這篇我將使用keepAlived達到Load-Balancing的高可用性
由於Load-balancing會是我們系統中很重要的基石,所以架構上少不了HA Cluster(Master/Slave Mode)
我將透過keepalived來實現,功能類似heartbeat,用來預防單點故障。
Keepalived是以VRRP (Virtual Router Redundancy Protocol)協議為基礎實現。
VRRP,將N台提供相同功能的路由器组成一個路由器组,這群组里面有一個master和多個backup,
master(優先權最高)上面有一個對外提供服務的vip,master會boradcast,
當backup收不到ARP封包,就認為master掛掉了,
這時就會依據VRRP的優先等級來選擇一個backup當master,
這樣就可以保證Route的高可用性。
Note:我實際測試2 node也可以完成投票選舉Master機制。
Install psmisc to check haproxy process
sudo yum -y install psmisc #if you have not killall
sudo killall -0 haproxy
sudo vi /etc/sysctl.conf
add the below line
net.ipv4.ip_nonlocal_bind=1 #floating/shared IP can be assigned to one of the load balancers
sudo vi /etc/selinux/config
SELINUX=disabled
sudo setenforce 0
sestatus
PS:need to reboot
install keepAlived
sudo yum -y install keepalived
sudo systemctl start keepalived
sudo systemctl enable keepalived
sudo vi /etc/keepalived/keepalived.conf # on the master node
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
lvs_id haproxy_DH # haproxy_DH_passive on slave
router_id HAProxy_DEVEL # keep the same
#vrrp_skip_check_adv_addr
#vrrp_strict
#vrrp_garp_interval 0
#vrrp_gna_interval 0
}
# Script used to check if HAProxy is running
vrrp_script check_haproxy {
script " killall -0 haproxy"
interval 2
weight -55 #當haproxy的服務不存在了,把當前的權重-55(這樣MASTER就會變Backup)
fall 2 #number of test successful
rise 1 #number of test failed
}
vrrp_instance VI_01 {
state MASTER #BACKUP on Slave onde
interface eth1 # your NIC
virtual_router_id 51
priority 100 # must less than master node on Slave node
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.137.238/24 brd 192.168.137.255 dev eth1
}
track_script {
check_haproxy
}
}
sudo systemctl restart keepalived
Check KeepAlived works
ping VIP on Master and Slave
sudo ip addr #check eth1 on master
On Backup
ARP packages between Master and Backup
Test HA keepAlived
透過VIP存取HAproxy 統計頁面
現在我把Master上的HAproxy服務給關閉後,重新透過VIP存取統計頁面
sudo systemctl stop haproxy
可以看到PID從1172變更為1116。
Master上確實無法存取
這時我們可以在Slave上看到已經接管VIP 192.168.137.238
到這裡針對Port 1080的HA測試完畢,下一篇,我將測試Readable secondary (Alwayson)。
Note enable firewall as below
sudo firewall-cmd --add-port=1433/tcp --permanent
sudo firewall-cmd --add-port=1080/tcp –permanent
sudo firewall-cmd --add-port=80/tcp --permanent
Add firewall rules to allow VRRP communication using the multicast IP address 224.0.0.18 and the VRRP protocol (112) on each network interface that Keepalived will control, for example:
VRRP communication between routers uses multicast IP address 224.0.0.18[1] and IP protocol number 112[2].
Thus, you only need to allow incoming and outgoing traffic with these specific parameters for VRRP to work correctly. The firewall rules that are usually mentioned are redundant and unnecessarily widely formulated.
sudo firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --in-interface ens192 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
sudo firewall-cmd --direct --permanent --add-rule ipv4 filter OUTPUT 0 --out-interface ens192 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
sudo firewall-cmd --reload
sudo netstat -ntlp | grep haproxy
參考
HOW TO SETUP HAPROXY WITH KEEPALIVED
Build an iRedMail fail-over Cluster with KeepAlived, HAProxy, GlusterFS, OpenLDAP, Mariadb
How to Setup Percona Cluster with HAproxy Loadbalancer on CentOS 7
https://docs.oracle.com/cd/E52668_01/E54669/html/section_ksr_psb_nr.html