pacemaker+corosync+haproxy
>高可用架构由两个核心部分组成,一个是心跳检测,判断服务器是否正常运行;一个是资源转移,用来将公共资源在正常服务器和故障服务器之间搬动。两个结合起来使用,可以实现对高可用架构的自动管理。 整个运行模式就是心跳检测不断的在网络中检测各个指定的设备是否能够正常响应,如果一旦发生设备故障,就由资源转移功能进行应用的切换,以继续提供服务。 corosync提供集群的信息层(messaging layer)的功能,传递心跳信息和集群事务信息,多台机器之间通过组播的方式监测心跳 pacemaker工作在资源分配层,提供资源管理器的功能,并以crmsh这个资源配置的命令接口来配置资源 心跳检测是用来检测服务器是否还在提供服务,只要出现异常不能提供服务了,就认为它挂掉了。 当检测出服务器挂掉之后,就要对服务资源进行转移。 CoroSync是运行于心跳层的开源软件。 PaceMaker是运行于资源转移层的开源软件。 使用corosync监控心跳,pacemaker时先资源转移,crmsh实现集群资源配置 使用fence检查节点健康状况,实行跳电保护 - 实验环境:四台主机(可以是虚拟机),架构如下图: 一、Haproxy
- server1:172.25.54.5 - server2:172.25.54.6以下的配置均需要在 server1 和 server2 上进行,并且两台主机需要时间同步
[root@server1 ~]# lshaproxy-1.6.11.tar.gz[root@server1 ~]# yum install -y rpm-build ##安装rpm包制作工具[root@server1 ~]# rpmbuild -tb haproxy-1.6.11.tar.gz ##制作rpm包error: Failed build dependencies:pcre-devel is needed by haproxy-1.6.11-1.x86_64[root@server1 ~]# yum install pcre-devel -y ##解决依赖性[root@server1 ~]# rpmbuild -tb haproxy-1.6.11.tar.gz make: gcc: Command not found[root@server1 ~]# yum install -y gcc ##解决Error[root@server1 ~]# rpmbuild -tb haproxy-1.6.11.tar.gz [root@server1 ~]# cd [root@server1 ~]# ls rpmbuild/ BUILD BUILDROOT RPMS SOURCES SPECS SRPMS[root@server1 ~]# cd rpmbuild/RPMS/[root@server1 RPMS]# lsx86_64[root@server1 RPMS]# cd x86_64/[root@server1 x86_64]# lshaproxy-1.6.11-1.x86_64.rpm ##所制作的rpm包[root@server1 x86_64]# rpm -qpl haproxy-1.6.11-1.x86_64.rpm ##查看安装haproxy会生成的文件, 没有主配置文件, 需要将压缩包解压获取/etc/haproxy/etc/rc.d/init.d/haproxy/usr/sbin/haproxy/usr/share/doc/haproxy-1.6.11/usr/share/doc/haproxy-1.6.11/CHANGELOG/usr/share/doc/haproxy-1.6.11/README/usr/share/doc/haproxy-1.6.11/architecture.txt/usr/share/doc/haproxy-1.6.11/configuration.txt/usr/share/doc/haproxy-1.6.11/intro.txt/usr/share/doc/haproxy-1.6.11/management.txt/usr/share/doc/haproxy-1.6.11/proxy-protocol.txt/usr/share/man/man1/haproxy.1.gz[root@server1 x86_64]# rpm -ivh haproxy-1.6.11-1.x86_64.rpm ##安装haproxy[root@server1 x86_64]# cd[root@server1 ~]# tar zxf haproxy-1.6.11.tar.gz [root@server1 ~]# cd haproxy-1.6.11[root@server1 haproxy-1.6.11]# lsCHANGELOG CONTRIBUTING ebtree include MAINTAINERS README srctests VERSIONcontrib doc examples LICENSE MakefileROADMAP SUBVERS VERDATE[root@server1 haproxy-1.6.11]# find -name *.spec ## 存在.spec文件, 才可以制作rpm包./examples/haproxy.spec[root@server1 haproxy-1.6.11]# cp examples/content-sw-sample.cfg /etc/haproxy/haproxy.cfg##将配置文件模板复制到 /etc/haproxy/haproxy.cfg##因为在haproxy启动脚本中读取的配置文件是/etc/haproxy/haproxy.cfg##所以起的名字要一致[root@server1 haproxy-1.6.11]# ls /etc/haproxy/haproxy.cfg[root@server1 haproxy-1.6.11]#
[root@server1 ~]# vim /etc/haproxy/haproxy.cfg uid 200gid 200 ##所以需要创建用户[root@server1 ~]# groupadd -g 200 haproxy[root@server1 ~]# useradd -u 200 -g 200 -M haproxy[root@server1 ~]# id haproxyuid=200(haproxy) gid=200(haproxy) groups=200(haproxy)[root@server1 ~]# vim /etc/security/limits.conf [root@server1 ~]# cat /etc/security/limits.conf | tail -n 1haproxy-nofile10000 ##配置文件要求10000[root@server1 ~]# vim /etc/haproxy/haproxy.cfg [root@server1 ~]# cat /etc/haproxy/haproxy.cfg ##配置文件中其他的都是注释,我这里就不列出来了globalmaxconn 10000 ##最大连接数stats socket /var/run/haproxy.stat mode 600 level adminlog 127.0.0.1 local0 ##local:日志设备uid 200##默认用户UIDgid 200##默认用户GIDchroot/var/empty ##安全设置,根目录切换,锁在/var/empty下 daemon ##设置为后台进程defaults##默认配置,被frontend,backend,listen段继承使用mode http ##Haproxy工作模式,四层工作模式为TCP,七层为HTTPlog globaloptionhttplog ##启用http日志optiondontlognullmonitor-uri/monitoruri maxconn 8000 ##每个进程的最大连接数,会覆盖global中的maxconntimeout client 30s ##客户端非活动状态的超时时长stats uri /admin/stats ##监控页面的URLretries 2 ##服务器连接失败后的重试次数option redispatch ##如果cookie中写入ServerID而客户端不会刷新Cookie,那么当ServerID对应的服务器宕机后,将强制定向到其它健康的服务器上timeout connect 5s ##连接最大超时时间,默认毫秒timeout server 5s ##服务端超时时间frontend public ##前端接口设置bind *:80 name clear ##允许访问本机所有的IP#bind 192.168.1.10:443 ssl crt /etc/haproxy/haproxy.pem#use_backendstatic if { hdr_beg(host) -i img }#use_backendstatic if { path_beg /img /css }default_backend staticbackend staticbalance roundrobin ##负载均衡算法为轮询serverstatsrv1 172.25.54.7:80 check inter 1000 ##对后端服务器的健康状况检查间隔为1000毫秒serverstatsrv2 172.25.54.8:80 check inter 1000[root@server1 ~]#
测试Haproxy是否可用
server1 打开Haproxy服务
此时server1 、 server2的Haproxy服务均未打开
[root@server1 ~]# /etc/init.d/haproxy startStarting haproxy: [ OK ][root@server1 ~]#
server3
[root@server3 ~]# vim /var/www/html/index.html[root@server3 ~]# cat /var/www/html/index.html <h1>server3<h1>[root@server3 ~]# /etc/init.d/httpd startStarting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.25.54.3 for ServerName[ OK ][root@server3 ~]#
server4
[root@server4 ~]# vim /var/www/html/index.html[root@server4 ~]# cat /var/www/html/index.html <h1>server4<h1>[root@server4 ~]# /etc/init.d/httpd startStarting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.25.54.4 for ServerName[ OK ][root@server4 ~]#
刷新网页,会在server3 和 server4页面来回切换
将server4的http服务关闭
[root@server4 ~]# /etc/init.d/httpd stopStopping httpd: [ OK ][root@server4 ~]#
刷新网页,页面一直在server3
将server3的http服务关闭,将server4的http服务开启
[root@server3 ~]# /etc/init.d/httpd startStarting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.25.54.3 for ServerName[ OK ][root@server3 ~]# [root@server4 ~]# /etc/init.d/httpd startStarting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.25.54.4 for ServerName[ OK ][root@server4 ~]#
刷新网页,页面一直在server4
设置日志采集目录
[root@server1 ~]# vim /etc/rsyslog.conf ##配置采集规则文件13 $ModLoad imudp14 $UDPServerRun 51442 *.info;mail.none;authpriv.none;cron.none;local0.none/var/log/messages62 local0.* /var/log/haproxy.log[root@server1 ~]# /etc/init.d/rsyslog restartShutting down system logger: [ OK ]Starting system logger:[ OK ][root@server1 ~]# ll /var/log/haproxy.log -rw------- 1 root root 0 Aug 4 10:58 /var/log/haproxy.log[root@server1 ~]# cat /var/log/haproxy.log [root@server1 ~]###浏览器访问 172.25.54.5,刷新几次[root@server1 ~]# cat /var/log/haproxy.log Aug 4 10:59:41 localhost haproxy[1537]: 172.25.54.250:51174 [04/Aug/:10:59:41.871] public static/statsrv2 0/0/0/1/1 304 150 - - ---- 1/1/0/0/0 0/0 "GET / HTTP/1.1"Aug 4 10:59:43 localhost haproxy[1537]: 172.25.54.250:51174 [04/Aug/:10:59:41.872] public static/statsrv1 1831/0/0/1/1832 200 284 - - ---- 1/1/0/1/0 0/0 "GET / HTTP/1.1"Aug 4 10:59:44 localhost haproxy[1537]: 172.25.54.250:51174 [04/Aug/:10:59:43.703] public static/statsrv2 525/0/0/1/526 200 284 - - ---- 1/1/0/1/0 0/0 "GET / HTTP/1.1"[root@server1 ~]#
Haproxy采用的八种算法
`roundrobin`, 简单的轮询 `static-rr`, 根据权重 `leastconn`, 最少连接者先处理 `source`, 根据请求源IP `uri`, 根据请求的URI `url_param`, 根据请求的URl参数 `hdr(name)`, 根据HTTP请求头来锁定每一次HTTP请求 `rdp-cookie(name)`, 很据cookie(name)来锁定并哈希每一次TCP请求动静页面分离
- server1 ``` [root@server1 ~]# vim /etc/haproxy/haproxy.cfg 43 use_backend static2 if { path_end -i .php } 45 # The static backend backend for 'Host: img', /img and /css. 46 backend static1 47 balance roundrobin 48 #balance source 49 server statsrv1 172.25.54.7:80 check inter 1000 50 51 backend static2 52 balance roundrobin 53 server[root@server1 ~]# /etc/init.d/haproxy reload [root@server1 ~]# /etc/init.d/haproxy reload ##刷新策略 [root@server1 ~]# ``` - server4配置动态网页[root@server4 html]# yum install php -y //安装php[root@server4 ~]# vim /var/www/html/index.php[root@server4 ~]# cat /var/www/html/index.php <?phpphpinfo()?>[root@server4 ~]# /etc/init.d/httpd restartStopping httpd: [ OK ]Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.25.54.4 for ServerName[ OK ][root@server4 ~]#
访问控制
[root@server1 ~]# vim /etc/haproxy/haproxy.cfg 45 acl blacklist src 172.25.54.25046 47 http-request deny if blacklist[root@server1 ~]# /etc/init.d/haproxy reload[root@server1 ~]#
这样的界面不好,用户体验差
修改——报错访问重定向
[root@server1 ~]# vim /etc/haproxy/haproxy.cfg 49 errorloc 403 http://172.25.54.5:8080##当403报错时重定向到172.25.54.5:8080上[root@server1 ~]# /etc/init.d/haproxy reload[root@server1 ~]#[root@server1 ~]# yum install -y httpd[root@server1 ~]# vim /etc/httpd/conf/httpd.conf 136 Listen 8080[root@server1 ~]# vim /var/www/html/index.html[root@server1 ~]# cat /var/www/html/index.html 网站正在维护中....[root@server1 ~]# /etc/init.d/httpd startStarting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.25.54.1 for ServerName[ OK ][root@server1 ~]#
访问172.25.54.5
[kiosk@foundation54 ~]$ curl 172.25.54.5[kiosk@foundation54 ~]$ curl 172.25.54.5 -IHTTP/1.1 302 FoundCache-Control: no-cacheContent-length: 0Location: http://172.25.54.5:8080[kiosk@foundation54 ~]$
修改——报错直接访问重定向
[root@server1 ~]# vim /etc/haproxy/haproxy.cfg45 acl blacklist src 172.25.54.25046 47 #http-request deny if blacklist48 49 #errorloc 403 http://172.25.54.5:808050 51 redirect location http://172.25.54.5:8080[root@server1 ~]# /etc/init.d/haproxy reload //刷新策略
访问172.25.54.5
[kiosk@foundation2 ~]$ curl -I 172.25.54.1 //查看响应信息HTTP/1.1 302 FoundCache-Control: no-cacheContent-length: 0Location: http://172.25.54.8:80//访问被重定向到server4Connection: close
读写分离
-server1配置
``` [root@server1 ~]# vim /etc/haproxy/haproxy.cfg 45 acl blacklist src 172.25.54.250 46 47 acl write method POST ##写控制 48 acl write method PUT 49 #http-request deny if blacklist 50 51 #errorloc 403 http://172.25.54.5:8080 52 53 #redirect location 54 55 use_backend static2 if { path_end -i .php } 56 use_backend static2 if write ##如果执行写操作则调转到server4 57 default_backend static1 [root@server1 ~]# /etc/init.d/haproxy reload [root@server1 ~]# ``` -后端server3、server4配置动态上传网页
该实验还需要一个PHP的目录,此处我直接分享出来,链接是:[PHPupload](/s/1lbnWvi2caUhiNZy-lTfy3A)[root@server3 ~]# yum install php -y //安装php[root@server3 ~]# cd /var/www/html/[root@server3 html]# lsindex.html upload ##upload就是需要的目录[root@server3 html]# cd upload/[root@server3 upload]# lsindex.php upload_file.php[root@server3 upload]# mv * ..[root@server3 upload]# cd ..[root@server3 html]# lsindex.html index.php upload upload_file.php[root@server3 html]# chmod 777 upload //加读写权限[root@server3 html]# vim upload_file.php //修改上传图片限定大小
[root@server3 html]# /etc/init.d/httpd restart //重启服务Stopping httpd: [ OK ]Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.25.54.7 for ServerName[ OK ]
将默认发布文档修改成index.php后
[root@server3 html]# cd upload[root@server3 upload]# ls ##图片未上传到server3[root@server4 html]# cd upload[root@server4 upload]# lsredhat.jpg ##图片上传到server4
