keepalived + haproxy 实现web的高可用负载均衡
一、Haproxy简介
人们熟知的软件负载均衡如LVS、HAProxy,各方面性能不亚于硬件负载均衡,HAProxy提供高可用性、负载均衡以及基于TCP和HTTP应用的代理,支持虚拟主机,它是免费、快速并且可靠的一种解决方案。HAProxy特别适用于那些负载特大的web站点,这些站点通常又需要会话保持或七层处理。
HAProxy相比LVS的使用要简单很多,功能方面也很丰富。当前,HAProxy支持两种主要的代理模式:"tcp"也即4层(大多用于邮件服务器、内部协议通信服务器等),和7层(HTTP)。在4层模式 下,HAProxy仅在客户端和服务器之间转发双向流量。7层模式下,HAProxy会分析协议,并且能通过允许、拒绝、交换、增加、修改或者***请求 (request)或者回应(response)里指定内容来控制协议,这种操作要基于特定规则。
HAProxy的负载均衡算法现在也越来越多了,具体有如下8种:
①roundrobin,表示简单的轮询,这个不多说,这个是负载均衡基本都具备的;
②static-rr,表示根据权重,建议关注;
③leastconn,表示最少连接者先处理,建议关注;
④source,表示根据请求源IP,这个跟Nginx的IP_hash机制类似,我们用其作为解决session问题的一种方法
⑤ri,表示根据请求的URI;
⑥rl_param,表示根据请求的URl参数'balance url_param' requires an URL parameter name;
⑦hdr(name),表示根据HTTP请求头来锁定每一次HTTP请求;
⑧rdp-cookie(name),表示根据据cookie(name)来锁定并哈希每一次TCP请求。
二、拓扑图
三、安装
1、安装配置haproxy A
[root@90sec ~]# yum -y install haproxy
[root@90sec ~]# cd /etc/haproxy/
[root@90sec haproxy]# cp haproxy.cfg haproxy.cfg.bak ##备份
[root@90sec haproxy]# vim haproxy.cfg
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global #全局配置区域
log 127.0.0.1 local2 #日志将通过rsyslog进行归档记录
chroot /var/lib/haproxy #运行的安装路径
pidfile /var/run/haproxy.pid #pid文件存放的位置
maxconn 4000 #最大连接
user haproxy #运行haproxy的用户
group haproxy #运行haprixy的组
daemon #以后台模式运行haproxy
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http #工作模式
log global #关闭日志,删除指重定向日志
option httplog
option dontlognull #不记录健康检查的日志信息
option http-server-close #启用服务器端主动关闭
option forwardfor except 127.0.0.0/8 #传递客户端IP
option redispatch #当后端服务器组中的某一台主机故障后,能够自动将请求重定向到组内的其它主机
retries 3 #请求重试次数
timeout http-request 10s #http请求超时时间
timeout queue 1m #一个请求在队列里的超时时间
timeout connect 10s #连接服务器超时时间
timeout client 1m #客户端超时时间
timeout server 1m #客户端超时时间
timeout http-keep-alive 10s
timeout check 10s #心跳检测超时时间
maxconn 3000 #最大连接数
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend proxy *:80
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js
use_backend static if url_static
default_backend dynamic
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend static #后端调度
balance roundrobin #调度算法
server web1 172.16.36.130:80 inter 1500 rise 2 fall 3 check maxconn 5000
#----------------------------------------
listen statistics
mode http # http 7 层模式
bind *:8080 #监听地址
stats enable #启用状态监控
stats auth 90sec:admin #验证的用户与密码
stats uri /admin?status #访问路径
stats admin if TRUE #如果验证通过了就允许登录
stats refresh 6s #每6秒刷新一次
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend dynamic
balance roundrobin
server web2 172.16.36.131:80 check inter 1500 rise 2 fall 3 maxconn 5000
#服务器定义,serverid为web2,check inter 1500是检测心跳频率
#rise 2是2次正确认为服务器可用
#fall 3是3次失败认为服务器不可用
#最大连接数据为5000
配置日志
[root@90sec ~]# vim /etc/rsyslog.conf
$ModLoad imtcp #取消注释
$InputTCPServerRun 514 #取消注释
添加一下行
local2.* /var/log/haproxy.log
[root@90sec ~]# service rsyslog restart
Shutting down system logger: [ OK ]
Starting system logger: [ OK ]
2、安装keepalived
[root@90sec src]# tar xf keepalived-1.2.12.tar.gz
[root@90sec src]# cd keepalived-1.2.12
[root@90sec keepalived-1.2.12]# ./configure --prefix=/usr/local/keepalived --with-dir=/usr/src/kernels/*/
[root@90sec keepalived-1.2.12]# make && make install
[root@90sec keepalived-1.2.12]# mkdir /etc/keepalived
[root@90sec keepalived-1.2.12]# cp -f keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
[root@90sec keepalived-1.2.12]# cp -f keepalived/etc/init.d/keepalived.init /etc/init.d/keepalived
[root@90sec keepalived-1.2.12]# cp -f keepalived/etc/init.d/keepalived.sysconfig /etc/sysconfig/keepalived
[root@90sec keepalived-1.2.12]# cp -f /usr/local/keepalived/sbin/keepalived /sbin/
[root@90sec keepalived-1.2.12]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email { #邮件通知
}
notification_email_from root@localhost
smtp_server 127.0.0.1 #使用本机邮件服务
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_scrip chk_haproxy { #检测haproxy
script "killall -0 haproxy"
interval 1
weight 2
}
vrrp_instance VI_1 {
state MASTER #在A上主,B 上是备
interface eth0
virtual_router_id 200 #路由ID
priority 100 #优先级
advert_int 1
authentication { #路由之间认证机制
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { # VIP
192.168.83.100/24 dev eth0 label eth0:0
}
track_scripts {
chk_haproxy
}
track_interface {
eth0
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance VI_2 {
state BACKUP #在A 备,在B 主
interface eth0
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.83.200/24 dev eth0 label eth0:1
}
track_scripts {
chk_haproxy
}
track_interface {
eth0
}
}
为keepalived提供脚本服务
#!/bin/bash
#Author: MageEdu <[email protected]> #脚本出处
#description: An ample of notify script
vip=192.168.83.100
contact='root@localhost'
notify() {
mailsubject="`hostname` to be $1: $vip floating"
mailbody="`date '+%F %H:%M:%S'`: vrrp transition, `hostname` changed to be $1"
echo$mailbody | mail -s "$mailsubject"$contact
}
case"$1"in
master)
notify master
/etc/rc.d/init.d/haproxystart
exit0
;;
backup)
notify backup
/etc/rc.d/init.d/haproxystop
exit0
;;
fault)
notify fault
/etc/rc.d/init.d/haproxystop
exit0
;;
*)
echo'Usage: `basename $0` {master|backup|fault}'
exit1
;;
esac
配置haproxy B
因为haproxy A 和haproxy B 配置文件相同,所以发送一份即可
[root@90sec /]#scp /etc/haproxy/haproxy.cfg 192.168.83.133:/etc/haproxy/haproxy.cfg
配置heepalived
! Configuration File for keepalived
global_defs {
notification_email {
}
notification_email_from root@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_scrip chk_haproxy {
script "killall -0 haproxy"
interval 1
weight 2
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 200
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.83.100 dev eth0 label eth0:0
}
track_scripts {
chk_haproxy
}
track_interface {
eth0
}
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.83.200/24 dev eth0 label eth0:1
}
track_scripts {
chk_haproxy
}
track_interface {
eth0
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
注意:
notify_master
"/etc/keepalived/notify.sh master"
notify_backup
"/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
3个状态分别要执行的脚本,只能放在 MASTER中,原因是:因为是互为主从,每个主的都会有个另外一个主的从,如果
把这 “3个状态执行脚本” 写入到从的区域中,那么另外一个主的从状态就会执行这个脚本,因为就会停掉所要高可用的
程序,这就造成了,两个VIP全部转移到其中一个服务器上去。
keepalived提供脚本服务相同,所以只需修改VIP 地址即可。日志配置方式也相同,参照上面即可。
四、测试keeplived功能
二个节点服务正常时
关闭haproxy A 上的keepalived看VIP 是否漂移
五、配置后端web服务
为web1 静态配置,并上传一张图片
为web2动态配置
# yum install -y php php-mysql
# vim /var/www/html/index.php
<h1>WebCome to WEB2</h1>
<?php
phpinfo();
?>
# service httpd start
Starting httpd: [ OK ]
六、测试动静态页
监控页面
欢迎指导,交流。。。。。。。。。。。。