Centos7-Haproxy+Keepalived架构

Posted 2020-08-24

需求：使用Haproxy对两台nginx做负载均衡，并且两台Haproxy之间做keepalived，Nginx代理后端tomcat

Haproxy（keepalived）主：172.16.10.102

Haproxy（keepalived）备：172.16.10.142

keepalived vip：172.16.10.188

Nginx1:172.16.10.162

Nginx2:172.16.10.167

安装Haproxy并设置日志以及Nginx配置这里就不说了

 

配置Haproxy（两台一样）

# vim /etc/haproxy/haproxy.cfg

global

   log         127.0.0.1 local2

    chroot      /var/lib/haproxy

    pidfile     /var/run/haproxy.pid

    maxconn     4000

    user        haproxy

    group       haproxy

    daemon

    stats socket/var/lib/haproxy/stats

 

defaults

    mode                    tcp

    log                     global

    option                  tcplog

    option                  dontlognull

    option http-server-close

    option forwardfor       except 127.0.0.0/8

    option                  redispatch

    retries                 3

    timeout http-request    10s

    timeout queue           1m

    timeout connect         10s

    timeout client          100m

    timeout http-keep-alive 10s

    timeout check           10s

    maxconn                 3000

 

listen nginx-http

        bind 0.0.0.0:80

        mode tcp

        balance source

        server s1 172.16.10.167:80check

        server s2 172.16.10.162:80check

listen nginx-https

        bind 0.0.0.0:443

        mode tcp

        balance source

        server s1 172.16.10.167:443check

        server s2 172.16.10.162:443check

 

安装keepalived

# yum install keepalived -y

 

配置keepalived主

# vim /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {

   interval 2

   weight 2

   router_id LVS_DEVEL

}

vrrp_script chk_haproxy {

        script"/etc/keepalived/check_haproxy.sh"

        interval 2

        weight 2

}

vrrp_instance VI_1 {

    state MASTER

    interface eno16777736  #用来发VRRP包的网卡

    virtual_router_id 51

    priority 100

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 5555

    }

track_script {

        chk_haproxy  #监测haproxy进程状态

    }

    virtual_ipaddress {

        172.16.10.188

    }

}

 

配置keepalived备

# vim /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {

   interval 2

   weight 2

   router_id LVS_DEVEL

}

vrrp_script chk_haproxy {

        script"/etc/keepalived/check_haproxy.sh"

        interval 2

        weight 2

}

vrrp_instance VI_1 {

    state BACKUP

    interface eno16777736  #用来发VRRP包的网卡

    virtual_router_id 51

    priority 99

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 5555

    }

track_script {

        chk_haproxy  #监测haproxy进程状态

    }

    virtual_ipaddress {

        172.16.10.188

    }

}

 

Haproxy进程状态检测脚本

# vim /etc/keepalived/check_haproxy.sh

#!/bin/bash

Hostname=Haproxy-102

date=`date +"%Y-%m-%d %H:%M:%S"`

[email protected]

 

if [ `ps -C haproxy --no-header | wc -l` -eq 0 ];then

systemctl start haproxy

echo "$date $Hostname Haproxy started by keepalived" | mail -s"$Hostname Haproxy started by keepalived" $mail

fi

 

Keepalived主从切换状态检测脚本

因为keepalived在vip切换时，在haproxy日志中会有输出，所以检测haproxy日志就可以

# vim /usr/local/shell/check_keepalived.sh

#!/bin/bash

#主机名

Hostname=Haproxy-102  

#收件人

mail=********@163.com  

#记录上一次的行数

Last_num_d=/tmp/keepalived/lastnum

#日志目录

Log_directory=/var/log/haproxy

 

#目录判断

d_judge(){

 [ ! -d $1 ] && mkdir -p $1

}

 

d_judge $Last_num_d

 

for logfile in `ls $Log_directory | grep haproxy.log`; do

    #先判断当前日志目录是否为空，为空直接退出循环

    [ ! -s $Log_directory/$logfile ]&& echo "`date` $logfile is empty" && continue

    #判断记录上一次检查的行数的文件是否存在，不存在则给一个初始值

    [ ! -f"$Last_num_d/$logfile" ] && echo 1 > $Last_num_d/$logfile

    #将上一次值赋给变量

    last_count=`cat$Last_num_d/$logfile`

    new_last_count=`expr $last_count+ 1`

    #将当前的行数值赋给变量

    current_count=`grep -Fc"" $Log_directory/$logfile`

    #判断当前行数跟上一次行数是否相等，相等则退出当前循环

    [ $last_count -eq $current_count] && echo "`date` $logfile no change" && continue

    #由于日志文件每天都会截断，因此会出现当前行数小于上一次行数的情况，此种情况出现则将上一次行数置1

    [ $last_count -gt $current_count] && last_count=1 && echo $last_count > $Last_num_d/$logfile&& continue

    #截取上一次检查到的行数至当前行数的日志并检索出含有" removed "字段的日志，并重定向到相应的ERROR日志文件

    sed -n"$new_last_count,$current_count p" $Log_directory/$logfile | grep ‘IP172.16.10.188 removed‘ > $Error_log/$logfile && echo "`date`$logfile error " || echo "`date` $logfile changed but no error"

    #判断ERROR日志是否存在且不为空，不为空则说明有错误日志，继而发送报警信息

    [ -s $Error_log/$logfile ] && echo -e"$HOSTNAME \n `cat $Error_log/$logfile`" | mail -s "$HostnameKeepalived VIP Removed" $mail

    #截取上一次检查到的行数至当前行数的日志并检索出含有" added "字段的日志，并重定向到相应的ERROR日志文件

    sed -n"$new_last_count,$current_count p" $Log_directory/$logfile | grep ‘IP172.16.10.188 added‘ > $Error_log/$logfile && echo "`date`$logfile error " || echo "`date` $logfile changed but no error"

    #判断ERROR日志是否存在且不为空，不为空则说明有错误日志，继而发送报警信息

    [ -s $Error_log/$logfile ]&& echo -e "$HOSTNAME \n `cat $Error_log/$logfile`" | mail -s"$Hostname Keepalived VIP Added" $mail

    #结束本次操作之后把当前的行号作为下一次检索的last number

    echo $current_count >$Last_num_d/$logfile

done

 

添加计划任务每分钟执行

# crontab -e

* * * * * /usr/local/shell/check_keepalived.sh