diff --git a/manifest/yaml/haproxy.cfg b/manifest/yaml/haproxy.cfg new file mode 100644 index 0000000..e05c91a --- /dev/null +++ b/manifest/yaml/haproxy.cfg @@ -0,0 +1,28 @@ +global + log 127.0.0.1 local2 + maxconn 2000 + uid 0 + gid 0 + daemon # background process + +defaults + log global # global 설정 사용 + mode tcp # SSL 통신을 위해서는 TCP모드로 (http모드는 SSL 안됨) + option tcplog + option dontlognull # 데이터가 전송되지 않은 연결 로깅 제외 + retries 3 # 연결요청 재시도 횟수 + maxconn 2000 #option redispatch + timeout connect 10s + timeout client 1m + timeout server 1m + +frontend k8s-api + bind 0.0.0.0:6443 + default_backend k8s-api + +backend k8s-api + option tcp-check + balance roundrobin + server MASTER1NAME MASTER1IP check # Master 다중화 서버들 정보 기재 + server MASTER2NAME MASTER2IP check + server MASTER3NAME MASTER3IP check diff --git a/manifest/yaml/keepalived.conf b/manifest/yaml/keepalived.conf new file mode 100644 index 0000000..da1e79f --- /dev/null +++ b/manifest/yaml/keepalived.conf @@ -0,0 +1,47 @@ +global_defs { + script_user root root + enable_script_security off +} + +vrrp_script chk_haproxy { + script "/usr/sbin/pidof haproxy" + interval 2 + weight 2 +} + +vrrp_instance VI_1 { + state MASTER # MASTER는 메인 LB, 백업 LB는 BACKUP 으로 설정 + interface enp0s8 # 사용할 interface + virtual_router_id 51 + priority 100 # MASTER의 우선순위가 적어도 1이상 높아야 함 + advert_int 1 + nopreempt + authentication { # 인증에 사용될 password(동일하게 맞춰주기만 하면 됨) + auth_type PASS + auth_pass 1111 + } + + unicast_src_ip LB1 # LB 서버 local ip + + unicast_peer { + LB2 # 다른 LB 서버 local ip + } + + virtual_ipaddress { + VIP # 클러스터 구성에 사용될 VIP! + } + + notify_master "/bin/sh /etc/keepalived/notify_action.sh MASTER" + notify_backup "/bin/sh /etc/keepalived/notify_action.sh BACKUP" + notify_fault "/bin/sh /etc/keepalived/notify_action.sh FAULT" + notify_stop "/bin/sh /etc/keepalived/notify_action.sh STOP" + + track_script { + chk_haproxy + } + + track_interface { + enp0s8 # 사용할 interface + } + +} diff --git a/manifest/yaml/lb_set_script.sh b/manifest/yaml/lb_set_script.sh new file mode 100644 index 0000000..c8a61f5 --- /dev/null +++ b/manifest/yaml/lb_set_script.sh @@ -0,0 +1,43 @@ +#!/bin/bash + +pkg_check=`which rpm >& /dev/null; echo $?` + +rpm_pkg_list=("keepalived" "haproxy") +#rpm_need_install="yum install -y" +#dpkg_need_install=`apt-get install` + +for pkgname in ${rpm_pkg_list[@]}; +do + #pkg_check_cmd=`rpm -qa | grep "${list_num}" >& /dev/null; echo $?` + #if [ ${pkg_check_cmd} -eq 0 ]; + #then + rpm_need_install="yum install -y ${pkgname}" + ${rpm_need_install} 2>&1 > /dev/null + #else + # echo "${pkgname} is already installed!!" + #fi +done + +SCRIPTPATH=$(dirname `which $0`) + +THISPATH=`echo $SCRIPTPATH` + +cp ${THISPATH}/notify_action.sh /etc/keepalived/notify_action.sh +mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf_back +cp -f ${THISPATH}/keepalived.conf /etc/keepalived/keepalived.conf + +sed -i 's/LB1/'"$LB1"'/' /etc/keepalived/keepalived.conf +sed -i 's/LB2/'"$LB2"'/' /etc/keepalived/keepalived.conf + +sed -i 's/VIP/'"$VIP"'/' /etc/keepalived/keepalived.conf + +mv /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg_back +cp -f ${THISPATH}/haproxy.cfg /etc/haproxy/haproxy.cfg + +sed -i 's/MASTER1NAME/'"$MASTER1NAME"'/' /etc/haproxy/haproxy.cfg +sed -i 's/MASTER2NAME/'"$MASTER2NAME"'/' /etc/haproxy/haproxy.cfg +sed -i 's/MASTER3NAME/'"$MASTER3NAME"'/' /etc/haproxy/haproxy.cfg + +sed -i 's/MASTER1IP/'"$MASTER1IP"'/' /etc/haproxy/haproxy.cfg +sed -i 's/MASTER2IP/'"$MASTER2IP"'/' /etc/haproxy/haproxy.cfg +sed -i 's/MASTER3IP/'"$MASTER3IP"'/' /etc/haproxy/haproxy.cfg diff --git a/manifest/yaml/notify_action.sh b/manifest/yaml/notify_action.sh new file mode 100644 index 0000000..a6a4c3e --- /dev/null +++ b/manifest/yaml/notify_action.sh @@ -0,0 +1,35 @@ +#!/bin/bash +#/etc/keepalived/notify_action.sh +log_file=/var/log/keepalived.log +log_write() +{ + echo "[`date '+%Y-%m-%d %T'`] $1" >> $log_file +} + +[ ! -d /var/keepalived/ ] && mkdir -p /var/keepalived/ + +case "$1" in + "MASTER" ) + echo -n "$1" > /var/keepalived/state + log_write " notify_master" + echo -n "0" > /var/keepalived/vip_check_failed_count + ;; + + "BACKUP" ) + echo -n "$1" > /var/keepalived/state + log_write " notify_backup" + ;; + + "FAULT" ) + echo -n "$1" > /var/keepalived/state + log_write " notify_fault" + ;; + + "STOP" ) + echo -n "$1" > /var/keepalived/state + log_write " notify_stop" + ;; + *) + log_write "notify_action.sh: STATE ERROR!!!" + ;; +esac diff --git a/manifest/yaml/remote_lb_set_script.sh b/manifest/yaml/remote_lb_set_script.sh new file mode 100644 index 0000000..2802fdb --- /dev/null +++ b/manifest/yaml/remote_lb_set_script.sh @@ -0,0 +1,34 @@ +#!/bin/sh + +exp=$HOME/archive/keepalived_script/ssh_login.exp +expcopy=$HOME/archive/keepalived_script/scp_copy.exp +exprestart=$HOME/archive/keepalived_script/restart_pkg.exp +account=${RUSER} #root #${1} +password=${RUSERPWD} #1234 #${2} +#ipaddr="192.168.56.250 192.168.56.130" #${3} +ipaddr="${LB1} ${LB2}" +#masteripaddr="${MASTER1} ${MASTER2} ${MASTER3}" + +pkglist=("keepalived" "haproxy") + +for svr in $ipaddr +do + case "${svr}" in + *) + for pkgname in ${pkglist[@]}; + do + $exp $account $password ${svr} ${pkgname}; + + if [ "${pkgname}" == "keepalived" ]; then + $expcopy $account $password ${svr} ${pkgname} ${pkgname}.conf ${MASTER1NAME} ${MASTER2NAME} ${MASTER3NAME} ${MASTER1IP} ${MASTER2IP} ${MASTER3IP} ${LB1} ${LB2} ${VIP} + elif [ "${pkgname}" == "haproxy" ]; then + $expcopy $account $password ${svr} ${pkgname} ${pkgname}.cfg ${MASTER1NAME} ${MASTER2NAME} ${MASTER3NAME} ${MASTER1IP} ${MASTER2IP} ${MASTER3IP} ${LB1} ${LB2} ${VIP} + fi + + $exprestart $account $password ${svr} ${pkgname}; + done + ;; + esac + sleep 0.5 + +done diff --git a/manifest/yaml/restart_pkg.exp b/manifest/yaml/restart_pkg.exp new file mode 100644 index 0000000..c1d58ac --- /dev/null +++ b/manifest/yaml/restart_pkg.exp @@ -0,0 +1,39 @@ +#!/usr/bin/expect + +set username [lindex $argv 0] +set password [lindex $argv 1] +set hostname [lindex $argv 2] +set pkgname [lindex $argv 3] +set timeout 5 + +if {[llength $argv] == 0} { + send_user "Usage: scriptname username \'password\' hostname \n" + exit 1 +} +send_user "\n\n#######################\n Try to connect server \n#######################\n\n" + +spawn ssh -o StrictHostKeyChecking=no $username@$hostname +expect { + "password:" { send "$password\r"; exp_continue } + "Last login:" { send_user "\n\n#######################\n SSH is success \n Pkg checking \n#######################\n\n"; exp_continue } +} +#expect -re "Last login:" +#send_user "\n\n#######################\n SSH is success \n Pkg checking \n#######################\n\n" + +send "sudo systemctl enable ${pkgname}\r\n" +expect { + "password:" { send "$password\r"; exp_continue } + "Created symlink from" { send "sudo systemctl daemon-reload\r\n"; exp_continue } +} + +send "sudo systemctl restart ${pkgname}\r\n" + +send "sudo systemctl status ${pkgname}\r\n" +expect { + "Active: active (running)" { send_user "\n\n#######################\n Pkg Start Normal \n#######################\n\n"; exp_continue } +} + +send_user "\n\n#######################\n Done \n#######################\n\n" + +send "exit \r" +expect eof diff --git a/manifest/yaml/scp_copy.exp b/manifest/yaml/scp_copy.exp new file mode 100644 index 0000000..da9d987 --- /dev/null +++ b/manifest/yaml/scp_copy.exp @@ -0,0 +1,48 @@ +#!/usr/bin/expect + +set username [lindex $argv 0] +set password [lindex $argv 1] +set hostname [lindex $argv 2] +set pkgname [lindex $argv 3] +set configfile [lindex $argv 4] +set master1name [lindex $argv 5] +set master2name [lindex $argv 6] +set master3name [lindex $argv 7] +set master1ip [lindex $argv 8] +set master2ip [lindex $argv 9] +set master3ip [lindex $argv 10] +set lb1 [lindex $argv 11] +set lb2 [lindex $argv 12] +set vip [lindex $argv 13] +#set pkgname {echo $configfile | awk -F'.' '{print $1, $2}'} + +if {[llength $argv] == 0} { + send_user "Usage: scriptname username \'password\' hostname \n" + exit 1 +} +send_user "\n\n#######################\n Trying to transfer files \n#######################\n\n" + +set timeout 5; +#split($configfile, arr, "."); +#if {$pkgname[0] == "keepalived"} { +# spawn scp $configfile $username@$hostname:/home/etc/$pkgname[0]/$configfile +#} elseif {$pkgname[0] == "haproxy"} { +# spawn scp $configfile $username@$hostname:/home/etc/$pkgname[0]/$configfile +#} + +if {$pkgname == "keepalived"} { + spawn scp notify_action.sh $username@$hostname:/etc/$pkgname/ + expect { + "password:" { send "$password\r"; exp_continue }; + } +} + +spawn scp $configfile $username@$hostname:/home/etc/$pkgname/$configfile +#spawn scp $configfile $username@$hostname:/home/ +expect { + "password:" { send "$password\r"; exp_continue }; + "*100\%" { send_user "\n\n#######################\n Copy success \n#######################\n\n"; exp_continue } +} + +send + diff --git a/manifest/yaml/ssh_login.exp b/manifest/yaml/ssh_login.exp new file mode 100644 index 0000000..d342568 --- /dev/null +++ b/manifest/yaml/ssh_login.exp @@ -0,0 +1,39 @@ +#!/usr/bin/expect + +set username [lindex $argv 0] +set password [lindex $argv 1] +set hostname [lindex $argv 2] +set pkgname [lindex $argv 3] +set timeout 5 + + +if {[llength $argv] == 0} { + send_user "Usage: scriptname username \'password\' hostname \n" + exit 1 +} +send_user "\n\n#######################\n Try to connect server \n#######################\n\n" + +spawn ssh -o StrictHostKeyChecking=no $username@$hostname +expect { + "password:" { send "$password\r"; exp_continue } + "Last login:" { send_user "\n\n#######################\n SSH is success \n Pkg checking \n#######################\n\n"; exp_continue } +} +#expect -re "Last login:" +#send_user "\n\n#######################\n SSH is success \n Pkg checking \n#######################\n\n" + +send "rpm -q ${pkgname}\r\n" +expect { + "package ${pkgname} is not installed" { set timeout 20; send "yum install -y ${pkgname}\r\n"; expect { "Complete!"; exp_continue } } +} + +set timeout 5; +if {$pkgname == "keepalived"} { + send "cp -y /etc/$pkgname/$pkgname.conf /etc/$pkgname/$pkgname.conf_back\r\n" +} elseif {$pkgname == "haproxy"} { + send "cp -y /etc/$pkgname/$pkgname.cfg /etc/$pkgname/$pkgname.cfg_back\r\n" +} + +send_user "\n\n#######################\n Done \n#######################\n\n" + +send "exit \r" +expect eof