1 環境說明
前端兩臺haproxy+keepalived互爲主從,提供高可用;另外基於不同域名訪問不同的虛擬ip實現負載均衡
1.1 環境描述
服務器A(主、從):eth0:10.241.51.245 eth1:192.168.1.9
服務器B(從、主):eth2:10.241.51.246 eth1:192.168.1.10
服務器C(web01):eth0:10.241.51.247
服務器D(web02):eth0:10.241.51.248
VIP1:10.241.51.240 (www.a.com)
VIP2:10.241.51.250 (www.b.com)
System OS:CentOS 5.8 2.6.32-431.el6.x86_64
1.2 系統軟件
haproxy-1.4.24.tar.gz
ipvsadm-1.24.tar.gz
keepalived-1.2.12.tar.gz
pcre-8.33.tar.gz
2 安裝配置部署
2.1 安裝前準備
yum install gcc gcc-c++ gcc* openssl* popt-devel -y
[ -d /root/soft ] || [ mkdir /root/soft ]
wget http://haproxy.1wt.eu/download/1.4/src/haproxy-1.4.24.tar.gz -P /root/soft
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.33.tar.gz -P /root/soft
wget http://keepalived.org/software/keepalived-1.2.12.tar.gz -P /root/soft
2.2 安裝配置haproxy
2.2.1 安裝haproxy
兩臺haproxy服務器安裝配置完全相同,分別在兩臺上面安裝配置
cd /root/soft
tar zxvf haproxy-1.4.24.tar.gz
cd haproxy-1.4.24
make TARGET=linux26 ARCH=x86_64
make install
mkdir /etc/haproxy
cp examples/haproxy.cfg /etc/haproxy
cp examples/haproxy.init /etc/init.d/haproxy
chmod +x /etc/init.d/haproxy
ln -s /usr/local/sbin/haproxy /usr/sbin/
mkdir /usr/share/haproxy
chkconfig haproxy on
2.2.2 配置haproxy
兩臺haproxy服務器安裝配置完全相同,分別在兩臺上面安裝配置
#vim /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local0 #日誌輸出配置,所有日誌都記錄在本機,通過local0輸出
log 127.0.0.1 local1 notice
maxconn 4096 #最大連接數
chroot /usr/share/haproxy #改變當前工作目錄。
uid 99 #所屬用戶的uid
gid 99 #所屬用戶的gid
daemon #以後臺形式運行haproxy
#debug
#quiet
defaults
log global
mode http
#默認的模式mode { tcp|http|health },tcp是4層,http是7層,health只會返回OK
option httplog
option dontlognull
option redispatch
#當serverId對應的服務器掛掉後,強制定向到其他健康的服務器
option abortonclose
#當服務器負載很高的時候,自動結束掉當前隊列處理比較久的鏈接
retries 3 #兩次連接失敗就認爲是服務器不可用
maxconn 2000 #默認的最大連接數
#timeout http-keep-alive 10s
# timeout queue 1m
contimeout 5000 #連接超時
clitimeout 50000 #客戶端超時
srvtimeout 50000 #服務器超時
timeout check 5s #心跳檢測超時
stats refresh 30s #統計頁面自動刷新時間
stats uri /stats #統計頁面url
stats realm baison-test-Haproxy #統計頁面密碼框上提示文本
stats auth admin:admin123 #統計頁面用戶名和密碼設置
stats hide-version #隱藏統計頁面上HAProxy的版本信息
frontend www
bind *:80
#這裏建議使用bind *:80的方式,要不然做集羣高可用的時候有問題,vip切換到其他機器就不能訪問了。
acl web hdr(host) -i www.a.com
#acl後面是規則名稱,-i是要訪問的域名,如果訪問www.zhirs.com這個域名就分發到下面的webserver 的作用域。
acl img hdr(host) -i www.b.com
#如果訪問img.baison.com.cn就分發到imgserver這個作用域。
use_backend webserver if web
use_backend imgserver if img
backend webserver #webserver作用域
mode http
balance roundrobin
#banlance roundrobin 輪詢,balance source 保存session值,支持static-rr,leastconn,first,uri等參數
option httpchk /index.html
#檢測文件,如果分發到後臺index.html訪問不到就不再分發給它
server web01 10.241.51.247:80 check inter 2000 fall 3 weight 30
server web02 10.241.51.248:80 check inter 2000 fall 3 weight 30
backend imgserver
mode http
option httpchk /index.php
balance roundrobin
server img01 10.241.51.247:81 check inter 2000 fall 3 weight 100
server img02 10.241.51.248:81 check inter 2000 fall 3 weight 10
#設置基於權值的輪叫調度,訪問服務器A10次,訪問B1次
啓動服務:service haproxy start
2.2.3 測試haproxy監控界面
10.241.51.245監控:
10.241.51.246監控:
2.3 安裝配置keepalived
2.3.1 安裝keepalived
兩臺服務器安裝相同
uname -r
ln -s /usr/src/kernels/2.6.32-431.el6.x86_64/ /usr/src/linux
tar zxvf ipvsadm-1.24.tar.gz
cd ipvsadm-1.24
make && make install
tar zxvf keepalived-1.1.19.tar.gz
cd keepalived-1.1.19
./configure --prefix=/usr/local/keepalived
make && make install
cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
cp /usr/local/keepalived/etc/sysconfig/keepalived/etc/sysconfig/
cp /usr/local/keepalived/etc/rc.d/init.d/keepalived/etc/init.d/
mkdir /etc/keepalived
cp /usr/local/etc/keepalived/keepalived.conf/etc/keepalived/
chkconfig --add keepalived
2.3.2 配置keepalived
Keepalived 第一臺配置:
#vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_http_port {
#script "/bin/nginx_pid.sh"
script "/bin/check_haproxy.sh"
interval 2
weight 2
}
vrrp_instance VI_1 {
state MASTER #輔機爲 BACKUP
interface eth0
virtual_router_id 51
mcast_src_ip 10.241.51.254
priority 100 #權值要比backup高
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_http_port ### 執行監控的服務
}
virtual_ipaddress {
10.241.51.250
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 52
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.241.51.240
}
}
Keepalived 第二臺配置:
#vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
xxxxxxx`@qq.com
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_http_port {
#script "/bin/nginx_pid.sh"
script "/bin/check_haproxy.sh"
interval 2
weight 2
}
vrrp_instance VI_1 {
state BACKUP
interface eth2 #注意此處網卡序號
virtual_router_id 51
mcast_src_ip 10.241.51.254
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_http_port ### 執行監控的服務
}
virtual_ipaddress {
10.241.51.250
}
}
vrrp_instance VI_2 {
state MASTER
interface eth2 #注意此處網卡序號
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.241.51.240
}
}
2.3.3 監控haproxy進程腳本
兩臺keepalived腳本相同
[root@node01 soft]# cat /bin/check_haproxy.sh
#!/bin/bash
if [ $(ps -C haproxy --no-header | wc -l)-eq 0 ]; then
/etc/init.d/haproxy start
fi
sleep 5
if [ $(ps -C haproxy --no-header | wc -l)-eq 0 ]; then
/etc/init.d/keepalived stop
fi
兩臺keepalived服務器均啓動keepalived服務: service keepalived start
添加到開機啓動項目:chkconfig--add keepalived && chkconfig keepalived on
2.4 管理haproxy\keepalived
2.4.1 查看虛擬ip信息
# ip addr
Keepalived01:10.241.51.245
Keepalived02:10.241.51.246
2.4.2 測試網站高可用和負載均衡
正常訪問網站:www.a.com www.b.com,前提是綁定本地hosts或者設置dns域名解析
測試基於權值的輪叫調度訪問:訪問A10次才能訪問B1次
關閉一臺haproxy,訪問兩個網站:均可以訪問(觀察虛擬ip的變化,虛擬ip均遷移到第二臺)
恢復第一臺的haproxy,觀察虛擬ip變化:虛擬ip恢復爲默認
建議:
a.最好是將虛擬兩個ip均綁定到兩個網站域名,從而實現真正的負載均衡和高可用;或者兩個upstream對應後端相同的物理應用服務器
10.241.51.240 www.a.com
10.241.51.240 www.b.com
10.241.51.250 www.a.com
10.241.51.250 www.b.com
b.腳本中可以增加網絡層面的監控,保證網絡和服務任何一個不可用,均切換
c.對於特殊的url訪問規則,haproxy無法實現的情況,可以考慮採用nginx+keepalived+腳本監控服務實現