1.简介

Haproxy

Haproxy,实现负载均衡的一个方式之一,与其相同的还有LVS以及Nginx。负载均衡是集群服务器常用的一个高可用方案之一,其原理就是利用一定的配置以及算法,将用户访问后端服务器的流量分摊开来,从而缓解某一个节点的服务器负载过高的情况,进一步避免服务器宕机及故障,因此称之为负载均衡。

Keepalived

Keepalived,利用Vrrp的原理,将两台路由器或服务器设置为主备,主备两个节点通过Keepalived协议连接着,互相监听对方心跳,此时,主节点处于工作状态,备用节点处于待机状态,一旦主节点出现故障,备用节点监听不到主节点的存在,将取代主节点工作,成为新的主节点(此时可在Keepalived上配置邮件服务,通知管理员主节点已宕机,需要维护)。当主节点维修完毕后,继续成为主节点而存在,从而在一定程度上保障集群的高可用。

2.测试环境

测试机

四台虚拟机,分别为DS1, DS2, RS1, RS2
OS:CentOS 6.10

主 DIP:192.168.82.62
备 DIP:192.168.82.63
WEB1 RIP:192.168.82.64
WEB2 RIP:192.168.82.65

说明

DS1:前端负载均衡器节点1
DS2:前端负载均衡器节点2
RS1:后端真实工作的服务器1
RS2:后端真实工作的服务器2
VIP:用户请求的目标IP地址
RIP:后端服务器的真实IP地址

测试前,可将iptable关闭,正式环境下若出现两台主机均获取到VIP的情况,可在防火墙下添加该规则
-A INPUT -p vrrp -j ACCEPT

3. Keepalived的安装与配置

1) DS1上的配置

yum install -y keepalived                                   
mv /etc/keepalived/keepalived.conf {,.bak}       
vim /etc/keepalived/keepalived.conf

将以下内容粘贴到配置文件中

! Configuration File for keepalived

    global_defs {
       notification_email {         #当节点出错时需要通知的邮箱,需要额外开启邮件发送,例如postfix
[email protected]
       }
       notification_email_from [email protected]
       smtp_server localhost        #smtp服务器地址,这里填写localhost即可
       smtp_connect_timeout 30
       router_id DS1
    }

    vrrp_instance VI_1 {
        state MASTER            #填写节点属性,这里DS1是作为主节点,所以使用MASTER
        interface eth0          #与网卡名称一致,如果这里使用的是CentOS7的虚拟机,那么就应该是ensxxx
        virtual_router_id 50
        priority 100            #优先值,选举时优先值大的作为主节点,这里默认为100,所以备用节点应该比这个值小
        advert_int 1
        authentication {        #设置验证消息,两个节点需要一致
            auth_type PASS
            auth_pass 1111
        }
        virtual_ipaddress {     #设置VIP地址,两个节点必须一致
            192.168.82.100/32 dev eth0
        }
        track_interface {
            chk_haproxy
        }
    }

保存退出,启用服务并设置开机启动

service keepalived start
chkconfig keepalived on

查看网卡信息
ip a

eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
        link/ether 00:0c:29:30:dc:4f brd ff:ff:ff:ff:ff:ff
        inet 192.168.82.62/24 brd 192.168.82.255 scope global eth0
        inet 192.168.82.100/32 scope global eth0
        inet6 fe80::20c:29ff:fe30:dc4f/64 scope link
           valid_lft forever preferred_lft forever

可以看到上面已经有192.168.82.100存在

2) DS2上的配置

yum install -y keepalived                                   
mv /etc/keepalived/keepalived.conf {,.bak}       
vim /etc/keepalived/keepalived.conf

将以下内容粘贴到配置文件中

    ! Configuration File for keepalived

    global_defs {
       notification_email {
[email protected]
       }
       notification_email_from [email protected]
       smtp_server localhost
       smtp_connect_timeout 30
       router_id DS2
    }

    vrrp_instance VI_1 {
        state Backup        #备用节点,所以改为Backup
        interface eth0        #与网卡名称一致,如果这里使用的是CentOS7的虚拟机,那么就应该是ensxxx
        virtual_router_id 50
        priority 99            #这里优先值需要比主节点小
        advert_int 1
        authentication {    #设置验证消息,两个节点需要一致
            auth_type PASS
            auth_pass 1111
        }
        virtual_ipaddress {    #设置VIP地址,两个节点必须一致
            192.168.82.100/32 dev eth0
        }
        track_interface {
            chk_haproxy
        }
}

同一集群的keepalived的主、备机的virtual_router_id 必须相同,取值0-255 但是同一内网中不应有相同virtual_router_id的集群。

保存退出,启用服务并设置开机启动

service keepalived start
chkconfig keepalived on

查看网卡信息
ip a

eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
        link/ether 00:0c:29:5a:60:48 brd ff:ff:ff:ff:ff:ff
        inet 192.168.82.63/24 brd 192.168.82.255 scope global eth0
        inet 192.168.82.100/32 scope global eth0
        inet6 fe80::20c:29ff:fe5a:6048/64 scope link
           valid_lft forever preferred_lft forever

可以看到上面已经有192.168.82.100存在

若此时DS1与DS2同时开启的话,可能DS2上无法看到VIP,此时应该先停止DS1上的keepalived上的服务
事后记得开回来

3) 验证方法

用任意一台同一网段内的主机ping vip的地址,即192.168.82.100,这个时候DS1属于主节点而运行,这个时候我们将DS1 shutdown,会发现ping包断开,但是过了一阵子又能ping通,说明主节点挂掉之后,备用节点接替了主节点成为新的master而工作,Keepalived验证成功

4. Haproxy的配置

由于DS1与DS2的配置文档一致,所以只写一份

1)Haproxy配置文件

yum -y install haproxy
mv /etc/haproxy/haproxy.cfg{,.bak}
vim /etc/haproxy/haproxy.cfg

将以下内容粘贴到配置文件内

global
        log         127.0.0.1 local2
        chroot      /var/lib/haproxy
        pidfile     /var/run/haproxy.pid
        maxconn     4000
        user        haproxy
        group       haproxy
        daemon
        # turn on stats unix socket
        stats socket /var/lib/haproxy/stats
        

    defaults
        mode                    http
        log                     global
        option                  httplog
        option                  dontlognull
        option http-server-close
        option forwardfor       except 127.0.0.0/8
        option                  redispatch
        retries                 3
        timeout http-request    10s
        timeout queue           1m
        timeout connect         10s
        timeout client          1m
        timeout server          1m
        timeout http-keep-alive 10s
        timeout check           10s
        maxconn                 3000
    frontend proxy *:80
        acl    dynamic_content    path_end    -i .php .html
        default_backend    dynamic

    backend dynamic
        balance    roundrobin   //轮询算法
        server    web1    192.168.82.64:80 inter 3000 rise 2 fall 3 check maxconn 5
        server    web2    192.168.82.65:80 inter 3000 rise 2 fall 3 check maxconn 5

    listen statistics
            mode http
            bind *:8080    
            stats enable   
            stats auth admin:admin    
            stats uri /admin?stats    
            stats hide-version        
            stats admin if TRUE
            stats refresh 5s
            acl allow src 192.168.82.0/24
            tcp-request content accept if allow
            tcp-request content reject

保存退出

2) 配置HTTPD

使用httpd来演示haproxy的切换情况

开启防火墙,允许80端口访问,两台WEB都要执行
iptables -I INPUT 5 -p tcp -m tcp --dport 80 -j ACCEPT

WEB1:

yum -y install httpd

sed -i 's/ServerTokens OS/ServerTokens Prod/' /etc/httpd/conf/httpd.conf
sed -i 's/KeepAlive Off/KeepAlive On/g' /etc/httpd/conf/httpd.conf
sed -i 's/AllowOverride None/AllowOverride All/g' /etc/httpd/conf/httpd.conf
sed -i 's/\#ServerName www.example.com:80/ServerName locathost:80/g' /etc/httpd/conf/httpd.conf
sed -i 's/DirectoryIndex index.html index.html.var/DirectoryIndex index.html index.html.var index.htm/g' /etc/httpd/conf/httpd.conf
sed -i 's/ServerSignature On/ServerSignature Off/g' /etc/httpd/conf/httpd.conf

/etc/rc.d/init.d/httpd start
chkconfig httpd on
        
cat >/var/www/html/index.html << END_TEXT
<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
Test Page 1
</div>
</body>
</html>
END_TEXT

chmod 755 /var/www.html/index.html

WEB2:

yum -y install httpd

sed -i 's/ServerTokens OS/ServerTokens Prod/' /etc/httpd/conf/httpd.conf
sed -i 's/KeepAlive Off/KeepAlive On/g' /etc/httpd/conf/httpd.conf
sed -i 's/AllowOverride None/AllowOverride All/g' /etc/httpd/conf/httpd.conf
sed -i 's/\#ServerName www.example.com:80/ServerName locathost:80/g' /etc/httpd/conf/httpd.conf
sed -i 's/DirectoryIndex index.html index.html.var/DirectoryIndex index.html index.html.var index.htm/g' /etc/httpd/conf/httpd.conf
sed -i 's/ServerSignature On/ServerSignature Off/g' /etc/httpd/conf/httpd.conf

/etc/rc.d/init.d/httpd start
chkconfig httpd on
        
cat >/var/www/html/index.html << END_TEXT
<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
Test Page 2
</div>
</body>
</html>
END_TEXT

chmod 755 /var/www.html/index.html

3) 验证方法

尝试访问192.168.82.100
看到页面后不断刷新,如果看到页面在不停切换,则说明Haproxy验证成功

4.验证Keepalived + Haproxy

验证Haproxy的过程中,如果停止DS1上的keepalived服务,仍然可以通过192.168.82.100访问到WEB的话,测试通过。

标签: 运维