Azure SLB + httpd + ILB + HAProxy + Atlas + MySQL
Posted Microsoft亚太云生态
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Azure SLB + httpd + ILB + HAProxy + Atlas + MySQL相关的知识,希望对你有一定的参考价值。
各位同学好,本次我们这次给大家展示一个综合的案例。包含很多技术环节,是一个Azure技术的综合的应用。
整体框架
采用全冗余的架构设计。每层都是双机。主机都是采用CentOS6.5的操作系统。
mysql的安装与配置
MySQL采用主主的配置方式。两台设备上都敲入下面的配置和命令:yum install -y mysql-server
chekconfig mysqld on;service mysqld start
iptables -F
setenforce 0
service iptables save更改root密码:
/usr/bin/mysqladmin -u root password "newpass"使用root登陆
mysql -h127.0.0.1 -uroot -ppassword创建数据库:
create database mytable;创建用户,两台创建相同的用户:
GRANT ALL ON php.* to 'user'@'%' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;尝试创建表和插入数据,两台服务器插入不同的内容:
use mytable;
create table mytest(name varchar(20), phone char(14));
insert into mytest(name, phone) values('wang', 11111111111);
select * from mytest;配置主-主:
配置/etc/my.cnf文件:
主机一 |
主机二 |
server-id = 1 |
server-id = 2 |
log_bin=mysqlbinlog |
log_bin=mysqlbinlog |
log_bin_index=mysqlbinlog-index |
log_bin_index=mysqlbinlog-index |
log_slave_updates=1 |
log_slave_updates=1 |
relay_log=relay-log |
relay_log=relay-log |
replicate_do_db=test |
replicate_do_db=test |
binlog-do-db = test |
binlog-do-db = test |
binlog-ignore-db=mysql |
binlog-ignore-db=mysql |
log-slave-updates |
log-slave-updates |
sync_binlog=1 |
sync_binlog=1 |
auto_increment_offset=1 |
auto_increment_offset=2 |
auto_increment_increment=2 |
auto_increment_increment=2 |
replicate-ignore-db= mysql |
replicate-ignore-db= mysql |
配置完成后,重新启动mysql: service mysqld restart
在两台主机中观察:
show master status;
File |
Position |
Binlog_Do_DB |
Binlog_Ignore_DB |
mysqlbinlog.000001 |
325 |
test |
mysql |
3 安装Atlas
两台安装配置相同:
从Github上下载Atlas:
https://github.com/Qihoo360/Atlas/releases
选择相应的版本,我的机器是CentOS6.5,所以我选择Atlas-2.2.1.el6.x86_64.rpm。
wget https://github.com/Qihoo360/Atlas/releases/download/2.2.1/Atlas-2.2.1.el6.x86_64.rpm
发现是存放在AWS的S3上。
安装:rpm -ivh Atlas-2.2.1.el6.x86_64.rpm
修改配置文件: /usr/local/mysql-proxy/conf/test.cnf
需要注意的是,mysql的密码需要经过/usr/local/mysql-proxy/bin/encrypt 程序进行加密: ./encrypt password
4 安装HAProxy
两台配置相同:
yum install haproxy -y
chkconfig haproxy on
修改haproxy的配置文件:vim /etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode tcp
log global
option dontlognull
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main *:3306
mode tcp
default_backend nodes
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
#backend static
# balance roundrobin
# server static 127.0.0.1:4331 check
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend nodes
mode tcp
balance roundrobin
server app1 172.16.4.4:3306 check
server app2 172.16.4.5:3306 backup
最后的backup表明这台服务器是备份状态。
还可以配置运行状态监控,我在这里没有配置,哪位有兴趣可以自己加上。
5 Azure的ILB
Azure的ILB只能采用PowerShell配置。具体的命令是:
Add-AzureInternalLoadBalancer -InternalLoadBalancerName MyHAILB -SubnetName Subnet-2 -ServiceName atlasha01
get-AzureVM -ServiceName atlasha01 -Name atlasha01 | Add-AzureEndpoint -Name mysql -LBSetName mysqlha -Protocol tcp -LocalPort 3306 -PublicPort 3306 -ProbePort 3306 -ProbeProtocol tcp -ProbeIntervalInSeconds 10 -InternalLoadBalancerName MyHAILB | Update-AzureVM
get-AzureVM -ServiceName atlasha01 -Name atlasha02 | Add-AzureEndpoint -Name mysql -LBSetName mysqlha -Protocol tcp -LocalPort 3306 -PublicPort 3306 -ProbePort 3306 -ProbeProtocol tcp -ProbeIntervalInSeconds 10 -InternalLoadBalancerName MyHAILB | Update-AzureVM
PS C:> Get-AzureInternalLoadBalancer -servicename atlasha01
InternalLoadBalancerName : MyHAILB
ServiceName : atlasha01
DeploymentName : atlasha01
SubnetName : Subnet-2
IPAddress : 172.16.2.6
OperationDescription : Get-AzureInternalLoadBalancer
OperationId : cd86e37a-776c-4fc8-8e31-7bad6ebc88b7
OperationStatus : Succeeded
已经把两台HAProxy的主机加入到ILB的负载均衡中。
6 安装前端的Web服务器
我安装的是phpBB3,具体的安装方法请参考我的另外一篇博客:http://www.cnblogs.com/hengwei/p/4754408.html
在一条主机上安装完成后,把网站内容复制到另外一台主机:
rsync -a /var/www/html/phpBB3 172.16.1.5:/var/www/html/phpBB3
当然要事先建好目录,另外要有root的权限和密码。
7 Azure的SLB
在配置Aure的主机时,Web的两台服务器要求配置到一个SLB中,这个在图形化界面里就可以操作了,我就不多描述了。配置好SLB后,需要配置SLB的工作模式,把它调整成source IP的hash模式。这样,可以保证同一客户端的请求总是访问同一台Web服务器。
这个工作需要通过PowerShell实现:
Set-AzureLoadBalanceEndpoint -LBSetName httpset -LoadBalancerDistribution sourceIP -ServiceName atlasweb
8 添加iptables, 和探测脚本,实现故障自动切换
主用的MySQL服务器出现故障,MySQL的服务会迁移到备用的服务器上。但当主用的服务器恢复后,HAProxy会把SQL的请求重新发回给主用的服务器。由于主用服务器下线过程中,备用MySQL的数据库会有数据更新,主用MySQL要从备用MySQL上同步数据,要同步后才能对外提供服务。
所以要在主用服务器启动脚本rc.local中添加iptables,只允许备用服务器访问主用MySQL服务器,并在加载了iptables后再启动mysql服务:
iptables -A INPUT -j ACCEPT -s 10.1.0.9/32 iptables -A INPUT -j DROP sleep 20 service mysqld start
主用服务器起来后,将与备用服务器同步MySQL的内容。此时,主用服务器需要监控备用服务器的状态,一旦备用服务器出现down机的情况,需要接管MySQL的服务。脚本如下:
#!/bin/sh #list iptables, result to file fw/sbin/iptables -L > fw #from file fw, grep key word "10.1.0"grep 10.1.0 > fwRus#if the fw include 10.1.0, means the fw has contents, the my2 is working, otherwise my1 is workingif [ `wc -l fwRus |awk '{print $1}'` = 0 ]then echo $(TZ=Asia/Shanghai date "+%Y-%m-%d-%H-%M-%S") >> a echo "do nothing" >> aelse{ #fw has content, then to detect the my2's status, up or down ping -c 1 my2 > res grep ttl res > pingRus#if the my2 is up, do nothing, is down, remove fw, let my1 be active if [ `wc -l pingRus |awk '{print $1}'` = 0 ] then echo "del firewall" >> b echo $(TZ=Asia/Shanghai date "+%H-%M-%S-%Y-%m-%d") >> b /sbin/iptables -F else echo "host $ip is online" >> c echo $(TZ=Asia/Shanghai date "+%Y-%m-%d-%H-%M-%S") >> c fi}fi
在主用MySQL和备用MySQL同步后,需要运维人员手工关闭这条iptables的设置。使前端的服务可以通过ILB+HAProxy访问到主用MySQL。
根据和客户的交流,采用PING的形式检测第二台MySQL服务器的方式不是特别合理。故又采用检查MySQL间数据同步的状态,作为检测机制。其脚步如下:
#!/bin/sh function mysqlCheck() { time1=`date +"%Y%m%d%H%M%S"` time2=`date +"%Y-%m-%d %H:%M:%S"` CheckFile="/tmp/MySQL.${time1}"Flag=0echo "----------Begin at: " $time2 "------------" > $CheckFile 2>&1mysql -uroot -pcisco -e "show slave status\G" >> $CheckFile 2>&1echo "" >> $CheckFile BM=`grep Seconds_Behind_Master $CheckFile | awk '{print $2}'` SIOR=`grep Slave_IO_Running $CheckFile | awk '{print $2}'` SSQLR=`grep Slave_SQL_Running $CheckFile | awk '{print $2}'` [ "$BM" == '0' -a "$SIOR" == 'Yes' -a "$SSQLR" == "Yes" ] && Flag=1 || FLag=0return $Flag } #list iptables, result to file fw/sbin/iptables -L > fw #from file fw, grep key word "10.1.0"grep DROP fw > fwRus#if the fw include 10.1.0, means the fw has contents, the my2 is working, otherwise my1 is workingif [ `wc -l fwRus |awk '{print $1}'` = 0 ]then echo $(TZ=Asia/Shanghai date "+%Y-%m-%d-%H-%M-%S") >> a echo "do nothing" >> aelse{ mysqlCheck if [ $Flag = 1 ] then echo "add my2 firewall, del my1 firewall" >> $CheckFile 2>&1 echo $(TZ=Asia/Shanghai date "+%H-%M-%S-%Y-%m-%d") >> $CheckFile 2>&1 ssh my2 "iptables -A INPUT -j ACCEPT -s 10.1.0.8/32" ssh my2 "iptables -A INPUT -j ACCEPT -s 10.1.0.4/32" ssh my2 "iptables -A INPUT -j ACCEPT -s 10.1.0.5/32" ssh my2 "iptables -A INPUT -j DROP" /sbin/iptables -F exit else echo "MySQL is not sync" >> $CheckFile 2>&1 echo $(TZ=Asia/Shanghai date "+%Y-%m-%d-%H-%M-%S") >> $CheckFile 2>&1 fi}fi
同样,此脚步需要加载到crontab里。
在第二台MySQL的服务器上,同样要在各种情况下判断,是否需要接管MySQL服务。其脚步为:
#!/bin/bashfunction mysqlCheck() { time1=`date +"%Y%m%d%H%M%S"` time2=`date +"%Y-%m-%d %H:%M:%S"` CheckFile="/tmp/MySQL.CheckFile"Flag=0echo "----------Begin at: " $time2 "------------" >> $CheckFile 2>&1echo "" >> $CheckFile BM=`mysql -uroot -pcisco -hmy1 -e "show slave status\G"|grep Seconds_Behind_Master|awk '{print $2}'` SIOR=`mysql -uroot -pcisco -hmy1 -e "show slave status\G"|grep Slave_IO_Running|awk '{print $2}'` SSQLR=`mysql -uroot -pcisco -hmy1 -e "show slave status\G"|grep Slave_SQL_Running |awk '{print $2}'` [ "$BM" == '0' -a "$SIOR" == 'Yes' -a "$SSQLR" == "Yes" ] && Flag=1 || FLag=0return $Flag }function my2sqlCheck() { time1=`date +"%Y%m%d%H%M%S"` time2=`date +"%Y-%m-%d %H:%M:%S"` CheckFile="/tmp/MySQL.CheckFile"Flag=0echo "----------Begin at: " $time2 "------------" >> $CheckFile 2>&1echo "" >> $CheckFile BM=`mysql -uroot -pcisco -e "show slave status\G"|grep Seconds_Behind_Master|awk '{print $2}'` SIOR=`mysql -uroot -pcisco -e "show slave status\G"|grep Slave_IO_Running|awk '{print $2}'` SSQLR=`mysql -uroot -pcisco -e "show slave status\G"|grep Slave_SQL_Running |awk '{print $2}'` [ "$BM" == '0' -a "$SIOR" == 'Yes' -a "$SSQLR" == "Yes" ] && my2Flag=1 || my2FLag=0return $my2Flag }while truedo my1fw=`ssh my1 "iptables -L" | grep DROP| wc -l` my2fw=`iptables -L | grep DROP| wc -l` mysqlCheck if [ "$my1fw" = '0' -a "$Flag" = '1' ];then if [ "$my2fw" -ge '1' ];then echo "my1 mysql service is ok, my2 fw is on, do nothing" >> $CheckFile 2>&1 else iptables -A INPUT -j ACCEPT -s 10.1.0.8/32 iptables -A INPUT -j ACCEPT -s 10.1.0.4/32 iptables -A INPUT -j ACCEPT -s 10.1.0.5/32 iptables -A INPUT -j DROP echo "my1 mysql service is ok, my2 fw is off, add firewall" >> $CheckFile 2>&1 fi else if [ "$my2fw" = '0' ];then echo "my1 mysql service is not ok, my2 fw is off, my2 provide mysql service, do nothing" >> $CheckFile 2>&1 else LastFlag=`cat /tmp/LastStatus` if [ "$LastFlag" = '1' ];then iptables -F echo "my1 mysql service is not ok, my2 fw is on, delete firewall" >> $CheckFile 2>&1 else echo "my1 mysql service is off, but my2 database not sync, my2 can not provide mysql service now, do nothing" >> $CheckFile 2>&1 fi fi fi my2sqlCheck echo $my2Flag > /tmp/LastStatus sleep 60done
此脚本做成守护进程,每一分钟运行一次。在rc.local中加载。
以上脚步仅供参考,在实际生产环境中,应该采用挂维护页面,中断数据库操作的情况下进行切换。
总结:
至此,所有的配置工作全部完成。
以上是关于Azure SLB + httpd + ILB + HAProxy + Atlas + MySQL的主要内容,如果未能解决你的问题,请参考以下文章
将应用部署到 Azure 内部应用服务环境 (ASE ILB) 内的 Azure 应用服务