环境介绍
| 操作系统 | ha&keepalived ip地址 | 数据库ip | vip | ha版本 | keepalive版本 |
|---|---|---|---|---|---|
| rhel 7.5 | 192.168.247.140 | 192.168.247.122 | 192.168.247.150 | 1.5.18 | 2.2.2 |
| rhel 7.5 | 192.168.247.141 | 192.168.247.123 | 192.168.247.151 | 1.5.18 | 2.2.2 |
配置haproxy
先在ha两个节点安装haproxy
配置过程:https://www.yuque.com/wei01/wql35u/tc5er9
配置keepalived
节点一安装keepalived
yum install -y openssl-devel# 解压:tar -zxvf keepalived-2.2.2.tar.gz# 拷贝执行文件cp keepalived-2.2.2/keepalived/etc/init.d/keepalived /etc/init.d/cd keepalived-2.2.2./configure --prefix=/usr/local/keepalived# 编译安装make && make install# 如果需要ipv6支持,需要安装libnl/libnl-3 dev libraries*** WARNING - this build will not support IPVS with IPv6. Please install libnl/libnl-3 dev libraries to support IPv6 with IPVS.# 生成相关配置文件mkdir /etc/keepalived/# 复制keepalived.confcp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/# 复制系统相关文件cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bakvi /etc/keepalived/keepalived.conf! Configuration File for keepalivedglobal_defs {router_id node1}#自定义监控脚本vrrp_script chk_haproxy {# 脚本位置script "/etc/keepalived/chk_haproxy.sh"# 脚本执行的时间间隔interval 1weight 0}vrrp_instance VI_1 {# Keepalived的角色,MASTER 表示主节点,BACKUP 表示备份节点state BACKUP# 不抢占MASTER,当发生故障后重启,不会抢占为master,避免切换带来影响nopreempt# 指定监测的网卡,可以使用 ifconfig 或 ip a 进行查看interface ens33# 主备节点需要设置为相同, 虚拟路由id要改,如果在一个局域网中有多个keepalived集群virtual_router_id 51# 优先级,节点1的优先级需要设置比节点2高, 会变成主节点priority 100# 设置主备之间的检查时间,单位为秒advert_int 1# 定义验证类型和密码authentication {auth_type PASSauth_pass 1111}# 虚拟IP地址,可以设置多个virtual_ipaddress {192.168.247.150192.168.247.151}# 调用上面自定义的监控脚本track_script {chk_haproxy}notify_backup "/usr/bin/systemctl restart haproxy" 当为备节点时,执行脚本notify_fault "/usr/bin/systemctl stop haproxy" 当节点故障时,执行脚本}# 配置检查脚本vi /etc/keepalived/chk_haproxy.sh#!/bin/bashif [ $(ps -C haproxy --no-header | wc -l) -eq 0 ]; thensystemctl stop keepalivedfichmod +x /etc/keepalived/chk_haproxy.sh# 启动服务systemctl start keepalived# 检查vip启动[root@ha01 ~]# ip a|grep -i -w inetinet 127.0.0.1/8 scope host loinet 192.168.247.140/24 brd 192.168.247.255 scope global ens33inet 192.168.247.150/32 scope global ens33inet 192.168.247.151/32 scope global ens33
节点二安装keepalived,配置如上:
唯一区别 ,修改节点优先级,比节点一低:
vi /etc/keepalived/keepalived.conf
priority 90
# 配置完成后,启动服务
systemctl start keepalived
# 检查服务状态和vip
[root@ha02 ~]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vendor preset: disabled)
Active: active (running) since 三 2021-07-28 21:13:54 CST; 17min ago
Process: 57512 ExecStart=/usr/local/keepalived/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 57513 (keepalived)
CGroup: /system.slice/keepalived.service
├─57513 /usr/local/keepalived/sbin/keepalived -D
└─57514 /usr/local/keepalived/sbin/keepalived -D
7月 28 21:13:54 ha02 Keepalived_vrrp[57514]: WARNING - script `systemctl` r....
7月 28 21:13:54 ha02 Keepalived_vrrp[57514]: SECURITY VIOLATION - scripts a....
7月 28 21:13:54 ha02 Keepalived_vrrp[57514]: Assigned address 192.168.247.1...3
7月 28 21:13:54 ha02 Keepalived_vrrp[57514]: Assigned address fe80::20c:29f...3
7月 28 21:13:54 ha02 Keepalived_vrrp[57514]: Registering gratuitous ARP sha...l
7月 28 21:13:54 ha02 Keepalived_vrrp[57514]: (VI_1) removing VIPs.
7月 28 21:13:54 ha02 Keepalived_vrrp[57514]: VRRP sockpool: [ifindex( 2), ...]
7月 28 21:13:54 ha02 Keepalived[57513]: Startup complete
7月 28 21:13:54 ha02 Keepalived_vrrp[57514]: VRRP_Script(chk_haproxy) succeeded
7月 28 21:13:54 ha02 Keepalived_vrrp[57514]: (VI_1) Entering BACKUP STATE
Hint: Some lines were ellipsized, use -l to show in full.
[root@ha02 ~]# ip a|grep -i -w inet
inet 127.0.0.1/8 scope host lo
inet 192.168.247.141/24 brd 192.168.247.255 scope global ens33
测试load balance
# 测试两个vip的load balance(server id 以ip最后两位配置)
[root@mysql2 ~]# for (( i=0;i<5;i++ )); do mysql -uroot -proot1234 -h192.168.247.150 -P3306 -e "select @@server_id"; done
mysql: [Warning] Using a password on the command line interface can be insecure.
+-------------+
| @@server_id |
+-------------+
| 247122 |
+-------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+-------------+
| @@server_id |
+-------------+
| 247123 |
+-------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+-------------+
| @@server_id |
+-------------+
| 247122 |
+-------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+-------------+
| @@server_id |
+-------------+
| 247123 |
+-------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+-------------+
| @@server_id |
+-------------+
| 247122 |
+-------------+
[root@mysql2 ~]# for (( i=0;i<5;i++ )); do mysql -uroot -proot1234 -h192.168.247.151 -P3306 -e "select @@server_id"; done
mysql: [Warning] Using a password on the command line interface can be insecure.
+-------------+
| @@server_id |
+-------------+
| 247123 |
+-------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+-------------+
| @@server_id |
+-------------+
| 247122 |
+-------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+-------------+
| @@server_id |
+-------------+
| 247123 |
+-------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+-------------+
| @@server_id |
+-------------+
| 247122 |
+-------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+-------------+
| @@server_id |
+-------------+
| 247123 |
+-------------+
测试故障转移
# 关闭节点一的haproxy
[root@ha01 ~]# systemctl stop haproxy
# 查看keepalived
[root@ha01 ~]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vendor preset: disabled)
Active: inactive (dead) since 三 2021-07-28 21:36:56 CST; 12s ago
Process: 30137 ExecStart=/usr/local/keepalived/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 30138 (code=exited, status=0/SUCCESS)
7月 28 21:13:58 ha01 Keepalived_vrrp[30139]: Sending gratuitous ARP on ens3...1
7月 28 21:13:58 ha01 Keepalived_vrrp[30139]: Sending gratuitous ARP on ens3...0
7月 28 21:13:58 ha01 Keepalived_vrrp[30139]: Sending gratuitous ARP on ens3...1
7月 28 21:13:58 ha01 Keepalived_vrrp[30139]: Sending gratuitous ARP on ens3...0
7月 28 21:13:58 ha01 Keepalived_vrrp[30139]: Sending gratuitous ARP on ens3...1
7月 28 21:36:55 ha01 Keepalived[30138]: Stopping
7月 28 21:36:55 ha01 systemd[1]: Stopping LVS and VRRP High Availability M.....
7月 28 21:36:55 ha01 Keepalived_vrrp[30139]: (VI_1) sent 0 priority
7月 28 21:36:55 ha01 Keepalived_vrrp[30139]: (VI_1) removing VIPs.
7月 28 21:36:56 ha01 systemd[1]: Stopped LVS and VRRP High Availability Mo...r.
Hint: Some lines were ellipsized, use -l to show in full.
# 查看vip
[root@ha01 ~]# ip a|grep -i -w inet
inet 127.0.0.1/8 scope host lo
inet 192.168.247.140/24 brd 192.168.247.255 scope global ens33
# 查看节点二vip
[root@ha02 ~]# ip a|grep -i -w inet
inet 127.0.0.1/8 scope host lo
inet 192.168.247.141/24 brd 192.168.247.255 scope global ens33
inet 192.168.247.150/32 scope global ens33
inet 192.168.247.151/32 scope global ens33
Hint: Some lines were ellipsized, use -l to show in full.
# 检查服务状态
[root@ha02 ~]# systemctl status keepalived -l
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vendor preset: disabled)
Active: active (running) since 三 2021-07-28 21:13:54 CST; 25min ago
Process: 57512 ExecStart=/usr/local/keepalived/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 57513 (keepalived)
CGroup: /system.slice/keepalived.service
├─57513 /usr/local/keepalived/sbin/keepalived -D
└─57514 /usr/local/keepalived/sbin/keepalived -D
7月 28 21:37:00 ha02 Keepalived_vrrp[57514]: (VI_1) Sending/queueing gratuitous ARPs on ens33 for 192.168.247.151
7月 28 21:37:00 ha02 Keepalived_vrrp[57514]: Sending gratuitous ARP on ens33 for 192.168.247.151
7月 28 21:37:00 ha02 Keepalived_vrrp[57514]: Sending gratuitous ARP on ens33 for 192.168.247.150
7月 28 21:37:00 ha02 Keepalived_vrrp[57514]: Sending gratuitous ARP on ens33 for 192.168.247.151
7月 28 21:37:00 ha02 Keepalived_vrrp[57514]: Sending gratuitous ARP on ens33 for 192.168.247.150
7月 28 21:37:00 ha02 Keepalived_vrrp[57514]: Sending gratuitous ARP on ens33 for 192.168.247.151
7月 28 21:37:00 ha02 Keepalived_vrrp[57514]: Sending gratuitous ARP on ens33 for 192.168.247.150
7月 28 21:37:00 ha02 Keepalived_vrrp[57514]: Sending gratuitous ARP on ens33 for 192.168.247.151
7月 28 21:37:00 ha02 Keepalived_vrrp[57514]: Sending gratuitous ARP on ens33 for 192.168.247.150
7月 28 21:37:00 ha02 Keepalived_vrrp[57514]: Sending gratuitous ARP on ens33 for 192.168.247.151
# 查看日志,观察切换时间, 几乎无延迟
[root@ha02 log]# more messages
Jul 28 21:36:55 ha02 Keepalived_vrrp[57514]: (VI_1) Backup received priority 0 advertisement
Jul 28 21:36:55 ha02 Keepalived_vrrp[57514]: (VI_1) Receive advertisement timeout
Jul 28 21:36:55 ha02 Keepalived_vrrp[57514]: (VI_1) Entering MASTER STATE
Jul 28 21:36:55 ha02 Keepalived_vrrp[57514]: (VI_1) setting VIPs.
Jul 28 21:36:55 ha02 Keepalived_vrrp[57514]: (VI_1) Sending/queueing gratuitous ARPs on ens33 for 192.168.247.150
Jul 28 21:36:55 ha02 Keepalived_vrrp[57514]: Sending gratuitous ARP on ens33 for 192.168.247.150
Jul 28 21:36:55 ha02 Keepalived_vrrp[57514]: (VI_1) Sending/queueing gratuitous ARPs on ens33 for 192.168.247.151
Jul 28 21:36:55 ha02 Keepalived_vrrp[57514]: Sending gratuitous ARP on ens33 for 192.168.247.151
Jul 28 21:36:55 ha02 Keepalived_vrrp[57514]: Sending gratuitous ARP on ens33 for 192.168.247.150
Jul 28 21:36:55 ha02 Keepalived_vrrp[57514]: Sending gratuitous ARP on ens33 for 192.168.247.151
Jul 28 21:36:55 ha02 Keepalived_vrrp[57514]: Sending gratuitous ARP on ens33 for 192.168.247.150
Jul 28 21:36:55 ha02 Keepalived_vrrp[57514]: Sending gratuitous ARP on ens33 for 192.168.247.151
Jul 28 21:36:55 ha02 Keepalived_vrrp[57514]: Sending gratuitous ARP on ens33 for 192.168.247.150
# 测试连接
[root@mysql2 ~]# for (( i=0;i<5;i++ )); do mysql -uroot -proot1234 -h192.168.247.151 -P3306 -e "select @@server_id"; done
mysql: [Warning] Using a password on the command line interface can be insecure.
+-------------+
| @@server_id |
+-------------+
| 247122 |
+-------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+-------------+
| @@server_id |
+-------------+
| 247123 |
+-------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+-------------+
| @@server_id |
+-------------+
| 247122 |
+-------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+-------------+
| @@server_id |
+-------------+
| 247123 |
+-------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+-------------+
| @@server_id |
+-------------+
| 247122 |
+-------------+
# 启动节点一的haproxy和keepalived
[root@ha01 ~]# systemctl start haproxy
[root@ha01 ~]# systemctl status haproxy
● haproxy.service - HAProxy Load Balancer
Loaded: loaded (/usr/lib/systemd/system/haproxy.service; enabled; vendor preset: disabled)
Active: active (running) since 三 2021-07-28 21:42:53 CST; 4s ago
Main PID: 36107 (haproxy-systemd)
CGroup: /system.slice/haproxy.service
├─36107 /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy....
├─36108 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/hapr...
└─36109 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/hapr...
7月 28 21:42:53 ha01 systemd[1]: Started HAProxy Load Balancer.
7月 28 21:42:53 ha01 systemd[1]: Starting HAProxy Load Balancer...
7月 28 21:42:54 ha01 haproxy-systemd-wrapper[36107]: haproxy-systemd-wrapper...
Hint: Some lines were ellipsized, use -l to show in full.
[root@ha01 ~]# systemctl start keepalived
[root@ha01 ~]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vendor preset: disabled)
Active: active (running) since 三 2021-07-28 21:43:06 CST; 9s ago
Process: 36117 ExecStart=/usr/local/keepalived/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 36118 (keepalived)
CGroup: /system.slice/keepalived.service
├─36118 /usr/local/keepalived/sbin/keepalived -D
└─36119 /usr/local/keepalived/sbin/keepalived -D
7月 28 21:43:06 ha01 Keepalived_vrrp[36119]: WARNING - script `systemctl` r....
7月 28 21:43:06 ha01 Keepalived_vrrp[36119]: SECURITY VIOLATION - scripts a....
7月 28 21:43:06 ha01 Keepalived_vrrp[36119]: Assigned address 192.168.247.1...3
7月 28 21:43:06 ha01 Keepalived_vrrp[36119]: Assigned address fe80::20c:29f...3
7月 28 21:43:06 ha01 Keepalived_vrrp[36119]: Registering gratuitous ARP sha...l
7月 28 21:43:06 ha01 Keepalived_vrrp[36119]: (VI_1) removing VIPs.
7月 28 21:43:06 ha01 Keepalived_vrrp[36119]: VRRP sockpool: [ifindex( 2), ...]
7月 28 21:43:07 ha01 Keepalived[36118]: Startup complete
7月 28 21:43:07 ha01 Keepalived_vrrp[36119]: VRRP_Script(chk_haproxy) succeeded
7月 28 21:43:07 ha01 Keepalived_vrrp[36119]: (VI_1) Entering BACKUP STATE
Hint: Some lines were ellipsized, use -l to show in full.
# vip 不会飘回去
[root@ha01 ~]# ip a|grep -i -w inet
inet 127.0.0.1/8 scope host lo
inet 192.168.247.140/24 brd 192.168.247.255 scope global ens33
验证故障转移时的抖动
# 关闭haproxy
[root@ha02 log]# date
2021年 07月 28日 星期三 22:08:49 CST
[root@ha02 log]# systemctl stop haproxy
# 客户端长连接会关闭连接
[root@mysql2 ~]# mysql -uroot -proot1234 -h192.168.247.151 -P3306 -e "call test.test()"
+----------+
| sleep(1) |
+----------+
| 0 |
+----------+
+---------------------+
| now() |
+---------------------+
| 2021-07-28 22:08:50 |
+---------------------+
+----------+
| sleep(1) |
+----------+
| 0 |
+----------+
+---------------------+
| now() |
+---------------------+
| 2021-07-28 22:08:51 |
+---------------------+
ERROR 2013 (HY000) at line 1: Lost connection to MySQL server during query
# 关闭haproxy
[root@ha01 ~]# date
2021年 07月 28日 星期三 22:14:09 CST
[root@ha01 ~]# systemctl stop haproxy
# 新连接会无法连接
[root@mysql2 ~]# for (( i=0;i<20;i++ )); do sleep 1; mysql -uroot -proot1234 -h192.168.247.151 -P3306 -e "select now()"; done
mysql: [Warning] Using a password on the command line interface can be insecure.
+---------------------+
| now() |
+---------------------+
| 2021-07-28 22:14:08 |
+---------------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+---------------------+
| now() |
+---------------------+
| 2021-07-28 22:14:09 |
+---------------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+---------------------+
| now() |
+---------------------+
| 2021-07-28 22:14:10 |
+---------------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+---------------------+
| now() |
+---------------------+
| 2021-07-28 22:14:11 |
+---------------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 2003 (HY000): Can't connect to MySQL server on '192.168.247.151' (111)
mysql: [Warning] Using a password on the command line interface can be insecure.
+---------------------+
| now() |
+---------------------+
| 2021-07-28 22:14:13 |
+---------------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+---------------------+
| now() |
+---------------------+
| 2021-07-28 22:14:14 |
+---------------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+---------------------+
| now() |
+---------------------+
| 2021-07-28 22:14:15 |
+---------------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+---------------------+
| now() |
+---------------------+
| 2021-07-28 22:14:16 |
+---------------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+---------------------+
| now() |
+---------------------+
| 2021-07-28 22:14:17 |
+---------------------+
