Nacos+HA高可用VIP集群

Edited on In ,

前言

Nacos支持三种部署模式:

  • 单机模式 - 用于测试和单机试用。
  • 集群模式 - 用于生产环境,确保高可用。
  • 多集群模式 - 用于多数据中心场景。

强烈推荐文档](https://nacos.io/zh-cn/docs/quick-start.html):很详细了。但是集群只描述了直连模式,不适用可扩展`Nacos` 服务的生产环境。

这里主要描述一下 VIP 模式以及 VIP 模式的安装、配置。

准备

VIP模式架构图

概述

Haproxy负载均衡

这里使用 HaProxy实现负载均衡,这里使用两台 HaProxy服务器,能够自动进行故障转移,当前解决方案为 Keepalived

Keepalived高可用

Keepalived具有高可用、主从热备、秒级切换等特点。KeepAlived 采用 VRRP (Virtual Router Redundancy Protocol,虚拟路由冗余协议)
来解决单点失效的问题,它通常由一组一备两个节点组成,同一时间内只有主节点会提供对外服务,并同时提供一个虚拟的 IP 地址 (Virtual Internet Protocol Address ,简称 VIP) 。
如果主节点故障,那么备份节点会自动接管 VIP 并成为新的主节点 ,直到原有的主节点恢复。

服务器部署方案

  • nacos1:192.168.2.43
  • nacos2:192.168.2.44
  • nacos3:192.168.2.45
  • HaProxyKeepAlived:192.168.2.41/192.168.2.42
    • 192.168.2.41 KeepAlived master
    • 192.168.2.42KeepAlived slave

关闭防火墙或开放端口

1
2
systemctl stop firewalld
systemctl disable firewalld

默认已经拥有一台MySQL8+数据库服务。

Centos7 RPM安装MYSQL8
Centos7 解压安装MYSQL8

安装

我这里以我的安装路径为准~/tools/

1、预备环境准备

Nacos 依赖 Java
环境来运行。如果您是从代码开始构建并运行Nacos,还需要为此配置 Maven环境,请确保是在以下版本环境中安装使用:

  1. Centos7,支持 Linux/Unix/Mac/Windows,推荐选用 Linux/Unix/Mac。
  2. 64 bit JDK 1.8+下载 & 配置
  3. Maven 3.2.x+下载 & 配置,如果不编译Nacos源码,可以不用下载
  4. Nacos 2.1.2下载 & 配置

2、从 Github 上下载安装包

Releases 地址

1
2
3
4
5
6
mkdir ~/tools && cd ~/tools
# 直接获取 nacos-server-2.1.2
wget https://github.com/alibaba/nacos/releases/download/2.1.2/nacos-server-2.1.2.tar.gz
# 解压
tar -zxvf nacos-server-2.1.2.tar.gz -C ../
cd nacos/

3、MySQL数据库

1
2
# 查询 nacos-mysql.sql 脚本文件
cat ~/tools/nacos/conf/nacos-mysql.sql

MySQL中新建数据库并执行当前文件。

4、配置 NacosMySQL 驱动

1
mkdir -p ~/tools/nacos/plugins/mysql/

下载 mysql-connector-java-8.0.26.jar 驱动,放入到前目录中。

5、安装 HaProxy

1
2
3
4
5
6
7
8
9
yum install haproxy -y
# 查看系统服务
systemctl list-unit-files |grep haproxy
# 服务状态
systemctl status haproxy
# 启动
systemctl start haproxy
# 设置为开机自启
systemctl enable haproxy

6、安装 KeepAlived

下载

官方下载地址

这里选择 2.2.2版本

1
2
3
mkdir /root/tools
cd /root/tools/
wget https://www.keepalived.org/software/keepalived-2.2.2.tar.gz

安装

VMware 中注意,需要挂载ISO镜像,参考 VMWare配置CentOS7网络

1
2
3
4
5
6
yum -y install openssl-devel gcc gcc-c++
tar -xvf keepalived-2.2.2.tar.gz
cd keepalived-2.2.2
./configure --prefix=/usr/local/keepalived
make && make install
mkdir /etc/keepalived

安装后的目录

1
2
yum install tree -y
tree -l /usr/local/keepalived/etc

目录结构:

1
2
3
4
5
6
7
8
9
10
11
/usr/local/keepalived/etc
├── keepalived
│   ├── keepalived.conf
│   └── samples
│       ├── client.pem
│       ├── dh1024.pem
│       ├── keepalived.conf.conditional_conf
│       ├── ***********************************
│       └── sample_notify_fifo.sh
└── sysconfig
    └── keepalived

目录分别对应配置路径

1
2
/etc/keepalived/keepalived.conf
/etc/sysconfig/keepalived

创建启动文件

1
2
3
4
5
6
#将keepalived配置文件拷贝到etc下
cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf
#将keepalived文件拷贝到etc下,加入网卡配置
cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/keepalived  
#命令
ln -s /usr/local/keepalived/sbin/keepalived /usr/sbin

查看系统服务

1
systemctl list-unit-files |grep keepalived

配置

1、Nacos集群文件

所有节点都需要当前配置

1
2
3
4
5
6
7
cd ~/tools/nacos/conf
# 拷贝集群配置文件
cp cluster.conf.example cluster.conf
# 写入配置
echo "192.168.2.43:8848" > ~/tools/nacos/conf/cluster.conf
echo "192.168.2.44:8848" >> ~/tools/nacos/conf/cluster.conf
echo "192.168.2.45:8848" >> ~/tools/nacos/conf/cluster.conf

2、Nacosapplication.properties配置

所有节点都需要当前配置

1
vim ~/tools/nacos/conf/application.properties

按需编写配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
### Default web context path:
server.servlet.contextPath=/nacos
server.port=8848
#*************** Network Related Configurations ***************#
### If prefer hostname over ip for Nacos server addresses in cluster.conf:
# nacos.inetutils.prefer-hostname-over-ip=false
### Specify local server's IP:
# nacos.inetutils.ip-address=
#*************** Config Module Related Configurations ***************#
### If use MySQL as datasource:
spring.datasource.platform=mysql
### Count of DB:
db.num=1
### Connect URL of DB:
db.url.0=jdbc:mysql://192.168.2.1:3306/nacos_db?charset=utf8mb4&connectTimeout=1000&socketTimeout=3000&autoReconnect=true&serverTimezone=GMT%2B8&useUnicode=true&useSSL=false
db.user.0=nacos
db.password.0=nacos
### Connection pool configuration: hikariCP
db.pool.config.connectionTimeout=30000
db.pool.config.validationTimeout=10000
db.pool.config.maximumPoolSize=20
db.pool.config.minimumIdle=2
### will be removed and replaced by `nacos.naming.clean` properties
nacos.naming.empty-service.auto-clean=true
nacos.naming.empty-service.clean.initial-delay-ms=50000
nacos.naming.empty-service.clean.period-time-ms=30000
### Since 2.1.2
### The expired time for inactive client, unit: milliseconds.
# nacos.naming.client.expired.time=180000
#*************** CMDB Module Related Configurations ***************#
### The interval to dump external CMDB in seconds:
nacos.cmdb.dumpTaskInterval=3600
### The interval of polling data change event in seconds:
nacos.cmdb.eventTaskInterval=10
### The interval of loading labels in seconds:
nacos.cmdb.labelTaskInterval=300
### If turn on data loading task:
nacos.cmdb.loadDataAtStart=false
# 激活Prometheus监控采集Exporter
management.endpoints.web.exposure.include=*
### The auth system to use, currently only 'nacos' and 'ldap' is supported:
nacos.core.auth.system.type=nacos
### If turn on auth system:
nacos.core.auth.enabled=false

3、Nacos服务

1
vim ~/tools/nacos.service

写入配置

1
2
3
4
5
6
7
8
9
10
11
12
13
Description=nacos-server
# 在 network 服务后启动
After=

[Service]
Type=forking
ExecStart=~/tools/nacos/bin/startup.sh
ExecStop=~/tools/nacos/bin/shutdown.sh
Restart=always
PrivateTmp=true

[Install]
WantedBy=multi-user.target

启动服务

1
2
3
4
5
6
7
cp nacos.service /usr/lib/systemd/system/
# 启动 nacos 服务
systemctl start nacos
# 查看服务状态
systemctl status nacos.service
# 设置开机自启
systemctl enable nacos

4、配置 HaProxy

配置

基本配置haproxy.cfg

参考附录 /etc/haproxy/haproxy.cfg

1
vim /etc/haproxy/haproxy.cfg

日志配置 rsyslog

1
2
3
mkdir /var/log/haproxy
vim /etc/rsyslog.conf 
#写入 local2.*                       /var/log/haproxy.log

检查配置

1
2
haproxy -f /etc/haproxy/haproxy.cfg -c
#Configuration file is valid

5、配置KeepAlived

Keepalived 启动时,不会检查配置文件的语法。

配置文件修改

1
vim /etc/keepalived/keepalived.conf

master 192.168.2.41服务器

1
2
hostnamectl set-hostname host41
vim /etc/keepalived/keepalived.conf

写入配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
global_defs { ## 全局定义块 
   router_id host41 ## 标识本节点的字条串,通常为hostname
}
vrrp_script check_haproxy {
	script "/etc/keepalived/haproxy_chk.sh" #执行脚本位置
	interval 5 ##检查时间间隔
	weight -20  ##如果条件成立则权重减20
}
vrrp_instance VI_1 { #VRRP 实例定义块
    state MASTER  ##主节点为MASTER,备份节点为BACKUP
    interface ens33   ##绑定虚拟ip的网络接口(网卡)
    virtual_router_id 40 ##虚拟路由id号,主备节点相同
    mcast_src_ip 192.168.2.41   ##本机ip地址
    priority 100    ##优先级(0-254)
    advert_int 1    ##组播信息发送间隔,两个节点必须一致,默认1s
    authentication {    ##认证匹配
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.2.49/24	##虚拟ip,可以指定多个
    }
    track_script {
        check_haproxy
    }
}

slave 192.168.2.42

1
2
hostnamectl set-hostname host42
vim /etc/keepalived/keepalived.conf

写入配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
global_defs { ## 全局定义块 
   router_id host42 ## 标识本节点的字条串,通常为hostname
}
vrrp_script check_haproxy {
	script "/etc/keepalived/haproxy_chk.sh" #执行脚本位置
	interval 5 ##检查时间间隔
	weight -20  ##如果条件成立则权重减20
}
vrrp_instance VI_1 { #VRRP 实例定义块
    state MASTER  ##主节点为MASTER,备份节点为BACKUP
    interface ens33   ##绑定虚拟ip的网络接口(网卡)
    virtual_router_id 40 ##虚拟路由id号,主备节点相同
    mcast_src_ip 192.168.2.42   ##本机ip地址
    priority 50    ##优先级(0-254)
    advert_int 1    ##组播信息发送间隔,两个节点必须一致,默认1s
    authentication {    ##认证匹配
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.2.49/24	##虚拟ip,可以指定多个
    }
    track_script {
        check_haproxy
    }
}

日志配置

1
2
3
4
5
6
vim /etc/sysconfig/keepalived
#写入 KEEPALIVED_OPTIONS="-D -d -S 0"
vim /etc/rsyslog.conf 
#写入 local0.*  /var/log/keepalived.log
systemctl restart rsyslog.service
systemctl restart keepalived

健康检查脚本

健康检查脚本的目的,判断 HaProxy 是否存活,如不存活,则同时关闭 Keepalived,释放资源。

1
vim /etc/keepalived/haproxy_chk.sh
1
2
3
4
5
6
7
8
9
systemctl status haproxy.service &>/dev/null
if [ $? -ne 0 ];then
    systemctl start haproxy.service &>/dev/null
    sleep 5
    systemctl status haproxy.service &>/dev/null
    if [ $? -ne 0 ];then
        systemctl stop keepalived
    fi
fi
1
chmod 755 /etc/keepalived/haproxy_chk.sh

启动

Nacos基础命令

启动

1
sh ~/tools/nacos/bin/startup.sh

查看当前是否执行

1
jps -mV |grep nacos

关闭

1
sh ~/tools/nacos/bin/shutdown.sh

Nacos服务命令

启动

1
systemctl start nacos

停止

1
systemctl stop nacos

HaProxy服务命令

1
2
3
4
5
6
7
8
# 重启系统日志
systemctl restart rsyslog.service
# 启动 ha代理
systemctl start haproxy
# 设置为开机自启
systemctl enable haproxy
# 重启 ha代理
systemctl restart haproxy

问题 nacos_cluster: cannot bind socket [0.0.0.0:8848]

设置策略

1
2
3
4
5
6
7
# 方式一
setsebool -P haproxy_connect_any=1
# 方式二
vim   /etc/sysctl.conf
# 添加 net.ipv4.ip_nonlocal_bind=1
sysctl -p
reboot

重新启动就可以了.

Keepalived服务命令

1
2
3
4
useradd  keepalived_script
systemctl start keepalived
systemctl enable keepalived
systemctl status keepalived

测试

服务注册

1
curl -X POST 'http://127.0.0.1:8848/nacos/v1/ns/instance?serviceName=nacos.naming.serviceName&ip=20.18.7.10&port=8080'

服务发现

1
curl -X GET 'http://127.0.0.1:8848/nacos/v1/ns/instances?serviceName=nacos.naming.serviceName'

发布配置

1
curl -X POST "http://127.0.0.1:8848/nacos/v1/cs/configs?dataId=nacos.cfg.dataId&group=test&content=HelloWorld"

获取配置

1
curl -X GET "http://127.0.0.1:8848/nacos/v1/cs/configs?dataId=nacos.cfg.dataId&group=test"

测试 HaProxy

测试 HaProxy 下的Nacos

测试 Keepalived

查看进程

keepalived正常运行后,会启动2个进程,其中一个是父进程,负责监控其子进程。一个是vrrp子进程。

1
ps -ef|grep keepalived

查询进程的结果

1
2
root       2607      1  0 15:35 ?        00:00:00 /usr/local/keepalived/sbin/keepalived -D
root       2608   2607  0 15:35 ?        00:00:00 /usr/local/keepalived/sbin/keepalived -D

IP

1
2
# 在 `host41` 上执行
ip a

结果

host42 上执行,是没有当前 VIP 的。

1
2
3
4
# 在 `host41` 上执行
systemctl stop keepalived
# 在 `host42` 上执行
ip a

这时候会发现 VIP 节点就到了 host42

1
2
3
4
# 在 `host41` 上执行
systemctl start keepalived
# 在 `host41` 上执行
ip a

会发现 VIP 节点又回来了,因为 host41priorityhost42大,所以会抢夺。

禁用抢夺策略关键字 nopreempt

1
2
3
4
vrrp_instance VI_1 {
    ##**************
    nopreempt
}

正常测试

1
2
3
4
5
6
7
curl 192.168.2.41
#this is master
#root@centos7[14:46:07]:~
curl 192.168.2.42
#this is master
#root@centos7[15:03:29]:~
#1.2.3.4.5.6.

关闭 master 后测试

1
2
# host41 上执行
systemctl stop keepalived
1
2
3
curl 192.168.2.41
#this is slave
#root@centos7[15:03:59]:/etc/keepalived

测试 Keepalived VIPNacos

Nacos application.properties详细配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
### Default web context path:
server.servlet.contextPath=/nacos
server.port=8848
#*************** Network Related Configurations ***************#
### If prefer hostname over ip for Nacos server addresses in cluster.conf:
# nacos.inetutils.prefer-hostname-over-ip=false
### Specify local server's IP:
# nacos.inetutils.ip-address=
#*************** Config Module Related Configurations ***************#
### If use MySQL as datasource:
spring.datasource.platform=mysql
### Count of DB:
db.num=1
### Connect URL of DB:
db.url.0=jdbc:mysql://192.168.2.1:3306/nacos_db?charset=utf8mb4&connectTimeout=1000&socketTimeout=3000&autoReconnect=true&serverTimezone=GMT%2B8&useUnicode=true&useSSL=false
db.user.0=nacos
db.password.0=nacos
### Connection pool configuration: hikariCP
db.pool.config.connectionTimeout=30000
db.pool.config.validationTimeout=10000
db.pool.config.maximumPoolSize=20
db.pool.config.minimumIdle=2
#*************** Naming Module Related Configurations ***************#
### Data dispatch task execution period in milliseconds: Will removed on v2.1.X, replace with nacos.core.protocol.distro.data.sync.delayMs
# nacos.naming.distro.taskDispatchPeriod=200
### Data count of batch sync task: Will removed on v2.1.X. Deprecated
# nacos.naming.distro.batchSyncKeyCount=1000
### Retry delay in milliseconds if sync task failed: Will removed on v2.1.X, replace with nacos.core.protocol.distro.data.sync.retryDelayMs
# nacos.naming.distro.syncRetryDelay=5000
### If enable data warmup. If set to false, the server would accept request without local data preparation:
# nacos.naming.data.warmup=true
### If enable the instance auto expiration, kind like of health check of instance:
# nacos.naming.expireInstance=true
### will be removed and replaced by `nacos.naming.clean` properties
nacos.naming.empty-service.auto-clean=true
nacos.naming.empty-service.clean.initial-delay-ms=50000
nacos.naming.empty-service.clean.period-time-ms=30000
### Add in 2.0.0
### The interval to clean empty service, unit: milliseconds.
# nacos.naming.clean.empty-service.interval=60000
### The expired time to clean empty service, unit: milliseconds.
# nacos.naming.clean.empty-service.expired-time=60000
### The interval to clean expired metadata, unit: milliseconds.
# nacos.naming.clean.expired-metadata.interval=5000
### The expired time to clean metadata, unit: milliseconds.
# nacos.naming.clean.expired-metadata.expired-time=60000
### The delay time before push task to execute from service changed, unit: milliseconds.
# nacos.naming.push.pushTaskDelay=500
### The timeout for push task execute, unit: milliseconds.
# nacos.naming.push.pushTaskTimeout=5000
### The delay time for retrying failed push task, unit: milliseconds.
# nacos.naming.push.pushTaskRetryDelay=1000
### Since 2.1.2
### The expired time for inactive client, unit: milliseconds.
# nacos.naming.client.expired.time=180000
#*************** CMDB Module Related Configurations ***************#
### The interval to dump external CMDB in seconds:
nacos.cmdb.dumpTaskInterval=3600
### The interval of polling data change event in seconds:
nacos.cmdb.eventTaskInterval=10
### The interval of loading labels in seconds:
nacos.cmdb.labelTaskInterval=300
### If turn on data loading task:
nacos.cmdb.loadDataAtStart=false
#*************** Metrics Related Configurations ***************#
### Metrics for prometheus
# 激活Prometheus监控采集Exporter
management.endpoints.web.exposure.include=*
### Metrics for elastic search
management.metrics.export.elastic.enabled=false
#management.metrics.export.elastic.host=http://localhost:9200
### Metrics for influx
management.metrics.export.influx.enabled=false
#management.metrics.export.influx.db=springboot
#management.metrics.export.influx.uri=http://localhost:8086
#management.metrics.export.influx.auto-create-db=true
#management.metrics.export.influx.consistency=one
#management.metrics.export.influx.compressed=true
#*************** Access Log Related Configurations ***************#
### If turn on the access log:
server.tomcat.accesslog.enabled=true
### The access log pattern:
server.tomcat.accesslog.pattern=%h %l %u %t "%r" %s %b %D %{User-Agent}i %{Request-Source}i
### The directory of access log:
server.tomcat.basedir=
#*************** Access Control Related Configurations ***************#
### If enable spring security, this option is deprecated in 1.2.0:
#spring.security.enabled=false
### The ignore urls of auth, is deprecated in 1.2.0:
nacos.security.ignore.urls=/,/error,/**/*.css,/**/*.js,/**/*.html,/**/*.map,/**/*.svg,/**/*.png,/**/*.ico,/console-ui/public/**,/v1/auth/**,/v1/console/health/**,/actuator/**,/v1/console/server/**

### The auth system to use, currently only 'nacos' and 'ldap' is supported:
nacos.core.auth.system.type=nacos
### If turn on auth system:
nacos.core.auth.enabled=true

### worked when nacos.core.auth.system.type=ldap,{0} is Placeholder,replace login username
# nacos.core.auth.ldap.url=ldap://localhost:389
# nacos.core.auth.ldap.userdn=cn={0},ou=user,dc=company,dc=com

### The token expiration in seconds:
nacos.core.auth.default.token.expire.seconds=18000

### The default token:
nacos.core.auth.default.token.secret.key=SecretKey012345678901234567890123456789012345678901234567890123456789

### Turn on/off caching of auth information. By turning on this switch, the update of auth information would have a 15 seconds delay.
nacos.core.auth.caching.enabled=true

### Since 1.4.1, Turn on/off white auth for user-agent: nacos-server, only for upgrade from old version.
nacos.core.auth.enable.userAgentAuthWhite=false

### Since 1.4.1, worked when nacos.core.auth.enabled=true and nacos.core.auth.enable.userAgentAuthWhite=false.
### The two properties is the white list for auth and used by identity the request from other server.
nacos.core.auth.server.identity.key=serverIdentity
nacos.core.auth.server.identity.value=security

#*************** Istio Related Configurations ***************#
### If turn on the MCP server:
nacos.istio.mcp.server.enabled=false

#*************** Core Related Configurations ***************#

### set the WorkerID manually
# nacos.core.snowflake.worker-id=

### Member-MetaData
# nacos.core.member.meta.site=
# nacos.core.member.meta.adweight=
# nacos.core.member.meta.weight=

### MemberLookup
### Addressing pattern category, If set, the priority is highest
# nacos.core.member.lookup.type=[file,address-server]
## Set the cluster list with a configuration file or command-line argument
# nacos.member.list=192.168.16.101:8847?raft_port=8807,192.168.16.101?raft_port=8808,192.168.16.101:8849?raft_port=8809
## for AddressServerMemberLookup
# Maximum number of retries to query the address server upon initialization
# nacos.core.address-server.retry=5
## Server domain name address of [address-server] mode
# address.server.domain=jmenv.tbsite.net
## Server port of [address-server] mode
# address.server.port=8080
## Request address of [address-server] mode
# address.server.url=/nacos/serverlist

添加GrafanaDashboard

Nacos 监控手册

配置application.properties文件,暴露metrics数据

1
management.endpoints.web.exposure.include=*

访问 http://192.168.2.43:8848/nacos/actuator/prometheus

Grafana

1
2
3
sudo yum install https://s3-us-west-2.amazonaws.com/grafana-releases/release/grafana-6.2.2-1.x86_64.rpm
sudo systemctl start grafana-server 
sudo systemctl enable grafana-server

访问地址 http://192.168.2.43:3000

默认账号密码 admin admin

haproxy

/etc/haproxy/haproxy.cfg

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
#全局配置
global
    #设置日志 local为本地
    log 127.0.0.1 local2 info
    #当前工作目录
   	chroot		/var/lib/haproxy
   	#pid 文件地址
    pidfile     /var/run/haproxy.pid
    #用户与用户组
    user haproxy
    group haproxy
    #运行进程ID
    #uid 99
    #gid 99
    #守护进程启动
    daemon
    #最大连接数
    maxconn 4096
    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats
#默认配置
defaults
    #应用全局的日志配置
    log global
    #默认的模式mode {tcp|http|health}
    #TCP是4层,HTTP是7层,health只返回OK
    mode http
    #日志类别tcplog/httplog
    option httplog
    #不记录健康检查日志信息
    option dontlognull
    #3次失败则认为服务不可用
    retries 3
    #每个进程可用的最大连接数
    maxconn 2000
    #连接超时
    timeout connect 5s
    #客户端超时
    timeout client 120s
    #服务端超时
    timeout server 120s

# Nacos 集群绑定配置
listen nacos_cluster
        bind *:8848
        option tcplog
        #配置TCP模式
        mode tcp
        #轮询算法
        balance roundrobin
        #Nacos集群节点配置,5秒检测一次,2次成功则服务可用,3次失败则服务不可用
        server nacos1 192.168.2.43:8848 check inter 2000 rise 2 fall 3 weight 1
        server nacos2 192.168.2.44:8848 check inter 5000 rise 2 fall 3 weight 1
        server nacos3 192.168.2.45:8848 check inter 5000 rise 2 fall 3 weight 1

#haproxy监控页面地址
listen monitor 
        bind *:8100
        mode http
        option httplog
        stats enable
        stats uri /stats
        stats refresh 5s

Keepalived

/etc/keepalived/keepalived.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
#全局定义块
global_defs {
## 标识本节点的字条串,通常为hostname
   router_id host6
}
vrrp_script check_haproxy {
	#执行脚本位置
	script "/etc/keepalived/haproxy_chk.sh"
   	##检查时间间隔
	interval 5
	##如果条件成立则权重减20
	weight -20 
}
#VRRP 实例定义块
vrrp_instance VI_1 {
	##主节点为MASTER,备份节点为BACKUP
    state MASTER 
    ##绑定虚拟ip的网络接口(网卡)
    interface ens33 
    ##虚拟路由id号,主备节点相同
    virtual_router_id 80
    ##本机ip地址
    mcast_src_ip 192.168.2.6 
    ##优先级(0-254),
    priority 100
    ##组播信息发送间隔,两个节点必须一致,默认1s
    advert_int 1
    ##认证匹配
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
    	##虚拟ip,可以指定多个
        192.168.2.49/24
    }
    track_script {
        check_haproxy
    }
}

VRRP实例定义块

  1. vrrp_sync_group:同步vrrp级,用于确定失败切换(FailOver)包含的路由实例个数。即在有2个负载均衡器的场景,一旦某个负载均衡器失效,需要自动切换到另外一个负载均衡器的实例是哪
  2. group:至少要包含一个vrrp实例,vrrp实例名称必须和vrrp_instance定义的一致
  3. vrrp_instance:vrrp实例名 1> state:实例状态,只有MASTER 和
    BACKUP两种状态,并且需要全部大写。抢占模式下,其中MASTER为工作状态,BACKUP为备用状态。当MASTER所在的服务器失效时,BACKUP所在的服务会自动把它的状态由BACKUP切换到MASTER状态。当失效的MASTER所在的服务恢复时,BACKUP从MASTER恢复到BACKUP状态。
    2> interface:对外提供服务的网卡接口,即VIP绑定的网卡接口。如:eth0,eth1。当前主流的服务器都有2个或2个以上的接口(分别对应外网和内网),在选择网卡接口时,一定要核实清楚。 3> **
    mcast_src_ip:本机IP地址 4> virtual_router_id:虚拟路由的ID号,每个节点设置必须一样,可选择IP最后一段使用,相同的 VRID 为一个组,他将决定多播的 MAC 地址。 5> **
    priority    :节点优先级,取值范围0~254,MASTER要比BACKUP高 6> advert_int:MASTER与BACKUP节点间同步检查的时间间隔,单位为秒 7> **
    lvs_sync_daemon_inteface:负载均衡器之间的监控接口,类似于 HA HeartBeat 的心跳线。但它的机制优于 Heartbeat,因为它没有“裂脑”这个问题,它是以优先级这个机制来规避这个麻烦的。在 DR
    模式中,lvs_sync_daemon_inteface与服务接口interface使用同一个网络接口 8> authentication:验证类型和验证密码。类型主要有 PASS、AH
    两种,通常使用PASS类型,据说AH使用时有问题。验证密码为明文,同一vrrp 实例MASTER与BACKUP使用相同的密码才能正常通信。 9> smtp_alert:有故障时是否激活邮件通知 10> **
    nopreempt
    :禁止抢占服务。默认情况,当MASTER服务挂掉之后,BACKUP自动升级为MASTER并接替它的任务,当MASTER服务恢复后,升级为MASTER的BACKUP服务又自动降为BACKUP,把工作权交给原MASTER。当配置了nopreempt,MASTER从挂掉到恢复,不再将服务抢占过来。
    11> virtual_ipaddress:虚拟IP地址池,可以有多个IP,每个IP占一行,不需要指定子网掩码。注意:这个IP必须与我们的设定的vip保持一致。

虚拟服务器virtual_server定义块

    1. virtual_server:定义一个虚拟服务器,这个ip是virtual_ipaddress中定义的其中一个,后面一个空格,然后加上虚拟服务的端口号。 1> delay_loop:健康检查时间间隔,单位:秒 2>
      lb_algo:负载均衡调度算法,互联网应用常用方式为wlc或rr 3> lb_kind:负载均衡转发规则。包括DR、NAT、TUN 3种,一般使用路由(DR)转发规则。 4>
      persistence_timeout:http服务会话保持时间,单位:秒 5> protocol:转发协议,分为TCP和UDP两种
    2. real_server:真实服务器IP和端口,可以定义多个 1> weight:负载权重,值越大,转发的优先级越高 2> notify_down:服务停止后执行的脚本 3> TCP_CHECK:服务有效性检测 *
      connect_port:服务连接端口 * connect_timeout:服务连接超时时长,单位:秒 * nb_get_retry:服务连接失败重试次数 * delay_before_retry:重试连接间隔,单位:秒

配置日志文件

本文地址: https://github.com/maxzhao-it/blog/post/534f2c3a/