三、企业 keepalived 高可用项目实战/haproxy基础

1、Keepalived VRRP 介绍

keepalived是什么

keepalived是集群管理中保证集群高可用的一个服务软件,用来防止单点故障。

keepalived工作原理

keepalived是以VRRP协议为实现基础的,VRRP全称Virtual Router Redundancy Protocol,即虚拟路由冗余协议。

虚拟路由冗余协议,可以认为是实现路由器高可用的协议,即将N台提供相同功能的路由器组成一个路由器组,这个组里面有一个master和多个backup,master上面有一个对外提供服务的vip(该路由器所在局域网内其他机器的默认路由为该vip),master会发组播,当backup收不到vrrp包时就认为master宕掉了,这时就需要根据VRRP的优先级来选举一个backup当master。这样的话就可以保证路由器的高可用了。

keepalived主要有三个模块,分别是core、check和vrrp。core模块为keepalived的核心,负责主进程的启动、维护以及全局配置文件的加载和解析。check负责健康检查,包括常见的各种检查方式。vrrp模块是来实现VRRP协议的。
==============================================
脑裂:
防火墙IPtables
Keepalived的BACKUP主机在收到不MASTER主机报文后就会切换成为master,如果是它们之间的通信线路出现问题,无法接收到彼此的组播通知,但是两个节点实际都处于正常工作状态,这时两个节点均为master强行绑定虚拟IP,导致不可预料的后果,这就是脑裂。
解决方式:
1、添加更多的检测手段,比如冗余的心跳线(两块网卡做健康监测),ping对方等等。尽量减少"裂脑"发生机会。(指标不治本,只是提高了检测到的概率);
2、设置仲裁机制。两方都不可靠,那就依赖第三方。比如启用共享磁盘锁,ping网关等。(针对不同的手段还需具体分析);
3、爆头,将master停掉。然后检查机器之间的防火墙。网络之间的通信

2、Nginx+keepalived实现七层的负载均衡高可用

Nginx通过Upstream模块实现负载均衡

upstream 支持的负载均衡算法

主机清单:

主机名 ip 系统 用途
Proxy-master 192.168.94.132 centos7.5 主负载
Proxy-slave 192.168.94.133 centos7.5 主备
Real-server1 192.168.94.134 Centos7.5 web1
Real-server2 192.168.94.135 centos7.5 web2
Vip for proxy 192.168.94.100

轮询(默认):可以通过weight指定轮询的权重,权重越大,被调度的次数越多
ip_hash:可以实现会话保持,将同一客户的IP调度到同一样后端服务器,可以解决session的问题,不能使用weight
fair:可以根据请求页面的大小和加载时间长短进行调度,使用第三方的upstream_fair模块
url_hash:按请求的url的hash进行调度,从而使每个url定向到同一服务器,使用第三方的url_hash模块

配置安装nginx 所有的机器,关闭防火墙和selinux
[root@proxy-master ~]# systemctl stop firewalld         //关闭防火墙
[root@proxy-master ~]# sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/sysconfig/selinux        //关闭selinux,重启生效
[root@proxy-master ~]# setenforce 0                //关闭selinux,临时生效

安装nginx, 全部4台
[root@proxy-master ~]# cd /etc/yum.repos.d/
[root@proxy-master yum.repos.d]# vim nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1
[root@proxy-master yum.repos.d]# yum install yum-utils -y
[root@proxy-master yum.repos.d]# yum install nginx -y
一、实施过程

同类服务

调度到不同组后端服务器
网站分区进行调度
 
1、选择两台nginx服务器作为代理服务器。
2、给两台代理服务器安装keepalived制作高可用生成VIP
3、配置nginx的负载均衡
# 两台配置完全一样
[root@proxy-master ~]# cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
[root@proxy-master ~]# vim /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
    worker_connections 1024;
}
http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    include /etc/nginx/conf.d/*.conf;
    upstream backend {
    server 192.168.94.134:80 weight=1 max_fails=3 fail_timeout=20s;
    server 192.168.94.135:80 weight=1 max_fails=3 fail_timeout=20s;
    }
    server {
        listen       80;
        server_name  localhost;
        location / {
        proxy_pass http://backend;
        proxy_set_header Host $host:$proxy_port;
        proxy_set_header X-Forwarded-For $remote_addr;
        }
    }
}
[root@proxy-master ~]# nginx
[root@proxy-master ~]# scp /etc/nginx/nginx.conf [email protected]:/etc/nginx/
[root@proxy-slave ~]# nginx

不同类服务(与本实验无关)

调度到不同组后端服务器
网站分区进行调度
=================================================================================

拓扑结构

                            [vip: 20.20.20.20]

                        [LB1 Nginx]     [LB2 Nginx]
                        192.168.1.2     192.168.1.3

        [index]     [milis]      [videos]      [images]       [news]
         1.11        1.21          1.31           1.41         1.51
         1.12        1.22          1.32           1.42         1.52
         1.13        1.23          1.33           1.43         1.53
         ...         ...            ...           ...           ...
         /web     /web/milis    /web/videos     /web/images   /web/news
      index.html  index.html     index.html      index.html   index.html

一、实施过程 
根据站点分区进行调度
http {
    upstream index {
        server 192.168.1.11:80 weight=1 max_fails=2 fail_timeout=2;
        server 192.168.1.12:80 weight=2 max_fails=2 fail_timeout=2;
        server 192.168.1.13:80 weight=2 max_fails=2 fail_timeout=2;
       }
       
    upstream milis {
        server 192.168.1.21:80 weight=1 max_fails=2 fail_timeout=2;
        server 192.168.1.22:80 weight=2 max_fails=2 fail_timeout=2;
        server 192.168.1.23:80 weight=2 max_fails=2 fail_timeout=2;
       }
       
     upstream videos {
        server 192.168.1.31:80 weight=1 max_fails=2 fail_timeout=2;
        server 192.168.1.32:80 weight=2 max_fails=2 fail_timeout=2;
        server 192.168.1.33:80 weight=2 max_fails=2 fail_timeout=2;
       }
       
     upstream images {
        server 192.168.1.41:80 weight=1 max_fails=2 fail_timeout=2;
        server 192.168.1.42:80 weight=2 max_fails=2 fail_timeout=2;
        server 192.168.1.43:80 weight=2 max_fails=2 fail_timeout=2;
       }
       
      upstream news {
        server 192.168.1.51:80 weight=1 max_fails=2 fail_timeout=2;
        server 192.168.1.52:80 weight=2 max_fails=2 fail_timeout=2;
        server 192.168.1.53:80 weight=2 max_fails=2 fail_timeout=2;
       }
       
     server {
            location / {
            proxy_pass http://index;
            }
            
            location  /news {
            proxy_pass http://news;
            }
            
            location /milis {
            proxy_pass http://milis;
            }
            
            location ~* \.(wmv|mp4|rmvb)$ {
            proxy_pass http://videos;
            }
            
            location ~* \.(png|gif|jpg)$ {
            proxy_pass http://images;
            }
}
二、Keepalived实现调度器HA
注:主/备调度器均能够实现正常调度
1. 主/备调度器安装软件
[root@proxy-master ~]# yum install -y keepalived
[root@proxy-slave ~]# yum install -y keepalived
[root@proxy-master ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@proxy-master ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   router_id directory1   #辅助改为directory2
}

vrrp_instance VI_1 {
    state MASTER        #定义主还是备
    interface ens32     #VIP绑定接口
    virtual_router_id 80  #整个集群的调度器一致
    priority 100         #back改为50//优先级
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.94.100/32   # vip
    }
}

[root@proxy-slave ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@proxy-slave ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   router_id directory2
}

vrrp_instance VI_1 {
    state BACKUP    #设置为backup
    interface ens32
    nopreempt        #设置到back上面,不抢占资源
    virtual_router_id 80
    priority 50   #辅助改为50
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.94.100/24
    }
}

[root@proxy-master ~]# systemctl start keepalived
[root@proxy-slave ~]# systemctl start keepalived
[root@proxy-slave ~]# systemctl status keepalived
[root@proxy-master ~]# systemctl status keepalived
[root@proxy-master ~]# ip a
2: ens32:  mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:5e:04:f3 brd ff:ff:ff:ff:ff:ff
    inet 192.168.94.132/24 brd 192.168.94.255 scope global dynamic ens32
    inet 192.168.0.100/32 scope global ens32

测试

[root@real-server1 ~]# cat /etc/nginx/nginx.conf
location / {
            root   /opt;
            index  index.html index.htm;
        }
[root@real-server1 ~]# echo real-server1 > /opt/index.html
[root@real-server1 ~]# nginx -s reload
[root@real-server2 ~]# echo real-server2 > /opt/index.html
[root@real-server2 ~]# nginx -s reload
使用一台机器作为client端访问:
[root@real-server2 ~]# curl 192.168.94.100
real-server1
[root@real-server2 ~]# curl 192.168.94.100
real-server2

停止master端的Keepalived,观察ip漂移,并测试能否继续正常访问
[root@proxy-master ~]# systemctl stop keepalived
[root@proxy-slave ~]# ip a
    inet 192.168.94.133/24 brd 192.168.94.255 scope global dynamic ens32
    inet 192.168.94.100/32 scope global ens32
[root@real-server2 ~]# curl 192.168.94.100
real-server1
[root@real-server2 ~]# curl 192.168.94.100
real-server2

重新启动master端Keepalived,再次测试
[root@proxy-master ~]# systemctl start keepalived
[root@proxy-master ~]# ip a
    inet 192.168.94.100/32 scope global ens32
       valid_lft forever preferred_lft forever
    inet6 fe80::f041:f8cc:18a1:adad/64 scope link 
       valid_lft forever preferred_lft forever
[root@real-server2 ~]# curl 192.168.94.100
real-server1
[root@real-server2 ~]# curl 192.168.94.100
real-server2

到此:
可以解决心跳故障keepalived
不能解决Nginx服务故障

添加健康检查

4. 扩展对调度器Nginx健康检查(可选)两台都设置
思路:
让Keepalived以一定时间间隔执行一个外部脚本,脚本的功能是当Nginx失败,则关闭本机的Keepalived
(1) script
[root@proxy-master ~]# vim /etc/keepalived/check_nginx_status.sh
#!/bin/bash                                                     
/usr/bin/curl -I http://localhost &>/dev/null   
if [ $? -ne 0 ];then                                            
#   /etc/init.d/keepalived stop
    systemctl stop keepalived
fi                                                                      
[root@proxy-master ~]# chmod a+x /etc/keepalived/check_nginx_status.sh

(2). keepalived使用script
! Configuration File for keepalived

global_defs {
   router_id director1
}
vrrp_script check_nginx {
   script "/etc/keepalived/check_nginx_status.sh"
   interval 5   //脚本执行间隔时间/S
}

vrrp_instance VI_1 {
    state MASTER
    interface ens32
    virtual_router_id 80
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.94.100/32
    }
    track_script {
        check_nginx
    }
}
注:必须先启动nginx,再启动keepalived

3、LVS_Director + KeepAlived

主机名 ip 系统 用途
client 192.168.94.99 centos7.5 客户端
lvs-keepalived-master 192.168.94.132 centos7.5 分发器
lvs-keepalived-slave 192.168.94.133 centos7.5 分发器备
real-server1 192.168.94.134 centos7.5 web1
real-server2 192.168.94.135 centos7.5 web2
vip 172.16/147.100 生产中是公网ip
LVS_Director + KeepAlived

KeepAlived在该项目中的功能:
1. 管理IPVS的路由表(包括对RealServer做健康检查)
2. 实现调度器的HA
http://www.keepalived.org

Keepalived所执行的外部脚本命令建议使用绝对路径

实施步骤:

1. 主/备调度器安装软件
[root@lvs-keepalived-master ~]# yum -y install ipvsadm keepalived
[root@lvs-keepalived-slave ~]# yum -y install ipvsadm keepalived

[root@lvs-keepalived-master ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   router_id lvs-keepalived-master    #辅助改为lvs-backup
}

vrrp_instance VI_1 {
    state MASTER
    interface ens32                #VIP绑定接口
    virtual_router_id 80         #VRID 同一组集群,主备一致          
    priority 100            #本节点优先级,辅助改为50
    advert_int 1            #检查间隔,默认为1s
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.94.100/32
    }
}

virtual_server 192.168.94.100 80 {    #LVS配置
    delay_loop 3
    lb_algo rr     #LVS调度算法
    lb_kind DR     #LVS集群模式(路由模式)
    nat_mask 255.255.255.255
    protocol TCP      #健康检查使用的协议
    real_server 192.168.94.134 80 {
        weight 1
        inhibit_on_failure   #当该节点失败时,把权重设置为0,而不是从IPVS中删除
        TCP_CHECK {          #健康检查
            connect_port 80   #检查的端口
            connect_timeout 3  #连接超时的时间
            }
        }
    real_server 192.168.94.135 80 {
        weight 1
        inhibit_on_failure
        TCP_CHECK {
            connect_timeout 3
            connect_port 80
            }
        }
}

[root@lvs-keepalived-slave ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   router_id lvs-keepalived-slave
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens32
    nopreempt                    #不抢占资源
    virtual_router_id 80
    priority 50
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.94.100/32
    }
}
virtual_server 192.168.94.100 80 {
    delay_loop 3
    lb_algo rr
    lb_kind DR
    nat_mask 255.255.255.255
    protocol TCP
    real_server 192.168.94.134 80 {
        weight 1
        inhibit_on_failure
        TCP_CHECK {
            connect_port 80
            connect_timeout 3
            }
        }
    real_server 192.168.94.135 80 {
        weight 1
        inhibit_on_failure
        TCP_CHECK {
            connect_timeout 3
            connect_port 80
            }
        }
}
3. 启动KeepAlived(主备均启动)
[root@lvs-keepalived-master ~]# systemctl start keepalived
[root@lvs-keepalived-master ~]# systemctl enable keepalived

ipvsadm无需配置,keeplived启动时会自动配置
[root@lvs-keepalived-master ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.94.100:80 rr
  -> 192.168.94.134:80            Route   1      0          0         
  -> 192.168.94.135:80            Route   1      0          0

4. 所有RS配置(nginx1,nginx2)
配置好网站服务器,测试所有RS
[root@real-server1 ~]# yum install -y nginx
[root@real-server2 ~]# yum install -y nginx
[root@real-server1 ~]# ip addr add dev lo 192.168.94.100/32   #在lo接口上绑定VIP
[root@real-server1 ~]# echo "ip addr add dev lo 192.168.94.100/32" >> /etc/rc.local
[root@real-server1 ~]# echo "net.ipv4.conf.all.arp_ignore = 1" >> /etc/sysctl.conf
[root@real-server1 ~]# sysctl -p
[root@real-server1 ~]# echo "real-server1" >> /usr/share/nginx/html/index.html
[root@real-server1 ~]# systemctl start nginx
[root@real-server1 ~]# chmod +x /etc/rc.local

测试

[root@real-server1 ~]# cat /etc/nginx/nginx.conf
location / {
            root   /opt;
            index  index.html index.htm;
        }
[root@real-server1 ~]# echo real-server1 > /opt/index.html
[root@real-server1 ~]# nginx -s reload
[root@real-server2 ~]# echo real-server2 > /opt/index.html
[root@real-server2 ~]# nginx -s reload
使用client端访问:
[root@client ~]# curl 192.168.94.100
real-server1
[root@client ~]# curl 192.168.94.100
real-server2

停止master端的Keepalived,观察ip漂移,并测试能否继续正常访问
[root@lvs-keepalived-master ~]# systemctl stop keepalived
[root@lvs-keepalived-slave ~]# ip a
    inet 192.168.94.133/24 brd 192.168.94.255 scope global dynamic ens32
    inet 192.168.94.100/32 scope global ens32
[root@client ~]# curl 192.168.94.100
real-server1
[root@client ~]# curl 192.168.94.100
real-server2

重新启动master端Keepalived,再次测试
[root@lvs-keepalived-master ~]# systemctl start keepalived
[root@lvs-keepalived-master ~]# ip a
    inet 192.168.94.100/32 scope global ens32
       valid_lft forever preferred_lft forever
    inet6 fe80::f041:f8cc:18a1:adad/64 scope link 
       valid_lft forever preferred_lft forever
[root@client ~]# curl 192.168.94.100
real-server1
[root@client ~]# curl 192.168.94.100
real-server2

健康检查:
启动ipvsadm
#!/usr/bin/bash
systemctl status ipvsadm
if [ $? -ne 0 ];then
    systemctl stop keepalived
fi

4、MySQL+Keepalived

Keepalived+mysql 自动切换

项目环境:
VIP 192.168.94.100
mysql1 192.168.94.132      keepalived-master
mysql2 192.168.94.133      keepalived-salve
 
一、mysql 主主同步        (不使用共享存储,数据保存本地存储)
二、安装keepalived 
三、keepalived 主备配置文件
四、mysql状态检测脚本/root/bin/keepalived_check_mysql.sh
五、测试及诊断
实施步骤:

一、mysql 主主同步

master端配置:
[root@mysql-keepalived-master ~]# vim /etc/my.cnf # 在[mysqld]添加
log-bin=mysql-bin #开启二进制日志
log-bin-index=binlog.index
server-id=1 #设置server-id
# auto_increment_increment=2  # 自增减步长
# auto_increment_offset=2     # 自增减开始
适用场景:当两台机器同时接受到3号请求时,就尴尬了,所以设置为一台机器处理序号为
奇数的请求,另一台处理偶数请求。

[root@mysql-keepalived-master ~]# systemctl restart mysqld
[root@mysql-keepalived-master ~]# mysql -uroot -p"Duan@123"
mysql> grant all on *.* to "duan"@"192.168.94.%" identified by "Duan@123";
mysql> flush privileges;
mysql> show master status\G
*************************** 1. row ***************************
             File: mysql-bin.000001
         Position: 747

slave端配置:
[root@mysql-keepalived-slave ~]# vim /etc/my.cnf
log-bin=mysql-bin 
log-bin-index=binlog.index
server-id=2
[root@mysql-keepalived-slave ~]# systemctl restart mysqld
[root@mysql-keepalived-slave ~]# mysql -uroot -p"Duan@123"
mysql> grant all on *.* to "duan"@"192.168.94.%" identified by "Duan@123";
mysql> \e
CHANGE MASTER TO
MASTER_HOST='192.168.94.132',
MASTER_USER='duan',
MASTER_PASSWORD='Duan@123',
MASTER_LOG_FILE='mysql-bin.000001',
MASTER_LOG_POS=747;
    -> ;
mysql> start slave;
mysql> show slave status\G
image.png

image.png
show slave status\G时注意 Seconds_Behind_Master 这个参数,这个参数值过大则表示同步延迟高。
mysql> flush privileges;
mysql> show master status\G
*************************** 1. row ***************************
             File: mysql-bin.000001
         Position: 597
返回master端操作:
mysql> \e
CHANGE MASTER TO
MASTER_HOST='192.168.94.132',
MASTER_USER='duan',
MASTER_PASSWORD='Duan@123',
MASTER_LOG_FILE='mysql-bin.000001',
MASTER_LOG_POS=747;
    ->;
mysql> start slave;
mysql> show slave status\G
image.png

二、安装keepalived---两台机器都操作

[root@mysql-keepalived-master ~]# yum -y install keepalived
[root@mysql-keepalived-slave ~]# yum -y install keepalived

三、keepalived 主备配置文件

192.168.94.132 master配置
[root@mysql-keepalived-master ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@mysql-keepalived-master ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   router_id master
}
vrrp_script check_run {
   script "/etc/keepalived/keepalived_check_mysql.sh"
   interval 5
}

vrrp_instance VI_1 {
    state MASTER
    interface ens32
    virtual_router_id 89
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.94.100/32
    }
    track_script {
        check_run
    }
}


slave 192.168.94.133 配置
[root@mysql-keepalived-slave ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@mysql-keepalived-slave ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   router_id backup
}
vrrp_script check_run {
   script "/etc/keepalived/keepalived_check_mysql.sh"
   interval 5
}

vrrp_instance VI_1 {
    state BACKUP
    nopreempt
    interface ens32
    virtual_router_id 89
    priority 50
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.94.100/32
    }
    track_script {
        check_run
    }
}

四、mysql状态检测脚

本/root/keepalived_check_mysql.sh(两台MySQL同样的脚本)
版本一:简单使用:
[root@mysql-keepalived-master ~]# vim /etc/keepalived/keepalived_check_mysql.sh
#!/bin/bash
/usr/bin/mysql -uroot -p'Duan@123' -e "show status" &>/dev/null 
if [ $? -ne 0 ] ;then 
#   service keepalived stop
    systemctl stop keepalived
fi
[root@mysql-keepalived-master ~]# chmod a+x /etc/keepalived/keepalived_check_mysql.sh
==========================================================================
两边均启动keepalived
方式一:
[root@mysql-keepalived-master ~]# systemctl start keepalived
[root@mysql-keepalived-master ~]# systemctl enable keepalived
方式二:
# /etc/init.d/keepalived start
# /etc/init.d/keepalived start
# chkconfig --add keepalived
# chkconfig keepalived on

测试

[root@mysql-keepalived-master  ~]#  mysql -uduan -p"Duan@123" -h 192.168.94.100
mysql> create database duan;
mysql> use duan
mysql> create table t1(id int);

5、Haproxy 基础

HA 高可用
LB 负载均衡
ha-proxy 是一款高性能的负载均衡软件
1562943827261.png

软件:haproxy---主要是做负载均衡的7层,也可以做4层负载均衡
apache也可以做7层负载均衡,但是很麻烦。实际工作中没有人用。
负载均衡是通过OSI协议对应的
7层负载均衡:用的7层http协议,
4层负载均衡:用的是tcp协议加端口号做的负载均衡

ha-proxy概述

ha-proxy是一款高性能的负载均衡软件。因为其专注于负载均衡这一些事情,因此与nginx比起来在负载均衡这件事情上做更好,更专业。

ha-proxy的特点

ha-proxy 作为目前流行的负载均衡软件,必须有其出色的一面。下面介绍一下ha-proxy相对LVS,Nginx等负载均衡软件的优点。

•支持tcp / http 两种协议层的负载均衡,使得其负载均衡功能非常丰富。
•支持8种左右的负载均衡算法,尤其是在http模式时,有许多非常实在的负载均衡算法,适用各种需求。
•性能非常优秀,基于事件驱动的链接处理模式及单进程处理模式(和Nginx类似)让其性能卓越。
•拥有一个功能出色的监控页面,实时了解系统的当前状况。
•功能强大的ACL(访问控制)支持,给用户极大的方便。

haproxy算法:

1.roundrobin

基于权重进行轮询,在服务器的处理时间保持均匀分布时,这是最平衡,最公平的算法.此算法是动态的,这表示其权重可以在运行时进行调整.不过在设计上,每个后端服务器仅能最多接受4128个连接

2.static-rr

基于权重进行轮询,与roundrobin类似,但是为静态方法,在运行时调整其服务器权重不会生效.不过,其在后端服务器连接数上没有限制

3.leastconn

新的连接请求被派发至具有最少连接数目的后端服务器.

4.source

基于请求源IP的算法。对请求的源IP进行hash运算,然后将结果与后端服务器的权重总数相除后转发至某台匹配的服务器。使用同一IP客户端请求始终被转发到某特定的后端服务器。

5.uri

对部分或整体URI进行hash运算,再与服务器的总权重相除,最后转发到匹配后端。

6.uri param

根据URI路径中参数进行转发,保证在后端服务器数量不变的情况下,同一用户请求分发到同一机器

7.hdr()

根据http头转发,如果不存在http头。则使用简单轮询

1、Haproxy 实现七层负载

环境

ip 主机名
192.168.94.132 ha-proxy-master
192.168.94.133 ha-proxy-slave
192.168.94.134 real-server1
192.168.94.135 real-server2

一、RS配置

配置好网站服务器,测试所有RS,所有机器安装nginx
[root@real-server1 ~]# yum install -y nginx
[root@real-server1 ~]# systemctl start nginx
[root@real-server1 ~]# echo "real-server1" >> /usr/share/nginx/html/index.html
# 所有nginx服务器按顺序输入编号,方便区分。

二、调度器配置Haproxy(主/备)都执行

#不能启动nginx
[root@ha-proxy-master ~]# yum -y install haproxy
[root@ha-proxy-master ~]# cp -rf /etc/haproxy/haproxy.cfg{,.bak}
[root@ha-proxy-master ~]# sed -i -r '/^[ ]*#/d;/^$/d' /etc/haproxy/haproxy.cfg
[root@ha-proxy-master ~]# vim /etc/haproxy/haproxy.cfg
global
    log         127.0.0.1 local2 info
    pidfile     /var/run/haproxy.pid
    maxconn     4000   #优先级低
    user        haproxy
    group       haproxy
    daemon               #以后台形式运行ha-proxy
    nbproc 1            #工作进程数量  cpu内核是几就写几
defaults
    mode                http  #工作模式 http ,tcp 是 4 层,http是 7 层   
    log                 global
    retries             3   #健康检查。3次连接失败就认为服务器不可用,主要通过后面的check检查
    option              redispatch  #服务不可用后重定向到其他健康服务器。
    maxconn             4000  #优先级中
    contimeout          5000  #ha服务器与后端服务器连接超时时间,单位毫秒ms
    clitimeout          50000 #客户端超时
    srvtimeout          50000 #后端服务器超时
listen stats
    bind                *:81   //端口只要不是已经被占用的都可以
    stats               enable
    stats uri           /haproxy  #使用浏览器访问 http://192.168.94.132:81/haproxy,可以看到服务器状态  
    stats auth          duan:123  #用户认证,客户端使用elinks浏览器的时候不生效
frontend  web
    mode                 http  
    bind                 *:80   #监听哪个ip和什么端口
    option               httplog        #日志类别 http 日志格式
    acl html url_reg  -i       \.html$  #1.访问控制列表名称html。规则要求访问以html结尾的url
    use_backend httpservers if  html #2.如果满足acl html规则,则推送给后端服务器httpservers
    default_backend      httpservers   #默认使用的服务器组
backend httpservers    #名字要与上面的名字必须一样
    balance              roundrobin  #负载均衡的方式
    server  http1 192.168.94.134:80 maxconn 2000 weight 1  check inter 1s rise 2 fall 2
    server  http2 192.168.94.135:80 maxconn 2000 weight 1  check inter 1s rise 2 fall 2
将配置文件拷贝到slave服务器
[root@ha-proxy-master ~]# scp  /etc/haproxy/haproxy.cfg 192.168.246.161:/etc/haproxy/
[root@ha-proxy-master ~]# vim /etc/rsyslog.conf
local2.*                                                /var/log/haproxy.log
两台机器启动设置开机启动
[root@ha-proxy-master ~]# systemctl start haproxy
[root@ha-proxy-master ~]# systemctl enable haproxy
[root@ha-proxy-master ~]# systemctl status haproxy
#check inter 2000          检测心跳频率
#maxconn       最大连接数  
#check inter   检查间隔  
#rise 2      2 次正确认为服务器可用
#fall 2      2 次失败认为服务器不可用
/etc/haproxy/haproxy.cfg
global                                                    //关于进程的全局参数
    log                     127.0.0.1 local2 info  #日志服务器
    pidfile                 /var/run/haproxy.pid  #pid文件
    maxconn                 4000     #最大连接数
    user                    haproxy   #用户
    group               haproxy      #组
    daemon          #守护进程方式后台运行
    nbproc 1        #工作进程数量  cpu内核是几就写几
defaults 段用于为其它配置段提供默认参数
listen是frontend和backend的结合体

frontend        虚拟服务VIrtual Server
backend        真实服务器Real Server

调度器可以同时为多个站点调度,如果使用frontend、backend的方式:
frontend1 backend1
frontend2 backend2
frontend3 backend3

三、测试

[root@real-server1 ~]# curl 192.168.94.132
real-server1
[root@real-server1 ~]# curl 192.168.94.132
real-server2
[root@real-server1 ~]# curl 192.168.94.133
real-server1
[root@real-server1 ~]# curl 192.168.94.133
real-server2

浏览器访问测试
主:

image.png

image.png

备:

image.png

页面主要参数解释

Queue
Cur: current queued requests //当前的队列请求数量
Max:max queued requests     //最大的队列请求数量
Limit:           //队列限制数量

Errors
Req:request errors             //错误请求
Conn:connection errors          //错误的连接

Server列表:
Status:状态,包括up(后端机活动)和down(后端机挂掉)两种状态
LastChk:    持续检查后端服务器的时间
Wght: (weight) : 权重
如果出现bind失败的报错,执行下列命令
setsebool -P haproxy_connect_any=1

Keepalived实现调度器HA

注:主/备调度器均能够实现正常调度
1. 主/备调度器安装软件
[root@ha-proxy-master ~]# yum install -y keepalived
[root@ha-proxy-slave ~]# yum install -y keepalived
[root@ha-proxy-master ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@ha-proxy-master keepalived]# vim keepalived.conf
! Configuration File for keepalived

global_defs {
   router_id director1
}
vrrp_script check_haproxy {
   script "/etc/keepalived/check_haproxy_status.sh"
   interval 5
}

vrrp_instance VI_1 {
    state MASTER
    interface ens32
    virtual_router_id 80
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.94.100/32
    }
    track_script {
        check_haproxy
    }
}
[root@ha-proxy-slave keepalived]# vim keepalived.conf
! Configuration File for keepalived

global_defs {
   router_id directory2
}
vrrp_script check_haproxy {
   script "/etc/keepalived/check_haproxy_status.sh"
   interval 5
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens32
    nopreempt
    virtual_router_id 80
    priority 50
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.94.100/32
    }
    track_script {
        check_haproxy
    }
}

[root@ha-proxy-master ~]# vim /etc/keepalived/check_haproxy_status.sh
#!/bin/bash/
usr/bin/curl -I http://localhost &>/dev/null                            
if [ $? -ne 0 ];then                                                                            
#       /etc/init.d/keepalived stop
        systemctl stop keepalived
fi  
[root@ha-proxy-master ~]# chmod a+x /etc/keepalived/check_haproxy_status.sh
[root@ha-proxy-master ~]# scp /etc/keepalived/check_haproxy_status.sh 192.168.94.133:/etc/keepalived
[root@ha-proxy-master keepalived]# systemctl restart keepalived
[root@ha-proxy-slave keepalived]# systemctl restart keepalived
注:必须先启动haproxy,再启动keepalived
[root@ha-proxy-master ~]# vim /etc/rsyslog.conf 
# Provides UDP syslog reception  #由于haproxy的日志是用udp传输的,所以要启用rsyslog的udp监听
$ModLoad imudp
$UDPServerRun 514
找到  #### RULES ####   下面添加
local2.*                       /var/log/haproxy.log
[root@ha-proxy-master ~]# systemctl restart rsyslog
[root@ha-proxy-master ~]# systemctl restart haproxy
[root@ha-proxy-master ~]# tail -f /var/log/haproxy.log 
Feb 15 18:08:31 localhost haproxy[6633]: 127.0.0.1:40666 [15/Feb/2020:18:08:31.820] httpserver httpservers/http1 0/0/0 235 -- 1/1/0/1/0 0/0
Feb 15 18:08:36 localhost haproxy[6930]: Proxy stats started.
Feb 15 18:08:36 localhost haproxy[6930]: Proxy httpserver started.
Feb 15 18:08:36 localhost haproxy[6930]: Proxy httpservers started.
Feb 15 18:08:36 localhost haproxy[6930]: 127.0.0.1:40692 [15/Feb/2020:18:08:36.822] httpserver httpservers/http1 0/0/1 235 -- 1/1/0/1/0 0/0
Feb 15 18:08:41 localhost haproxy[6931]: 127.0.0.1:40718 [15/Feb/2020:18:08:41.832] httpserver httpservers/http2 0/0/0 235 -- 1/1/0/1/0 0/0
Feb 15 18:08:46 localhost haproxy[6931]: 127.0.0.1:40744 [15/Feb/2020:18:08:46.829] httpserver httpservers/http1 0/1/1 235 -- 1/1/0/1/0 0/0

访问测试

[root@client ~]# curl 192.168.94.100
real-server2
[root@client ~]# curl 192.168.94.100
real-server1

Haproxy 实现四层负载

两台haproxy配置文件:
[root@ha-proxy-master ~]# cat /etc/haproxy/haproxy.cfg
Haproxy L4
=================================================================================
global
    log         127.0.0.1 local2
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon
    nbproc      1
defaults
    mode                    http
    log                     global
    option                  redispatch
    retries                 3
    maxconn                 4000
    contimeout              5000
    clitimeout              50000
    srvtimeout              50000
listen stats
    bind            *:81
    stats                       enable
    stats uri               /haproxy
    stats auth              qianfeng:123
frontend  web
    mode                    http
    bind                            *:80
    option                  httplog
    default_backend    httpservers
backend httpservers
    balance     roundrobin
    server  http1 192.168.94.134:80 maxconn 2000 weight 1  check inter 1s rise 2 fall 2
    server  http2 192.168.94.135:80 maxconn 2000 weight 1  check inter 1s rise 2 fall 2
listen mysql
    bind *:3306
    mode tcp
    balance roundrobin
    server mysql1 192.168.94.134:3306 weight 1  check inter 1s rise 2 fall 2
    server mysql2 192.168.94.135:3306 weight 1  check inter 1s rise 2 fall 2

你可能感兴趣的:(三、企业 keepalived 高可用项目实战/haproxy基础)