先自我介绍一下,小编浙江大学毕业,去过华为、字节跳动等大厂,目前阿里P7
深知大多数程序员,想要提升技能,往往是自己摸索成长,但自己不成体系的自学效果低效又漫长,而且极易碰到天花板技术停滞不前!
因此收集整理了一份《2024年最新Linux运维全套学习资料》,初衷也很简单,就是希望能够帮助到想自学提升又不知道该从何学起的朋友。
既有适合小白学习的零基础资料,也有适合3年以上经验的小伙伴深入学习提升的进阶课程,涵盖了95%以上运维知识点,真正体系化!
由于文件比较多,这里只是将部分目录截图出来,全套包含大厂面经、学习笔记、源码讲义、实战项目、大纲路线、讲解视频,并且后续会持续更新
如果你需要这些资料,可以添加V获取:vip1024b (备注运维)
正文
注意账号/密码与脚本中的账号/密码对应,这里用的是脚本默认的账号/密码,否则需要修改clustercheck脚本
[root@controller01 ~]# vim /extend/shell/clustercheck
MYSQL_USERNAME="clustercheck"
MYSQL_PASSWORD="Zx\*\*\*\*\*"
MYSQL_HOST="localhost"
MYSQL_PORT="3306"
...
#添加执行权限并复制到/usr/bin/下
[root@controller01 ~]# chmod +x /extend/shell/clustercheck
[root@controller01 ~]# \cp /extend/shell/clustercheck /usr/bin/
3.2 创建心跳检测用户
在任意一个控制节点的数据库中创建clustercheck_user用户并赋权; 其他两台节点会自动同步
GRANT PROCESS ON *.* TO 'clustercheck'@'localhost' IDENTIFIED BY 'Zx\*\*\*\*\*';
flush privileges;
3.3 创建心跳检测文件
在全部控制节点新增心跳检测服务配置文件/etc/xinetd.d/mysqlchk,以controller01节点为例
[root@controller01 ~]# touch /etc/xinetd.d/galera-monitor
[root@controller01 ~]# cat >/etc/xinetd.d/galera-monitor <<EOF
# default:on
# description: galera-monitor
service galera-monitor
{
port = 9200
disable = no
socket_type = stream
protocol = tcp
wait = no
user = root
group = root
groups = yes
server = /usr/bin/clustercheck
type = UNLISTED
per_source = UNLIMITED
log_on_success =
log_on_failure = HOST
flags = REUSE
}
EOF
3.4 启动心跳检测服务
在全部控制 节点修改/etc/services,变更tcp9200端口用途,以controller01节点为例
[root@controller01 ~]# vim /etc/services
...
#wap-wsp 9200/tcp # WAP connectionless session service
galera-monitor 9200/tcp # galera-monitor
启动 xinetd 服务
#全部控制节点都需要启动
systemctl daemon-reload
systemctl enable xinetd
systemctl start xinetd
3.5 测试心跳检测脚本
在全部控制节点验证,以controller01节点为例
[root@controller01 ~]# /usr/bin/clustercheck
HTTP/1.1 200 OK
Content-Type: text/plain
Connection: close
Content-Length: 40
Percona XtraDB Cluster Node is synced.
4. 异常关机或异常断电后的修复
当突然停电,所有galera主机都非正常关机,来电后开机,会导致galera集群服务无法正常启动。以下为处理办法
第1步:开启galera集群的群主主机的mariadb服务。
第2步:开启galera集群的成员主机的mariadb服务。
异常处理:galera集群的群主主机和成员主机的mysql服务无法启动,如何处理?
#解决方法一:
第1步、删除garlera群主主机的/var/lib/mysql/grastate.dat状态文件
/bin/galera_new_cluster启动服务。启动正常。登录并查看wsrep状态。
第2步:删除galera成员主机中的/var/lib/mysql/grastate.dat状态文件
systemctl restart mariadb重启服务。启动正常。登录并查看wsrep状态。
#解决方法二:
第1步、修改garlera群主主机的/var/lib/mysql/grastate.dat状态文件中的0为1
/bin/galera_new_cluster启动服务。启动正常。登录并查看wsrep状态。
第2步:修改galera成员主机中的/var/lib/mysql/grastate.dat状态文件中的0为1
systemctl restart mariadb重启服务。启动正常。登录并查看wsrep状态。
六、RabbitMQ集群(控制节点)
https://www.rabbitmq.com/which-erlang.html
1. 下载相关软件包(所有节点)
以controller01节点为例,RabbbitMQ基与erlang开发,首先安装erlang,采用yum方式
[root@controller01 ~]# yum install erlang rabbitmq-server -y
[root@controller01 ~]# systemctl enable rabbitmq-server.service
2. 构建rabbitmq集群
2.1 任选1个控制节点首先启动rabbitmq服务
这里选择controller01节点
[root@controller01 ~]# systemctl start rabbitmq-server.service
[root@controller01 ~]# rabbitmqctl cluster\_status
2.2 分发.erlang.cookie到其他控制节点
scp /var/lib/rabbitmq/.erlang.cookie controller02:/var/lib/rabbitmq/
scp /var/lib/rabbitmq/.erlang.cookie controller03:/var/lib/rabbitmq/
2.3 修改controller02和03节点.erlang.cookie文件的用户/组
[root@controller02 ~]# chown rabbitmq:rabbitmq /var/lib/rabbitmq/.erlang.cookie
[root@controller03 ~]# chown rabbitmq:rabbitmq /var/lib/rabbitmq/.erlang.cookie
注意:修改全部控制节点.erlang.cookie文件的权限,默认为400权限,可用不修改
2.4 启动controller02和03节点的rabbitmq服务
[root@controller02 ~]# systemctl start rabbitmq-server
[root@controller03 ~]# systemctl start rabbitmq-server
2.5 构建集群,controller02和03节点以ram节点的形式加入集群
[root@controller02 ~]# rabbitmqctl stop\_app
[root@controller02 ~]# rabbitmqctl join\_cluster --ram rabbit@controller01
[root@controller02 ~]# rabbitmqctl start\_app
[root@controller03 ~]# rabbitmqctl stop\_app
[root@controller03 ~]# rabbitmqctl join\_cluster --ram rabbit@controller01
[root@controller03 ~]# rabbitmqctl start\_app
2.6 任意控制节点查看RabbitMQ集群状态
[root@controller01 ~]# rabbitmqctl cluster\_status
Basics
Cluster name: rabbit@controller01
Disk Nodes
rabbit@controller01
RAM Nodes
rabbit@controller02
rabbit@controller03
Running Nodes
rabbit@controller01
rabbit@controller02
rabbit@controller03
Versions
rabbit@controller01: RabbitMQ 3.8.3 on Erlang 22.3.4.1
rabbit@controller02: RabbitMQ 3.8.3 on Erlang 22.3.4.1
rabbit@controller03: RabbitMQ 3.8.3 on Erlang 22.3.4.1
.....
2.7 创建rabbitmq管理员账号
# 在任意节点新建账号并设置密码,以controller01节点为例
[root@controller01 ~]# rabbitmqctl add\_user openstack Zx\*\*\*\*\*
# 设置新建账号的状态
[root@controller01 ~]# rabbitmqctl set\_user\_tags openstack administrator
# 设置新建账号的权限
[root@controller01 ~]# rabbitmqctl set\_permissions -p "/" openstack ".\*" ".\*" ".\*"
# 查看账号
[root@controller01 ~]# rabbitmqctl list\_users
Listing users ...
user tags
openstack [administrator]
guest [administrator]
2.8 镜像队列的ha
设置镜像队列高可用
[root@controller01 ~]# rabbitmqctl set\_policy ha-all "^" '{"ha-mode":"all"}'
任意控制节点查看镜像队列策略
[root@controller01 ~]# rabbitmqctl list\_policies
Listing policies for vhost "/" ...
vhost name pattern apply-to definition priority
/ ha-all ^ all {"ha-mode":"all"} 0
2.9 安装web管理插件
在全部控制节点安装web管理插件,以controller01节点为例
[root@controller01 ~]# rabbitmq-plugins enable rabbitmq\_management
[16:02 root@db01 ~]# netstat -lntup|grep 5672
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 10461/beam.smp
tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN 10461/beam.smp
tcp6 0 0 :::5672 :::* LISTEN 10461/beam.smp
访问任意节点,如:http://10.15.253.163:15672
七、Memcached集群(控制节点)
- Memcached是一款开源、高性能、分布式内存对象缓存系统,可应用各种需要缓存的场景,其主要目的是通过降低对Database的访问来加速web应用程序。
- Memcached一般的使用场景是:通过缓存数据库查询的结果,减少数据库访问次数,以提高动态Web应用的速度、提高可扩展性。
- 本质上,memcached是一个基于内存的key-value存储,用于存储数据库调用、API调用或页面引用结果的直接数据,如字符串、对象等小块任意数据。
- Memcached是无状态的,各控制节点独立部署,openstack各服务模块统一调用多个控制节点的memcached服务即可
1 安装memcache的软件包
在全部控制节点安装;centos8系统更新为python3-memcached
yum install memcached python3-memcached -y
2 设置memcached
在全部安装memcached服务的节点设置服务监听本地地址
sed -i 's|127.0.0.1,::1|0.0.0.0|g' /etc/sysconfig/memcached
3 设置开机启动
systemctl enable memcached.service
systemctl start memcached.service
systemctl status memcached.service
[root@controller01 ~]# netstat -lntup|grep memcached
tcp 0 0 0.0.0.0:11211 0.0.0.0:* LISTEN 13982/memcached
八、配置Pacemaker高可用集群
https://docs.openstack.org/ha-guide/index.html
| 服务 | 作用 |
|---|---|
| pacemaker | 资源管理器(CRM),负责启动与停止服务,位于 HA 集群架构中资源管理、资源代理层 |
| corosync | 消息层组件(Messaging Layer),管理成员关系、消息与仲裁,为高可用环境中提供通讯服务,位于高可用集群架构的底层,为各节点(node)之间提供心跳信息 |
| resource-agents | 资源代理,在节点上接收CRM的调度,对某一资源进行管理的工具,管理工具通常为脚本 |
| pcs | 命令行工具集 |
| fence-agents | 在一个节点不稳定或无答复时将其关闭,使其不会损坏集群的其它资源,其主要作用是消除脑裂 |
Openstack官网使用开源的pacemaker cluster stack做为集群高可用资源管理软件。
1 安装相关软件
在全部控制节点安装相关服务;以controller01节点为例
[root@controller01 ~]# yum install pacemaker pcs corosync fence-agents resource-agents -y
2 构建集群
2.1 启动pcs服务
在全部控制节点执行,以controller01节点为例
[root@controller01 ~]# systemctl enable pcsd
[root@controller01 ~]# systemctl start pcsd
2.2 修改集群管理员hacluster(默认生成)密码
在全部控制节点执行,以controller01节点为例
[root@controller01 ~]# echo Zx\*\*\*\*\* | passwd --stdin hacluster
2.3 认证操作
认证配置在任意节点操作,以controller01节点为例;
节点认证,组建集群,需要采用上一步设置的password
[root@controller01 ~]# pcs host auth controller01 controller02 controller03 -u hacluster -p Zx\*\*\*\*\*
controller01: Authorized
controller03: Authorized
controller02: Authorized
#centos7的命令(仅作为记录)
pcs cluster auth controller01 controller02 controller03 -u hacluster -p Zx***** --force
2.4 创建并命名集群,
在任意节点操作;以controller01节点为例;
[root@controller01 ~]# pcs cluster setup openstack-cluster-01 --start controller01 controller02 controller03
No addresses specified for host 'controller01', using 'controller01'
No addresses specified for host 'controller02', using 'controller02'
No addresses specified for host 'controller03', using 'controller03'
Destroying cluster on hosts: 'controller01', 'controller02', 'controller03'...
controller02: Successfully destroyed cluster
controller03: Successfully destroyed cluster
controller01: Successfully destroyed cluster
Requesting remove 'pcsd settings' from 'controller01', 'controller02', 'controller03'
controller01: successful removal of the file 'pcsd settings'
controller02: successful removal of the file 'pcsd settings'
controller03: successful removal of the file 'pcsd settings'
Sending 'corosync authkey', 'pacemaker authkey' to 'controller01', 'controller02', 'controller03'
controller01: successful distribution of the file 'corosync authkey'
controller01: successful distribution of the file 'pacemaker authkey'
controller02: successful distribution of the file 'corosync authkey'
controller02: successful distribution of the file 'pacemaker authkey'
controller03: successful distribution of the file 'corosync authkey'
controller03: successful distribution of the file 'pacemaker authkey'
Sending 'corosync.conf' to 'controller01', 'controller02', 'controller03'
controller01: successful distribution of the file 'corosync.conf'
controller02: successful distribution of the file 'corosync.conf'
controller03: successful distribution of the file 'corosync.conf'
Cluster has been successfully set up.
Starting cluster on hosts: 'controller01', 'controller02', 'controller03'...
#centos7的命令(仅作为记录)
pcs cluster setup --force --name openstack-cluster-01 controller01 controller02 controller03
2.5 pcemaker集群启动
[root@controller01 ~]# pcs cluster start --all
controller03: Starting Cluster...
controller01: Starting Cluster...
controller02: Starting Cluster...
[root@controller01 ~]# pcs cluster enable --all
controller01: Cluster Enabled
controller02: Cluster Enabled
controller03: Cluster Enabled
2.6 查看pacemaker集群状态
查看集群状态,也可使用crm_mon -1命令;
[root@controller01 ~]# pcs cluster status
Cluster Status:
Cluster Summary:
* Stack: corosync
* Current DC: controller02 (version 2.0.3-5.el8_2.1-4b1f869f0f) - partition with quorum
* Last updated: Sat Aug 29 00:37:11 2020
* Last change: Sat Aug 29 00:31:57 2020 by hacluster via crmd on controller02
* 3 nodes configured
* 0 resource instances configured
Node List:
* Online: [ controller01 controller02 controller03 ]
PCSD Status:
controller01: Online
controller03: Online
controller02: Online
通过cibadmin --query --scope nodes可查看节点配置
[root@controller01 ~]# cibadmin --query --scope nodes
<nodes>
<node id="1" uname="controller01"/>
<node id="2" uname="controller02"/>
<node id="3" uname="controller03"/>
</nodes>
2.7 查看corosync状态
corosync表示一种底层状态等信息的同步方式
[root@controller01 ~]# pcs status corosync
Membership information
----------------------
Nodeid Votes Name
1 1 controller01 (local)
2 1 controller02
3 1 controller03
2.8 查看节点和资源
#查看节点
[root@controller01 ~]# corosync-cmapctl | grep members
runtime.members.1.config_version (u64) = 0
runtime.members.1.ip (str) = r(0) ip(10.15.253.163)
runtime.members.1.join_count (u32) = 1
runtime.members.1.status (str) = joined
runtime.members.2.config_version (u64) = 0
runtime.members.2.ip (str) = r(0) ip(10.15.253.195)
runtime.members.2.join_count (u32) = 1
runtime.members.2.status (str) = joined
runtime.members.3.config_version (u64) = 0
runtime.members.3.ip (str) = r(0) ip(10.15.253.227)
runtime.members.3.join_count (u32) = 1
runtime.members.3.status (str) = joined
#查看资源
[root@controller01 ~]# pcs resource
NO resources configured
2.9 通过web界面访问pacemaker
访问任意控制节点:https://10.15.253.163:2224
账号/密码(即构建集群时生成的密码):hacluster/Zx*****
2.10 设置高可用属性
在任意控制节点设置属性即可,以controller01节点为例;
- 设置合适的输入处理历史记录及策略引擎生成的错误与警告,在
trouble shooting故障排查时有用
[root@controller01 ~]# pcs property set pe-warn-series-max=1000 \
pe-input-series-max=1000 \
pe-error-series-max=1000
- pacemaker基于时间驱动的方式进行状态处理,
cluster-recheck-interval默认定义某些pacemaker操作发生的事件间隔为15min,建议设置为5min或3min
[root@controller01 ~]# pcs property set cluster-recheck-interval=5
- corosync默认启用
stonith,但stonith机制(通过ipmi或ssh关闭节点)并没有配置相应的stonith设备(通过crm_verify -L -V验证配置是否正确,没有输出即正确),此时pacemaker将拒绝启动任何资源;在生产环境可根据情况灵活调整,测试环境下可关闭
[root@controller01 ~]# pcs property set stonith-enabled=false
- 默认当有半数以上节点在线时,集群认为自己拥有法定人数,是“合法”的,满足公式:total_nodes < 2 * active_nodes;
- 以3个节点的集群计算,当故障2个节点时,集群状态不满足上述公式,此时集群即非法;当集群只有2个节点时,故障1个节点集群即非法,所谓的”双节点集群”就没有意义;
- 在实际生产环境中,做2节点集群,无法仲裁时,可选择忽略;做3节点集群,可根据对集群节点的高可用阀值灵活设置
[root@controller01 ~]# pcs property set no-quorum-policy=ignore
- v2的heartbeat为了支持多节点集群,提供了一种积分策略来控制各个资源在集群中各节点之间的切换策略;通过计算出各节点的的总分数,得分最高者将成为active状态来管理某个(或某组)资源;
- 默认每一个资源的初始分数(取全局参数default-resource-stickiness,通过"pcs property list --all"查看)是0,同时每一个资源在每次失败之后减掉的分数(取全局参数default-resource-failure-stickiness)也是0,此时一个资源不论失败多少次,heartbeat都只是执行restart操作,不会进行节点切换;
- 如果针对某一个资源设置初始分数”resource-stickiness“或"resource-failure-stickiness",则取单独设置的资源分数;
- 一般来说,resource-stickiness的值都是正数,resource-failure-stickiness的值都是负数;有一个特殊值是正无穷大(INFINITY)和负无穷大(-INFINITY),即"永远不切换"与"只要失败必须切换",是用来满足极端规则的简单配置项;
- 如果节点的分数为负,该节点在任何情况下都不会接管资源(冷备节点);如果某节点的分数大于当前运行该资源的节点的分数,heartbeat会做出切换动作,现在运行该资源的节点将释 放资源,分数高出的节点将接管该资源
- pcs property list 只可查看修改后的属性值,参数”–all”可查看含默认值的全部属性值;
- 也可查看/var/lib/pacemaker/cib/cib.xml文件,或”pcs cluster cib”,或“cibadmin --query --scope crm_config”查看属性设置,” cibadmin --query --scope resources”查看资源配置
[root@controller01 ~]# pcs property list
Cluster Properties:
cluster-infrastructure: corosync
cluster-name: openstack-cluster-01
cluster-recheck-interval: 5
dc-version: 2.0.3-5.el8_2.1-4b1f869f0f
have-watchdog: false
no-quorum-policy: ignore
pe-error-series-max: 1000
pe-input-series-max: 1000
pe-warn-series-max: 1000
stonith-enabled: false
3. 配置 vip
- 在任意控制节点设置vip(resource_id属性)即可,命名即为
vip; - ocf(standard属性):资源代理(resource agent)的一种,另有systemd,lsb,service等;
- heartbeat:资源脚本的提供者(provider属性),ocf规范允许多个供应商提供同一资源代理,大多数ocf规范提供的资源代理都使用heartbeat作为provider;
- IPaddr2:资源代理的名称(type属性),IPaddr2便是资源的type;
- cidr_netmask: 子网掩码位数
- 通过定义资源属性(standard:provider:type),定位
vip资源对应的ra脚本位置; - centos系统中,符合ocf规范的ra脚本位于
/usr/lib/ocf/resource.d/目录,目录下存放了全部的provider,每个provider目录下有多个type; - op:表示Operations(运作方式 监控间隔= 30s)
[root@controller01 ~]# pcs resource create vip ocf:heartbeat:IPaddr2 ip=10.15.253.88 cidr\_netmask=24 op monitor interval=30s
查看集群资源
通过
pcs resouce查询,vip资源在controller01节点;通过
ip a show可查看vip
[root@controller01 ~]# pcs resource
* vip (ocf::heartbeat:IPaddr2): Started controller01
[root@controller01 ~]# ip a show ens192
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:50:56:82:82:40 brd ff:ff:ff:ff:ff:ff
inet 10.15.253.163/12 brd 10.15.255.255 scope global noprefixroute ens192
valid_lft forever preferred_lft forever
inet 10.15.253.88/24 brd 10.15.255.255 scope global ens192
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fe82:8240/64 scope link
valid_lft forever preferred_lft forever
可选(根据业务需求是否区分来决定):
如果api区分管理员/内部/公共的接口,对客户端只开放公共接口,通常设置两个vip,如在命名时设置为:
vip_management 与 vip_public
建议是将vip_management与vip_public约束在1个节点上
[root@controller01 ~]# pcs constraint colocation add vip\_management with vip\_public
4. 高可用性管理
通过web访问任意控制节点:https://10.15.253.163:2224
账号/密码(即构建集群时生成的密码):hacluster/Zx*****
虽然以命令行的方式设置了集群,但web界面默认并不显示,手动添加集群,实际操作只需要添加已组建集群的任意节点即可,如下
九、部署Haproxy
https://docs.openstack.org/ha-guide/control-plane-stateless.html#load-balancer
1. 安装haproxy(控制节点)
在全部控制节点安装haproxy,以controller01节点为例;
[root@controller01 ~]# yum install haproxy -y
2. 配置haproxy.cfg
在全部控制节点配置,以controller01节点为例;
创建HAProxy记录日志文件并授权
建议开启haproxy的日志功能,便于后续的问题排查
[root@controller01 ~]# mkdir /var/log/haproxy
[root@controller01 ~]# chmod a+w /var/log/haproxy
在rsyslog文件下修改以下字段
#取消注释并添加
[root@controller01 ~]# vim /etc/rsyslog.conf
19 module(load="imudp") # needs to be done just once
20 input(type="imudp" port="514")
24 module(load="imtcp") # needs to be done just once
25 input(type="imtcp" port="514")
#在文件最后添加haproxy配置日志
local0.=info -/var/log/haproxy/haproxy-info.log
local0.=err -/var/log/haproxy/haproxy-err.log
local0.notice;local0.!=err -/var/log/haproxy/haproxy-notice.log
#重启rsyslog
[root@controller01 ~]# systemctl restart rsyslog
集群的haproxy文件,涉及服务较多,这里针对涉及到的openstack服务,一次性设置完成:
使用vip 10.15.253.88
[root@controller01 ~]# cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.bak
[root@controller01 ~]# cat /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local0
chroot /var/lib/haproxy
daemon
group haproxy
user haproxy
maxconn 4000
pidfile /var/run/haproxy.pid
stats socket /var/lib/haproxy/stats
defaults
mode http
log global
maxconn 4000 #最大连接数
option httplog
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout check 10s
# haproxy监控页
listen stats
bind 0.0.0.0:1080
mode http
stats enable
stats uri /
stats realm OpenStack\ Haproxy
stats auth admin:admin
stats refresh 30s
stats show-node
stats show-legends
stats hide-version
# horizon服务
listen dashboard_cluster
bind 10.15.253.88:80
balance source
option tcpka
option httpchk
option tcplog
server controller01 10.15.253.88:80 check inter 2000 rise 2 fall 5
server controller02 10.15.253.88:80 check inter 2000 rise 2 fall 5
server controller03 10.15.253.88:80 check inter 2000 rise 2 fall 5
# mariadb服务;
#设置controller01节点为master,controller02/03节点为backup,一主多备的架构可规避数据不一致性;
#另外官方示例为检测9200(心跳)端口,测试在mariadb服务宕机的情况下,虽然”/usr/bin/clustercheck”脚本已探测不到服务,但受xinetd控制的9200端口依然正常,导致haproxy始终将请求转发到mariadb服务宕机的节点,暂时修改为监听3306端口
listen galera_cluster
bind 10.15.253.88:3306
balance source
mode tcp
server controller01 10.15.253.163:3306 check inter 2000 rise 2 fall 5
server controller02 10.15.253.195:3306 backup check inter 2000 rise 2 fall 5
server controller03 10.15.253.227:3306 backup check inter 2000 rise 2 fall 5
#为rabbirmq提供ha集群访问端口,供openstack各服务访问;
#如果openstack各服务直接连接rabbitmq集群,这里可不设置rabbitmq的负载均衡
listen rabbitmq_cluster
bind 10.15.253.88:5673
mode tcp
option tcpka
balance roundrobin
timeout client 3h
timeout server 3h
option clitcpka
server controller01 10.15.253.163:5672 check inter 10s rise 2 fall 5
server controller02 10.15.253.195:5672 check inter 10s rise 2 fall 5
server controller03 10.15.253.227:5672 check inter 10s rise 2 fall 5
# glance_api服务
listen glance_api_cluster
bind 10.15.253.88:9292
balance source
option tcpka
option httpchk
option tcplog
server controller01 10.15.253.163:9292 check inter 2000 rise 2 fall 5
server controller02 10.15.253.195:9292 check inter 2000 rise 2 fall 5
server controller03 10.15.253.227:9292 check inter 2000 rise 2 fall 5
# keystone_public _api服务
listen keystone_public_cluster
bind 10.15.253.88:5000
balance source
option tcpka
option httpchk
option tcplog
server controller01 10.15.253.163:5000 check inter 2000 rise 2 fall 5
server controller02 10.15.253.195:5000 check inter 2000 rise 2 fall 5
server controller03 10.15.253.227:5000 check inter 2000 rise 2 fall 5
listen nova_compute_api_cluster
bind 10.15.253.88:8774
balance source
option tcpka
option httpchk
option tcplog
server controller01 10.15.253.163:8774 check inter 2000 rise 2 fall 5
server controller02 10.15.253.195:8774 check inter 2000 rise 2 fall 5
server controller03 10.15.253.227:8774 check inter 2000 rise 2 fall 5
listen nova_placement_cluster
bind 10.15.253.88:8778
balance source
option tcpka
option tcplog
server controller01 10.15.253.163:8778 check inter 2000 rise 2 fall 5
server controller02 10.15.253.195:8778 check inter 2000 rise 2 fall 5
server controller03 10.15.253.227:8778 check inter 2000 rise 2 fall 5
listen nova_metadata_api_cluster
bind 10.15.253.88:8775
balance source
option tcpka
option tcplog
server controller01 10.15.253.163:8775 check inter 2000 rise 2 fall 5
server controller02 10.15.253.195:8775 check inter 2000 rise 2 fall 5
server controller03 10.15.253.227:8775 check inter 2000 rise 2 fall 5
listen nova_vncproxy_cluster
bind 10.15.253.88:6080
balance source
option tcpka
option tcplog
server controller01 10.15.253.163:6080 check inter 2000 rise 2 fall 5
server controller02 10.15.253.195:6080 check inter 2000 rise 2 fall 5
server controller03 10.15.253.227:6080 check inter 2000 rise 2 fall 5
listen neutron_api_cluster
bind 10.15.253.88:9696
balance source
option tcpka
option httpchk
option tcplog
server controller01 10.15.253.163:9696 check inter 2000 rise 2 fall 5
server controller02 10.15.253.195:9696 check inter 2000 rise 2 fall 5
server controller03 10.15.253.227:9696 check inter 2000 rise 2 fall 5
listen cinder_api_cluster
bind 10.15.253.88:8776
balance source
option tcpka
option httpchk
option tcplog
server controller01 10.15.253.163:8776 check inter 2000 rise 2 fall 5
server controller02 10.15.253.195:8776 check inter 2000 rise 2 fall 5
server controller03 10.15.253.227:8776 check inter 2000 rise 2 fall 5
将配置文件拷贝到其他节点中:
scp /etc/haproxy/haproxy.cfg controller02:/etc/haproxy/haproxy.cfg
scp /etc/haproxy/haproxy.cfg controller03:/etc/haproxy/haproxy.cfg
3. 配置内核参数
在基础环境准备中已经配置,这里再做一次记录,以controller01节点为例;
- net.ipv4.ip_nonlocal_bind:是否允许no-local ip绑定,关系到haproxy实例与vip能否绑定并切换
- net.ipv4.ip_forward:是否允许转发
echo 'net.ipv4.ip\_nonlocal\_bind = 1' >>/etc/sysctl.conf
echo "net.ipv4.ip\_forward = 1" >>/etc/sysctl.conf
sysctl -p
4. 启动服务
开机启动是否设置可自行选择,利用pacemaker设置haproxy相关资源后,pacemaker可控制各节点haproxy服务是否启动
systemctl enable haproxy
systemctl restart haproxy
systemctl status haproxy
5. 访问网站
访问:http://10.15.253.88:1080 用户名/密码:admin/admin
6. 设置pcs资源
6.1 添加资源 lb-haproxy-clone
任意控制节点操作即可,以controller01节点为例;
[root@controller01 ~]# pcs resource create lb-haproxy systemd:haproxy clone
[root@controller01 ~]# pcs resource
* vip (ocf::heartbeat:IPaddr2): Started controller01
* Clone Set: lb-haproxy-clone [lb-haproxy]:
* Started: [ controller01 ]
6.2 设置资源启动顺序,先vip再lb-haproxy-clone;
通过cibadmin --query --scope constraints可查看资源约束配置
[root@controller01 ~]# pcs constraint order start vip then lb-haproxy-clone kind=Optional
Adding vip lb-haproxy-clone (kind: Optional) (Options: first-action=start then-action=start)
6.3 将两种资源约束在1个节点
官方建议设置vip运行在haproxy active的节点,通过绑定lb-haproxy-clone与vip服务,所以将两种资源约束在1个节点;约束后,从资源角度看,其余暂时没有获得vip的节点的haproxy会被pcs关闭
[root@controller01 ~]# pcs constraint colocation add lb-haproxy-clone with vip
[root@controller01 ~]# pcs resource
* vip (ocf::heartbeat:IPaddr2): Started controller01
* Clone Set: lb-haproxy-clone [lb-haproxy]:
* Started: [ controller01 ]
* Stopped: [ controller02 controller03 ]
**网上学习资料一大堆,但如果学到的知识不成体系,遇到问题时只是浅尝辄止,不再深入研究,那么很难做到真正的技术提升。**
**需要这份系统化的资料的朋友,可以添加V获取:vip1024b (备注运维)**
**一个人可以走的很快,但一群人才能走的更远!不论你是正从事IT行业的老鸟或是对IT行业感兴趣的新人,都欢迎加入我们的的圈子(技术交流、学习资源、职场吐槽、大厂内推、面试辅导),让我们一起学习成长!**
troller01 ~]# pcs resource
* vip (ocf::heartbeat:IPaddr2): Started controller01
* Clone Set: lb-haproxy-clone [lb-haproxy]:
* Started: [ controller01 ]
6.2 设置资源启动顺序,先vip再lb-haproxy-clone;
通过cibadmin --query --scope constraints可查看资源约束配置
[root@controller01 ~]# pcs constraint order start vip then lb-haproxy-clone kind=Optional
Adding vip lb-haproxy-clone (kind: Optional) (Options: first-action=start then-action=start)
6.3 将两种资源约束在1个节点
官方建议设置vip运行在haproxy active的节点,通过绑定lb-haproxy-clone与vip服务,所以将两种资源约束在1个节点;约束后,从资源角度看,其余暂时没有获得vip的节点的haproxy会被pcs关闭
[root@controller01 ~]# pcs constraint colocation add lb-haproxy-clone with vip
[root@controller01 ~]# pcs resource
* vip (ocf::heartbeat:IPaddr2): Started controller01
* Clone Set: lb-haproxy-clone [lb-haproxy]:
* Started: [ controller01 ]
* Stopped: [ controller02 controller03 ]
**网上学习资料一大堆,但如果学到的知识不成体系,遇到问题时只是浅尝辄止,不再深入研究,那么很难做到真正的技术提升。**
**需要这份系统化的资料的朋友,可以添加V获取:vip1024b (备注运维)**
[外链图片转存中...(img-WL6wLLX8-1713441435862)]
**一个人可以走的很快,但一群人才能走的更远!不论你是正从事IT行业的老鸟或是对IT行业感兴趣的新人,都欢迎加入我们的的圈子(技术交流、学习资源、职场吐槽、大厂内推、面试辅导),让我们一起学习成长!**
扫一扫
5702
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
