一,软件介绍
HAProxy提供高可用性、负载均衡以及基于TCP和HTTP应用的代理,支持虚拟主机,它是免费、快速并且可靠的一种解决方案,适用于那些负载特大的web站点,这些站点通常又需要会话保持或七层处理。HAProxy运行在当前的硬件上,完全可以支持数以万计的并发连接。并且它的运行模式使得它可以很简单安全的整合进您当前的架构中,同时可以保护你的web服务器不被暴露到网络上。
keepalived可提供vrrp以及health-check功能,可以只用它提供双机浮动的vip(vrrp虚拟路由功能),这样可以简单实现一个双机热备高可用功能,类似于layer3, 4 & 5交换机制的软件,也就是我们平时说的第3层、第4层和第5层交换,作用是检测web服务器的状态,如果有一台web服务器死机,或工作出现故障,Keepalived将检测到,并将有故障的web服务器从系统中剔除,当web服务器工作正常后Keepalived自动将web服务器加入到服务器群中,这些工作全部自动完成,不需要人工干涉,需要人工做的只是修复故障的web服务器
二、实验环境
haproxy keepalived 主:192.168.1.201
haproxy keepalived 备:192.168.1.202
vip:192.168.1.130
web:192.168.1.201:80 192.168.1.202:80
效果如图:
三、搭建过程
1.安装keepalived
[root@centos-node1 src]# wget http://www.keepalived.org/software/keepalived-1.2.8.tar.gz
[root@centos-node1 src]# tar -zxvf keepalived-1.2.8.tar.gz
[root@centos-node1 src]# cd keepalived-1.2.8
[root@centos-node1 keepalived-1.2.8]# ./configure-prefix=/usr/local/keepalived
编译安装后有提示
Keepalivedconfiguration
------------------------
Keepalivedversion : 1.2.8
Compiler : gcc
Compiler flags : -g -O2
Extra Lib : -lpopt -lssl -lcrypto -lcrypt
Use IPVSFramework : Yes
IPVS sync daemonsupport : Yes
IPVS use libnl : No
Use VRRPFramework : Yes
Use VRRP VMAC : Yes
SNMP support : No
SHA1 support : No
Use Debug flags : No
出现以上情况,表示编译成功。。。
另外如果要用到lvs的话,use ipvsframework必须是yes的
[root@centos-node1keepalived-1.2.8]# make && make install
[root@centos-node1keepalived-1.2.8]# cp /usr/local/keepalived/etc/rc.d/init.d/keepalived/etc/init.d/keepalived
[root@centos-node1keepalived-1.2.8]# cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
[root@centos-node1keepalived-1.2.8]# cp /usr/local/keepalived/etc/sysconfig/keepalived/etc/sysconfig/
[root@centos-node1keepalived-1.2.8]#mkdir /etc/keepalived/
[root@centos-node1keepalived-1.2.8]#cp/usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
[root@centos-node1keepalived-1.2.8]# chmod +x /etc/init.d/keepalived
[root@centos-node1keepalived-1.2.8]# chkconfig --add /etc/init.d/keepalived
[root@centos-node1keepalived-1.2.8]# vim /etc/keepalived/keepalived.conf
! Configuration Filefor keepalived
global_defs {
notification_email {
}
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id HAPROXY_MASTER #标示状态为MASTER 备份机为BACKUP
}
vrrp_scriptchk_haproxy {
script"/usr/local/keepalived/check_haproxy.sh" #定义监控haproxy脚本
interval 2
weight 2
track_script {
chk_haproxy
}
vrrp_instance VI_1 {
state MASTER
interface eth1
virtual_router_id master
priority 110 #MASTER权重要高于BACKUP 比如BACKUP为99
advert_int 1
authentication {
auth_type PASS #主从服务器验证方式
auth_pass 1111
}
track_script {
chk_haproxy
}
virtual_ipaddress {
192.168.1.130 #可以多个虚拟IP,换行即可
}
}
BACKUP 端配置和MASTER几乎一样,可以直接用scp 从MASTER 端复制一份过来,做以下修改即
可:
router_id backup
state BACKUP
priority 100
2.安装haproxy
[root@centos-node1 src]wget http://haproxy.1wt.eu/download/1.4/src/haproxy-1.4.24.tar.gz
[root@centos-node1 src]#tar zxvf haproxy-1.4.24.tar.gz
[root@centos-node1 src]#cd haproxy-1.4.24
[root@centos-node1 haproxy-1.4.24]#make TARGET=linux26 ARCH=x86_64 PREFIX=/usr/local/haproxy/
[root@centos-node1 haproxy-1.4.24]# make install PREFIX=/usr/local/haproxy/
[root@centos-node1 haproxy-1.4.24]# cp examples/haproxy.cfg /etc/haproxy.cfg
[root@centos-node1 haproxy-1.4.24]# cp examples/haproxy.init /etc/init.d/haproxy
[root@centos-node1 haproxy-1.4.24]#chmod +x /etc/init.d/haproxy
[root@centos-node1 haproxy-1.4.24]# chkconfig --add haproxy
[root@centos-node1 haproxy-1.4.24]# chkconfig --list haproxy
[root@centos-node1 haproxy-1.4.24]# ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy
[root@centos-node1 haproxy-1.4.24]# mkdir /etc/haproxy/
[root@centos-node1 haproxy-1.4.24]# mv /etc/haproxy.cfg /etc/haproxy/
[root@centos-node1 haproxy-1.4.24]# vim /etc/haproxy/haproxy.cfg
# this config needshaproxy-1.1.28 or haproxy-1.2.1
global
log 127.0.0.1 local3 #日志输出配置,所有日志都记录在本机,通过local0输出
maxconn 4096 #最大连接数
chroot /usr/local/haproxy #改变当前工作目录。
uid99
gid99
nbproc1
daemon
pidfile /usr/local/haproxy/haproxy.pid
defaults
log127.0.0.1 local4
mode http #默认的模式mode{ tcp|http|health}tcp是4层http是7层,health只会返回OK
option httplog
option dontlognull
retries 3
optionredispatch
maxconn 2000
contimeout 5000
clitimeout 50000
srvtimeout 50000
listen stats
mode http
bind 192.168.1.130:8888
stats enable
stats refresh3s
stats hide-version
stats uri /haproxy-status #统计页面url
stats auth admin:admin
stats adminif TRUE
frontend 192.168.1.130 #前台
bind *:8080 #监听 建议用*.8080
mode http
option httplog
log global
default_backend test_web
backend test_web #后台
option forwardfor header wm-client-ip
balance source #负载均衡模式source,它跟LVS的persistent和Nginx的ip_hash一样
#option httpchk HEAD /index.jsp HTTP/1.0
server web-node1 192.168.1.201:80 check inter 2000 rise 2 fall 3
server web-node2 192.168.1.202:80 check inter 2000 rise 2 fall 3
3.几点注意事项,,
1.option httpchk HEAD /index.jsp HTTP/1.0 是网页监控,如果HAProxy检测不到Web的根目录下没有index.jsp,就会产生503报错。
2.有人配置HAProxy时喜欢用listen 192.168.1.130:8080这样的格式,这样其实不好,做负载均衡高可用时由于从机分配不到VIP地址,会导致从机启动不了,我建议用bind *:8080的方式代替。
3.check inter 1500 是检测心跳频率,rise 2是2次正确认为服务器可用,fall 3是3次失败认为服务器不可用
检查配置文件
[root@centos-node1~]# haproxy -c -f /etc/haproxy/haproxy.cfg
Configuration fileis valid
修改syslog
[root@centos-node1 haproxy-1.4.24]# vim /etc/rsyslog.conf
local3.* /usr/local/haproxy/logs/haproxy_global.log
local4.* /usr/local/haproxy/logs/haprosy_web.log
haproxy两端配置完全一样。。。
4.keepalived 检查haproxy的脚本
作用:为了防止haproxy down掉,keepalived不切换。
[root@centos-node1~]# cat /usr/local/keepalived/check_haproxy.sh
#!/bin/bash
if [ $(ps -C haproxy--no-header | wc -l) -eq 0 ]; then
/etc/init.d/haproxy start
fi
sleep 2
if [ $(ps -C haproxy--no-header | wc -l) -eq 0 ]; then
/etc/init.d/keepalived stop
fi
5.启动keepalived,haproxy,验证结果。。。。
启动之后会发现MASTER会多出个虚拟的ip
[root@centos-node1~]# ip addr
1: lo:<LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth1:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen1000
link/ether 08:00:27:0c:3a:62 brdff:ff:ff:ff:ff:ff
inet 192.168.1.201/24 brd 192.168.1.255scope global eth1
inet 192.168.1.130/32 scope global eth1
inet6 fe80::a00:27ff:fe0c:3a62/64 scopelink
valid_lft forever preferred_lft forever
不出意外的话,,你就能想看到你想要的结果喽。
四、HAProxy的监控页面,很实用哦。。
http://192.168.1.230:8888/haproxy-status
五、haproxy的算法介绍
HAProxy的算法有如下8种:
1、roundrobin,表示简单的轮询,这个不多说,这个是负载均衡基本都具备的;
2、static-rr,表示根据权重,建议关注;
3、leastconn,表示最少连接者先处理,建议关注;
4、source,表示根据请求源IP,建议关注;
5、uri,表示根据请求的URI;
6、url_param,表示根据请求的URl参数'balanceurl_param' requires an URL parameter name
7、hdr(name),表示根据HTTP请求头来锁定每一次HTTP请求;
8、rdp-cookie(name),表示根据据cookie(name)来锁定并哈希每一次TCP请求。