一、部署HAProxy(2臺) 1、安裝 yum install HAProxy 2、配置 vim /etc/haproxy/haproxy.cfg global #全局配置 log 127.0.0.1 local3 #日誌紀錄位置 chroot /var/lib/haproxy #haproxy的工作目錄 pidfile /var/run/haproxy.pid #pid文件位置 maxconn 4000 #最大連接數 user haproxy #運行時使用的用戶身份 group haproxy #運行時使用的組身份 daemon #啓動爲守護進程,不加此處運行在前臺 stats socket /var/lib/haproxy/stats #本地訪問stats統計信息時以套接字方式通信 defaults #默認配置 mode http #已http模式運行 log global #默認日誌爲全局配置中日誌的設置 option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 #除本機外所有發往服務器的請求首部中加入“X-Forwarded-For”首部 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 #前端最大併發連接數 #--------------------------------------------------------------------- # main frontend which proxys to the backends #--------------------------------------------------------------------- frontend web *:80 #acl url_static path_beg -i /static /images /javascript /stylesheets #acl url_static path_end -i .jpg .gif .png .css .js .html .txt .htm #acl url_dynamic path_begin -i .php .jsp #default_backend static_srv if url_static #use_backend dynamic_srv if url_dynamic use_backend varnish_srv #--------------------------------------------------------------------- # round robin balancing between the various backends #--------------------------------------------------------------------- backend varnish_srv balance uri #使用基於URL的一致性哈希調度算法 hash-type consistent server varnish1 192.168.50.56:9527 check server varnish2 192.168.50.57:9527 check listen stats #開啓HAProxy圖形化Web管理功能 bind :9091 stats enable stats uri /simpletime?admin stats hide-version stats auth admin:hequan.123 stats admin if TRUE 3、啓動 systemctl start haproxy systemctl status haproxy systemctl enable haproxy netstat -lntup 二、在haproxy部署keepalived 1、安裝 yum install -y keepalived 2、配置 vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { router_id proxy1 } vrrp_script chk_haproxy { script "killall -0 haproxy" interval 1 weight -20 } vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 100 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.50.200/24 } track_script { chk_down chk_haproxy } notify_master "/etc/keepalived/changemail.py master" notify_backup "/etc/keepalived/changemail.py backup" notify_fault "/etc/keepalived/changemail.py fault" } 3、啓動 systemctl start keepalived.service systemctl enable keepalived.service systemctl status keepalived.service 報警郵件設置 vim /etc/keepalived/changemail.py #!/usr/bin/python # -*- coding: UTF-8 -*- import smtplib import socket import time from email.MIMEText import MIMEText from email.Utils import formatdate from email.Header import Header import sys #發送郵件的相關信息,根據實際情況填寫 smtpHost = 'XXXXXXXXXXXXXXXXXXX' smtpPort = '25' sslPort = '110' fromMail = 'XXXXXXXXXXXXXXXXX' toMail = 'XXXXXXXXXXXX' username = 'XXXXXXXXXX' password = 'XXXXXXX' #解決中文問題 reload(sys) sys.setdefaultencoding('utf8') #郵件標題和內容 subject = socket.gethostname() + " HA status has changed" body = (time.strftime("%Y-%m-%d %H:%M:%S")) + " vrrp transition, " + socket.gethostname() + " changed to be " + sys.argv[1] #初始化郵件 encoding = 'utf-8' mail = MIMEText(body.encode(encoding),'plain',encoding) mail['Subject'] = Header(subject,encoding) mail['From'] = fromMail mail['To'] = toMail mail['Date'] = formatdate() try: #連接smtp服務器,明文/SSL/TLS三種方式,根據你使用的SMTP支持情況選擇一種 #普通方式,通信過程不加密 smtp = smtplib.SMTP(smtpHost,smtpPort) smtp.ehlo() smtp.login(username,password) #tls加密方式,通信過程加密,郵件數據安全,使用正常的smtp端口 #smtp = smtplib.SMTP(smtpHost,smtpPort) #smtp.ehlo() #smtp.starttls() #smtp.ehlo() #smtp.login(username,password) #純粹的ssl加密方式,通信過程加密,郵件數據安全 #smtp = smtplib.SMTP_SSL(smtpHost,sslPort) #smtp.ehlo() #smtp.login(username,password) #發送郵件 smtp.sendmail(fromMail,toMail,mail.as_string()) smtp.close() print 'OK' except Exception: print 'Error: unable to send email' chmod +x /etc/keepalived/changemail.py 三、部署varnsh(2臺) 1、安裝 yum install varnish -y 2、配置 vim /etc/varnish/varnish.params VARNISH_LISTEN_PORT=9527 #更改默認端口 vim /etc/varnish/default.vcl #修改配置文件 vcl 4.0; ##############啓用負載均衡模塊############### import directors; ################定義Purge-ACL控制####################### acl purgers { "127.0.0.1"; "192.168.50.0"/24; } # Default backend definition. Set this to point to your content server. ##############配置健康狀態探測############## probe HE { #靜態檢測 .url = "/health.html"; #指定檢測URL .timeout = 2s; #探測超時時長 .window = 5; #探測次數 .threshold = 2; #探測次數成功多少次纔算健康 .initial = 2; #Varnish啓動探測後端主機2次健康後加入主機 .interval = 2s; #探測間隔時長 .expected_response = 200; #期望狀態響應碼 } probe HC { #動態監測 .url = "/health.php"; .timeout = 2s; .window = 5; .threshold = 2; .initial = 2; .interval = 2s; .expected_response = 200; } #############添加後端主機################ backend web1 { .host = "192.168.50.58:80"; .port = "80"; .probe = HC; } backend web2 { .host = "192.168.50.59:80"; .port = "80"; .probe = HC; } backend app1 { .host = "192.168.50.60:80"; .port = "80"; .probe = HE; } backend app2 { .host = "192.168.50.61:80"; .port = "80"; .probe = HE; } #############定義負載均衡及算法############### sub vcl_init { new webcluster = directors.round_robin(); webcluster.add_backend(web1); webcluster.add_backend(web2); new appcluster = directors.round_robin(); appcluster.add_backend(app1); appcluster.add_backend(app2); } ################定義vcl_recv函數段###################### sub vcl_recv { #####ACL未授權,不允許PURGE,並返回405##### if (req.method == "PURGE") { if(!client.ip ~ purgers){ return(synth(405,"Purging not allowed for" + client.ip)); } return (purge); } #####添加首部信息,使後端服務記錄訪問者的真實IP # if (req.restarts == 0) { # set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip; # } else { # set req.http.X-Forwarded-For = client.ip; # } # set req.backend_hint = webcluster.backend(); # set req.backend_hint = appcluster.backend(); #注:因爲Varnish不是一級代理,配置forward只能取到上級代理IP,而上級代理IP,本身就包含在HAProxy發送過來的Forward裏,所以沒必要配置,而後端服務器只要日誌格式有啓用記錄Forward信息,並且上級代理沒有做限制,那麼,就能獲取到客戶端真實IP; #####動靜分離##### if (req.url ~ "(?i)\.(php|asp|aspx|jsp|do|ashx|shtml)($|\?)") { set req.backend_hint = webcluster.backend(); }else{ set req.backend_hint = appcluster.backend(); } #####不正常的請求不緩存##### if (req.method != "GET" && req.method != "HEAD" && req.method != "PUT" && req.method != "POST" && req.method != "TRACE" && req.method != "OPTIONS" && req.method != "PATCH" && req.method != "DELETE") { return (pipe); } #####如果請求不是GET或者HEAD,不緩存##### if (req.method != "GET" && req.method != "HEAD") { return (pass); } #####如果請求包含Authorization授權或Cookie認證,不緩存##### if (req.http.Authorization || req.http.Cookie) { return (pass); } #####啓用壓縮,但排除一些流文件壓縮##### if (req.http.Accept-Encoding) { if (req.url ~ "\.(bmp|png|gif|jpg|jpeg|ico|gz|tgz|bz2|tbz|zip|rar|mp3|mp4|ogg|swf|flv)$") { unset req.http.Accept-Encoding; } elseif (req.http.Accept-Encoding ~ "gzip") { set req.http.Accept-Encoding = "gzip"; } elseif (req.http.Accept-Encoding ~ "deflate") { set req.http.Accept-Encoding = "deflate"; } else { unset req.http.Accept-Encoding; } } return (hash); } ####################定義vcl_pipe函數段################# sub vcl_pipe { return (pipe); } sub vcl_miss { return (fetch); } ####################定義vcl_hash函數段################# sub vcl_hash { hash_data(req.url); if (req.http.host) { hash_data(req.http.host); } else { hash_data(server.ip); } if (req.http.Accept-Encoding ~ "gzip") { hash_data ("gzip"); } elseif (req.http.Accept-Encoding ~ "deflate") { hash_data ("deflate"); } } ##############設置資源緩存時長################# sub vcl_backend_response { if (beresp.http.cache-control !~ "s-maxage") { if (bereq.url ~ "(?i)\.(jpg|jpeg|png|gif|css|js|html|htm)$") { unset beresp.http.Set-Cookie; set beresp.ttl = 3600s; } } } ################啓用Purge##################### sub vcl_purge { return(synth(200,"Purged")); } ###############記錄緩存命中狀態############## sub vcl_deliver { if (obj.hits > 0) { set resp.http.X-Cache = "HIT from " + req.http.host; set resp.http.X-Cache-Hits = obj.hits; } else { set resp.http.X-Cache = "MISS from " + req.http.host; } unset resp.http.X-Powered-By; unset resp.http.Server; unset resp.http.Via; unset resp.http.X-Varnish; unset resp.http.Age; } 3、啓動 systemctl start varnish.service systemctl enable varnish.service systemctl status varnish.service 4、查看,加載配置,因爲還沒有配置後端應用服務器,可以看到後端主機健康檢測全部處於Sick狀態 #varnishadm -S /etc/varnish/secret -T 127.0.0.1:6082 200 varnish> vcl.load conf1 default.vcl 200 VCL compiled. varnish> vcl.use conf1 200 VCL 'conf1' now active varnish> backend.list 200 Backend name Refs Admin Probe web1(192.168.50.58,,80) 2 probe Sick 0/5 web2(192.168.50.59,,80) 2 probe Sick 0/5 app1(192.168.50.60,,80) 2 probe Sick 0/5 app2(192.168.50.61,,80) 2 probe Sick 0/5
集羣一 HAProxy+keepalived+varnsh
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.