软件:haproxy---主要是做负载均衡的7层,也可以做4层负载均衡 apache也可以做7层负载均衡,但是很麻烦。实际工作中没有人用。 负载均衡是通过OSI协议对应的 7层负载均衡:用的7层http协议, 4层负载均衡:用的是tcp协议加端口号做的负载均衡 ------------------------------------------------------------------------------------------------------------------------------ ha-proxy概述 ha-proxy是一款高性能的负载均衡软件。因为其专注于负载均衡这一些事情,因此与nginx比起来在负载均衡这件事情上做更好,更专业。 ha-proxy的特点 ha-proxy 作为目前流行的负载均衡软件,必须有其出色的一面。下面介绍一下ha-proxy相对LVS,Nginx等负载均衡软件的优点。 •支持tcp / http 两种协议层的负载均衡,使得其负载均衡功能非常丰富。 •支持8种左右的负载均衡算法,尤其是在http模式时,有许多非常实在的负载均衡算法,适用各种需求。 •性能非常优秀,基于事件驱动的链接处理模式及单进程处理模式(和Nginx类似)让其性能卓越。 •拥有一个功能出色的监控页面,实时了解系统的当前状况。 •功能强大的ACL支持,给用户极大的方便。 haproxy算法: 1.roundrobin 基于权重进行轮询,在服务器的处理时间保持均匀分布时,这是最平衡,最公平的算法.此算法是动态的,这表示其权重可以在运行时进行调整.不过在设计上,每个后端服务器仅能最多接受4128个连接 2.static-rr 基于权重进行轮询,与roundrobin类似,但是为静态方法,在运行时调整其服务器权重不会生效.不过,其在后端服务器连接数上没有限制 3.leastconn 新的连接请求被派发至具有最少连接数目的后端服务器.
1、Haproxy 实现七层负载
Keepalived + Haproxy /etc/haproxy/haproxy.cfg global //关于进程的全局参数 log 127.0.0.1 local2 info #日志服务器 pidfile /var/run/haproxy.pid #pid文件 maxconn 4000 #最大连接数 user haproxy #用户 group haproxy #组 daemon #守护进程方式后台运行 nbproc 1 #工作进程数量 cpu内核是几就写几 defaults 用于为其它配置段提供默认参数 listen 是frontend和backend的结合体 frontend 虚拟服务VIrtual Server backend 真实服务器Real Server 调度器可以同时为多个站点调度,如果使用frontend、backend的方式: frontend1 backend1 frontend2 backend2 frontend3 backend3
Keepalived + Haproxy 拓扑结构 [vip: 192.168.246.17] [LB1 Haproxy] [LB2 Haproxy] 192.168.246.169 192.168.246.161 [httpd] [httpd] 192.168.246.162 192.168.246.163 一、Haproxy实施步骤 1. 准备工作(集群中所有主机)[root@ha-proxy-master ~]# cat /etc/hosts 127.0.0.1 localhost 192.168.246.169 ha-proxy-master 192.168.246.161 ha-proxy-slave 192.168.246.162 test-nginx1 192.168.246.163 test-nginx2
2. RS配置 配置好网站服务器,测试所有RS,所有机器安装nginx[root@test-nginx1 ~]# yum install -y nginx [root@test-nginx1 ~]# systemctl start nginx [root@test-nginx1 ~]# echo "test-nginx1" >> /usr/share/nginx/html/index.html
# 所有nginx服务器按顺序输入编号,方便区分。 3. 调度器配置Haproxy(主/备)都执行[root@ha-proxy-master ~]# yum -y install haproxy [root@ha-proxy-master ~]# cp -rf /etc/haproxy/haproxy.cfg{,.bak} [root@ha-proxy-master ~]# sed -i.bak -r '/^[ ]*#/d;/^$/d' /etc/haproxy/haproxy.cfg [root@ha-proxy-master ~]# vim /etc/haproxy/haproxy .cfg global log 127.0.0.1 local2 info pidfile /var/run/haproxy.pid maxconn 4000 #优先级低 user haproxy group haproxy daemon #以后台形式运行ha-proxy nbproc 1 #工作进程数量 cpu内核是几就写几 defaults mode http #工作模式 http ,tcp 是 4 层,http是 7 层 log global retries 3 #健康检查。3次连接失败就认为服务器不可用,主要通过后面的check检查 option redispatch #服务不可用后重定向到其他健康服务器。 maxconn 4000 #优先级中 contimeout 5000 #ha服务器与后端服务器连接超时时间,单位毫秒ms clitimeout 50000 #客户端超时 srvtimeout 50000 #后端服务器超时 listen stats bind *:80 stats enable stats uri /haproxy #使用浏览器访问 http://192.168.246.169/haproxy,可以看到服务器状态 stats auth qianfeng:123 #用户认证,客户端使用elinks浏览器的时候不生效 frontend web mode http bind *:80 #监听哪个ip和什么端口 option httplog #日志类别 http 日志格式 acl html url_reg -i \.html$ #1.访问控制列表名称html。规则要求访问以html结尾的url use_backend httpservers if html #2.如果满足acl html规则,则推送给后端服务器httpservers default_backend httpservers #默认使用的服务器组 backend httpservers #名字要与上面的名字必须一样 balance roundrobin #负载均衡的方式 server http1 192.168.246.162:80 maxconn 2000 weight 1 check inter 1s rise 2 fall 2 server http2 192.168.246.163:80 maxconn 2000 weight 1 check inter 1s rise 2 fall 2
将配置文件拷贝到slave服务器[root@ha-proxy-master ~]# scp /etc/haproxy/haproxy.cfg 192.168.246.161:/etc/haproxy/
两台机器启动设置开机启动[root@ha-proxy-master ~]# systemctl start haproxy [root@ha-proxy-master ~]# systemctl enable haproxy
#check inter 2000 检测心跳频率 #rise 2 2 次正确认为服务器可用 #fall 2 2 次失败认为服务器不可用
4.测试主/备(浏览器访问)
主:
备:
页面主要参数解释 Queue Cur: current queued requests //当前的队列请求数量 Max:max queued requests //最大的队列请求数量 Limit: //队列限制数量 Errors Req:request errors //错误请求 Conn:connection errors //错误的连接 Server列表: Status:状态,包括up(后端机活动)和down(后端机挂掉)两种状态 LastChk: 持续检查后端服务器的时间 Wght: (weight) : 权重 ======================================================== 2.测试访问 通过访问haparoxy的ip地址访问到后端服务器 # curl http://192.168.246.169如果出现bind失败的报错,执行下列命令 setsebool -P haproxy_connect_any=1
二、Keepalived实现调度器HA 注:主/备调度器均能够实现正常调度 1. 主/备调度器安装软件 [root@ha-proxy-master ~]# yum install -y keepalived [root@ha-proxy-slave ~]# yum install -y keepalived [root@ha-proxy-master ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak [root@ha-proxy-master ~]# vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { router_id director1 } vrrp_instance VI_1 { state MASTER interface ens33 virtual_router_id 80 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.246.17/24 } } [root@ha-proxy-slave ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak [root@ha-proxy-slave ~]# vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { router_id directory2 } vrrp_instance VI_1 { state BACKUP interface ens33 nopreempt virtual_router_id 80 priority 50 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.246.17/24 } }
3. 启动KeepAlived(主备均启动)[root@ha-proxy-master ~]# chkconfig keepalived on [root@ha-proxy-master ~]# service keepalived start [root@ha-proxy-master ~]# ip a
4. 扩展对调度器Haproxy健康检查(可选) 思路:两台机器都做 让Keepalived以一定时间间隔执行一个外部脚本,脚本的功能是当Haproxy失败,则关闭本机的Keepalived a. script[root@ha-proxy-master ~]# cat /etc/keepalived/check_haproxy_status.sh #!/bin/bash /usr/bin/curl -I http://localhost &>/dev/null if [ $? -ne 0 ];then # /etc/init.d/keepalived stop systemctl stop keepalived fi [root@ha-proxy-master ~]# chmod a+x /etc/keepalived/check_haproxy_status.sh b. keepalived使用script
[root@ha-proxy-master keepalived]# vim keepalived.conf ! Configuration File for keepalived global_defs { router_id director1 } vrrp_script check_haproxy { script "/etc/keepalived/check_haproxy_status.sh" interval 5 } vrrp_instance VI_1 { state MASTER interface ens33 virtual_router_id 80 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.246.17/24 } track_script { check_haproxy } }
[root@ha-proxy-slave keepalived]# vim keepalived.conf ! Configuration File for keepalived global_defs { router_id directory2 } vrrp_script check_haproxy { script "/etc/keepalived/check_haproxy_status.sh" interval 5 } vrrp_instance VI_1 { state BACKUP interface ens33 nopreempt virtual_router_id 80 priority 50 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.246.17/24 } track_script { check_haproxy } }
[root@ha-proxy-master keepalived]# systemctl restart keepalived [root@ha-proxy-slave keepalived]# systemctl restart keepalived
注:必须先启动haproxy,再启动keepalived 两台机器都配置haproxy的日志:需要打开注释并添加[root@ha-proxy-master ~]# vim /etc/rsyslog.conf # Provides UDP syslog reception #由于haproxy的日志是用udp传输的,所以要启用rsyslog的udp监听 $ModLoad imudp $UDPServerRun 514 找到 #### RULES #### 下面添加 local2.* /var/log/haproxy.log
[root@ha-proxy-master ~]# systemctl restart rsyslog [root@ha-proxy-master ~]# systemctl restart haproxy
[root@ha-proxy-master ~]# tail -f /var/log/haproxy.log 2019-07-13T23:11:35+08:00 localhost haproxy[906]: Connect from 192.168.246.1:56866 to 192.168.246.17:80 (web/HTTP) 2019-07-13T23:11:35+08:00 localhost haproxy[906]: Connect from 192.168.246.1:56867 to 192.168.246.17:80 (web/HTTP) 2019-07-13T23:13:39+08:00 localhost haproxy[906]: Connect from 192.168.246.1:56889 to 192.168.246.17:80 (stats/HTTP) 2019-07-13T23:13:39+08:00 localhost haproxy[906]: Connect from 192.168.246.1:56890 to 192.168.246.17:80 (web/HTTP) 2019-07-13T23:14:07+08:00 localhost haproxy[906]: Connect from 192.168.246.1:56895 to 192.168.246.17:80 (web/HTTP) 2019-07-13T23:14:07+08:00 localhost haproxy[906]: Connect from 192.168.246.1:56896 to 192.168.246.17:80 (stats/HTTP)