我有一个标准的 2 节点 HAproxy 负载平衡器设置,其中安装了 pacemaker 1.1(使用 pcs)和 haproxy 1.5。我有 2 个浮动 IP 地址,其中 haproxy 服务作为 haproxy-clone 资源具有约束。我需要在 hparoxy-clone 服务上添加一个具有相同约束的新浮动 IP。我的第一个问题是,当我创建浮动 IP 资源时,它会在没有其他 IP 地址的节点上启动。然后我运行pcs constraint colocation add haproxy-clone with floatIP_189(floatIP_189 是我的新地址)。这不会将 IP 地址移动到另一个节点,并且 haproxy-clone 资源会停止。我可以通过重新启动两个节点上的 pacemaker 服务来重新启动 haproxy 服务。
如何在不丢失流量或不破坏负载均衡器上其他站点的情况下向 Pacemaker 添加新的浮动 IP?
下面是haproxy.cfg文件、pcs status命令的输出和pcs config命令的输出;
[root@t-haproxylb3 haproxy]# cat haproxy.cfg
peers QAHAproxypeers
peer t-haproxylb3 10.x.x.185:1024
peer t-haproxylb4 10.x.x.186:1024
global
log 127.0.0.1 local0
# log /dev/log local0
# log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /var/lib/haproxy/stats
stats timeout 30s
tune.ssl.default-dh-param 2048
user haproxy
group haproxy
daemon
defaults
log global
mode http
option httplog
option dontlognull
option redispatch
option forwardfor
option http-server-close
maxconn 5000
timeout connect 5s
timeout client 5h
timeout server 5h
timeout queue 30s
timeout http-request 5s
timeout http-keep-alive 15s
listen stats *:1936
mode http
stats enable
stats hide-version
stats realm Haproxy\ Statistics
stats uri /haproxy_stats
stats auth admin:password
stats admin if TRUE
frontend http_in
bind *:80
###Add new acl and use_backend entry for each new site
###new backend sections will be needed as well
acl is_clients hdr(host) -i clients.qa.racingcars.com
acl is_apps hdr(host) -i apps.qa.racingcars.com
acl is_dad hdr(host) -i dad.qa.racingcars.com
acl is_scripting hdr(host) -i scripting.qa.racingcars.com
acl is_racingcarsnet hdr_end(host) -i racingcars.net
use_backend http_client if is_clients
use_backend http_apps if is_apps
use_backend http_dad if is_dad
use_backend http_scripting if is_scripting
use_backend http_racingcarsnet if is_racingcarsnet
option forwardfor
option http-server-close
frontend https_in_ssl_apps
bind 10.x.x.187:443 ssl crt /etc/ssl/private/apps.racingcars.com.pem
mode http
use_backend https_ssl_apps
option forwardfor
option http-server-close
frontend https_in_ssl_clients
bind 10.x.x.188:443 ssl crt /etc/ssl/private/clients.racingcars.com.pem
mode http
use_backend https_ssl_clients
option forwardfor
option http-server-close
frontend https_in_ssl_scripting
bind 10.x.x.189:443 ssl crt /etc/ssl/private/clients.racingcars.com.pem
mode http
use_backend https_ssl_scripting
option forwardfor
option http-server-close
frontend https_in_ssl
mode http
# bind *:443 ssl crt /etc/ssl/private/ no-sslv3
bind *:443 ssl crt /etc/ssl/private/
reqadd X-Forwarded-Proto:\ https
####### commented out below to enable https pass-through for apps
# use_backend http_clients if { ssl_fc_sni clients.racingcars.com }
# use_backend http_apps if { ssl_fc_sni apps.racingcars.com }
acl is_ssl_racingcarsnet hdr_end(host) -i racingcars.net
use_backend http_racingcarsnet if is_ssl_racingcarsnet
backend http_clients
balance source
cookie SRV_ID prefix
stick-table type ip size 1m expire 6h peers QAHAproxypeers
stick on src
###This site does not use host header - only the page name is needed###
# option httpchk HEAD /Default.aspx
###Added host header so haproxy can route around NLB - use below for checking###
option httpchk HEAD /Default.aspx HTTP/1.1\r\nHost:\ clients.qa.racingcars.com
server websvr03 10.x.x.183:80 cookie web3 weight 5 check
# server websvr04 10.x.x.118:80 cookie web4 weight 5 check
backend https_ssl_clients
balance source
cookie SRV_ID prefix
stick-table type ip size 1m expire 6h peers QAHAproxypeers
stick on src
option httpchk HEAD /Default.aspx HTTP/1.1\r\nHost:\ clients.qa.racingcars.com
server websvr03 10.x.x.183:443 cookie web3 weight 5 check ssl verify none
# server websvr04 10.x.x.118:443 cookie web4 weight 5 check ssl verify none
backend http_apps
balance roundrobin
stick-table type ip size 1m expire 6h peers QAHAproxypeers
stick on src
###This site uses host headers so this type of check is required###
option httpchk HEAD /default.htm HTTP/1.1\r\nHost:\ apps.qa.racingcars.com
server websvr03 10.x.x.182:80 cookie web3 weight 5 check
# server websvr04 10.x.x.116:80 cookie web4 weight 5 check
backend https_ssl_apps
balance roundrobin
stick-table type ip size 1m expire 6h peers QAHAproxypeers
stick on src
###This site uses host headers so this type of check is required###
option httpchk HEAD /default.htm HTTP/1.1\r\nHost:\ apps.qa.racingcars.com
server websvr03 10.x.x.182:443 cookie web3 weight 5 check ssl verify none
# server websvr04 10.x.x.116:443 cookie web4 weight 5 check ssl verify none
backend http_dad
balance roundrobin
cookie SRV_ID prefix
stick-table type ip size 1m expire 6h peers QAHAproxypeers
stick on src
###This site does not use host header - only the page name is needed###
option httpchk HEAD /login.aspx HTTP/1.1\r\nHost:\ dad.qa.racingcars.com
server websvr03 10.x.x.182:80 cookie web3 weight 5 check
# server websvr04 10.x.x.116:80 cookie web4 weight 5 check
backend http_scripting
balance roundrobin
cookie SRV_ID prefix
stick-table type ip size 1m expire 6h peers QAHAproxypeers
stick on src
###This site uses host header so this type of check is required###
option httpchk HEAD /default.aspx HTTP/1.1\r\nHost:\ scripting.qa.racingcars.com
server websvr03 10.x.x.184:80 cookie web3 weight 5 check
# server websvr04 10.x.x.116:80 cookie web4 weight 5 check
backend https_ssl_scripting
balance source
cookie SRV_ID prefix
stick-table type ip size 1m expire 6h peers QAHAproxypeers
stick on src
option httpchk HEAD /Default.aspx HTTP/1.1\r\nHost:\ scripting.qa.racingcars.com
server websvr03 10.x.x.184:443 cookie web3 weight 5 check ssl verify none
# server websvr04 10.x.x.118:443 cookie web4 weight 5 check ssl verify none
backend http_racingcarsnet
balance roundrobin
cookie SRV_ID prefix
stick-table type ip size 1m expire 6h peers QAHAproxypeers
stick on src
###This site uses host header so this type of check is required###
option httpchk HEAD /default.aspx HTTP/1.1\r\nHost:\ test.racingcars.net
# server websvr03 10.x.x.115:80 cookie web3 weight 5 check
# server websvr04 10.x.x.117:80 cookie web4 weight 5 check
[root@t-haproxylb3 haproxy]# pcs status
Cluster name: testcluster2
Stack: corosync
Current DC: t-haproxylb3 (version 1.1.15-11.el7_3.2-e174ec8) - partition with quorum
Last updated: Tue Dec 20 16:55:37 2016 Last change: Tue Dec 20 14:15:59 2016 by root via cibadmin on t-haproxylb3
2 nodes and 5 resources configured
Online: [ t-haproxylb3 t-haproxylb4 ]
Full list of resources:
Clone Set: haproxy-clone [haproxy]
Started: [ t-haproxylb3 ]
Stopped: [ t-haproxylb4 ]
floatIP_187 (ocf::heartbeat:IPaddr2): Started t-haproxylb3
floatIP_188 (ocf::heartbeat:IPaddr2): Started t-haproxylb3
floatIP_189 (ocf::heartbeat:IPaddr2): Started t-haproxylb3
Daemon Status:
corosync: active/enabled
pacemaker: active/enabled
pcsd: active/enabled
[root@t-haproxylb3 haproxy]# pcs config
Cluster Name: testcluster2
Corosync Nodes:
t-haproxylb3 t-haproxylb4
Pacemaker Nodes:
t-haproxylb3 t-haproxylb4
Resources:
Clone: haproxy-clone
Resource: haproxy (class=systemd type=haproxy)
Operations: monitor interval=10s (haproxy-monitor-interval-10s)
Resource: floatIP_187 (class=ocf provider=heartbeat type=IPaddr2)
Attributes: ip=10.x.x.187 cidr_netmask=32
Operations: start interval=0s timeout=20s (floatIP_187-start-interval-0s)
stop interval=0s timeout=20s (floatIP_187-stop-interval-0s)
monitor interval=30s (floatIP_187-monitor-interval-30s)
Resource: floatIP_188 (class=ocf provider=heartbeat type=IPaddr2)
Attributes: ip=10.x.x.188 cidr_netmask=32
Operations: start interval=0s timeout=20s (floatIP_188-start-interval-0s)
stop interval=0s timeout=20s (floatIP_188-stop-interval-0s)
monitor interval=30s (floatIP_188-monitor-interval-30s)
Resource: floatIP_189 (class=ocf provider=heartbeat type=IPaddr2)
Attributes: ip=10.x.x.189 cidr_netmask=32
Operations: start interval=0s timeout=20s (floatIP_189-start-interval-0s)
stop interval=0s timeout=20s (floatIP_189-stop-interval-0s)
monitor interval=30s (floatIP_189-monitor-interval-30s)
Stonith Devices:
Fencing Levels:
Location Constraints:
Ordering Constraints:
Colocation Constraints:
haproxy-clone with floatIP_187 (score:INFINITY) (id:colocation-haproxy-clone-f loatIP_187-INFINITY)
haproxy-clone with floatIP_188 (score:INFINITY) (id:colocation-haproxy-clone-f loatIP_188-INFINITY)
haproxy-clone with floatIP_189 (score:INFINITY) (id:colocation-haproxy-clone-f loatIP_189-INFINITY)
Ticket Constraints:
Alerts:
No alerts defined
Resources Defaults:
resource-stickiness: 100
Operations Defaults:
No defaults set
Cluster Properties:
cluster-infrastructure: corosync
cluster-name: testcluster2
dc-version: 1.1.15-11.el7_3.2-e174ec8
have-watchdog: false
stonith-enabled: false
Quorum:
Options:
答案1
您应该处理 cib(pacemaker 配置)的离线副本,然后仅在准备就绪时将其推送到集群中。这应该是您想要做的事情:
将配置从集群中拉出到 xml 文件中:
# pcs cluster cib cib_virtip.xml
然后将您的虚拟 IP 资源添加到文件中:
# pcs -f cib_virtip.xml resource create floatIP_190 ocf:heartbeat:IPaddr2 \
ip=10.x.x.190 cidr_netmask=32 \
op monitor interval=20s timeout=20s \
start interval=0s timeout=20s \
stop interval=0s timeout=20s
将约束添加到文件:
# pcs -f cib_virtip.xml constraint colocation add haproxy-clone with floatIP_190
# pcs -f cib_virtip.xml constraint order floatIP_190 then haproxy-clone
注意:您需要为所有这些添加排序约束,对吗?
如果您在推送新的 CIB(下一步)之前手动将 IP 地址添加到相应的接口,Pacemaker 应该探测系统以确定事物的位置,并且在启动新的 VIP 之前不需要采取任何操作(不会停止 haproxy)。
确认你没有犯错,然后将其推送到集群中:
# pcs cluster verify cib_virtip.xml
# pcs cluster cib-push cib_virtip.xml
我不确定如何将 ha-proxy 绑定到地址;也许有“重新加载”或“调整”类型的命令。希望对您有所帮助。