概述
ranger最新版本2.0已经实现了基于客户端的HA方式,只需要在客户端配置多个URL即可,对于之前的版本如果是实现高可用可以采用Haproxy+KeepAlived的方式。另外由于RangerPlugin 每次并不是都是从服务端(rangerAdmin)拉去策略,会使用本地缓存进行权限验证所以在服务宕机后,也能正常进行鉴权,服务宕机后只会影响无法正常添加新的策略。
部署步骤
1.部署架构
按照架构我们这里需要部署两个Haproxy 两个Keepalived 两个rangerAdmin,其中 Haproxy与KeepAlived需要在相同的机器上部署
具体如下:
| 服务器 |部署角色 |
| ip1 |Haproxy+keepalived |
| ip2 |Haproxy+keepalived |
| ip3 | rangeradmin |
| ip3 | rangeradmin |
具体Haproxy 与Keepalived安装步骤这里不进行说明,只给出下配置文件:
keepAlived配置
global_defs {
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_haproxy {
script "/usr/local/haproxy/check_alive.sh" #检测haproxy状体,服务不正常时需要拉起服务或者kill掉当前keepalived
interval 5 # 检测间隔
weight -20 #BACKUP节点不配置
}
vrrp_instance VI_1 {
state MASTER|BACKUP #这里配置主备 主节点配置 MASTER 备份节点配置BACKUP
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.163.200 #对外提供的虚拟ip地址
}
track_script {
chk_haproxy #引用上述脚本
}
}
检测脚本内容
```powershell
#/bin/bash
# 检测服务进程,当无服务进程时尝试启动 如果启动不成功则kill掉当前的keepalived服务切花Vip
echo "check haproxy stats" >>/tmp/haproxy_check.log
A=`ps -C haproxy --no-header |wc -l`
if [ $A -eq 0 ];then
echo "`date` haproxy is dead">>/tmp/haproxy_check.log
service haproxy start
fi
sleep 5
if [ `ps -C haproxy --no-header|wc -l` -eq 0 ];then
echo "`date` haproxy cannot start, stop keepalived" >>/tmp/haproxy_check.log
service keepalived stop
fi
Haproxy配置
```css
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend http_front
#配置监听
bind *:6080
http-request set-header X-Forwarded-Proto http
stats uri /haproxy?stats
default_backend app
# acl url_static path_beg -i /static /images /javascript /stylesheets
# acl url_static path_end -i .jpg .gif .png .css .js
# use_backend static if url_static
# default_backend app
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
#backend static
#W balance roundrobin
# server static 127.0.0.1:4331 check
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
mode http
balance roundrobin
cookie LB insert
#如下配置后端服务代理地址
server server1 192.168.163.113:6081 maxconn 200 weight 10 cookie 1 check inter 5000 rise 3 fall 3
server server2 192.168.163.114:6081 maxconn 200 weight 10 cookie 2 check inter 5000 rise 3 fall 3