HAProxy是一个使用C语言编写的自由及开放源代码软件,其提供高可用性、负载均衡,以及基于TCP和HTTP的应用程序代理。 HAProxy特别适用于那些负载特大的web站点,这些站点通常又需要会话保持或七层处理。HAProxy运行在当前的硬件上,完全可以支持数以万计的并发连接。并且它的运行模式使得它可以很简单安全的整合进您当前的架构中, 同时可以保护你的web服务器不被暴露到网络上。
环境:
HAProxy服务器:192.168.200.101、192.168.200.102
虚拟服务器(VIP):192.168.200.100、192.168.200.110
DNS轮询: 192.168.200.100、192.168.200.110
1. 安装HAProxy:#两节点HAProxy配置一致
wget http://www.haproxy.org/download/1.7/src/haproxy-1.7.8.tar.gz
tar xzvf haproxy-1.7.8.tar.gz
cd haproxy-1.7.8/
make TARGET=linux31 CPU=x86_64 PREFIX=/usr/local/haproxy
#uname -r中查看内核版本号为 3.10.0-514.el7.x86_64 则TARGET=linux31 CPU=x86_64
make install PREFIX=/usr/local/haproxy
创建haproxy用户和组
groupadd haproxy
useradd -g haproxy -s /sbin/nologin haproxy
创建配置文件
mkdir /usr/local/haproxy/conf/
vim /usr/local/haproxy/conf/haproxy.cfg
#全局配置 global #设置日志 log 127.0.0.1 local3 info #haproxy安装目录 chroot /usr/local/haproxy #用户与用户组 user haproxy group haproxy #守护进程方式启动 daemon #进程数量 nbproc 1 #每个进程最大连接数 maxconn 65535 #默认设置 defaults log global #模式(tcp:三层|http:七层|health:只返回ok) mode http option httplog #服务端保持长连接 option http-pretend-keepalive #不记录健康检查日志 option dontlognull #每次请求完毕后关闭http通道 option httpclose #服务端响应后主动关闭请求连接,不检查客户端应答确认 option forceclose #如果后端服务器宕机,强制切换到其他服务器 option redispatch #丢弃由于客户端等待时间过长但仍在等待队列中的请求 option abortonclose #传递client端的IP地址给server端,并写入“X-Forward_for”首部中 option forwardfor except 127.0.0.0/8 #记录客户端访问的目的地IP option originalto #同一IP地址的所有请求发送到同一服务器 balance source #三次连接失败,判断服务不可用 retries 3 #检测超时时间 timeout check 5s #http请求超时时间 timeout http-request 5s #一个请求在队列中超时时间 timeout queue 10s timeout connect 5000 timeout client 50000 timeout server 50000 #前端配置,http_front名称自定义 frontend http_front bind *:80 mode http option httplog option dontlognull option httpclose #acl规则 #创建一个acl acl_http_www.a.com, 用于判断主机名是否为www.a.com,-i 忽略大小写 acl acl_www.a.com hdr_end(host) -i www.a.com acl acl_bbs.a.com hdr_end(host) -i bbs.a.com #判断ua是否是Android acl acl_m.a.com hdr_reg(User-Agent) -i android #判断url文件的结尾 acl acl_path_end path_end -i .php .php5 #如果acl_www.a.com规则被触发,则将客户端请求分发到web1 use_backend web1 if acl_www.a.com use_backend web2 if acl_bbs.a.com use_backend m if acl_m.a.com use_backend php if acl_path_end #默认页面defailt_site default_backend default_site #haproxy统计页面 listen admin_stats bind 0.0.0.0:8080 stats enable mode http #统计页面url stats uri /haproxy?stats #登录页面提示信息 stats realm "haproxy status page" #用户名 密码 stats auth admin:admin #隐藏版本信息 stats hide-version #通过认证才能管理 stats admin if TRUE #自动刷新时间 stats refresh 10s default_backend http_back #后端配置,http_back名称自定义 backend http_back #负载均衡模式 #source 根据源IP #static-rr 根据权重 #leastconn 最少连接优先处理 #url 根据请求url #url_param 根据请求url参数 #rdp-cookie 根据cookie(name)来锁定并hash每一次请求 #hdr(name) 根据http请求头来锁定每一次http请求 #roundrobin 轮询方式 balance roundrobin #设置健康检查页面 option httpchk GET /index.html #传递客户端真实IP option forwardfor header X-Forwarded-For #inter 2000 健康检查时间间隔2秒 #rise 3 检测3次认为正常运行 #fall 3 失败3次认为不可用 #weight 30 权重30 backend web1 server web11 192.168.200.108:80 check inter 2000 rise 3 fall 3 weight 30 server web12 192.168.200.103:80 check inter 2000 rise 3 fall 3 weight 30 backend web2 server web21 192.168.200.104:80 check inter 2000 rise 3 fall 3 weight 30 server web22 192.168.200.105:80 check inter 2000 rise 3 fall 3 weight 30 backend php server php1 192.168.200.106:80 check inter 2000 rise 3 fall 3 weight 30 backend m server m1 192.168.200.107:80 check inter 2000 rise 3 fall 3 weight 30 backend default_site server web00 192.168.200.109:80 check inter 2000 rise 3 fall 3 weight 30
日志设置
vim /etc/rsyslog.conf
15 $ModLoad imudp
16 $UDPServerRun 514
92 local3.* /var/log/haproxy
systemctl restart rsyslog
启动
/usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/conf/haproxy.cfg
开机启动
echo "/usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/conf/haproxy.cfg" >> /etc/rc.d/rc.local
chmod +x /etc/rc.d/rc.local
安装keepalived
yum install -y libnl-devel popt-devel openssl-devel popt-static libnfnetlink libnfnetlink-devel kernel-devel
reboot
cd /usr/local/src
wget http://www.keepalived.org/software/keepalived-1.3.4.tar.gz
tar -xzvf keepalived-1.3.4.tar.gz
cd keepalived-1.3.4
./configure
make && make install
编译的时候出现下面的提示,说明keepalived和内核结合了,否则请检查是否安装上面的软件包
cp /usr/local/src/keepalived-1.3.4/keepalived/etc/init.d/keepalived /etc/init.d/
cp /usr/local/src/keepalived-1.3.4/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
mkdir /etc/keepalived/
cp /usr/local/src/keepalived-1.3.4/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
cp /usr/local/src/keepalived-1.3.4/bin/keepalived /usr/sbin/
配置keepalived-MASTER
vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
admin@domain.com
}
notification_email_from keepalived@domain.com
smtp_server smtp.domain.com
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_http_port {
script "/etc/keepalived/check_haproxy.sh"
interval 2
weight 2
}
vrrp_instance VI_1 {
state MASTER
interface ens32
virtual_router_id 51
mcast_src_ip 192.168.200.101
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_http_port
}
virtual_ipaddress {
192.168.200.100
}
}
vrrp_instance VI_2 {
state BACKUP
interface ens32
virtual_router_id 52
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.200.110
}
}
配置keepalived-BACKUP
global_defs {
notification_email {
admin@domain.com
}
notification_email_from keepalived@domain.com
smtp_server smtp.domain.com
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_http_port {
script "/etc/keepalived/check_haproxy.sh"
interval 2
weight 2
}
vrrp_instance VI_1 {
state BACKUP
interface ens32
virtual_router_id 51
mcast_src_ip 192.168.200.102
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_http_port
}
virtual_ipaddress {
192.168.200.100
}
}
vrrp_instance VI_2 {
state BACKUP
interface ens32
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.200.110
}
}
脚本(两节点相同)
vim /etc/keepalived/check_haproxy.sh
#!/bin/bash
if [ $(ps -C haproxy --no-header | wc -l) -eq 0 ]; then
/etc/init.d/haproxy start
fi
sleep 2
if [ $(ps -C haproxy --no-header | wc -l) -eq 0 ]; then
/etc/init.d/keepalived stop
fi
启动
systemctl start keepalived
systemctl enable keepalived
ip addr | grep "192.168.200"
inet 192.168.200.101/24 brd 192.168.200.255 scope global ens32
inet 192.168.200.100/32 scope global ens32
ip addr | grep "192.168.200"
inet 192.168.200.102/24 brd 192.168.200.255 scope global ens32
inet 192.168.200.110/32 scope global ens32
当其中一台主机宕机后:
ip addr | grep "192.168.200"
inet 192.168.200.101/24 brd 192.168.200.255 scope global ens32
inet 192.168.200.100/32 scope global ens32
inet 192.168.200.110/32 scope global ens32