环境介绍

操作系统 ha&keepalived ip地址 数据库ip vip ha版本 keepalive版本
rhel 7.5 192.168.247.140 192.168.247.122 192.168.247.150 1.5.18 2.2.2
rhel 7.5 192.168.247.141 192.168.247.123 192.168.247.151 1.5.18 2.2.2

配置haproxy

先在ha两个节点安装haproxy
配置过程:https://www.yuque.com/wei01/wql35u/tc5er9

配置keepalived

节点一安装keepalived

  1. yum install -y openssl-devel
  3. # 解压:
  4. tar -zxvf keepalived-2.2.2.tar.gz
  6. # 拷贝执行文件
  7. cp keepalived-2.2.2/keepalived/etc/init.d/keepalived /etc/init.d/
  9. cd  keepalived-2.2.2
  10. ./configure --prefix=/usr/local/keepalived
  12. # 编译安装
  13. make && make install
  15. # 如果需要ipv6支持,需要安装libnl/libnl-3 dev libraries
  16. *** WARNING - this build will not support IPVS with IPv6. Please install libnl/libnl-3 dev libraries to support IPv6 with IPVS.
  18. # 生成相关配置文件
  19. mkdir /etc/keepalived/
  20. # 复制keepalived.conf
  21. cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
  22. # 复制系统相关文件
  23. cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
  25. cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
  27. vi /etc/keepalived/keepalived.conf
  29. ! Configuration File for keepalived
  31. global_defs {
  32.   router_id node1
  33. }
  35. #自定义监控脚本
  36. vrrp_script chk_haproxy {
  37.   # 脚本位置
  38.   script "/etc/keepalived/chk_haproxy.sh"
  39.   # 脚本执行的时间间隔
  40.   interval 1
  41.   weight 0
  43. }
  45. vrrp_instance VI_1 {
  46.     # Keepalived的角色,MASTER 表示主节点,BACKUP 表示备份节点
  47.     state BACKUP
  48.    # 不抢占MASTER,当发生故障后重启,不会抢占为master,避免切换带来影响
  49.     nopreempt
  50.     # 指定监测的网卡,可以使用 ifconfig 或 ip a 进行查看
  51.     interface ens33
  52.     # 主备节点需要设置为相同, 虚拟路由id要改,如果在一个局域网中有多个keepalived集群
  53.     virtual_router_id 51
  54.     # 优先级,节点1的优先级需要设置比节点2高, 会变成主节点
  55.     priority 100
  56.     # 设置主备之间的检查时间,单位为秒
  57.     advert_int 1
  58.     # 定义验证类型和密码
  59.     authentication {
  60.         auth_type PASS
  61.         auth_pass 1111
  62.     }
  64.     # 虚拟IP地址,可以设置多个
  65.     virtual_ipaddress {
  66.         192.168.247.150
  67.         192.168.247.151
  68.     }
  70.    # 调用上面自定义的监控脚本
  71.     track_script {
  72.        chk_haproxy
  73.     }
  75.     notify_backup "/usr/bin/systemctl restart haproxy"  当为备节点时,执行脚本
  76.     notify_fault "/usr/bin/systemctl stop haproxy"    当节点故障时,执行脚本
  77. }
  81. # 配置检查脚本
  82. vi  /etc/keepalived/chk_haproxy.sh
  84. #!/bin/bash
  86. if [ $(ps -C haproxy --no-header | wc -l) -eq 0 ]; then
  87.     systemctl stop keepalived
  88. fi
  90. chmod +x /etc/keepalived/chk_haproxy.sh
  92. # 启动服务
  93. systemctl start keepalived
  95. # 检查vip启动
  96. [root@ha01 ~]# ip a|grep -i -w inet
  97.     inet 127.0.0.1/8 scope host lo
  98.     inet 192.168.247.140/24 brd 192.168.247.255 scope global ens33
  99.     inet 192.168.247.150/32 scope global ens33
  100.     inet 192.168.247.151/32 scope global ens33

节点二安装keepalived,配置如上:
唯一区别 ,修改节点优先级,比节点一低:
vi /etc/keepalived/keepalived.conf
priority 90

# 配置完成后,启动服务
systemctl start keepalived

# 检查服务状态和vip
[root@ha02 ~]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
   Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vendor preset: disabled)
   Active: active (running) since 三 2021-07-28 21:13:54 CST; 17min ago
  Process: 57512 ExecStart=/usr/local/keepalived/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 57513 (keepalived)
   CGroup: /system.slice/keepalived.service
           ├─57513 /usr/local/keepalived/sbin/keepalived -D
           └─57514 /usr/local/keepalived/sbin/keepalived -D

7月 28 21:13:54 ha02 Keepalived_vrrp[57514]: WARNING - script `systemctl` r....
7月 28 21:13:54 ha02 Keepalived_vrrp[57514]: SECURITY VIOLATION - scripts a....
7月 28 21:13:54 ha02 Keepalived_vrrp[57514]: Assigned address 192.168.247.1...3
7月 28 21:13:54 ha02 Keepalived_vrrp[57514]: Assigned address fe80::20c:29f...3
7月 28 21:13:54 ha02 Keepalived_vrrp[57514]: Registering gratuitous ARP sha...l
7月 28 21:13:54 ha02 Keepalived_vrrp[57514]: (VI_1) removing VIPs.
7月 28 21:13:54 ha02 Keepalived_vrrp[57514]: VRRP sockpool: [ifindex(  2), ...]
7月 28 21:13:54 ha02 Keepalived[57513]: Startup complete
7月 28 21:13:54 ha02 Keepalived_vrrp[57514]: VRRP_Script(chk_haproxy) succeeded
7月 28 21:13:54 ha02 Keepalived_vrrp[57514]: (VI_1) Entering BACKUP STATE
Hint: Some lines were ellipsized, use -l to show in full.

[root@ha02 ~]# ip a|grep -i -w inet
    inet 127.0.0.1/8 scope host lo
    inet 192.168.247.141/24 brd 192.168.247.255 scope global ens33

测试load balance

# 测试两个vip的load balance(server id 以ip最后两位配置)

[root@mysql2 ~]# for (( i=0;i<5;i++ )); do mysql -uroot -proot1234 -h192.168.247.150 -P3306 -e "select @@server_id"; done
mysql: [Warning] Using a password on the command line interface can be insecure.
+-------------+
| @@server_id |
+-------------+
|      247122 |
+-------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+-------------+
| @@server_id |
+-------------+
|      247123 |
+-------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+-------------+
| @@server_id |
+-------------+
|      247122 |
+-------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+-------------+
| @@server_id |
+-------------+
|      247123 |
+-------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+-------------+
| @@server_id |
+-------------+
|      247122 |
+-------------+

[root@mysql2 ~]# for (( i=0;i<5;i++ )); do mysql -uroot -proot1234 -h192.168.247.151 -P3306 -e "select @@server_id"; done
mysql: [Warning] Using a password on the command line interface can be insecure.
+-------------+
| @@server_id |
+-------------+
|      247123 |
+-------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+-------------+
| @@server_id |
+-------------+
|      247122 |
+-------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+-------------+
| @@server_id |
+-------------+
|      247123 |
+-------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+-------------+
| @@server_id |
+-------------+
|      247122 |
+-------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+-------------+
| @@server_id |
+-------------+
|      247123 |
+-------------+

测试故障转移

# 关闭节点一的haproxy
[root@ha01 ~]# systemctl stop haproxy
# 查看keepalived
[root@ha01 ~]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
   Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vendor preset: disabled)
   Active: inactive (dead) since 三 2021-07-28 21:36:56 CST; 12s ago
  Process: 30137 ExecStart=/usr/local/keepalived/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 30138 (code=exited, status=0/SUCCESS)

7月 28 21:13:58 ha01 Keepalived_vrrp[30139]: Sending gratuitous ARP on ens3...1
7月 28 21:13:58 ha01 Keepalived_vrrp[30139]: Sending gratuitous ARP on ens3...0
7月 28 21:13:58 ha01 Keepalived_vrrp[30139]: Sending gratuitous ARP on ens3...1
7月 28 21:13:58 ha01 Keepalived_vrrp[30139]: Sending gratuitous ARP on ens3...0
7月 28 21:13:58 ha01 Keepalived_vrrp[30139]: Sending gratuitous ARP on ens3...1
7月 28 21:36:55 ha01 Keepalived[30138]: Stopping
7月 28 21:36:55 ha01 systemd[1]: Stopping LVS and VRRP High Availability M.....
7月 28 21:36:55 ha01 Keepalived_vrrp[30139]: (VI_1) sent 0 priority
7月 28 21:36:55 ha01 Keepalived_vrrp[30139]: (VI_1) removing VIPs.
7月 28 21:36:56 ha01 systemd[1]: Stopped LVS and VRRP High Availability Mo...r.
Hint: Some lines were ellipsized, use -l to show in full.
# 查看vip
[root@ha01 ~]# ip a|grep -i -w inet
    inet 127.0.0.1/8 scope host lo
    inet 192.168.247.140/24 brd 192.168.247.255 scope global ens33

# 查看节点二vip
[root@ha02 ~]# ip a|grep -i -w inet
    inet 127.0.0.1/8 scope host lo
    inet 192.168.247.141/24 brd 192.168.247.255 scope global ens33
    inet 192.168.247.150/32 scope global ens33
    inet 192.168.247.151/32 scope global ens33

    Hint: Some lines were ellipsized, use -l to show in full.
# 检查服务状态    
[root@ha02 ~]# systemctl status keepalived -l
● keepalived.service - LVS and VRRP High Availability Monitor
   Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vendor preset: disabled)
   Active: active (running) since 三 2021-07-28 21:13:54 CST; 25min ago
  Process: 57512 ExecStart=/usr/local/keepalived/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 57513 (keepalived)
   CGroup: /system.slice/keepalived.service
           ├─57513 /usr/local/keepalived/sbin/keepalived -D
           └─57514 /usr/local/keepalived/sbin/keepalived -D

7月 28 21:37:00 ha02 Keepalived_vrrp[57514]: (VI_1) Sending/queueing gratuitous ARPs on ens33 for 192.168.247.151
7月 28 21:37:00 ha02 Keepalived_vrrp[57514]: Sending gratuitous ARP on ens33 for 192.168.247.151
7月 28 21:37:00 ha02 Keepalived_vrrp[57514]: Sending gratuitous ARP on ens33 for 192.168.247.150
7月 28 21:37:00 ha02 Keepalived_vrrp[57514]: Sending gratuitous ARP on ens33 for 192.168.247.151
7月 28 21:37:00 ha02 Keepalived_vrrp[57514]: Sending gratuitous ARP on ens33 for 192.168.247.150
7月 28 21:37:00 ha02 Keepalived_vrrp[57514]: Sending gratuitous ARP on ens33 for 192.168.247.151
7月 28 21:37:00 ha02 Keepalived_vrrp[57514]: Sending gratuitous ARP on ens33 for 192.168.247.150
7月 28 21:37:00 ha02 Keepalived_vrrp[57514]: Sending gratuitous ARP on ens33 for 192.168.247.151
7月 28 21:37:00 ha02 Keepalived_vrrp[57514]: Sending gratuitous ARP on ens33 for 192.168.247.150
7月 28 21:37:00 ha02 Keepalived_vrrp[57514]: Sending gratuitous ARP on ens33 for 192.168.247.151

# 查看日志,观察切换时间, 几乎无延迟
[root@ha02 log]# more messages
Jul 28 21:36:55 ha02 Keepalived_vrrp[57514]: (VI_1) Backup received priority 0 advertisement
Jul 28 21:36:55 ha02 Keepalived_vrrp[57514]: (VI_1) Receive advertisement timeout
Jul 28 21:36:55 ha02 Keepalived_vrrp[57514]: (VI_1) Entering MASTER STATE
Jul 28 21:36:55 ha02 Keepalived_vrrp[57514]: (VI_1) setting VIPs.
Jul 28 21:36:55 ha02 Keepalived_vrrp[57514]: (VI_1) Sending/queueing gratuitous ARPs on ens33 for 192.168.247.150
Jul 28 21:36:55 ha02 Keepalived_vrrp[57514]: Sending gratuitous ARP on ens33 for 192.168.247.150
Jul 28 21:36:55 ha02 Keepalived_vrrp[57514]: (VI_1) Sending/queueing gratuitous ARPs on ens33 for 192.168.247.151
Jul 28 21:36:55 ha02 Keepalived_vrrp[57514]: Sending gratuitous ARP on ens33 for 192.168.247.151
Jul 28 21:36:55 ha02 Keepalived_vrrp[57514]: Sending gratuitous ARP on ens33 for 192.168.247.150
Jul 28 21:36:55 ha02 Keepalived_vrrp[57514]: Sending gratuitous ARP on ens33 for 192.168.247.151
Jul 28 21:36:55 ha02 Keepalived_vrrp[57514]: Sending gratuitous ARP on ens33 for 192.168.247.150
Jul 28 21:36:55 ha02 Keepalived_vrrp[57514]: Sending gratuitous ARP on ens33 for 192.168.247.151
Jul 28 21:36:55 ha02 Keepalived_vrrp[57514]: Sending gratuitous ARP on ens33 for 192.168.247.150

# 测试连接
[root@mysql2 ~]# for (( i=0;i<5;i++ )); do mysql -uroot -proot1234 -h192.168.247.151 -P3306 -e "select @@server_id"; done
mysql: [Warning] Using a password on the command line interface can be insecure.
+-------------+
| @@server_id |
+-------------+
|      247122 |
+-------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+-------------+
| @@server_id |
+-------------+
|      247123 |
+-------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+-------------+
| @@server_id |
+-------------+
|      247122 |
+-------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+-------------+
| @@server_id |
+-------------+
|      247123 |
+-------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+-------------+
| @@server_id |
+-------------+
|      247122 |
+-------------+

# 启动节点一的haproxy和keepalived
[root@ha01 ~]# systemctl start haproxy
[root@ha01 ~]# systemctl status haproxy
● haproxy.service - HAProxy Load Balancer
   Loaded: loaded (/usr/lib/systemd/system/haproxy.service; enabled; vendor preset: disabled)
   Active: active (running) since 三 2021-07-28 21:42:53 CST; 4s ago
 Main PID: 36107 (haproxy-systemd)
   CGroup: /system.slice/haproxy.service
           ├─36107 /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy....
           ├─36108 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/hapr...
           └─36109 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/hapr...

7月 28 21:42:53 ha01 systemd[1]: Started HAProxy Load Balancer.
7月 28 21:42:53 ha01 systemd[1]: Starting HAProxy Load Balancer...
7月 28 21:42:54 ha01 haproxy-systemd-wrapper[36107]: haproxy-systemd-wrapper...
Hint: Some lines were ellipsized, use -l to show in full.
[root@ha01 ~]# systemctl start keepalived
[root@ha01 ~]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
   Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vendor preset: disabled)
   Active: active (running) since 三 2021-07-28 21:43:06 CST; 9s ago
  Process: 36117 ExecStart=/usr/local/keepalived/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 36118 (keepalived)
   CGroup: /system.slice/keepalived.service
           ├─36118 /usr/local/keepalived/sbin/keepalived -D
           └─36119 /usr/local/keepalived/sbin/keepalived -D

7月 28 21:43:06 ha01 Keepalived_vrrp[36119]: WARNING - script `systemctl` r....
7月 28 21:43:06 ha01 Keepalived_vrrp[36119]: SECURITY VIOLATION - scripts a....
7月 28 21:43:06 ha01 Keepalived_vrrp[36119]: Assigned address 192.168.247.1...3
7月 28 21:43:06 ha01 Keepalived_vrrp[36119]: Assigned address fe80::20c:29f...3
7月 28 21:43:06 ha01 Keepalived_vrrp[36119]: Registering gratuitous ARP sha...l
7月 28 21:43:06 ha01 Keepalived_vrrp[36119]: (VI_1) removing VIPs.
7月 28 21:43:06 ha01 Keepalived_vrrp[36119]: VRRP sockpool: [ifindex(  2), ...]
7月 28 21:43:07 ha01 Keepalived[36118]: Startup complete
7月 28 21:43:07 ha01 Keepalived_vrrp[36119]: VRRP_Script(chk_haproxy) succeeded
7月 28 21:43:07 ha01 Keepalived_vrrp[36119]: (VI_1) Entering BACKUP STATE
Hint: Some lines were ellipsized, use -l to show in full.

# vip 不会飘回去
[root@ha01 ~]# ip a|grep -i -w inet
    inet 127.0.0.1/8 scope host lo
    inet 192.168.247.140/24 brd 192.168.247.255 scope global ens33

验证故障转移时的抖动

# 关闭haproxy
[root@ha02 log]# date
2021年 07月 28日 星期三 22:08:49 CST
[root@ha02 log]# systemctl stop haproxy

# 客户端长连接会关闭连接
[root@mysql2 ~]# mysql -uroot -proot1234 -h192.168.247.151 -P3306 -e "call test.test()"
+----------+
| sleep(1) |
+----------+
|        0 |
+----------+
+---------------------+
| now()               |
+---------------------+
| 2021-07-28 22:08:50 |
+---------------------+
+----------+
| sleep(1) |
+----------+
|        0 |
+----------+
+---------------------+
| now()               |
+---------------------+
| 2021-07-28 22:08:51 |
+---------------------+
ERROR 2013 (HY000) at line 1: Lost connection to MySQL server during query

# 关闭haproxy
[root@ha01 ~]# date
2021年 07月 28日 星期三 22:14:09 CST
[root@ha01 ~]# systemctl stop haproxy

# 新连接会无法连接
[root@mysql2 ~]# for (( i=0;i<20;i++ )); do sleep 1; mysql -uroot -proot1234 -h192.168.247.151 -P3306 -e "select now()"; done
mysql: [Warning] Using a password on the command line interface can be insecure.
+---------------------+
| now()               |
+---------------------+
| 2021-07-28 22:14:08 |
+---------------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+---------------------+
| now()               |
+---------------------+
| 2021-07-28 22:14:09 |
+---------------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+---------------------+
| now()               |
+---------------------+
| 2021-07-28 22:14:10 |
+---------------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+---------------------+
| now()               |
+---------------------+
| 2021-07-28 22:14:11 |
+---------------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 2003 (HY000): Can't connect to MySQL server on '192.168.247.151' (111)

mysql: [Warning] Using a password on the command line interface can be insecure.
+---------------------+
| now()               |
+---------------------+
| 2021-07-28 22:14:13 |
+---------------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+---------------------+
| now()               |
+---------------------+
| 2021-07-28 22:14:14 |
+---------------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+---------------------+
| now()               |
+---------------------+
| 2021-07-28 22:14:15 |
+---------------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+---------------------+
| now()               |
+---------------------+
| 2021-07-28 22:14:16 |
+---------------------+
mysql: [Warning] Using a password on the command line interface can be insecure.
+---------------------+
| now()               |
+---------------------+
| 2021-07-28 22:14:17 |
+---------------------+