具有故障转移功能的 Softlayer HAProxy

Question

我在 Softlayer 上有 2 个虚拟服务器，都运行 HAProxy。我正在尝试使用 keepalived 设置故障转移。每个服务器都有一个私有IP和一个公共IP，它们在同一个VLAN上。我已经为 keepalived 尝试了许多不同的设置，但是在 master 上停止 HAProxy，它不会故障转移到 BACKUP。

我读到不支持多播，因此我已将设置更改为单播。现在，备份/主服务器上的设置基本上是这样的：

vrrp_script chk_haproxy {
  script "pidof haproxy"
  interval 2
}

vrrp_instance VI_1 {
  debug 2
  interface eth1
  state MASTER
  virtual_router_id 51
  priority 101
  unicast_src_ip 1.2.3.4        # My IP
  unicast_peer {
    5.6.7.8                   # peer IP
  }
  track_script {
    chk_haproxy
  }
}

其中 MYIP 是 conf 文件所在服务器的公共 IP 地址，PEERIP 是对等方的公共 IP 地址。它仍然不起作用。在 master 上停止 HAProxy，它不会故障转移到备份。

我想知道是否有人在 Softlayer 上设置了带故障转移的 HAProxy，他们是如何实现的？

Answer 1

我设法进行了设置，这是我的操作方法：

1. 我使用 SoftLayer 的控制面板创建了一个全局 IP 地址。

2. 我在两个 HAProxy 虚拟服务器上都有 Debian 7。我将全局 IP 地址添加到两台服务器上的 eth1 接口。

3. 这是两台服务器上使用的 HAProxy 设置：

   global
     log 127.0.0.1 local0
     log 127.0.0.1 local1 notice
     maxconn 4096
     user haproxy
     group haproxy
   
   defaults
     log global  
     mode http    
     option httplog 
     option dontlognull
     retries 3
     maxconn 2000
     option redispatch
     timeout connect 5000
     timeout client 50000
     timeout server 50000
     stats uri / haproxy
   
   listen webfarm 0.0.0.0:80
     mode http
     stats enable
     stats uri /haproxy?stats
     stats realm Haproxy\ Statistics
     stats auth haproxy:stats
     balance roundrobin
     cookie LBN insert indirect nocache
     option httpclose
     option forwardfor
     server app1-west <public_ip>:8080 cookie node1 check
     server app2-west <public_ip>:8080 cookie node2 check 
   

4. 这是 MASTER 服务器上的 Keepalived 设置：

   global_defs {
       notification_email {
           admin@mydomain.com
       }
       notification_email_from me@me.com
       smtp_server 127.0.0.1
       smtp_connect_timeout 30
       router_id LB_MASTER_ACTIVE
   }
   
   # Define the script used to check if haproxy is still working
   vrrp_script chk_haproxy {
       script "killall -0 haproxy"   # verify the pid existance
       interval 2                    # check every 2 seconds
       weight 2                      # add 2 points of prio if OK
   }
   
   # Virtual interface.
   vrrp_instance VI_1 {
       state MASTER
       interface eth1
       virtual_router_id 51
       priority 101
       smtp_alert 
   
       authentication {
           auth_type PASS
           auth_pass 1111 #replace with random string
       }
   
       vrrp_unicast_bind <my_private_ip>
       vrrp_unicast_peer <peers_private_ip>
   
       # Check if HAProxy is running or not.
       track_script {
           chk_haproxy
       }
       notify_master /usr/bin/reroute_global
   }
   

5. 这是 BACKUP 服务器上的 Keepalived 设置：

   global_defs {
       notification_email {
           admin@mydomain.com
       }
       notification_email_from me@me.com
       smtp_server 127.0.0.1
       smtp_connect_timeout 30
       router_id LB_BACKUP_PASSIVE
   }
   
   # Define the script used to check if haproxy is still working
   vrrp_script chk_haproxy {
       script "killall -0 haproxy"   # verify the pid existance
       interval 2                    # check every 2 seconds
       weight 2                      # add 2 points of prio if OK
   }
   
   # Virtual interface.
   vrrp_instance VI_1 {
       state BACKUP
       interface eth1
       virtual_router_id 51
       priority 100
       smtp_alert 
       advert_int 1
   
       authentication {
           auth_type PASS
           auth_pass 1111 #replace with random string
       }
   
       vrrp_unicast_bind <my_private_ip>
       vrrp_unicast_peer <peers_private_ip>
   
       # Check if HAProxy is running or not.
       track_script {
           chk_haproxy
       }
       notify_master /usr/bin/reroute_global
   }
   

6. 如上所述，我正在运行 Debian 7。从 keepalived 设置中可以看出，我有一个 notify_master 脚本。这是运行脚本所需的一切：

   apt-get install cpanminus libssl-dev build-essential libxml2-dev libexpat1-dev
   cpanm SOAP::Lite XML::Hash::LX IO::Interface
   git clone https://github.com/softlayer/softlayer-api-perl-client.git
   mv softlayer-api-perl-client/SoftLayer /usr/share/perl5
   

7. 现在所有依赖项都已就位，脚本应该可以工作了。这是我保存为的脚本/usr/bin/reroute_global：

   #!/usr/bin/env perl
   use strict;
   use warnings;
   
   use SoftLayer::API::SOAP;
   use IO::Interface::Simple;
   
   # SoftLayer API Information
   my $api_user = 'YOUR_API_USERNAME';
   my $api_key  = 'YOUR_API_KEY';
   
   # Get the IP address associated with eth1
   my $if   = IO::Interface::Simple->new('eth1');
   
   # Create client object to SoftLayer_Account
   my $client = SoftLayer::API::SOAP->new('SoftLayer_Account', undef, $api_user, $api_key);
   
   # Get global IP address ID of first global IP address.
   my $global_ip_id = $client->getGlobalIpRecords()->result->[0]->{id};
   
   # Create client object to SoftLayer_Network_Subnet_IpAddress_Global
   $client = SoftLayer::API::SOAP->new('SoftLayer_Network_Subnet_IpAddress_Global', $global_ip_id, $api_user, $api_key);
   
   # Reroute global IP address to this systems public IP
   $client->route($if->address);
   

您需要更改 API_USERNAME/KEY 以匹配您的 API 凭据。该脚本从您的 SoftLayer 全局 IP 地址中获取第一个全局 IP，然后将全局 IP 重新路由到系统。在故障转移的情况下，BACKUP 变为 MASTER 并运行脚本，该脚本将全局 IP 地址路由到自身。

测试

1. curl http://<global_IP>
2. 在主服务器上， service haproxy stop

3. 备份时：tail -f /var/log/syslog. 您应该会看到如下内容：

   Feb 12 01:11:55 proxy2-west Keepalived_vrrp[11816]: VRRP_Script(chk_haproxy) succeeded
   Feb 12 01:11:55 proxy2-west Keepalived_vrrp[11816]: SMTP alert successfully sent.
   Feb 12 01:12:29 proxy2-west Keepalived_vrrp[11816]: VRRP_Instance(VI_1) forcing a new MASTER election
   Feb 12 01:12:29 proxy2-west Keepalived_vrrp[11816]: VRRP_Instance(VI_1) forcing a new MASTER election
   Feb 12 01:12:30 proxy2-west Keepalived_vrrp[11816]: VRRP_Instance(VI_1) Transition to MASTER STATE
   Feb 12 01:12:31 proxy2-west Keepalived_vrrp[11816]: VRRP_Instance(VI_1) Entering MASTER STATE
   Feb 12 01:12:31 proxy2-west Keepalived_vrrp[11816]: Opening script file /usr/bin/reroute_global
   

4. curl http://<global_IP> （如果故障转移工作它应该工作）