Openstack(三)Haproxy+Keepalived双机
3.1部署keepalived
3.1.1下载keepalived源码包,并解压
# wget http://www.keepalived.org/software/keepalived-1.4.2.tar.gz
# tar xf keepalived-1.4.2.tar.gz
# cd keepalived-1.4.2
3.1.2安装包
# ./configure --prefix=/usr/local/keepalived --disable-fwmark && make && make install
# cp /usr/local/src/keepalived-1.4.2/keepalived/etc/init.d/keepalived.rh.init /etc/sysconfig/keepalived.sysconfig
# cp -f /usr/local/src/keepalived-1.4.2/keepalived/keepalived.service /usr/lib/systemd/system/
# cp /usr/local/src/keepalived-1.4.2/bin/keepalived /usr/sbin/
3.1.3配置keepalived
分别在两台负载服务器同时执行以下操作安装keepalived:
3.1.3.1master服务器:
# mkdir /etc/keepalived
# mkdir /etc/keepalived/vip
# cat /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state MASTER # 主机类型,MASTER, BACKUP
interface br0 # 实例绑定的网卡
virtual_router_id 80 # router_id必改
priority 50 # 优先级
advert_int 1 # 检查间隔,默认为1秒
unicast_src_ip 192.168.10.205 # 本机ip
unicast_peer {
192.168.10.206 # 备机ip
}
authentication {
auth_type PASS # 负载同步验证方式
auth_pass 123456
}
virtual_ipaddress {
192.168.10.100/24 dev br0 label br0:0 # vip配置
}
}
include /etc/keepalived/vip/*.conf # 配置文件导入
# vim /etc/keepalived/vip/vip_br1.conf
vrrp_instance VI_2 {
state BACKUP
interface br1
virtual_router_id 81
priority 100
advert_int 1
unicast_src_ip 192.168.20.205
unicast_peer {
192.168.20.206
}
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.20.100/24 dev br1 label br1:0
}
}
3.1.3.2backup服务器:
# mkdir /etc/keepalived
# mkdir /etc/keepalived/vip
# cat /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state MASTER
interface bond0
virtual_router_id 80
priority 100
advert_int 1
unicast_src_ip 192.168.10.206
unicast_peer {
192.168.10.205
}
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.10.100/24 dev bond0 label bond0:0
}
}
include /etc/keepalived/vip/*.conf
# vim /etc/keepalived/vip/vip_br1.conf
vrrp_instance VI_2 {
state BACKUP
interface bond1
virtual_router_id 81
priority 50
advert_int 1
unicast_src_ip 192.168.20.205
unicast_peer {
192.168.20.206
}
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.20.100/24 dev bond1 label bond1:0
}
}
3.1.3.3 验证
# 启动keepalived
# systemctl start keepalived
# systemctl enable keepalived
# ifconfig
3.2部署haproxy
分别在两台负载服务器同时执行以下操作安装haproxy:
3.2.1:下载haproxy:
# wget http://www.haproxy.org/download/1.8/src/haproxy-1.8.4.tar.gz
# tar xf haproxy-1.8.4.tar.gz
# cd haproxy-1.8.4
3.2.2: 安装haproxy:
# make ARCH=x86_64 TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_CPU_AFFINITY=1 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy && cp haproxy /usr/sbin/
# # USE_PCRE=1 开启正则 USE_OPENSSL=1 开启openssl USE_ZLIB=1
# # USE_CPU_AFFINITY=1 为开启haproxy进程与CPU核心绑定,USE_SYSTEMD=1为支持使用 -Ws参数(systemd-aware master-worker 模式)启动Haproxy,从而实现单主进程多子进程运行模式。
3.3.3:配置haproxy
3.3.3.1:准备haproxy启动脚本
# cat /usr/lib/systemd/system/haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target
[Service]
#支持多配置文件读取,类似于从侧面是实现配置文件的include功能。
ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -f /etc/haproxy/conf -c -q
ExecStart=/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -f /etc/haproxy/conf -p /run/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
[Install]
WantedBy=multi-user.target
You have new mail in /var/spool/mail/root
## cp ./haproxy-systemd-wrapper /usr/sbin/haproxy-systemd-wrapper (haproxy1.7版本使用)
# cp ./haproxy /usr/sbin/haproxy
3.3.3.2准备系统配置文件
# cat /etc/sysconfig/haproxy
# Add extra options to the haproxy daemon here. This can be useful for
# specifying multiple configuration files with multiple -f options.
# See haproxy(1) for a complete list of options.
OPTIONS=""
3.3.3.3配置主配置文件
# mkdir /var/lib/haproxy
# mkdir /etc/haproxy
# vim /etc/haproxy/haproxy.cfg
global
maxconn 100000
chroot /usr/local/haproxy
#stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
uid 99
gid 99
daemon
nbproc 4
cpu-map 1 0
cpu-map 2 1
cpu-map 3 2
cpu-map 4 3
pidfile /usr/local/haproxy/run/haproxy.pid
log 127.0.0.1 local3 info
defaults
option http-keep-alive #当serverId对应的服务器挂掉后,强制定向到其他健康的服务器
option forwardfor #当服务器负载很高的时候,自动结束掉当前队列处理比较久的链接
maxconn 100000
mode http
timeout connect 10s #连接到一台服务器的最长等待时间
timeout client 20s #连接客户端发送数据最长等待时间
timeout server 30s #服务器回应客户端发送数据最长等待时间
timeout check 5s #对后端服务器的检测超时时间
listen stats
mode http
bind 0.0.0.0:9999
stats enable
log global
stats uri /haproxy-status # 页面访问路径
stats auth haadmin:q1w2e3r4ys
#####################分文件conf/*.cfg 配置实例###############
frontend openstack_mysql
bind 192.168.10.100:3306
mode tcp
default_backend openstack_mysql_node
backend openstack_mysql_node
mode tcp
balance source
server 192.168.10.201 192.168.10.201:3306 check inter 2000 fall 3 rise 5
3.3.3.4配置各个负载的内核参数
# vim /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind = 1 #开启允许绑定非本机的IP,haporxy启动忽视VIP存在
net.ipv4.ip_forward = 1 #内核是否转发数据包
# sysctl -p # 配置内核参数生效
3.3.3.5 启动haproxy并验证
# systemctl reload haproxy
# systemctl start haproxy
# systemctl enable haproxy
3.3整合keepalived+haproxy
主要为keepalived监控haproxy,以防haproxy死掉,keepalived进程还存活。
3.3.1配置keepalived严控haproxy进程
# vim /etc/keepalived/<keepalived配置文件> 添加
vrrp_script chk_haproxy {
script "/etc/keepalived/check_haproxy.sh"
interval 5
weight 2
}
track_script {
chk_haproxy
}
# vim /etc/keepalived/check_haproxy.sh
#!/bin/bash
if [ $(ps -C haproxy --no-header | wc -l) -eq 0 ];then
haproxy -f /opt/haproxy-1.7.8/haproxy.cfg
fi
sleep 2
if [ $(ps -C haproxy --no-header | wc -l) -eq 0 ];then
service keepalived stop
fi
3.4验证
待续………