一,軟件介紹
HAProxy提供高可用性、負載均衡以及基於TCP和HTTP應用的代理,支持虛擬主機,它是免費、快速並且可靠的一種解決方案,適用於那些負載特大的web站點,這些站點通常又需要會話保持或七層處理。HAProxy運行在當前的硬件上,完全可以支持數以萬計的併發連接。並且它的運行模式使得它可以很簡單安全的整合進您當前的架構中,同時可以保護你的web服務器不被暴露到網絡上。
keepalived可提供vrrp以及health-check功能,可以只用它提供雙機浮動的vip(vrrp虛擬路由功能),這樣可以簡單實現一個雙機熱備高可用功能,類似於layer3, 4 & 5交換機制的軟件,也就是我們平時說的第3層、第4層和第5層交換,作用是檢測web服務器的狀態,如果有一臺web服務器死機,或工作出現故障,Keepalived將檢測到,並將有故障的web服務器從系統中剔除,當web服務器工作正常後Keepalived自動將web服務器加入到服務器羣中,這些工作全部自動完成,不需要人工干涉,需要人工做的只是修復故障的web服務器
二、實驗環境
haproxy keepalived 主:192.168.1.201
haproxy keepalived 備:192.168.1.202
vip:192.168.1.130
web:192.168.1.201:80 192.168.1.202:80
效果如圖:
三、搭建過程
1.安裝keepalived
[root@centos-node1 src]# wget http://www.keepalived.org/software/keepalived-1.2.8.tar.gz
[root@centos-node1 src]# tar -zxvf keepalived-1.2.8.tar.gz
[root@centos-node1 src]# cd keepalived-1.2.8
[root@centos-node1 keepalived-1.2.8]# ./configure-prefix=/usr/local/keepalived
編譯安裝後有提示
Keepalivedconfiguration
------------------------
Keepalivedversion : 1.2.8
Compiler : gcc
Compiler flags : -g -O2
Extra Lib : -lpopt -lssl -lcrypto -lcrypt
Use IPVSFramework : Yes
IPVS sync daemonsupport : Yes
IPVS use libnl : No
Use VRRPFramework : Yes
Use VRRP VMAC : Yes
SNMP support : No
SHA1 support : No
Use Debug flags : No
出現以上情況,表示編譯成功。。。
另外如果要用到lvs的話,use ipvsframework必須是yes的
[root@centos-node1keepalived-1.2.8]# make && make install
[root@centos-node1keepalived-1.2.8]# cp /usr/local/keepalived/etc/rc.d/init.d/keepalived/etc/init.d/keepalived
[root@centos-node1keepalived-1.2.8]# cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
[root@centos-node1keepalived-1.2.8]# cp /usr/local/keepalived/etc/sysconfig/keepalived/etc/sysconfig/
[root@centos-node1keepalived-1.2.8]#mkdir /etc/keepalived/
[root@centos-node1keepalived-1.2.8]#cp/usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
[root@centos-node1keepalived-1.2.8]# chmod +x /etc/init.d/keepalived
[root@centos-node1keepalived-1.2.8]# chkconfig --add /etc/init.d/keepalived
[root@centos-node1keepalived-1.2.8]# vim /etc/keepalived/keepalived.conf
! Configuration Filefor keepalived
global_defs {
notification_email {
}
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id HAPROXY_MASTER #標示狀態爲MASTER 備份機爲BACKUP
}
vrrp_scriptchk_haproxy {
script"/usr/local/keepalived/check_haproxy.sh" #定義監控haproxy腳本
interval 2
weight 2
track_script {
chk_haproxy
}
vrrp_instance VI_1 {
state MASTER
interface eth1
virtual_router_id master
priority 110 #MASTER權重要高於BACKUP 比如BACKUP爲99
advert_int 1
authentication {
auth_type PASS #主從服務器驗證方式
auth_pass 1111
}
track_script {
chk_haproxy
}
virtual_ipaddress {
192.168.1.130 #可以多個虛擬IP,換行即可
}
}
BACKUP 端配置和MASTER幾乎一樣,可以直接用scp 從MASTER 端複製一份過來,做以下修改即
可:
router_id backup
state BACKUP
priority 100
2.安裝haproxy
[root@centos-node1 src]wget http://haproxy.1wt.eu/download/1.4/src/haproxy-1.4.24.tar.gz
[root@centos-node1 src]#tar zxvf haproxy-1.4.24.tar.gz
[root@centos-node1 src]#cd haproxy-1.4.24
[root@centos-node1 haproxy-1.4.24]#make TARGET=linux26 ARCH=x86_64 PREFIX=/usr/local/haproxy/
[root@centos-node1 haproxy-1.4.24]# make install PREFIX=/usr/local/haproxy/
[root@centos-node1 haproxy-1.4.24]# cp examples/haproxy.cfg /etc/haproxy.cfg
[root@centos-node1 haproxy-1.4.24]# cp examples/haproxy.init /etc/init.d/haproxy
[root@centos-node1 haproxy-1.4.24]#chmod +x /etc/init.d/haproxy
[root@centos-node1 haproxy-1.4.24]# chkconfig --add haproxy
[root@centos-node1 haproxy-1.4.24]# chkconfig --list haproxy
[root@centos-node1 haproxy-1.4.24]# ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy
[root@centos-node1 haproxy-1.4.24]# mkdir /etc/haproxy/
[root@centos-node1 haproxy-1.4.24]# mv /etc/haproxy.cfg /etc/haproxy/
[root@centos-node1 haproxy-1.4.24]# vim /etc/haproxy/haproxy.cfg
# this config needshaproxy-1.1.28 or haproxy-1.2.1
global
log 127.0.0.1 local3 #日誌輸出配置,所有日誌都記錄在本機,通過local0輸出
maxconn 4096 #最大連接數
chroot /usr/local/haproxy #改變當前工作目錄。
uid99
gid99
nbproc1
daemon
pidfile /usr/local/haproxy/haproxy.pid
defaults
log127.0.0.1 local4
mode http #默認的模式mode{ tcp|http|health}tcp是4層http是7層,health只會返回OK
option httplog
option dontlognull
retries 3
optionredispatch
maxconn 2000
contimeout 5000
clitimeout 50000
srvtimeout 50000
listen stats
mode http
bind 192.168.1.130:8888
stats enable
stats refresh3s
stats hide-version
stats uri /haproxy-status #統計頁面url
stats auth admin:admin
stats adminif TRUE
frontend 192.168.1.130 #前臺
bind *:8080 #監聽 建議用*.8080
mode http
option httplog
log global
default_backend test_web
backend test_web #後臺
option forwardfor header wm-client-ip
balance source #負載均衡模式source,它跟LVS的persistent和Nginx的ip_hash一樣
#option httpchk HEAD /index.jsp HTTP/1.0
server web-node1 192.168.1.201:80 check inter 2000 rise 2 fall 3
server web-node2 192.168.1.202:80 check inter 2000 rise 2 fall 3
3.幾點注意事項,,
1.option httpchk HEAD /index.jsp HTTP/1.0 是網頁監控,如果HAProxy檢測不到Web的根目錄下沒有index.jsp,就會產生503報錯。
2.有人配置HAProxy時喜歡用listen 192.168.1.130:8080這樣的格式,這樣其實不好,做負載均衡高可用時由於從機分配不到VIP地址,會導致從機啓動不了,我建議用bind *:8080的方式代替。
3.check inter 1500 是檢測心跳頻率,rise 2是2次正確認爲服務器可用,fall 3是3次失敗認爲服務器不可用
檢查配置文件
[root@centos-node1~]# haproxy -c -f /etc/haproxy/haproxy.cfg
Configuration fileis valid
修改syslog
[root@centos-node1 haproxy-1.4.24]# vim /etc/rsyslog.conf
local3.* /usr/local/haproxy/logs/haproxy_global.log
local4.* /usr/local/haproxy/logs/haprosy_web.log
haproxy兩端配置完全一樣。。。
4.keepalived 檢查haproxy的腳本
作用:爲了防止haproxy down掉,keepalived不切換。
[root@centos-node1~]# cat /usr/local/keepalived/check_haproxy.sh
#!/bin/bash
if [ $(ps -C haproxy--no-header | wc -l) -eq 0 ]; then
/etc/init.d/haproxy start
fi
sleep 2
if [ $(ps -C haproxy--no-header | wc -l) -eq 0 ]; then
/etc/init.d/keepalived stop
fi
5.啓動keepalived,haproxy,驗證結果。。。。
啓動之後會發現MASTER會多出個虛擬的ip
[root@centos-node1~]# ip addr
1: lo:<LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth1:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen1000
link/ether 08:00:27:0c:3a:62 brdff:ff:ff:ff:ff:ff
inet 192.168.1.201/24 brd 192.168.1.255scope global eth1
inet 192.168.1.130/32 scope global eth1
inet6 fe80::a00:27ff:fe0c:3a62/64 scopelink
valid_lft forever preferred_lft forever
不出意外的話,,你就能想看到你想要的結果嘍。
四、HAProxy的監控頁面,很實用哦。。
http://192.168.1.230:8888/haproxy-status
五、haproxy的算法介紹
HAProxy的算法有如下8種:
1、roundrobin,表示簡單的輪詢,這個不多說,這個是負載均衡基本都具備的;
2、static-rr,表示根據權重,建議關注;
3、leastconn,表示最少連接者先處理,建議關注;
4、source,表示根據請求源IP,建議關注;
5、uri,表示根據請求的URI;
6、url_param,表示根據請求的URl參數'balanceurl_param' requires an URL parameter name
7、hdr(name),表示根據HTTP請求頭來鎖定每一次HTTP請求;
8、rdp-cookie(name),表示根據據cookie(name)來鎖定並哈希每一次TCP請求。