基于Keepalived+Haproxy搭建四层负载均衡器

平台环境

 

OS:Centos5.6(64X)
MASTER:192.168.2.20
BACKUP:192.168.2.21
VIP:192.168.2.119
Serivce Port:11231
 

 

三、平台安装配置
1、添加非本机IP邦定支持

vi /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind=1
sysctl –p

 2、配置平台日志支持
vi /etc/syslog.conf
添加：
local3.*        /var/log/haproxy.log
local0.*        /var/log/haproxy.log

vi /etc/sysconfig/syslog
修改：
SYSLOGD_OPTIONS="-r -m 0"
/etc/init.d/syslog restart

3、关闭SELINUX
4、关闭iptables
5、Keepalived的安装、配置
wget http://www.keepalived.org/software/keepalived-1.2.2.tar.gz
tar zxvf keepalived-1.2.2.tar.gz
cd keepalived-1.2.2
./configure && make && make install
 mkdir /etc/keepalived
cp /usr/local/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
cp /usr/local/sbin/keepalived /usr/sbin/
 

 vi /etc/keepalived/keepalived.conf

 ! Configuration File for keepalived

global_defs {
   notification_email {
         [email protected]
   }
   notification_email_from [email protected]
   smtp_connect_timeout 3
   smtp_server 127.0.0.1
   router_id LVS_DEVEL
}
vrrp_  script  chk_haproxy {
     script  "killall -0 haproxy"
    interval 2
    weight 2
}
vrrp_instance VI_1 {
    interface eth0
    state MASTER
    priority 101
    virtual_router_id 50
    garp_master_delay 1

    authentication {
        auth_type PASS
        auth_pass dpidc
    }
    track_interface {
       eth0
       eth1
    }
    virtual_ipaddress {
        192.168.2.119
    }
    track_  script  {
        chk_haproxy
    }

    #....
    notify_master "/etc/keepalived/Mailnotify.py master"
    notify_backup "/etc/keepalived/Mailnotify.py backup"
    notify_fault "/etc/keepalived/Mailnotify.py fault"
}

 

6、Haproxy的安装与配置
wget http://haproxy.1wt.eu/download/1.4/src/haproxy-1.4.11.tar.gz
tar zxvf haproxy-1.4.11.tar.gz
cd haproxy-1.4.11
make install
mkdir -p /usr/local/haproxy/etc
mkdir -p /usr/local/haproxy/sbin
cp examples/haproxy.cfg /usr/local/haproxy/etc

cp /usr/local/sbin/haproxy /usr/local/haproxy/sbin/

vi /usr/local/haproxy/etc/haproxy.cfg

# this config needs haproxy-1.1.28 or haproxy-1.2.1  
 
global  
#        log 127.0.0.1   local0  
        log 127.0.0.1   local1 notice  
        maxconn 5000  
        uid 99  
        gid 99  
        daemon  
        pidfile /usr/local/haproxy/haproxy.pid  
 
 
defaults  
        log     global  
        mode    http  
        #option httplog  
        option  dontlognull  
        retries 3  
        option redispatch  
        maxconn 2000  
        contimeout      5000  
        clitimeout      50000  
        srvtimeout      50000  
 
listen  ICE01  192.168.2.119:11231  
        mode tcp  
        maxconn 2000  
        balance roundrobin  
        server  ice-192.168.0.128 192.168.0.128:11231 check inter 5000 fall 1 rise 2  
        server  ice-192.168.0.129 192.168.0.129:11231 check inter 5000 fall 1 rise 2  
        server  ice-192.168.0.130 192.168.0.130:11231 check inter 5000 fall 1 rise 2  
        server  ice-192.168.0.131 192.168.0.131:11231 check inter 5000 fall 1 rise 2  
        server  ice-192.168.0.132 192.168.0.132:11231 check inter 5000 fall 1 rise 2  
        server  ice-192.168.0.34 192.168.0.34:11231 check inter 5000 fall 1 rise 2  
        srvtimeout      20000  
 
listen stats_auth192.168.2.20:80  
# listen stats_auth 192.168.2.21:80 # backup config
        stats enable  
        stats uri  /admin-status  
        stats auth  admin:123456  
        stats admin if TRUE  

 

7、邮件通知程序(python实现)
vi /etc/keepalived/Mailnotify.py
#!/usr/local/bin/python  
#coding: utf-8  
from email.MIMEMultipart import MIMEMultipart  
from email.MIMEText import MIMEText  
from email.MIMEImage import MIMEImage  
from email.header import Header  
import sys 
import smtplib 
 
#---------------------------------------------------------------  
# Name:        Mailnotify.py  
# Purpose:     Mail notify to SA  
# Author:      jinyan  
# Email:       jinyan2049@163.com  
# Created:     2012/03/09  
# Copyright:   (c) 2012  
#--------------------------------------------------------------  
strFrom ='[email protected]'  
strTo ='[email protected]'  
smtp_server='smtp.domain.com'  
smtp_pass='123456'  
 
if sys.argv[1]!="master" and sys.argv[1]!="backup"  and sys.argv[1]!="fault":  
    sys.exit()  
else:  
    notify_type=sys.argv[1]  
 
 
mail_title='[紧急]负载均衡器邮件通知'  
mail_body_plain=notify_type+'被激活，请做好应急处理。'  
mail_body_html='<b><font color=red>'+notify_type+'被激活，请做好应急处理。</font></b>'  
 
msgRoot = MIMEMultipart('related')  
msgRoot['Subject'] =Header(mail_title,'utf-8')  
msgRoot['From'] = strFrom  
msgRoot['To'] = strTo  
 
msgAlternative = MIMEMultipart('alternative')  
msgRoot.attach(msgAlternative)  
 
msgText = MIMEText(mail_body_plain, 'plain', 'utf-8')  
msgAlternative.attach(msgText)  
 
 
msgText = MIMEText(mail_body_html, 'html','utf-8')  
msgAlternative.attach(msgText)  
 
 
smtp = smtplib.SMTP()  
smtp.connect(smtp_server)  
smtp.login(smtp_user,smtp_pass)  
smtp.sendmail(strFrom, strTo, msgRoot.as_string())  
smtp.quit()  

 

注：修改成系统python实际路径“#!/usr/local/bin/python”(第一行)
chmod +x /etc/keepalived/Mailnotify.py
/usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/etc/haproxy.cfg
service keepalived start

8、查看VRRP通讯记录
tcpdump vrrp
 

 

 

 

 

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
15:49:05.270017 IP 192.168.2.20 > VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 50, prio 100, authtype simple, intvl 1s, length 20
 

 

四、Haproxy界面
访问http://192.168.2.20/admin-status，输入帐号admin密码123456进入管理监控平台。