Haproxy

具有故障轉移功能的 Softlayer HAProxy

  • February 12, 2015

我在 Softlayer 上有 2 個虛擬伺服器,都執行 HAProxy。我正在嘗試使用 keepalived 設置故障轉移。每台伺服器都有一個私有 IP 和一個公共 IP,它們在同一個 VLAN 上。我為keepalived嘗試了許多不同的設置,但是在master上停止HAProxy,它不會故障轉移到BACKUP。

我讀到不支持多播,因此我將設置更改為單播。現在,備份/主伺服器上的設置基本上是這樣的:

vrrp_script chk_haproxy {
 script "pidof haproxy"
 interval 2
}

vrrp_instance VI_1 {
 debug 2
 interface eth1
 state MASTER
 virtual_router_id 51
 priority 101
 unicast_src_ip 1.2.3.4        # My IP
 unicast_peer {
   5.6.7.8                   # peer IP
 }
 track_script {
   chk_haproxy
 }
}

其中 MYIP 是 conf 文件所在伺服器的公共 IP 地址,PEERIP 是對等方的公共 IP 地址。仍然無法正常工作。停止主伺服器上的 HAProxy,它不會故障轉移到備份。

我想知道是否有人在 Softlayer 上設置了帶有故障轉移的 HAProxy,以及他們是如何完成它的?

我設法完成了這個設置,我是這樣做的:

  1. 我使用 SoftLayer 的控制面板創建了一個全域 IP 地址。
  2. 我在兩個 HAProxy 虛擬伺服器上都有 Debian 7。我將全域 IP 地址添加到兩台伺服器上的 eth1 介面。
  3. 這是兩台伺服器上使用的 HAProxy 設置:
global
 log 127.0.0.1 local0
 log 127.0.0.1 local1 notice
 maxconn 4096
 user haproxy
 group haproxy

defaults
 log global  
 mode http    
 option httplog 
 option dontlognull
 retries 3
 maxconn 2000
 option redispatch
 timeout connect 5000
 timeout client 50000
 timeout server 50000
 stats uri / haproxy

listen webfarm 0.0.0.0:80
 mode http
 stats enable
 stats uri /haproxy?stats
 stats realm Haproxy\ Statistics
 stats auth haproxy:stats
 balance roundrobin
 cookie LBN insert indirect nocache
 option httpclose
 option forwardfor
 server app1-west <public_ip>:8080 cookie node1 check
 server app2-west <public_ip>:8080 cookie node2 check 
  1. 這是 MASTER 伺服器上的 Keepalived 設置:
global_defs {
   notification_email {
       admin@mydomain.com
   }
   notification_email_from me@me.com
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id LB_MASTER_ACTIVE
}

# Define the script used to check if haproxy is still working
vrrp_script chk_haproxy {
   script "killall -0 haproxy"   # verify the pid existance
   interval 2                    # check every 2 seconds
   weight 2                      # add 2 points of prio if OK
}

# Virtual interface.
vrrp_instance VI_1 {
   state MASTER
   interface eth1
   virtual_router_id 51
   priority 101
   smtp_alert 

   authentication {
       auth_type PASS
       auth_pass 1111 #replace with random string
   }

   vrrp_unicast_bind <my_private_ip>
   vrrp_unicast_peer <peers_private_ip>

   # Check if HAProxy is running or not.
   track_script {
       chk_haproxy
   }
   notify_master /usr/bin/reroute_global
}
  1. 這是 BACKUP 伺服器上的 Keepalived 設置:
global_defs {
   notification_email {
       admin@mydomain.com
   }
   notification_email_from me@me.com
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id LB_BACKUP_PASSIVE
}

# Define the script used to check if haproxy is still working
vrrp_script chk_haproxy {
   script "killall -0 haproxy"   # verify the pid existance
   interval 2                    # check every 2 seconds
   weight 2                      # add 2 points of prio if OK
}

# Virtual interface.
vrrp_instance VI_1 {
   state BACKUP
   interface eth1
   virtual_router_id 51
   priority 100
   smtp_alert 
   advert_int 1

   authentication {
       auth_type PASS
       auth_pass 1111 #replace with random string
   }

   vrrp_unicast_bind <my_private_ip>
   vrrp_unicast_peer <peers_private_ip>

   # Check if HAProxy is running or not.
   track_script {
       chk_haproxy
   }
   notify_master /usr/bin/reroute_global
}
  1. 如上所述,我正在執行 Debian 7。從 keepalived 設置中可以看出,我有一個 notify_master 腳本。這是使腳本執行所需的一切:
apt-get install cpanminus libssl-dev build-essential libxml2-dev libexpat1-dev
cpanm SOAP::Lite XML::Hash::LX IO::Interface
git clone https://github.com/softlayer/softlayer-api-perl-client.git
mv softlayer-api-perl-client/SoftLayer /usr/share/perl5
  1. 現在所有依賴項都已到位,腳本應該可以工作。這是我保存為的腳本/usr/bin/reroute_global
#!/usr/bin/env perl
use strict;
use warnings;

use SoftLayer::API::SOAP;
use IO::Interface::Simple;

# SoftLayer API Information
my $api_user = 'YOUR_API_USERNAME';
my $api_key  = 'YOUR_API_KEY';

# Get the IP address associated with eth1
my $if   = IO::Interface::Simple->new('eth1');

# Create client object to SoftLayer_Account
my $client = SoftLayer::API::SOAP->new('SoftLayer_Account', undef, $api_user, $api_key);

# Get global IP address ID of first global IP address.
my $global_ip_id = $client->getGlobalIpRecords()->result->[0]->{id};

# Create client object to SoftLayer_Network_Subnet_IpAddress_Global
$client = SoftLayer::API::SOAP->new('SoftLayer_Network_Subnet_IpAddress_Global', $global_ip_id, $api_user, $api_key);

# Reroute global IP address to this systems public IP
$client->route($if->address);

您需要更改 API_USERNAME/KEY 以匹配您的 API 憑據。該腳本從您的 SoftLayer 全域 IP 地址中獲取第一個全域 IP,然後將全域 IP 重新路由到系統。在故障轉移的情況下,BACKUP 變為 MASTER 並執行腳本,該腳本將全域 IP 地址路由到自身。

測試

  1. curl http://<global_IP>
  2. 在主伺服器上,service haproxy stop
  3. 備份時:tail -f /var/log/syslog. 您應該看到如下內容:
Feb 12 01:11:55 proxy2-west Keepalived_vrrp[11816]: VRRP_Script(chk_haproxy) succeeded
Feb 12 01:11:55 proxy2-west Keepalived_vrrp[11816]: SMTP alert successfully sent.
Feb 12 01:12:29 proxy2-west Keepalived_vrrp[11816]: VRRP_Instance(VI_1) forcing a new MASTER election
Feb 12 01:12:29 proxy2-west Keepalived_vrrp[11816]: VRRP_Instance(VI_1) forcing a new MASTER election
Feb 12 01:12:30 proxy2-west Keepalived_vrrp[11816]: VRRP_Instance(VI_1) Transition to MASTER STATE
Feb 12 01:12:31 proxy2-west Keepalived_vrrp[11816]: VRRP_Instance(VI_1) Entering MASTER STATE
Feb 12 01:12:31 proxy2-west Keepalived_vrrp[11816]: Opening script file /usr/bin/reroute_global
  1. curl http://<global_IP>(如果故障轉移有效,它應該可以工作)

引用自:https://serverfault.com/questions/666850