Web 负载均衡解决方案——HAproxy+keepalived实现高可用负载均衡
HAProxy概念:
HAProxy提供高可用性、负载均衡以及基于TCP和HTTP应用的代理,支持虚拟主机, 它是免费、快速并且可靠的一种解决方案。HAProxy特别适用于那些负载特大的web站点, 这些站点通常又需要会话保持或七层处理。HAProxy运行在当前的硬件上,完全可以支持数以万计的并发连接。并且它的运行模式使得它可以很简单安全的整 合进您当前的架构中, 同时可以保护你的web服务器不被暴露到网络上。
软件下载地址:http://haproxy.1wt.eu/download/1.4/src/haproxy-1.4.20.tar.gz
一, 拓扑
浮动IP eth0:1 192.168.10.31/23
|
+++++++++++++ +++++++++++++
+ HAproxy master + + HAproxy backup +
+++++++++++++ +++++++++++++
DIP eth0 192.168.10.30/23 DIP eth0 192.168.10.28/23
|______________________________|
______________|_______________
| |
| |
++++++++++++ ++++++++++++ ++++++++++++ ++++++++++++
+ WEB B + + WEB B + + WEB C + + WEB D +
++++++++++++ ++++++++++++ ++++++++++++ ++++++++++++
eth0 192.168.10.2/23 eth0 192.168.10.3/23 eth0 192.168.10.4/23 eth0 192.168.10.5/23
二,配置
(一) 搭建环境
操作系统:CentOS release 6.3 x86-64内核:2.6.27.21-0.1-xen
cpu:Intel(R) Xeon(R) CPU E5620 @ 2.40GHz (双核)
内存:4G
软件版本:keepalived-1.2.1 ; haproxy-1.4.20
软件库环境:安装开发工具和开发库
[root@localhost ~]#yum -y groupinstall "Development libraries" "Development tools"
[root@localhost ~]#yum -y install gcc openssl-devel pcre-devel zlib-devel
(二) 安装keepalived
[root@localhost ~]# tar -xvf keepalived-1.2.7.tar.gz
[root@localhost ~]# cd keepalived-1.2.7
[root@localhost keepalived-1.2.7]#./configure --prefix=/
Keepalived configuration
------------------------
Keepalived version : 1.2.7
Compiler : gcc
Compiler flags : -g -O2
Extra Lib : -lpopt -lssl -lcrypto
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
IPVS use libnl : No
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
SNMP support : No
Use Debug flags : No
显示如上为编译成功
[root@localhost keepalived-1.2.7]#make && make install
[root@localhost ~]# vi /etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id nginx1
}
vrrp_script chk_haproxy {
script "/etc/keepalived/chk_haproxy.sh"
interval 5
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_haproxy
}
virtual_ipaddress {
192.168.10.31/23
}
}
[root@localhost ~]# chkconfig keepalived on
[root@localhost ~]# chkconfig --list keepalived
keepalived 0:off 1:off 2:on 3:on 4:on 5:on 6:off
辅keepalived配置与主相同但在keepalived配置文件中修改:
state BACKUP
priority 50
(三) 编写haproxy的监控脚本,当haproxy无法启动时关闭keepalived将服务切换到辅服务器
[root@localhost ~]# vi /etc/keepalived/chk_haproxy.sh
#!/bin/bash
A=`ps -C haproxy --no-header | wc -l`
if [ $A -eq 0 ]
then /usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/conf/haproxy.cfg
sleep 3
if [ `ps -C haproxy --no-header | wc -l ` -eq 0 ]
then /etc/init.d/keepalived stop
fi
fi
(四)安装haproxy
[root@localhost ~]# tar -xvf haproxy-1.4.20.tar.gz
[root@localhost haproxy-1.4.20]# make TARGET=linux26 PREFIX=/usr/local/haproxy install
[root@localhost haproxy-1.4.20]# cd /usr/local/haproxy/
[root@localhost haproxy]# mkdir conf logs
[root@localhost haproxy]# cd conf/
[root@localhost conf]# vim haproxy.cfg
global
log 127.0.0.1 local3 info 需要在/etc/syslog.conf里添加local3.* /var/log/haproxy.log
maxconn 4096
uid nobody
gid nobody
daemon
nbproc 4
defaults
log global
mode http
maxconn 2048 #最大连接数
retries 3 #3 次连接失败就认为服务器不可用
option httpclose #每次请求完毕后主动关闭http通道
option forwardfor #如果后端服务器需要获得客户端真实ip需要配置的参数,可以从Http Header中获得客户端ip
option abortonclose #当服务器负载很高的时候,自动结束掉当前队列处理比较久的连接
option redispatch #serverId对应的服务器挂掉后,强制定向到其他健康的服务器
stats refresh 30 #统计页面刷新间隔
stats uri /haproxy #监控后端服务器的页面
stats auth admin:zgrtqgjxglzx #登陆监控页面的用户名和密码
contimeout 5000 #连接超时
clitimeout 50000 #客户端超时
srvtimeout 50000 #服务器超时
listen http-in
bind 0.0.0.0:80
mode http #http 表示七层
log global
option httplog
balance roundrobin #默认的负载均衡的方式,轮询方式
balance leastconn
option httpchk GET /login.jsp #心跳检测的文件 此处不是项目里真实的文件
#option httpchk GET /index.html
cookie SERVERID insert indirect nocache
server jsp-A 192.168.10.2:80 weight 1 cookie 1 check inter 2000 rise 2 fall 5 #cookie 1 标识 serverid 为 1
server jsp-B 192.168.10.3:80 weight 1 cookie 2 check inter 2000 rise 2 fall 5 #check inter 2000 检测心跳频率
server jsp-C 192.168.10.4:80 weight 1 cookie 3 check inter 2000 rise 2 fall 5 #rise 2 2 次正确认为服务器可用
server jsp-D 192.168.10.5:80 weight 1 cookie 4 check inter 2000 rise 2 fall 5 #fall 5 5 次失败认为服务器不可用
最后将/usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/conf/haproxy.cfg 加入/etc/rc.loal 设置开机启动
(五)启动haproxy
[root@localhost conf]# /usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/conf/haproxy.cfg
三、测试
在客户端访问 HAproxy 测试
[root@localhost ~]# elinks –dump http:// 192.168.122.254
在客户机访问HAproxy健康检查页面
