一、架构介绍
1、集群简介
Fence主要在架构的作用为防止二个服务器同时向资源写数据,破坏了资源的安全性和一致性从而导致脑裂的发生。通过Haproxy实现对web服务的负载均衡及健康检查,pacemaker实现haproxy的高可用。
2、Haproxy八种负载均衡算法(balance)
1.balance roundrobin ###轮询,软负载均衡基本都具备这种算法
2.balance static-rr ###根据权重
3.balance leastconn ###最少连接数先处理
4.balance source ###分局请求的IP
5.balance uri ###分局请求的uri
6.balance url_param ###根据请求的URL参数
7.banlance hdr(name) ###根据HTTP请求头来锁定每一次HTTP请求
8.balance rbp-cookie(name) ###根据cookie来锁定hash每一次TCP请求
二、yum源及实验环境
使用高可用yum源
[root@server1 ~]# cd /etc/yum.repos.d/
[root@server1 yum.repos.d]# vim rhel-source.repo
name=Red Hat Enterprise Linux $releasever - $basearch - Source
baseurl=http://172.25.8.250/source6.5
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
[HighAvailability]
name=HighAvailability
baseurl=http://172.25.8.250/source6.5/HighAvailability
gpgcheck=0
[LoadBalancer]
name=LoadBalancer
baseurl=http://172.25.8.250/source6.5/LoadBalancer
gpgcheck=0
[ResilientStorage]
name=ResilientStorage
baseurl=http://172.25.8.250/source6.5/ResilientStorage
gpgcheck=0
[ScalableFileSystem]
name=ScalableFileSystem
baseurl=http://172.25.8.250/source6.5/ScalableFileSystem
gpgcheck=0
2、实验环境:
iptables和selinux off
Hostname IP System Service Function
server1 172.25.8.1 redhat6.5 Haproxy+Pacemaker 实现高可用(Pacemaker)及负载均衡(Haproxy)
server2 172.25.8.2 redhat6.5 Apache 生成访问页面
server3 172.25.8.3 redhat6.5 Apache 生成访问页面
server4 172.25.8.4 redhat6.5 Haproxy+Pacemaker 实现高可用(Pacemaker)及负载均衡(Haproxy)
dream(真机) 172.25.8.250 redhat7.2 Fence 实现对虚拟机进行断电
三、Haproxy安装及配置
[root@server1 ~]# useradd -u 1001 westos
[root@server1 ~]# echo "1"|passwd --stdin westos
[root@server1 ~]# vim /etc/security/limits.conf
westos soft nofile 65535
westos hard nofile 65535
[root@server1 ~]# su - westos
[westos@server1 ~]$ tar xf haproxy-1.5.3.tar.gz
[westos@server1 ~]$ cd haproxy-1.5.3/
[westos@server1 haproxy-1.5.3]$ make TARGET=linux2628 ARCH=x86_64 PREFIX=/home/westos/haproxy
[westos@server1 haproxy-1.5.3]$ make install PREFIX=/home/westos/haproxy
[westos@server1 haproxy-1.5.3]$ cp /home/westos/haproxy-1.5.3/examples/haproxy.cfg /home/westos/haproxy
[westos@server1 haproxy-1.5.3]$ cp -r /home/westos/haproxy-1.5.3/examples/errorfiles/ /home/westos/haproxy
2、参数说明:
ARGET=linux26:内核版本,使用uname -r查看内核,如:2.6.18-371.el5, 此时该参数就为linux26;内核大于2.6.28的用:TARGET=linux2628 ARCH=x86_64:系统位数
[root@foundation60 ~]# uname -r
3.10.0-514.el7.x86_64
[westos@server1 haproxy-1.5.3]$ vim /home/westos/haproxy-1.5.3/README
3、配置haproxy.cfg :
[westos@server1 haproxy-1.5.3]$ vim /home/westos/haproxy/haproxy.cfg
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
#log loghost local0 info
maxconn 4096
#chroot /usr/share/haproxy
###注释掉
uid westos
gid westos
daemon
pidfile /home/westos/haproxy/haproxy.pid
###加入pid
#debug
#quiet
defaults
log global
mode http
option httplog
option dontlognull
retries 3
#redispatch
maxconn 2000
timeout connect 5000
###下面3个地方都要修改,默认的不支持
timeout client 50000
timeout server 50000
listen appli1-rewrite 0.0.0.0:10001
cookie SERVERID rewrite
balance roundrobin
listen appli2-insert 0.0.0.0:10002
option httpchk
balance roundrobin
cookie SERVERID insert indirect nocache
server inst1 192.168.114.56:80 cookie server01 check inter 2000 fall 3
server inst2 192.168.114.56:81 cookie server02 check inter 2000 fall 3
capture cookie vgnvisitor= len 32
option httpclose # disable keep-alive
rspidel ^Set-cookie:\ IP= # do not let this cookie tell our internal IP address
listen appli3-relais 0.0.0.0:10003
dispatch 192.168.135.17:80
listen appli4-backup 0.0.0.0:10004
option httpchk /index.html
option persist
balance roundrobin
server inst1 192.168.114.56:80 check inter 2000 fall 3
server inst2 192.168.114.56:81 check inter 2000 fall 3 backup
listen ssl-relay 0.0.0.0:8443
option ssl-hello-chk
balance source
server inst1 192.168.110.56:443 check inter 2000 fall 3
server inst2 192.168.110.57:443 check inter 2000 fall 3
server back1 192.168.120.58:443 backup
listen appli5-backup 0.0.0.0:10005
option httpchk *
balance roundrobin
cookie SERVERID insert indirect nocache
server inst1 192.168.114.56:80 cookie server01 check inter 2000 fall 3
server inst2 192.168.114.56:81 cookie server02 check inter 2000 fall 3
server inst3 192.168.114.57:80 backup check inter 2000 fall 3
capture cookie ASPSESSION len 32
timeout server 20000 ###修改
option httpclose # disable keep-alive
option checkcache # block response if set-cookie & cacheable
rspidel ^Set-cookie:\ IP= # do not let this cookie tell our internal IP address
errorloc 502 http://192.168.114.58/error502.html
errorfile 503 /home/westos/haproxy/errorfiles/503.http ###修改为上上面复制过去的路径
4、启动Haproxy
[westos@server1 haproxy-1.5.3]$ /home/westos/haproxy/sbin/haproxy -f /home/westos/haproxy/haproxy.cfg
5、查看是否启动成功
[westos@server1 ~]$ ps -aux|grep haproxy
westos 2070 0.0 0.2 12896 1368 ? Ss 23:33 0:00 /home/westos/haproxy/sbin/haproxy -f /home/westos/haproxy/haproxy.cfg
westos 2269 0.0 0.2 112640 984 pts/0 R+ 23:49 0:00 grep --color=auto haproxy
7、配置server2:
[root@server2 ~]# useradd -u 1001 westos
[root@server2 ~]# echo "1"|passwd --stdin westos
[westos@server1 ~]$ scp -r haproxy westos@172.25.8.2: #server1中发送到server2中
[root@server1 ~]# vim /etc/security/limits.conf
westos soft nofile 65535
westos hard nofile 65535
[westos@server2 ~]$ /home/westos/haproxy/sbin/haproxy -f /home/westos/haproxy/haproxy.cfg ###启动Haproxy
2、配置Haproxy
[root@server1 ~]# vim /etc/haproxy/haproxy.cfg
68 use_backend static if url_static
69 default_backend static ###默认模块设置为static
70 bind 172.25.8.1:80 ###绑定IP
71
72 #---------------------------------------------------------------------
73 # static backend for serving up images, stylesheets and such
74 #---------------------------------------------------------------------
75 backend static
76 balance roundrobin ###轮循
###下面为轮循的2台服务器
77 server web1 172.25.8.2:80 check
78 server web2 172.25.8.3:80 check
[root@server1 ~]# /etc/init.d/haproxy restart
[root@server1 ~]# chkconfig haproxy on
3、测试
安装server2、3的Apache服务:
[root@server2 ~]# yum install -y httpd
[root@server2 ~]# echo "<h1>server2</h1>" >/var/www/html/index.html
[root@server2 ~]# /etc/init.d/httpd restart
[root@server2 ~]# chkconfig httpd on
http://172.25.8.1 ###可以发现自带健康检查(即停掉server2和server3其中一个apache不会报错)
4、IP改为VIP
[root@server1 ~]# vim /etc/haproxy/haproxy.cfg
70 bind 172.25.8.100:80
5、在server4安装Haproxy
[root@server1 ~]# /etc/init.d/haproxy stop
[root@server4 ~]# yum install -y haproxy
[root@server4 ~]#scp [email protected]:/etc/haproxy/haproxy.cfg /etc/haproxy/
[root@server4 ~]# chkconfig haproxy on
四、Keepalived安装
请看该链接实验三:
keepalived安装及配置
1、检查Haproxy状态脚本:
[root@server1 ~]# vim /etc/keepalived/chk_haproxy.sh
#!/bin/bash
Haproxy_Status=`ps -C haproxy --no-header |wc -l`
if [ $Haproxy_Status -eq 0 ];then
/home/yy/haproxy/sbin/haproxy -f /home/yy/haproxy/haproxy.cfg
sleep 3
if [ `ps -C haproxy --no-header |wc -l` -eq 0 ];then
/etc/init.d/keepalived stop
fi
fi
[root@server1 ~]# chmod +x /etc/keepalived/chk_haproxy.sh
2、修改Keepalived.conf配置:
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_script check_haproxy { ###指定监控脚本
script "/etc/keepalived/chk_haproxy.sh"
interval 2
weight 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.8.100
}
track_script { ###监控此模块
check_haproxy
}
}
[root@server1 ~]# chkconfig --add keepalived
[root@server1 ~]# chkconfig keepalived on ######设置为开机自动启动
3、安装server2
(1)发送脚本及配置文件
[root@server1 ~]# scp -r /usr/local/keepalived/ [email protected]:/usr/local/
[root@server1 ~]# scp /etc/keepalived/chk_haproxy.sh [email protected]:/etc/keepalived/
[root@server2 ~]# cd /usr/local/keepalived/
[root@server2 keepalived]# ll
total 0
drwxr-xr-x 2 root root 20 Jul 4 01:37 bin
drwxr-xr-x 5 root root 50 Jul 4 01:37 etc
drwxr-xr-x 2 root root 23 Jul 4 01:37 sbin
drwxr-xr-x 5 root root 37 Jul 4 01:37 share
[root@server2 keepalived]# ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
[root@server2 keepalived]# ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
[root@server2 keepalived]# ln -s /usr/local/keepalived/etc/keepalived/ /etc/
[root@server2 keepalived]# ln -s /usr/local/keepalived/sbin/keepalived /sbin/
[root@server2 keepalived]# chmod +x /usr/local/keepalived/etc/rc.d/init.d/keepalived