首页 > 代码库 > Haproxy+keepalived高可用、负载均衡安装部署方案
Haproxy+keepalived高可用、负载均衡安装部署方案
1 环境说明
前端两台haproxy+keepalived互为主从,提供高可用;另外基于不同域名访问不同的虚拟ip实现负载均衡
1.1 环境描述
服务器A(主、从):eth0:10.241.51.245 eth1:192.168.1.9
服务器B(从、主):eth2:10.241.51.246 eth1:192.168.1.10
服务器C(web01):eth0:10.241.51.247
服务器D(web02):eth0:10.241.51.248
VIP1:10.241.51.240 (www.a.com)
VIP2:10.241.51.250 (www.b.com)
System OS:CentOS 5.8 2.6.32-431.el6.x86_64
1.2 系统软件
haproxy-1.4.24.tar.gz
ipvsadm-1.24.tar.gz
keepalived-1.2.12.tar.gz
pcre-8.33.tar.gz
2 安装配置部署
2.1 安装前准备
yum install gcc gcc-c++ gcc* openssl* popt-devel -y
[ -d /root/soft ] || [ mkdir /root/soft ]
wget http://haproxy.1wt.eu/download/1.4/src/haproxy-1.4.24.tar.gz -P /root/soft
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.33.tar.gz -P /root/soft
wget http://keepalived.org/software/keepalived-1.2.12.tar.gz -P /root/soft
2.2 安装配置haproxy
2.2.1 安装haproxy
两台haproxy服务器安装配置完全相同,分别在两台上面安装配置
cd /root/soft
tar zxvf haproxy-1.4.24.tar.gz
cd haproxy-1.4.24
make TARGET=linux26 ARCH=x86_64
make install
mkdir /etc/haproxy
cp examples/haproxy.cfg /etc/haproxy
cp examples/haproxy.init /etc/init.d/haproxy
chmod +x /etc/init.d/haproxy
ln -s /usr/local/sbin/haproxy /usr/sbin/
mkdir /usr/share/haproxy
chkconfig haproxy on
2.2.2 配置haproxy
两台haproxy服务器安装配置完全相同,分别在两台上面安装配置
#vim /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local0 #日志输出配置,所有日志都记录在本机,通过local0输出
log 127.0.0.1 local1 notice
maxconn 4096 #最大连接数
chroot /usr/share/haproxy #改变当前工作目录。
uid 99 #所属用户的uid
gid 99 #所属用户的gid
daemon #以后台形式运行haproxy
#debug
#quiet
defaults
log global
mode http
#默认的模式mode { tcp|http|health },tcp是4层,http是7层,health只会返回OK
option httplog
option dontlognull
option redispatch
#当serverId对应的服务器挂掉后,强制定向到其他健康的服务器
option abortonclose
#当服务器负载很高的时候,自动结束掉当前队列处理比较久的链接
retries 3 #两次连接失败就认为是服务器不可用
maxconn 2000 #默认的最大连接数
#timeout http-keep-alive 10s
# timeout queue 1m
contimeout 5000 #连接超时
clitimeout 50000 #客户端超时
srvtimeout 50000 #服务器超时
timeout check 5s #心跳检测超时
stats refresh 30s #统计页面自动刷新时间
stats uri /stats #统计页面url
stats realm baison-test-Haproxy #统计页面密码框上提示文本
stats auth admin:admin123 #统计页面用户名和密码设置
stats hide-version #隐藏统计页面上HAProxy的版本信息
frontend www
bind *:80
#这里建议使用bind *:80的方式,要不然做集群高可用的时候有问题,vip切换到其他机器就不能访问了。
acl web hdr(host) -i www.a.com
#acl后面是规则名称,-i是要访问的域名,如果访问www.zhirs.com这个域名就分发到下面的webserver 的作用域。
acl img hdr(host) -i www.b.com
#如果访问img.baison.com.cn就分发到imgserver这个作用域。
use_backend webserver if web
use_backend imgserver if img
backend webserver #webserver作用域
mode http
balance roundrobin
#banlance roundrobin 轮询,balance source 保存session值,支持static-rr,leastconn,first,uri等参数
option httpchk /index.html
#检测文件,如果分发到后台index.html访问不到就不再分发给它
server web01 10.241.51.247:80 check inter 2000 fall 3 weight 30
server web02 10.241.51.248:80 check inter 2000 fall 3 weight 30
backend imgserver
mode http
option httpchk /index.php
balance roundrobin
server img01 10.241.51.247:81 check inter 2000 fall 3 weight 100
server img02 10.241.51.248:81 check inter 2000 fall 3 weight 10
#设置基于权值的轮叫调度,访问服务器A10次,访问B1次
启动服务:service haproxy start
2.2.3 测试haproxy监控界面
10.241.51.245监控:
10.241.51.246监控:
2.3 安装配置keepalived
2.3.1 安装keepalived
两台服务器安装相同
uname -r
ln -s /usr/src/kernels/2.6.32-431.el6.x86_64/ /usr/src/linux
tar zxvf ipvsadm-1.24.tar.gz
cd ipvsadm-1.24
make && make install
tar zxvf keepalived-1.1.19.tar.gz
cd keepalived-1.1.19
./configure --prefix=/usr/local/keepalived
make && make install
cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
cp /usr/local/keepalived/etc/sysconfig/keepalived/etc/sysconfig/
cp /usr/local/keepalived/etc/rc.d/init.d/keepalived/etc/init.d/
mkdir /etc/keepalived
cp /usr/local/etc/keepalived/keepalived.conf/etc/keepalived/
chkconfig --add keepalived
2.3.2 配置keepalived
Keepalived 第一台配置:
#vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
xxxxxxxxx@qq.com
}
notification_email_from keepalived@y.to
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_http_port {
#script "/bin/nginx_pid.sh"
script "/bin/check_haproxy.sh"
interval 2
weight 2
}
vrrp_instance VI_1 {
state MASTER #辅机为 BACKUP
interface eth0
virtual_router_id 51
mcast_src_ip 10.241.51.254
priority 100 #权值要比backup高
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_http_port ### 执行监控的服务
}
virtual_ipaddress {
10.241.51.250
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 52
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.241.51.240
}
}
Keepalived 第二台配置:
#vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
xxxxxxx`@qq.com
}
notification_email_from keepalived@y.to
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_http_port {
#script "/bin/nginx_pid.sh"
script "/bin/check_haproxy.sh"
interval 2
weight 2
}
vrrp_instance VI_1 {
state BACKUP
interface eth2 #注意此处网卡序号
virtual_router_id 51
mcast_src_ip 10.241.51.254
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_http_port ### 执行监控的服务
}
virtual_ipaddress {
10.241.51.250
}
}
vrrp_instance VI_2 {
state MASTER
interface eth2 #注意此处网卡序号
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.241.51.240
}
}
2.3.3 监控haproxy进程脚本
两台keepalived脚本相同
[root@node01 soft]# cat /bin/check_haproxy.sh
#!/bin/bash
if [ $(ps -C haproxy --no-header | wc -l)-eq 0 ]; then
/etc/init.d/haproxy start
fi
sleep 5
if [ $(ps -C haproxy --no-header | wc -l)-eq 0 ]; then
/etc/init.d/keepalived stop
fi
两台keepalived服务器均启动keepalived服务: service keepalived start
添加到开机启动项目:chkconfig--add keepalived && chkconfig keepalived on
2.4 管理haproxy\keepalived
2.4.1 查看虚拟ip信息
# ip addr
Keepalived01:10.241.51.245
Keepalived02:10.241.51.246
2.4.2 测试网站高可用和负载均衡
正常访问网站:www.a.com www.b.com,前提是绑定本地hosts或者设置dns域名解析
测试基于权值的轮叫调度访问:访问A10次才能访问B1次
关闭一台haproxy,访问两个网站:均可以访问(观察虚拟ip的变化,虚拟ip均迁移到第二台)
恢复第一台的haproxy,观察虚拟ip变化:虚拟ip恢复为默认
建议:
a.最好是将虚拟两个ip均绑定到两个网站域名,从而实现真正的负载均衡和高可用;或者两个upstream对应后端相同的物理应用服务器
10.241.51.240 www.a.com
10.241.51.240 www.b.com
10.241.51.250 www.a.com
10.241.51.250 www.b.com
b.脚本中可以增加网络层面的监控,保证网络和服务任何一个不可用,均切换
c.对于特殊的url访问规则,haproxy无法实现的情况,可以考虑采用nginx+keepalived+脚本监控服务实现