haproxy+keepalived 实现双主配置高可用负载均衡
两个VIP地址:192.168.23.98
192.168.23.99
首先我们的拓扑图,由于双主模型,则最少需要四台服务器:
1.Haproxy特别适用于那些访问量很大,但又需要会话保持或七层应用的业务。Haproxy运行在普通的服务器硬件上,仅仅进行简单的配置就可以支持数以万计的连接。并且他的运行模式使得它可以很简单安全的整合到各种网站的架构中(可以代替lvs,nginx等负载均衡设备),同时使得应用服务器不会暴露到网络上。(NAT模式),因此,我们来拿haproxy来具体说明一下:
第一步配置后端的web服务器:web-01,web-02
[root@centos6 ~]# ech0 "web-01 test page" > /var/www/html/index.html
[root@centos6 html]# cat index.html
web-01 test page
[root@localhost html]# echo "web-02 test page" > /var/www/html/index.html
[root@localhost html]# cat index.html
web-02 test page然后启动服务 service httpd restart
haproxy测试一下网页的设置,访问后端的web服务
[root@centos7 keepalived]# curl 192.168.23.100
web-01 test page
[root@centos7 keepalived]# curl 192.168.23.101
web-02 test page
2.在hk两个节点上都要安装haproxy和keepalived
例如:yum install haproxy keepalived -y
其次,修改内核参数设置,设置haproxy启动的时候不管有没有vip地址都可以启动
此选项为集群中关键选项,不然VIP地址没有在Haproxy服务器的时候,服务器无法正常启动
[root@centos7 keepalived]# echo "net.ipv4.ip_nonlocal_bind = 1" >> /etc/sysctl.conf
[root@centos7 keepalived]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
[root@cento7 ~]# echo "net.ipv4.ip_nonlocal_bind= 1" >> /etc/sysctl.conf
[root@cento7 ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
设置haproxy
既然haproxy要实现双主,就必须要做到分别监听两个vip地址,并且两个示例都能得到用户请求负载均衡转发给后端web服务器,使用户不论访问那个节点都可以实现负载均衡。
两个节点需要配置一样的所以用一个haproxy代替
Vim /etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
#frontend main *:5000
# acl url_static path_beg -i /static /images /javascript /stylesheets
# acl url_static path_end -i .jpg .gif .png .css .js
# use_backend static if url_static
# default_backend app
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
#backend static
# balance roundrobin
# server static 127.0.0.1:4331 check
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
#backend app
# balance roundrobin
# server app1 127.0.0.1:5001 check
# server app2 127.0.0.1:5002 check
# server app3 127.0.0.1:5003 check
# server app4 127.0.0.1:5004 check
listen stats
bind :9009
stats enable #启用Haproxy的状态页面
stats uri /admin?stats #设置Haproxy状态页面的访问URL
stats auth proxy:proxy
stats admin if TRUE
listen www1 #定义一个实例
bind :80 #监听地址为VIP地址
mode tcp #设置转发模式为TCP
option forwardfor #允许在发往服务器的请求首部中插入“X-Forwarded-For”首部
server www01 192.168.23.100:80 check #定义后端服务器的,并启用健康检查
server www02 192.168.23.101:80 check
listen www2 #定义第二个实例
bind :80 #除了绑定的VIP地址和第一个实例不同之外,其他均相同
mode tcp
option forwardfor
server www01 192.168.23.100:80 check
server www02 192.168.23.101:80 check
keepalived的配置(HK-O1)
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_mcast_group4 224.40.100.19
}
vrrp_script chk_mt_down {
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
interval 1 #1秒检测一次
weight -5 #优先级减五
}
vrrp_instance VI_1 {
state MASTER
interface ens39
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { #指定漂移地址
192.168.23.98
}
}
track_script {
chk_mt_down #调用上面定义的脚本,如果这里没有调用,那么上面定义的脚本是无法生效的
}
vrrp_instance VI_2 { #定义实例为HK-02的备份节点
state BACKUP #BACKUP表示备份节点
interface ens39
virtual_router_id 52
priority 99 #优先级,低于主服务器
advert_int 1
authentication {
auth_type PASS
auth_pass qwerty
}
virtual_ipaddress {
192.168.23.99
}
}
track_script {
chk_mt_down
}
keepalived(HK-02)
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
[email protected]
[email protected]
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_mcast_group4 224.40.100.19
}
vrrp_script chk_down {
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
interval 1 #1秒检测一次
weight -5 #优先级减五
}
}
vrrp_instance VI_1 {
state BACKUP
interface eth1
virtual_router_id 51
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { #指定漂移地址
192.168.23.98/32 brd 192.168.23.98
}
}
track_script {
chk_down
}
vrrp_instance VI_2 {
state MASTER
interface eth1
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass qwerty
}
virtual_ipaddress {
192.168.23.99
}
track_script {
chk_down
}
}
r然后分别启动haproxy和keepalived
验证
WWW1和WWW2的状态页面
两个VIP 也都启动到双主模型:
hk-01
ens39: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:47:18:31 brd ff:ff:ff:ff:ff:ff
inet 192.168.23.148/24 brd 192.168.23.255 scope global ens39
valid_lft forever preferred_lft forever
inet 192.168.23.98/32 scope global ens39
valid_lft forever preferred_lft forever
inet6 fe80::e679:1a79:44ee:8733/64 scope link
valid_lft forever preferred_lft forever
hk-02
[root@cento7 keepalived]# ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:c6:20:3d brd ff:ff:ff:ff:ff:ff
inet 172.16.250.240/16 brd 172.16.255.255 scope global dynamic eth0
valid_lft 81320sec preferred_lft 81320sec
inet6 fe80::20c:29ff:fec6:203d/64 scope link
valid_lft forever preferred_lft forever
3: eth1: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:c6:20:47 brd ff:ff:ff:ff:ff:ff
inet 192.168.23.149/24 brd 192.168.23.255 scope global eth1
valid_lft forever preferred_lft forever
inet 192.168.23.99/32 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fec6:2047/64 scope link
valid_lft forever preferred_lft forever
分别查看两vip能否负载均衡
[root@centos7 keepalived]# curl 192.168.23.98
web-01 test page
[root@centos7 keepalived]# curl 192.168.23.98
web-02 test page
[root@centos7 keepalived]# curl 192.168.23.99
web-01 test page
[root@centos7 keepalived]# curl 192.168.23.99
web-02 test page
验证是否会漂移地址
关闭hk-02
[root@cento7 keepalived]# touch /etc/keepalived/down
[root@cento7 keepalived]# ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:c6:20:3d brd ff:ff:ff:ff:ff:ff
inet 172.16.250.240/16 brd 172.16.255.255 scope global dynamic eth0
valid_lft 80637sec preferred_lft 80637sec
inet6 fe80::20c:29ff:fec6:203d/64 scope link
valid_lft forever preferred_lft forever
3: eth1: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:c6:20:47 brd ff:ff:ff:ff:ff:ff
inet 192.168.23.149/24 brd 192.168.23.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fec6:2047/64 scope link
valid_lft forever preferred_lft forever 两个地址均漂移到hk-01
[root@centos7 keepalived]# ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens38: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:47:18:27 brd ff:ff:ff:ff:ff:ff
inet 172.16.253.224/16 brd 172.16.255.255 scope global dynamic ens38
valid_lft 80584sec preferred_lft 80584sec
inet6 fe80::e528:d692:e718:3a5d/64 scope link
valid_lft forever preferred_lft forever
3: ens39: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:47:18:31 brd ff:ff:ff:ff:ff:ff
inet 192.168.23.148/24 brd 192.168.23.255 scope global ens39
valid_lft forever preferred_lft forever
inet 192.168.23.98/32 scope global ens39
valid_lft forever preferred_lft forever
inet 192.168.23.99/32 scope global ens39
valid_lft forever preferred_lft forever
inet6 fe80::e679:1a79:44ee:8733/64 scope link
valid_lft forever preferred_lft forever
4: virbr0: mtu 1500 qdisc noqueue state DOWN qlen 1000
link/ether 52:54:00:3b:81:ab brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
健康状态检查
手动关闭 web-01
[root@centos6 ~]# service httpd stop
Stopping httpd: [ OK ]
[root@centos6 ~]#
web状态页面web-01已经下线
验证下不会访问web-01
[root@cento7 keepalived]# curl 192.168.23.98
web-02 test page
[root@cento7 keepalived]# curl 192.168.23.98
web-02 test page
[root@cento7 keepalived]# curl 192.168.23.98
web-02 test page
[root@cento7 keepalived]# curl 192.168.23.99
web-02 test page
[root@cento7 keepalived]# curl 192.168.23.99
web-02 test page
[root@cento7 keepalived]# curl 192.168.23.99
web-02 test page