1、介紹:
【HAProxy】是高性能的代理服務器,其可以提供7層和4層代理,具有healthcheck,負載均衡等多種特性,性能卓越
【KeepAlived】是一個高可用方案,通過VIP(即虛擬IP)和心跳檢測來實現高可用,也通過該vip實現訪問。其原理是存在一組(兩臺)服務器
默認情況下Master會綁定VIP到自己的網卡上,對外提供服務。如果Backup發現Master宕機,那麼Backup會發送ARP包到網關,把VIP綁定到自己的網卡,此時Backup對外提供服務,實現自動化的故障轉移,當Master恢復的時候會重新接管服務。
2、環境:
web1:192.168.1.78
web2:192.168.1.241
web3:192.168.1.133
web4:192.168.1.244
haproxy+keepalived1:192.168.1.22
haproxy+keepalived1:192.168.1.9
vip1:192.168.1.189(www.inbank.com)
vip2:192.168.1.199(image.inbank.com)
3、需求:
默認情況下,第一臺負載均衡器主要分發www.baison.com.cn的請求,第二臺負載均衡器主要分發img.baison.com.cn的請求。任意一臺宕機都不會影響網站分發。這樣不會導致服務器浪費。
4、keepavlied+haproxy安裝略,直接進入haproxy和keepalived配置
【192.168.1.22】上的haproxy配置:
[root@master etc]# cat /usr/local/haproxy/etc/haproxy.cfg |grep -v "#"|sed '/^$/d'
global
log 127.0.0.1 local1 notice
maxconn 4096
chroot /usr/share/haproxy
uid 99
gid 99
daemon
pidfile /usr/local/haproxy/haproxy.pid
defaults
log global
mode http
retries 3
maxconn 2000
contimeout 5000
clitimeout 50000
srvtimeout 50000
stats uri /haproxy-stats
balance roundrobin
frontend WEB_SITE
bind :80
acl web hdr(host) -i www.inbank.com
acl img hdr(host) -i image.inbank.com
use_backend webserver if web
use_backend imgserver if img
backend webserver
mode http
balance roundrobin
server web_1 192.168.1.78:80 check inter 2000 fall 5 weight 1
server web_2 192.168.1.241:80 check inter 2000 fall 5 weight 1
backend imgserver
mode http
option httpchk /index.php
balance roundrobin
server web_1 192.168.1.133:80 check inter 2000 fall 5 weight 1
server web_1 192.168.1.244:80 check inter 2000 fall 5 weight 1
192.168.1.22上的keepalived配置
[root@master keepalived]# cat keepalived.conf|grep -v "#"|sed '/^$/d'
!Configuration File for keepalived
global_defs {
router_id LVS_DEVEL
}
vrrp_script chk_haproxy {
script "/usr/local/keepalived/check_haproxy.sh"
interval 2
weight 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 88
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 5555
}
track_script {
chk_haproxy
}
virtual_ipaddress {
192.168.1.189
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 89 ---#id不能跟VI_1一樣
priority 99---#
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.199
}
}
檢測腳本,爲了防止haproxy服務關閉導致keepalived不自動切換。
#vim /usr/local/keepalived/check_haproxy.sh
#!/bin/bash
if [ $(ps -C haproxy --no-header | wc -l) -eq 0 ]; then
/usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/etc/haproxy.cfg
fi
sleep 2
if [ $(ps -C haproxy --no-header | wc -l) -eq 0 ]; then
/etc/init.d/keepalived stop
fi
4、啓動keepalived服務和haproxy,然後查看日誌,看看是否有2個vip
tail -n 30 /var/log/messages
Oct 23 13:49:13 master Keepalived_vrrp: VRRP_Instance(VI_2) Entering BACKUP STATE
Oct 23 13:49:13 master Keepalived_vrrp: VRRP sockpool: [ifindex(2), proto(112), fd(7,8)]
Oct 23 13:49:13 master Keepalived_vrrp: VRRP_Instance(VI_1) Transition to MASTER STATE
Oct 23 13:49:14 master Keepalived_vrrp: VRRP_Instance(VI_1) Entering MASTER STATE
Oct 23 13:49:14 master Keepalived_vrrp: VRRP_Instance(VI_1) setting protocol VIPs.
Oct 23 13:49:14 master Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.1.189
Oct 23 13:49:14 master avahi-daemon[2879]: Registering new address record for 192.168.1.189 on eth0.
Oct 23 13:49:19 master Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.1.189
##從192.168.1.22上可以看出,VI_2已經進入了backup角色,VI_1已經進入了master,並且已經綁定了192.168.1.189在eth0網卡
[root@master keepalived]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0c:29:06:ed:78 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.22/24 brd 192.168.1.255 scope global eth0
inet 192.168.1.189/32 scope global eth0
inet6 fe80::20c:29ff:fe06:ed78/64 scope link
valid_lft forever preferred_lft forever
3: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
####從 192.168.1.9 haproxy和keepalived配置
haproxy不變,只是keepalived配置裏的角色,權限需要跟master兌換下就可以了
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 88
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 5555
}
track_script {
chk_haproxy
}
virtual_ipaddress {
192.168.1.189
}
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 89
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.199
}
}
啓動haproxy和keepalived服務,查看vip是否已經綁定在eth0網卡
Oct 23 14:00:26 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Entering BACKUP STATE
Oct 23 14:00:26 localhost Keepalived_vrrp: VRRP sockpool: [ifindex(2), proto(112), fd(10,11)]
Oct 23 14:00:27 localhost Keepalived_vrrp: VRRP_Instance(VI_2) Transition to MASTER STATE
Oct 23 14:00:28 localhost Keepalived_vrrp: VRRP_Instance(VI_2) Entering MASTER STATE
Oct 23 14:00:28 localhost Keepalived_vrrp: VRRP_Instance(VI_2) setting protocol VIPs.
Oct 23 14:00:28 localhost Keepalived_vrrp: VRRP_Instance(VI_2) Sending gratuitous ARPs on eth0 for 192.168.1.199
[root@localhost keepalived]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0c:29:2b:be:1a brd ff:ff:ff:ff:ff:ff
inet 192.168.1.9/24 brd 192.168.1.255 scope global eth0
inet 192.168.1.199/32 scope global eth0
inet6 fe80::20c:29ff:fe2b:be1a/64 scope link
valid_lft forever preferred_lft forever
3: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
四、web上的配置
在對應web上新增相關虛擬機 www.inbank.com,image.inbank.com
此處爲了實驗方便,就直接yum 安裝了apache,在apache配置上的配置如下:
##web1 web2
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot /var/www/html/inbank
ServerName www.inbank.com
ErrorLog logs/dummy-host.example.com-error_log
CustomLog logs/dummy-host.example.com-access_log common
</VirtualHost>
###web3 web4類似
在客戶端修改hosts,新增以下2條記錄
192.168.1.189 www.inbank.com
192.168.1.199 image.inbank.com
然後分別訪問這2個網址,如下:
[root@master keepalived]# for i in `seq 1 4`;do curl http://image.inbank.com;done
img_133
img_244
img_133
img_244
[root@master keepalived]# for i in `seq 1 4`;do curl http://www.inbank.com;done
inbank_78
inbank_241
inbank_78
inbank_241
--如果出現以上的話,那就木有問題了
接下來測試高可用,停止master上的keepalived服務
[root@master keepalived]# /etc/init.d/keepalived stop
Stopping keepalived: [ OK ]
然後查看backup上的狀態
Oct 23 14:00:33 localhost Keepalived_vrrp: VRRP_Instance(VI_2) Sending gratuitous ARPs on eth0 for 192.168.1.199
Oct 23 14:08:04 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Transition to MASTER STATE
Oct 23 14:08:05 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Entering MASTER STATE
Oct 23 14:08:05 localhost Keepalived_vrrp: VRRP_Instance(VI_1) setting protocol VIPs.
Oct 23 14:08:05 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.1.189
說明BACKUP已經接替MASTER了,然後再訪問這2個網址,沒問題的話,就大功告成了
##查看haproxy web 監控頁面
http://192.168.1.189/haproxy-stats
或者http://192.168.1.199/haproxy-stats
#另,內核優化:
#haproxy+keepalived做前端,基本是tcp相關的內核優化,如下優化是一朋友線上環境用的,同樣也適合lvs
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.ipv4.ip_conntrack_max = 25000000
net.ipv4.netfilter.ip_conntrack_max=25000000
net.ipv4.netfilter.ip_conntrack_max=6553600
#####【另】
1、在此HAProxy+Keepalivp負載均衡高可用架構中,我們是如何解決session的問題呢?我們這裏採用的是它自身的balance source機制,它跟Nginx的ip_hash機制原理類似,是讓客戶機訪問時始終訪問後端的某一臺真實的web服務器,這樣讓session就固定下來了;
2、option httpchk HEAD /index.jsp HTTP/1.0 是網頁監控,如果HAProxy檢測不到Web的根目錄下沒有index.jsp,就會產生503報錯。
3、有網友配置HAProxy時喜歡用listen IP:80這樣的格式,這樣其實不好,做負載均衡高可用時由於從機分配不到VIP地址,會導致從機啓動不了,我建議用bind *:80的方式代替。