keepalive haproxy双主互备高可用
keepalived配置详解
配置文件位置/etc/keepalived/keepalived.conf
里面主要包括以下几个配置区域,分别是:
- global_defs
- static_routes
- vrrp_script
- vrrp_instance
- virtual_server
vrrp_script
用来做健康检查的,当时检查失败时会将vrrp_instance的priority减少相应的值
! Configuration File for keepalived
global_defs {
router_id LVS_Z1
}
vrrp_script chk_http_nginx {
script "/etc/keepalived/check_nginx_status.sh" #一句指令或者一个脚本文件,需返回0(成功)或非0(失败),keepalived以此为依据判断其监控的服务状态。
interval 1 #健康检查周期
#weight -10 #优先级变化幅度,如果script中的指令执行失败,那么相应的vrrp_instance的优先级会减少10个点。
}
vrrp_instance Z1 {
state MASTER
nopreempt # nopreempt 允许一个priority比较低的节点作为master,即使有priority更高的节点启动
interface eth0 # interface 节点固有IP(非VIP)的网卡,用来发VRRP包
virtual_router_id 144 # virtual_router_id 取值在0-255之间,用来区分多个instance的VRRP组播, 同一网段中virtual_router_id的值不能重复,否则会出错
priority 200
advert_int 1 # advert_int 发VRRP包的时间间隔,即多久进行一次master选举(可以认为是健康查检时间间隔)
authentication { # authentication 认证区域,认证类型有PASS和HA(IPSEC),推荐使用PASS(密码只识别前8位)
auth_type PASS
auth_pass 9999
}
virtual_ipaddress { # 设置vip
192.168.0.121/22
}
track_script {
chk_http_nginx
}
}两台配置唯一不同的就是router_id、state以及priority。
router_id LVS_Z1 router_id 标识本节点的字符串,通常为hostname,但不一定非得是hostname。故障发生时,邮件通知会用到。
state MASTER state MASTER或BACKUP,当其他节点keepalived启动时会将priority比较大的节点选举为MASTER,因此该项其实没有实质用途。
priority 100 priority用来选举master的,根据服务是否可用,以weight的幅度来调整节点的priority, 从而选取priority高的为master,该项取值范围是1-255(在此范围之外会被识别成默认值100)
check_nginx_status.sh
#!/bin/bash
/usr/bin/curl http://localhost &>/dev/null
if [ $? -ne 0 ]
then
systemctl stop keepalived
systemctl stop zabbix-server
fi避免互相抢占问题
问题:keepalived 一个作为 master,另一个做为backup 。当 master 挂了后,backup 接管。但存在一个问题,当 master 恢复了后,master 又会接管会来,这个频繁切换对于业务来说是不好的,再快的切换也会有影响。
解决方案:两个配置都使用backup,然后权重高的使用nopreempt,也就是不抢占的意思,这样子,就不会有两次切换的操作了
LVS_Z1 state MASTER
LVS_Z2 state BACKUP
LVS_Z1 上停止keepalived模拟故障,发现vip切换到LVS_Z2,当LVS_Z1重新启动后,由于LVS_Z1 state MASTER 及priority 权重高,vip重启漂移到LVS_Z1
LVS_Z1 state BACKUP
LVS_Z2 state BACKUP
LVS_Z1 上停止keepalived模拟故障,发现vip切换到LVS_Z2,当LVS_Z1重新启动后,由于LVS_Z1 state BACKUP,vip并不会漂移到LVS_Z1, LVS_Z1会作为backup。
上面配置使用了keepalived的自动切换功能。
部署keepalived
yum install keepalivedkeepalived配置参考
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
#notification_email_from Alexandre.Cassen@firewall.loc
#smtp_server 192.168.200.1
#smtp_connect_timeout 30
router_id KEEPALIVED_TEST_192.168.1.11 #名称区别
#vrrp_skip_check_adv_addr
#vrrp_strict
#vrrp_garp_interval 0
#vrrp_gna_interval 0
}
vrrp_script chk_haproxy {
script "killall -0 haproxy" #服务探测,返回0说明服务是正常的
interval 3 #每隔1秒探测一次
weight 10 #haproxy上线,权重加10;下线,权重减10
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 110
priority 100 #100-99 m-s 区别处
advert_int 1
authentication {
auth_type PASS
auth_pass abc
}
virtual_ipaddress {
192.168.1.61/22 dev eth0
}
track_interface {
eth0
}
track_script { #脚本追踪
chk_haproxy
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 120
priority 99 #99-100 s-m
advert_int 1
authentication {
auth_type PASS
auth_pass abc
}
virtual_ipaddress {
192.168.1.62/22 dev eth0
}
track_interface {
eth0
}
track_script { #脚本追踪
chk_haproxy
}
}部署haproxy
yum install haproxyhaproxy配置参考
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 520000
user haproxy
group haproxy
# apisix add
tune.bufsize 163840
tune.ssl.default-dh-param 2048
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 65535
listen webservers
bind 0.0.0.0:8000
mode http
stats enable
stats hide-version
stats uri /haproxy?stats
stats refresh 5s
stats realm HAProxy\ Stats
stats auth admin:123
no log
listen apps
bind 0.0.0.0:80
#bind 0.0.0.0:443 ssl crt /etc/ssl/key.crt
#reqadd X-Forwarded-Proto:\ https
option forwardfor
balance roundrobin
option accept-invalid-http-request
mode http
capture request header Host len 50
log-format %[capture.req.hdr(0)]\ %ci:%cp\ [%t]\ %ft\ %b/%s\ %si:%sp\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %H\ %hr\ %hs\ %{+Q}r
server test1 192.168.1.11:9080 maxconn 65535 check inter 1500 rise 3 fall 1 weight 10
server test2 192.168.1.12:9080 maxconn 65535 check inter 1500 rise 3 fall 1 weight 10
haproxy配置日志
haproxy.cfg:
开启haproxy日志记录
log 127.0.0.1 local2
log-format %[capture.req.hdr(0)]\ %ci:%cp\ [%t]\ %ft\ %b/%s\ %si:%sp\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %H\ %hr\ %hs\ %{+Q}r利用rsyslog接收日志
/etc/rsyslog.conf
去掉这两行的注释:
$ModLoad imudp
$UDPServerRun 514
新增这一行:
local2.* /data/log/haproxy.log
mkdir /data/log
重启
systemctl restart rsyslog本博客所有文章除特别声明外,均采用 CC BY-SA 4.0 协议 ,转载请注明出处!