Keepalived+Haproxy负载均衡

Posted liang-yao

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Keepalived+Haproxy负载均衡相关的知识,希望对你有一定的参考价值。

HAProxy是一个使用C语言编写的自由及开放源代码软件,其提供高可用性、负载均衡,以及基于TCP和HTTP的应用程序代理。 HAProxy特别适用于那些负载特大的web站点,这些站点通常又需要会话保持或七层处理。HAProxy运行在当前的硬件上,完全可以支持数以万计的并发连接。并且它的运行模式使得它可以很简单安全的整合进您当前的架构中, 同时可以保护你的web服务器不被暴露到网络上。

 

环境:

HAProxy服务器:192.168.200.101、192.168.200.102

虚拟服务器(VIP):192.168.200.100、192.168.200.110

DNS轮询:     192.168.200.100、192.168.200.110

 

1. 安装HAProxy:#两节点HAProxy配置一致

wget http://www.haproxy.org/download/1.7/src/haproxy-1.7.8.tar.gz

tar xzvf haproxy-1.7.8.tar.gz

cd haproxy-1.7.8/

make TARGET=linux31 CPU=x86_64 PREFIX=/usr/local/haproxy

#uname -r中查看内核版本号为 3.10.0-514.el7.x86_64 则TARGET=linux31 CPU=x86_64

make install PREFIX=/usr/local/haproxy

 

 

创建haproxy用户和组

groupadd haproxy

useradd -g haproxy -s /sbin/nologin haproxy

 

创建配置文件

mkdir /usr/local/haproxy/conf/

vim /usr/local/haproxy/conf/haproxy.cfg

#全局配置


global


#设置日志


log 127.0.0.1 local3 info


#haproxy安装目录


chroot /usr/local/haproxy


#用户与用户组


user haproxy


group haproxy


#守护进程方式启动


daemon


#进程数量


nbproc 1


#每个进程最大连接数


maxconn 65535


 


#默认设置


defaults


log global


#模式(tcp:三层|http:七层|health:只返回ok)


mode http


option httplog


#服务端保持长连接


option http-pretend-keepalive


 


#不记录健康检查日志


option dontlognull


#每次请求完毕后关闭http通道


option httpclose


#服务端响应后主动关闭请求连接,不检查客户端应答确认


option forceclose


#如果后端服务器宕机,强制切换到其他服务器


option redispatch


#丢弃由于客户端等待时间过长但仍在等待队列中的请求


option abortonclose


#传递client端的IP地址给server端,并写入“X-Forward_for”首部中


option forwardfor except 127.0.0.0/8


#记录客户端访问的目的地IP


option originalto


#同一IP地址的所有请求发送到同一服务器


balance source


#三次连接失败,判断服务不可用


retries 3


#检测超时时间


timeout check 5s


#http请求超时时间


timeout http-request 5s


#一个请求在队列中超时时间


timeout queue 10s


timeout connect 5000


timeout client 50000


timeout server 50000


#前端配置,http_front名称自定义


frontend http_front


bind *:80


mode http


option httplog


option dontlognull


option httpclose


#acl规则


#创建一个acl acl_http_www.a.com, 用于判断主机名是否为www.a.com,-i 忽略大小写


acl acl_www.a.com hdr_end(host) -i www.a.com


acl acl_bbs.a.com hdr_end(host) -i bbs.a.com


#判断ua是否是android


acl acl_m.a.com hdr_reg(User-Agent) -i android


#判断url文件的结尾


acl acl_path_end path_end -i .php .php5


#如果acl_www.a.com规则被触发,则将客户端请求分发到web1


use_backend web1 if acl_www.a.com


use_backend web2 if acl_bbs.a.com


use_backend   m  if acl_m.a.com


use_backend php  if acl_path_end


 


#默认页面defailt_site


default_backend default_site


 


#haproxy统计页面

listen admin_stats


bind 0.0.0.0:8080


stats enable


mode http


#统计页面url


stats uri /haproxy?stats


#登录页面提示信息


stats realm "haproxy status page"


#用户名 密码


stats auth admin:admin


#隐藏版本信息


stats hide-version


#通过认证才能管理


stats admin if TRUE


#自动刷新时间


stats refresh 10s


default_backend http_back


 


#后端配置,http_back名称自定义


backend http_back


#负载均衡模式


#source  根据源IP


#static-rr 根据权重


#leastconn 最少连接优先处理


#url 根据请求url


#url_param 根据请求url参数


#rdp-cookie 根据cookie(name)来锁定并hash每一次请求


#hdr(name) 根据http请求头来锁定每一次http请求


#roundrobin 轮询方式


balance roundrobin


#设置健康检查页面


option httpchk GET /index.html


#传递客户端真实IP


option forwardfor header X-Forwarded-For


#inter 2000 健康检查时间间隔2秒


#rise 3 检测3次认为正常运行


#fall 3 失败3次认为不可用


#weight 30 权重30


backend web1


server web11 192.168.200.108:80 check inter 2000 rise 3 fall 3 weight 30


server web12 192.168.200.103:80 check inter 2000 rise 3 fall 3 weight 30


backend web2


server web21 192.168.200.104:80 check inter 2000 rise 3 fall 3 weight 30


server web22 192.168.200.105:80 check inter 2000 rise 3 fall 3 weight 30


backend php


server php1 192.168.200.106:80 check inter 2000 rise 3 fall 3 weight 30


backend m


server m1 192.168.200.107:80 check inter 2000 rise 3 fall 3 weight 30


backend default_site


server web00 192.168.200.109:80 check inter 2000 rise 3 fall 3 weight 30

日志设置

vim /etc/rsyslog.conf

15 $ModLoad imudp

16 $UDPServerRun 514

92 local3.* /var/log/haproxy

 

systemctl restart rsyslog

启动

/usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/conf/haproxy.cfg

 

开机启动

echo "/usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/conf/haproxy.cfg" >> /etc/rc.d/rc.local

chmod +x /etc/rc.d/rc.local

 

 

安装keepalived

yum install -y libnl-devel popt-devel openssl-devel popt-static libnfnetlink libnfnetlink-devel kernel-devel

reboot

cd /usr/local/src

wget http://www.keepalived.org/software/keepalived-1.3.4.tar.gz

tar -xzvf keepalived-1.3.4.tar.gz

cd keepalived-1.3.4

./configure

make && make install

编译的时候出现下面的提示,说明keepalived和内核结合了,否则请检查是否安装上面的软件包

技术分享图片

cp /usr/local/src/keepalived-1.3.4/keepalived/etc/init.d/keepalived /etc/init.d/

cp /usr/local/src/keepalived-1.3.4/keepalived/etc/sysconfig/keepalived /etc/sysconfig/

mkdir /etc/keepalived/

cp /usr/local/src/keepalived-1.3.4/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/

cp /usr/local/src/keepalived-1.3.4/bin/keepalived /usr/sbin/

 

配置keepalived-MASTER

vim /etc/keepalived/keepalived.conf

 

global_defs {

notification_email {

[email protected]

}

notification_email_from [email protected]

smtp_server smtp.domain.com

smtp_connect_timeout 30

router_id LVS_DEVEL

}

vrrp_script chk_http_port {

script "/etc/keepalived/check_haproxy.sh"

interval 2

weight 2

}

vrrp_instance VI_1 {

state MASTER

interface ens32

virtual_router_id 51

mcast_src_ip 192.168.200.101

priority 100

advert_int 1

authentication {

auth_type PASS

auth_pass 1111

}

track_script {

chk_http_port

}

virtual_ipaddress {

192.168.200.100

}

}

vrrp_instance VI_2 {

state BACKUP

interface ens32

virtual_router_id 52

priority 90

advert_int 1

authentication {

auth_type PASS

auth_pass 1111

}

virtual_ipaddress {

192.168.200.110

}

}

 

配置keepalived-BACKUP

global_defs {

notification_email {

[email protected]

}

notification_email_from [email protected]

smtp_server smtp.domain.com

smtp_connect_timeout 30

router_id LVS_DEVEL

}

vrrp_script chk_http_port {

script "/etc/keepalived/check_haproxy.sh"

interval 2

weight 2

}

vrrp_instance VI_1 {

state BACKUP

interface ens32

virtual_router_id 51

mcast_src_ip 192.168.200.102

priority 90

advert_int 1

authentication {

auth_type PASS

auth_pass 1111

}

track_script {

chk_http_port

}

virtual_ipaddress {

192.168.200.100

}

}

vrrp_instance VI_2 {

state BACKUP

interface ens32

virtual_router_id 52

priority 100

advert_int 1

authentication {

auth_type PASS

auth_pass 1111

}

virtual_ipaddress {

192.168.200.110

}

}

 

脚本(两节点相同)

vim /etc/keepalived/check_haproxy.sh

#!/bin/bash

if [ $(ps -C haproxy --no-header | wc -l) -eq 0 ]; then

/etc/init.d/haproxy  start

fi

sleep 2

if [ $(ps -C haproxy --no-header | wc -l) -eq 0 ]; then

/etc/init.d/keepalived stop

fi

 

启动

systemctl start keepalived

systemctl enable keepalived

 

ip addr | grep "192.168.200"

inet 192.168.200.101/24 brd 192.168.200.255 scope global ens32

inet 192.168.200.100/32 scope global ens32

 

ip addr | grep "192.168.200"

inet 192.168.200.102/24 brd 192.168.200.255 scope global ens32

inet 192.168.200.110/32 scope global ens32

 

当其中一台主机宕机后:

ip addr | grep "192.168.200"

inet 192.168.200.101/24 brd 192.168.200.255 scope global ens32

inet 192.168.200.100/32 scope global ens32

inet 192.168.200.110/32 scope global ens32

  

以上是关于Keepalived+Haproxy负载均衡的主要内容,如果未能解决你的问题,请参考以下文章

Haproxy负载均衡+Keepalived高可用web群集

HAproxy+keepalived/pacemaker实现高可用,负载均衡技术

haproxy+keepalived实现高可用负载均衡

Keepalived + Haproxy实现负载均衡高可用

HAProxy+Keepalived 高可用负载均衡

Haproxy + keepalived 负载均衡日志定制