基于keepalived的Haproxy高可用配置
一、概述:HAProxy是一个用于4层或7层的高性能负载均衡软件,在大型网站的大型Web服务器群集中,HAProxy可用来替代专业的硬件负载均衡设备,节省大量的开支。
通常情况下,为了避免整个体系中出现单点故障,在至关重要的架构中,都需要部署备份设备,同样,负载均衡设备也不能部署单台,一旦主设备出现问题之后,备份设备可对主设备进行接管。实现不间断的服务,这便是Keepalived的作用。
于是,HAProxy和Keepalived的组合便成了省钱高效的Web服务器负载均衡架构。
拓扑图:
http://s3.运维网.com/wyfs02/M01/25/90/wKioL1Nkm8CSRpNlAAFqh-Ey9jg773.jpg
二、前端负载均衡层配置:
1.ha_1配置:
配置keepalived
# yum install -y keepalived
# cd /etc/keepalived/
# cp keepalived.conf keepalived.conf.bak
# vim keepalived.conf
! Configuration File forkeepalived
global_defs {
notification_email {#邮件通知机制
root@localhost
maoqiuguo@localhost
}
notification_email_from kaadmin@localhost
smtp_server 127.0.0.1#使用本机邮件服务
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_haproxy {#检测haprox服务状态
script "killall -0 haproxy"
interval 1
weight 2 #权重
}
###########VRRP_INSTANCE VI_1###########实例1的配置
vrrp_instance VI_1 {
state MASTER #在ha_1上面是主,对端ha_2上面是备
interface eth0
virtual_router_id 100#路由ID
priority 100#优先级
advert_int 1
authentication {#路由之间认证
auth_type PASS
auth_pass 123.com
}
virtual_ipaddress { #VIP配置
172.16.41.100/16dev eth0label eth0:0
}
track_script { #追踪脚本
chk_haproxy
}
track_interface {#追踪端口
eth0
}
#通知脚本
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
##########VRRP_INSTANCE VI_2############实例2的配置
vrrp_instance VI_2 {
state BACKUP#在ha_1上面是被,对端ha_2上面是主
interface eth0
virtual_router_id 200#路由ID
priority 199#优先级
advert_int 1
authentication {#路由间认证
auth_type PASS
auth_pass 123.com
}
virtual_ipaddress {#VIP配置
172.16.41.101/16dev eth0label eth0:1
}
track_interface {#追踪端口
eth0
}
track_script {#追踪脚本
chk_haproxy
}
}
######################################
为ha_1的keepalived提供脚本文件:
# vim /etc/keepalived/notify.sh
#!/bin/bash
# Author: MageEdu 脚本使用请注明出处
# description: An example of notify script
#
vip=172.16.41.100
contact='root@localhost'
notify() {
mailsubject="`hostname` to be $1: $vip floating"
mailbody="`date '+%F %H:%M:%S'`: vrrp transition, `hostname` changed to be $1"
echo$mailbody | mail -s "$mailsubject"$contact
}
case"$1"in
master)
notify master
/etc/rc.d/init.d/haproxystart
exit0
;;
backup)
notify backup
/etc/rc.d/init.d/haproxystop
exit0
;;
fault)
notify fault
/etc/rc.d/init.d/haproxystop
exit0
;;
*)
echo'Usage: `basename $0` {master|backup|fault}'
exit1
;;
esac
#赋予执行权限:
# chmod +x /etc/keepalived/notify.sh
配置haproxy.
# yum install haproxy -y
# cd /etc/haproxy/
# cp haproxy.cfg haproxy.cfg.bak
# vim haproxy.cfg
global#全局配置
log 127.0.0.1 local2#日志功能
chroot /var/lib/haproxy#修改haproxy的工作目录至指定的目录并在放弃权限之前执行chroo
t()操作,可以提升haproxy的安全级别,不过需要注意的是要确保指定的目录为空
目录且任何用户均不能有写权限;
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon#让haproxy以守护进程的方式工作于后台
defaults
mode http #指定haproxy的工作模式
log global #使用默认全局日志
option httplog #
option dontlognull
option http-server-close#若客户端超时,服务器端将关闭连接
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
listen stats
mode http
bind 0.0.0.0:1080 #绑定1080端口
stats enable#开启stats功能
stats hide-version #隐藏haproxy版本信息
stats uri/myadmin?stats#在浏览器中通过什么样的URI访问stats页面
stats realm Haproxy\ Statistics #认证注释信息
stats authmaoqiu:123.com#认证机制(User:Password)
stats admin ifTRUE#如果认证成功,则赋予管理权限
acl allow src 172.16.0.0/16#访问控制,只允许是这个网段的客户端访问
tcp-request content accept ifallow
tcp-request content reject
frontend proxy#前端代理
bind *:80#监听80port
mode http
log global
option httpclose
option logasap
option dontlognull
capture requestheader Host len 20
capture requestheader Referer len 60
acl url_static path_beg -i /static/images/javascript/stylesheets
acl url_static path_end -i .jpg .gif .png .css .js .html
use_backend static_servers ifurl_static
default_backend dynamic_servers
backend static_servers#后端静态server
balance source#基于source算法调度
server imgsrv1 192.168.100.2:80 check maxconn 6000
backend dynamic_servers #后端动态server
balance source#基于source算法调度
server websrv1 192.168.100.1:80 check maxconn 6000
2.ha_2配置:
配置keepalived:
! Configuration File forkeepalived
global_defs {
notification_email {
root@localhost
maoqiuguo@localhost
}
notification_email_from kaadmin@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 1
weight 2
}
###########VRRP_INSTANCE VI_1###########
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 123.com
}
virtual_ipaddress {
172.16.41.100/16dev eth0 label eth0:0
}
track_script {
chk_haproxy
}
track_interface {
eth0
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
##########VRRP_INSTANCE VI_2############
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 200
priority 200
advert_int 1
authentication {
auth_type PASS
auth_pass 123.com
}
virtual_ipaddress {
172.16.41.101/16dev eth0 label eth0:1
}
track_interface {
eth0
}
track_script {
chk_haproxy
}
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
#####ha_2上面的脚本文件同ha_1,须将VIP修改为172.16.41.101,再赋予权限即可!
配置kehaproxy:
因为在前端的haproxy功能都是将服务代理至至后端的Real Server,每项配置都是一样的,所以在ha_2上安装好haproxy之后将ha_1上面的配置文件copy过来即可!
# scp root@172.16.41.1:/etc/haproxy/haproxy.cfg /etc/haproxy/ 3.启动keepalived测试:
当两个前端节点的服务正常状态时:
http://s3.运维网.com/wyfs02/M00/25/91/wKioL1Nku5mB9zQYAANJ9mO9c3s015.jpg
http://s3.运维网.com/wyfs02/M02/25/91/wKiom1Nku8ji3BFPAANPcmoksG4976.jpg
当把某个前端节点的haproxy服务停止后的状态:http://s3.运维网.com/wyfs02/M00/25/91/wKiom1NkvEmwhElFAANMOa-1H-o498.jpg
http://s3.运维网.com/wyfs02/M02/25/91/wKioL1NkvCeig3wtAAOzWJMAPuw925.jpg
目前keepalived为haporxy提供高可用已经达到目的,下面继续关于haproxy的动静分离机制和haproxy 统计信息输出机制的实现.
三、后端Web Server(RS1/RS2,意为Real Server)配置
在拓扑图中规划RS1为客户端请求的动态内容提供服务,RS2为客户端请求静态内容提供服务
1.为RS1提供动态内容页面(我这里使用直接使用一个php的测试页)
# yum install -y php php-mysql
# vim /var/www/html/index.php
Real Server1
# service httpd start
Starting httpd:
# 2.RS2提供图片或者html网页文档
#放个html网页文档
# vim /var/www/html/index.html
Real Server2
#放张图片
# cd /var/www/html/
# ls
index.htmltux_windows.jpg
#四、测试:
1.静态内容测试:
http://s3.运维网.com/wyfs02/M01/25/91/wKioL1Nk0NHRfKc4AAKaGLmRN7g736.jpg
2.动态内容测试:
http://s3.运维网.com/wyfs02/M00/25/91/wKiom1Nk0Q7Tn-gEAAGExi6iiwg216.jpg
3.haproxy统计页面输出机制:
http://s3.运维网.com/wyfs02/M01/25/91/wKiom1Nk1sPQK9moAAEt9p1EaGc349.jpghttp://s3.运维网.com/wyfs02/M02/25/91/wKioL1Nk1pPhQTWtAAiePdxMzxg541.jpg
haproxy的动静分离以及统计信息的输出机制在两个代理节点上都正常的情况下没有问题,最后再次将某一代理服务关闭后还是一样访问正常;基于keepalived的haproxy高可用实验成功!
页:
[1]