MariaDB keepalived haproxy mariadb cluster - norxiva/bunin GitHub Wiki
环境信息
三台虚拟机节点(192.168.100.171, 192.168.100.172, 192.168.100.173)
Debian jessie 8.5
MariaDB 10.1.14
Keepalived 1.2.13
HA-Proxy 1.5.8
MariaDB(Galera集群)搭建
参见“搭建MariaDB Galera Cluster(Debian 8)”
安装keepalived和haproxy
#apt安装
sudo apt-get install keepalived haproxy
#配置/etc/haproxy/haproxy.cfg
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
defaults
log global
mode tcp
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend http-in
bind *:3307
default_backend mariadb
backend mariadb
server server1 192.168.100.171:3306 maxconn 32
server server2 192.168.100.172:3306 maxconn 32
server server3 192.168.100.173:3306 maxconn 32
注意:mode要配置为tcp,其他节点的配置相同
#配置/etc/keepalived/keepalived.conf
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server smtp.163.com
stmp_connect_timeout 30
router_id debian171
}
vrrp_script chk_haproxy {
script "/etc/keepalived/chk_haproxy.sh"
interval 2
}
vrrp_instance VI_1 {
state BACKUP
nopreempt
interface eth0
virtual_router_id 51
priority 150
adver_int 1
authentication {
auth_type PASS
auth_pass saga
}
virtual_ipaddress {
192.168.100.170/24 dev eth0 scope global
}
track_script {
chk_haproxy
}
notify_backup "/etc/init.d/haproxy restart"
notify_fault "/etc/init.d/haproxy stop"
}
注意:其他节点的配置内容基本一样,但要除去nopreempt(不抢占)选项,并将priority分别调低为100和50,debian171作为MASTER,priority需要比SLAVE大至少50,此处state设置为BACKUP,但实际为MASTER,主要是避免多次抢占带来的资源浪费
#编写chk_haproxy脚本
#!/bin/bash
#
if [ $(ps -C haproxy --no-header | wc -l) -eq 0 ]; then
/etc/init.d/keepalived stop
fi
参考资料:
keepalived-the-definitive-guide.pdf
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html
/usr/share/doc/haproxy/configuration.txt.gz
keepalived.conf man document(man keepalived.conf)