Openstack-Mitaka 高可用之 Pacemaker+corosync+pcs 高可用集群

admin

介绍及特点
4 W& |5 M  k3 C8 ]    Pacemaker：工作在资源分配层，提供资源管理器的功能
    Corosync：提供集群的信息层功能，传递心跳信息和集群事务信息
0 _2 N' j+ P, Z    Pacemaker + Corosync 就可以实现高可用集群架构
3 e4 e( k9 E: d3 h2 A
" ~9 l9 T, L1 @5 Q6 b$ u  x+ \ 集群搭建
以下三个节点都需要执行：

- z& U. l' |& m# yum install pcs -y
7 v8 e& c; ~* n# R2 K# systemctl start  pcsd ; systemctl enable pcsd
" P1 z/ L4 G$ T# echo 'hacluster' | passwd --stdin hacluster
# yum install haproxy  rsyslog -y
# echo 'net.ipv4.ip_nonlocal_bind = 1' >> /etc/sysctl.conf        # 启动服务的时候，允许忽视VIP的存在
# echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf        # 开启内核转发功能
2 f4 R: C6 P4 K1 v) }9 ~# sysctl -p

2 W% P! H) I; N5 B4 l' F( u在任意节点创建用于haproxy监控Mariadb的用户
MariaDB [(none)]> CREATE USER 'haproxy'@'%' ;
/ t4 J2 v, ]4 ?3 d1 D配置haproxy用于负载均衡器
9 t& \3 A- e$ S9 d
' a/ i. D- v9 D% J[root@controller1 ~]# egrep -v "^#|^$" /etc/haproxy/haproxy.cfg
    log         127.0.0.1 local2
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
& E# ~: J7 Z) N& M; B) q    user        haproxy
    group       haproxy
    daemon
" G+ O2 G+ k, v    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats
. L+ o3 E4 J; j2 G0 o& |7 Ndefaults
    mode                    http
    log                     global
3 }! B$ }  e9 ^2 l1 u$ m6 d2 e    option                  httplog
    option                  dontlognull
9 F2 N1 |- O$ O' e. |( J1 S( N    option http-server-close
: n1 z2 n& F  [8 c    option forwardfor       except 127.0.0.0/8
    option                  redispatch
! {: _- x  f  U; D6 s  l    retries                 3
    timeout http-request    10s
5 }% C! ?; f" {4 |; A  T, P2 [    timeout queue           1m
( `' {6 V) A* S7 I* `$ w    timeout connect         10s
  Z7 i# \! y& _& t+ \5 U    timeout client          1m
1 f) E% y9 z+ t+ w9 ?9 C    timeout server          1m
8 A. p* L8 q# Y1 ^0 F1 j& n* _    timeout http-keep-alive 10s
7 U% w* X3 n5 T& ]    timeout check           10s
    maxconn                 4000
1 s! C, q, q' D! L0 P! z# @7 alisten galera_cluster
    mode tcp            
    bind 192.168.0.10:3306
    balance source
, Y7 t2 u) L! n. ?; O: m# M    option mysql-check user haproxy
    server controller1 192.168.0.11:3306 check inter 2000 rise 3 fall 3 backup
    server controller2 192.168.0.12:3306 check inter 2000 rise 3 fall 3
. q- i' R- t; N3 i% y- p2 Y8 z    server controller3 192.168.0.13:3306 check inter 2000 rise 3 fall 3 backup

listen memcache_cluster
    mode tcp
5 \) l& n- ^( _, T& q9 @  E5 g    bind 192.168.0.10:11211
    balance source
    option tcplog
% z' J  \# w* H& ~* P    server controller1 192.168.0.11:11211 check inter 2000 rise 3 fall 3
. V* i. L) I3 R; N4 T. H/ ?    server controller2 192.168.0.12:11211 check inter 2000 rise 3 fall 3
    server controller3 192.168.0.13:11211 check inter 2000 rise 3 fall 3
8 R$ N( t6 ]( v
; m/ h+ S7 _) c- Q" c* K$ x1 l& D% u
7 x' ]$ x; P5 j- N& P3 n* M: X* m/ b注意：
; V1 w5 L$ w! |* r0 m    （1）确保haproxy配置无误，建议首先修改ip和端口启动测试是否成功。
    （2）Mariadb-Galera和rabbitmq默认监听到 0.0.0.0 修改调整监听到本地 192.168.0.x
    （3）将haproxy正确的配置拷贝到其他节点，无需手动启动haproxy服务
为haproxy配置日志（所有controller节点执行）：

4 ?  o& I/ V* v4 |, Y# vim /etc/rsyslog.conf
% p$ u) i0 c$ `…
) h9 G5 i) Z4 u. K$ Q  R1 _8 q1 L$ModLoad imudp
5 m5 w, q( ~2 j, h$UDPServerRun 514
" |9 W4 X: ]2 m…
local2.*                                                /var/log/haproxy/haproxy.log
…

" v- |* A) W8 P" f: B# mkdir -pv /var/log/haproxy/
& I$ X6 H) R8 tmkdir: created directory ‘/var/log/haproxy/’

# systemctl restart rsyslog

启动haproxy进行验证操作：
' n' V4 |1 F8 h, h
# systemctl start haproxy
[root@controller1 ~]# netstat -ntplu | grep ha
tcp        0      0 192.168.0.10:3306       0.0.0.0:*               LISTEN      15467/haproxy      
! W% U2 D7 }" n- Stcp        0      0 192.168.0.10:11211      0.0.0.0:*               LISTEN      15467/haproxy      
5 Y8 G  E1 o! l- |- Zudp        0      0 0.0.0.0:43268           0.0.0.0:*                           15466/haproxy
/ b" J: ~# J. E4 g
验证成功，关闭haproxy
: e+ ~& C2 U7 Z# systemctl stop haproxy
8 |( Q' v( t* V6 B. ]0 L; C
  u; l* R% K0 _7 b2 @
在controller1节点上执行：
6 R2 v8 f7 f( C7 V% W; q9 l2 g[root@controller1 ~]# pcs cluster auth controller1 controller2 controller3 -u hacluster -p hacluster --force
controller3: Authorized
1 r; H5 j8 M+ Z1 J- Vcontroller2: Authorized
controller1: Authorized
4 Y& @; u; E5 v创建集群：

[root@controller1 ~]# pcs cluster setup --name openstack-cluster controller1 controller2 controller3  --force
Destroying cluster on nodes: controller1, controller2, controller3...
5 A! ^$ {1 A4 Z! i; ]2 X! zcontroller3: Stopping Cluster (pacemaker)...
8 u5 _+ ~' b* d6 F5 b: Zcontroller2: Stopping Cluster (pacemaker)...
7 X: v/ |* A) L; R' i+ scontroller1: Stopping Cluster (pacemaker)...
controller3: Successfully destroyed cluster
controller1: Successfully destroyed cluster
controller2: Successfully destroyed cluster

Sending 'pacemaker_remote authkey' to 'controller1', 'controller2', 'controller3'
5 T* H8 @2 Y4 L/ l! ^  L! E, ycontroller3: successful distribution of the file 'pacemaker_remote authkey'
controller1: successful distribution of the file 'pacemaker_remote authkey'
6 ?9 ?, d3 t9 q, \9 |' _controller2: successful distribution of the file 'pacemaker_remote authkey'
7 b1 K4 q& _+ a. L! \' [5 KSending cluster config files to the nodes...
controller1: Succeeded
3 P9 m5 J. ~- q* f: xcontroller2: Succeeded
- [2 ^2 E( d; n2 Wcontroller3: Succeeded

8 J  U- F; B4 MSynchronizing pcsd certificates on nodes controller1, controller2, controller3...
  l0 K' m$ p& Y; P' scontroller3: Success
; i; L6 r1 \+ Q  y# H. O4 Jcontroller2: Success
% t' H) `# {+ Icontroller1: Success
9 u8 |; |; b+ W# Q" xRestarting pcsd on the nodes in order to reload the certificates...
/ _* ^# D, N2 i1 ycontroller3: Success
5 w; d% A( y! \controller2: Success
- }  b$ R! ~2 N# a/ Lcontroller1: Success

启动集群的所有节点：
) S% c7 Y0 A3 B3 T
[root@controller1 ~]# pcs cluster start --all
controller2: Starting Cluster...
5 l! u- h1 O3 R  ~( c2 Hcontroller1: Starting Cluster...
  G$ r3 o( w+ i* n3 {controller3: Starting Cluster...
6 \% V$ `  t! R0 f  L' n+ F[root@controller1 ~]# pcs cluster enable --all
3 {/ l3 @  d/ H6 Y: e% acontroller1: Cluster Enabled
7 v- Y8 J  P% H8 icontroller2: Cluster Enabled
controller3: Cluster Enabled
  w2 I  k- l6 F: _: c
查看集群信息：

[root@controller1 ~]# pcs status
Cluster name: openstack-cluster
  Q% }4 w9 s8 g( U8 pWARNING: no stonith devices and stonith-enabled is not false
6 b8 U3 ~+ C9 l6 mStack: corosync
Current DC: controller3 (version 1.1.16-12.el7_4.4-94ff4df) - partition with quorum
$ B6 G+ y9 h% G( P1 Q9 ULast updated: Thu Nov 30 19:30:43 2017
4 i% [7 @' q! B" _2 c  PLast change: Thu Nov 30 19:30:17 2017 by hacluster via crmd on controller3
* ]$ d$ Z3 j. m7 K1 a4 F4 c
$ Z$ R+ k: |' m* A! b3 nodes configured
0 resources configured

" I7 M( l/ D4 b& _% B2 f4 p3 UOnline: [ controller1 controller2 controller3 ]
# k- V+ J, k* V5 \2 g+ h# k
2 {' x0 `( z7 z. d: c; G6 z! ?No resources


6 f" f' ]2 R/ I7 s' r; B7 gDaemon Status:
  corosync: active/enabled
  pacemaker: active/enabled
- d: I  S$ U) t; d  pcsd: active/enabled
[root@controller1 ~]# pcs cluster status
% R  m- _8 T0 m% F: q# ICluster Status:
Stack: corosync
Current DC: controller3 (version 1.1.16-12.el7_4.4-94ff4df) - partition with quorum
Last updated: Thu Nov 30 19:30:52 2017
6 }- D- V  Q! |6 a( y3 _7 D Last change: Thu Nov 30 19:30:17 2017 by hacluster via crmd on controller3
* f, t2 v; ^3 O$ u& K7 x 3 nodes configured
0 resources configured
: z8 P2 v1 e4 c# H
1 T, D# E" {( j1 d1 D" [PCSD Status:
! [* I% i) s, O5 I. U8 l  controller2: Online
' d/ i7 Y. f4 \0 U! a  H6 y! W  controller3: Online
  controller1: Online

2 A- `- }0 `+ O; }- Q/ m0 F; B三个节点都在线
: g3 Z% Y9 ~  W; I3 d. s默认的表决规则建议集群中的节点个数为奇数且不低于3。当集群只有2个节点，其中1个节点崩坏，由于不符合默认的表决规则， 集群资源不发生转移，集群整体仍不可用。no-quorum-policy="ignore"可以解决此双节点的问题，但不要用于生产环境。换句话说，生 产环境还是至少要3节点。
pe-warn-series-max、pe-input-series-max、pe-error-series-max代表日志深度。
: n, r+ g& J% h# r2 r4 b- _cluster-recheck-interval是节点重新检查的频率。
[root@controller1 ~]#  pcs property set pe-warn-series-max=1000 pe-input-series-max=1000 pe-error-series-max=1000 cluster-recheck-interval=5min
. `  q7 F1 y6 b3 g" D. D, X* ~禁用stonith：
stonith是一种能够接受指令断电的物理设备，环境无此设备，如果不关闭该选项，执行pcs命令总是含其报错信息。
8 o9 `! z, g6 y# E4 ^- E[root@controller1 ~]# pcs property set stonith-enabled=false
6 B3 {2 d2 ]- Z& h% r; a: b二个节点时，忽略节点quorum功能：
( u2 d3 f7 Q  C% O( F[root@controller1 ~]# pcs property set no-quorum-policy=ignore
验证集群配置信息
[root@controller1 ~]# crm_verify -L -V
为集群配置虚拟 ip
[root@controller1 ~]# pcs resource create ClusterIP ocf:heartbeat:IPaddr2 \
ip="192.168.0.10" cidr_netmask=32 nic=eno16777736 op monitor interval=30s
3 @3 q6 z% Q7 J, f1 |$ n3 d到此，Pacemaker+corosync 是为 haproxy服务的，添加haproxy资源到pacemaker集群
" h0 x  G2 ^3 b) P8 [2 l[root@controller1 ~]# pcs resource create lb-haproxy systemd:haproxy --clone
; O, ^& `. [8 ?, i' t# \7 d, U说明：创建克隆资源，克隆的资源会在全部节点启动。这里haproxy会在三个节点自动启动。
查看Pacemaker资源情况
[root@controller1 ~]# pcs resource
ClusterIP    (ocf::heartbeat:IPaddr2):    Started controller1        # 心跳的资源绑定在第三个节点的
Clone Set: lb-haproxy-clone [lb-haproxy]        # haproxy克隆资源
     Started: [ controller1 controller2 controller3 ]
注意：这里一定要进行资源绑定，否则每个节点都会启动haproxy，造成访问混乱
" ]- n- ~7 g5 s3 x- {/ c$ s# ?将这两个资源绑定到同一个节点上
[root@controller1 ~]# pcs constraint colocation add lb-haproxy-clone ClusterIP INFINITY
. D, @8 [) h0 h3 L# G绑定成功
) I# w1 k3 x7 n0 E3 a0 R[root@controller1 ~]# pcs resource
7 I$ Q2 o( k9 T ClusterIP    (ocf::heartbeat:IPaddr2):    Started controller3
Clone Set: lb-haproxy-clone [lb-haproxy]
) \+ R; N: F) E" f2 N     Started: [ controller1]
' l* V1 X) `' z, D. U     Stopped: [ controller2 controller3 ]
配置资源的启动顺序，先启动vip，然后haproxy再启动，因为haproxy是监听到vip
9 J& B' `3 t. `5 P[root@controller1 ~]# pcs constraint order ClusterIP then lb-haproxy-clone
手动指定资源到某个默认节点，因为两个资源绑定关系，移动一个资源，另一个资源自动转移。
4 A- ]# w' @8 E# r
[root@controller1 ~]# pcs constraint location ClusterIP prefers controller1
" v! ^: U1 b7 R1 H" q* n$ c4 n4 n[root@controller1 ~]# pcs resource
. Y7 K4 ~8 `& y  o" o% ?/ ] ClusterIP    (ocf::heartbeat:IPaddr2):    Started controller1
0 ]" u- O" K6 C6 f$ o  Y Clone Set: lb-haproxy-clone [lb-haproxy]
  D; x7 O3 [4 Y* B6 l' h     Started: [ controller1 ]
     Stopped: [ controller2 controller3 ]
/ ?: c! j( ]# g2 j. x# i6 M: f[root@controller1 ~]# pcs resource defaults resource-stickiness=100        # 设置资源粘性，防止自动切回造成集群不稳定
现在vip已经绑定到controller1节点
[root@controller1 ~]# ip a | grep global
    inet 192.168.0.11/24 brd 192.168.0.255 scope global eno16777736
2 ?7 P+ A4 P; X. K    inet 192.168.0.10/32 brd 192.168.0.255 scope global eno16777736
    inet 192.168.118.11/24 brd 192.168.118.255 scope global eno33554992
  m2 O: m: y5 u
! `* L+ p- `/ @; T, x- x尝试通过vip连接数据库
' Q/ D3 W. R% |( b( A" e- A% rController1:
* d. z% m' s8 X0 \4 c/ ^, t
) U% w( w9 d+ Z5 p/ F2 |* o; D[root@controller1 haproxy]# mysql -ugalera -pgalera -h 192.168.0.10


Controller2:

　
( I8 m, m- F$ d/ q# V高可用配置成功。

测试高可用是否正常
% s2 w8 r; m9 O, L在controller1节点上直接执行 poweroff -f
1 ]+ a, t' f  h& t4 N[root@controller1 ~]# poweroff -f
& W3 |, h  ?% N+ E# _1 F$ e. ovip很快就转移到controller2节点上
  O, n' W  e9 v
再次尝试访问数据库

* S( b! G, Q1 B1 p9 S5 `! U
6 a1 g" M' V" w/ O% S8 }5 ], J" t 无任何问题，测试成功。
查看集群信息：

5 }* ?; Z5 z: c[root@controller2 ~]# pcs status
Cluster name: openstack-cluster
Stack: corosync
Current DC: controller3 (version 1.1.16-12.el7_4.4-94ff4df) - partition with quorum
2 Y1 h! K: v( @/ N2 I" `' [Last updated: Thu Nov 30 23:57:28 2017
2 S6 e6 N. [+ r6 R) V( Q$ O. mLast change: Thu Nov 30 23:54:11 2017 by root via crm_attribute on controller1

, N/ |" L! E$ G, Q( b& ~3 nodes configured
4 resources configured
: }) x9 t! ?  k  m# Z+ k
Online: [ controller2 controller3 ]
OFFLINE: [ controller1 ]            # controller1 已经下线
' e3 {- ~% M3 }- {, p' A
Full list of resources:

0 U/ }$ l/ e2 G' S* m  l0 B ClusterIP    (ocf::heartbeat:IPaddr2):    Started controller2
Clone Set: lb-haproxy-clone [lb-haproxy]
     Started: [ controller2 ]
     Stopped: [ controller1 controller3 ]

Daemon Status:
4 w9 K( l9 E! n: R  corosync: active/enabled
  pacemaker: active/enabled
( S( ]2 K/ K, h8 `1 |3 A+ `4 ]# H  pcsd: active/enabled