機器 | 操作系統 | IP | 安裝組件 | 版本 |
---|---|---|---|---|
psql1 | CentOS 7.3 | 10.10.0.1 | postgresql/etcd/patroni | 12.1/3.3.11/1.6.1 |
psql2 | CentOS 7.3 | 10.10.0.2 | postgresql/etcd/patroni | 12.1/3.3.11/1.6.1 |
psql3 | CentOS 7.3 | 10.10.0.3 | postgresql/etcd/patroni | 12.1/3.3.11/1.6.1 |
haproxy1 | CentOS 7.3 | 10.10.0.4 | haproxy/keepalived | 1.5.18/2.0.20 |
haproxy2 | CentOS 7.3 | 10.10.0.5 | haproxy/keepalived | 1.5.18/2.0.20 |
本文用到的所有文件
鏈接:https://pan.baidu.com/s/1lwaX_DuTcJwegLuJFZTH5w
提取碼:5615
1、基礎環境(所有節點)
1.1、修改主機名及hosts
hostnamectl set-hostname psql1
hostnamectl set-hostname psql2
hostnamectl set-hostname psql3
hostnamectl set-hostname haproxy1
hostnamectl set-hostname haproxy2
...
cat >> /etc/hosts <<EOF
10.10.0.1 psql1
10.10.0.2 psql2
10.10.0.3 psql3
10.10.0.4 haproxy1
10.10.0.5 haproxy2
EOF
1.2、修改系統進程打開最大文件數
echo "* soft nofile 655350" >> /etc/security/limits.conf
echo "* hard nofile 655350" >> /etc/security/limits.conf
1.3、關閉防火牆及selinux
systemctl stop firewalld && systemctl disable firewalld
setenforce 0
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
1.4、配置yum源
此處配置離線yum源安裝,如果是外網環境直接yum安裝即可
unzip pgsql_yum.zip && rm -rf pgsql_yum.zip && mv pgsql_yum /
mkdir -p /etc/yum.repos.d/yum.bak && mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/yum.bak
cat > /etc/yum.repos.d/local.repo <<EOF
[local]
name=local
enabled=1
baseurl=file:///pgsql_yum/
gpgcheck=0
EOF
yum clean all && yum makecache
2、PostgreSQL(psql節點)
2.1、安裝依賴
yum -y install readline readline-devel zlib zlib-devel vim
2.2、安裝PostgreSQL
選擇空間較大的磁盤
tar -xvf postgresql-12.1.tar.gz && rm -rf postgresql-12.1.tar.gz && cd postgresql-12.1
./configure --prefix=/usr/local/pgsql
make && make install
3、Etcd(etcd節點)
3.1、安裝chrony同步集羣系統時間
建議集羣所有節點均安裝配置
- 安裝chrony
yum -y install chrony
- 啓動並加入開機自啓
systemctl start chronyd && systemctl enable chronyd && systemctl status chronyd
- 系統時鐘同步,以psql1機器爲時鐘服務器
vim /etc/chrony.conf
- 將以下內容註釋掉:
- 添加時鐘服務器配置,即psql1機器
server 10.10.0.1 iburst
- 強制同步時間
chronyc -a makestep
- 重啓service
systemctl daemon-reload && systemctl restart chronyd
3.2、安裝Etcd
yum -y install etcd
3.3、配置Etcd
vim /etc/etcd/etcd.conf
- etcd1(10.10.0.1)
ETCD_DATA_DIR="/var/lib/etcd/etcd1.etcd"
ETCD_LISTEN_PEER_URLS="http://10.10.0.1:2380"
ETCD_LISTEN_CLIENT_URLS="http://10.10.0.1:2379,http://127.0.0.1:2379"
ETCD_NAME="etcd1"
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://10.10.0.1:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://10.10.0.1:2379"
ETCD_INITIAL_CLUSTER="etcd1=http://10.10.0.1:2380,etcd2=http://10.10.0.2:2380,etcd3=http://10.10.0.3:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
- etcd2(10.10.0.2)
ETCD_DATA_DIR="/var/lib/etcd/etcd2.etcd"
ETCD_LISTEN_PEER_URLS="http://10.10.0.2:2380"
ETCD_LISTEN_CLIENT_URLS="http://10.10.0.2:2379,http://127.0.0.1:2379"
ETCD_NAME="etcd2"
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://10.10.0.2:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://10.10.0.2:2379"
ETCD_INITIAL_CLUSTER="etcd1=http://10.10.0.1:2380,etcd2=http://10.10.0.2:2380,etcd3=http://10.10.0.3:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
- etcd3(10.10.0.3)
ETCD_DATA_DIR="/var/lib/etcd/etcd3.etcd"
ETCD_LISTEN_PEER_URLS="http://10.10.0.3:2380"
ETCD_LISTEN_CLIENT_URLS="http://10.10.0.3:2379,http://127.0.0.1:2379"
ETCD_NAME="etcd3"
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://10.10.0.3:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://10.10.0.3:2379"
ETCD_INITIAL_CLUSTER="etcd1=http://10.10.0.1:2380,etcd2=http://10.10.0.2:2380,etcd3=http://10.10.0.3:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
3.4、修改etcd.service
vim /usr/lib/systemd/system/etcd.service
直接刪除原有內容,替換爲以下配置
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
[Service]
Type=notify
WorkingDirectory=/var/lib/etcd/
EnvironmentFile=/etc/etcd/etcd.conf
User=etcd
# set GOMAXPROCS to number of processors
ExecStart=/bin/bash -c "GOMAXPROCS=$(nproc) /usr/bin/etcd \
--name=\"${ETCD_NAME}\" \
--data-dir=\"${ETCD_DATA_DIR}\" \
--listen-peer-urls=\"${ETCD_LISTEN_PEER_URLS}\" \
--listen-client-urls=\"${ETCD_LISTEN_CLIENT_URLS}\" \
--initial-advertise-peer-urls=\"${ETCD_INITIAL_ADVERTISE_PEER_URLS}\" \
--advertise-client-urls=\"${ETCD_ADVERTISE_CLIENT_URLS}\" \
--initial-cluster=\"${ETCD_INITIAL_CLUSTER}\" \
--initial-cluster-token=\"${ETCD_INITIAL_CLUSTER_TOKEN}\" \
--initial-cluster-state=\"${ETCD_INITIAL_CLUSTER_STATE}\""
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
3.5、啓動Etcd
systemctl daemon-reload && systemctl enable etcd && systemctl start etcd
3.6、驗證Etcd
- 任意節點查看集羣狀態
etcdctl cluster-health
etcdctl member list
4、Patroni(patroni節點)
4.1、安裝setuptools
unzip setuptools-42.0.2.zip && rm -rf setuptools-42.0.2.zip && cd setuptools-42.0.2
python setup.py install
4.2、安裝pip
tar -xvf pip-19.3.1.tar.gz && rm -rf pip-19.3.1.tar.gz && cd pip-19.3.1
python setup.py install
- 查看pip版本
pip -V
4.3、安裝patroni
- 如果安裝過程中提示缺少依賴可去pypi下載安裝即可
https://pypi.org/
yum -y install python-devel
pip install *.whl
pip install psutil-5.6.7.tar.gz
pip install cdiff-1.0.tar.gz
pip install python-etcd-0.4.5.tar.gz
pip install PyYAML-5.3.tar.gz
pip install prettytable-0.7.2.tar.gz
pip install patroni-1.6.1.tar.gz
4.4、查看patroni版本
patronictl version
4.5、配置patroni
4.5.1、集羣psql1節點配置
- 創建配置文件目錄
mkdir -p /data/patroni/conf
- 拷貝相關文件
unzip patroni.zip
cp -r patroni /data/patroni/conf/
cp /data/patroni/conf/patroni/postgres0.yml /data/patroni/conf/
- 編輯配置文件
vim /data/patroni/conf/postgres0.yml
scope: batman
#namespace: /service/
name: postgresql0
restapi:
listen: 10.10.0.1:8008
connect_address: 10.10.0.1:8008
# certfile: /etc/ssl/certs/ssl-cert-snakeoil.pem
# keyfile: /etc/ssl/private/ssl-cert-snakeoil.key
# authentication:
# username: username
# password: password
# ctl:
# insecure: false # Allow connections to SSL sites without certs
# certfile: /etc/ssl/certs/ssl-cert-snakeoil.pem
# cacert: /etc/ssl/certs/ssl-cacert-snakeoil.pem
etcd:
host: 10.10.0.1:2379
bootstrap:
# this section will be written into Etcd:/<namespace>/<scope>/config after initializing new cluster
# and all other cluster members will use it as a `global configuration`
dcs:
ttl: 30
loop_wait: 10
retry_timeout: 10
maximum_lag_on_failover: 1048576
# master_start_timeout: 300
synchronous_mode: false
#standby_cluster:
#host: 127.0.0.1
#port: 1111
#primary_slot_name: patroni
postgresql:
use_pg_rewind: true
use_slots: true
parameters:
wal_level: logical
hot_standby: "on"
max_connections: 5000
wal_keep_segments: 1000
max_wal_senders: 10
max_replication_slots: 10
wal_log_hints: "on"
archive_mode: "on"
archive_timeout: 1800s
archive_command: mkdir -p ../wal_archive && test ! -f ../wal_archive/%f && cp %p ../wal_archive/%f
recovery_conf:
restore_command: cp ../wal_archive/%f %p
# some desired options for 'initdb'
initdb: # Note: It needs to be a list (some options need values, others are switches)
- encoding: UTF8
- data-checksums
pg_hba: # Add following lines to pg_hba.conf after running 'initdb'
# For kerberos gss based connectivity (discard @.*$)
#- host replication replicator 127.0.0.1/32 gss include_realm=0
#- host all all 0.0.0.0/0 gss include_realm=0
- host replication replicator 0.0.0.0/0 md5
- host all admin 0.0.0.0/0 md5
- host all all 0.0.0.0/0 md5
# Additional script to be launched after initial cluster creation (will be passed the connection URL as parameter)
# post_init: /usr/local/bin/setup_cluster.sh
# Some additional users users which needs to be created after initializing new cluster
users:
admin:
password: postgres
options:
- createrole
- createdb
replicator:
password: replicator
options:
- replication
postgresql:
listen: 0.0.0.0:5432
connect_address: 10.10.0.1:5432
data_dir: /data/postgres
bin_dir: /usr/local/pgsql/bin
# config_dir:
# pgpass: /tmp/pgpass0
authentication:
replication:
username: replicator
password: replicator
superuser:
username: admin
password: postgres
# rewind: # Has no effect on postgres 10 and lower
# username: rewind_user
# password: rewind_password
# Server side kerberos spn
# krbsrvname: postgres
parameters:
# Fully qualified kerberos ticket file for the running user
# same as KRB5CCNAME used by the GSS
# krb_server_keyfile: /var/spool/keytabs/postgres
unix_socket_directories: '.'
#watchdog:
# mode: automatic # Allowed values: off, automatic, required
# device: /dev/watchdog
# safety_margin: 5
tags:
nofailover: false
noloadbalance: false
clonefrom: false
nosync: false
4.5.2、集羣psql2節點配置
- 創建配置文件目錄
mkdir -p /data/patroni/conf
- 拷貝相關文件
unzip patroni.zip
cp -r patroni /data/patroni/conf/
cp /data/patroni/conf/patroni/postgres1.yml /data/patroni/conf/
- 編輯配置文件
vim /data/patroni/conf/postgres1.yml
scope: batman
#namespace: /service/
name: postgresql1
restapi:
listen: 10.10.0.2:8008
connect_address: 10.10.0.2:8008
# certfile: /etc/ssl/certs/ssl-cert-snakeoil.pem
# keyfile: /etc/ssl/private/ssl-cert-snakeoil.key
# authentication:
# username: username
# password: password
# ctl:
# insecure: false # Allow connections to SSL sites without certs
# certfile: /etc/ssl/certs/ssl-cert-snakeoil.pem
# cacert: /etc/ssl/certs/ssl-cacert-snakeoil.pem
etcd:
host: 10.10.0.2:2379
bootstrap:
# this section will be written into Etcd:/<namespace>/<scope>/config after initializing new cluster
# and all other cluster members will use it as a `global configuration`
dcs:
ttl: 30
loop_wait: 10
retry_timeout: 10
maximum_lag_on_failover: 1048576
# master_start_timeout: 300
synchronous_mode: false
#standby_cluster:
#host: 127.0.0.1
#port: 1111
#primary_slot_name: patroni
postgresql:
use_pg_rewind: true
use_slots: true
parameters:
wal_level: logical
max_connections: 5000
hot_standby: "on"
wal_keep_segments: 1000
max_wal_senders: 10
max_replication_slots: 10
wal_log_hints: "on"
archive_mode: "on"
archive_timeout: 1800s
archive_command: mkdir -p ../wal_archive && test ! -f ../wal_archive/%f && cp %p ../wal_archive/%f
recovery_conf:
restore_command: cp ../wal_archive/%f %p
# some desired options for 'initdb'
initdb: # Note: It needs to be a list (some options need values, others are switches)
- encoding: UTF8
- data-checksums
pg_hba: # Add following lines to pg_hba.conf after running 'initdb'
# For kerberos gss based connectivity (discard @.*$)
#- host replication replicator 127.0.0.1/32 gss include_realm=0
#- host all all 0.0.0.0/0 gss include_realm=0
- host replication replicator 0.0.0.0/0 md5
- host all admin 0.0.0.0/0 md5
- host all all 0.0.0.0/0 md5
# Additional script to be launched after initial cluster creation (will be passed the connection URL as parameter)
# post_init: /usr/local/bin/setup_cluster.sh
# Some additional users users which needs to be created after initializing new cluster
users:
admin:
password: postgres
options:
- createrole
- createdb
replicator:
password: replicator
options:
- replication
postgresql:
listen: 0.0.0.0:5432
connect_address: 10.10.0.2:5432
data_dir: /data/postgres
bin_dir: /usr/local/pgsql/bin
# config_dir:
# pgpass: /tmp/pgpass0
authentication:
replication:
username: replicator
password: replicator
superuser:
username: admin
password: postgres
# rewind: # Has no effect on postgres 10 and lower
# username: rewind_user
# password: rewind_password
# Server side kerberos spn
# krbsrvname: postgres
parameters:
# Fully qualified kerberos ticket file for the running user
# same as KRB5CCNAME used by the GSS
# krb_server_keyfile: /var/spool/keytabs/postgres
unix_socket_directories: '.'
#watchdog:
# mode: automatic # Allowed values: off, automatic, required
# device: /dev/watchdog
# safety_margin: 5
tags:
nofailover: false
noloadbalance: false
clonefrom: false
nosync: false
4.5.3、集羣psql3節點配置
- 創建配置文件目錄
mkdir -p /data/patroni/conf
- 拷貝相關文件
unzip patroni.zip
cp -r patroni /data/patroni/conf/
cp /data/patroni/conf/patroni/postgres2.yml /data/patroni/conf/
- 編輯配置文件
vim /data/patroni/conf/postgres2.yml
scope: batman
#namespace: /service/
name: postgresql2
restapi:
listen: 10.10.0.3:8008
connect_address: 10.10.0.3:8008
# certfile: /etc/ssl/certs/ssl-cert-snakeoil.pem
# keyfile: /etc/ssl/private/ssl-cert-snakeoil.key
# authentication:
# username: username
# password: password
# ctl:
# insecure: false # Allow connections to SSL sites without certs
# certfile: /etc/ssl/certs/ssl-cert-snakeoil.pem
# cacert: /etc/ssl/certs/ssl-cacert-snakeoil.pem
etcd:
host: 10.10.0.3:2379
bootstrap:
# this section will be written into Etcd:/<namespace>/<scope>/config after initializing new cluster
# and all other cluster members will use it as a `global configuration`
dcs:
ttl: 30
loop_wait: 10
retry_timeout: 10
maximum_lag_on_failover: 1048576
# master_start_timeout: 300
synchronous_mode: false
#standby_cluster:
#host: 127.0.0.1
#port: 1111
#primary_slot_name: patroni
postgresql:
use_pg_rewind: true
use_slots: true
parameters:
wal_level: logical
max_connections: 5000
hot_standby: "on"
wal_keep_segments: 1000
max_wal_senders: 10
max_replication_slots: 10
wal_log_hints: "on"
archive_mode: "on"
archive_timeout: 1800s
archive_command: mkdir -p ../wal_archive && test ! -f ../wal_archive/%f && cp %p ../wal_archive/%f
recovery_conf:
restore_command: cp ../wal_archive/%f %p
# some desired options for 'initdb'
initdb: # Note: It needs to be a list (some options need values, others are switches)
- encoding: UTF8
- data-checksums
pg_hba: # Add following lines to pg_hba.conf after running 'initdb'
# For kerberos gss based connectivity (discard @.*$)
#- host replication replicator 127.0.0.1/32 gss include_realm=0
#- host all all 0.0.0.0/0 gss include_realm=0
- host replication replicator 0.0.0.0/0 md5
- host all admin 0.0.0.0/0 md5
- host all all 0.0.0.0/0 md5
# Additional script to be launched after initial cluster creation (will be passed the connection URL as parameter)
# post_init: /usr/local/bin/setup_cluster.sh
# Some additional users users which needs to be created after initializing new cluster
users:
admin:
password: postgres
options:
- createrole
- createdb
replicator:
password: replicator
options:
- replication
postgresql:
listen: 0.0.0.0:5432
connect_address: 10.10.0.3:5432
data_dir: /data/postgres
bin_dir: /usr/local/pgsql/bin
# config_dir:
# pgpass: /tmp/pgpass0
authentication:
replication:
username: replicator
password: replicator
superuser:
username: admin
password: postgres
# rewind: # Has no effect on postgres 10 and lower
# username: rewind_user
# password: rewind_password
# Server side kerberos spn
# krbsrvname: postgres
parameters:
# Fully qualified kerberos ticket file for the running user
# same as KRB5CCNAME used by the GSS
# krb_server_keyfile: /var/spool/keytabs/postgres
unix_socket_directories: '.'
#watchdog:
# mode: automatic # Allowed values: off, automatic, required
# device: /dev/watchdog
# safety_margin: 5
tags:
nofailover: false
noloadbalance: false
clonefrom: false
nosync: false
4.6、修改目錄權限
- 記下data_dir上述yml配置文件中的值。該目錄需要確保postgres用戶具備寫入的權限。如果此目錄不存在,則創建,在所有patroni節點分別進行如下操作
groupadd postgres
useradd -g postgres postgres
chown -R postgres /usr/local/pgsql
mkdir -p /data/postgres
chown -Rf postgres:postgres /data/postgres
chmod 700 /data/postgres
4.7、啓動patroni
在psql1節點執行
chown -Rf postgres:postgres /data/patroni/conf
- 創建service文件,修改其中的可執行目錄及配置文件
cat > /etc/systemd/system/patroni.service <<EOF
[Unit]
Description=Runners to orchestrate a high-availability PostgreSQL
After=network.target
[Service]
Type=simple
User=postgres
Group=postgres
ExecStart=/usr/bin/patroni /data/patroni/conf/postgres0.yml
KillMode=process
TimeoutSec=30
Restart=no
[Install]
WantedBy=multi-user.target
EOF
- 啓動patroni初始化數據庫
systemctl daemon-reload && systemctl start patroni && systemctl enable patroni
- 切換到postgres用戶查看patroni是否託管數據庫
su postgres
/usr/local/pgsql/bin/psql -h 127.0.0.1 -U admin postgres
在psql2節點執行
chown -Rf postgres:postgres /data/patroni/conf
- 創建service文件,修改其中的可執行目錄及配置文件
cat > /etc/systemd/system/patroni.service <<EOF
[Unit]
Description=Runners to orchestrate a high-availability PostgreSQL
After=network.target
[Service]
Type=simple
User=postgres
Group=postgres
ExecStart=/usr/bin/patroni /data/patroni/conf/postgres1.yml
KillMode=process
TimeoutSec=30
Restart=no
[Install]
WantedBy=multi-user.target
EOF
- 啓動patroni初始化數據庫
systemctl daemon-reload && systemctl start patroni && systemctl enable patroni
- 切換到postgres用戶查看patroni是否託管數據庫
su postgres
/usr/local/pgsql/bin/psql -h 127.0.0.1 -U admin postgres
在psql3節點執行
chown -Rf postgres:postgres /data/patroni/conf
- 創建service文件,修改其中的可執行目錄及配置文件
cat > /etc/systemd/system/patroni.service <<EOF
[Unit]
Description=Runners to orchestrate a high-availability PostgreSQL
After=network.target
[Service]
Type=simple
User=postgres
Group=postgres
ExecStart=/usr/bin/patroni /data/patroni/conf/postgres2.yml
KillMode=process
TimeoutSec=30
Restart=no
[Install]
WantedBy=multi-user.target
EOF
- 啓動patroni初始化數據庫
systemctl daemon-reload && systemctl start patroni && systemctl enable patroni
- 切換到postgres用戶查看patroni是否託管數據庫
su postgres
/usr/local/pgsql/bin/psql -h 127.0.0.1 -U admin postgres
4.8、查看集羣
- 任意節點查看即可
patronictl -c /data/patroni/conf/postgres0.yml list
- 如果需要切換master,運行如下命令即可
patronictl -c /data/patroni/conf/postgres0.yml switchover
5、HAProxy(HAProxy節點)
5.1、安裝haproxy
各節點配置相同
yum -y install haproxy
5.2、修改配置文件
- 備份原有配置文件
cp -r /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg_bak
- 修改配置文件,直接替換爲新的配置,修改其中的IP、端口、頁面用戶名密碼
cat > /etc/haproxy/haproxy.cfg <<EOF
#---------------------------------------------------------------------
# 全局定義
global
# log語法:log [max_level_1]
# 全局的日誌配置,使用log關鍵字,指定使用127.0.0.1上的syslog服務中的local0日誌設備,
# 記錄日誌等級爲info的日誌
# log 127.0.0.1 local0 info
log 127.0.0.1 local1 notice
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
# 定義每個haproxy進程的最大連接數 ,由於每個連接包括一個客戶端和一個服務器端,
# 所以單個進程的TCP會話最大數目將是該值的兩倍。
maxconn 4096
# 用戶,組
user haproxy
group haproxy
# 以守護進程的方式運行
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# 默認部分的定義
defaults
# mode語法:mode {http|tcp|health} 。http是七層模式,tcp是四層模式,health是健康檢測,返回OK
mode tcp
# 使用127.0.0.1上的syslog服務的local3設備記錄錯誤信息
log 127.0.0.1 local3 err
#if you set mode to http,then you nust change tcplog into httplog
option tcplog
# 啓用該項,日誌中將不會記錄空連接。所謂空連接就是在上游的負載均衡器或者監控系統爲了
#探測該服務是否存活可用時,需要定期的連接或者獲取某一固定的組件或頁面,或者探測掃描
#端口是否在監聽或開放等動作被稱爲空連接;官方文檔中標註,如果該服務上游沒有其他的負
#載均衡器的話,建議不要使用該參數,因爲互聯網上的惡意掃描或其他動作就不會被記錄下來
option dontlognull
# 定義連接後端服務器的失敗重連次數,連接失敗次數超過此值後將會將對應後端服務器標記爲不可用
retries 3
# 當使用了cookie時,haproxy將會將其請求的後端服務器的serverID插入到cookie中,以保證
#會話的SESSION持久性;而此時,如果後端的服務器宕掉了,但是客戶端的cookie是不會刷新的
#,如果設置此參數,將會將客戶的請求強制定向到另外一個後端server上,以保證服務的正常
option redispatch
#等待最大時長 When a server's maxconn is reached, connections are left pending in a queue which may be server-specific or global to the backend.
timeout queue 1m
# 設置成功連接到一臺服務器的最長等待時間,默認單位是毫秒
timeout connect 1m
# 客戶端非活動狀態的超時時長 The inactivity timeout applies when the client is expected to acknowledge or send data.
timeout client 15m
# Set the maximum inactivity time on the server side.The inactivity timeout applies when the server is expected to acknowledge or send data.
timeout server 15m
timeout check 30s
maxconn 5120
#---------------------------------------------------------------------
# 配置haproxy web監控,查看統計信息
listen status
bind 0.0.0.0:1080
mode http
log global
stats enable
# stats是haproxy的一個統計頁面的套接字,該參數設置統計頁面的刷新間隔爲30s
stats refresh 30s
stats uri /haproxy-stats
# 設置統計頁面認證時的提示內容
stats realm Private lands
# 設置統計頁面認證的用戶和密碼,如果要設置多個,另起一行寫入即可
stats auth admin:Gsld1234!
# 隱藏統計頁面上的haproxy版本信息
# stats hide-version
#---------------------------------------------------------------------
listen master
bind *:5000
mode tcp
option tcplog
balance roundrobin
option httpchk OPTIONS /master
http-check expect status 200
default-server inter 3s fall 3 rise 2 on-marked-down shutdown-sessions
server node1 10.10.0.1:5432 maxconn 1500 check port 8008 inter 5000 rise 2 fall 2
server node2 10.10.0.2:5432 maxconn 1500 check port 8008 inter 5000 rise 2 fall 2
server node3 10.10.0.3:5432 maxconn 1500 check port 8008 inter 5000 rise 2 fall 2
listen replicas
bind *:5001
mode tcp
option tcplog
balance roundrobin
option httpchk OPTIONS /replica
http-check expect status 200
default-server inter 3s fall 3 rise 2 on-marked-down shutdown-sessions
server node1 10.10.0.1:5432 maxconn 1500 check port 8008 inter 5000 rise 2 fall 2
server node2 10.10.0.2:5432 maxconn 1500 check port 8008 inter 5000 rise 2 fall 2
server node3 10.10.0.3:5432 maxconn 1500 check port 8008 inter 5000 rise 2 fall 2
EOF
5.3、啓動
systemctl start haproxy && systemctl enable haproxy && systemctl status haproxy
5.4、頁面訪問
瀏覽器訪問http://10.10.0.4:1080/haproxy-stats,輸入前面配置文件中設置的用戶名密碼即可進入,這裏是admin/Gsld1234!
- 頁面中我們可以看到當前的主節點及從節點
- 我們通過5000端口和5001端口分別來提供寫服務和讀服務,如果需要對數據庫寫入數,只需要對外提供10.10.0.4:5000即可,可以模擬主庫故障,即關閉其中的master節點來驗證是否會進行自動主從切換
6、Keepalived(Keepalived節點)
6.1、安裝依賴
yum -y install openssl-devel
6.2、獲取Keepalived
https://www.keepalived.org/download.html
6.3、安裝
tar -xvf keepalived-2.0.20.tar.gz && rm -rf keepalived-2.0.20.tar.gz && cd keepalived-2.0.20
./configure --prefix=/usr/local/keepalived
make && make install
6.4、版本查看
/usr/local/keepalived/sbin/keepalived -v
6.5、配置文件
- 配置文件參數詳解
https://www.cnblogs.com/arjenlee/p/9258188.html
- 創建配置文件目錄及配置文件
mkdir -p /etc/keepalived
自帶配置文件:/usr/local/keepalived/etc/keepalived/keepalived.conf,可作參考,這裏直接創建新的配置文件即可
- 主服務器,即haproxy1
vim /etc/keepalived/keepalived.conf
global_defs {
router_id haproxy1
}
vrrp_script haproxy_check {
script "/usr/local/keepalived/check.sh"
interval 2
weight -20
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 80
advert_int 1
track_script {
haproxy_check
}
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
10.10.0.8
}
}
- 從服務器,即haproxy2
vim /etc/keepalived/keepalived.conf
global_defs {
router_id haproxy2
}
vrrp_script haproxy_check {
script "/usr/local/keepalived/check.sh"
interval 2
weight:-20
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 70
advert_int 1
track_script {
haproxy_check
}
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
10.10.0.8
}
}
- vrrp_script:檢查腳本,檢查haproxy狀態,如果掛掉,VIP漂移
- script:腳本命令
- interval:檢查間隔
- weight:權重
- state:標記該節點是master還是backup
- interface:配置VIP綁定的網卡,這裏使用和外網通信的網卡
- virtual_router_id:取1-255之間的值,主備需要相同,這樣才能成爲一個組
- priority:權重,數值高的主機是master,所以主節點要比從節點大,這是影響主備的關鍵
- advert_int:主備之間通訊的間隔秒數,用於判斷主節點是否存活
- auth_type:進行安全認證的方式,PASS或者AH方式,推薦PASS
- auth_pass:PASS的密碼
- virtual_ipaddress:VIP地址,最多可以寫20個,keepalive啓動後會自動配置該VIP
6.6、檢測腳本
放置到配置文件所指定目錄並添加權限
vim /usr/local/keepalived/check.sh
#!/bin/bash
count=`ps aux | grep -v grep | grep haproxy | wc -l`
if [ $count -eq 0 ]; then
exit 1
else
exit 0
fi
chmod +x /usr/local/keepalived/check.sh
6.7、啓動
- 創建service文件
cat > /etc/systemd/system/keepalived.service <<EOF
[Unit]
Description=LVS and VRRP High Availability Monitor
After=syslog.target network-online.target
[Service]
Type=forking
KillMode=process
ExecStart=/usr/local/keepalived/sbin/keepalived
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable keepalived && systemctl start keepalived && systemctl status keepalived
6.8、主從查看
在主節點查看網絡信息,可以發現我們設置的VIP,當主節點、haproxy、keepalived任意一個掛掉時,VIP都會自動漂移到從節點實現高可用