Linux高可用之CentOS 7安装HAProxy Keepalived MariaDB Galera实现MariaDB多主高可用负载均衡

一、基础配置

1、配置节点的ssh互信

[root@DS-VM-Node149 ~]# ssh-keygen  -t rsa -f ~/.ssh/id_rsa  -P ''
[root@DS-VM-Node149 ~]# echo -e "150\n126\n127\n131"|xargs -i ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.10.231.{}

[root@DS-VM-Node150 ~]# ssh-keygen  -t rsa -f ~/.ssh/id_rsa  -P ''
[root@DS-VM-Node150 ~]# echo -e "149\n126\n127\n131"|xargs -i ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.10.231.{}

[root@DS-VM-Node126 ~]# ssh-keygen  -t rsa -f ~/.ssh/id_rsa  -P ''
[root@DS-VM-Node126 ~]# echo -e "150\n149\n127\n131"|xargs -i ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.10.231.{}

[root@DS-VM-Node127 ~]# ssh-keygen  -t rsa -f ~/.ssh/id_rsa  -P ''
[root@DS-VM-Node127 ~]# echo -e "150\n126\n149\n131"|xargs -i ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.10.231.{}

[root@DS-VM-Node131 ~]# ssh-keygen  -t rsa -f ~/.ssh/id_rsa  -P ''
[root@DS-VM-Node131 ~]# echo -e "150\n126\n127\n149"|xargs -i ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.10.231.{}

2、设置时间同步

[root@DS-VM-Node149 ~]# yum install ntpdate -y
[root@DS-VM-Node149 ~]# ntpdate pool.ntp.org && echo '*/20 * * * * `which ntpdate` pool.ntp.org > /dev/null 2>&1' >> /var/spool/cron/root
[root@DS-VM-Node149 ~]# echo -e "150\n126\n127\n131"|xargs -i ssh root@10.10.231.{} "yum install ntpdate -y"
[root@DS-VM-Node149 ~]# echo -e "150\n126\n127\n131"|xargs -i ssh root@10.10.231.{} "ntpdate pool.ntp.org && echo '*/20 * * * * `which ntpdate` pool.ntp.org > /dev/null 2>&1' >> /var/spool/cron/root"

3、设置hosts

[root@DS-VM-Node149 ~]# echo -e '10.10.231.149\thanode01\n10.10.231.150\thanode02\n10.10.231.126\tmariadbhanode01\n10.10.231.127\tmariadbhanode02\n10.10.231.131\tmariadbhanode03' >> /etc/hosts
[root@DS-VM-Node149 ~]# echo -e "150\n126\n127\n131"|xargs -i ssh root@10.10.231.{} "echo -e '10.10.231.149\thanode01\n10.10.231.150\thanode02\n10.10.231.126\tmariadbhanode01\n10.10.231.127\tmariadbhanode02\n10.10.231.131\tmariadbhanode03' >> /etc/hosts"

4、关闭SELinux

[root@DS-VM-Node149 ~]# sed -i -e 's/SELINUX=permissive/SELINUX=disabled/g' /etc/sysconfig/selinux
[root@DS-VM-Node149 ~]# echo -e "150\n126\n127\n131"|xargs -i ssh root@10.10.231.{} "sed -i -e 's/SELINUX=permissive/SELINUX=disabled/g' /etc/sysconfig/selinux"

5、添加防火墙白名单

[root@DS-VM-Node149 ~]# iptables添加放行方法 (由于我已经将CentOS 7 上的FrieWall换成了iptables)
##CentOS 7 FrieWall改成iptables方法见http://www.dwhd.org/20160322_101301.html
[root@DS-VM-Node149 ~]# iptables -N DB-Galera
[root@DS-VM-Node149 ~]# iptables -I INPUT 3 -s 10.0.0.0/8 -p tcp -m state --state NEW -m multiport --dports 873,3306,4444,4567,4568,9200 -j DB-Galera
[root@DS-VM-Node149 ~]# iptables -I DB-Galera -s 10.0.0.0/8 -p tcp -m state --state NEW -m multiport --dports 873,3306,4444,4567,4568,9200 -j ACCEPT
[root@DS-VM-Node149 ~]# cho -e "150\n126\n127\n131"|xargs -i ssh root@10.10.231.{} "iptables -N DB-Galera"
[root@DS-VM-Node149 ~]# cho -e "150\n126\n127\n131"|xargs -i ssh root@10.10.231.{} "iptables -I INPUT 3 -s 10.0.0.0/8 -p tcp -m state --state NEW -m multiport --dports 873,3306,4444,4567,4568,9200 -j DB-Galera"
[root@DS-VM-Node149 ~]# cho -e "150\n126\n127\n131"|xargs -i ssh root@10.10.231.{} "iptables -I DB-Galera -s 10.0.0.0/8 -p tcp -m state --state NEW -m multiport --dports 873,3306,4444,4567,4568,9200 -j ACCEPT"
#4567 = Galera Cluster replication traffic.
#873  = Rsync ports.
#4444 = For all other State Snapshot Transfer (SST).
#9200 = xinetd - clustercheck.

[root@DS-VM-Node149 ~]# FrieWall添加放行方法
[root@DS-VM-Node149 ~]# for i in 873 3306 4444 4567 4568 9200;do firewall-cmd --permanent --add-port=$i/tcp;done
[root@DS-VM-Node149 ~]# cho -e "150\n126\n127\n131"|xargs -i ssh root@10.10.231.{} "for i in 873 3306 4444 4567 4568 9200;do firewall-cmd --permanent --add-port=$i/tcp;done"

二、Node01和Node02上编译安装HAproxy 1.5.18

1、Node01上编译安装HAproxy 1.5.18

[root@DS-VM-Node149 ~]# yum clean all && yum makecache
[root@DS-VM-Node149 ~]# yum install pcre-devel openssl-devel -y
[root@DS-VM-Node149 ~]# wget http://www.haproxy.org/download/1.5/src/haproxy-1.5.18.tar.gz
[root@DS-VM-Node149 ~]# tar xf haproxy-1.5.18.tar.gz
[root@DS-VM-Node149 ~]# cd haproxy-1.5.18
[root@DS-VM-Node149 ~/haproxy-1.5.18]# make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1
[root@DS-VM-Node149 ~/haproxy-1.5.18]# make install && cd
[root@DS-VM-Node149 ~]# which haproxy
/usr/local/sbin/haproxy
[root@DS-VM-Node149 ~]# haproxy -v
HA-Proxy version 1.5.18 2016/05/10
Copyright 2000-2016 Willy Tarreau <willy@haproxy.org>
[root@DS-VM-Node149 ~]# cp /usr/local/sbin/haproxy /usr/sbin/
[root@DS-VM-Node149 ~]# cp ~/haproxy-1.5.18/examples/haproxy /etc/init.d/haproxy
[root@DS-VM-Node149 ~]# cp ~/haproxy-1.5.18/examples/haproxy.init /etc/init.d/haproxy
[root@DS-VM-Node149 ~]# chmod +x /etc/init.d/haproxy
[root@DS-VM-Node149 ~]# mkdir -pv /{etc,run,var/lib}/haproxy
mkdir: 已创建目录 "/etc/haproxy"
mkdir: 已创建目录 "/run/haproxy"
mkdir: 已创建目录 "/var/lib/haproxy"
[root@DS-VM-Node149 ~]# touch /var/lib/haproxy/stats

2、Node02上编译安装HAproxy 1.5.18

[root@DS-VM-Node150 ~]# yum clean all && yum makecache
[root@DS-VM-Node150 ~]# yum install pcre-devel openssl-devel -y
[root@DS-VM-Node150 ~]# wget http://www.haproxy.org/download/1.5/src/haproxy-1.5.18.tar.gz
[root@DS-VM-Node150 ~]# tar xf haproxy-1.5.18.tar.gz
[root@DS-VM-Node150 ~]# cd haproxy-1.5.18
[root@DS-VM-Node150 ~/haproxy-1.5.18]# make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1
[root@DS-VM-Node150 ~/haproxy-1.5.18]# make install && cd
[root@DS-VM-Node150 ~]# which haproxy
/usr/local/sbin/haproxy
[root@DS-VM-Node150 ~]# haproxy -v
HA-Proxy version 1.5.18 2016/05/10
Copyright 2000-2016 Willy Tarreau <willy@haproxy.org>
[root@DS-VM-Node150 ~]# cp /usr/local/sbin/haproxy /usr/sbin/
[root@DS-VM-Node150 ~]# cp ~/haproxy-1.5.18/examples/haproxy /etc/init.d/haproxy
[root@DS-VM-Node150 ~]# cp ~/haproxy-1.5.18/examples/haproxy.init /etc/init.d/haproxy
[root@DS-VM-Node150 ~]# chmod +x /etc/init.d/haproxy
[root@DS-VM-Node150 ~]# mkdir -pv /{etc,run,var/lib}/haproxy
mkdir: 已创建目录 "/etc/haproxy"
mkdir: 已创建目录 "/run/haproxy"
mkdir: 已创建目录 "/var/lib/haproxy"
[root@DS-VM-Node150 ~]# touch /var/lib/haproxy/stats
[root@DS-VM-Node149 ~]# useradd -r -s /sbin/nologin -d /etc/haproxy -M haproxy

三、Node01和Node02上编译安装keepalived

1、在Node01上编译安装keepalived

[root@DS-VM-Node149 ~]# wget http://www.keepalived.org/software/keepalived-1.2.20.tar.gz
[root@DS-VM-Node149 ~]# tar xf keepalived-1.2.20.tar.gz
[root@DS-VM-Node149 ~]# cd keepalived-1.2.20/
[root@DS-VM-Node149 ~/keepalived-1.2.20]# ./configure --prefix=/usr/local/keepalived --sysconfdir=/etc --with-kernel-dir=/usr/src/kernels/`uname -r` --enable-sha1
[root@DS-VM-Node149 ~/keepalived-1.2.20]# make -j $(awk '/processor/{i++}END{print i}' /proc/cpuinfo) && make install && cd ..
[root@DS-VM-Node149 ~]# scp keepalived-1.2.20.tar.gz root@hanode02:~
[root@DS-VM-Node149 ~]# echo "export PATH=/usr/local/keepalived/sbin:\$PATH" > /etc/profile.d/keepalived.sh
[root@DS-VM-Node149 ~]# . /etc/profile.d/keepalived.sh
[root@DS-VM-Node149 ~]# mv /etc/keepalived/keepalived.conf{,_`date "+%F"`_backup}
[root@DS-VM-Node149 ~]# ln -sv /usr/local/keepalived/sbin/keepalived /usr/sbin/

2、在Node02上编译安装keepalived

[root@DS-VM-Node150 ~]# tar xf keepalived-1.2.20.tar.gz
[root@DS-VM-Node150 ~]# cd keepalived-1.2.20/
[root@DS-VM-Node150 ~/keepalived-1.2.20]# ./configure --prefix=/usr/local/keepalived --sysconfdir=/etc --with-kernel-dir=/usr/src/kernels/`uname -r` --enable-sha1
[root@DS-VM-Node150 ~/keepalived-1.2.20]# make -j $(awk '/processor/{i++}END{print i}' /proc/cpuinfo) && make install && cd ..
[root@DS-VM-Node150 ~]# echo "export PATH=/usr/local/keepalived/sbin:\$PATH" > /etc/profile.d/keepalived.sh
[root@DS-VM-Node150 ~]# . /etc/profile.d/keepalived.sh
[root@DS-VM-Node150 ~]# mv /etc/keepalived/keepalived.conf{,_`date "+%F"`_backup}
[root@DS-VM-Node150 ~]# ln -sv /usr/local/keepalived/sbin/keepalived /usr/sbin/

四、在Node03、Node04、Node05上安装MariaDB Galera

[root@DS-VM-Node126 ~]# curl -Ls onekey.sh/mariadb_galera|bash
[root@DS-VM-Node126 ~]# echo -e "127\n131"|xargs -i ssh root@10.10.231.{} "curl -Ls onekey.sh/mariadb_galera|bash"