Haproxy+Keepalived搭建
1.简介
Haproxy
Haproxy,实现负载均衡的一个方式之一,与其相同的还有LVS以及Nginx。负载均衡是集群服务器常用的一个高可用方案之一,其原理就是利用一定的配置以及算法,将用户访问后端服务器的流量分摊开来,从而缓解某一个节点的服务器负载过高的情况,进一步避免服务器宕机及故障,因此称之为负载均衡。
Keepalived
Keepalived,利用Vrrp的原理,将两台路由器或服务器设置为主备,主备两个节点通过Keepalived协议连接着,互相监听对方心跳,此时,主节点处于工作状态,备用节点处于待机状态,一旦主节点出现故障,备用节点监听不到主节点的存在,将取代主节点工作,成为新的主节点(此时可在Keepalived上配置邮件服务,通知管理员主节点已宕机,需要维护)。当主节点维修完毕后,继续成为主节点而存在,从而在一定程度上保障集群的高可用。
2.测试环境
测试机
四台虚拟机,分别为DS1, DS2, RS1, RS2
OS:CentOS 6.10
主 DIP:192.168.82.62
备 DIP:192.168.82.63
WEB1 RIP:192.168.82.64
WEB2 RIP:192.168.82.65
说明
DS1:前端负载均衡器节点1
DS2:前端负载均衡器节点2
RS1:后端真实工作的服务器1
RS2:后端真实工作的服务器2
VIP:用户请求的目标IP地址
RIP:后端服务器的真实IP地址
测试前,可将iptable关闭,正式环境下若出现两台主机均获取到VIP的情况,可在防火墙下添加该规则-A INPUT -p vrrp -j ACCEPT
3. Keepalived的安装与配置
1) DS1上的配置
yum install -y keepalived
mv /etc/keepalived/keepalived.conf {,.bak}
vim /etc/keepalived/keepalived.conf
将以下内容粘贴到配置文件中
! Configuration File for keepalived
global_defs {
notification_email { #当节点出错时需要通知的邮箱,需要额外开启邮件发送,例如postfix
[email protected]
}
notification_email_from [email protected]
smtp_server localhost #smtp服务器地址,这里填写localhost即可
smtp_connect_timeout 30
router_id DS1
}
vrrp_instance VI_1 {
state MASTER #填写节点属性,这里DS1是作为主节点,所以使用MASTER
interface eth0 #与网卡名称一致,如果这里使用的是CentOS7的虚拟机,那么就应该是ensxxx
virtual_router_id 50
priority 100 #优先值,选举时优先值大的作为主节点,这里默认为100,所以备用节点应该比这个值小
advert_int 1
authentication { #设置验证消息,两个节点需要一致
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { #设置VIP地址,两个节点必须一致
192.168.82.100/32 dev eth0
}
track_interface {
chk_haproxy
}
}
保存退出,启用服务并设置开机启动
service keepalived start
chkconfig keepalived on
查看网卡信息ip a
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:30:dc:4f brd ff:ff:ff:ff:ff:ff
inet 192.168.82.62/24 brd 192.168.82.255 scope global eth0
inet 192.168.82.100/32 scope global eth0
inet6 fe80::20c:29ff:fe30:dc4f/64 scope link
valid_lft forever preferred_lft forever
可以看到上面已经有192.168.82.100存在
2) DS2上的配置
yum install -y keepalived
mv /etc/keepalived/keepalived.conf {,.bak}
vim /etc/keepalived/keepalived.conf
将以下内容粘贴到配置文件中
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server localhost
smtp_connect_timeout 30
router_id DS2
}
vrrp_instance VI_1 {
state Backup #备用节点,所以改为Backup
interface eth0 #与网卡名称一致,如果这里使用的是CentOS7的虚拟机,那么就应该是ensxxx
virtual_router_id 50
priority 99 #这里优先值需要比主节点小
advert_int 1
authentication { #设置验证消息,两个节点需要一致
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { #设置VIP地址,两个节点必须一致
192.168.82.100/32 dev eth0
}
track_interface {
chk_haproxy
}
}
同一集群的keepalived的主、备机的virtual_router_id 必须相同,取值0-255 但是同一内网中不应有相同virtual_router_id的集群。
保存退出,启用服务并设置开机启动
service keepalived start
chkconfig keepalived on
查看网卡信息ip a
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:5a:60:48 brd ff:ff:ff:ff:ff:ff
inet 192.168.82.63/24 brd 192.168.82.255 scope global eth0
inet 192.168.82.100/32 scope global eth0
inet6 fe80::20c:29ff:fe5a:6048/64 scope link
valid_lft forever preferred_lft forever
可以看到上面已经有192.168.82.100存在
若此时DS1与DS2同时开启的话,可能DS2上无法看到VIP,此时应该先停止DS1上的keepalived上的服务事后记得开回来
3) 验证方法
用任意一台同一网段内的主机ping vip的地址,即192.168.82.100,这个时候DS1属于主节点而运行,这个时候我们将DS1 shutdown,会发现ping包断开,但是过了一阵子又能ping通,说明主节点挂掉之后,备用节点接替了主节点成为新的master而工作,Keepalived验证成功
4. Haproxy的配置
由于DS1与DS2的配置文档一致,所以只写一份
1)Haproxy配置文件
yum -y install haproxy
mv /etc/haproxy/haproxy.cfg{,.bak}
vim /etc/haproxy/haproxy.cfg
将以下内容粘贴到配置文件内
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
frontend proxy *:80
acl dynamic_content path_end -i .php .html
default_backend dynamic
backend dynamic
balance roundrobin //轮询算法
server web1 192.168.82.64:80 inter 3000 rise 2 fall 3 check maxconn 5
server web2 192.168.82.65:80 inter 3000 rise 2 fall 3 check maxconn 5
listen statistics
mode http
bind *:8080
stats enable
stats auth admin:admin
stats uri /admin?stats
stats hide-version
stats admin if TRUE
stats refresh 5s
acl allow src 192.168.82.0/24
tcp-request content accept if allow
tcp-request content reject
保存退出
2) 配置HTTPD
使用httpd来演示haproxy的切换情况
开启防火墙,允许80端口访问,两台WEB都要执行iptables -I INPUT 5 -p tcp -m tcp --dport 80 -j ACCEPT
WEB1:
yum -y install httpd
sed -i 's/ServerTokens OS/ServerTokens Prod/' /etc/httpd/conf/httpd.conf
sed -i 's/KeepAlive Off/KeepAlive On/g' /etc/httpd/conf/httpd.conf
sed -i 's/AllowOverride None/AllowOverride All/g' /etc/httpd/conf/httpd.conf
sed -i 's/\#ServerName www.example.com:80/ServerName locathost:80/g' /etc/httpd/conf/httpd.conf
sed -i 's/DirectoryIndex index.html index.html.var/DirectoryIndex index.html index.html.var index.htm/g' /etc/httpd/conf/httpd.conf
sed -i 's/ServerSignature On/ServerSignature Off/g' /etc/httpd/conf/httpd.conf
/etc/rc.d/init.d/httpd start
chkconfig httpd on
cat >/var/www/html/index.html << END_TEXT
<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
Test Page 1
</div>
</body>
</html>
END_TEXT
chmod 755 /var/www.html/index.html
WEB2:
yum -y install httpd
sed -i 's/ServerTokens OS/ServerTokens Prod/' /etc/httpd/conf/httpd.conf
sed -i 's/KeepAlive Off/KeepAlive On/g' /etc/httpd/conf/httpd.conf
sed -i 's/AllowOverride None/AllowOverride All/g' /etc/httpd/conf/httpd.conf
sed -i 's/\#ServerName www.example.com:80/ServerName locathost:80/g' /etc/httpd/conf/httpd.conf
sed -i 's/DirectoryIndex index.html index.html.var/DirectoryIndex index.html index.html.var index.htm/g' /etc/httpd/conf/httpd.conf
sed -i 's/ServerSignature On/ServerSignature Off/g' /etc/httpd/conf/httpd.conf
/etc/rc.d/init.d/httpd start
chkconfig httpd on
cat >/var/www/html/index.html << END_TEXT
<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
Test Page 2
</div>
</body>
</html>
END_TEXT
chmod 755 /var/www.html/index.html
3) 验证方法
尝试访问192.168.82.100
看到页面后不断刷新,如果看到页面在不停切换,则说明Haproxy验证成功
4.验证Keepalived + Haproxy
验证Haproxy的过程中,如果停止DS1上的keepalived服务,仍然可以通过192.168.82.100访问到WEB的话,测试通过。
1
1
1
1
1
1
555
555
1
1
1
1
1
1
1
1
555
1
1
1
1
555
555