Haproxy是一款免费、稳定、高效的轻量级负载均衡软件,现将其配置文件参数作如下说明:
global #全局配置参数
log 127.0.0.1 local3 info #日志级别
maxconn 4096
user haproxy
group haproxy
daemon #设置为后台进程
pidfile /usr/local/haproxy/haproxy.pid #进程的pid文件
defaults #默认配置,被frontend,backend,listen段继承使用
log global
mode http #Haproxy工作模式,四层工作模式为TCP
option httplog
option forwardfor #使后端服务器获取客户端的真实IP
option redispatch #如果cookie中写入ServerID而客户端不会刷新Cookie,那么当ServerID对应的服务器宕机后,将强制定向到其它健康的服务器上
option abortonclose #当服务器负载过高时,将自动关闭队列中处理时间较长的连接请求
cookie SERVERID #允许向cookie中插入SERVERID,服务器的SERVERID在后端使用cookie关键字定义
retries 3 #服务器连接失败后的重试次数
maxconn 2000 #每个进程的最大连接数
timeout connect 5000 #连接最大超时时间,默认毫秒
timeout client 30000 #客户端最大超时时间
timeout server 30000 #服务端超时时间
listen haproxy_stats #定义Haproxy监控
bind 0.0.0.0:8080
mode http
log global
stats enable
stats refresh 5s #页面刷新间隔为5s
stats realm Haproxy\ Statistics
stats uri /haproxy_stats #监控页面的URL
stats hide-version
stats auth haproxy:abc-123 #指定监控页面登陆的用户名和密码
frontend haproxy_web #定义客户端访问的前端服务器
bind 0.0.0.0:80 #定义监听的套接字
mode http
log global
option httplog #启用http日志
option httpclose #每次请求完毕后,关闭http通道
acl php_web path_end .php #定义一个名叫php_web的acl策略,当请求的url以.php结尾时会被匹配到
use_backend php_server if php_web #如果条件满足策略php_web时,则将请求交给后端的php_server服务器
default_backend servers #设置默认的后端服务器组
backend servers #定义后端服务器组
mode http
option httpchk GET /index.html #开启对后端服务器的健康检查,通过检查index.html文件来判断服务器的健康状况
balance roundrobin #负载均衡算法为轮询,
server web1 192.168.154.162:80 check inter 2000 rise 2 fall 3 #对后端服务器的健康状况检查间隔为2000毫秒,连续2次健康检查成功,则认为是有效的,连续3次健康检查失败,则认为服务器宕机
server web2 192.168.154.156:80 check inter 2000 rise 2 fall 3
backend php_server
mode http
option httpchk GET /index.php
server web3 192.168.154.158:80 cookie web3 check inter 2000 rise 2 fall 3 weight 2
Haproxy的配置文件由两部分组成:全局设定和对代理的设定,
共分为五段:global、Default、frontened、backend、listen
配置文件格式:
HAPROXY的配置处理3类来主要参数来源:
---最先处理的命令行参数
---“global”配置段,用于设定全局的参数配置
----proxy相关配置段,如default,listen,frontend和backend
全局配置:
***进程管理及安全相关的参数
-chroot:修改haproxy的工作目录至指定并在放弃权限之前执行chroot()操作,可以提升harpoyx的安全级别,需要注意的是确保指定的目录为空目录且任何用户均不能有写权限
-daemon:后台运行
-stats:用户访问统计数据的接口
-node:定义当前节点的名称,用于HA场景中多haproxy进程共享同一个IP地址时
-uid -pid -pidfile –user
***性能调整相关的参数
-maxconn:设定每个haproxy进程所接受的最大并发连接数
***DEBUG相关的参数
-debug
-quiet
***超时时长
-timeout http request:在客户端简历连接但不请求数据时,关闭客户端连接
-timeout queue:等待最大时长
-timeout connect:定义haproxy将客户端求情转发至后端服务器所等待的超时时长
-timeout client:客户端非活动状态的超时时长
-timeout server:客户端与服务器端建立连接后,等待服务器端的超时时长
-time http-keep-alive:定义保持连接的超时时长
-timeout check:健康状态检测时的超时时间,过短会误判,过长资源消耗
Maxconn:每个server最大连接数
***实现访问控制
http-request:7层过滤
tcp-request content:tcp层过滤,4层过滤
###代理
***“defaults”段用于为所有其它配置段提供默认参数,这配置默认配置参数可由下一个“defaults”所重新设定
***“frontend”段用于定义一系列监听的套接字,这些套接字可接受客户端请求并与之建立连接。
***“backend”段用于定义一系列“后端”服务器,代理将会将对应客户端的请求转发至这些服务器
***“listen”段通过关联“frontend”和“backend”定义了一个完整的代理,通常只对TCP流量有用。
所有代理的名称只能使用大写字母、小写字母、数字、-(中线)、_(下划线)、.(点号)和:(冒号)。此外,ACL名称会区分字母大小写
###配置文件中的关键参数
***balance:1、基于权重roundrobin 2、基于权重进行轮询叫static-rr3、基于长连接的会话leastconn
***bind:此指令仅能用于frontend和listen区段,用于定义一个或几个监听的套接字 bind 127.0.0.:3306 *:3306 0.0.0.0:3306
***mode:设定实例的运行模式或协议{tcp|http|health}
***log:log global
为每个实例启用事件和流量日志,因此可用于所有区段。每个实例最多可以指定两个log参数,不过,如果使用了“log global”且”global”段已经定了两个log参数时,多余了log参数将被忽略
***stats enable 启用基于程序编程时默认设置的统计报告
***stats hide-version: 启用统计报告并隐藏HAProxy版本报告
***stats realm mysql-pxc:启用统计报告并高精认证领域
***stats auth 启用带认证的统计报告功能并授权一个用户帐号
***stats admin:在指定的条件满足时启用统计报告页面的管理级别功能,它允许通过web接口启用或禁用服务器,不过,基于安全的角度考虑,统计报告页面应该尽可能为只读的。此外,如果启用了HAProxy的多进程模式,启用此管理级别将有可能导致异常行为
HAProxy提供高可用性、负载均衡以及基于TCP和HTTP应用的代理,支持虚拟主机,它是免费、快速并且可靠的一种解决方案。HAProxy特别适用于那些负载特大的web站点,这些站点通常又需要会话保持或七层处理。HAProxy运行在当前的硬件上,完全可以支持数以万计的并发连接。并且它的运行模式使得它可以很简单安全的整合进您当前的架构中,同时可以保护你的web服务器不被暴露到网络上.
haproxy 配置中分成五部分内容,分别如下:
1、global:参数是进程级的,通常是和操作系统相关。这些参数一般只设置一次,如果配置无误,就不需要再次进行修改
2、defaults:配置默认参数,这些参数可以被用到frontend,backend,Listen组件
3、frontend:接收请求的前端虚拟节点,Frontend可以更加规则直接指定具体使用后端的backend
4、backend:后端服务集群的配置,是真实服务器,一个Backend对应一个或者多个实体服务器
5、Listen Fronted和backend的组合体
一、安装HAProxy
1.下载最新haproxy安装包,官网:http://www.haproxy.org,如果不能访问,可以使用在线代理访问下载。下载:haproxy-1.5.8.tar.gz
2.上传到linux上,并解压:
# mkdir -p /app/zpy/3rd
# cd /app/zpy/3rd
# tar -zxvf haproxy-1.5.8.tar.gz
创建目录
# mkdir /app/zpy/haproxy
3.安装
# cd haproxy-1.5.8
# make TARGET=linux26 ARCH=x86_64 PREFIX=/app/zpy/haproxy
#将haproxy安装到/app/zpy/haproxy ,TARGET是指定内核版本
make install PREFIX=/app/zpy/haproxy
进入/app/zpy/haproxy 目录创建/app/zpy/haproxy/conf目录,复制配置examples
cp /app/zpy/3rd/haproxy-1.5.8/examples/haproxy.cfg /app/zpy/haproxy/conf/
4.修改配置
配置说明如下:(参考:http://freehat.blog.51cto.com/1239536/1347882)
###########全局配置#########
global
log 127.0.0.1 local0 #[日志输出配置,所有日志都记录在本机,通过local0输出]
log 127.0.0.1 local1 notice #定义haproxy 日志级别[error warringinfo debug]
daemon #以后台形式运行harpoxy
nbproc 1 #设置进程数量
pidfile /home/haproxy/haproxy/conf/haproxy.pid #haproxy 进程PID文件
ulimit-n 819200 #ulimit 的数量限制
maxconn 4096 #默认最大连接数,需考虑ulimit-n限制
#chroot /usr/share/haproxy #chroot运行路径
uid 99 #运行haproxy 用户 UID
gid 99 #运行haproxy 用户组gid
#debug #haproxy 调试级别,建议只在开启单进程的时候调试
#quiet
########默认配置############
defaults
log global
mode http #默认的模式mode { tcp|http|health },tcp是4层,http是7层,health只会返回OK
option httplog #日志类别,采用httplog
option dontlognull #不记录健康检查日志信息
retries 2 #两次连接失败就认为是服务器不可用,也可以通过后面设置
option forwardfor #如果后端服务器需要获得客户端真实ip需要配置的参数,可以从Http Header中获得客户端ip
option httpclose #每次请求完毕后主动关闭http通道,haproxy不支持keep-alive,只能模拟这种模式的实现
#option redispatch #当serverId对应的服务器挂掉后,强制定向到其他健康的服务器,以后将不支持
option abortonclose #当服务器负载很高的时候,自动结束掉当前队列处理比较久的链接
maxconn 4096 #默认的最大连接数
timeout connect 5000ms #连接超时
timeout client 30000ms #客户端超时
timeout server 30000ms #服务器超时
#timeout check 2000 #心跳检测超时
#timeout http-keep-alive10s #默认持久连接超时时间
#timeout http-request 10s #默认http请求超时时间
#timeoutqueue 1m #默认队列超时时间
balance roundrobin #设置默认负载均衡方式,轮询方式
#balance source # 设置默认负载均衡方式,类似于nginx的ip_hash
#balnace leastconn #设置默认负载均衡方式,最小连接数
########统计页面配置########
listen admin_stats
bind 0.0.0.0:1080 #设置Frontend和Backend的组合体,监控组的名称,按需要自定义名称
mode http #http的7层模式
option httplog #采用http日志格式
#log 127.0.0.1 local0 err #错误日志记录
maxconn 10 #默认的最大连接数
stats refresh 30s #统计页面自动刷新时间
stats uri /stats #统计页面url
stats realm XingCloud\ Haproxy #统计页面密码框上提示文本
stats auth admin:admin #设置监控页面的用户和密码:admin,可以设置多个用户名
stats auth Frank:Frank #设置监控页面的用户和密码:Frank
stats hide-version #隐藏统计页面上HAProxy的版本信息
stats admin if TRUE #设置手工启动/禁用,后端服务器(haproxy-1.4.9以后版本)
########设置haproxy 错误页面#####
errorfile 403 /home/haproxy/haproxy/errorfiles/403.http
errorfile 500 /home/haproxy/haproxy/errorfiles/500.http
errorfile 502 /home/haproxy/haproxy/errorfiles/502.http
errorfile 503 /home/haproxy/haproxy/errorfiles/503.http
errorfile 504 /home/haproxy/haproxy/errorfiles/504.http
########frontend前端配置##############
bind *:80
#这里建议使用bind *:80的方式,要不然做集群高可用的时候有问题,vip切换到其他机器就不能访问了。
acl web hdr(host) -i www.abc.com
#acl后面是规则名称,-i是要访问的域名,
acl img hdr(host) -i img.abc.com
如果访问www.abc.com这个域名就分发到下面的webserver 的作用域。
#如果访问img.abc.com.cn就分发到imgserver这个作用域。
use_backend webserver if web
use_backend imgserver if img
########backend后端配置##############
backend webserver #webserver作用域
mode http
balance roundrobin
#banlance roundrobin 轮询,balance source 保存session值,支持static-rr,leastconn,first,uri等参数
option httpchk /index.html HTTP/1.0 #健康检查
#检测文件,如果分发到后台index.html访问不到就不再分发给它
server web1 10.16.0.9:8085 cookie 1 weight 5 check inter 2000 rise 2 fall 3
server web2 10.16.0.10:8085 cookie 2 weight 3 check inter 2000 rise 2 fall 3
#cookie 1表示serverid为1,check inter 1500 是检测心跳频率
#rise 2是2次正确认为服务器可用,fall 3是3次失败认为服务器不可用,weight代表权重
backend imgserver
mode http
option httpchk /index.php
balance roundrobin
server img01 192.168.137.101:80 check inter 2000 fall 3
server img02 192.168.137.102:80 check inter 2000 fall 3
########tcp配置#################
listen test1
bind 0.0.0.0:90
mode tcp
option tcplog #日志类别,采用tcplog
maxconn 4086
#log 127.0.0.1 local0 debug
server s1 10.18.138.201:80 weight 1
server s2 10.18.102.190:80 weight 1
5.加上日志支持
# vim /etc/syslog.conf
在最下边增加
local3.* /home/haproxy/haproxy/logs/haproxy.log
local0.* /home/haproxy/haproxy/logs/haproxy.log
# vim /etc/sysconfig/syslog
修改: SYSLOGD_OPTIONS="-r -m 0"
重启日志服务service syslog restart
6.启动服务
启动服务:
# /home/haproxy/haproxy/sbin/haproxy -f /home/haproxy/haproxy/conf/haproxy.cfg
重启服务:
# /home/haproxy/haproxy/sbin/haproxy -f /home/haproxy/haproxy/conf/haproxy.cfg -st `cat /home/haproxy/haproxy/conf/haproxy.pid`
停止服务:
# killall haproxy
7.监控
访问:http://192.168.101.125:1080/stats
配置参考:
###########全局配置#########
global
log 127.0.0.1 local0
daemon
nbproc 4
maxconn 4096
uid 99
gid 99
pidfile /app/zpy/haproxy/conf/haproxy.pid
ulimit-n 819200
chroot /var/empty
quiet
########默认配置############
defaults
log global
mode http
option httplog
option dontlognull
retries 3
option forwardfor
option httpclose
option redispatch
option abortonclose
timeout connect 5000ms
timeout client 30000ms
timeout server 30000ms
timeout check 2000
balance roundrobin
########统计页面配置########
listen stats
bind 0.0.0.0:1080
mode http
option httplog
maxconn 10
stats refresh 30s
stats uri /stats
stats realm ZPY Haproxy
stats auth admin:admin
stats hide-version
stats admin if TRUE
########frontend前端配置##############
frontend act
bind *:8980
acl hadoop_policy hdr_dom(host) -i zipeiyi.hadoop.com
# acl impcom-vir_policy hdr_dom(host) -i impcom-vir.zipeiyi.ceshi
# acl imp-vir_policy hdr_dom(host) -i imp-vir.zipeiyi.ceshi
use_backend hadoop if hadoop_policy
# use_backend impcom-vir if impcom-vir_policy
# use_backend imp-vir if imp-vir_policy
########backend后端配置##############
backend hadoop
mode http
balance roundrobin
server hadoop3 10.0.70.230:8080 check inter 2000 fall 3
server hadoop4 10.0.70.231:8080 check inter 2000 fall 3
#backend impcom-act
# mode http
# balance roundrobin
# server impcom-act01 10.0.150.3:8180 check inter 2000 fall 3
# server impcom-act02 10.0.150.3:8190 check inter 2000 fall 3
在10.0.70.230、10.0.70.231上部署tomcat应用。
在DNS服务器(10.0.10.10)上添加解析
10.0.10.10 zipeiyi.hadoop.com
1 )源代码安装haproxy
[root@mysql-slave src]# tar xf haproxy-1.6.4.tar.gz
[root@mysql-slave src]# cd haproxy-1.6.4
[root@mysql-slave haproxy-1.6.4]# make TARGET=linux26 PREFIX=/usr/local/haproxy
[root@mysql-slave haproxy-1.6.4]# echo $?
0
[root@mysql-slave haproxy-1.6.4]# make install PREFIX=/usr/local/haproxy
[root@mysql-slave haproxy-1.6.4]# mkdir /usr/local/haproxy/conf
[root@mysql-slave haproxy-1.6.4]# ls
CHANGELOG CONTRIBUTING ebtree haproxy include MAINTAINERS README src tests VERSION
contrib doc examples haproxy-systemd-wrapper LICENSE Makefile ROADMAP SUBVERS VERDATE
[root@mysql-slave haproxy-1.6.4]# cp examples/option-http_proxy.cfg /usr/local/haproxy/conf/haproxy.cfg
2)haproxy的启动脚本配置
由于我的安装包是下载在/usr/local/src下的,我们查看下解压后的haproxy的文件
[root@mysql-slave examples]# pwd
/usr/local/src/haproxy-1.6.4/examples
[root@mysql-slave examples]# ls
acl-content-sw.cfg check.conf debug2html haproxy.init init.haproxy ssl.cfg
auth.cfg content-sw-sample.cfg debugfind haproxy.spec option-http_proxy.cfg stats_haproxy.sh
check debug2ansi errorfiles haproxy.vim seamless_reload.txt transparent_proxy.cfg
如上,我们可以看到一个名为haproxy.init文件
简单查看下haproxy.init的内容
[root@mysql-slave examples]# cat haproxy.init
#!/bin/sh
#
# chkconfig: - 85 15
# description: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited \
# for high availability environments.
# processname: haproxy
# config: /etc/haproxy/haproxy.cfg
# pidfile: /var/run/haproxy.pid
# Script Author: Simon Matter <simon.matter@invoca.ch>
# Version: 2004060600
# Source function library.
if [ -f /etc/init.d/functions ]; then
. /etc/init.d/functions
elif [ -f /etc/rc.d/init.d/functions ] ; then
. /etc/rc.d/init.d/functions
else
exit 0
fi
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
# This is our service name
BASENAME=`basename $0`
if [ -L $0 ]; then
BASENAME=`find $0 -name $BASENAME -printf %l`
BASENAME=`basename $BASENAME`
fi
BIN=/usr/sbin/$BASENAME
CFG=/etc/$BASENAME/$BASENAME.cfg
[ -f $CFG ] || exit 1
PIDFILE=/var/run/$BASENAME.pid
LOCKFILE=/var/lock/subsys/$BASENAME
RETVAL=0
start() {
quiet_check
if [ $? -ne 0 ]; then
echo "Errors found in configuration file, check it with '$BASENAME check'."
return 1
fi
echo -n "Starting $BASENAME: "
daemon $BIN -D -f $CFG -p $PIDFILE
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch $LOCKFILE
return $RETVAL
}
stop() {
echo -n "Shutting down $BASENAME: "
killproc $BASENAME -USR1
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f $LOCKFILE
[ $RETVAL -eq 0 ] && rm -f $PIDFILE
return $RETVAL
}
restart() {
quiet_check
if [ $? -ne 0 ]; then
echo "Errors found in configuration file, check it with '$BASENAME check'."
return 1
fi
stop
start
}
reload() {
if ! [ -s $PIDFILE ]; then
return 0
fi
quiet_check
if [ $? -ne 0 ]; then
echo "Errors found in configuration file, check it with '$BASENAME check'."
return 1
fi
$BIN -D -f $CFG -p $PIDFILE -sf $(cat $PIDFILE)
}
check() {
$BIN -c -q -V -f $CFG
}
quiet_check() {
$BIN -c -q -f $CFG
}
rhstatus() {
status $BASENAME
}
condrestart() {
[ -e $LOCKFILE ] && restart || :
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
reload)
reload
;;
condrestart)
condrestart
;;
status)
rhstatus
;;
check)
check
;;
*)
echo $"Usage: $BASENAME {start|stop|restart|reload|condrestart|status|check}"
exit 1
esac
exit $?
我们发现,稍微调整下,就是一个完整的haproxy的启动脚本,所以偷下懒,直接修改两个位置:
BIN=/usr/local/haproxy/sbin/haproxy
# haproxy命令所在的位置
CFG=/usr/local/haproxy/conf/haproxy.cfg
# haproxy.cfg为haproxy的配置文件
修改完成后,将修改后的haproxy.init拷贝到/etc/init.d/目录下
[root@mysql-slave examples]# cp /usr/local/src/haproxy-1.6.4/examples/haproxy.init /etc/init.d/
[root@mysql-slave examples]# mv /etc/init.d/haproxy.init /etc/init.d/haproxy
[root@mysql-slave examples]# chmod +x /etc/init.d/haproxy
[root@mysql-slave examples]# /etc/init.d/haproxy
Usage: haproxy {start|stop|restart|reload|condrestart|status|check}
简单的测试下:
[root@mysql-slave examples]# /etc/init.d/haproxy status
haproxy (pid 54309) 正在运行...
[root@mysql-slave examples]# /etc/init.d/haproxy stop
Shutting down haproxy: [确定]
[root@mysql-slave examples]# /etc/init.d/haproxy status
haproxy 已停
[root@mysql-slave examples]# /etc/init.d/haproxy start
Starting haproxy: [确定]
[root@mysql-slave examples]# /etc/init.d/haproxy reload
[root@mysql-slave examples]# echo $?
0
[root@mysql-slave examples]# /etc/init.d/haproxy condrestart
Shutting down haproxy: [确定]
Starting haproxy: [确定]
[root@mysql-slave examples]# /etc/init.d/haproxy check
Configuration file is valid
到此,haproxy的安装与脚本的配置就已经完成
说明:
a、在客户端使用www.wanwan.com,将由负载均衡器提交给vip1所对应的集群进行处理
b、在客户端使用img.wanwan.com,将由负载均衡器提交给vip1所对应的集群进行处理
c、10.10.10.129和10.10.10.130两台负载均衡器,其中某一台出现故障均不影响整个系统运行
2)haproxy的安装与启动脚本配置
3)haproxy的配置(两台负载均衡器10.10.10.129/10.10.10.130均需配置)
[root@mysql-master ~]# adduser haproxy -s /sbin/nologin -M
[root@mysql-master ~]# cd /usr/local/haproxy/conf/
[root@mysql-master conf]# cat haproxy.cfg
global
log 127.0.0.1 local0 info
maxconn 4096
user haproxy
group haproxy
daemon
nbproc 1
pidfile /usr/local/haproxy/logs/haproxy.pid
defaults
mode http
retries 3
timeout connect 10s
timeout client 20s
timeout server 30s
timeout check 5s
frontend www
bind *:80
mode http
option httplog
option forwardfor
option httpclose
log global
#来自www.wanwan.com的请求,均交给htmpool进行处理,来自img.wanwan.com的请求,则提交给imgpool进行处理。默认不指定的话,交给htmpool进行处理
acl host_www hdr_dom(host) -i www.wanwan.com
acl host_img hdr_dom(host) -i img.wanwan.com
use_backend htmpool if host_www
use_backend imgpool if host_img
default_backend htmpool
backend htmpool
mode http
option redispatch
option abortonclose
balance static-rr
cookie SERVERID
option httpchk GET /index.html
server web01 10.10.10.128:80 cookie server1 weight 6 check inter 2000 rise 2 fall 3
server web02 10.10.10.132:80 cookie server2 weight 6 check inter 2000 rise 2 fall 3
backend imgpool
mode http
option redispatch
option abortonclose
balance static-rr
cookie SERVERID
option httpchk GET /index.html
server img1 10.10.10.131:80 cookie server1 weight 6 check inter 2000 rise 2 fall 3
server img2 10.10.10.133:80 cookie server2 weight 6 check inter 2000 rise 2 fall 3
# 配置haproxy的web监控界面
listen admin_stats
bind 0.0.0.0:9188
mode http
log 127.0.0.1 local0 err
stats refresh 30s
stats uri /haproxy-status
stats realm welcome login\ Haproxy
stats auth admin:admin~!@
stats hide-version
stats admin if TRUE
4)keepalived的配置
负载均衡器配置两个vip:10.10.10.188以及10.10.10.189(在两台负载均衡器上互为主备)
[root@mysql-master conf]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
314324506@qq.com
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server smtp.qq.com
smtp_connect_timeout 30
router_id LVS_7
}
# 配置这个脚本的作用是为了避免haproxy服务停止后,keepalived不释放vip
vrrp_script chk_http_port {
script "/opt/check_haproxy.sh"
interval 2
weight 2
}
vrrp_instance VI_188 {
state MASTER # 主服务器
interface eth0
virtual_router_id 188
priority 150 # slave上的数值更小,数值越大,代表优先级越高
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.10.10.188/24 # vip地址,在系统里面通过ip add list可以查看
}
}
vrrp_instance VI_189 {
state BACKUP # 从服务器
interface eth0
virtual_router_id 189
priority 100 # master上的数值更大,数值越大,代表优先级越高
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.10.10.189/24 # vip地址,在系统里面通过ip add list可以查看
}
}
5)keepalived的启动脚本
#!/bin/sh
#
# Startup script for the Keepalived daemon
#
# processname: keepalived
# pidfile: /var/run/keepalived.pid
# config: /etc/keepalived/keepalived.conf
# chkconfig: - 21 79
# description: Start and stop Keepalived
# Source function library
. /etc/rc.d/init.d/functions
# Source configuration file (we set KEEPALIVED_OPTIONS there)
. /etc/sysconfig/keepalived
RETVAL=0
prog="keepalived"
start() {
echo -n $"Starting $prog: "
daemon keepalived ${KEEPALIVED_OPTIONS}
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
}
stop() {
echo -n $"Stopping $prog: "
killproc keepalived
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog
}
reload() {
echo -n $"Reloading $prog: "
killproc keepalived -1
RETVAL=$?
echo
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
stop
start
;;
condrestart)
if [ -f /var/lock/subsys/$prog ]; then
stop
start
fi
;;
status)
status keepalived
;;
*)
echo "Usage: $0 {start|stop|reload|restart|condrestart|status}"
exit 1
esac
exit $RETVAL
6)效果测试
a、在客户端测试www.wanwan.com
b、测试img.wanwan.com
如上:负载均衡调度的作用已经实现,那么我们在测试下keepalived的相关功能
c、测试keepalived的相关功能
[root@mysql-master ~]# ip add list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:67:b3:45 brd ff:ff:ff:ff:ff:ff
inet 10.10.10.129/24 brd 10.10.10.255 scope global eth0
inet 10.10.10.188/24 scope global secondary eth0
inet6 fe80::20c:29ff:fe67:b345/64 scope link
valid_lft forever preferred_lft forever
[root@mysql-slave ~]# ip add list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:53:cf:52 brd ff:ff:ff:ff:ff:ff
inet 10.10.10.130/24 brd 10.10.10.255 scope global eth0
inet 10.10.10.189/24 scope global secondary eth0
inet6 fe80::20c:29ff:fe53:cf52/64 scope link
valid_lft forever preferred_lft forever
我们可以看到,两个vip地址,10.10.10.188以及10.10.10.189分别在两台负载均衡器上(仔细看下keepalived的配置可以发现,我们配置两台负载均衡互为主从)
模拟10.10.10.129-主负载均衡器宕机,然后观察ip地址切换以及负载均衡是否正常
[root@mysql-slave ~]# ip add list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:53:cf:52 brd ff:ff:ff:ff:ff:ff
inet 10.10.10.130/24 brd 10.10.10.255 scope global eth0
inet 10.10.10.189/24 scope global secondary eth0
inet 10.10.10.188/24 scope global secondary eth0
inet6 fe80::20c:29ff:fe53:cf52/64 scope link
valid_lft forever preferred_lft forever
如上,我们可以观察到vip已经切换到另外一台负载均衡上了,然后我们观察负载均衡器的使用情况
负载正常,keepalived的功能也实现了,我们重新开启主负载均衡器
[root@mysql-master keepalived]# ip add list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:67:b3:45 brd ff:ff:ff:ff:ff:ff
inet 10.10.10.129/24 brd 10.10.10.255 scope global eth0
inet 10.10.10.188/24 scope global secondary eth0
inet6 fe80::20c:29ff:fe67:b345/64 scope link
valid_lft forever preferred_lft forever
vip地址10.10.10.188已经切换回来了
[root@mysql-slave ~]# ip add list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:53:cf:52 brd ff:ff:ff:ff:ff:ff
inet 10.10.10.130/24 brd 10.10.10.255 scope global eth0
inet 10.10.10.189/24 scope global secondary eth0
inet6 fe80::20c:29ff:fe53:cf52/64 scope link
valid_lft forever preferred_lft forever
环境规划 centos6.7
172.16.80.132 haproxy+keepalived master vip 172.16.80.199
172.16.80.126 haproxy+keepalived slave
172.16.80.125 提供web测试(apache 8080 nginx 80)
172.16.80.128 作为客户端访问测试
2、haproxy keepalived 安装
[root@Master-drbd ansible]# tree
.
├── hosts
├── roles
│ ├── haproxy
│ │ ├── defaults
│ │ ├── files
│ │ │ ├── haproxy-1.5.4-3.el6.x86_64.rpm
│ │ │ └── install_haproxy.sh
│ │ ├── handles
│ │ │ └── main.yml
│ │ ├── meta
│ │ ├── tasks
│ │ │ └── main.yml
│ │ ├── templates
│ │ │ └── haproxy.cfg.j2
│ │ └── vars
│ ├── keepalived-master
│ │ ├── defaults
│ │ ├── files
│ │ │ ├── install_keepalived_master.sh
│ │ │ ├── keepalived-1.2.13-5.el6_6.x86_64.rpm
│ │ │ ├── lm_sensors-libs-3.1.1-17.el6.x86_64.rpm
│ │ │ └── net-snmp-libs-5.5-57.el6_8.1.x86_64.rpm
│ │ ├── handles
│ │ │ └── main.yml
│ │ ├── meta
│ │ ├── tasks
│ │ │ └── main.yml
│ │ ├── templates
│ │ │ └── keepalived.conf.j2
│ │ └── vars
│ ├── keepalived-slave
│ │ ├── defaults
│ │ ├── files
│ │ │ ├── install_keepalived_slave.sh
│ │ │ ├── keepalived-1.2.13-5.el6_6.x86_64.rpm
│ │ │ ├── lm_sensors-libs-3.1.1-17.el6.x86_64.rpm
│ │ │ └── net-snmp-libs-5.5-57.el6_8.1.x86_64.rpm
│ │ ├── handles
│ │ │ └── main.yml
│ │ ├── meta
│ │ ├── tasks
│ │ │ └── main.yml
│ │ ├── templates
│ │ │ └── keepalived.conf.j2
│ │ └── vars
│ └── zabbix-agent
│ ├── defaults
│ ├── files
│ │ ├── install_zabbix_agent.sh
│ │ ├── zabbix-agent-3.0.4-1.el6.x86_64.rpm
│ │ ├── zabbix-release-3.0-1.el7.noarch.rpm
│ │ └── zabbix.repo
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ ├── tasks
│ │ └── main.yml
│ ├── templates
│ │ └── zabbix_agentd.conf.j2
│ └── vars
│ └── all
├── site.yml
└── zabbix_host.yml
33 directories, 30 files
[root@Master-drbd ansible]# ls
hosts roles site.yml zabbix_host.yml
[root@Master-drbd ansible]# cat hosts
[zabbix-agent]
172.16.80.132
172.16.80.126
[haproxy]
172.16.80.132
172.16.80.126
[keepalived-master]
172.16.80.132
[keepalived-slave]
172.16.80.126
[root@Master-drbd ansible]# cat site.yml
- name: install zabbix agent
hosts: zabbix-agent
remote_user: root
roles:
- zabbix-agent
- name: install haproxy
hosts: haproxy
remote_user: root
roles:
- haproxy
- name: install keepalived
hosts: keepalived-master,keepalived-slave
remote_user: root
roles:
- keepalived-master
- keepalived-slave
[root@Master-drbd ansible]# ansible-playbook -i hosts site.yml
PLAY [install zabbix agent] ****************************************************
TASK [setup] *******************************************************************
ok: [172.16.80.132]
ok: [172.16.80.126]
TASK [zabbix-agent : cp zabbix-agent-3.0.4-1.el6.x86_64.rpm to all client] *****
ok: [172.16.80.132]
ok: [172.16.80.126]
TASK [zabbix-agent : cp install_zabbix_agent.sh to all client] *****************
ok: [172.16.80.132]
ok: [172.16.80.126]
TASK [zabbix-agent : execute scripts to install zabbix agent] ******************
changed: [172.16.80.132]
changed: [172.16.80.126]
TASK [zabbix-agent : configure zabbix agent conf] ******************************
ok: [172.16.80.132]
ok: [172.16.80.126]
TASK [zabbix-agent : Start zabbix agent] ***************************************
ok: [172.16.80.132]
ok: [172.16.80.126]
PLAY [install haproxy] *********************************************************
TASK [setup] *******************************************************************
ok: [172.16.80.132]
ok: [172.16.80.126]
TASK [haproxy : cp haproxy-1.5.4-3.el6.x86_64.rpm to all client] ***************
ok: [172.16.80.132]
ok: [172.16.80.126]
TASK [haproxy : cp install_haproxy.sh to all client] ***************************
ok: [172.16.80.132]
ok: [172.16.80.126]
TASK [haproxy : execute scripts to install zabbix agent] ***********************
changed: [172.16.80.132]
changed: [172.16.80.126]
TASK [haproxy : configure haproxy conf] ****************************************
ok: [172.16.80.132]
ok: [172.16.80.126]
TASK [haproxy : Start haproxy] *************************************************
ok: [172.16.80.132]
ok: [172.16.80.126]
PLAY [install keepalived] ******************************************************
TASK [setup] *******************************************************************
ok: [172.16.80.132]
ok: [172.16.80.126]
TASK [keepalived-master : cp keepalived-1.2.13-5.el6_6.x86_64.rpm to all client] ***
changed: [172.16.80.132]
changed: [172.16.80.126]
TASK [keepalived-master : cp lm_sensors-libs-3.1.1-17.el6.x86_64.rpmm to all client] ***
changed: [172.16.80.132]
changed: [172.16.80.126]
TASK [keepalived-master : cp net-snmp-libs-5.5-57.el6_8.1.x86_64.rpm to all client] ***
changed: [172.16.80.132]
changed: [172.16.80.126]
TASK [keepalived-master : cp install_keepalived_master.sh to all client] *******
changed: [172.16.80.132]
changed: [172.16.80.126]
TASK [keepalived-master : execute scripts to install zabbix agent] *************
changed: [172.16.80.132]
changed: [172.16.80.126]
TASK [keepalived-master : configure keepalived conf] ***************************
changed: [172.16.80.132]
changed: [172.16.80.126]
TASK [keepalived-master : Start keepalived] ************************************
changed: [172.16.80.132]
changed: [172.16.80.126]
TASK [keepalived-slave : cp keepalived-1.2.13-5.el6_6.x86_64.rpm to all client]
ok: [172.16.80.132]
ok: [172.16.80.126]
TASK [keepalived-slave : cp lm_sensors-libs-3.1.1-17.el6.x86_64.rpmm to all client] ***
ok: [172.16.80.126]
ok: [172.16.80.132]
TASK [keepalived-slave : cp net-snmp-libs-5.5-57.el6_8.1.x86_64.rpm to all client] ***
ok: [172.16.80.132]
ok: [172.16.80.126]
TASK [keepalived-slave : cp install_keepalived_slave.sh to all client] *********
changed: [172.16.80.132]
changed: [172.16.80.126]
TASK [keepalived-slave : execute scripts to install zabbix agent] **************
changed: [172.16.80.132]
changed: [172.16.80.126]
TASK [keepalived-slave : configure keepalived conf] ****************************
changed: [172.16.80.132]
changed: [172.16.80.126]
TASK [keepalived-slave : Start keepalived] *************************************
ok: [172.16.80.132]
ok: [172.16.80.126]
PLAY RECAP *********************************************************************
172.16.80.126 : ok=27 changed=12 unreachable=0 failed=0
172.16.80.132 : ok=27 changed=12 unreachable=0 failed=0
3、实际配置
主节点
[root@haproxy_master keepalived]# cat /etc/haproxy/haproxy.cfg
# Global settings
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
retries 3
timeout connect 10s
timeout client 1m
timeout server 1m
timeout check 10s
maxconn 3000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend www
bind *:80
mode http
option httplog
option forwardfor
option httpclose
log global
default_backend app1
backend app1
mode http
# option redispatch
option abortonclose
balance roundrobin
option httpchk GET /
server api-gw-1 172.16.80.125:80 check inter 20 rise 2 fall 5
server api-gw-2 172.16.80.125:8080 check inter 2000 rise 2 fall 5
listen stats
mode http
bind 0.0.0.0:8888
stats enable
stats refresh 10s
stats auth martin:123456
stats uri /admin
stats realm Global\ statistics
[root@haproxy_master keepalived]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id haproxy_master
}
vrrp_script check_haproxy {
# script "killall -0 haproxy"
script "/etc/keepalived/check_haproxy.sh"
interval 3
}
vrrp_instance haproxy_ha {
state BACKUP
interface eth0
virtual_router_id 80
priority 100
advert_int 2
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
check_haproxy
}
virtual_ipaddress {
172.16.80.199/24
}
}
[root@haproxy_slave keepalived]# cat check_haproxy.sh
#!/bin/bash
A=`ps -C haproxy --no-header |wc -l`
if [ $A -eq 0 ];then
/etc/init.d/haproxy start
sleep 3
if [ `ps -C haproxy --no-header |wc -l` -eq 0 ];then
/etc/init.d/keepalived stop
fi
fi
备用节点
[root@haproxy_slave keepalived]# cat /etc/haproxy/haproxy.cfg
# Global settings
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
retries 3
timeout connect 10s
timeout client 1m
timeout server 1m
timeout check 10s
maxconn 3000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend www
bind *:80
mode http
option httplog
option forwardfor
option httpclose
log global
default_backend app1
backend app1
mode http
# option redispatch
option abortonclose
balance roundrobin
option httpchk GET /
server api-gw-1 172.16.80.125:80 check inter 20 rise 2 fall 5
server api-gw-2 172.16.80.125:8080 check inter 2000 rise 2 fall 5
listen stats
mode http
bind 0.0.0.0:8888
stats enable
stats refresh 10s
stats auth martin:123456
stats uri /admin
stats realm Global\ statistics
[root@haproxy_slave keepalived]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id haproxy_slave
}
vrrp_script check_haproxy {
######### script "killall -0 haproxy"
script "/etc/keepalived/check_haproxy.sh"
interval 3
}
vrrp_instance haproxy_ha {
state BACKUP
interface eth0
virtual_router_id 80
priority 80
advert_int 2
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
check_haproxy
}
virtual_ipaddress {
172.16.80.199/24
}
}
