_forward:
sysctl.present:
- value: 1
vm.swappiness:
sysctl.present:
- value: 0
[root@mcw01 ~]#
下面是整个过程,包括错误的配置:
当最后一条,命令写错了
[root@mcw01 ~]# cat /srv/salt/base/init/sysctl.sls
net.ipv4.ip_local_port_range:
sysctl.present:
- value: 10000 65000
fs.file-max:
sysctl.present:
- value: 2000000
net.ipv4.ip_forward:
sysctl.present:
- value: 1
vm.swappiness:
systcll.present:
- value: 0
[root@mcw01 ~]#
操作之前查看
[root@mcw04 ~]# sysctl -n net.ipv4.ip_local_port_range fs.file-max net.ipv4.ip_forward vm.swappiness
4000 65000
148235
0
30
[root@mcw04 ~]#
操作之后查看,最后一个没有修改,是因为写错了,最后一个
[root@mcw04 ~]# sysctl -n net.ipv4.ip_local_port_range fs.file-max net.ipv4.ip_forward vm.swappiness
10000 65000
2000000
1
30
[root@mcw04 ~]#
操作执行过程:
[root@mcw01 ~]# salt mcw04 state.sls init/sysctl
mcw04:
----------
ID: net.ipv4.ip_local_port_range
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.ip_local_port_range = 10000 65000
Started: 09:27:02.474380
Duration: 18.778 ms
Changes:
----------
net.ipv4.ip_local_port_range:
10000 65000
----------
ID: fs.file-max
Function: sysctl.present
Result: True
Comment: Updated sysctl value fs.file-max = 2000000
Started: 09:27:02.493391
Duration: 11.656 ms
Changes:
----------
fs.file-max:
2000000
----------
ID: net.ipv4.ip_forward
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.ip_forward = 1
Started: 09:27:02.505592
Duration: 11.877 ms
Changes:
----------
net.ipv4.ip_forward:
1
----------
ID: vm.swappiness
Function: systcll.present
Result: False
Comment: State 'systcll.present' was not found in SLS 'init/sysctl'
Reason: 'systcll.present' is not available.
Changes: Summary for mcw04
------------
Succeeded: 3 (changed=3)
Failed: 1
------------
Total states run: 4
Total run time: 42.311 ms
ERROR: Minions returned with non-zero exit code
[root@mcw01 ~]#
epel仓库
正确配置:
[root@mcw01 ~]# cat /srv/salt/base/init/epel.sls
yum_repo_release:
pkg.installed:
- sources:
- epel-release: https://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
- unless: rpm -qa | grep epel
[root@mcw01 ~]#
先把mcw04原来的备份
[root@mcw04 ~]# mv /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel.repobak
[root@mcw04 ~]# rpm -qa|grep epel
[root@mcw04 ~]#
配置过程如下:
多次配置错了,且报错了
[root@mcw01 ~]# vim /srv/salt/base/init/epel.sls
[root@mcw01 ~]# cat /srv/salt/base/init/epel.sls
yum_repo_release:
pkg.installed:
- sources:
- epel-release: http://mirrors.aliyun.com/epel/6/x86_64/epel-relese-6-8.noarch.rpm
- unless: rpm -qa|grep epel-release-6-8
[root@mcw01 ~]# salt mcw04 state.sls init/epel
mcw04:
----------
ID: yum_repo_release
Function: pkg.installed
Result: False
Comment: An error was encountered while installing package(s): Error: HTTP 404: Not Found reading /epel/6/x86_64/epel-relese-6-8.noarch.rpm
Started: 23:40:54.002813
Duration: 28001.159 ms
Changes: Summary for mcw04
------------
Succeeded: 0
Failed: 1
------------
Total states run: 1
Total run time: 28.001 s
ERROR: Minions returned with non-zero exit code
[root@mcw01 ~]#
[root@mcw01 ~]# vim /srv/salt/base/init/epel.sls
[root@mcw01 ~]# cat /srv/salt/base/init/epel.sls
yum_repo_release:
pkg.installed:
- sources:
- epel-release: https://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
- unless: rpm -qa|grep epel
[root@mcw01 ~]# salt mcw04 state.sls init/epel
mcw04:
----------
ID: yum_repo_release
Function: pkg.installed
Result: False
Comment: An exception occurred in this state: Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/salt/state.py", line 2180, in call
*cdata["args"], **cdata["kwargs"]
File "/usr/lib/python3.6/site-packages/salt/loader/lazy.py", line 149, in __call__
return self.loader.run(run_func, *args, **kwargs)
File "/usr/lib/python3.6/site-packages/salt/loader/lazy.py", line 1201, in run
return self._last_context.run(self._run_as, _func_or_method, *args, **kwargs)
File "/usr/lib/python3.6/site-packages/contextvars/__init__.py", line 38, in run
return callable(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/salt/loader/lazy.py", line 1216, in _run_as
return _func_or_method(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/salt/loader/lazy.py", line 1249, in wrapper
return f(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/salt/states/pkg.py", line 1904, in installed
**kwargs
File "/usr/lib/python3.6/site-packages/salt/loader/lazy.py", line 149, in __call__
return self.loader.run(run_func, *args, **kwargs)
File "/usr/lib/python3.6/site-packages/salt/loader/lazy.py", line 1201, in run
return self._last_context.run(self._run_as, _func_or_method, *args, **kwargs)
File "/usr/lib/python3.6/site-packages/contextvars/__init__.py", line 38, in run
return callable(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/salt/loader/lazy.py", line 1216, in _run_as
return _func_or_method(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/salt/modules/yumpkg.py", line 1450, in install
name, pkgs, sources, saltenv=saltenv, normalize=normalize, **kwargs
File "/usr/lib/python3.6/site-packages/salt/loader/lazy.py", line 149, in __call__
return self.loader.run(run_func, *args, **kwargs)
File "/usr/lib/python3.6/site-packages/salt/loader/lazy.py", line 1201, in run
return self._last_context.run(self._run_as, _func_or_method, *args, **kwargs)
File "/usr/lib/python3.6/site-packages/contextvars/__init__.py", line 38, in run
return callable(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/salt/loader/lazy.py", line 1216, in _run_as
return _func_or_method(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/salt/modules/pkg_resource.py", line 151, in parse_targets
"an invalid protocol".format(pkg_src, pkg_name)
salt.exceptions.SaltInvocationError: Path rpm -qa|grep epel for package unless is either not absolute or an invalid protocol
Started: 23:43:59.374470
Duration: 5805.984 ms
Changes: Summary for mcw04
------------
Succeeded: 0
Failed: 1
------------
Total states run: 1
Total run time: 5.806 s
ERROR: Minions returned with non-zero exit code
[root@mcw01 ~]# vim /srv/salt/base/init/epel.sls
[root@mcw01 ~]# cat /srv/salt/base/init/epel.sls
yum_repo_release:
pkg.installed:
- sources:
- epel-release: https://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
- unless: rpm -qa|grep epel
[root@mcw01 ~]# salt mcw04 state.sls init/epel
mcw04:
Data failed to compile:
----------
Rendering SLS 'base:init/epel' failed: while parsing a block mapping
in "<unicode string>", line 2, column 3
did not find expected key
in "<unicode string>", line 5, column 3
ERROR: Minions returned with non-zero exit code
[root@mcw01 ~]# s
https://mirrors.aliyun.com/epel/
包的地址是上面找的,找这个包地址
unless的位置写对,没有写对会报错
写对之后,执行成功
[root@mcw01 ~]# cat /srv/salt/base/init/epel.sls
yum_repo_release:
pkg.installed:
- sources:
- epel-release: https://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
- unless: rpm -qa | grep epel
[root@mcw01 ~]# salt mcw04 state.sls init/epel
mcw04:
----------
ID: yum_repo_release
Function: pkg.installed
Result: True
Comment: The following packages were installed/updated: epel-release
Started: 23:51:32.345174
Duration: 8092.604 ms
Changes:
----------
epel-release:
----------
new:
7-14
old: Summary for mcw04
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 8.093 s
[root@mcw01 ~]#
客户端再看,已经安装上yum源了
[root@mcw04 ~]# rpm -qa|grep epel
epel-release-7-14.noarch
[root@mcw04 ~]# ls /etc/yum.repos.d/
CentOS-Base.repo CentOS-Debuginfo.repo CentOS-Media.repo CentOS-Vault.repo epel.repobak glusterfs.repo
CentOS-CR.repo CentOS-fasttrack.repo CentOS-Sources.repo epel.repo epel-testing.repo salt.repo
[root@mcw04 ~]# ls /etc/yum.repos.d/epel.repo
/etc/yum.repos.d/epel.repo
[root@mcw04 ~]# less /etc/yum.repos.d/epel.repo
[root@mcw04 ~]# tail /etc/yum.repos.d/epel.repo
[epel-source]
name=Extra Packages for Enterprise Linux 7 - $basearch - Source
# It is much more secure to use the metalink, but if you wish to use a local mirror
# place it's address here.
#baseurl=http://download.example/pub/epel/7/source/tree/
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-source-7&arch=$basearch&infra=$infra&content=$contentdir
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1
[root@mcw04 ~]#
zabbix agent安装
要给这个主机安装,先装上zabbix仓库
[root@mcw02 ~]# rpm -ivh https://repo.zabbix.com/zabbix/4.0/rhel/7/x86_64/zabbix-release-4.0-1.el7.noarch.rpm
Retrieving https://repo.zabbix.com/zabbix/4.0/rhel/7/x86_64/zabbix-release-4.0-1.el7.noarch.rpm
warning: /var/tmp/rpm-tmp.qW9ZSJ: Header V4 RSA/SHA512 Signature, key ID a14fe591: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:zabbix-release-4.0-1.el7 ################################# [100%]
[root@mcw02 ~]#
[root@mcw02 ~]#
涉及到的几个文件的编写
[root@mcw01 ~]# tree /srv/
/srv/
├── pillar
│ ├── base
│ │ ├── top.sls
│ │ └── zabbix.sls
│ └── prod
└── salt
├── base
│ └── init
│ ├── audit.sls
│ ├── dns.sls
│ ├── epel.sls
│ ├── files
│ │ ├── resolv.conf
│ │ └── zabbix_agentd.conf
│ ├── history.sls
│ ├── sysctl.sls
│ └── zabbix_agent.sls
└── prod 8 directories, 10 files
[root@mcw01 ~]# cat /srv/pillar/base/top.sls #先从top里,设置所有机器都能读取zabbix.sls下的配置。然后pillar从top.sls开始,
# 找到zabbix.sls下的,就是一个字典{'zabbix-agent':{'Zabbix_Server': '10.0.0.14'}}
base:
'*':
- zabbix
[root@mcw01 ~]# cat /srv/pillar/base/zabbix.sls
zabbix-agent:
Zabbix_Server: 10.0.0.14
#当zabbix-agent的安装包函数好了之后,执行zabbix-agent的文件管理;监控zabbix-agent的包和文件管理,好了之后,执行zabbix-agent的服务运行,运行为开启;监控zabbix-agent的服务管理
#好了之后,并且子啊zabbix-agnet的包安装函数执行完后,文件管理执行完之后,才执行zabbix-agentd.conf.d,执行它下面的文件目录函数,创建目录名称是/etc/zabbix_agentd.conf.d
[root@mcw01 ~]# cat /srv/salt/base/init/zabbix_agent.sls #安装包;从pillar读取数据,渲染生成配置文件,运行服务;
zabbix-agent:
pkg.installed:
- name: zabbix-agent
file.managed:
- name: /etc/zabbix_agentd.conf
- source: salt://init/files/zabbix_agentd.conf
- template: jinja
- defaults:
Server: {{ pillar['zabbix-agent']['Zabbix_Server'] }}
- require:
- pkg: zabbix-agent
service.running:
- enable: True
- watch:
- pkg: zabbix-agent
- file: zabbix-agent
zabbix_agentd.conf.d:
file.directory:
- name: /etc/zabbix_agentd.conf.d
- watch_in:
- service: zabbix-agent
- require:
- pkg: zabbix-agent
- file: zabbix-agent
#上面文件管理,因为指明了,管理的是/etc/zabbix_agentd.conf的文件。需要在目标主机创建或更新这个文件,源头是salt里面的zabbix_agetd.conf文件
#使用jinja语法来渲染,所以这个源文件中使用了jinja语法,里面使用的变量是Server,所以文件管理下的默认下面,定义了这个键。而这个键Server的值,是个变量,
#是从pillar里面定义的变量生成的。{'zabbix-agent':{'Zabbix_Server': '10.0.0.14'}},是如下格式,所以pillar就是个字典,这里用这种方式获取到ip地址,作为Server这个变量的值
#然后管理的源文件里面使用Server这个变量也会渲染成这个ip,并生成配置文件,成为目标主机上管理的那个文件/etc/zabbix_agentd.conf文件
[root@mcw01 ~]# tail -5 /srv/salt/base/init/files/zabbix_agentd.conf
# Mandatory: no
# Default:
# TLSCipherAll=
Include=/etc/zabbix_agentd.conf.d/
Server={{ Server }}
[root@mcw01 ~]#
执行同步这个配置状态
[root@mcw01 ~]# vim /srv/salt/base/init/zabbix_agent.sls
[root@mcw01 ~]# salt mcw02 state.sls init/zabbix_agent
mcw02:
----------
ID: zabbix-agent
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 19:07:27.931826
Duration: 1027.719 ms
Changes:
----------
ID: zabbix-agent
Function: file.managed
Name: /etc/zabbix_agentd.conf
Result: True
Comment: File /etc/zabbix_agentd.conf updated
Started: 19:07:28.962457
Duration: 362.209 ms
Changes:
----------
diff:
New file
mode:
0644
----------
ID: zabbix_agentd.conf.d
Function: file.directory
Name: /etc/zabbix_agentd.conf.d
Result: True
Comment:
Started: 19:07:29.327890
Duration: 3.319 ms
Changes:
----------
/etc/zabbix_agentd.conf.d:
----------
directory:
new
----------
ID: zabbix-agent
Function: service.running
Result: True
Comment: Service zabbix-agent has been enabled, and is running
Started: 19:07:29.331434
Duration: 355.079 ms
Changes:
----------
zabbix-agent:
True Summary for mcw02
------------
Succeeded: 4 (changed=3)
Failed: 0
------------
Total states run: 4
Total run time: 1.748 s
[root@mcw01 ~]#
[root@mcw01 ~]#
[root@mcw01 ~]#
[root@mcw01 ~]# salt mcw02 state.sls init/zabbix_agent
mcw02:
----------
ID: zabbix-agent
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 19:14:21.728845
Duration: 1312.857 ms
Changes:
----------
ID: zabbix-agent
Function: file.managed
Name: /etc/zabbix_agentd.conf
Result: True
Comment: File /etc/zabbix_agentd.conf is in the correct state
Started: 19:14:23.046190
Duration: 54.313 ms
Changes:
----------
ID: zabbix_agentd.conf.d
Function: file.directory
Name: /etc/zabbix_agentd.conf.d
Result: True
Comment: The directory /etc/zabbix_agentd.conf.d is in the correct state
Started: 19:14:23.102109
Duration: 2.482 ms
Changes:
----------
ID: zabbix-agent
Function: service.running
Result: True
Comment: Service zabbix-agent is already enabled, and is running
Started: 19:14:23.104751
Duration: 84.692 ms
Changes:
----------
zabbix-agent:
True Summary for mcw02
------------
Succeeded: 4 (changed=1)
Failed: 0
------------
Total states run: 4
Total run time: 1.454 s
[root@mcw01 ~]#
执行完后,看目标主机上效果
可以看到,虽然服务启动的,但是配置文件使用的是默认安装的/etc/zabbix/zabbix_agentd.conf配置,而不是我们salt配置生成的/etc/zabbix_agentd.conf。但是查看生成的/etc/zabbix_agentd.conf,结果上是符合预期的。服务端Server配置,的确是用pillar里面那个变量ip生成的。
[root@mcw02 ~]# systemctl status zabbix-agent
● zabbix-agent.service - Zabbix Agent
Loaded: loaded (/usr/lib/systemd/system/zabbix-agent.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2024-01-21 19:14:23 CST; 18s ago
Process: 33943 ExecStop=/bin/kill -SIGTERM $MAINPID (code=exited, status=0/SUCCESS)
Process: 33987 ExecStart=/usr/sbin/zabbix_agentd -c $CONFFILE (code=exited, status=0/SUCCESS)
Main PID: 33989 (zabbix_agentd)
CGroup: /system.slice/zabbix-agent.service
├─33989 /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
├─33990 /usr/sbin/zabbix_agentd: collector [idle 1 sec]
├─33991 /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
├─33992 /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
├─33993 /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
└─33994 /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec] Jan 21 19:14:23 mcw02 systemd[1]: Starting Zabbix Agent...
Jan 21 19:14:23 mcw02 systemd[1]: PID file /run/zabbix/zabbix_agentd.pid not readable (yet?) after start.
Jan 21 19:14:23 mcw02 systemd[1]: Started Zabbix Agent.
[root@mcw02 ~]# ls /etc/zabbix/
zabbix_agentd.conf zabbix_agentd.d
[root@mcw02 ~]# ls /etc/zabbix/zabbix_agentd.d/
userparameter_mysql.conf
[root@mcw02 ~]# ls /etc/zabbix_agentd.conf
/etc/zabbix_agentd.conf
[root@mcw02 ~]# ls /etc/zabbix_agentd.conf.d/
[root@mcw02 ~]# tail /etc/zabbix_agentd.conf
# Example for GnuTLS:
# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
# Example for OpenSSL:
# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
#
# Mandatory: no
# Default:
# TLSCipherAll=
Include=/etc/zabbix_agentd.conf.d/
Server=10.0.0.14
[root@mcw02 ~]#
为啥启动的不是我们自己生成的服务器配置呢,这是因为服务启动文件里面,就不是指定的我们生成的配置路径,我们可以把这个 配置,也有salt管理起来
[root@mcw02 ~]# cat /usr/lib/systemd/system/zabbix-agent.service
[Unit]
Description=Zabbix Agent
After=syslog.target
After=network.target [Service]
Environment="CONFFILE=/etc/zabbix/zabbix_agentd.conf"
EnvironmentFile=-/etc/sysconfig/zabbix-agent
Type=forking
Restart=on-failure
PIDFile=/run/zabbix/zabbix_agentd.pid
KillMode=control-group
ExecStart=/usr/sbin/zabbix_agentd -c $CONFFILE
ExecStop=/bin/kill -SIGTERM $MAINPID
RestartSec=10s
User=zabbix
Group=zabbix [Install]
WantedBy=multi-user.target
[root@mcw02 ~]#
此时我们需要修改一下
[root@mcw01 ~]# tree /srv/
/srv/
├── pillar
│ ├── base
│ │ ├── top.sls
│ │ └── zabbix.sls
│ └── prod
└── salt
├── base
│ └── init
│ ├── audit.sls
│ ├── dns.sls
│ ├── epel.sls
│ ├── files
│ │ ├── resolv.conf
│ │ ├── zabbix_agentd.conf
│ │ └── zabbix-agent.service
│ ├── history.sls
│ ├── sysctl.sls
│ └── zabbix_agent.sls
└── prod 8 directories, 11 files
[root@mcw01 ~]# cat /srv/pillar/base/top.sls
base:
'*':
- zabbix
[root@mcw01 ~]# cat /srv/pillar/base/zabbix.sls
zabbix-agent:
Zabbix_Server: 10.0.0.14
zabbixagentconf: /etc/zabbix_agentd.conf
[root@mcw01 ~]# cat /srv/salt/base/init/zabbix_agent.sls
zabbix-agent:
pkg.installed:
- name: zabbix-agent
file.managed:
- name: /etc/zabbix_agentd.conf
- source: salt://init/files/zabbix_agentd.conf
- template: jinja
- defaults:
Server: {{ pillar['zabbix-agent']['Zabbix_Server'] }}
- require:
- pkg: zabbix-agent
service.running:
- enable: True
- watch:
- pkg: zabbix-agent
- file: zabbix-agent
zabbix_agentd.conf.d:
file.directory:
- name: /etc/zabbix_agentd.conf.d
- watch_in:
- service: zabbix-agent
- require:
- pkg: zabbix-agent
- file: zabbix-agent
zabbix-agent.service:
file.managed:
- name: /usr/lib/systemd/system/zabbix-agent.service
- source: salt://init/files/zabbix-agent.service
- template: jinja
- defaults:
zabbixagentconf: {{ pillar['zabbix-agent']['zabbixagentconf'] }}
- require:
- service: zabbix-agent
service.running:
- enable: True
- restart: True
- watch:
- pkg: zabbix-agent
- file: zabbix-agent
- file: zabbix-agent.service
[root@mcw01 ~]# cat /srv/salt/base/init/files/zabbix-agent.service
[Unit]
Description=Zabbix Agent
After=syslog.target
After=network.target [Service]
Environment="CONFFILE={{ zabbixagentconf }}"
EnvironmentFile=-/etc/sysconfig/zabbix-agent
Type=forking
Restart=on-failure
PIDFile=/run/zabbix/zabbix_agentd.pid
KillMode=control-group
ExecStart=/usr/sbin/zabbix_agentd -c $CONFFILE
ExecStop=/bin/kill -SIGTERM $MAINPID
RestartSec=10s
User=zabbix
Group=zabbix [Install]
WantedBy=multi-user.target
[root@mcw01 ~]#
执行一下,因为设置了,当发现
[root@mcw01 ~]# salt mcw02 state.sls init/zabbix_agent
mcw02:
----------
ID: zabbix-agent
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 20:08:39.984390
Duration: 1062.564 ms
Changes:
----------
ID: zabbix-agent
Function: file.managed
Name: /etc/zabbix_agentd.conf
Result: True
Comment: File /etc/zabbix_agentd.conf is in the correct state
Started: 20:08:41.050037
Duration: 97.242 ms
Changes:
----------
ID: zabbix_agentd.conf.d
Function: file.directory
Name: /etc/zabbix_agentd.conf.d
Result: True
Comment: The directory /etc/zabbix_agentd.conf.d is in the correct state
Started: 20:08:41.149787
Duration: 1.914 ms
Changes:
----------
ID: zabbix-agent
Function: service.running
Result: True
Comment: The service zabbix-agent is already running
Started: 20:08:41.151886
Duration: 139.773 ms
Changes:
----------
ID: zabbix-agent.service
Function: file.managed
Name: /usr/lib/systemd/system/zabbix-agent.service
Result: True
Comment: File /usr/lib/systemd/system/zabbix-agent.service updated
Started: 20:08:41.292505
Duration: 22.567 ms
Changes:
----------
diff:
---
+++
@@ -4,7 +4,7 @@
After=network.target [Service]
-Environment="CONFFILE=/etc/zabbix_agentd.c"
+Environment="CONFFILE=/etc/zabbix_agentd.conf"
EnvironmentFile=-/etc/sysconfig/zabbix-agent
Type=forking
Restart=on-failure
----------
ID: zabbix-agent.service
Function: service.running
Result: True
Comment: Service restarted
Started: 20:08:41.386038
Duration: 56.397 ms
Changes:
----------
zabbix-agent.service:
True Summary for mcw02
------------
Succeeded: 6 (changed=2)
Failed: 0
------------
Total states run: 6
Total run time: 1.380 s
[root@mcw01 ~]#
因为上面设置了,watch - file: zabbix-agent.service ,所以当这个 文件发生了改变,那么就会触发服务重启
如下,因为第一次我salt配置写错了,这个文件已经改变了,但是重启步骤是失败的。后来我修改正确salt配置,再次执行,但是这个启动文件因为已经改成终态了,这次就没有修改,所以没有触发重启agent。于是我把启动文件的启动配置,去掉nf,再次salt服务端执行这个配置同步。然后首先会把启动文件同步正确,因为启动文件发生了改变,所以触发重启zabbix-agent服务,于是,查看服务状态,可以看到使用的是我们自己定义的配置文件/etc/zabbix_agentd.conf,而不是安装这个包时默认的配置文件/etc/zabbix/zabbix_agentd.conf了
[root@mcw02 ~]# cat /usr/lib/systemd/system/zabbix-agent.service
[Unit]
Description=Zabbix Agent
After=syslog.target
After=network.target [Service]
Environment="CONFFILE=/etc/zabbix_agentd.c"
EnvironmentFile=-/etc/sysconfig/zabbix-agent
Type=forking
Restart=on-failure
PIDFile=/run/zabbix/zabbix_agentd.pid
KillMode=control-group
ExecStart=/usr/sbin/zabbix_agentd -c $CONFFILE
ExecStop=/bin/kill -SIGTERM $MAINPID
RestartSec=10s
User=zabbix
Group=zabbix [Install]
WantedBy=multi-user.target
[root@mcw02 ~]#
[root@mcw02 ~]#
[root@mcw02 ~]# systemctl status zabbix-agent
● zabbix-agent.service - Zabbix Agent
Loaded: loaded (/usr/lib/systemd/system/zabbix-agent.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2024-01-21 20:08:41 CST; 8s ago
Process: 34727 ExecStop=/bin/kill -SIGTERM $MAINPID (code=exited, status=0/SUCCESS)
Process: 34729 ExecStart=/usr/sbin/zabbix_agentd -c $CONFFILE (code=exited, status=0/SUCCESS)
Main PID: 34731 (zabbix_agentd)
CGroup: /system.slice/zabbix-agent.service
├─34731 /usr/sbin/zabbix_agentd -c /etc/zabbix_agentd.conf
├─34732 /usr/sbin/zabbix_agentd: collector [idle 1 sec]
├─34733 /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
├─34734 /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
└─34735 /usr/sbin/zabbix_agentd: listener #3 [waiting for connection] Jan 21 20:08:41 mcw02 systemd[1]: Starting Zabbix Agent...
Jan 21 20:08:41 mcw02 systemd[1]: PID file /run/zabbix/zabbix_agentd.pid not readable (yet?) after start.
Jan 21 20:08:41 mcw02 systemd[1]: Started Zabbix Agent.
[root@mcw02 ~]#
[root@mcw02 ~]# cat /usr/lib/systemd/system/zabbix-agent.service
[Unit]
Description=Zabbix Agent
After=syslog.target
After=network.target [Service]
Environment="CONFFILE=/etc/zabbix_agentd.conf"
EnvironmentFile=-/etc/sysconfig/zabbix-agent
Type=forking
Restart=on-failure
PIDFile=/run/zabbix/zabbix_agentd.pid
KillMode=control-group
ExecStart=/usr/sbin/zabbix_agentd -c $CONFFILE
ExecStop=/bin/kill -SIGTERM $MAINPID
RestartSec=10s
User=zabbix
Group=zabbix [Install]
WantedBy=multi-user.target
[root@mcw02 ~]#
服务管理的另一个案例参考
下面是服务状态管理的sls写法 [root@salt-master apache]# cat install-rpm.sls httpd: #状态ID
service.running: #服务状态运行
- enable: True #允许开机启动
- reload: True #允许reload服务,默认restart
- require: #服务运行依赖于下面红色区域httpd是否安装
- pkg: httpd
- watch:: #每次发现下面文件变化reloadnginx
- file: /etc/httpd/conf/httpd.conf
pkg.installed: #salt的yum安装包
- name: httpd #安装包名
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
初始化环境引用
把初始化环境的state文件统一归类都放在一个state文件里面,然后再把这个文件,加到root目录下的top.sls里面。这样执行state.highstate的时候,就会从salt的root目录下的top.sls开始执行同步配置。
[root@mcw01 ~]# vim /srv/salt/base/init/env_init.sls
[root@mcw01 ~]# vim /srv/salt/base/top.sls
[root@mcw01 ~]# cat /srv/salt/base/top.sls
base:
'*':
- init.env_init
[root@mcw01 ~]# cat /srv/salt/base/init/env_init.sls
include:
- init.dns
- init.history
- init.audit
- init.sysctl
- init.epel
#- init.zabbix_agent
[root@mcw01 ~]# tree /srv/
/srv/
├── pillar
│ ├── base
│ │ ├── top.sls
│ │ └── zabbix.sls
│ └── prod
└── salt
├── base
│ ├── init
│ │ ├── audit.sls
│ │ ├── dns.sls
│ │ ├── env_init.sls
│ │ ├── epel.sls
│ │ ├── files
│ │ │ ├── resolv.conf
│ │ │ ├── zabbix_agentd.conf
│ │ │ └── zabbix-agent.service
│ │ ├── history.sls
│ │ ├── sysctl.sls
│ │ └── zabbix_agent.sls
│ └── top.sls
└── prod 8 directories, 13 files
[root@mcw01 ~]#
执行之前,查看某一项
[root@mcw01 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 223.5.5.5
[root@mcw01 ~]#
生产环境中,每次执行状态,强烈建议先进行测试。下面就是测试
[root@mcw01 ~]# salt '*' state.highstate test=True
mcw04:
----------
ID: /etc/resolv.conf
Function: file.managed
Result: True
Comment: The file /etc/resolv.conf is in the correct state
Started: 21:38:29.954539
Duration: 54.09 ms
Changes:
----------
ID: /etc/profile
Function: file.append
Result: True
Comment: File /etc/profile is in correct state
Started: 21:38:30.009035
Duration: 8.958 ms
Changes:
----------
ID: /etc/bashrc
Function: file.append
Result: True
Comment: File /etc/bashrc is in correct state
Started: 21:38:30.018167
Duration: 4.788 ms
Changes:
----------
ID: net.ipv4.ip_local_port_range
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.ip_local_port_range = 10000 65000 is already set
Started: 21:38:30.027643
Duration: 146.727 ms
Changes:
----------
ID: fs.file-max
Function: sysctl.present
Result: True
Comment: Sysctl value fs.file-max = 2000000 is already set
Started: 21:38:30.174586
Duration: 7.174 ms
Changes:
----------
ID: net.ipv4.ip_forward
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.ip_forward = 1 is already set
Started: 21:38:30.181938
Duration: 6.812 ms
Changes:
----------
ID: vm.swappiness
Function: sysctl.present
Result: True
Comment: Sysctl value vm.swappiness = 0 is already set
Started: 21:38:30.188963
Duration: 13.37 ms
Changes:
----------
ID: yum_repo_release
Function: pkg.installed
Result: True
Comment: unless condition is true
Started: 21:38:31.450474
Duration: 1918.639 ms
Changes: Summary for mcw04
------------
Succeeded: 8
Failed: 0
------------
Total states run: 8
Total run time: 2.161 s
mcw03:
----------
ID: /etc/resolv.conf
Function: file.managed
Result: None
Comment: The file /etc/resolv.conf is set to be changed
Note: No changes made, actual changes may
be different due to other states.
Started: 21:38:30.269758
Duration: 93.687 ms
Changes:
----------
diff:
---
+++
@@ -1,2 +1,3 @@
# Generated by NetworkManager
+#salt tongbu by mcw
nameserver 223.5.5.5
----------
ID: /etc/profile
Function: file.append
Result: None
Comment: File /etc/profile is set to be updated
Started: 21:38:30.363625
Duration: 4.447 ms
Changes:
----------
diff:
--- +++ @@ -74,3 +74,4 @@ unset i
unset -f pathmunge
+export HISTIMEFORMAT="%F %T `whoami` "
----------
ID: /etc/bashrc
Function: file.append
Result: None
Comment: File /etc/bashrc is set to be updated
Started: 21:38:30.368213
Duration: 3.876 ms
Changes:
----------
diff:
--- +++ @@ -90,3 +90,4 @@ unset -f pathmunge
fi
# vim:ts=4:sw=4
+export PORMPT_COMMADN='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):['pwd']"$msg"; }'
----------
ID: net.ipv4.ip_local_port_range
Function: sysctl.present
Result: None
Comment: Sysctl option net.ipv4.ip_local_port_range set to be changed to 10000 65000
Started: 21:38:30.492115
Duration: 14.442 ms
Changes:
----------
ID: fs.file-max
Function: sysctl.present
Result: None
Comment: Sysctl option fs.file-max set to be changed to 2000000
Started: 21:38:30.506837
Duration: 7.093 ms
Changes:
----------
ID: net.ipv4.ip_forward
Function: sysctl.present
Result: None
Comment: Sysctl option net.ipv4.ip_forward set to be changed to 1
Started: 21:38:30.514295
Duration: 8.235 ms
Changes:
----------
ID: vm.swappiness
Function: sysctl.present
Result: None
Comment: Sysctl option vm.swappiness set to be changed to 0
Started: 21:38:30.522777
Duration: 4.947 ms
Changes:
----------
ID: yum_repo_release
Function: pkg.installed
Result: None
Comment: The following packages would be installed/updated: epel-release
Started: 21:38:32.009846
Duration: 3410.343 ms
Changes:
----------
installed:
----------
epel-release:
----------
new:
installed
old: Summary for mcw03
------------
Succeeded: 8 (unchanged=8, changed=4)
Failed: 0
------------
Total states run: 8
Total run time: 3.547 s
mcw02:
----------
ID: /etc/resolv.conf
Function: file.managed
Result: None
Comment: The file /etc/resolv.conf is set to be changed
Note: No changes made, actual changes may
be different due to other states.
Started: 21:38:30.205775
Duration: 100.353 ms
Changes:
----------
diff:
---
+++
@@ -1,2 +1,3 @@
# Generated by NetworkManager
+#salt tongbu by mcw
nameserver 223.5.5.5
----------
ID: /etc/profile
Function: file.append
Result: None
Comment: File /etc/profile is set to be updated
Started: 21:38:30.306438
Duration: 31.654 ms
Changes:
----------
diff:
--- +++ @@ -78,3 +78,4 @@ export JAVA_HOME=/usr/local/jdk
export HADOOP_HOME=/opt/hadoop
export PATH=${JAVA_HOME}/bin:/opt/hadoop/sbin/:${HADOOP_HOME}/bin:$PATH
+export HISTIMEFORMAT="%F %T `whoami` "
----------
ID: /etc/bashrc
Function: file.append
Result: None
Comment: File /etc/bashrc is set to be updated
Started: 21:38:30.338243
Duration: 31.526 ms
Changes:
----------
diff:
--- +++ @@ -90,3 +90,4 @@ unset -f pathmunge
fi
# vim:ts=4:sw=4
+export PORMPT_COMMADN='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):['pwd']"$msg"; }'
----------
ID: net.ipv4.ip_local_port_range
Function: sysctl.present
Result: None
Comment: Sysctl option net.ipv4.ip_local_port_range set to be changed to 10000 65000
Started: 21:38:30.518197
Duration: 271.7 ms
Changes:
----------
ID: fs.file-max
Function: sysctl.present
Result: None
Comment: Sysctl option fs.file-max set to be changed to 2000000
Started: 21:38:30.790375
Duration: 49.186 ms
Changes:
----------
ID: net.ipv4.ip_forward
Function: sysctl.present
Result: None
Comment: Sysctl option net.ipv4.ip_forward set to be changed to 1
Started: 21:38:30.839951
Duration: 10.306 ms
Changes:
----------
ID: vm.swappiness
Function: sysctl.present
Result: None
Comment: Sysctl option vm.swappiness set to be changed to 0
Started: 21:38:30.850666
Duration: 11.544 ms
Changes:
----------
ID: yum_repo_release
Function: pkg.installed
Result: None
Comment: The following packages would be installed/updated: epel-release
Started: 21:38:33.226082
Duration: 3518.017 ms
Changes:
----------
installed:
----------
epel-release:
----------
new:
installed
old: Summary for mcw02
------------
Succeeded: 8 (unchanged=8, changed=4)
Failed: 0
------------
Total states run: 8
Total run time: 4.024 s
mcw01:
----------
ID: /etc/resolv.conf
Function: file.managed
Result: None
Comment: The file /etc/resolv.conf is set to be changed
Note: No changes made, actual changes may
be different due to other states.
Started: 21:38:30.263510
Duration: 130.851 ms
Changes:
----------
diff:
---
+++
@@ -1,2 +1,3 @@
# Generated by NetworkManager
+#salt tongbu by mcw
nameserver 223.5.5.5
----------
ID: /etc/profile
Function: file.append
Result: None
Comment: File /etc/profile is set to be updated
Started: 21:38:30.394548
Duration: 12.506 ms
Changes:
----------
diff:
--- +++ @@ -78,3 +78,4 @@ export HADOOP_HOME=/opt/hadoop
export PATH=${JAVA_HOME}/bin:${HADOOP_HOME}/bin:$PATH
export PATH=/usr/local/bin:$PATH
+export HISTIMEFORMAT="%F %T `whoami` "
----------
ID: /etc/bashrc
Function: file.append
Result: None
Comment: File /etc/bashrc is set to be updated
Started: 21:38:30.407218
Duration: 8.792 ms
Changes:
----------
diff:
--- +++ @@ -90,3 +90,4 @@ unset -f pathmunge
fi
# vim:ts=4:sw=4
+export PORMPT_COMMADN='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):['pwd']"$msg"; }'
----------
ID: net.ipv4.ip_local_port_range
Function: sysctl.present
Result: None
Comment: Sysctl option net.ipv4.ip_local_port_range set to be changed to 10000 65000
Started: 21:38:30.517066
Duration: 338.453 ms
Changes:
----------
ID: fs.file-max
Function: sysctl.present
Result: None
Comment: Sysctl option fs.file-max set to be changed to 2000000
Started: 21:38:30.855819
Duration: 21.904 ms
Changes:
----------
ID: net.ipv4.ip_forward
Function: sysctl.present
Result: None
Comment: Sysctl option net.ipv4.ip_forward set to be changed to 1
Started: 21:38:30.878039
Duration: 15.628 ms
Changes:
----------
ID: vm.swappiness
Function: sysctl.present
Result: None
Comment: Sysctl option vm.swappiness set to be changed to 0
Started: 21:38:30.894243
Duration: 18.172 ms
Changes:
----------
ID: yum_repo_release
Function: pkg.installed
Result: None
Comment: The following packages would be installed/updated: epel-release
Started: 21:38:33.505212
Duration: 8170.088 ms
Changes:
----------
installed:
----------
epel-release:
----------
new:
installed
old: Summary for mcw01
------------
Succeeded: 8 (unchanged=8, changed=4)
Failed: 0
------------
Total states run: 8
Total run time: 8.716 s
[root@mcw01 ~]#
测试完成之后,可以看到没有改变
[root@mcw01 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 223.5.5.5
[root@mcw01 ~]#
这次是直接执行
[root@mcw01 ~]# salt '*' state.highstate
[root@mcw01 ~]# salt '*' state.highstate
mcw04:
----------
ID: /etc/resolv.conf
Function: file.managed
Result: True
Comment: File /etc/resolv.conf is in the correct state
Started: 21:42:34.235965
Duration: 55.936 ms
Changes:
----------
ID: /etc/profile
Function: file.append
Result: True
Comment: File /etc/profile is in correct state
Started: 21:42:34.292065
Duration: 7.791 ms
Changes:
----------
ID: /etc/bashrc
Function: file.append
Result: True
Comment: File /etc/bashrc is in correct state
Started: 21:42:34.299993
Duration: 3.367 ms
Changes:
----------
ID: net.ipv4.ip_local_port_range
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.ip_local_port_range = 10000 65000 is already set
Started: 21:42:34.307249
Duration: 18.77 ms
Changes:
----------
ID: fs.file-max
Function: sysctl.present
Result: True
Comment: Sysctl value fs.file-max = 2000000 is already set
Started: 21:42:34.326404
Duration: 11.83 ms
Changes:
----------
ID: net.ipv4.ip_forward
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.ip_forward = 1 is already set
Started: 21:42:34.338527
Duration: 7.342 ms
Changes:
----------
ID: vm.swappiness
Function: sysctl.present
Result: True
Comment: Sysctl value vm.swappiness = 0 is already set
Started: 21:42:34.346499
Duration: 21.213 ms
Changes:
----------
ID: yum_repo_release
Function: pkg.installed
Result: True
Comment: unless condition is true
Started: 21:42:36.760458
Duration: 1472.676 ms
Changes: Summary for mcw04
------------
Succeeded: 8
Failed: 0
------------
Total states run: 8
Total run time: 1.599 s
mcw02:
----------
ID: /etc/resolv.conf
Function: file.managed
Result: True
Comment: File /etc/resolv.conf updated
Started: 21:42:35.541973
Duration: 47.744 ms
Changes:
----------
diff:
---
+++
@@ -1,2 +1,3 @@
# Generated by NetworkManager
+#salt tongbu by mcw
nameserver 223.5.5.5
----------
ID: /etc/profile
Function: file.append
Result: True
Comment: Appended 1 lines
Started: 21:42:35.589906
Duration: 8.72 ms
Changes:
----------
diff:
--- +++ @@ -78,3 +78,4 @@ export JAVA_HOME=/usr/local/jdk
export HADOOP_HOME=/opt/hadoop
export PATH=${JAVA_HOME}/bin:/opt/hadoop/sbin/:${HADOOP_HOME}/bin:$PATH
+export HISTIMEFORMAT="%F %T `whoami` "
----------
ID: /etc/bashrc
Function: file.append
Result: True
Comment: Appended 1 lines
Started: 21:42:35.598909
Duration: 6.583 ms
Changes:
----------
diff:
--- +++ @@ -90,3 +90,4 @@ unset -f pathmunge
fi
# vim:ts=4:sw=4
+export PORMPT_COMMADN='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):['pwd']"$msg"; }'
----------
ID: net.ipv4.ip_local_port_range
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.ip_local_port_range = 10000 65000
Started: 21:42:35.610101
Duration: 163.781 ms
Changes:
----------
net.ipv4.ip_local_port_range:
10000 65000
----------
ID: fs.file-max
Function: sysctl.present
Result: True
Comment: Updated sysctl value fs.file-max = 2000000
Started: 21:42:35.774186
Duration: 64.57 ms
Changes:
----------
fs.file-max:
2000000
----------
ID: net.ipv4.ip_forward
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.ip_forward = 1
Started: 21:42:35.839090
Duration: 14.334 ms
Changes:
----------
net.ipv4.ip_forward:
1
----------
ID: vm.swappiness
Function: sysctl.present
Result: True
Comment: Updated sysctl value vm.swappiness = 0
Started: 21:42:35.853832
Duration: 15.413 ms
Changes:
----------
vm.swappiness:
0
----------
ID: yum_repo_release
Function: pkg.installed
Result: True
Comment: The following packages were installed/updated: epel-release
Started: 21:42:41.534962
Duration: 13671.436 ms
Changes:
----------
epel-release:
----------
new:
7-14
old: Summary for mcw02
------------
Succeeded: 8 (changed=8)
Failed: 0
------------
Total states run: 8
Total run time: 13.993 s
mcw03:
----------
ID: /etc/resolv.conf
Function: file.managed
Result: True
Comment: File /etc/resolv.conf updated
Started: 21:42:34.422063
Duration: 74.895 ms
Changes:
----------
diff:
---
+++
@@ -1,2 +1,3 @@
# Generated by NetworkManager
+#salt tongbu by mcw
nameserver 223.5.5.5
----------
ID: /etc/profile
Function: file.append
Result: True
Comment: Appended 1 lines
Started: 21:42:34.497184
Duration: 12.325 ms
Changes:
----------
diff:
--- +++ @@ -74,3 +74,4 @@ unset i
unset -f pathmunge
+export HISTIMEFORMAT="%F %T `whoami` "
----------
ID: /etc/bashrc
Function: file.append
Result: True
Comment: Appended 1 lines
Started: 21:42:34.509655
Duration: 4.676 ms
Changes:
----------
diff:
--- +++ @@ -90,3 +90,4 @@ unset -f pathmunge
fi
# vim:ts=4:sw=4
+export PORMPT_COMMADN='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):['pwd']"$msg"; }'
----------
ID: net.ipv4.ip_local_port_range
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.ip_local_port_range = 10000 65000
Started: 21:42:34.517698
Duration: 32.789 ms
Changes:
----------
net.ipv4.ip_local_port_range:
10000 65000
----------
ID: fs.file-max
Function: sysctl.present
Result: True
Comment: Updated sysctl value fs.file-max = 2000000
Started: 21:42:34.550730
Duration: 12.706 ms
Changes:
----------
fs.file-max:
2000000
----------
ID: net.ipv4.ip_forward
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.ip_forward = 1
Started: 21:42:34.564214
Duration: 32.179 ms
Changes:
----------
net.ipv4.ip_forward:
1
----------
ID: vm.swappiness
Function: sysctl.present
Result: True
Comment: Updated sysctl value vm.swappiness = 0
Started: 21:42:34.597219
Duration: 16.579 ms
Changes:
----------
vm.swappiness:
0
----------
ID: yum_repo_release
Function: pkg.installed
Result: True
Comment: The following packages were installed/updated: epel-release
Started: 21:42:36.500283
Duration: 19741.44 ms
Changes:
----------
epel-release:
----------
new:
7-14
old: Summary for mcw03
------------
Succeeded: 8 (changed=8)
Failed: 0
------------
Total states run: 8
Total run time: 19.928 s
mcw01:
----------
ID: /etc/resolv.conf
Function: file.managed
Result: True
Comment: File /etc/resolv.conf updated
Started: 21:42:35.036988
Duration: 86.667 ms
Changes:
----------
diff:
---
+++
@@ -1,2 +1,3 @@
# Generated by NetworkManager
+#salt tongbu by mcw
nameserver 223.5.5.5
----------
ID: /etc/profile
Function: file.append
Result: True
Comment: Appended 1 lines
Started: 21:42:35.123922
Duration: 38.29 ms
Changes:
----------
diff:
--- +++ @@ -78,3 +78,4 @@ export HADOOP_HOME=/opt/hadoop
export PATH=${JAVA_HOME}/bin:${HADOOP_HOME}/bin:$PATH
export PATH=/usr/local/bin:$PATH
+export HISTIMEFORMAT="%F %T `whoami` "
----------
ID: /etc/bashrc
Function: file.append
Result: True
Comment: Appended 1 lines
Started: 21:42:35.162664
Duration: 13.843 ms
Changes:
----------
diff:
--- +++ @@ -90,3 +90,4 @@ unset -f pathmunge
fi
# vim:ts=4:sw=4
+export PORMPT_COMMADN='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):['pwd']"$msg"; }'
----------
ID: net.ipv4.ip_local_port_range
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.ip_local_port_range = 10000 65000
Started: 21:42:35.180432
Duration: 22.047 ms
Changes:
----------
net.ipv4.ip_local_port_range:
10000 65000
----------
ID: fs.file-max
Function: sysctl.present
Result: True
Comment: Updated sysctl value fs.file-max = 2000000
Started: 21:42:35.202840
Duration: 9.548 ms
Changes:
----------
fs.file-max:
2000000
----------
ID: net.ipv4.ip_forward
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.ip_forward = 1
Started: 21:42:35.212718
Duration: 68.604 ms
Changes:
----------
net.ipv4.ip_forward:
1
----------
ID: vm.swappiness
Function: sysctl.present
Result: True
Comment: Updated sysctl value vm.swappiness = 0
Started: 21:42:35.281773
Duration: 37.783 ms
Changes:
----------
vm.swappiness:
0
----------
ID: yum_repo_release
Function: pkg.installed
Result: True
Comment: The following packages were installed/updated: epel-release
Started: 21:42:38.014032
Duration: 23956.97 ms
Changes:
----------
epel-release:
----------
new:
7-14
old: Summary for mcw01
------------
Succeeded: 8 (changed=8)
Failed: 0
------------
Total states run: 8
Total run time: 24.234 s
[root@mcw01 ~]#
执行完成之后,检查下,就可以看到某个配置已经是新的了
[root@mcw01 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
#salt tongbu by mcw
nameserver 223.5.5.5
[root@mcw01 ~]#
定时同步salt配置的方法
salt state.highstate
如果您希望使用SaltStack中的state.highstate模块定时执行,您可以使用Salt的cron表达式或Salt的定时任务功能。
- 使用cron表达式:
在Salt配置文件(通常为/etc/salt/master)中,找到schedule部分,并添加以下内容:
schedule:
highstate_daily:
function: state.highstate
cron:
- every 24 hours
这将设置一个计划任务,每天定时执行state.highstate。
每天执行一次的参考
schedule:
highstate_daily:
function: state.highstate
minutes: 0
hours: 0
每小时执行一次的参考
schedule:
highstate_hourly:
function: state.highstate
minutes: 0
hours: 1
每分钟执行一次的参考
schedule:
highstate_minute:
function: state.highstate
minutes: 1
可以每5秒一次吗?回答如下:
在SaltStack中,state.highstate命令用于同步整个状态树。然而,Salt本身并不直接支持每5秒执行一次state.highstate。Salt的定时任务通常是以更长的时间间隔(如分钟、小时或天)来设置的。
如果你希望每5秒同步一次状态,这可能意味着你的状态树变化非常频繁,或者你正在尝试实现某种特定的同步策略。在这种情况下,你可能需要考虑其他解决方案,而不是依赖Salt的定时任务。
如果你确实需要每5秒执行一次同步,你可以考虑使用外部工具或脚本来调用salt-call命令,并通过cron作业或其他调度机制每5秒运行这个外部工具或脚本。例如,你可以使用一个简单的shell脚本或Python脚本,通过cron作业每5秒调用一次该脚本,该脚本再调用salt-call state.highstate。
请注意,频繁地同步整个状态树可能会对系统性能产生影响,并可能导致不必要的网络流量和计算负载。在实施这样的策略之前,请确保你了解其潜在的影响,并评估是否真的需要如此频繁的同步。
修改添加,每分钟一次的配置
[root@mcw01 ~]# tail -14 /etc/salt/master
file_roots:
base:
- /srv/salt/base
prod:
- /srv/salt/prod
pillar_roots:
base:
- /srv/pillar/base
prod:
- /srv/pillar/prod
schedule:
highstate_minute:
function: state.highstate
minutes: 1
[root@mcw01 ~]#
重启master
[root@mcw01 ~]# systemctl restart salt-master
将配置改错
[root@mcw01 ~]# vim /etc/resolv.conf
[root@mcw01 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
#salt tongbu by mcw gaicuo
nameserver 223.5.5.5
[root@mcw01 ~]#
结果报错了
[root@mcw01 ~]# less /var/log/salt/master
2024-01-21 22:02:13,993 [salt.utils.schedule:875 ][ERROR ][82697] Unhandled exception running state.highstate
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/salt/utils/schedule.py", line 777, in handle_func
message=self.functions.missing_fun_string(func)
File "/usr/lib/python3.6/site-packages/salt/utils/error.py", line 29, in raise_error
raise ex(message)
Exception: 'state.highstate' is not available.
2. 使用Salt的定时任务功能:
首先,在您的Salt环境中,使用salt-run命令来创建定时任务。打开终端,输入以下命令:
salt-run state.ScheduledJob create_job 'salt state.highstate' 'cron(* * * *)'
这将创建一个每天执行的定时任务。您可以根据需要更改cron表达式以设置不同的执行频率。
无论您选择哪种方法,确保在配置更改后重新加载Salt master服务,以使更改生效。
注意:上述方法仅适用于SaltStack的环境和配置。根据您使用的具体环境和配置,可能会有所不同。请根据您的实际情况进行适当的调整。
salt-call state.highstate
如果您想使用 salt-call 命令来定时执行 state.highstate,您可以使用以下方法:
- 使用cron表达式:
在您的系统上,打开cron配置文件(通常是 /etc/crontab 或 /etc/cron.d/ 目录下的文件)。在文件中,您可以添加一个新的cron作业来定期执行 salt-call state.highstate 命令。
例如,如果您希望每天凌晨1点执行 salt-call state.highstate,您可以添加以下行:
javascript复制代码
| 0 1 * * * root salt-call state.highstate |
保存并关闭文件后,cron作业将按照您设置的计划自动执行。
2. 使用定时任务工具:
您还可以使用系统提供的定时任务工具来定期执行 salt-call state.highstate。具体方法取决于您使用的操作系统和定时任务工具。常见的定时任务工具包括 cron、anacron、systemd 等。
使用定时任务工具时,您需要创建一个新的定时任务,指定要执行的命令(在这种情况下是 salt-call state.highstate),并设置适当的执行频率。根据您使用的工具和配置,具体的步骤可能会有所不同。
请注意,为了成功执行 salt-call 命令,您的系统上必须已经安装了SaltStack软件,并且您的用户帐户必须具有适当的权限。此外,确保在配置更改后重新启动定时任务服务或重新加载cron作业,以便使更改生效。
这些方法中的选择取决于您的具体需求和系统配置。选择适合您环境和需求的解决方案,并根据需要进行适当的调整。
haproxy配置管理
创建目录结构
[root@mcw01 ~]# tree /srv/
/srv/
├── pillar
│ ├── base
│ │ ├── top.sls
│ │ └── zabbix.sls
│ └── prod
└── salt
├── base
│ ├── init
│ │ ├── audit.sls
│ │ ├── dns.sls
│ │ ├── env_init.sls
│ │ ├── epel.sls
│ │ ├── files
│ │ │ ├── resolv.conf
│ │ │ ├── zabbix_agentd.conf
│ │ │ └── zabbix-agent.service
│ │ ├── history.sls
│ │ ├── sysctl.sls
│ │ └── zabbix_agent.sls
│ └── top.sls
└── prod 8 directories, 13 files
[root@mcw01 ~]# mkdir /srv/salt/prod/pkg -p
[root@mcw01 ~]# mkdir /srv/salt/prod/haproxy/files -p
[root@mcw01 ~]# mkdir /srv/salt/prod/keepalived/files -p
[root@mcw01 ~]#
pkg配置
[root@mcw01 ~]# vim /srv/salt/prod/pkg/pkg-init.sls
[root@mcw01 ~]# cat /srv/salt/prod/pkg/pkg-init.sls
pkg-init:
pkg.installed:
- names:
- gcc
- gcc-c++
- glibc
- make
- autoconf
- openssl
- openssl-devel
[root@mcw01 ~]#
执行报错了
[root@mcw01 ~]# salt mcw03 state.sls pkg/pkg-init
mcw03:
Data failed to compile:
----------
No matching sls found for 'pkg/pkg-init' in env 'base'
ERROR: Minions returned with non-zero exit code
[root@mcw01 ~]#
修改base,
[root@mcw01 ~]# tail -16 /etc/salt/master
file_roots:
base:
- /srv/salt/
mbase:
- /srv/salt/base
prod:
- /srv/salt/prod
pillar_roots:
base:
- /srv/pillar/base
prod:
- /srv/pillar/prod
schedule:
highstate_minute:
function: state.highstate
minutes: 1
[root@mcw01 ~]#
再次执行安装
[root@mcw01 ~]# salt mcw03 state.sls prod/pkg/pkg-init
mcw03:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc
Result: True
Comment: All specified packages are already installed
Started: 01:10:08.934913
Duration: 1038.382 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc-c++
Result: True
Comment: All specified packages are already installed
Started: 01:10:09.973704
Duration: 38.567 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: glibc
Result: True
Comment: All specified packages are already installed
Started: 01:10:10.012561
Duration: 22.516 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: make
Result: True
Comment: All specified packages are already installed
Started: 01:10:10.035372
Duration: 33.593 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: autoconf
Result: True
Comment: All specified packages are already installed
Started: 01:10:10.069263
Duration: 33.301 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl
Result: True
Comment: All specified packages are already installed
Started: 01:10:10.102750
Duration: 32.557 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl-devel
Result: True
Comment: The following packages were installed/updated: openssl-devel
Started: 01:10:10.135522
Duration: 61334.854 ms
Changes:
----------
e2fsprogs:
----------
new:
1.42.9-19.el7
old:
1.42.9-10.el7
e2fsprogs-libs:
----------
new:
1.42.9-19.el7
old:
1.42.9-10.el7
keyutils-libs-devel:
----------
new:
1.5.8-3.el7
old:
krb5-devel:
----------
new:
1.15.1-55.el7_9
old:
krb5-libs:
----------
new:
1.15.1-55.el7_9
old:
1.15.1-8.el7
libcom_err:
----------
new:
1.42.9-19.el7
old:
1.42.9-10.el7
libcom_err-devel:
----------
new:
1.42.9-19.el7
old:
libkadm5:
----------
new:
1.15.1-55.el7_9
old:
libselinux-devel:
----------
new:
2.5-15.el7
old:
libsepol-devel:
----------
new:
2.5-10.el7
old:
libss:
----------
new:
1.42.9-19.el7
old:
1.42.9-10.el7
libverto-devel:
----------
new:
0.2.5-4.el7
old:
openssl:
----------
new:
1:1.0.2k-26.el7_9
old:
1:1.0.2k-8.el7
openssl-devel:
----------
new:
1:1.0.2k-26.el7_9
old:
openssl-libs:
----------
new:
1:1.0.2k-26.el7_9
old:
1:1.0.2k-8.el7
pcre-devel:
----------
new:
8.32-17.el7
old:
zlib:
----------
new:
1.2.7-21.el7_9
old:
1.2.7-17.el7
zlib-devel:
----------
new:
1.2.7-21.el7_9
old: Summary for mcw03
------------
Succeeded: 7 (changed=1)
Failed: 0
------------
Total states run: 7
Total run time: 62.534 s
[root@mcw01 ~]#
在执行配置同步的过程中,可以看到目标机器在安装包
[root@mcw03 ~]# ps -ef|grep yum
root 92532 92485 5 01:10 ? 00:00:02 /usr/bin/python /usr/bin/yum -y install openssl-devel
root 92683 2060 0 01:11 pts/0 00:00:00 grep --color=auto yum
[root@mcw03 ~]# ps -ef|grep yum
root 92696 2060 0 01:11 pts/0 00:00:00 grep --color=auto yum
[root@mcw03 ~]#
也可以用其它办法:既然它是找环境base,那么将prod的,也作为列表元素之一,放到base下面。这样重启之后,prod目录下的,也是可以找到的。
file_roots:
base:
- /srv/salt/base
- /srv/salt/prod
[root@mcw01 examples]# salt mcw03 state.sls pkg/pkg-init
mcw03:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc
Result: True
Comment: All specified packages ar
haproxy服务配置
通过https://www.haproxy.org/ 下载包,1.5的包
之前配置的prod不行,这样配置,也能找到第二个根目录下的文件
file_roots:
base:
- /srv/salt/base
- /srv/salt/prod
查看之前创建的目录
[root@mcw01 ~]# tree /srv/
/srv/
├── pillar
│ ├── base
│ │ ├── top.sls
│ │ └── zabbix.sls
│ └── prod
└── salt
├── base
│ ├── init
│ │ ├── audit.sls
│ │ ├── dns.sls
│ │ ├── env_init.sls
│ │ ├── epel.sls
│ │ ├── files
│ │ │ ├── resolv.conf
│ │ │ ├── zabbix_agentd.conf
│ │ │ └── zabbix-agent.service
│ │ ├── history.sls
│ │ ├── sysctl.sls
│ │ └── zabbix_agent.sls
│ └── top.sls
└── prod
├── haproxy
│ └── files
├── keepalived
│ └── files
└── pkg
└── pkg-init.sls 13 directories, 14 files
[root@mcw01 ~]#
将软件包复制到salt里面
[root@mcw01 ~]# cd /usr/local/src/
[root@mcw01 src]# ls
[root@mcw01 src]# rz -E
rz waiting to receive.
[root@mcw01 src]# ls
haproxy-1.5.19.tar.gz
[root@mcw01 src]# mkdir /srv/salt/test/haproxy/files/ -p
[root@mcw01 src]# cp haproxy-1.5.19.tar.gz /srv/salt/test/haproxy/files/
[root@mcw01 src]# tar haproxy-1.5.19.tar.gz
tar: Old option `g' requires an argument.
Try `tar --help' or `tar --usage' for more information.
[root@mcw01 src]# tar xf haproxy-1.5.19.tar.gz
[root@mcw01 src]# ls
haproxy-1.5.19 haproxy-1.5.19.tar.gz
[root@mcw01 src]# cd /usr/local/src/haproxy-1.5.19/examples/
[root@mcw01 examples]# ls ../
CHANGELOG contrib CONTRIBUTING doc ebtree examples include LICENSE Makefile README ROADMAP src SUBVERS tests VERDATE VERSION
[root@mcw01 examples]# ls
acl-content-sw.cfg check.conf debug2ansi examples.cfg haproxy.spec linux-2.4.21-40.EL-custom.diff stats_haproxy.sh url-switching.cfg
auth.cfg config.rc.haproxy debug2html haproxy-1.1.21-flx.1.pkg haproxy.vim option-http_proxy.cfg tarpit.cfg
build.cfg content-sw-sample.cfg debugfind haproxy.cfg init.haproxy rc.highsock test-section-kw.cfg
check cttproxy-src.cfg errorfiles haproxy.init init.haproxy.flx0 ssl.cfg transparent_proxy.cfg
[root@mcw01 examples]# sed -i 's/\/usr\/sbin\/'\$BASENAME/\/usr\/local\/\/haproxy\/sbin\/'\$BASENAME'/g' haproxy.init ^C #这步省略,我这个版本的,原本就跟替换后的结果是相同的,不需要再替换这一步
[root@mcw01 examples]# cp haproxy.init /srv/salt/test/haproxy/files/
[root@mcw01 examples]# ls /srv/salt/test/haproxy/files/
haproxy-1.5.19.tar.gz haproxy.init
[root@mcw01 examples]#
编写haproxy安装sls
[root@mcw01 examples]# tree /srv/salt/prod/
/srv/salt/prod/
├── haproxy
│ ├── files
│ └── install.sls
├── keepalived
│ └── files
└── pkg
└── pkg-init.sls 5 directories, 2 files
[root@mcw01 examples]# cat /srv/salt/prod/haproxy/install.sls
include:
- pkg.pkg-init
haproxy-install:
file.managed:
- name: /usr/local/src/haproxy-1.5.19.tar.gz
- source: salt://haproxy/files/haproxy-1.5.19.tar.gz
- mode: 755
- user: root
- group: root
cmd.run:
- name: cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
- unless: test -d /usr/local/haproxy
- require:
- pkg: pkg-init
- file: haproxy-install
/etc/init.d/haproxy:
file.managed:
- source: salt://haproxy/files/haproxy.init
- mode: 755
- user: root
- group: root
- require:
- cmd: haproxy-install
net.ipv4.ip_nonlocal_bind:
sysctl.present:
- value: 1
haproxy-config-dir:
file.directory:
- name: /etc/haproxy
- mode: 755
- user: root
- group: root
haproxy-init:
cmd.rum:
- name: chkconfig --add haproxy
- unless: chkconfig --list|grep haproxy
- require:
- file: /etc/init.d/haproxy
[root@mcw01 examples]#
执行报错了
[root@mcw01 examples]# cat /srv/salt/prod/haproxy/install.sls ^C
[root@mcw01 examples]# vim /srv/salt/prod/haproxy/install.sls
[root@mcw01 examples]#
[root@mcw01 examples]# salt mcw03 state.sls haproxy/install
mcw03:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc
Result: True
Comment: All specified packages are already installed
Started: 00:35:21.276030
Duration: 925.27 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc-c++
Result: True
Comment: All specified packages are already installed
Started: 00:35:22.201509
Duration: 26.511 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: glibc
Result: True
Comment: All specified packages are already installed
Started: 00:35:22.228177
Duration: 23.531 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: make
Result: True
Comment: All specified packages are already installed
Started: 00:35:22.252043
Duration: 26.759 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: autoconf
Result: True
Comment: All specified packages are already installed
Started: 00:35:22.278967
Duration: 21.453 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl
Result: True
Comment: All specified packages are already installed
Started: 00:35:22.300596
Duration: 23.296 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl-devel
Result: True
Comment: All specified packages are already installed
Started: 00:35:22.324050
Duration: 31.88 ms
Changes:
----------
ID: haproxy-install
Function: file.managed
Name: /usr/local/src/haproxy-1.5.19.tar.gz
Result: False
Comment: Source file salt://haproxy/files/haproxy-1.5.19.tar.gz not found in saltenv 'base'
Started: 00:35:22.359999
Duration: 21.367 ms
Changes:
----------
ID: haproxy-install
Function: cmd.run
Name: cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
Result: False
Comment: One or more requisite failed: haproxy/install.haproxy-install
Started: 00:35:22.382768
Duration: 0.006 ms
Changes:
----------
ID: /etc/init.d/haproxy
Function: file.managed
Result: False
Comment: One or more requisite failed: haproxy/install.haproxy-install
Started: 00:35:22.382960
Duration: 0.003 ms
Changes:
----------
ID: net.ipv4.ip_nonlocal_bind
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.ip_nonlocal_bind = 1
Started: 00:35:22.383404
Duration: 14.245 ms
Changes:
----------
net.ipv4.ip_nonlocal_bind:
1
----------
ID: haproxy-config-dir
Function: file.directory
Name: /etc/haproxy
Result: True
Comment:
Started: 00:35:22.397982
Duration: 2.186 ms
Changes:
----------
/etc/haproxy:
----------
directory:
new
----------
ID: haproxy-init
Function: cmd.rum
Name: chkconfig --add haproxy
Result: False
Comment: One or more requisite failed: haproxy/install./etc/init.d/haproxy
Started: 00:35:23.263348
Duration: 0.021 ms
Changes: Summary for mcw03
------------
Succeeded: 9 (changed=2)
Failed: 4
------------
Total states run: 13
Total run time: 1.117 s
ERROR: Minions returned with non-zero exit code
[root@mcw01 examples]#
缺少包,再次执行
[root@mcw01 src]# ls
haproxy-1.5.19 haproxy-1.5.19.tar.gz
[root@mcw01 src]# cp haproxy-1.5.19.tar.gz /srv/salt/prod/haproxy/files/
[root@mcw01 src]# tree /srv/salt/prod/
/srv/salt/prod/
├── haproxy
│ ├── files
│ │ └── haproxy-1.5.19.tar.gz
│ └── install.sls
├── keepalived
│ └── files
└── pkg
└── pkg-init.sls 5 directories, 3 files
[root@mcw01 src]# salt mcw03 state.sls haproxy/install
查看执行结果,还是报错,还是缺少一个文件
[root@mcw01 src]# salt mcw03 state.sls haproxy/install
mcw03:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc
Result: True
Comment: All specified packages are already installed
Started: 00:39:39.727217
Duration: 988.523 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc-c++
Result: True
Comment: All specified packages are already installed
Started: 00:39:40.716133
Duration: 40.366 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: glibc
Result: True
Comment: All specified packages are already installed
Started: 00:39:40.756791
Duration: 33.061 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: make
Result: True
Comment: All specified packages are already installed
Started: 00:39:40.790037
Duration: 29.214 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: autoconf
Result: True
Comment: All specified packages are already installed
Started: 00:39:40.819403
Duration: 37.064 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl
Result: True
Comment: All specified packages are already installed
Started: 00:39:40.856826
Duration: 38.02 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl-devel
Result: True
Comment: All specified packages are already installed
Started: 00:39:40.895079
Duration: 20.466 ms
Changes:
----------
ID: haproxy-install
Function: file.managed
Name: /usr/local/src/haproxy-1.5.19.tar.gz
Result: True
Comment: File /usr/local/src/haproxy-1.5.19.tar.gz updated
Started: 00:39:40.917930
Duration: 67.767 ms
Changes:
----------
mode:
0755
----------
ID: haproxy-install
Function: cmd.run
Name: cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
Result: True
Comment: Command "cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy" run
Started: 00:39:40.987423
Duration: 20662.639 ms
Changes:
----------
pid:
87266
retcode:
0
stderr:
stdout:
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" \
-DBUILD_TARGET='"linux26"' \
-DBUILD_ARCH='""' \
-DBUILD_CPU='"generic"' \
-DBUILD_CC='"gcc"' \
-DBUILD_CFLAGS='"-O2 -g -fno-strict-aliasing"' \
-DBUILD_OPTIONS='""' \
-c -o src/haproxy.o src/haproxy.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/sessionhash.o src/sessionhash.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/base64.o src/base64.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/protocol.o src/protocol.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/uri_auth.o src/uri_auth.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/standard.o src/standard.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/buffer.o src/buffer.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/log.o src/log.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/task.o src/task.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/chunk.o src/chunk.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/channel.o src/channel.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/listener.o src/listener.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/time.o src/time.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/fd.o src/fd.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/pipe.o src/pipe.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/regex.o src/regex.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/cfgparse.o src/cfgparse.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/server.o src/server.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/checks.o src/checks.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/queue.o src/queue.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/frontend.o src/frontend.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/proxy.o src/proxy.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/peers.o src/peers.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/arg.o src/arg.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/stick_table.o src/stick_table.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/proto_uxst.o src/proto_uxst.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/connection.o src/connection.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/proto_http.o src/proto_http.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/raw_sock.o src/raw_sock.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/appsession.o src/appsession.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/backend.o src/backend.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/lb_chash.o src/lb_chash.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/lb_fwlc.o src/lb_fwlc.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/lb_fwrr.o src/lb_fwrr.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/lb_map.o src/lb_map.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/lb_fas.o src/lb_fas.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/stream_interface.o src/stream_interface.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/dumpstats.o src/dumpstats.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/proto_tcp.o src/proto_tcp.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/session.o src/session.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/hdr_idx.o src/hdr_idx.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/ev_select.o src/ev_select.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/signal.o src/signal.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/acl.o src/acl.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/sample.o src/sample.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/memory.o src/memory.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/freq_ctr.o src/freq_ctr.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/auth.o src/auth.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/compression.o src/compression.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/payload.o src/payload.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/hash.o src/hash.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/pattern.o src/pattern.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/map.o src/map.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/ev_poll.o src/ev_poll.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/ev_epoll.o src/ev_epoll.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o ebtree/ebtree.o ebtree/ebtree.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o ebtree/eb32tree.o ebtree/eb32tree.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o ebtree/eb64tree.o ebtree/eb64tree.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o ebtree/ebmbtree.o ebtree/ebmbtree.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o ebtree/ebsttree.o ebtree/ebsttree.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o ebtree/ebimtree.o ebtree/ebimtree.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o ebtree/ebistree.o ebtree/ebistree.c
gcc -g -o haproxy src/haproxy.o src/sessionhash.o src/base64.o src/protocol.o src/uri_auth.o src/standard.o src/buffer.o src/log.o src/task.o src/chunk.o src/channel.o src/listener.o src/time.o src/fd.o src/pipe.o src/regex.o src/cfgparse.o src/server.o src/checks.o src/queue.o src/frontend.o src/proxy.o src/peers.o src/arg.o src/stick_table.o src/proto_uxst.o src/connection.o src/proto_http.o src/raw_sock.o src/appsession.o src/backend.o src/lb_chash.o src/lb_fwlc.o src/lb_fwrr.o src/lb_map.o src/lb_fas.o src/stream_interface.o src/dumpstats.o src/proto_tcp.o src/session.o src/hdr_idx.o src/ev_select.o src/signal.o src/acl.o src/sample.o src/memory.o src/freq_ctr.o src/auth.o src/compression.o src/payload.o src/hash.o src/pattern.o src/map.o src/ev_poll.o src/ev_epoll.o ebtree/ebtree.o ebtree/eb32tree.o ebtree/eb64tree.o ebtree/ebmbtree.o ebtree/ebsttree.o ebtree/ebimtree.o ebtree/ebistree.o -lcrypt
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" \
-DSBINDIR='"/usr/local/haproxy/sbin"' \
-c -o src/haproxy-systemd-wrapper.o src/haproxy-systemd-wrapper.c
gcc -g -o haproxy-systemd-wrapper src/haproxy-systemd-wrapper.o -lcrypt
install -d "/usr/local/haproxy/sbin"
install haproxy "/usr/local/haproxy/sbin"
install -d "/usr/local/haproxy/share/man"/man1
install -m 644 doc/haproxy.1 "/usr/local/haproxy/share/man"/man1
install -d "/usr/local/haproxy/doc/haproxy"
for x in configuration architecture haproxy-en haproxy-fr; do \
install -m 644 doc/$x.txt "/usr/local/haproxy/doc/haproxy" ; \
done
----------
ID: /etc/init.d/haproxy
Function: file.managed
Result: False
Comment: Source file salt://haproxy/files/haproxy.init not found in saltenv 'base'
Started: 00:40:01.650927
Duration: 12.386 ms
Changes:
----------
ID: net.ipv4.ip_nonlocal_bind
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.ip_nonlocal_bind = 1 is already set
Started: 00:40:01.663479
Duration: 7.979 ms
Changes:
----------
ID: haproxy-config-dir
Function: file.directory
Name: /etc/haproxy
Result: True
Comment: The directory /etc/haproxy is in the correct state
Started: 00:40:01.671656
Duration: 1.432 ms
Changes:
----------
ID: haproxy-init
Function: cmd.rum
Name: chkconfig --add haproxy
Result: False
Comment: One or more requisite failed: haproxy/install./etc/init.d/haproxy
Started: 00:40:01.680467
Duration: 0.007 ms
Changes: Summary for mcw03
-------------
Succeeded: 11 (changed=2)
Failed: 2
-------------
Total states run: 13
Total run time: 21.939 s
ERROR: Minions returned with non-zero exit code
[root@mcw01 src]#
将缺少的文件复制过去
[root@mcw01 src]# tree /srv/salt/prod/
/srv/salt/prod/
├── haproxy
│ ├── files
│ │ └── haproxy-1.5.19.tar.gz
│ └── install.sls
├── keepalived
│ └── files
└── pkg
└── pkg-init.sls 5 directories, 3 files
[root@mcw01 src]# tree /srv/salt/test/
/srv/salt/test/
└── haproxy
└── files
├── haproxy-1.5.19.tar.gz
└── haproxy.init 2 directories, 2 files
[root@mcw01 src]# cp /srv/salt/test/haproxy/files/haproxy.init /srv/salt/prod/haproxy/files/
[root@mcw01 src]# tree /srv/salt/prod/
/srv/salt/prod/
├── haproxy
│ ├── files
│ │ ├── haproxy-1.5.19.tar.gz
│ │ └── haproxy.init
│ └── install.sls
├── keepalived
│ └── files
└── pkg
└── pkg-init.sls 5 directories, 4 files
[root@mcw01 src]# cat /srv/salt/prod/haproxy/install.sls
include:
- pkg.pkg-init
haproxy-install:
file.managed:
- name: /usr/local/src/haproxy-1.5.19.tar.gz
- source: salt://haproxy/files/haproxy-1.5.19.tar.gz
- mode: 755
- user: root
- group: root
cmd.run:
- name: cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
- unless: test -d /usr/local/haproxy
- require:
- pkg: pkg-init
- file: haproxy-install
/etc/init.d/haproxy:
file.managed:
- source: salt://haproxy/files/haproxy.init
- mode: 755
- user: root
- group: root
- require:
- cmd: haproxy-install
net.ipv4.ip_nonlocal_bind:
sysctl.present:
- value: 1
haproxy-config-dir:
file.directory:
- name: /etc/haproxy
- mode: 755
- user: root
- group: root
haproxy-init:
cmd.rum:
- name: chkconfig --add haproxy
- unless: chkconfig --list|grep haproxy
- require:
- file: /etc/init.d/haproxy
[root@mcw01 src]#
再次执行,又报错了,命令函数写错了,cmd.run写成了cmd.rum了
[root@mcw01 src]# salt mcw03 state.sls haproxy/install
mcw03:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc
Result: True
Comment: All specified packages are already installed
Started: 00:44:38.843061
Duration: 1064.83 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc-c++
Result: True
Comment: All specified packages are already installed
Started: 00:44:39.908294
Duration: 35.306 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: glibc
Result: True
Comment: All specified packages are already installed
Started: 00:44:39.943884
Duration: 34.928 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: make
Result: True
Comment: All specified packages are already installed
Started: 00:44:39.979057
Duration: 24.292 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: autoconf
Result: True
Comment: All specified packages are already installed
Started: 00:44:40.003643
Duration: 25.319 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl
Result: True
Comment: All specified packages are already installed
Started: 00:44:40.029109
Duration: 43.477 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl-devel
Result: True
Comment: All specified packages are already installed
Started: 00:44:40.072950
Duration: 36.01 ms
Changes:
----------
ID: haproxy-install
Function: file.managed
Name: /usr/local/src/haproxy-1.5.19.tar.gz
Result: True
Comment: File /usr/local/src/haproxy-1.5.19.tar.gz is in the correct state
Started: 00:44:40.113134
Duration: 41.0 ms
Changes:
----------
ID: haproxy-install
Function: cmd.run
Name: cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
Result: True
Comment: unless condition is true
Started: 00:44:40.156209
Duration: 654.739 ms
Changes:
----------
ID: /etc/init.d/haproxy
Function: file.managed
Result: True
Comment: File /etc/init.d/haproxy updated
Started: 00:44:40.811531
Duration: 21.497 ms
Changes:
----------
diff:
New file
mode:
0755
----------
ID: net.ipv4.ip_nonlocal_bind
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.ip_nonlocal_bind = 1 is already set
Started: 00:44:40.833260
Duration: 15.599 ms
Changes:
----------
ID: haproxy-config-dir
Function: file.directory
Name: /etc/haproxy
Result: True
Comment: The directory /etc/haproxy is in the correct state
Started: 00:44:40.849302
Duration: 2.777 ms
Changes:
----------
ID: haproxy-init
Function: cmd.rum
Name: chkconfig --add haproxy
Result: False
Comment: State 'cmd.rum' was not found in SLS 'haproxy/install'
Reason: 'cmd.rum' is not available.
Changes: Summary for mcw03
-------------
Succeeded: 12 (changed=1)
Failed: 1
-------------
Total states run: 13
Total run time: 2.000 s
ERROR: Minions returned with non-zero exit code
[root@mcw01 src]#
最终正确的文件,如下:,查看并成功运行。
[root@mcw01 src]# vim /srv/salt/prod/haproxy/install.sls
[root@mcw01 src]# cat /srv/salt/prod/haproxy/install.sls
include:
- pkg.pkg-init
haproxy-install:
file.managed:
- name: /usr/local/src/haproxy-1.5.19.tar.gz
- source: salt://haproxy/files/haproxy-1.5.19.tar.gz
- mode: 755
- user: root
- group: root
cmd.run:
- name: cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
- unless: test -d /usr/local/haproxy
- require:
- pkg: pkg-init
- file: haproxy-install
/etc/init.d/haproxy:
file.managed:
- source: salt://haproxy/files/haproxy.init
- mode: 755
- user: root
- group: root
- require:
- cmd: haproxy-install
net.ipv4.ip_nonlocal_bind:
sysctl.present:
- value: 1
haproxy-config-dir:
file.directory:
- name: /etc/haproxy
- mode: 755
- user: root
- group: root
haproxy-init:
cmd.run:
- name: chkconfig --add haproxy
- unless: chkconfig --list|grep haproxy
- require:
- file: /etc/init.d/haproxy
[root@mcw01 src]#
[root@mcw01 src]# salt mcw03 state.sls haproxy/install
mcw03:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc
Result: True
Comment: All specified packages are already installed
Started: 00:48:32.115575
Duration: 970.154 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc-c++
Result: True
Comment: All specified packages are already installed
Started: 00:48:33.085998
Duration: 32.891 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: glibc
Result: True
Comment: All specified packages are already installed
Started: 00:48:33.119140
Duration: 33.562 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: make
Result: True
Comment: All specified packages are already installed
Started: 00:48:33.153022
Duration: 37.877 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: autoconf
Result: True
Comment: All specified packages are already installed
Started: 00:48:33.191196
Duration: 41.239 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl
Result: True
Comment: All specified packages are already installed
Started: 00:48:33.232630
Duration: 25.606 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl-devel
Result: True
Comment: All specified packages are already installed
Started: 00:48:33.258384
Duration: 43.201 ms
Changes:
----------
ID: haproxy-install
Function: file.managed
Name: /usr/local/src/haproxy-1.5.19.tar.gz
Result: True
Comment: File /usr/local/src/haproxy-1.5.19.tar.gz is in the correct state
Started: 00:48:33.305648
Duration: 33.311 ms
Changes:
----------
ID: haproxy-install
Function: cmd.run
Name: cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
Result: True
Comment: unless condition is true
Started: 00:48:33.340854
Duration: 527.499 ms
Changes:
----------
ID: /etc/init.d/haproxy
Function: file.managed
Result: True
Comment: File /etc/init.d/haproxy is in the correct state
Started: 00:48:33.868895
Duration: 10.524 ms
Changes:
----------
ID: net.ipv4.ip_nonlocal_bind
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.ip_nonlocal_bind = 1 is already set
Started: 00:48:33.879567
Duration: 9.255 ms
Changes:
----------
ID: haproxy-config-dir
Function: file.directory
Name: /etc/haproxy
Result: True
Comment: The directory /etc/haproxy is in the correct state
Started: 00:48:33.889016
Duration: 2.71 ms
Changes:
----------
ID: haproxy-init
Function: cmd.run
Name: chkconfig --add haproxy
Result: True
Comment: Command "chkconfig --add haproxy" run
Started: 00:48:33.892271
Duration: 137.161 ms
Changes:
----------
pid:
88381
retcode:
0
stderr:
stdout: Summary for mcw03
-------------
Succeeded: 13 (changed=1)
Failed: 0
-------------
Total states run: 13
Total run time: 1.905 s
[root@mcw01 src]#
服务没有起来,有问题啊,手动查看也有问题
[root@mcw03 src]# systemctl status haproxy
● haproxy.service - SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments.
Loaded: loaded (/etc/rc.d/init.d/haproxy; bad; vendor preset: disabled)
Active: inactive (dead)
Docs: man:systemd-sysv-generator(8)
[root@mcw03 src]# ps -ef|grep haproxy
root 88442 2060 0 00:49 pts/0 00:00:00 grep --color=auto haproxy
[root@mcw03 src]# ps -ef|grep 88381
root 88464 2060 0 00:50 pts/0 00:00:00 grep --color=auto 88381
[root@mcw03 src]#
[root@mcw03 src]#
[root@mcw03 src]# /etc/init.d/haproxy status
/etc/init.d/haproxy: line 26: [: =: unary operator expected
[root@mcw03 src]#
应该是缺少配置文件呢,等后面配置文件的sls也加进来,再试试
[root@mcw03 src]# ls /etc/haproxy/
[root@mcw03 src]#
创建目录
[root@mcw01 src]# mkdir -p /srv/salt/prod/cluster/files
[root@mcw01 src]# tree /srv/salt/prod/
/srv/salt/prod/
├── cluster
│ ├── files
│ │ └── haproxy-outside.cfg
│ └── haproxy-outside.sls
├── haproxy
│ ├── files
│ │ ├── haproxy-1.5.19.tar.gz
│ │ └── haproxy.init
│ └── install.sls
├── keepalived
│ └── files
└── pkg
└── pkg-init.sls 7 directories, 6 files
[root@mcw01 src]#
添加文件
[root@mcw01 src]# cat /srv/salt/prod/cluster/haproxy-outside.sls
include:
- haproxy.install
haproxy-service:
file.managed:
- name: /etc/haproxy/haproxy.cfg
- source: salt://cluster/files/haproxy-outside.cfg
- user: root
- group: root
- mode: 644
service.running:
- name: haproxy
- enable: True
- reload: True
- require:
- cmd: haproxy-init
- watch:
- file: haproxy-service
[root@mcw01 src]#
修改文件和添加配置文件
[root@mcw01 src]# cat /srv/salt/base/top.sls
base:
#'*':
# - init.env_init
'mcw03':
- cluster.haproxy-outside
#prod:
# '*':
# -
[root@mcw01 src]# cat /srv/salt/prod/cluster/files/haproxy-outside.cfg
global
maxconn 100000
chroot /usr/local/haproxy
uid 99
gid 99
daemon
nbproc 1
pidfile /usr/local/haproxy/logs/haproxy.pid
log 127.0.0.1 local3 info defaults
option http-keep-alive
maxconn 100000
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms listen stats
mode http
bind 0.0.0.0:8888
stats enable
stats uri /haproxy-status
stats auth haproxy:saltstack frontend frontend_www_example_com
bind 10.0.0.12:80
mode http
option httplog
log global
default_backend backend_www_example_com backend backend_www_example_com
option forwardfor header X-REAL-IP
option httpchk HEAD / HTTP/1.0
balance source
server web-node1 10.0.0.12:8080 check inter 2000 rise 30 fall 15
server web-node2 10.0.0.13:8080 check inter 2000 rise 30 fall 15
[root@mcw01 src]#
测试执行
[root@mcw01 src]# salt 'mcw03' state.highstate test=True
mcw03:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc
Result: True
Comment: All specified packages are already installed
Started: 22:28:00.723363
Duration: 1229.922 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc-c++
Result: True
Comment: All specified packages are already installed
Started: 22:28:01.953756
Duration: 27.991 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: glibc
Result: True
Comment: All specified packages are already installed
Started: 22:28:01.981920
Duration: 20.301 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: make
Result: True
Comment: All specified packages are already installed
Started: 22:28:02.002444
Duration: 23.738 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: autoconf
Result: True
Comment: All specified packages are already installed
Started: 22:28:02.026507
Duration: 40.997 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl
Result: True
Comment: All specified packages are already installed
Started: 22:28:02.067700
Duration: 24.875 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl-devel
Result: True
Comment: All specified packages are already installed
Started: 22:28:02.092736
Duration: 23.694 ms
Changes:
----------
ID: haproxy-install
Function: file.managed
Name: /usr/local/src/haproxy-1.5.19.tar.gz
Result: True
Comment: The file /usr/local/src/haproxy-1.5.19.tar.gz is in the correct state
Started: 22:28:02.119144
Duration: 27.377 ms
Changes:
----------
ID: haproxy-install
Function: cmd.run
Name: cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
Result: True
Comment: unless condition is true
Started: 22:28:02.148068
Duration: 556.231 ms
Changes:
----------
ID: /etc/init.d/haproxy
Function: file.managed
Result: None
Comment: The file /etc/init.d/haproxy is set to be changed
Note: No changes made, actual changes may
be different due to other states.
Started: 22:28:02.705024
Duration: 21.972 ms
Changes:
----------
diff:
---
+++
@@ -23,7 +23,7 @@
. /etc/sysconfig/network # Check that networking is up.
-#[ ${NETWORKING} = "no" ] && exit 0
+[ ${NETWORKING} = "no" ] && exit 0 # This is our service name
BASENAME=`basename $0`
----------
ID: net.ipv4.ip_nonlocal_bind
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.ip_nonlocal_bind = 1 is already set
Started: 22:28:02.727160
Duration: 9.324 ms
Changes:
----------
ID: haproxy-config-dir
Function: file.directory
Name: /etc/haproxy
Result: True
Comment: The directory /etc/haproxy is in the correct state
Started: 22:28:02.736711
Duration: 1.699 ms
Changes:
----------
ID: haproxy-init
Function: cmd.run
Name: chkconfig --add haproxy
Result: True
Comment: unless condition is true
Started: 22:28:02.738806
Duration: 25.726 ms
Changes:
----------
ID: haproxy-service
Function: file.managed
Name: /etc/haproxy/haproxy.cfg
Result: None
Comment: The file /etc/haproxy/haproxy.cfg is set to be changed
Note: No changes made, actual changes may
be different due to other states.
Started: 22:28:02.764955
Duration: 5.6 ms
Changes:
----------
newfile:
/etc/haproxy/haproxy.cfg
----------
ID: haproxy-service
Function: service.running
Name: haproxy
Result: None
Comment: Service is set to be started
Started: 22:28:02.801808
Duration: 10.57 ms
Changes: Summary for mcw03
-------------
Succeeded: 15 (unchanged=3, changed=2)
Failed: 0
-------------
Total states run: 15
Total run time: 2.050 s
[root@mcw01 src]#
执行运行失败
[root@mcw01 src]# salt 'mcw03' state.highstate
mcw03:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc
Result: True
Comment: All specified packages are already installed
Started: 22:47:47.131421
Duration: 1089.371 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc-c++
Result: True
Comment: All specified packages are already installed
Started: 22:47:48.221340
Duration: 23.014 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: glibc
Result: True
Comment: All specified packages are already installed
Started: 22:47:48.244504
Duration: 21.096 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: make
Result: True
Comment: All specified packages are already installed
Started: 22:47:48.265773
Duration: 20.691 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: autoconf
Result: True
Comment: All specified packages are already installed
Started: 22:47:48.286626
Duration: 25.173 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl
Result: True
Comment: All specified packages are already installed
Started: 22:47:48.311975
Duration: 20.41 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl-devel
Result: True
Comment: All specified packages are already installed
Started: 22:47:48.332569
Duration: 19.971 ms
Changes:
----------
ID: haproxy-install
Function: file.managed
Name: /usr/local/src/haproxy-1.5.19.tar.gz
Result: True
Comment: File /usr/local/src/haproxy-1.5.19.tar.gz is in the correct state
Started: 22:47:48.356558
Duration: 29.845 ms
Changes:
----------
ID: haproxy-install
Function: cmd.run
Name: cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
Result: True
Comment: unless condition is true
Started: 22:47:48.387878
Duration: 500.222 ms
Changes:
----------
ID: /etc/init.d/haproxy
Function: file.managed
Result: True
Comment: File /etc/init.d/haproxy updated
Started: 22:47:48.888483
Duration: 16.809 ms
Changes:
----------
diff:
---
+++
@@ -23,7 +23,7 @@
. /etc/sysconfig/network # Check that networking is up.
-#[ ${NETWORKING} = "no" ] && exit 0
+[ ${NETWORKING} = "no" ] && exit 0 # This is our service name
BASENAME=`basename $0`
----------
ID: net.ipv4.ip_nonlocal_bind
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.ip_nonlocal_bind = 1 is already set
Started: 22:47:48.905437
Duration: 14.792 ms
Changes:
----------
ID: haproxy-config-dir
Function: file.directory
Name: /etc/haproxy
Result: True
Comment: The directory /etc/haproxy is in the correct state
Started: 22:47:48.920614
Duration: 3.165 ms
Changes:
----------
ID: haproxy-init
Function: cmd.run
Name: chkconfig --add haproxy
Result: True
Comment: unless condition is true
Started: 22:47:48.924845
Duration: 71.718 ms
Changes:
----------
ID: haproxy-service
Function: file.managed
Name: /etc/haproxy/haproxy.cfg
Result: True
Comment: File /etc/haproxy/haproxy.cfg updated
Started: 22:47:48.996828
Duration: 29.268 ms
Changes:
----------
diff:
New file
mode:
0644
----------
ID: haproxy-service
Function: service.running
Name: haproxy
Result: False
Comment: Running scope as unit run-9252.scope.
Job for haproxy.service failed because the control process exited with error code. See "systemctl status haproxy.service" and "journalctl -xe" for details.
Started: 22:47:49.225110
Duration: 52.381 ms
Changes: Summary for mcw03
-------------
Succeeded: 14 (changed=2)
Failed: 1
-------------
Total states run: 15
Total run time: 1.938 s
ERROR: Minions returned with non-zero exit code
[root@mcw01 src]#
发现错误,缺少文件
[root@mcw03 src]# /etc/rc.d/init.d/haproxy start
Starting haproxy (via systemctl): Job for haproxy.service failed because the control process exited with error code. See "systemctl status haproxy.service" and "journalctl -xe" for details.
[FAILED]
[root@mcw03 src]# systemctl status haproxy.service
● haproxy.service - SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments.
Loaded: loaded (/etc/rc.d/init.d/haproxy; bad; vendor preset: disabled)
Active: failed (Result: exit-code) since Tue 2024-01-23 23:20:45 CST; 12s ago
Docs: man:systemd-sysv-generator(8)
Process: 10525 ExecStart=/etc/rc.d/init.d/haproxy start (code=exited, status=1/FAILURE)
Jan 23 23:20:45 mcw03 systemd[1]: Starting SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments....
Jan 23 23:20:45 mcw03 haproxy[10525]: /etc/rc.d/init.d/haproxy: line 26: [: =: unary operator expected
Jan 23 23:20:45 mcw03 haproxy[10525]: /etc/rc.d/init.d/haproxy: line 40: /usr/sbin/haproxy: No such file or directory
Jan 23 23:20:45 mcw03 systemd[1]: haproxy.service: control process exited, code=exited status=1
Jan 23 23:20:45 mcw03 haproxy[10525]: Errors found in configuration file, check it with 'haproxy check'.
Jan 23 23:20:45 mcw03 systemd[1]: Failed to start SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments..
Jan 23 23:20:45 mcw03 systemd[1]: Unit haproxy.service entered failed state.
Jan 23 23:20:45 mcw03 systemd[1]: haproxy.service failed.
[root@mcw03 src]
复制一份过去,然后手动启动,可以看到成功启动
[root@mcw03 src]# ls /usr/sbin/ha
halt hardlink
[root@mcw03 src]# ls /usr/local/
bin/ games/ include/ lib/ libexec/ node_exporter/ sbin/ src/
etc/ haproxy/ jdk/ lib64/ mysqld_exporter/ prometheus/ share/
[root@mcw03 src]# ls /usr/local/src/haproxy-1.5.19
haproxy-1.5.19/ haproxy-1.5.19.tar.gz
[root@mcw03 src]# which haproxy
/usr/bin/which: no haproxy in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
[root@mcw03 src]# rpm -qa|grep haproxy
[root@mcw03 src]# ls /usr/local/
bin etc games haproxy include jdk lib lib64 libexec mysqld_exporter node_exporter prometheus sbin share src
[root@mcw03 src]# ls /usr/local/src/
haproxy-1.5.19 haproxy-1.5.19.tar.gz
[root@mcw03 src]# ls /usr/local/src/haproxy-1.5.19
CHANGELOG contrib CONTRIBUTING doc ebtree examples haproxy haproxy-systemd-wrapper include LICENSE Makefile README ROADMAP src SUBVERS tests VERDATE VERSION
[root@mcw03 src]# ls /usr/local/src/haproxy-1.5.19/haproxy
/usr/local/src/haproxy-1.5.19/haproxy
[root@mcw03 src]# cp /usr/local/src/haproxy-1.5.19/haproxy /usr/sbin/
[root@mcw03 src]# /etc/rc.d/init.d/haproxy start
Starting haproxy (via systemctl): [ OK ]
[root@mcw03 src]#
上面是手动改的,现在给salt加上这个步骤,不用手动改。先将服务停止
[root@mcw03 src]# /etc/init.d/haproxy stop
Stopping haproxy (via systemctl): [ OK ]
[root@mcw03 src]# /etc/init.d/haproxy status
/etc/init.d/haproxy: line 26: [: =: unary operator expected
● haproxy.service - SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments.
Loaded: loaded (/etc/rc.d/init.d/haproxy; bad; vendor preset: disabled)
Active: inactive (dead)
Docs: man:systemd-sysv-generator(8) Jan 23 23:20:45 mcw03 systemd[1]: Unit haproxy.service entered failed state.
Jan 23 23:20:45 mcw03 systemd[1]: haproxy.service failed.
Jan 23 23:23:33 mcw03 systemd[1]: Starting SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments....
Jan 23 23:23:33 mcw03 haproxy[10697]: /etc/rc.d/init.d/haproxy: line 26: [: =: unary operator expected
Jan 23 23:23:33 mcw03 haproxy[10697]: Starting haproxy: [ OK ]
Jan 23 23:23:33 mcw03 systemd[1]: Started SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments..
Jan 23 23:34:52 mcw03 systemd[1]: Stopping SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments....
Jan 23 23:34:52 mcw03 haproxy[11165]: /etc/rc.d/init.d/haproxy: line 26: [: =: unary operator expected
Jan 23 23:34:52 mcw03 haproxy[11165]: Shutting down haproxy: [ OK ]
Jan 23 23:34:52 mcw03 systemd[1]: Stopped SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments..
[root@mcw03 src]#
将目标主机的这个文件删除
[root@mcw03 src]# rm -rf /usr/sbin/haproxy
[root@mcw03 src]#
添加一个添加haproxy命令的配置
[root@mcw01 src]# vim /srv/salt/prod/cluster/haproxy-outside.sls
[root@mcw01 src]# cat /srv/salt/prod/cluster/haproxy-outside.sls
include:
- haproxy.install
haproxy:
file.managed:
- name: /usr/sbin/haproxy
- source: salt://cluster/files/haproxy
- user: root
- group: root
- mode: 755
haproxy-service:
file.managed:
- name: /etc/haproxy/haproxy.cfg
- source: salt://cluster/files/haproxy-outside.cfg
- user: root
- group: root
- mode: 644
service.running:
- name: haproxy
- enable: True
- reload: True
- require:
- cmd: haproxy-init
- file: haproxy
- watch:
- file: haproxy-service
[root@mcw01 src]# cp /root/haproxy /srv/salt/prod/cluster/files/
[root@mcw01 src]#
master上执行成功
[root@mcw01 src]# salt mcw03 state.highstate
mcw03:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc
Result: True
Comment: All specified packages are already installed
Started: 23:39:14.502776
Duration: 940.212 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc-c++
Result: True
Comment: All specified packages are already installed
Started: 23:39:15.443234
Duration: 24.621 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: glibc
Result: True
Comment: All specified packages are already installed
Started: 23:39:15.468037
Duration: 21.226 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: make
Result: True
Comment: All specified packages are already installed
Started: 23:39:15.489413
Duration: 21.662 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: autoconf
Result: True
Comment: All specified packages are already installed
Started: 23:39:15.511245
Duration: 26.949 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl
Result: True
Comment: All specified packages are already installed
Started: 23:39:15.538486
Duration: 33.289 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl-devel
Result: True
Comment: All specified packages are already installed
Started: 23:39:15.571954
Duration: 32.013 ms
Changes:
----------
ID: haproxy-install
Function: file.managed
Name: /usr/local/src/haproxy-1.5.19.tar.gz
Result: True
Comment: File /usr/local/src/haproxy-1.5.19.tar.gz is in the correct state
Started: 23:39:15.608014
Duration: 25.331 ms
Changes:
----------
ID: haproxy-install
Function: cmd.run
Name: cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
Result: True
Comment: unless condition is true
Started: 23:39:15.634704
Duration: 598.874 ms
Changes:
----------
ID: /etc/init.d/haproxy
Function: file.managed
Result: True
Comment: File /etc/init.d/haproxy is in the correct state
Started: 23:39:16.233983
Duration: 18.095 ms
Changes:
----------
ID: net.ipv4.ip_nonlocal_bind
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.ip_nonlocal_bind = 1 is already set
Started: 23:39:16.252472
Duration: 13.377 ms
Changes:
----------
ID: haproxy-config-dir
Function: file.directory
Name: /etc/haproxy
Result: True
Comment: The directory /etc/haproxy is in the correct state
Started: 23:39:16.266183
Duration: 2.574 ms
Changes:
----------
ID: haproxy-init
Function: cmd.run
Name: chkconfig --add haproxy
Result: True
Comment: unless condition is true
Started: 23:39:16.269202
Duration: 15.923 ms
Changes:
----------
ID: haproxy
Function: file.managed
Name: /usr/sbin/haproxy
Result: True
Comment: File /usr/sbin/haproxy updated
Started: 23:39:16.285430
Duration: 125.112 ms
Changes:
----------
diff:
New file
mode:
0755
----------
ID: haproxy-service
Function: file.managed
Name: /etc/haproxy/haproxy.cfg
Result: True
Comment: File /etc/haproxy/haproxy.cfg is in the correct state
Started: 23:39:16.410733
Duration: 10.156 ms
Changes:
----------
ID: haproxy-service
Function: service.running
Name: haproxy
Result: True
Comment: Service haproxy has been enabled, and is running
Started: 23:39:16.421692
Duration: 149.967 ms
Changes:
----------
haproxy:
True Summary for mcw03
-------------
Succeeded: 16 (changed=2)
Failed: 0
-------------
Total states run: 16
Total run time: 2.059 s
[root@mcw01 src]#
目标主机上查看,服务正常运行
[root@mcw03 src]# /etc/init.d/haproxy status
/etc/init.d/haproxy: line 26: [: =: unary operator expected
● haproxy.service - SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments.
Loaded: loaded (/etc/rc.d/init.d/haproxy; bad; vendor preset: disabled)
Active: active (running) since Tue 2024-01-23 23:39:16 CST; 46s ago
Docs: man:systemd-sysv-generator(8)
Main PID: 11714 (haproxy)
CGroup: /system.slice/haproxy.service
└─11714 /usr/sbin/haproxy -D -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid Jan 23 23:39:16 mcw03 systemd[1]: Starting SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments....
Jan 23 23:39:16 mcw03 haproxy[11705]: /etc/rc.d/init.d/haproxy: line 26: [: =: unary operator expected
Jan 23 23:39:16 mcw03 haproxy[11705]: Starting haproxy: [ OK ]
Jan 23 23:39:16 mcw03 systemd[1]: Started SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments..
[root@mcw03 src]#
keepalived配置管理
软件包准备
https://www.keepalived.org/download.html
[root@mcw01 src]# ls
haproxy-1.5.19 haproxy-1.5.19.tar.gz
[root@mcw01 src]# wget https://www.keepalived.org/software/keepalived-1.2.17.tar.gz
--2024-01-25 00:00:33-- https://www.keepalived.org/software/keepalived-1.2.17.tar.gz
Resolving www.keepalived.org (www.keepalived.org)... 91.121.30.175, 2001:41d0:1:71af::1
Connecting to www.keepalived.org (www.keepalived.org)|91.121.30.175|:443... connected.
ERROR: cannot verify www.keepalived.org's certificate, issued by ‘/C=US/O=Let's Encrypt/CN=R3’:
Issued certificate has expired.
To connect to www.keepalived.org insecurely, use `--no-check-certificate'.
[root@mcw01 src]# wget https://www.keepalived.org/software/keepalived-1.2.17.tar.gz --no-check-certificate
--2024-01-25 00:00:45-- https://www.keepalived.org/software/keepalived-1.2.17.tar.gz
Resolving www.keepalived.org (www.keepalived.org)... 91.121.30.175, 2001:41d0:1:71af::1
Connecting to www.keepalived.org (www.keepalived.org)|91.121.30.175|:443... connected.
WARNING: cannot verify www.keepalived.org's certificate, issued by ‘/C=US/O=Let's Encrypt/CN=R3’:
Issued certificate has expired.
HTTP request sent, awaiting response... 200 OK
Length: 368827 (360K) [application/octet-stream]
Saving to: ‘keepalived-1.2.17.tar.gz’ 100%[===============================================================================================================================================>] 368,827 676KB/s in 0.5s 2024-01-25 00:00:46 (676 KB/s) - ‘keepalived-1.2.17.tar.gz’ saved [368827/368827] [root@mcw01 src]# ls
haproxy-1.5.19 haproxy-1.5.19.tar.gz keepalived-1.2.17.tar.gz
[root@mcw01 src]# tar xf keepalived-1.2.17.tar.gz
[root@mcw01 src]# ls
haproxy-1.5.19 haproxy-1.5.19.tar.gz keepalived-1.2.17 keepalived-1.2.17.tar.gz
[root@mcw01 src]# cd keepalived-1.2.17/
[root@mcw01 keepalived-1.2.17]# ls
AUTHOR bin ChangeLog configure configure.in CONTRIBUTORS COPYING doc genhash INSTALL install-sh keepalived keepalived.spec.in lib Makefile.in README TODO VERSION
[root@mcw01 keepalived-1.2.17]# tree /srv/salt/prod/
/srv/salt/prod/
├── cluster
│ ├── files
│ │ ├── haproxy
│ │ └── haproxy-outside.cfg
│ └── haproxy-outside.sls
├── haproxy
│ ├── files
│ │ ├── haproxy-1.5.19.tar.gz
│ │ └── haproxy.init
│ └── install.sls
├── keepalived
│ └── files
└── pkg
└── pkg-init.sls 7 directories, 7 files
[root@mcw01 keepalived-1.2.17]# cp keepalived/etc/init.d/keepalived.init /srv/salt/prod/keepalived/files/
[root@mcw01 keepalived-1.2.17]# cp keepalived/etc/init.d/keepalived.sysconfig /srv/salt/prod/keepalived/files/
[root@mcw01 keepalived-1.2.17]# ls /usr/local/
bin doc etc games include jdk Kibana_Hanization-master lib lib64 libexec python3 sbin share src
[root@mcw01 keepalived-1.2.17]# grep "daemon keepadlived" /srv/salt/prod/keepalived/files/keepalived.init
[root@mcw01 keepalived-1.2.17]# grep "daemon keepalived" /srv/salt/prod/keepalived/files/keepalived.init #因为是安装到下面指定目录,所以启动路径改成我们需要的路径
daemon keepalived ${KEEPALIVED_OPTIONS}
[root@mcw01 keepalived-1.2.17]# vim /srv/salt/prod/keepalived/files/keepalived.init
[root@mcw01 keepalived-1.2.17]# grep "daemon " /srv/salt/prod/keepalived/files/keepalived.init
daemon /usr/local/keepalived/sbin/keepalived ${KEEPALIVED_OPTIONS}
[root@mcw01 keepalived-1.2.17]#
查看文件
[root@mcw01 keepalived]# tree /srv/salt/prod/
/srv/salt/prod/
├── cluster
│ ├── files
│ │ ├── haproxy
│ │ ├── haproxy-outside.cfg
│ │ └── haproxy-outside-keepalived.conf
│ ├── haproxy-outside-keepalived.sls
│ └── haproxy-outside.sls
├── haproxy
│ ├── files
│ │ ├── haproxy-1.5.19.tar.gz
│ │ └── haproxy.init
│ └── install.sls
├── keepalived
│ ├── files
│ │ ├── keepalived-1.2.17.tar.gz
│ │ ├── keepalived.init
│ │ └── keepalived.sysconfig
│ └── install.sls
└── pkg
└── pkg-init.sls 7 directories, 13 files
[root@mcw01 keepalived]#
[root@mcw01 keepalived]#
[root@mcw01 keepalived]# cat /srv/salt/prod/keepalived/install.sls
keepalived-install:
file.managed:
- name: /usr/local/src/keepalived-1.2.17.tar.gz
- source: salt://keepalived/files/keepalived-1.2.17.tar.gz
- mode: 755
- user: root
- group: root
cmd.run:
- name: cd /usr/local/src && tar zxf keepalived-1.2.17.tar.gz && cd keepalived-1.2.17 && ./configure --prefix=/user/local/keepalived --disable-fwmark && make && make install
- unless: test -d /usr/local/keepalived
- require:
- file: keepalived-install
/etc/sysconfig/keepalived:
file.managed:
- source: salt://keepalived/files/keepalived.sysconfig
- mode: 644
- user: root
- group: root
/etc/init.d/keepalived:
file.managed:
- source: salt:/keepalived/files/keepalived.init
- mode: 755
- user: root
- group: root
keepalived-init:
cmd.run:
- name: chkconfig --add keepalived
- unless: chkconfig --list | grep keepalived
- require:
- file: /etc/init.d/keepalived
/etc/keepalived:
file.directory:
- user: root
- group: root
[root@mcw01 keepalived]# cat /srv/salt/prod/cluster/files/haproxy-outside-keepalived.conf
! Configuration File for keepalived
glabal_defs {
notification_email {
saltstack@example.com
}
notification_eamil_from keepalived@example.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id {{ ROUTEID }}
} vrrp_instance haproxy_ha {
state {{STATEID}}
interface ens33
virtual_router_id 36
priority {{PRIORITYID}}
advert_int 1
authentication {
auth_type PASS
auth_pass 111
}
virtual_ipaddress {
10.0.0.99
}
}
[root@mcw01 keepalived]# cat /srv/salt/prod/cluster/haproxy-outside.sls
include:
- haproxy.install
haproxy:
file.managed:
- name: /usr/sbin/haproxy
- source: salt://cluster/files/haproxy
- user: root
- group: root
- mode: 755
haproxy-service:
file.managed:
- name: /etc/haproxy/haproxy.cfg
- source: salt://cluster/files/haproxy-outside.cfg
- user: root
- group: root
- mode: 644
service.running:
- name: haproxy
- enable: True
- reload: True
- require:
- cmd: haproxy-init
- file: haproxy
- watch:
- file: haproxy-service
[root@mcw01 keepalived]# cat /srv/salt/base/top.sls
base:
#'*':
# - init.env_init
'mcw03':
- cluster.haproxy-outside
- cluster.haproxy-outside-keepalived
'mcw02':
- cluster.haproxy-outside
- cluster.haproxy-outside-keepalived
#prod:
# '*':
# -
[root@mcw01 keepalived]# tree /srv/salt/prod/cluster/
/srv/salt/prod/cluster/
├── files
│ ├── haproxy
│ ├── haproxy-outside.cfg
│ └── haproxy-outside-keepalived.conf
├── haproxy-outside-keepalived.sls
└── haproxy-outside.sls 1 directory, 5 files
[root@mcw01 keepalived]#
[root@mcw01 mcw02]# cat /srv/salt/prod/cluster/haproxy-outside-keepalived.sls
include:
- keepalived.install
keepalived-server:
file.managed:
- name: /etc/keepalived/keepalived.conf
- source: salt://cluster/files/haproxy-outside-keepalived.conf
- mode: 644
- user: root
- group: root
- template: jinja {% if grains['fqdn'] == 'mcw02' %}
- ROUTEID: haproxy_ha
- STARTID: MASTER
- PRIORITYID: 150 {% elif grains['fqdn'] == 'mcw03' %}
- ROUTEID: haproxy_ha
- STARTID: BACKUP
- PRIORITYID: 100
{% endif %}
service.running:
- name: keepalived
- enable: True
- watch:
- file: keepalived-server
[root@mcw01 mcw02]#
测试通过
[root@mcw01 mcw02]# salt -L 'mcw02,mcw03' state.highstate test=True
mcw03:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc
Result: True
Comment: All specified packages are already installed
Started: 01:46:40.282390
Duration: 959.569 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc-c++
Result: True
Comment: All specified packages are already installed
Started: 01:46:41.242237
Duration: 23.914 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: glibc
Result: True
Comment: All specified packages are already installed
Started: 01:46:41.266348
Duration: 31.227 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: make
Result: True
Comment: All specified packages are already installed
Started: 01:46:41.297742
Duration: 36.202 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: autoconf
Result: True
Comment: All specified packages are already installed
Started: 01:46:41.334529
Duration: 69.075 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl
Result: True
Comment: All specified packages are already installed
Started: 01:46:41.404036
Duration: 40.938 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl-devel
Result: True
Comment: All specified packages are already installed
Started: 01:46:41.445376
Duration: 41.017 ms
Changes:
----------
ID: haproxy-install
Function: file.managed
Name: /usr/local/src/haproxy-1.5.19.tar.gz
Result: True
Comment: The file /usr/local/src/haproxy-1.5.19.tar.gz is in the correct state
Started: 01:46:41.491824
Duration: 19.868 ms
Changes:
----------
ID: haproxy-install
Function: cmd.run
Name: cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
Result: True
Comment: unless condition is true
Started: 01:46:41.512879
Duration: 603.512 ms
Changes:
----------
ID: /etc/init.d/haproxy
Function: file.managed
Result: True
Comment: The file /etc/init.d/haproxy is in the correct state
Started: 01:46:42.116843
Duration: 6.994 ms
Changes:
----------
ID: net.ipv4.ip_nonlocal_bind
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.ip_nonlocal_bind = 1 is already set
Started: 01:46:42.123994
Duration: 10.658 ms
Changes:
----------
ID: haproxy-config-dir
Function: file.directory
Name: /etc/haproxy
Result: True
Comment: The directory /etc/haproxy is in the correct state
Started: 01:46:42.134854
Duration: 1.702 ms
Changes:
----------
ID: haproxy-init
Function: cmd.run
Name: chkconfig --add haproxy
Result: True
Comment: unless condition is true
Started: 01:46:42.137149
Duration: 23.376 ms
Changes:
----------
ID: haproxy
Function: file.managed
Name: /usr/sbin/haproxy
Result: True
Comment: The file /usr/sbin/haproxy is in the correct state
Started: 01:46:42.160946
Duration: 12.376 ms
Changes:
----------
ID: haproxy-service
Function: file.managed
Name: /etc/haproxy/haproxy.cfg
Result: True
Comment: The file /etc/haproxy/haproxy.cfg is in the correct state
Started: 01:46:42.173660
Duration: 6.874 ms
Changes:
----------
ID: haproxy-service
Function: service.running
Name: haproxy
Result: True
Comment: The service haproxy is already running
Started: 01:46:42.181795
Duration: 35.496 ms
Changes:
----------
ID: keepalived-install
Function: file.managed
Name: /usr/local/src/keepalived-1.2.17.tar.gz
Result: None
Comment: The file /usr/local/src/keepalived-1.2.17.tar.gz is set to be changed
Note: No changes made, actual changes may
be different due to other states.
Started: 01:46:42.217774
Duration: 10.788 ms
Changes:
----------
newfile:
/usr/local/src/keepalived-1.2.17.tar.gz
----------
ID: keepalived-install
Function: cmd.run
Name: cd /usr/local/src && tar zxf keepalived-1.2.17.tar.gz && cd keepalived-1.2.17 && ./configure --prefix=/user/local/keepalived --disable-fwmark && make && make install
Result: None
Comment: Command "cd /usr/local/src && tar zxf keepalived-1.2.17.tar.gz && cd keepalived-1.2.17 && ./configure --prefix=/user/local/keepalived --disable-fwmark && make && make install" would have been executed
Started: 01:46:42.229281
Duration: 20.871 ms
Changes:
----------
ID: /etc/sysconfig/keepalived
Function: file.managed
Result: None
Comment: The file /etc/sysconfig/keepalived is set to be changed
Note: No changes made, actual changes may
be different due to other states.
Started: 01:46:42.250592
Duration: 7.709 ms
Changes:
----------
newfile:
/etc/sysconfig/keepalived
----------
ID: /etc/init.d/keepalived
Function: file.managed
Result: None
Comment: The file /etc/init.d/keepalived is set to be changed
Note: No changes made, actual changes may
be different due to other states.
Started: 01:46:42.258484
Duration: 5.565 ms
Changes:
----------
newfile:
/etc/init.d/keepalived
----------
ID: keepalived-init
Function: cmd.run
Name: chkconfig --add keepalived
Result: None
Comment: Command "chkconfig --add keepalived" would have been executed
Started: 01:46:42.264632
Duration: 29.862 ms
Changes:
----------
ID: /etc/keepalived
Function: file.directory
Result: None
Comment: The following files will be changed:
/etc/keepalived: directory - new
Started: 01:46:42.295033
Duration: 4.475 ms
Changes:
----------
/etc/keepalived:
----------
directory:
new
----------
ID: keepalived-server
Function: file.managed
Name: /etc/keepalived/keepalived.conf
Result: None
Comment: The file /etc/keepalived/keepalived.conf is set to be changed
Note: No changes made, actual changes may
be different due to other states.
Started: 01:46:42.299672
Duration: 20.725 ms
Changes:
----------
newfile:
/etc/keepalived/keepalived.conf
----------
ID: keepalived-server
Function: service.running
Name: keepalived
Result: None
Comment: Service is set to be started
Started: 01:46:42.332139
Duration: 11.527 ms
Changes: Summary for mcw03
-------------
Succeeded: 24 (unchanged=8, changed=5)
Failed: 0
-------------
Total states run: 24
Total run time: 2.034 s
mcw02:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc
Result: True
Comment: All specified packages are already installed
Started: 01:46:40.533683
Duration: 1195.472 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc-c++
Result: True
Comment: All specified packages are already installed
Started: 01:46:41.729530
Duration: 23.885 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: glibc
Result: True
Comment: All specified packages are already installed
Started: 01:46:41.753645
Duration: 33.878 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: make
Result: True
Comment: All specified packages are already installed
Started: 01:46:41.787686
Duration: 34.503 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: autoconf
Result: True
Comment: All specified packages are already installed
Started: 01:46:41.822451
Duration: 24.02 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl
Result: True
Comment: All specified packages are already installed
Started: 01:46:41.846726
Duration: 25.317 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl-devel
Result: True
Comment: All specified packages are already installed
Started: 01:46:41.872226
Duration: 24.18 ms
Changes:
----------
ID: haproxy-install
Function: file.managed
Name: /usr/local/src/haproxy-1.5.19.tar.gz
Result: None
Comment: The file /usr/local/src/haproxy-1.5.19.tar.gz is set to be changed
Note: No changes made, actual changes may
be different due to other states.
Started: 01:46:41.900398
Duration: 25.106 ms
Changes:
----------
newfile:
/usr/local/src/haproxy-1.5.19.tar.gz
----------
ID: haproxy-install
Function: cmd.run
Name: cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
Result: None
Comment: Command "cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy" would have been executed
Started: 01:46:41.928434
Duration: 717.738 ms
Changes:
----------
ID: /etc/init.d/haproxy
Function: file.managed
Result: None
Comment: The file /etc/init.d/haproxy is set to be changed
Note: No changes made, actual changes may
be different due to other states.
Started: 01:46:42.646565
Duration: 6.112 ms
Changes:
----------
newfile:
/etc/init.d/haproxy
----------
ID: net.ipv4.ip_nonlocal_bind
Function: sysctl.present
Result: None
Comment: Sysctl option net.ipv4.ip_nonlocal_bind set to be changed to 1
Started: 01:46:42.652846
Duration: 20.61 ms
Changes:
----------
ID: haproxy-config-dir
Function: file.directory
Name: /etc/haproxy
Result: None
Comment: The following files will be changed:
/etc/haproxy: directory - new
Started: 01:46:42.674006
Duration: 8.439 ms
Changes:
----------
/etc/haproxy:
----------
directory:
new
----------
ID: haproxy-init
Function: cmd.run
Name: chkconfig --add haproxy
Result: None
Comment: Command "chkconfig --add haproxy" would have been executed
Started: 01:46:42.683574
Duration: 106.019 ms
Changes:
----------
ID: haproxy
Function: file.managed
Name: /usr/sbin/haproxy
Result: None
Comment: The file /usr/sbin/haproxy is set to be changed
Note: No changes made, actual changes may
be different due to other states.
Started: 01:46:42.789817
Duration: 39.857 ms
Changes:
----------
newfile:
/usr/sbin/haproxy
----------
ID: haproxy-service
Function: file.managed
Name: /etc/haproxy/haproxy.cfg
Result: None
Comment: The file /etc/haproxy/haproxy.cfg is set to be changed
Note: No changes made, actual changes may
be different due to other states.
Started: 01:46:42.829836
Duration: 63.699 ms
Changes:
----------
newfile:
/etc/haproxy/haproxy.cfg
----------
ID: haproxy-service
Function: service.running
Name: haproxy
Result: None
Comment: Service is set to be started
Started: 01:46:42.907094
Duration: 35.839 ms
Changes:
----------
ID: keepalived-install
Function: file.managed
Name: /usr/local/src/keepalived-1.2.17.tar.gz
Result: None
Comment: The file /usr/local/src/keepalived-1.2.17.tar.gz is set to be changed
Note: No changes made, actual changes may
be different due to other states.
Started: 01:46:42.943212
Duration: 14.595 ms
Changes:
----------
newfile:
/usr/local/src/keepalived-1.2.17.tar.gz
----------
ID: keepalived-install
Function: cmd.run
Name: cd /usr/local/src && tar zxf keepalived-1.2.17.tar.gz && cd keepalived-1.2.17 && ./configure --prefix=/user/local/keepalived --disable-fwmark && make && make install
Result: None
Comment: Command "cd /usr/local/src && tar zxf keepalived-1.2.17.tar.gz && cd keepalived-1.2.17 && ./configure --prefix=/user/local/keepalived --disable-fwmark && make && make install" would have been executed
Started: 01:46:42.958386
Duration: 42.407 ms
Changes:
----------
ID: /etc/sysconfig/keepalived
Function: file.managed
Result: None
Comment: The file /etc/sysconfig/keepalived is set to be changed
Note: No changes made, actual changes may
be different due to other states.
Started: 01:46:43.001234
Duration: 31.827 ms
Changes:
----------
newfile:
/etc/sysconfig/keepalived
----------
ID: /etc/init.d/keepalived
Function: file.managed
Result: None
Comment: The file /etc/init.d/keepalived is set to be changed
Note: No changes made, actual changes may
be different due to other states.
Started: 01:46:43.033374
Duration: 48.859 ms
Changes:
----------
newfile:
/etc/init.d/keepalived
----------
ID: keepalived-init
Function: cmd.run
Name: chkconfig --add keepalived
Result: None
Comment: Command "chkconfig --add keepalived" would have been executed
Started: 01:46:43.083779
Duration: 27.519 ms
Changes:
----------
ID: /etc/keepalived
Function: file.directory
Result: None
Comment: The following files will be changed:
/etc/keepalived: directory - new
Started: 01:46:43.111741
Duration: 4.287 ms
Changes:
----------
/etc/keepalived:
----------
directory:
new
----------
ID: keepalived-server
Function: file.managed
Name: /etc/keepalived/keepalived.conf
Result: None
Comment: The file /etc/keepalived/keepalived.conf is set to be changed
Note: No changes made, actual changes may
be different due to other states.
Started: 01:46:43.116411
Duration: 84.637 ms
Changes:
----------
newfile:
/etc/keepalived/keepalived.conf
----------
ID: keepalived-server
Function: service.running
Name: keepalived
Result: None
Comment: Service is set to be started
Started: 01:46:43.293330
Duration: 61.269 ms
Changes: Summary for mcw02
-------------
Succeeded: 24 (unchanged=17, changed=10)
Failed: 0
-------------
Total states run: 24
Total run time: 2.700 s
[root@mcw01 mcw02]#
执行报错,缺少某个启动文件
[root@mcw01 mcw02]#
[root@mcw01 mcw02]# salt -L 'mcw02,mcw03' state.highstate
mcw03:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc
Result: True
Comment: All specified packages are already installed
Started: 01:49:35.484492
Duration: 2177.553 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc-c++
Result: True
Comment: All specified packages are already installed
Started: 01:49:37.662398
Duration: 42.23 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: glibc
Result: True
Comment: All specified packages are already installed
Started: 01:49:37.704784
Duration: 51.958 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: make
Result: True
Comment: All specified packages are already installed
Started: 01:49:37.757097
Duration: 44.407 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: autoconf
Result: True
Comment: All specified packages are already installed
Started: 01:49:37.801877
Duration: 40.599 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl
Result: True
Comment: All specified packages are already installed
Started: 01:49:37.842824
Duration: 52.336 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl-devel
Result: True
Comment: All specified packages are already installed
Started: 01:49:37.895326
Duration: 100.169 ms
Changes:
----------
ID: haproxy-install
Function: file.managed
Name: /usr/local/src/haproxy-1.5.19.tar.gz
Result: True
Comment: File /usr/local/src/haproxy-1.5.19.tar.gz is in the correct state
Started: 01:49:38.000276
Duration: 63.132 ms
Changes:
----------
ID: haproxy-install
Function: cmd.run
Name: cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
Result: True
Comment: unless condition is true
Started: 01:49:38.066695
Duration: 1013.114 ms
Changes:
----------
ID: /etc/init.d/haproxy
Function: file.managed
Result: True
Comment: File /etc/init.d/haproxy is in the correct state
Started: 01:49:39.081008
Duration: 19.596 ms
Changes:
----------
ID: net.ipv4.ip_nonlocal_bind
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.ip_nonlocal_bind = 1 is already set
Started: 01:49:39.100935
Duration: 24.155 ms
Changes:
----------
ID: haproxy-config-dir
Function: file.directory
Name: /etc/haproxy
Result: True
Comment: The directory /etc/haproxy is in the correct state
Started: 01:49:39.125755
Duration: 4.695 ms
Changes:
----------
ID: haproxy-init
Function: cmd.run
Name: chkconfig --add haproxy
Result: True
Comment: unless condition is true
Started: 01:49:39.131780
Duration: 42.08 ms
Changes:
----------
ID: haproxy
Function: file.managed
Name: /usr/sbin/haproxy
Result: True
Comment: File /usr/sbin/haproxy is in the correct state
Started: 01:49:39.174823
Duration: 41.173 ms
Changes:
----------
ID: haproxy-service
Function: file.managed
Name: /etc/haproxy/haproxy.cfg
Result: True
Comment: File /etc/haproxy/haproxy.cfg is in the correct state
Started: 01:49:39.216337
Duration: 20.643 ms
Changes:
----------
ID: haproxy-service
Function: service.running
Name: haproxy
Result: True
Comment: The service haproxy is already running
Started: 01:49:39.239061
Duration: 36.84 ms
Changes:
----------
ID: keepalived-install
Function: file.managed
Name: /usr/local/src/keepalived-1.2.17.tar.gz
Result: True
Comment: File /usr/local/src/keepalived-1.2.17.tar.gz updated
Started: 01:49:39.276193
Duration: 36.023 ms
Changes:
----------
diff:
New file
mode:
0755
----------
ID: keepalived-install
Function: cmd.run
Name: cd /usr/local/src && tar zxf keepalived-1.2.17.tar.gz && cd keepalived-1.2.17 && ./configure --prefix=/user/local/keepalived --disable-fwmark && make && make install
Result: True
Comment: Command "cd /usr/local/src && tar zxf keepalived-1.2.17.tar.gz && cd keepalived-1.2.17 && ./configure --prefix=/user/local/keepalived --disable-fwmark && make && make install" run
Started: 01:49:39.313341
Duration: 16880.229 ms
Changes:
----------
pid:
128302
retcode:
0
stderr:
configure: WARNING: keepalived will be built without libnl support.
ar: creating libipvs.a
stdout:
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for a BSD-compatible install... /usr/bin/install -c
checking for strip... strip
checking how to run the C preprocessor... gcc -E
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for ANSI C header files... yes
checking for sys/wait.h that is POSIX.1 compatible... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking fcntl.h usability... yes
checking fcntl.h presence... yes
checking for fcntl.h... yes
checking syslog.h usability... yes
checking syslog.h presence... yes
checking for syslog.h... yes
checking for unistd.h... (cached) yes
checking sys/ioctl.h usability... yes
checking sys/ioctl.h presence... yes
checking for sys/ioctl.h... yes
checking sys/time.h usability... yes
checking sys/time.h presence... yes
checking for sys/time.h... yes
checking openssl/ssl.h usability... yes
checking openssl/ssl.h presence... yes
checking for openssl/ssl.h... yes
checking openssl/md5.h usability... yes
checking openssl/md5.h presence... yes
checking for openssl/md5.h... yes
checking openssl/err.h usability... yes
checking openssl/err.h presence... yes
checking for openssl/err.h... yes
checking whether ETHERTYPE_IPV6 is declared... yes
checking for crypt in -lcrypt... yes
checking for MD5_Init in -lcrypto... yes
checking for SSL_CTX_new in -lssl... yes
checking for nl_socket_alloc in -lnl-3... no
checking for nl_socket_modify_cb in -lnl... no
checking for kernel version... 3.10.0
checking for IPVS syncd support... yes
checking for kernel macvlan support... yes
checking for an ANSI C-conforming const... yes
checking for pid_t... yes
checking whether time.h and sys/time.h may both be included... yes
checking whether gcc needs -traditional... no
checking for working memcmp... yes
checking return type of signal handlers... void
checking for gettimeofday... yes
checking for select... yes
checking for socket... yes
checking for strerror... yes
checking for strtol... yes
checking for uname... yes
configure: creating ./config.status
config.status: creating Makefile
config.status: creating genhash/Makefile
config.status: creating keepalived/core/Makefile
config.status: creating lib/config.h
config.status: creating keepalived.spec
config.status: creating keepalived/Makefile
config.status: creating lib/Makefile
config.status: creating keepalived/vrrp/Makefile
config.status: creating keepalived/check/Makefile
config.status: creating keepalived/libipvs-2.6/Makefile Keepalived configuration
------------------------
Keepalived version : 1.2.17
Compiler : gcc
Compiler flags : -g -O2
Extra Lib : -lssl -lcrypto -lcrypt
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
IPVS use libnl : No
fwmark socket support : No
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
SNMP support : No
SHA1 support : No
Use Debug flags : No
make -C lib || exit 1;
make[1]: Entering directory `/usr/local/src/keepalived-1.2.17/lib'
gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c memory.c
gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c utils.c
gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c notify.c
gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c timer.c
gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c scheduler.c
gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c vector.c
gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c list.c
gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c html.c
gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c parser.c
gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c signals.c
gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c logger.c
gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c list_head.c
gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c buffer.c
gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c command.c
gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c vty.c
make[1]: Leaving directory `/usr/local/src/keepalived-1.2.17/lib'
make -C keepalived
make[1]: Entering directory `/usr/local/src/keepalived-1.2.17/keepalived'
make[2]: Entering directory `/usr/local/src/keepalived-1.2.17/keepalived/core'
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c main.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c daemon.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c pidfile.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c layer4.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c smtp.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c global_data.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c global_parser.c
make[2]: Leaving directory `/usr/local/src/keepalived-1.2.17/keepalived/core'
make[2]: Entering directory `/usr/local/src/keepalived-1.2.17/keepalived/check'
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c check_daemon.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c check_data.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c check_parser.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c check_api.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c check_tcp.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c check_http.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c check_ssl.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c check_smtp.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c check_misc.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c ipwrapper.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c ipvswrapper.c
make[2]: Leaving directory `/usr/local/src/keepalived-1.2.17/keepalived/check'
make[2]: Entering directory `/usr/local/src/keepalived-1.2.17/keepalived/vrrp'
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_daemon.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_print.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_data.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_parser.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_notify.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_scheduler.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_sync.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_index.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_netlink.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_arp.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_if.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_track.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_ipaddress.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_iproute.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_ipsecah.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_ndisc.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_vmac.c
make[2]: Leaving directory `/usr/local/src/keepalived-1.2.17/keepalived/vrrp'
make[2]: Entering directory `/usr/local/src/keepalived-1.2.17/keepalived/libipvs-2.6'
gcc -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -DLIBIPVS_DONTUSE_NL -Wall -Wunused -c -o libipvs.o libipvs.c
gcc -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -DLIBIPVS_DONTUSE_NL -Wall -Wunused -c -o ip_vs_nl_policy.o ip_vs_nl_policy.c
ar rv libipvs.a libipvs.o ip_vs_nl_policy.o
a - libipvs.o
a - ip_vs_nl_policy.o
rm libipvs.o ip_vs_nl_policy.o
make[2]: Leaving directory `/usr/local/src/keepalived-1.2.17/keepalived/libipvs-2.6'
Building ../bin/keepalived
strip ../bin/keepalived Make complete
make[1]: Leaving directory `/usr/local/src/keepalived-1.2.17/keepalived'
make -C genhash
make[1]: Entering directory `/usr/local/src/keepalived-1.2.17/genhash'
gcc -I../lib -g -O2 -D_WITHOUT_SO_MARK_ -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -c -o main.o main.c
gcc -I../lib -g -O2 -D_WITHOUT_SO_MARK_ -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -c -o sock.o sock.c
gcc -I../lib -g -O2 -D_WITHOUT_SO_MARK_ -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -c -o layer4.o layer4.c
gcc -I../lib -g -O2 -D_WITHOUT_SO_MARK_ -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -c -o http.o http.c
gcc -I../lib -g -O2 -D_WITHOUT_SO_MARK_ -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -c -o ssl.o ssl.c
Building ../bin/genhash
strip ../bin/genhash Make complete
make[1]: Leaving directory `/usr/local/src/keepalived-1.2.17/genhash' Make complete
make -C keepalived install
make[1]: Entering directory `/usr/local/src/keepalived-1.2.17/keepalived'
install -d /user/local/keepalived/sbin
install -m 700 ../bin/keepalived /user/local/keepalived/sbin/
install -d /user/local/keepalived/etc/rc.d/init.d
install -m 755 etc/init.d/keepalived.init /user/local/keepalived/etc/rc.d/init.d/keepalived
install -d /user/local/keepalived/etc/sysconfig
install -m 644 etc/init.d/keepalived.sysconfig /user/local/keepalived/etc/sysconfig/keepalived
install -d /user/local/keepalived/etc/keepalived/samples
install -m 644 etc/keepalived/keepalived.conf /user/local/keepalived/etc/keepalived/
install -m 644 ../doc/samples/* /user/local/keepalived/etc/keepalived/samples/
install -d /user/local/keepalived/share/man/man5
install -d /user/local/keepalived/share/man/man8
install -m 644 ../doc/man/man5/keepalived.conf.5 /user/local/keepalived/share/man/man5
install -m 644 ../doc/man/man8/keepalived.8 /user/local/keepalived/share/man/man8
make[1]: Leaving directory `/usr/local/src/keepalived-1.2.17/keepalived'
make -C genhash install
make[1]: Entering directory `/usr/local/src/keepalived-1.2.17/genhash'
install -d /user/local/keepalived/bin
install -m 755 ../bin/genhash /user/local/keepalived/bin/
install -d /user/local/keepalived/share/man/man1
install -m 644 ../doc/man/man1/genhash.1 /user/local/keepalived/share/man/man1
make[1]: Leaving directory `/usr/local/src/keepalived-1.2.17/genhash'
mkdir -p /usr/share/snmp/mibs/
cp -f doc/VRRP-MIB /usr/share/snmp/mibs/
cp -f doc/KEEPALIVED-MIB /usr/share/snmp/mibs/
----------
ID: /etc/sysconfig/keepalived
Function: file.managed
Result: True
Comment: File /etc/sysconfig/keepalived updated
Started: 01:49:56.194085
Duration: 24.548 ms
Changes:
----------
diff:
New file
mode:
0644
----------
ID: /etc/init.d/keepalived
Function: file.managed
Result: True
Comment: File /etc/init.d/keepalived updated
Started: 01:49:56.219173
Duration: 26.57 ms
Changes:
----------
diff:
New file
mode:
0755
----------
ID: keepalived-init
Function: cmd.run
Name: chkconfig --add keepalived
Result: True
Comment: Command "chkconfig --add keepalived" run
Started: 01:49:56.247446
Duration: 116.178 ms
Changes:
----------
pid:
129689
retcode:
0
stderr:
stdout:
----------
ID: /etc/keepalived
Function: file.directory
Result: True
Comment:
Started: 01:49:56.364156
Duration: 5.18 ms
Changes:
----------
/etc/keepalived:
----------
directory:
new
----------
ID: keepalived-server
Function: file.managed
Name: /etc/keepalived/keepalived.conf
Result: True
Comment: File /etc/keepalived/keepalived.conf updated
Started: 01:49:56.369644
Duration: 24.391 ms
Changes:
----------
diff:
New file
mode:
0644
----------
ID: keepalived-server
Function: service.running
Name: keepalived
Result: False
Comment: Running scope as unit run-129727.scope.
Job for keepalived.service failed because the control process exited with error code. See "systemctl status keepalived.service" and "journalctl -xe" for details.
Started: 01:49:56.647439
Duration: 60.41 ms
Changes: Summary for mcw03
-------------
Succeeded: 23 (changed=7)
Failed: 1
-------------
Total states run: 24
Total run time: 20.948 s
mcw02:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc
Result: True
Comment: All specified packages are already installed
Started: 01:49:36.147214
Duration: 2971.556 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: gcc-c++
Result: True
Comment: All specified packages are already installed
Started: 01:49:39.119106
Duration: 64.874 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: glibc
Result: True
Comment: All specified packages are already installed
Started: 01:49:39.184586
Duration: 64.749 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: make
Result: True
Comment: All specified packages are already installed
Started: 01:49:39.250001
Duration: 47.093 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: autoconf
Result: True
Comment: All specified packages are already installed
Started: 01:49:39.297506
Duration: 44.491 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl
Result: True
Comment: All specified packages are already installed
Started: 01:49:39.342719
Duration: 55.146 ms
Changes:
----------
ID: pkg-init
Function: pkg.installed
Name: openssl-devel
Result: True
Comment: All specified packages are already installed
Started: 01:49:39.398257
Duration: 63.738 ms
Changes:
----------
ID: haproxy-install
Function: file.managed
Name: /usr/local/src/haproxy-1.5.19.tar.gz
Result: True
Comment: File /usr/local/src/haproxy-1.5.19.tar.gz updated
Started: 01:49:39.471701
Duration: 1305.964 ms
Changes:
----------
diff:
New file
mode:
0755
----------
ID: haproxy-install
Function: cmd.run
Name: cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
Result: True
Comment: Command "cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy" run
Started: 01:49:40.783093
Duration: 48751.066 ms
Changes:
----------
pid:
82843
retcode:
0
stderr:
stdout:
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" \
-DBUILD_TARGET='"linux26"' \
-DBUILD_ARCH='""' \
-DBUILD_CPU='"generic"' \
-DBUILD_CC='"gcc"' \
-DBUILD_CFLAGS='"-O2 -g -fno-strict-aliasing"' \
-DBUILD_OPTIONS='""' \
-c -o src/haproxy.o src/haproxy.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/sessionhash.o src/sessionhash.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/base64.o src/base64.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/protocol.o src/protocol.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/uri_auth.o src/uri_auth.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/standard.o src/standard.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/buffer.o src/buffer.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/log.o src/log.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/task.o src/task.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/chunk.o src/chunk.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/channel.o src/channel.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/listener.o src/listener.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/time.o src/time.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/fd.o src/fd.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/pipe.o src/pipe.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/regex.o src/regex.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/cfgparse.o src/cfgparse.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/server.o src/server.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/checks.o src/checks.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/queue.o src/queue.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/frontend.o src/frontend.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/proxy.o src/proxy.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/peers.o src/peers.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/arg.o src/arg.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/stick_table.o src/stick_table.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/proto_uxst.o src/proto_uxst.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/connection.o src/connection.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/proto_http.o src/proto_http.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/raw_sock.o src/raw_sock.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/appsession.o src/appsession.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/backend.o src/backend.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/lb_chash.o src/lb_chash.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/lb_fwlc.o src/lb_fwlc.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/lb_fwrr.o src/lb_fwrr.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/lb_map.o src/lb_map.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/lb_fas.o src/lb_fas.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/stream_interface.o src/stream_interface.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/dumpstats.o src/dumpstats.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/proto_tcp.o src/proto_tcp.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/session.o src/session.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/hdr_idx.o src/hdr_idx.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/ev_select.o src/ev_select.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/signal.o src/signal.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/acl.o src/acl.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/sample.o src/sample.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/memory.o src/memory.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/freq_ctr.o src/freq_ctr.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/auth.o src/auth.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/compression.o src/compression.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/payload.o src/payload.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/hash.o src/hash.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/pattern.o src/pattern.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/map.o src/map.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/ev_poll.o src/ev_poll.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o src/ev_epoll.o src/ev_epoll.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o ebtree/ebtree.o ebtree/ebtree.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o ebtree/eb32tree.o ebtree/eb32tree.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o ebtree/eb64tree.o ebtree/eb64tree.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o ebtree/ebmbtree.o ebtree/ebmbtree.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o ebtree/ebsttree.o ebtree/ebsttree.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o ebtree/ebimtree.o ebtree/ebimtree.c
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" -c -o ebtree/ebistree.o ebtree/ebistree.c
gcc -g -o haproxy src/haproxy.o src/sessionhash.o src/base64.o src/protocol.o src/uri_auth.o src/standard.o src/buffer.o src/log.o src/task.o src/chunk.o src/channel.o src/listener.o src/time.o src/fd.o src/pipe.o src/regex.o src/cfgparse.o src/server.o src/checks.o src/queue.o src/frontend.o src/proxy.o src/peers.o src/arg.o src/stick_table.o src/proto_uxst.o src/connection.o src/proto_http.o src/raw_sock.o src/appsession.o src/backend.o src/lb_chash.o src/lb_fwlc.o src/lb_fwrr.o src/lb_map.o src/lb_fas.o src/stream_interface.o src/dumpstats.o src/proto_tcp.o src/session.o src/hdr_idx.o src/ev_select.o src/signal.o src/acl.o src/sample.o src/memory.o src/freq_ctr.o src/auth.o src/compression.o src/payload.o src/hash.o src/pattern.o src/map.o src/ev_poll.o src/ev_epoll.o ebtree/ebtree.o ebtree/eb32tree.o ebtree/eb64tree.o ebtree/ebmbtree.o ebtree/ebsttree.o ebtree/ebimtree.o ebtree/ebistree.o -lcrypt
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -DTPROXY -DCONFIG_HAP_CRYPT -DENABLE_POLL -DENABLE_EPOLL -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_HAPROXY_VERSION=\"1.5.19\" -DCONFIG_HAPROXY_DATE=\"2016/12/25\" \
-DSBINDIR='"/usr/local/haproxy/sbin"' \
-c -o src/haproxy-systemd-wrapper.o src/haproxy-systemd-wrapper.c
gcc -g -o haproxy-systemd-wrapper src/haproxy-systemd-wrapper.o -lcrypt
install -d "/usr/local/haproxy/sbin"
install haproxy "/usr/local/haproxy/sbin"
install -d "/usr/local/haproxy/share/man"/man1
install -m 644 doc/haproxy.1 "/usr/local/haproxy/share/man"/man1
install -d "/usr/local/haproxy/doc/haproxy"
for x in configuration architecture haproxy-en haproxy-fr; do \
install -m 644 doc/$x.txt "/usr/local/haproxy/doc/haproxy" ; \
done
----------
ID: /etc/init.d/haproxy
Function: file.managed
Result: True
Comment: File /etc/init.d/haproxy updated
Started: 01:50:29.535183
Duration: 53.164 ms
Changes:
----------
diff:
New file
mode:
0755
----------
ID: net.ipv4.ip_nonlocal_bind
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.ip_nonlocal_bind = 1
Started: 01:50:29.588848
Duration: 52.616 ms
Changes:
----------
net.ipv4.ip_nonlocal_bind:
1
----------
ID: haproxy-config-dir
Function: file.directory
Name: /etc/haproxy
Result: True
Comment:
Started: 01:50:29.642121
Duration: 6.386 ms
Changes:
----------
/etc/haproxy:
----------
directory:
new
----------
ID: haproxy-init
Function: cmd.run
Name: chkconfig --add haproxy
Result: True
Comment: Command "chkconfig --add haproxy" run
Started: 01:50:29.649848
Duration: 5568.311 ms
Changes:
----------
pid:
83116
retcode:
0
stderr:
stdout:
----------
ID: haproxy
Function: file.managed
Name: /usr/sbin/haproxy
Result: True
Comment: File /usr/sbin/haproxy updated
Started: 01:50:35.218705
Duration: 148.676 ms
Changes:
----------
diff:
New file
mode:
0755
----------
ID: haproxy-service
Function: file.managed
Name: /etc/haproxy/haproxy.cfg
Result: True
Comment: File /etc/haproxy/haproxy.cfg updated
Started: 01:50:35.367538
Duration: 19.605 ms
Changes:
----------
diff:
New file
mode:
0644
----------
ID: haproxy-service
Function: service.running
Name: haproxy
Result: False
Comment: Running scope as unit run-83165.scope.
Job for haproxy.service failed because the control process exited with error code. See "systemctl status haproxy.service" and "journalctl -xe" for details.
Started: 01:50:36.216065
Duration: 90.32 ms
Changes:
----------
ID: keepalived-install
Function: file.managed
Name: /usr/local/src/keepalived-1.2.17.tar.gz
Result: True
Comment: File /usr/local/src/keepalived-1.2.17.tar.gz updated
Started: 01:50:36.306696
Duration: 39.633 ms
Changes:
----------
diff:
New file
mode:
0755
----------
ID: keepalived-install
Function: cmd.run
Name: cd /usr/local/src && tar zxf keepalived-1.2.17.tar.gz && cd keepalived-1.2.17 && ./configure --prefix=/user/local/keepalived --disable-fwmark && make && make install
Result: True
Comment: Command "cd /usr/local/src && tar zxf keepalived-1.2.17.tar.gz && cd keepalived-1.2.17 && ./configure --prefix=/user/local/keepalived --disable-fwmark && make && make install" run
Started: 01:50:36.347241
Duration: 18522.212 ms
Changes:
----------
pid:
83185
retcode:
0
stderr:
configure: WARNING: keepalived will be built without libnl support.
ar: creating libipvs.a
stdout:
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for a BSD-compatible install... /usr/bin/install -c
checking for strip... strip
checking how to run the C preprocessor... gcc -E
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for ANSI C header files... yes
checking for sys/wait.h that is POSIX.1 compatible... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking fcntl.h usability... yes
checking fcntl.h presence... yes
checking for fcntl.h... yes
checking syslog.h usability... yes
checking syslog.h presence... yes
checking for syslog.h... yes
checking for unistd.h... (cached) yes
checking sys/ioctl.h usability... yes
checking sys/ioctl.h presence... yes
checking for sys/ioctl.h... yes
checking sys/time.h usability... yes
checking sys/time.h presence... yes
checking for sys/time.h... yes
checking openssl/ssl.h usability... yes
checking openssl/ssl.h presence... yes
checking for openssl/ssl.h... yes
checking openssl/md5.h usability... yes
checking openssl/md5.h presence... yes
checking for openssl/md5.h... yes
checking openssl/err.h usability... yes
checking openssl/err.h presence... yes
checking for openssl/err.h... yes
checking whether ETHERTYPE_IPV6 is declared... yes
checking for crypt in -lcrypt... yes
checking for MD5_Init in -lcrypto... yes
checking for SSL_CTX_new in -lssl... yes
checking for nl_socket_alloc in -lnl-3... no
checking for nl_socket_modify_cb in -lnl... no
checking for kernel version... 3.10.0
checking for IPVS syncd support... yes
checking for kernel macvlan support... yes
checking for an ANSI C-conforming const... yes
checking for pid_t... yes
checking whether time.h and sys/time.h may both be included... yes
checking whether gcc needs -traditional... no
checking for working memcmp... yes
checking return type of signal handlers... void
checking for gettimeofday... yes
checking for select... yes
checking for socket... yes
checking for strerror... yes
checking for strtol... yes
checking for uname... yes
configure: creating ./config.status
config.status: creating Makefile
config.status: creating genhash/Makefile
config.status: creating keepalived/core/Makefile
config.status: creating lib/config.h
config.status: creating keepalived.spec
config.status: creating keepalived/Makefile
config.status: creating lib/Makefile
config.status: creating keepalived/vrrp/Makefile
config.status: creating keepalived/check/Makefile
config.status: creating keepalived/libipvs-2.6/Makefile Keepalived configuration
------------------------
Keepalived version : 1.2.17
Compiler : gcc
Compiler flags : -g -O2
Extra Lib : -lssl -lcrypto -lcrypt
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
IPVS use libnl : No
fwmark socket support : No
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
SNMP support : No
SHA1 support : No
Use Debug flags : No
make -C lib || exit 1;
make[1]: Entering directory `/usr/local/src/keepalived-1.2.17/lib'
gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c memory.c
gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c utils.c
gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c notify.c
gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c timer.c
gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c scheduler.c
gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c vector.c
gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c list.c
gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c html.c
gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c parser.c
gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c signals.c
gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c logger.c
gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c list_head.c
gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c buffer.c
gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c command.c
gcc -I. -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_WITHOUT_SNMP_ -c vty.c
make[1]: Leaving directory `/usr/local/src/keepalived-1.2.17/lib'
make -C keepalived
make[1]: Entering directory `/usr/local/src/keepalived-1.2.17/keepalived'
make[2]: Entering directory `/usr/local/src/keepalived-1.2.17/keepalived/core'
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c main.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c daemon.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c pidfile.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c layer4.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c smtp.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c global_data.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c global_parser.c
make[2]: Leaving directory `/usr/local/src/keepalived-1.2.17/keepalived/core'
make[2]: Entering directory `/usr/local/src/keepalived-1.2.17/keepalived/check'
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c check_daemon.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c check_data.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c check_parser.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c check_api.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c check_tcp.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c check_http.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c check_ssl.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c check_smtp.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c check_misc.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c ipwrapper.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_WITH_VRRP_ -D_WITHOUT_SNMP_ -D_WITHOUT_SO_MARK_ -c ipvswrapper.c
make[2]: Leaving directory `/usr/local/src/keepalived-1.2.17/keepalived/check'
make[2]: Entering directory `/usr/local/src/keepalived-1.2.17/keepalived/vrrp'
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_daemon.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_print.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_data.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_parser.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_notify.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_scheduler.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_sync.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_index.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_netlink.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_arp.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_if.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_track.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_ipaddress.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_iproute.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_ipsecah.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_ndisc.c
gcc -I../include -I../../lib -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -D_KRNL_2_6_ -D_WITH_LVS_ -D_HAVE_IPVS_SYNCD_ -D_HAVE_VRRP_VMAC_ -D_WITHOUT_SNMP_ -c vrrp_vmac.c
make[2]: Leaving directory `/usr/local/src/keepalived-1.2.17/keepalived/vrrp'
make[2]: Entering directory `/usr/local/src/keepalived-1.2.17/keepalived/libipvs-2.6'
gcc -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -DLIBIPVS_DONTUSE_NL -Wall -Wunused -c -o libipvs.o libipvs.c
gcc -g -O2 -I/usr/src/linux/include -I/usr/src/linux/include -DLIBIPVS_DONTUSE_NL -Wall -Wunused -c -o ip_vs_nl_policy.o ip_vs_nl_policy.c
ar rv libipvs.a libipvs.o ip_vs_nl_policy.o
a - libipvs.o
a - ip_vs_nl_policy.o
rm libipvs.o ip_vs_nl_policy.o
make[2]: Leaving directory `/usr/local/src/keepalived-1.2.17/keepalived/libipvs-2.6'
Building ../bin/keepalived
strip ../bin/keepalived Make complete
make[1]: Leaving directory `/usr/local/src/keepalived-1.2.17/keepalived'
make -C genhash
make[1]: Entering directory `/usr/local/src/keepalived-1.2.17/genhash'
gcc -I../lib -g -O2 -D_WITHOUT_SO_MARK_ -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -c -o main.o main.c
gcc -I../lib -g -O2 -D_WITHOUT_SO_MARK_ -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -c -o sock.o sock.c
gcc -I../lib -g -O2 -D_WITHOUT_SO_MARK_ -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -c -o layer4.o layer4.c
gcc -I../lib -g -O2 -D_WITHOUT_SO_MARK_ -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -c -o http.o http.c
gcc -I../lib -g -O2 -D_WITHOUT_SO_MARK_ -I/usr/src/linux/include -I/usr/src/linux/include -Wall -Wunused -Wstrict-prototypes -c -o ssl.o ssl.c
Building ../bin/genhash
strip ../bin/genhash Make complete
make[1]: Leaving directory `/usr/local/src/keepalived-1.2.17/genhash' Make complete
make -C keepalived install
make[1]: Entering directory `/usr/local/src/keepalived-1.2.17/keepalived'
install -d /user/local/keepalived/sbin
install -m 700 ../bin/keepalived /user/local/keepalived/sbin/
install -d /user/local/keepalived/etc/rc.d/init.d
install -m 755 etc/init.d/keepalived.init /user/local/keepalived/etc/rc.d/init.d/keepalived
install -d /user/local/keepalived/etc/sysconfig
install -m 644 etc/init.d/keepalived.sysconfig /user/local/keepalived/etc/sysconfig/keepalived
install -d /user/local/keepalived/etc/keepalived/samples
install -m 644 etc/keepalived/keepalived.conf /user/local/keepalived/etc/keepalived/
install -m 644 ../doc/samples/* /user/local/keepalived/etc/keepalived/samples/
install -d /user/local/keepalived/share/man/man5
install -d /user/local/keepalived/share/man/man8
install -m 644 ../doc/man/man5/keepalived.conf.5 /user/local/keepalived/share/man/man5
install -m 644 ../doc/man/man8/keepalived.8 /user/local/keepalived/share/man/man8
make[1]: Leaving directory `/usr/local/src/keepalived-1.2.17/keepalived'
make -C genhash install
make[1]: Entering directory `/usr/local/src/keepalived-1.2.17/genhash'
install -d /user/local/keepalived/bin
install -m 755 ../bin/genhash /user/local/keepalived/bin/
install -d /user/local/keepalived/share/man/man1
install -m 644 ../doc/man/man1/genhash.1 /user/local/keepalived/share/man/man1
make[1]: Leaving directory `/usr/local/src/keepalived-1.2.17/genhash'
mkdir -p /usr/share/snmp/mibs/
cp -f doc/VRRP-MIB /usr/share/snmp/mibs/
cp -f doc/KEEPALIVED-MIB /usr/share/snmp/mibs/
----------
ID: /etc/sysconfig/keepalived
Function: file.managed
Result: True
Comment: File /etc/sysconfig/keepalived updated
Started: 01:50:54.870569
Duration: 39.673 ms
Changes:
----------
diff:
New file
mode:
0644
----------
ID: /etc/init.d/keepalived
Function: file.managed
Result: True
Comment: File /etc/init.d/keepalived updated
Started: 01:50:54.910556
Duration: 23.857 ms
Changes:
----------
diff:
New file
mode:
0755
----------
ID: keepalived-init
Function: cmd.run
Name: chkconfig --add keepalived
Result: True
Comment: Command "chkconfig --add keepalived" run
Started: 01:50:54.935930
Duration: 185.211 ms
Changes:
----------
pid:
84572
retcode:
0
stderr:
stdout:
----------
ID: /etc/keepalived
Function: file.directory
Result: True
Comment:
Started: 01:50:55.121590
Duration: 3.436 ms
Changes:
----------
/etc/keepalived:
----------
directory:
new
----------
ID: keepalived-server
Function: file.managed
Name: /etc/keepalived/keepalived.conf
Result: True
Comment: File /etc/keepalived/keepalived.conf updated
Started: 01:50:55.125209
Duration: 32.225 ms
Changes:
----------
diff:
New file
mode:
0644
----------
ID: keepalived-server
Function: service.running
Name: keepalived
Result: False
Comment: Running scope as unit run-84609.scope.
Job for keepalived.service failed because the control process exited with error code. See "systemctl status keepalived.service" and "journalctl -xe" for details.
Started: 01:50:55.445060
Duration: 148.211 ms
Changes: Summary for mcw02
-------------
Succeeded: 22 (changed=15)
Failed: 2
-------------
Total states run: 24
Total run time: 78.302 s
ERROR: Minions returned with non-zero exit code
[root@mcw01 mcw02]#
查看状态,可以知道缺少这个文件,那么给这个文件复制一份或者是添加个软连接
[root@mcw03 src]# systemctl status keepalived.service
● keepalived.service - SYSV: Start and stop Keepalived
Loaded: loaded (/etc/rc.d/init.d/keepalived; bad; vendor preset: disabled)
Active: failed (Result: exit-code) since Fri 2024-01-26 01:49:56 CST; 32s ago
Docs: man:systemd-sysv-generator(8)
Process: 129729 ExecStart=/etc/rc.d/init.d/keepalived start (code=exited, status=1/FAILURE) Jan 26 01:49:56 mcw03 systemd[1]: Starting SYSV: Start and stop Keepalived...
Jan 26 01:49:56 mcw03 keepalived[129729]: Starting keepalived: /bin/bash: /usr/local/keepalived/sbin/keepalived: No such file or directory
Jan 26 01:49:56 mcw03 keepalived[129729]: [FAILED]
Jan 26 01:49:56 mcw03 systemd[1]: keepalived.service: control process exited, code=exited status=1
Jan 26 01:49:56 mcw03 systemd[1]: Failed to start SYSV: Start and stop Keepalived.
Jan 26 01:49:56 mcw03 systemd[1]: Unit keepalived.service entered failed state.
Jan 26 01:49:56 mcw03 systemd[1]: keepalived.service failed.
[root@mcw03 src]#
mcw03上面虽然启动失败,但是编译好了,命令文件是存在的,复制到mcw01
[root@mcw03 ~]# ls /usr/local/src/keepalived-1.2.17/bin/
genhash keepalived
[root@mcw03 ~]# ls /usr/local/src/keepalived-1.2.17/bin/keepalived
/usr/local/src/keepalived-1.2.17/bin/keepalived
[root@mcw03 ~]# scp -rp /usr/local/src/keepalived-1.2.17/bin/keepalived 10.0.0.11:/root/
root@10.0.0.11's password:
/usr/local/python3/bin/python3: Error while finding module specification for 'virtualenvwrapper.hook_loader' (ModuleNotFoundError: No module named 'virtualenvwrapper')
virtualenvwrapper.sh: There was a problem running the initialization hooks. If Python could not import the module virtualenvwrapper.hook_loader,
check that virtualenvwrapper has been installed for
VIRTUALENVWRAPPER_PYTHON=/usr/local/python3/bin/python3 and that PATH is
set properly.
keepalived 100% 248KB 75.9MB/s 00:00
[root@mcw03 ~]#
MCW01上将keepalived复制到salt文件目录下
[root@mcw01 ~]# cp keepalived /srv/salt/prod/keepalived/files/
[root@mcw01 ~]# ls -lh /srv/salt/prod/keepalived/files/keepalived
-rwxr-xr-x 1 root root 249K Jan 26 23:47 /srv/salt/prod/keepalived/files/keepalived
[root@mcw01 ~]#
需要在服务运行之前,给添加keepalived,到对应的路径下。所以服务启动的时候也要写上这个文件复制过去之后,再运行
[root@mcw01 ~]# tree /srv/salt/prod/
/srv/salt/prod/
├── cluster
│ ├── files
│ │ ├── haproxy
│ │ ├── haproxy-outside.cfg
│ │ └── haproxy-outside-keepalived.conf
│ ├── haproxy-outside-keepalived.sls
│ └── haproxy-outside.sls
├── haproxy
│ ├── files
│ │ ├── haproxy-1.5.19.tar.gz
│ │ └── haproxy.init
│ └── install.sls
├── keepalived
│ ├── files
│ │ ├── keepalived
│ │ ├── keepalived-1.2.17.tar.gz
│ │ ├── keepalived.init
│ │ └── keepalived.sysconfig
│ └── install.sls
└── pkg
└── pkg-init.sls 7 directories, 14 files
[root@mcw01 ~]# vim /srv/salt/prod/keepalived/install.sls
[root@mcw01 ~]# cat /srv/salt/prod/keepalived/install.sls
keepalived-install:
file.managed:
- name: /usr/local/src/keepalived-1.2.17.tar.gz
- source: salt://keepalived/files/keepalived-1.2.17.tar.gz
- mode: 755
- user: root
- group: root
cmd.run:
- name: cd /usr/local/src && tar zxf keepalived-1.2.17.tar.gz && cd keepalived-1.2.17 && ./configure --prefix=/user/local/keepalived --disable-fwmark && make && make install
- unless: test -d /usr/local/keepalived
- require:
- file: keepalived-install
/etc/sysconfig/keepalived:
file.managed:
- source: salt://keepalived/files/keepalived.sysconfig
- mode: 644
- user: root
- group: root
/etc/init.d/keepalived:
file.managed:
- source: salt://keepalived/files/keepalived.init
- mode: 755
- user: root
- group: root
keepalived-init:
cmd.run:
- name: chkconfig --add keepalived
- unless: chkconfig --list | grep keepalived
- require:
- file: /etc/init.d/keepalived
/etc/keepalived:
file.directory:
- user: root
- group: root
[root@mcw01 ~]# vim /srv/salt/prod/keepalived/install.sls
[root@mcw01 ~]# cat /srv/salt/prod/keepalived/install.sls
keepalived-install:
file.managed:
- name: /usr/local/src/keepalived-1.2.17.tar.gz
- source: salt://keepalived/files/keepalived-1.2.17.tar.gz
- mode: 755
- user: root
- group: root
cmd.run:
- name: cd /usr/local/src && tar zxf keepalived-1.2.17.tar.gz && cd keepalived-1.2.17 && ./configure --prefix=/user/local/keepalived --disable-fwmark && make && make install
- unless: test -d /usr/local/keepalived
- require:
- file: keepalived-install
/etc/sysconfig/keepalived:
file.managed:
- source: salt://keepalived/files/keepalived.sysconfig
- mode: 644
- user: root
- group: root
/etc/init.d/keepalived:
file.managed:
- source: salt://keepalived/files/keepalived.init
- mode: 755
- user: root
- group: root
/usr/local/keepalived/sbin/keepalived:
file.managed:
- source: salt://keepalived/files/keepalived
- mode: 755
- user: root
- group: root
keepalived-init:
cmd.run:
- name: chkconfig --add keepalived
- unless: chkconfig --list | grep keepalived
- require:
- file: /etc/init.d/keepalived
- file: /usr/local/keepalived/sbin/keepalived
/etc/keepalived:
file.directory:
- user: root
- group: root
[root@mcw01 ~]#
执行后报错了:
Changes:
----------
ID: /usr/local/keepalived/sbin/keepalived
Function: file.managed
Result: False
Comment: Parent directory not present
Started: 00:19:10.345561
Duration: 23.055 ms
Changes:
----------
ID: keepalived-init
Function: cmd.run
Name: chkconfig --add keepalived
Result: False
Comment: One or more requisite failed: keepalived.install./usr/local/keepalived/sbin/keepalived
Started: 00:19:10.369491
Duration: 0.004 ms
Changes:
----------
ID: /etc/keepalived
导致后面的服务也没有起来
----------
ID: keepalived-server
Function: service.running
Name: keepalived
Result: False
Comment: Running scope as unit run-5620.scope.
Job for keepalived.service failed because the control process exited with error code. See "systemctl status keepalived.service" and "journalctl -xe" for details.
Started: 00:19:10.386502
Duration: 46.448 ms
Changes:
需要先将目录创建出来
[root@mcw03 ~]# ls /usr/local/
bin etc games haproxy include jdk lib lib64 libexec mysqld_exporter node_exporter prometheus sbin share src
[root@mcw03 ~]#
多级目录需要添加下面参数,不然报错没有目录
/path/to/parent/directory:
file.directory:
- makedirs: True
再次查看,我添加下面的配置,名字是随意起的,xiaoma。然后多级目录的创建。name就是要创建的目录名称。再后面的keepalived文件复制到这个目录下,就需要等待这个xiaoma结束,之所以两个不放在一起,会报错,报错类似于file重复吧,还是啥的
[root@mcw01 ~]# vim /srv/salt/prod/keepalived/install.sls
[root@mcw01 ~]# cat /srv/salt/prod/keepalived/install.sls
keepalived-install:
file.managed:
- name: /usr/local/src/keepalived-1.2.17.tar.gz
- source: salt://keepalived/files/keepalived-1.2.17.tar.gz
- mode: 755
- user: root
- group: root
cmd.run:
- name: cd /usr/local/src && tar zxf keepalived-1.2.17.tar.gz && cd keepalived-1.2.17 && ./configure --prefix=/user/local/keepalived --disable-fwmark && make && make install
- unless: test -d /usr/local/keepalived
- require:
- file: keepalived-install
/etc/sysconfig/keepalived:
file.managed:
- source: salt://keepalived/files/keepalived.sysconfig
- mode: 644
- user: root
- group: root
/etc/init.d/keepalived:
file.managed:
- source: salt://keepalived/files/keepalived.init
- mode: 755
- user: root
- group: root
xiaoma:
file.directory:
- name: /usr/local/keepalived/sbin/
- makedirs: True
/usr/local/keepalived/sbin/keepalived:
file.managed:
- source: salt://keepalived/files/keepalived
- mode: 755
- user: root
- group: root
- reeuire:
- file: xiaoma
keepalived-init:
cmd.run:
- name: chkconfig --add keepalived
- unless: chkconfig --list | grep keepalived
- require:
- file: /etc/init.d/keepalived
- file: /usr/local/keepalived/sbin/keepalived
/etc/keepalived:
file.directory:
- user: root
- group: root
[root@mcw01 ~]#
上面执行,之后,这里正常了
但是此时还是有一个报错,就是haproxy服务,在mcw02上没有起来的报错
----------
ID: haproxy-service
Function: service.running
Name: haproxy
Result: False
Comment: Running scope as unit run-7574.scope.
Job for haproxy.service failed because the control process exited with error code. See "systemctl status haproxy.service" and "journalctl -xe" for details.
Started: 00:38:58.614534
Duration: 39.239 ms
Changes:
----------
之所以没有起来,是mcw02节点,80端口被nginx占用了,haproxy不能绑定80端口了
[root@mcw02 ~]# systemctl status haproxy.service
● haproxy.service - SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments.
Loaded: loaded (/etc/rc.d/init.d/haproxy; bad; vendor preset: disabled)
Active: failed (Result: exit-code) since Sat 2024-01-27 00:38:58 CST; 5min ago
Docs: man:systemd-sysv-generator(8) Jan 27 00:38:58 mcw02 systemd[1]: Starting SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments....
Jan 27 00:38:58 mcw02 haproxy[7575]: /etc/rc.d/init.d/haproxy: line 26: [: =: unary operator expected
Jan 27 00:38:58 mcw02 haproxy[7575]: Starting haproxy: [ALERT] 026/003858 (7583) : Starting frontend frontend_www_example_com: cannot bind socket [10.0.0.12:80]
Jan 27 00:38:58 mcw02 haproxy[7575]: [FAILED]
Jan 27 00:38:58 mcw02 systemd[1]: haproxy.service: control process exited, code=exited status=1
Jan 27 00:38:58 mcw02 systemd[1]: Failed to start SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments..
Jan 27 00:38:58 mcw02 systemd[1]: Unit haproxy.service entered failed state.
Jan 27 00:38:58 mcw02 systemd[1]: haproxy.service failed.
[root@mcw02 ~]# hostname -I
10.0.0.12 10.0.0.99
[root@mcw02 ~]# ss -lntup|grep 80
tcp LISTEN 0 511 *:80 *:* users:(("nginx",pid=1608,fd=8),("nginx",pid=1607,fd=8))
[root@mcw02 ~]#
这是我们zabbix的端口。那么换成mcw03 04两个机器,而不是02机器吧
14也是zabbix,记不清了
那就选01和03吧
[root@mcw01 ~]# vim /srv/salt/base/top.sls
[root@mcw01 ~]# cat /srv/salt/base/top.sls
base:
#'*':
# - init.env_init
'mcw03':
- cluster.haproxy-outside
- cluster.haproxy-outside-keepalived
'mcw01':
- cluster.haproxy-outside
- cluster.haproxy-outside-keepalived
#prod:
# '*':
# -
[root@mcw01 ~]#
然后再次执行,报错了,这是因为有配置没修改成mcw01,导致没有生成相关配置roudteid
----------
ID: /etc/keepalived
Function: file.directory
Result: True
Comment:
Started: 00:53:57.669911
Duration: 1.623 ms
Changes:
----------
/etc/keepalived:
----------
directory:
new
----------
ID: keepalived-server
Function: file.managed
Name: /etc/keepalived/keepalived.conf
Result: False
Comment: Unable to manage file: Jinja variable 'ROUTEID' is undefined
Started: 00:53:57.671628
Duration: 198.605 ms
Changes:
----------
ID: keepalived-server
Function: service.running
Name: keepalived
Result: False
Comment: One or more requisite failed: cluster.haproxy-outside-keepalived.keepalived-server
Started: 00:53:57.870727
Duration: 0.004 ms
Changes: Summary for mcw01
-------------
Succeeded: 24 (changed=15)
Failed: 2
修改成判断mcw01
[root@mcw01 ~]# cat /srv/salt/prod/cluster/haproxy-outside-keepalived.sls
include:
- keepalived.install
keepalived-server:
file.managed:
- name: /etc/keepalived/keepalived.conf
- source: salt://cluster/files/haproxy-outside-keepalived.conf
- mode: 644
- user: root
- group: root
- template: jinja {% if grains['fqdn'] == 'mcw02' %}
- ROUTEID: haproxy_ha
- STARTID: MASTER
- PRIORITYID: 150 {% elif grains['fqdn'] == 'mcw03' %}
- ROUTEID: haproxy_ha
- STARTID: BACKUP
- PRIORITYID: 100
{% endif %}
service.running:
- name: keepalived
- enable: True
- watch:
- file: keepalived-server
[root@mcw01 ~]# vim /srv/salt/prod/cluster/haproxy-outside-keepalived.sls
[root@mcw01 ~]# cat /srv/salt/prod/cluster/haproxy-outside-keepalived.sls
include:
- keepalived.install
keepalived-server:
file.managed:
- name: /etc/keepalived/keepalived.conf
- source: salt://cluster/files/haproxy-outside-keepalived.conf
- mode: 644
- user: root
- group: root
- template: jinja {% if grains['fqdn'] == 'mcw01' %}
- ROUTEID: haproxy_ha
- STARTID: MASTER
- PRIORITYID: 150 {% elif grains['fqdn'] == 'mcw03' %}
- ROUTEID: haproxy_ha
- STARTID: BACKUP
- PRIORITYID: 100
{% endif %}
service.running:
- name: keepalived
- enable: True
- watch:
- file: keepalived-server
[root@mcw01 ~]#
执行完之后,之前在mcw02上启动的keepaliveed并不会停止删除掉
[root@mcw02 ~]# ps -ef|grep keep
root 8818 1 0 00:39 ? 00:00:00 /usr/local/keepalived/sbin/keepalived -D
root 8820 8818 0 00:39 ? 00:00:00 /usr/local/keepalived/sbin/keepalived -D
root 8821 8818 0 00:39 ? 00:00:00 /usr/local/keepalived/sbin/keepalived -D
root 9062 1859 0 00:59 pts/0 00:00:00 grep --color=auto keep
[root@mcw02 ~]#
查看vip0.99并没有在mcw01上创建,
[root@mcw01 ~]# grep ens33 /srv/* -r
/srv/salt/prod/cluster/files/haproxy-outside-keepalived.conf: interface ens33
[root@mcw01 ~]# cat /srv/salt/prod/cluster/files/haproxy-outside-keepalived.conf
! Configuration File for keepalived
glabal_defs {
notification_email {
saltstack@example.com
}
notification_eamil_from keepalived@example.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id {{ ROUTEID }}
} vrrp_instance haproxy_ha {
state {{STARTID}}
interface ens33
virtual_router_id 36
priority {{PRIORITYID}}
advert_int 1
authentication {
auth_type PASS
auth_pass 111
}
virtual_ipaddress {
10.0.0.99
}
}
[root@mcw01 ~]#
[root@mcw01 ~]#
[root@mcw01 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:0b:af:8b brd ff:ff:ff:ff:ff:ff
inet 10.0.0.11/24 brd 10.0.0.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::f32c:166d:40de:8f2e/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::495b:ff7:d185:f95d/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::9335:fbc:5cf6:ad83/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:0b:af:95 brd ff:ff:ff:ff:ff:ff
[root@mcw01 ~]#
这是因为在mcw02,虽然因为80端口被占用,haproxy没有起来,但是keepalived之前已经部署了 ,改为mcw01上部署之后,mcw02这个节点还是在用这个ip。
[root@mcw02 ~]# ps -ef|grep keep
root 8818 1 0 00:39 ? 00:00:00 /usr/local/keepalived/sbin/keepalived -D
root 8820 8818 0 00:39 ? 00:00:00 /usr/local/keepalived/sbin/keepalived -D
root 8821 8818 0 00:39 ? 00:00:00 /usr/local/keepalived/sbin/keepalived -D
root 9062 1859 0 00:59 pts/0 00:00:00 grep --color=auto keep
[root@mcw02 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:af:9b:98 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.12/24 brd 10.0.0.255 scope global ens33
valid_lft forever preferred_lft forever
inet 10.0.0.99/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::9335:fbc:5cf6:ad83/64 scope link
valid_lft forever preferred_lft forever
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:af:9b:a2 brd ff:ff:ff:ff:ff:ff
[root@mcw02 ~]# ss -lntup|grep 80
tcp LISTEN 0 511 *:80 *:* users:(("nginx",pid=1608,fd=8),("nginx",pid=1607,fd=8))
[root@mcw02 ~]#
直接把mcw02上的服务停掉,这个vip也释放出来了
[root@mcw02 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:af:9b:98 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.12/24 brd 10.0.0.255 scope global ens33
valid_lft forever preferred_lft forever
inet 10.0.0.99/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::9335:fbc:5cf6:ad83/64 scope link
valid_lft forever preferred_lft forever
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:af:9b:a2 brd ff:ff:ff:ff:ff:ff
[root@mcw02 ~]# ss -lntup|grep 80
tcp LISTEN 0 511 *:80 *:* users:(("nginx",pid=1608,fd=8),("nginx",pid=1607,fd=8))
[root@mcw02 ~]#
[root@mcw02 ~]# systemctl stop keepalived.service
[root@mcw02 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:af:9b:98 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.12/24 brd 10.0.0.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::9335:fbc:5cf6:ad83/64 scope link
valid_lft forever preferred_lft forever
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:af:9b:a2 brd ff:ff:ff:ff:ff:ff
[root@mcw02 ~]#
10.0.0.99释放出来后,mcw01作为主节点,没做什么操作,立刻使用这个vip了
[root@mcw01 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:0b:af:8b brd ff:ff:ff:ff:ff:ff
inet 10.0.0.11/24 brd 10.0.0.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::f32c:166d:40de:8f2e/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::495b:ff7:d185:f95d/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::9335:fbc:5cf6:ad83/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:0b:af:95 brd ff:ff:ff:ff:ff:ff
[root@mcw01 ~]#
[root@mcw01 ~]#
[root@mcw01 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:0b:af:8b brd ff:ff:ff:ff:ff:ff
inet 10.0.0.11/24 brd 10.0.0.255 scope global ens33
valid_lft forever preferred_lft forever
inet 10.0.0.99/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::f32c:166d:40de:8f2e/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::495b:ff7:d185:f95d/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::9335:fbc:5cf6:ad83/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:0b:af:95 brd ff:ff:ff:ff:ff:ff
[root@mcw01 ~]#
可以看到salt把 haproxy和keepavlived都装上了。将机器keepalived停掉,
[root@mcw01 ~]# ss -lntup|grep 80
tcp LISTEN 0 16384 10.0.0.12:80 *:* users:(("haproxy",pid=15945,fd=5))
tcp LISTEN 0 80 :::3306 :::* users:(("mysqld",pid=1800,fd=15))
[root@mcw01 ~]# ps -ef|grep keep
root 18353 1 0 00:59 ? 00:00:00 /usr/local/keepalived/sbin/keepalived -D
root 18355 18353 0 00:59 ? 00:00:00 /usr/local/keepalived/sbin/keepalived -D
root 18356 18353 0 00:59 ? 00:00:00 /usr/local/keepalived/sbin/keepalived -D
root 19600 1957 0 01:11 pts/0 00:00:00 grep --color=auto keep
[root@mcw01 ~]# pkill keep
[root@mcw01 ~]# ps -ef|grep keep
root 19617 1957 0 01:11 pts/0 00:00:00 grep --color=auto keep
[root@mcw01 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:0b:af:8b brd ff:ff:ff:ff:ff:ff
inet 10.0.0.11/24 brd 10.0.0.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::f32c:166d:40de:8f2e/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::495b:ff7:d185:f95d/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::9335:fbc:5cf6:ad83/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:0b:af:95 brd ff:ff:ff:ff:ff:ff
[root@mcw01 ~]#
vip里面漂移到备节点上了
[root@mcw03 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:ae:54:49 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.13/24 brd 10.0.0.255 scope global ens33
valid_lft forever preferred_lft forever
inet 10.0.0.99/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::495b:ff7:d185:f95d/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::9335:fbc:5cf6:ad83/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:ae:54:53 brd ff:ff:ff:ff:ff:ff
[root@mcw03 ~]#
启动主节点,vip又漂移回来了
[root@mcw01 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:0b:af:8b brd ff:ff:ff:ff:ff:ff
inet 10.0.0.11/24 brd 10.0.0.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::f32c:166d:40de:8f2e/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::495b:ff7:d185:f95d/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::9335:fbc:5cf6:ad83/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:0b:af:95 brd ff:ff:ff:ff:ff:ff
[root@mcw01 ~]#
[root@mcw01 ~]#
[root@mcw01 ~]# systemctl start keepalived
[root@mcw01 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:0b:af:8b brd ff:ff:ff:ff:ff:ff
inet 10.0.0.11/24 brd 10.0.0.255 scope global ens33
valid_lft forever preferred_lft forever
inet 10.0.0.99/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::f32c:166d:40de:8f2e/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::495b:ff7:d185:f95d/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::9335:fbc:5cf6:ad83/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:0b:af:95 brd ff:ff:ff:ff:ff:ff
[root@mcw01 ~]#
mcw03作为备,就没有了vip了
[root@mcw03 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:ae:54:49 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.13/24 brd 10.0.0.255 scope global ens33
valid_lft forever preferred_lft forever
inet 10.0.0.99/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::495b:ff7:d185:f95d/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::9335:fbc:5cf6:ad83/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:ae:54:53 brd ff:ff:ff:ff:ff:ff
[root@mcw03 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:ae:54:49 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.13/24 brd 10.0.0.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::495b:ff7:d185:f95d/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::9335:fbc:5cf6:ad83/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:ae:54:53 brd ff:ff:ff:ff:ff:ff
[root@mcw03 ~]#
其它state文件暂时省略 ,以后补充
理解扩展grains流程
创建这个目录,目录下写python程序,程序中定义函数,然后返回一个字典。目前mcw03是没有list这个grains的
[root@mcw01 ~]# mkdir /srv/salt/_grains
[root@mcw01 ~]# vim /srv/salt/_grains/example.py
[root@mcw01 ~]# cat /srv/salt/_grains/example.py
#!/usr/bin/python
def grains():
local={}
test={'key':'vaule','key1':'value1','key2':'vaule2'}
local['list'] = [1,2,3,4]
local['string'] = 'str'
local['dict'] = test
return local
[root@mcw01 ~]# salt mcw03 grains.item list
mcw03:
----------
list:
[root@mcw01 ~]#
mcw03缓存中没有这个文件的
[root@mcw03 ~]# ls /var/cache/
abrt-di ldconfig man salt yum
[root@mcw03 ~]#
[root@mcw03 ~]# ls /var/cache/salt/
minion
[root@mcw03 ~]# ls /var/cache/salt/minion/
accumulator extmods extrn_files file_backup files highstate.cache.p module_refresh pkg_refresh proc sls.p
[root@mcw03 ~]# ls /var/cache/salt/minion/extmods/
[root@mcw03 ~]#
同步上面写的脚本到minion
[root@mcw01 ~]# salt mcw03 saltutil.sync_grains
mcw03:
[root@mcw01 ~]#
还是结果是没有看到。我们应该是将目录创建的文件的root目录下
[root@mcw01 ~]# ls /srv/salt/
base _grains prod test
[root@mcw01 ~]# ls /srv/salt/base/
init top.sls
[root@mcw01 ~]# tail -20 /etc/salt/master|head
############################################
# Allow the raw_shell parameter to be used when calling Salt SSH client via API
#netapi_allow_raw_shell: True
file_roots:
base:
- /srv/salt/base
- /srv/salt/prod
prod:
- /srv/salt/prod
# prod:
[root@mcw01 ~]# mv /srv/salt/_grains /srv/salt/base/
[root@mcw01 ~]#
然后我们执行,就可以看到这个grains了
[root@mcw01 ~]# salt mcw03 saltutil.sync_grains
mcw03:
- grains.example
[root@mcw01 ~]#
远程可看到这个文件同步到mcw03上了
[root@mcw01 ~]# salt mcw03 cmd.run 'ls /var/cache/salt/minion/extmods/'
mcw03:
grains
[root@mcw01 ~]# salt mcw03 cmd.run 'ls /var/cache/salt/minion/extmods/grains'
mcw03:
__pycache__
example.py
[root@mcw01 ~]#
minion上可以查看到
[root@mcw03 ~]# ls /var/cache/salt/minion/extmods/
grains
[root@mcw03 ~]# ls /var/cache/salt/minion/extmods/grains/
example.py __pycache__
[root@mcw03 ~]# cat /var/cache/salt/minion/extmods/grains/example.py
#!/usr/bin/python
def grains():
local={}
test={'key':'vaule','key1':'value1','key2':'vaule2'}
local['list'] = [1,2,3,4]
local['string'] = 'str'
local['dict'] = test
return local
[root@mcw03 ~]#
master上查看minion上多个项
[root@mcw01 ~]# salt mcw03 grains.item list string dict
mcw03:
----------
dict:
----------
key:
vaule
key1:
value1
key2:
vaule2
list:
- 1
- 2
- 3
- 4
string:
str
[root@mcw01 ~]#
扩展grains案例
通过命令等等获取机器信息,做下处理,然后作为键值对返回这个函数名可以自己定义
[root@mcw01 ~]# ls /srv/salt/base/_grains/
example.py info.py
[root@mcw01 ~]# cat /srv/salt/base/_grains/*
#!/usr/bin/python
def grains():
local={}
test={'key':'vaule','key1':'value1','key2':'vaule2'}
local['list'] = [1,2,3,4]
local['string'] = 'str'
local['dict'] = test
return local
#!/usr/bin/python
import commands
def role():
information={}
information['disk_num'] = commands.getoutput('fdisk -l|grep Disk|wc -l')
information['disk_big'] = commands.getoutput("fdisk -l|grep Disk|grep /dev/sda|awk '{print $3}'")
return information
[root@mcw01 ~]#
上面的没有成功,比如下面的测试,字典的名称是local才能获取到键值对数据,不然没有获取到
[root@mcw01 ~]# cat /srv/salt/base/_grains/xiaoma.py
#!/usr/bin/python
def mcw():
mcwdic={}
mcwdit['myname'] = 'machangwei'
return mcwdir
[root@mcw01 ~]# salt mcw03 saltutil.sync_grains
mcw03:
- grains.xiaoma
[root@mcw01 ~]# salt mcw03 grains.item myname
mcw03:
----------
myname:
[root@mcw01 ~]#
函数名可以改变,但是返回的字典名称,好像得是local才可以符合预期获取到数值
[root@mcw01 ~]# cat /srv/salt/base/_grains/xiaoma.py
#!/usr/bin/python
def mcw():
local={}
local['myname'] = 'machangwei'
return local
[root@mcw01 ~]# salt mcw03 saltutil.sync_grains
mcw03:
- grains.xiaoma
[root@mcw01 ~]# salt mcw03 grains.item myname
mcw03:
----------
myname:
machangwei
[root@mcw01 ~]#
根本原因好像是command获取的值,这里不能用,是不是可以其它方法获取值用呢
[root@mcw01 ~]# vim /srv/salt/base/_grains/info.py
[root@mcw01 ~]# cat /srv/salt/base/_grains/info.py
#!/usr/bin/python
#import commands
def role():
local={}
local['disknum'] = commands.getoutput('fdisk -l|grep Disk|wc -l')
local['diskbig'] = commands.getoutput("fdisk -l|grep Disk|grep /dev/sda|awk '{print $3}'")
return local
[root@mcw01 ~]#
[root@mcw01 ~]# salt mcw03 saltutil.sync_grains
mcw03:
- grains.info
[root@mcw01 ~]# salt mcw03 grains.item disknum
mcw03:
----------
disknum:
[root@mcw01 ~]# vim /srv/salt/base/_grains/info.py
[root@mcw01 ~]# cat /srv/salt/base/_grains/info.py
#!/usr/bin/python
#import commands
def role():
local={}
local['disknum'] = 1#commands.getoutput('fdisk -l|grep Disk|wc -l')
local['diskbig'] = 2#commands.getoutput("fdisk -l|grep Disk|grep /dev/sda|awk '{print $3}'")
return local
[root@mcw01 ~]# salt mcw03 saltutil.sync_grains
mcw03:
- grains.info
[root@mcw01 ~]# salt mcw03 grains.item disknum
mcw03:
----------
disknum:
1
[root@mcw01 ~]#
再看,感觉还是跟commands有关
[root@mcw01 ~]# cat /srv/salt/base/_grains/info.py
#!/usr/bin/python
import commands
def role():
local={}
local['disknum'] = 1#commands.getoutput('fdisk -l|grep Disk|wc -l')
local['diskbig'] = 2#commands.getoutput("fdisk -l|grep Disk|grep /dev/sda|awk '{print $3}'")
return local
[root@mcw01 ~]# salt mcw03 grains.item disknum
mcw03:
----------
disknum:
[root@mcw01 ~] [root@mcw01 ~]# vim /srv/salt/base/_grains/info.py
[root@mcw01 ~]# cat /srv/salt/base/_grains/info.py
#!/usr/bin/python
#import commands
def role():
local={}
local['disknum'] = 1#commands.getoutput('fdisk -l|grep Disk|wc -l')
local['diskbig'] = 2#commands.getoutput("fdisk -l|grep Disk|grep /dev/sda|awk '{print $3}'")
return local
[root@mcw01 ~]# salt mcw03 saltutil.sync_grains
mcw03:
- grains.info
[root@mcw01 ~]# salt mcw03 grains.item disknum
mcw03:
----------
disknum:
1
[root@mcw01 ~]#
把commands改成subprocess,就可以实现符合预期的了
[root@mcw01 ~]# vim /srv/salt/base/_grains/info.py
[root@mcw01 ~]# cat /srv/salt/base/_grains/info.py
#!/usr/bin/python
import subprocess
def role():
local={}
local['disknum'] = subprocess.getoutput('fdisk -l|grep Disk|wc -l')
local['diskbig'] = subprocess.getoutput("fdisk -l|grep Disk|grep /dev/sda|awk '{print $3}'")
return local
[root@mcw01 ~]#
[root@mcw01 ~]# salt mcw03 saltutil.sync_grains
mcw03:
- grains.info
[root@mcw01 ~]# salt mcw03 grains.item disknum
mcw03:
----------
disknum:
5
[root@mcw01 ~]# vim /srv/salt/base/_grains/info.py
[root@mcw01 ~]# cat /srv/salt/base/_grains/info.py
#!/usr/bin/python
import subprocess
def role():
local={}
local['disk_num'] = subprocess.getoutput('fdisk -l|grep Disk|wc -l')
local['disk_big'] = subprocess.getoutput("fdisk -l|grep Disk|grep /dev/sda|awk '{print $3}'")
return local
[root@mcw01 ~]# salt mcw03 saltutil.sync_grains
mcw03:
- grains.info
[root@mcw01 ~]# salt mcw03 grains.item disk_num disk_big
mcw03:
----------
disk_big:
21.5
disk_num:
5
[root@mcw01 ~]#
理解扩展module原理
查看一个案例
[root@mcw01 ~]# cat /usr/lib/python3.6/site-packages/salt/modules/dig.py
"""
Compendium of generic DNS utilities.
The 'dig' command line tool must be installed in order to use this module.
""" import logging
import re import salt.utils.network
import salt.utils.path log = logging.getLogger(__name__) __virtualname__ = "dig" def __virtual__():
"""
Only load module if dig binary is present
"""
if salt.utils.path.which("dig"):
return __virtualname__
return (
False,
"The dig execution module cannot be loaded: the dig binary is not in the path.",
) def check_ip(addr):
"""
Check if address is a valid IP. returns True if valid, otherwise False. CLI Example: .. code-block:: bash salt ns1 dig.check_ip 127.0.0.1
salt ns1 dig.check_ip 1111:2222:3333:4444:5555:6666:7777:8888
""" try:
addr = addr.rsplit("/", 1)
except AttributeError:
# Non-string passed
return False if salt.utils.network.is_ipv4(addr[0]):
try:
if 1 <= int(addr[1]) <= 32:
return True
except ValueError:
# Non-int subnet notation
return False
except IndexError:
# No subnet notation used (i.e. just an IPv4 address)
return True if salt.utils.network.is_ipv6(addr[0]):
try:
if 8 <= int(addr[1]) <= 128:
return True
except ValueError:
# Non-int subnet notation
return False
except IndexError:
# No subnet notation used (i.e. just an IPv4 address)
return True return False def A(host, nameserver=None):
"""
Return the A record for ``host``. Always returns a list. CLI Example: .. code-block:: bash salt ns1 dig.A www.google.com
"""
dig = ["dig", "+short", str(host), "A"] if nameserver is not None:
dig.append("@{}".format(nameserver)) cmd = __salt__["cmd.run_all"](dig, python_shell=False)
# In this case, 0 is not the same as False
if cmd["retcode"] != 0:
log.warning(
"dig returned exit code '%s'. Returning empty list as fallback.",
cmd["retcode"],
)
return [] # make sure all entries are IPs
return [x for x in cmd["stdout"].split("\n") if check_ip(x)] def AAAA(host, nameserver=None):
"""
Return the AAAA record for ``host``. Always returns a list. CLI Example: .. code-block:: bash salt ns1 dig.AAAA www.google.com
"""
dig = ["dig", "+short", str(host), "AAAA"] if nameserver is not None:
dig.append("@{}".format(nameserver)) cmd = __salt__["cmd.run_all"](dig, python_shell=False)
# In this case, 0 is not the same as False
if cmd["retcode"] != 0:
log.warning(
"dig returned exit code '%s'. Returning empty list as fallback.",
cmd["retcode"],
)
return [] # make sure all entries are IPs
return [x for x in cmd["stdout"].split("\n") if check_ip(x)] def NS(domain, resolve=True, nameserver=None):
"""
Return a list of IPs of the nameservers for ``domain`` If ``resolve`` is False, don't resolve names. CLI Example: .. code-block:: bash salt ns1 dig.NS google.com
"""
dig = ["dig", "+short", str(domain), "NS"] if nameserver is not None:
dig.append("@{}".format(nameserver)) cmd = __salt__["cmd.run_all"](dig, python_shell=False)
# In this case, 0 is not the same as False
if cmd["retcode"] != 0:
log.warning(
"dig returned exit code '%s'. Returning empty list as fallback.",
cmd["retcode"],
)
return [] if resolve:
ret = []
for ns_host in cmd["stdout"].split("\n"):
for ip_addr in A(ns_host, nameserver):
ret.append(ip_addr)
return ret return cmd["stdout"].split("\n") def SPF(domain, record="SPF", nameserver=None):
"""
Return the allowed IPv4 ranges in the SPF record for ``domain``. If record is ``SPF`` and the SPF record is empty, the TXT record will be
searched automatically. If you know the domain uses TXT and not SPF,
specifying that will save a lookup. CLI Example: .. code-block:: bash salt ns1 dig.SPF google.com
"""
spf_re = re.compile(r"(?:\+|~)?(ip[46]|include):(.+)")
cmd = ["dig", "+short", str(domain), record] if nameserver is not None:
cmd.append("@{}".format(nameserver)) result = __salt__["cmd.run_all"](cmd, python_shell=False)
# In this case, 0 is not the same as False
if result["retcode"] != 0:
log.warning(
"dig returned exit code '%s'. Returning empty list as fallback.",
result["retcode"],
)
return [] if result["stdout"] == "" and record == "SPF":
# empty string is successful query, but nothing to return. So, try TXT
# record.
return SPF(domain, "TXT", nameserver) sections = re.sub('"', "", result["stdout"]).split()
if not sections or sections[0] != "v=spf1":
return [] if sections[1].startswith("redirect="):
# Run a lookup on the part after 'redirect=' (9 chars)
return SPF(sections[1][9:], "SPF", nameserver)
ret = []
for section in sections[1:]:
try:
mechanism, address = spf_re.match(section).groups()
except AttributeError:
# Regex was not matched
continue
if mechanism == "include":
ret.extend(SPF(address, "SPF", nameserver))
elif mechanism in ("ip4", "ip6") and check_ip(address):
ret.append(address)
return ret def MX(domain, resolve=False, nameserver=None):
"""
Return a list of lists for the MX of ``domain``. If the ``resolve`` argument is True, resolve IPs for the servers. It's limited to one IP, because although in practice it's very rarely a
round robin, it is an acceptable configuration and pulling just one IP lets
the data be similar to the non-resolved version. If you think an MX has
multiple IPs, don't use the resolver here, resolve them in a separate step. CLI Example: .. code-block:: bash salt ns1 dig.MX google.com
"""
dig = ["dig", "+short", str(domain), "MX"] if nameserver is not None:
dig.append("@{}".format(nameserver)) cmd = __salt__["cmd.run_all"](dig, python_shell=False)
# In this case, 0 is not the same as False
if cmd["retcode"] != 0:
log.warning(
"dig returned exit code '%s'. Returning empty list as fallback.",
cmd["retcode"],
)
return [] stdout = [x.split() for x in cmd["stdout"].split("\n")] if resolve:
return [(lambda x: [x[0], A(x[1], nameserver)[0]])(x) for x in stdout] return stdout def TXT(host, nameserver=None):
"""
Return the TXT record for ``host``. Always returns a list. CLI Example: .. code-block:: bash salt ns1 dig.TXT google.com
"""
dig = ["dig", "+short", str(host), "TXT"] if nameserver is not None:
dig.append("@{}".format(nameserver)) cmd = __salt__["cmd.run_all"](dig, python_shell=False) if cmd["retcode"] != 0:
log.warning(
"dig returned exit code '%s'. Returning empty list as fallback.",
cmd["retcode"],
)
return [] return [i for i in cmd["stdout"].split("\n")] # Let lowercase work, since that is the convention for Salt functions
a = A
aaaa = AAAA
ns = NS
spf = SPF
mx = MX
[root@mcw01 ~]#
还有些其它的省略,回头补充
用户添加
cat salt/users/vax.sls
vayu:
user.present:
- fullname: vax
- shell: /bin/bash
- home: /home/vax
- uid: 3006 ssh_auth.present:
- user: vax
- comment: vax
- names:
- ssh-rsa AAAAxxxxx
#cat pillar/users/portal.sls
users:
zhucxi:
fullname: zhuxxi
shell: /bin/bash
home: /home/zhuxxqi
uid: 2030
disable_password: True
groups:
- axxxxgroup
ssh_keys:
- ssh-rsa AAxxxmebw==
# cat salt/users/work.sls
work:
user.present:
- fullname: work
- shell: /bin/bash
- home: /home/work
- uid: 3000
{%- if grains['saltversioninfo'][0] >= 3001 %}
- usergroup: True
{%- else %}
- gid_from_name: True
{%- endif %}
ssh_auth.present:
- user: work
- comment: work
- names:
- ssh-rsa Ax7Pju7Wf5
- ssh-rsa
saltstack实践案例的更多相关文章
- 《SaltStack技术入门与实践》—— 实践案例 <中小型Web架构>3 Memcached配置管理
实践案例 <中小型Web架构>3 Memcached配置管理 本章节参考<SaltStack技术入门与实践>,感谢该书作者: 刘继伟.沈灿.赵舜东 Memcached介绍 Me ...
- DDD实践案例:引入事件驱动与中间件机制来实现后台管理功能
DDD实践案例:引入事件驱动与中间件机制来实现后台管理功能 一.引言 在当前的电子商务平台中,用户下完订单之后,然后店家会在后台看到客户下的订单,然后店家可以对客户的订单进行发货操作.此时客户会在自己 ...
- 1、自动化运维之SaltStack实践
自动化运维之SaltStack实践 1.1.环境 linux-node1(master服务端) 192.168.0.15 linux-node2(minion客户端) 192.168.0.16 1.2 ...
- saltstack自动化运维系列⑧SaltStack实践配置管理安装nginx-1.10.3
saltstack自动化运维系列⑧SaltStack实践配置管理安装nginx-1.10.3 安装nginx-1.10.3.tar.gz # mkdir -p /srv/salt/prod/pkg / ...
- saltstack自动化运维系列⑦SaltStack实践配置管理安装zabbix
saltstack自动化运维系列⑥SaltStack实践配置管理安装zabbix 1.添加管理zabbix的sls文件# vim /srv/salt/base/init/zabbix_agent.sl ...
- saltstack自动化运维系列⑥SaltStack实践安装配置HAproxy的Keepalived
saltstack自动化运维系列⑥SaltStack实践安装配置HAproxy的Keepalived 安装配置Keepalived 1.编写功能模块 #创建keepalived目录# mkdir -p ...
- saltstack自动化运维系列⑥SaltStack实践安装配置HAproxy
saltstack自动化运维系列⑥SaltStack实践安装配置HAproxy 下载haproxy1.6.2.tar.gz下载地址:http://www.haproxy.org/download/1. ...
- SaltStack生产案例-服务部署(redis,mysql,apache+php,haproxy+keepalived)
顺序代码资料链接 课上资料.zip 接上篇:SaltStack生产案例-系统初始化 1,redis 主从 2,mysql 主从 2.1 mysql-install.sls (安装 初始化) 2.2 ...
- 微服务实战(四):服务发现的可行方案以及实践案例 - DockOne.io
原文:微服务实战(四):服务发现的可行方案以及实践案例 - DockOne.io 这是关于使用微服务架构创建应用系列的第四篇文章.第一篇介绍了微服务架构的模式,讨论了使用微服务架构的优缺点.第二和第三 ...
- 自动化运维之SaltStack实践
自动化运维之SaltStack实践 1.1.环境 linux-node1(master服务端) 192.168.0.15 linux-node2(minion客户端) 192.168.0.16 1.2 ...
随机推荐
- OpenHarmony 4.0 Beta1发布,邀您体验
初夏之际,OpenAtom OpenHarmony(简称"OpenHarmony") 4.0 Beta1版本如期而至.4.0 Beta1版本在3.2 Release版本基础上, ...
- Git 分支管理:优化版本控制与应急处理的关键策略
使用 Git 分支:轻松管理不同版本和应对紧急情况的最佳实践 使用 Git 分支 在 Git 中,分支是主仓库的新/独立版本. 假设你有一个大型项目,需要对其进行设计更新. 没有使用 Git 时: 复 ...
- MySQL 8.0字符集校正
MySQL升级为8.0版本时,之前版本的字符集往往是不同的,需要校正. 执行下面的三个SQL语句的查询结果,可以从库.表.列三个层面对字符集进行校正. 库 select concat('alter d ...
- FreeMarker 去除循环末尾的符号
在使用 FreeMarker 模板引擎来生成文件时,经常会使用到 list 标签用于循环生成. 有时会遇到需要处理末尾符号的情况,比如 Json 文件,循环生成的标签中末尾是不需要 , 的,例如: & ...
- 开始学习web-sql注入
web内容多且杂,不知道怎么下手开始学,那就先从sql注入开始学吧 目前只在b站上找了一些课程,还有ctfwiki作为参考 链接贴在下面: ctfwiki https://www.bilibili.c ...
- 高可用之战:Redis Sentinal(哨兵模式)
★ Redis24篇集合 1 背景 在我们的<Redis高可用之战:主从架构>篇章中,介绍了Redis的主从架构模式,可以有效的提升Redis服务的可用性,减少甚至避免Redis服务发生完 ...
- HDC2021技术分论坛:HarmonyOS内核技术大揭秘!
作者:jikecheng,miaoxie,HarmonyOS内核技术专家 HarmonyOS整体框架分为四个层级,如图1所示.从上到下,依次为:第一层是应用层,主要涵盖系统应用.Launcher.设置 ...
- Mysql之刷盘机制
一.刷盘机制总览 刷盘过程 mysql刷脏数据在写redo之后,逻辑跟oracle一致. checkpoint/commit -> 内存中的redo到redolog文件 -> 内存中的脏数 ...
- Hive 查看表/分区更新时间
1.查看分区 hive> show partitions table_name; 2.查看分区更新时间 获取hdfs路径 hive> desc formatted table_name; ...
- Avalonia 中的样式和控件主题
在 Avalonia 中,样式是定义控件外观的一种方式,而控件主题则是一组样式和资源,用于定义应用程序的整体外观和感觉.本文将深入探讨这些概念,并提供示例代码以帮助您更好地理解它们. 样式是什么? 样 ...