一、概述:
HAProxy是一个用于4层或7层的高性能负载均衡软件,在大型网站的大型Web服务器群集中,HAProxy可用来替代专业的硬件负载均衡设备,节省大量的开支。
通常情况下,为了避免整个体系中出现单点故障,在至关重要的架构中,都需要部署备份设备,同样,负载均衡设备也不能部署单台,一旦主设备出现问题之后,备份设备可对主设备进行接管。实现不间断的服务,这便是Keepalived的作用。
于是,HAProxy和Keepalived的组合便成了省钱高效的Web服务器负载均衡架构。
拓扑图:
二、前端负载均衡层配置:
1.ha_1配置<172.16.41.1>:
<1>配置keepalived
[root@ha_1 ~]# yum install -y keepalived [root@ha_1 ~]# cd /etc/keepalived/ [root@ha_1 keepalived]# cp keepalived.conf keepalived.conf.bak [root@ha_1 keepalived]# vim keepalived.conf ! Configuration File forkeepalived global_defs { notification_email { #邮件通知机制 root@localhost maoqiuguo@localhost } notification_email_from kaadmin@localhost smtp_server 127.0.0.1 #使用本机邮件服务 smtp_connect_timeout 30 router_id LVS_DEVEL } vrrp_script chk_haproxy { #检测haprox服务状态 script "killall -0 haproxy" interval 1 weight 2 #权重 } ###########VRRP_INSTANCE VI_1###########实例1的配置 vrrp_instance VI_1 { state MASTER #在ha_1上面是主,对端ha_2上面是备 interface eth0 virtual_router_id 100 #路由ID priority 100 #优先级 advert_int 1 authentication { #路由之间认证 auth_type PASS auth_pass 123.com } virtual_ipaddress { #VIP配置 172.16.41.100/16dev eth0 label eth0:0 } track_script { #追踪脚本 chk_haproxy } track_interface { #追踪端口 eth0 } #通知脚本 notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" } ##########VRRP_INSTANCE VI_2############实例2的配置 vrrp_instance VI_2 { state BACKUP #在ha_1上面是被,对端ha_2上面是主 interface eth0 virtual_router_id 200 #路由ID priority 199 #优先级 advert_int 1 authentication { #路由间认证 auth_type PASS auth_pass 123.com } virtual_ipaddress { #VIP配置 172.16.41.101/16dev eth0 label eth0:1 } track_interface { #追踪端口 eth0 } track_script { #追踪脚本 chk_haproxy } } ###################################### 为ha_1的keepalived提供脚本文件: [root@ha_1 ~]# vim /etc/keepalived/notify.sh #!/bin/bash # Author: MageEdu <linuxedu@foxmail.com> 脚本使用请注明出处 # description: An example of notify script # vip=172.16.41.100 contact='root@localhost' notify() { mailsubject="`hostname` to be $1: $vip floating" mailbody="`date '+%F %H:%M:%S'`: vrrp transition, `hostname` changed to be $1" echo$mailbody | mail -s "$mailsubject"$contact } case"$1"in master) notify master /etc/rc.d/init.d/haproxystart exit0 ;; backup) notify backup /etc/rc.d/init.d/haproxystop exit0 ;; fault) notify fault /etc/rc.d/init.d/haproxystop exit0 ;; *) echo'Usage: `basename $0` {master|backup|fault}' exit1 ;; esac #赋予执行权限: [root@ha_1 ~]# chmod +x /etc/keepalived/notify.sh |
<2>配置haproxy.
[root@ha_1 haproxy]# yum install haproxy -y [root@ha_1 ~]# cd /etc/haproxy/ [root@ha_1 haproxy]# cp haproxy.cfg haproxy.cfg.bak [root@ha_1 haproxy]# vim haproxy.cfg global #全局配置 log 127.0.0.1 local2 #日志功能 chroot /var/lib/haproxy#修改haproxy的工作目录至指定的目录并在放弃权限之前执行chroo t()操作,可以提升haproxy的安全级别,不过需要注意的是要确保指定的目录为空 目录且任何用户均不能有写权限; pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon #让haproxy以守护进程的方式工作于后台 defaults mode http #指定haproxy的工作模式 log global #使用默认全局日志 option httplog # option dontlognull option http-server-close #若客户端超时,服务器端将关闭连接 option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 listen stats mode http bind 0.0.0.0:1080 #绑定1080端口 stats enable#开启stats功能 stats hide-version #隐藏haproxy版本信息 stats uri /myadmin?stats #在浏览器中通过什么样的URI访问stats页面 stats realm Haproxy\ Statistics #认证注释信息 stats auth maoqiu:123.com #认证机制(User:Password) stats admin ifTRUE #如果认证成功,则赋予管理权限 acl allow src 172.16.0.0/16#访问控制,只允许是这个网段的客户端访问 tcp-request content accept ifallow tcp-request content reject frontend proxy #前端代理 bind *:80 #监听80port mode http log global option httpclose option logasap option dontlognull capture request header Host len 20 capture request header Referer len 60 acl url_static path_beg -i /static/p_w_picpaths/javascript/stylesheets acl url_static path_end -i .jpg .gif .png .css .js .html use_backend static_servers ifurl_static default_backend dynamic_servers backend static_servers #后端静态server balance source#基于source算法调度 server imgsrv1 192.168.100.2:80 check maxconn 6000 backend dynamic_servers #后端动态server balance source#基于source算法调度 server websrv1 192.168.100.1:80 check maxconn 6000 |
2.ha_2配置<172.16.41.2>:
<1>配置keepalived:
! Configuration File forkeepalived global_defs { notification_email { root@localhost maoqiuguo@localhost } notification_email_from kaadmin@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id LVS_DEVEL } vrrp_script chk_haproxy { script "killall -0 haproxy" interval 1 weight 2 } ###########VRRP_INSTANCE VI_1########### vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 100 priority 99 advert_int 1 authentication { auth_type PASS auth_pass 123.com } virtual_ipaddress { 172.16.41.100/16dev eth0 label eth0:0 } track_script { chk_haproxy } track_interface { eth0 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" } ##########VRRP_INSTANCE VI_2############ vrrp_instance VI_2 { state MASTER interface eth0 virtual_router_id 200 priority 200 advert_int 1 authentication { auth_type PASS auth_pass 123.com } virtual_ipaddress { 172.16.41.101/16dev eth0 label eth0:1 } track_interface { eth0 } track_script { chk_haproxy } } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" } #####ha_2上面的脚本文件同ha_1,须将VIP修改为172.16.41.101,再赋予权限即可! |
<2>配置kehaproxy:
因为在前端的haproxy功能都是将服务代理至至后端的Real Server,每项配置都是一样的,所以在ha_2上安装好haproxy之后将ha_1上面的配置文件copy过来即可!
[root@ha_2 keepalived]# scp root@172.16.41.1:/etc/haproxy/haproxy.cfg /etc/haproxy/ |
3.启动keepalived测试:
<1>当两个前端节点的服务正常状态时: |
<2>当把某个前端节点的haproxy服务停止后的状态: |
目前keepalived为haporxy提供高可用已经达到目的,下面继续关于haproxy的动静分离机制和haproxy 统计信息输出机制的实现.
三、后端Web Server(RS1/RS2,意为Real Server)配置
在拓扑图中规划RS1为客户端请求的动态内容提供服务,RS2为客户端请求静态内容提供服务
1.为RS1提供动态内容页面(我这里使用直接使用一个php的测试页)
[root@RealServer1 ~]# yum install -y php php-mysql [root@RealServer1 ~]# vim /var/www/html/index.php <h1>Real Server1</h1> <?php phpinfo(); ?> [root@RealServer1 ~]# service httpd start Starting httpd: [ OK ] [root@RealServer1 ~]#
2.RS2提供图片或者html网页文档
#放个html网页文档 [root@RealServer2 ~]# vim /var/www/html/index.html <h1>Real Server2</h1> #放张图片 [root@RealServer2 ~]# cd /var/www/html/ [root@RealServer2 html]# ls index.html tux_windows.jpg [root@RealServer2 html]#
四、测试:
1.静态内容测试:
2.动态内容测试:
3.haproxy统计页面输出机制:
haproxy的动静分离以及统计信息的输出机制在两个代理节点上都正常的情况下没有问题,最后再次将某一代理服务关闭后还是一样访问正常;基于keepalived的haproxy高可用实验成功!