HaProxy+Keepalived+Mycat高可用集群配置
部署圖:
集群部署圖理解:
1、keepalived和haproxy必須裝在同一台機器上(如192.168.46.161機器上,keepalived和haproxy都要安裝),keepalived負責為該服務器搶占vip(虛擬ip),搶占到vip后,對該主機的訪問可以通過原來的ip(192.168.46.161)訪問,也可以直接通過vip(192.168.46.180)訪問。
2、192.168.46.162上的keepalived也會去搶占vip,搶占vip時有優先級,配置keepalived.conf中的(priority 150 #數值愈大,優先級越高,192.168.46.162上改為120,master和slave上該值配置不同)決定。但是一般哪台主機上的keepalived服務先啟動就會搶占到vip,即使是slave,只要先啟動也能搶到。
3、haproxy負責將對vip的請求分發到mycat上。起到負載均衡的作用,同時haproxy也能檢測到mycat是否存活,haproxy只會將請求轉發到存活的mycat上。
4、如果一台服務器(keepalived+haproxy服務器)宕機,另外一台上的keepalived會立刻搶占vip並接管服務。如果一台mycat服務器宕機,haporxy轉發時不會轉發到宕機的mycat上,所以mycat依然可用。
1、Haproxy的安裝
1.1、配置haprxoy
(下載地址: http://www.haproxy.org/#down)
useradd haproxy
cd haproxy-1.4.27/
make TARGET=linux26 PREFIX=/usr/local/haproxy ARCH=x86_64
make install PREFIX=/usr/local/haproxy
cd /usr/local/haproxy
vi haproxy.cfg
增加如下內容:
global
log 127.0.0.1 local0
maxconn 4096
chroot /usr/local/haproxy
user haproxy
group haproxy
daemon
defaults
log global
option dontlognull
retries 3
option redispatch
maxconn 2000
contimeout 5000
clitimeout 50000
srvtimeout 50000
listen admin_stats 192.168.46.180:48800
stats uri /admin-status
stats auth admin:admin
mode http
option httplog
listen mycat_service 192.168.46.180:18066
mode tcp
option tcplog
option httpchk OPTIONS * HTTP/1.1\r\nHost:\ www
balance roundrobin
server mycat_161 192.168.46.161:8066 check port 48700 inter 5s rise 2 fall 3
server mycat_162 192.168.46.162:8066 check port 48700 inter 5s rise 2 fall 3
srvtimeout 20000
listen mycat_admin 192.168.46.180:19066
mode tcp
option tcplog
option httpchk OPTIONS * HTTP/1.1\r\nHost:\ www
balance roundrobin
server mycat_161 192.168.46.161:9066 check port 48700 inter 5s rise 2 fall 3
server mycat_162 192.168.46.162:9066 check port 48700 inter 5s rise 2 fall 3
srvtimeout 20000
1.2、配置haproxy記錄日志功能
yum install rsyslog -y
cd /etc/rsyslog.d/
vi haproxy.conf
增加內容:
$ModLoad imudp
$UDPServerRun 514
local0.* /var/log/haproxy.log
vi /etc/rsyslog.conf
在#### RULES ####上面一行加入以下內容
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
在local7.* /var/log/boot.log下面加入以下內容
local0.* /var/log/haproxy.log
重啟rsyslog服務並將rsyslog加入自動啟動服務
service rsyslog restart
chkconfig --add rsyslog
chkconfig --level 2345 rsyslog on
1.3 配置監聽mycat是否存活(在Mycat server1 Mycat server2上都需要添加檢測端口48700的腳本,為此需要用到xinetd,xinetd為linux系統的基礎服務)
yum install xinetd -y
cd /etc/xinetd.d
vi mycat_status
增加內容:
service mycat_status
{
flags = REUSE
socket_type = stream
port = 48700
wait = no
user = nobody
server = /usr/local/bin/mycat_status
log_on_failure += USERID
disable = no
}
vi /usr/local/bin/mycat_status (創建xinetd啟動服務腳本)
增加內容:
#!/bin/bash
#/usr/local/bin/mycat_status.sh
# This script checks if a mycat server is healthy running on localhost. It will
# return:
#
# "HTTP/1.x 200 OK\r" (if mycat is running smoothly)
#
# "HTTP/1.x 503 Internal Server Error\r" (else)
mycat=`/usr/local/mycat/bin/mycat status |grep 'not running'| wc -l`
if [ "$mycat" = "0" ];
then
/bin/echo -e "HTTP/1.1 200 OK\r\n"
else
/bin/echo -e "HTTP/1.1 503 Service Unavailable\r\n"
fi
修改腳本文件權限
chmod 777 /usr/local/bin/mycat_status
chmod 777 /etc/xinetd.d/mycat_status
將啟動腳本加入服務
vi /etc/services
末尾增加:
mycat_status 48700/tcp # mycat_status
重啟xinetd服務並將xinetd加入自啟動服務
service xinetd restart
chkconfig --add xinetd
chkconfig --level 2345 xinetd on
驗證mycat_status服務是否啟動成功
netstat -antup|grep 48700
1.4、創建haproxy啟停腳本
1.4.1、啟動腳本
vi /usr/local/haproxy/sbin/start
增加內容:
#!/bin/sh
/usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/haproxy.cfg &
增加權限:
chmod +x /usr/local/haproxy/sbin/start
1.4.2、關閉腳本
vi /usr/local/haproxy/sbin/stop
增加內容:
#!/bin/sh
ps -ef | grep sbin/haproxy | grep -v grep |awk '{print $2}'|xargs kill -s 9
增加權限:
chmod +x /usr/local/haproxy/sbin/stop
1.4.3、授權
chown -R haproxy.haproxy /usr/local/haproxy/*
1.5、啟動haproxy
啟動haproxy前必須先啟動keepalived,否則啟動不了。
啟動命令:
/usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/haproxy.cfg
啟動haproxy異常情況
如果報以下錯誤:
[root@localhost bin]# /usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/haproxy.cfg
[ALERT] 183/115915 (12890) :Starting proxy admin_status: cannot bind socket
[ALERT] 183/115915 (12890) :Starting proxy allmycat_service: cannot bind socket
[ALERT] 183/115915 (12890) :Starting proxy allmycat_admin: cannot bind socket
原因為:該機器沒有搶占到vip,如果另一台服務啟動正常,這個錯誤可以忽略不管,如果另一台也一樣,使用ping vip命令看看vip是否生效,如果沒有生效,說明keepalived沒有啟動成功,回去檢查keepalived的異常再說。啟動后可以通過http://192.168.46.180:48800/admin-status (用戶名密碼都是admin,haproxy.cfg中配置的)
2、Keepalived安裝
2.1 openssl安裝
(下載地址:https://www.openssl.org/source/)
openssl必須安裝,否則安裝keepalived時無法編譯,keepalived依賴openssl
tar -zxvf openssl-1.0.2l.tar.gz
cd openssl-1.0.2l
./config --prefix=/usr/local/openssl
./config -t
make depend
make
make test
make install
ln -s /usr/local/openssl /usr/local/ssl
vi /etc/ld.so.conf
在文件末尾加入以下內容
/usr/local/openssl/lib
修改環境變量
vi /etc/profile
在文件末尾加入以下內容
export OPENSSL=/usr/local/openssl/bin
export PATH=$PATH:$OPENSSL
source /etc/profile
安裝openssl-devel
yum install openssl-devel -y
測試
ldd /usr/local/openssl/bin/openssl
linux-vdso.so.1 => (0x00007fff996b9000)
libdl.so.2 =>/lib64/libdl.so.2 (0x00000030efc00000)
libc.so.6 =>/lib64/libc.so.6 (0x00000030f0000000)
/lib64/ld-linux-x86-64.so.2 (0x00000030ef800000)
which openssl
/usr/bin/openssl
openssl version
OpenSSL 1.0.0-fips 29 Mar 2010
2.2 keepalived安裝
在192.168.46.161,192.168.46.162兩台機器進行keepalived安裝
tar zxvf keepalived-1.2.13.tar.gz
cd keepalived-1.2.13
./configure --prefix=/usr/local/keepalived
make
make install
cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
mkdir /etc/keepalived
cd /etc/keepalived/
cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived
mkdir -p /usr/local/keepalived/var/log
keepalived配置
建檢查haproxy是否存活的腳本
mkdir /etc/keepalived/scripts
cd /etc/keepalived/scripts
vi /etc/keepalived/keepalived.conf
Master的配置:
! Configuration File for keepalived
vrrp_script chk_http_port {
script"/etc/keepalived/scripts/check_haproxy.sh"
interval 2
weight 2
}
vrrp_instance VI_1 {
state MASTER
interface eth1
virtual_router_id 51
priority 150
advert_int 1
authentication
auth_type PASS
auth_pass 1111
}
track_script {
chk_http_port
}
virtual_ipaddress {
192.168.46.180 dev eth1 scope global
}
notify_master /etc/keepalived/scripts/haproxy_master.sh
notify_backup /etc/keepalived/scripts/haproxy_backup.sh
notify_fault /etc/keepalived/scripts/haproxy_fault.sh
notify_stop /etc/keepalived/scripts/haproxy_stop.sh
}
Slave的配置:
! Configuration File for keepalived
vrrp_script chk_http_port {
script"/etc/keepalived/scripts/check_haproxy.sh"
interval 2
weight 2
}
vrrp_instance VI_1 {
state BACKUP
interface eth1
virtual_router_id 51
priority 150
advert_int 1
authentication
auth_type PASS
auth_pass 1111
}
track_script {
chk_http_port
}
virtual_ipaddress {
192.168.46.180 dev eth1 scope global
}
notify_master /etc/keepalived/scripts/haproxy_master.sh
notify_backup /etc/keepalived/scripts/haproxy_backup.sh
notify_fault /etc/keepalived/scripts/haproxy_fault.sh
notify_stop /etc/keepalived/scripts/haproxy_stop.sh
}
1. virtual_router_id 51 這個代表一個集群組,如果同一個網段還有另一組集群,請使用不同的組編號區分。如換成52、53等。
2. interface eth1 和172.17.210.103 dev eth1 scope global中的eth1指的是網卡,如果是多網卡,可能會有
eth0,eth1,eth2…,可以使用ifconfig命令查看,確保eth0是本機存在的網卡地址。有些服務器如果只有一個網卡,但被人為把eth0改成eth1了,你再寫eth0就找不到了的。
vi /etc/keepalived/scripts/check_haproxy.sh
#!/bin/bash
STARTHAPROXY="/usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/haproxy.cfg"
STOPKEEPALIVED="/etc/init.d/keepalived stop"
LOGFILE="/usr/local/keepalived/var/log/keepalived-haproxy-state.log"
echo "[check_haproxy status]" >> $LOGFILE
A=`ps -C haproxy --no-header |wc -l`
echo "[check_haproxy status]" >> $LOGFILE
date >> $LOGFILE
if [ $A -eq 0 ];then
echo $STARTHAPROXY >> $LOGFILE
$STARTHAPROXY >> $LOGFILE 2>&1
sleep 5
fi
if [ `ps -C haproxy --no-header |wc -l` -eq 0 ];then
exit 0
else
exit 1
fi
vi /etc/keepalived/scripts/haproxy_master.sh
#!/bin/bash
STARTHAPROXY=`/usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/haproxy.cfg`
STOPHAPROXY=`ps -ef | grep sbin/haproxy | grep -v grep | awk '{print $2}'| xargs kill -s 9`
LOGFILE="/usr/local/keepalived/var/log/keepalived-haproxy-state.log"
echo "[master]" >> $LOGFILE
date >> $LOGFILE
echo "Being master...." >> $LOGFILE 2>&1
echo "stop haproxy...." >> $LOGFILE 2>&1
$STOPHAPROXY >> $LOGFILE 2>&1
echo "start haproxy...." >> $LOGFILE 2>&1
$STARTHAPROXY >> $LOGFILE 2>&1
echo "haproxy stared ..." >> $LOGFILE
vi /etc/keepalived/scripts/haproxy_backup.sh
#!/bin/bash
STARTHAPROXY=`/usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/haproxy.cfg`
STOPHAPROXY=`ps -ef | grep sbin/haproxy | grep -v grep | awk '{print $2}'| xargs kill -s 9`
LOGFILE="/usr/local/keepalived/var/log/keepalived-haproxy-state.log"
echo "[backup]" >> $LOGFILE
date >> $LOGFILE
echo "Being backup...." >> $LOGFILE 2>&1
echo "stop haproxy...." >> $LOGFILE 2>&1
$STOPHAPROXY >> $LOGFILE 2>&1
echo "start haproxy...." >> $LOGFILE 2>&1
$STARTHAPROXY >> $LOGFILE 2>&1
echo "haproxy stared ..." >> $LOGFILE
vi /etc/keepalived/scripts/haproxy_fault.sh
#!/bin/bash
LOGFILE=/usr/local/keepalived/var/log/keepalived-haproxy-state.log
echo "[fault]" >> $LOGFILE
date >> $LOGFILE
vi /etc/keepalived/scripts/haproxy_stop.sh
#!/bin/bash
LOGFILE=/usr/local/keepalived/var/log/keepalived-haproxy-state.log
echo "[stop]" >> $LOGFILE
date >> $LOGFILE
賦予腳本可執行權限
chmod 777 /etc/keepalived/scripts/*
將keepalived加入自啟動服務並啟動
chkconfig --add keepalived
chkconfig --level 2345 keepalived on
service keepalived start
3、搭建完成
表明搭建完成!