首页 > 代码库 > Haproxy、Keepalived双主高可用负载均衡

Haproxy、Keepalived双主高可用负载均衡

一、Haproxy和Keepalived简介

1、Haproxy

HAProxy提供高可用性、负载均衡以及基于TCP和HTTP应用的代理,支持虚拟主机。它是免费、快速并且可靠的一种解决方案。特别适用于那些负载特大的web站点,这些站点通常又需要会话保持或七层处理。HAProxy运行在当前的硬件上,完全可以支持数以万计的并发连接。并且它的运行模式使得它可以很简单安全的整合进您当前的架构中, 同时可以保护你的web服务器不被暴露到网络上。

2、Keepalived

keepalived是一个类似于layer3, 4 & 7交换机制的软件,也就是我们平时说的第3层、第4层和第7层交换,检测web服务器的状态,如果有一台web服务器死机,或工作出现故障,Keepalived将检测到,并将有故障的web服务器从系统中剔除,当web服务器工作正常后Keepalived自动将web服务器加入到服务器群中,这些工作全部自动完成,不需要人工干涉,需要人工做的只是修复故障的web服务器。

二、实验架构图

wKioL1NqGxTQNSf9AADUyzbhGR0432.jpg

三、实验环境

OS:centos6.5x86_64

apache:httpd-2.2.15-29.el6.centos.x86_64

haproxy:haproxy-1.4.24-2.el6.x86_64

keepalived:keepalived-1.2.7-3.el6.x86_64

四、实验目的

1、Haproxy+Keepalived双主双机高可用模型,keepalived为Haproxy主从提供高可用保证haproxy-master若挂掉haproxy-backup能无缝接管,haproxy为后端Web提供负载均衡,缓解并发压力,实现WEB站点负载均衡+高可用性;

2、Haproxy反代web做动静分离;

五、实验配置

1、前端配置

(1)Haproxy1配置

首先配置Keepalived

[root@localhost ~]# yum install keepalived -y
[root@localhost ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {                        
   notification_email {       //指定Keepalived在发送生事件时,需要发送email到的对象
     rootr@localhost
     hyd@localhost
   }
   notification_email_from warning@localhost
   smtp_server 127.0.0.1   #指定发送email的smtp服务器
   smtp_connect_timeout 30
   router_id LVS_DEVEL_hyd  #运行Keepalived的机器的一个标识
}
vrrp_script chk_haproxy {   #检测Haprox服务状态
      script "killall -0 haproxy"  #服务探测,返回0说明服务是正常的
      interval 1
      weight 2  #Haproxy上线,权重加2;下线,权重减2
}
vrrp_instance VI_1 {      #双主实例1
    state MASTER     #haproxy1(172.16.6.1)为主,haproxy 2(172.16.6.2)为备
    interface eth0
    virtual_router_id 60 #实例1的VRID为60
    garp_master_delay 1 #在切换到master状态后,延迟进行gratuitous ARP请求
    priority 100 #主(172.16.6.1)的优先级为100,从的(172.16.6.2)优先级为99
    advert_int 1 #查询间隔
    authentication {
        auth_type PASS  # 认证方式,支持PASS和AH
        auth_pass 123456
    }
    virtual_ipaddress {  #漂移地址 实例1的vip
        172.16.6.100/16 dev eth0
    }
    track_interface {#设置额外的监控,里面任意一个出现问题,都会进入fault状态
         eth0
 }
    track_script {
        chk_haproxy #追踪脚本
    }
#通知脚本
    notify_master "/etc/keepalived/notify.sh master"
    notify_backup "/etc/keepalived/notify.sh backup"
    notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance VI_2 {
    state BACKUP    #实例2在haproxy1(172.16.6.1)上是备,在haproxy(172.16.6.2)上是主
    interface eth0
    virtual_router_id 120
    garp_master_delay 1
    priority 200  z#实例2在hapeoxy1上的优先级是200,在haproxy 2上的优先级是201
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        172.16.6.200/16 dev eth0
    }
    track_interface {
         eth0
    }
    track_script {
        chk_haproxy
    }

为Keepalived提供脚本

[root@localhost ~]# vim /etc/keepalived/notify.sh
#!/bin/bash
# Author: MageEdu <linuxedu@foxmail.com>   脚本使用请注明出处
# description: An example of notify script
#
vip=172.16.6.100
contact=‘root@localhost‘
notify() {
mailsubject="`hostname` to be $1: $vip floating"
mailbody="`date ‘+%F %H:%M:%S‘`: vrrp transition, `hostname` changed to be $1"
echo$mailbody | mail -s "$mailsubject"$contact
}
case"$1"in
master)
notify master
/etc/rc.d/init.d/haproxystart
exit0
;;
backup)
notify backup
/etc/rc.d/init.d/haproxystop
exit0
;;
fault)
notify fault
/etc/rc.d/init.d/haproxystop
exit0
;;
*)
echo‘Usage: `basename $0` {master|backup|fault}‘
exit1
;;
esac

    赋予执行权限 chmod +x /etc/keepalived/notify.sh

接着配置Haproxy

[root@localhost ~]# yum -y install haproxy
[root@localhost ~]# vim /etc/haproxy/haproxy.cfg
global
   log         127.0.0.1 local2
   chroot      /var/lib/haproxy  #chroot运行的路径,增加安全性
    pidfile     /var/run/haproxy.pid
    maxconn     4000  #默认最大连接数
    user        haproxy
    group       haproxy
    daemon    #守护进程运行
# turn on stats unix socket
 stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the ‘listen‘ and ‘backend‘ sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http  #指定haproxy的工作模式为http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close  #当客户端超时时,允许服务器关闭连接
    option forwardfor       except 127.0.0.0/8 #传递客户端ip
    option                  redispatch  #在使用了基于cookie的会话保持的时候,通常需要加这么一项,一旦后端某一server宕机时,能够将其会话重新派发到其它的upstream servers
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000
frontend  proxy *:80   #前端代理
    acl url_static       path_beg       -i /static /images /javascript /stylesheets
    acl url_static       path_end       -i .jpg .gif .png .css .js
    acl dynamic_content  path_end       -i .php
    use_backend static          if url_static
    default_backend             dynamic
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend static   #后端静态服务器
    balance     roundrobin
    server      web1 172.16.6.10:80 inter 3000 rise 2 fall 3 check maxconn 5000
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend dynamic  #后端动态服务器
    balance     roundrobin
    server   web2 172.16.6.20:80 inter 3000 rise 2 fall 3 check maxconn 5000
listen statistics #启用stats查看,认证等功能:默认在/haproxy?stats
        mode http
        bind *:8080 #监听的地址和端口
        stats enable #开启stats功能
 stats auth admin:admin 登陆用户名和密码
        stats uri /admin?stats #指定uri访问路径
        stats hide-version #隐藏软件版本号
        stats admin if TRUE  #如果认证通过了就允许管理
        stats refresh 5s #页面自动刷新间隔
        acl allow src 172.16.0.0/16   #定义访问控制列表
        tcp-request content accept if allow
        tcp-request content reject

(2)Haproxy2配置

与Haproxy1大致相同,不同地方会提醒大家哦!!!

首先配置Keepalived

[root@localhost ~]# yum install keepalived -y
[root@localhost ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
   notification_email {
     rootr@localhost
     hyd@localhost
   }
   notification_email_from warning@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL_hyd
}
vrrp_script chk_haproxy {
      script "killall -0 haproxy"
      interval 1
      weight 2
}
vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 120 #使用VRID将路由器进行分组,具有相同VRID值的路由器为同一个组
    garp_master_delay 1
    priority 201#
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        172.16.6.200/16 dev eth0
    }
    track_interface {
         eth0
    }
 track_script {
        chk_haproxy
    }
    notify_master "/etc/keepalived/notify.sh master"
    notify_backup "/etc/keepalived/notify.sh backup"
    notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance VI_2 {
    state BACKUP
    interface eth0
    virtual_router_id 60
    garp_master_delay 1
    priority 99
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        172.16.6.100/16 dev eth0
    }
    track_interface {
         eth0
    }
    track_script {
        chk_haproxy
    }

脚本同Haproxy1的相同,只需把脚本里的vip改为172.16.6.200。

接着配置Haproxy

因为Haproxy1的Haproxy与Haproxy2的Haproxy是相同的,都是将服务代理至后端服务器,可以直接使用Haproxy1的Haproxy的配置。

[root@localhost ~]# scp /etc/haproxy/haproxy.cfg root@172.16.6.2:/etc/haproxy/

(3)启动Keepalived,Haproxy并测试,测试Keepalived高可用

 Haproxy1 Haproxy2 启动Keepalived,Haproxy

[root@localhost ~]# service keepalived start
[root@localhost ~]# service haproxy start

对于Haproxy1,效果如下

wKioL1NqNXPSwgHrAADIR2cUzY0414.jpg

对于Haproxy2,效果如下

wKioL1NqNcmwuvlqAADBIgzZtIs057.jpg关闭Haproxy1的Haproxy服务测试,vip飘移

wKiom1NqNs6hwBDbAAC6-StoKnQ619.jpg查看Haproxy2,接收到了Haproxy1飘过来的vip

wKioL1NqNvixUYXmAADVktO89xY289.jpg2、后端配置

(1)配置web1, 配置静态页面

[root@station36 html]# cd /var/www/html
[root@station36 html]# vim index.html
<h1> static web station 172.16.6.10 </h1>
[root@station36 html]# service httpd start

(2)配置web2, 配置页动态页面

[root@localhost ~]# yum install php -y
[root@localhost ~]# cd /var/www/html
[root@localhost html]#  vim index.php
<h1> static web station 172.16.6.20
<?php
        phpinfo();
?>
</h1>

(3)Haproxy动静分离机制

请求静态内容

首先在web1(172.16.6.10)的网页目录下放入hyd.jpg

wKiom1NqPuqyOD2PAACUs4dECig135.jpg

请求静态内容:访问172.16.6.200/hyd.jpg

wKioL1NqPuLSfVlEAACUvrZwMZs832.jpg

请求动态内容:访问172.16.6.200

wKiom1NqTReBSrMzAAE7oGG1YC0433.jpg

Haproxy统计页面的输出

wKiom1NqTm3hj6LDAAE8xCLo-AA288.jpg

wKiom1NqRBaBeUReAAf97qmuDxI778.jpg

本文出自 “青鸟” 博客,请务必保留此出处http://shhyd.blog.51cto.com/3708009/1408185