我们正在两个非生产服务器上运行haproxy,并通过keepalived进行平衡以管理故障转移。
我们最近从haproxy 1.5升级到2.0.3。在我们的非生产环境中,我们从未有过HA解决方案,因此我们决定运行keepalived来检测haproxy故障/停止并将VIP应用于备份服务器。
[当我们应用这些更新时,一切工作都很好...直到我们注意到在lb中添加了新站点。当keepalived重新启动(而不是重新加载)并且新站点位于lb之后时,新站点似乎在不确定的时间内工作良好……然后他们开始返回“ err_empty_response”。似乎没有任何办法解决此问题,直到重新启动keepalived,然后它们又重新工作了一段不确定的时间,然后它们才开始返回“ err_empty_response”。
该站点仍在统计页面中标记。
[痛苦的部分是,调用停止将其放入haproxy.log文件,这使我认为问题不仅仅在于haproxy。
我们尝试过的:
keepalived.conf:
`! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server blah.mail.protection.outlook.com.
smtp_connect_timeout 30
router_id LVS_NONPROD
}
# Script used to check if HAProxy is running
vrrp_script check_haproxy {
script "pidof haproxy"
interval 2
weight 2
}
vrrp_instance VI_DEV {
state MASTER
interface ens160
virtual_router_id 52
priority 101
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx
}
track_script {
check_haproxy
}
}
vrrp_instance VI_TEST {
state MASTER
interface ens160
virtual_router_id 53
priority 101
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx
}
track_script {
check_haproxy
}
}
vrrp_instance VI_UAT {
state MASTER
interface ens160
virtual_router_id 54
priority 101
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx
}
track_script {
check_haproxy
}
}
vrrp_instance VI_STAGING {
state MASTER
interface ens160
virtual_router_id 55
priority 101
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx
}
track_script {
check_haproxy
}
}
vrrp_instance VI_SS {
state MASTER
interface ens160
virtual_router_id 56
priority 101
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx
}
track_script {
check_haproxy
}
}
vrrp_instance VI_NS {
state MASTER
interface ens160
virtual_router_id 57
priority 101
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
xxx.xxx.xxx.xxx
}
track_script {
check_haproxy
}
}`
haproxy全局变量:
`global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2 debug
tune.chksize 32768 #don't get me started...dev requirement because of antiquated requirement not coded away
tune.bufsize 32768 #refer to previous statement
tune.ssl.default-dh-param 2048
max-spread-checks 20000
tune.maxpollevents 10000
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 40000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats`
默认值:
`defaults
mode http
log global
option httplog
option log-health-checks
option dontlognull
option http-server-close
option redispatch
retries 3
timeout http-request 10s
timeout queue 60000
timeout connect 10s
timeout client 60000
timeout server 60000
timeout http-keep-alive 30s
timeout check 30s
maxconn 30000
errorfile 503 /etc/haproxy/errorfiles/503.http`
答案有点傻。到负载平衡器的内部DNS不正确,因此,除非在网站引发这些错误的期间我尝试SSH进入计算机,否则无法进行远程处理。原来,旧的负载均衡器的IP地址是网络脚本的一部分(即/ etc / sysconfig / network-scripts / ifcfg-eth0:0-20)。
因此,当我重新启动keepalived时,新实例将起作用,因为它将使用ip地址,而旧实例将把它们取回(随后会导致失败,因为旧实例中没有该条目)。
我在旧实例上停止了haproxy,从旧服务器上删除了/ etc / sysconfig / network-scripts / ifcfg-eth0:*文件,在新群集上重新启动keepalived,并且一切正常。
现在有点愚蠢。