Haproxy + Keepalived master high availability

Introduction
HAProxy is a high-performance proxy server that provides layer-7 and layer-4 proxies with healthcheck, Server Load balancer, and other features with outstanding performance, including Twitter, Reddit, StackOverflow, many well-known Internet companies, including GitHub, are using it.

KeepAlived is a high-availability solution that achieves high availability through VIP (virtual IP) and heartbeat detection. The principle is that there is a group of two) servers, which are assigned to the Master and Backup roles respectively. By default, the Master will bind the VIP to its Nic to provide external services. Master and Backup send heartbeat packets to the other party at a certain interval to detect the status of the other party. The interval is generally 2 seconds. If the Backup finds that the Master is down, then, the Backup will send an ARP packet to the gateway and bind the VIP to its Nic. At this time, the Backup will provide external services to achieve automated failover. When the Master recovers, it will take over the services again.

The Application Scenario of our keepalived master: because we need to provide distribution requests for both the master domain name and the image server domain name, we use the Haproxy + keepalived master mode. By default, the first Server Load balancer distributes requests from www.baison.com.cn and the second Server Load balancer distributes requests from img.baison.com.cn. Any downtime does not affect website distribution. This will not cause server waste.

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/1I0292336-0.png "title =" 2.png"/>

VIP1 = 192.168.150.222 (www.baison.com.cn) VIP2 = 192.168.150.223 (img.baison.com.cn) haproxy01 = 192.168.150.110haproxy02 = 192.168.150.w.web1 = 192.168.158.20.web2 = 192.168.158.117

Web3 = 192.168.158.118

Img1 = 192.168.158.119

Img2 = 192.168.158.120

Installation and configuration process

1. the installation and configuration of the two Haproxy servers are the same.) haproxy: http://haproxy.1wt.eu/download/1.4/src/haproxy-1.4.24.tar.gz#cd/usr/local/src # wget http://haproxy.1wt.eu/download/1.4/src/haproxy-1.4.24.tar.gz#tar xf haproxy-1.4.24.tar.gz # cd haproxy-1.4.24 # make TARGET = linux26 ARCH = x86_64 # compile parameters refer to README, where TARGET is the specified kernel version, ARCH specifies the CPU architecture. # make install2. After installation, create the configuration file and Startup File. # Mkdir/etc/haproxy # cp examples/haproxy. cfg/etc/haproxy # cp examples/haproxy. init/etc/init. d/haproxy # chmod + x/etc/init. d/haproxy # ln-s/usr/local/sbin/haproxy/usr/sbin/

3. Edit the configuration file. The two Haproxy configuration files are the same)

# Vim/etc/haproxy. cfg # this config needs haproxy-1.1.28 or haproxy-1.2.1global log 127.0.0.1 local0 # log output configuration, all logs are logged on the machine, use local0 to output log 127.0.0.1 local1 notice # log loghost local0 info maxconn 65535 # maximum number of connections chroot/usr/local/# to change the current working directory. Uid 99 # uid gid 99 # gid daemon # Run haproxydefaults log global mode http # default mode {tcp | http | health }, tcp is Layer 4, http is Layer 7, health only returns OK option dontlognull option httplog retries 3 # If two connection failures occur, the server is considered unavailable option redispatch # When the server corresponding to the serverId fails, forcibly directed to another healthy server option abortonclose # When the server load is high, automatically ends the connection maxconn 65535 for a long time in the current queue # default maximum number of connections # timeout http-keep-alive 10 s # timeout queue 1 m contimeout 5000 # connection overhead Clitimeout 50000 # client timeout srvtimeout 50000 # server timeout check 5S # Heartbeat detection timeout stats refresh 30 s # statistics page automatic refresh time stats uri/stats # statistics page url stats realm baison- test-Haproxy # The text stats auth admin is displayed in the password box on the statistics page: admin123 # Set stats hide-version for the user name and password on the statistics page # hide frontend www bind: 80 for HAProxy on the statistics page # bind *: 80 is recommended here, otherwise, the vip address cannot be accessed if it is switched to another machine. Acl web hdr (host)-I www.baison.com.cn # The rule name is followed by the acl, and-I is the domain name to be accessed. If you access www.baison.com, the domain name is distributed to the scope of the following webserver. Acl img hdr (host)-I img.baison.com.cn # If you access img.baison.com.cn, it is distributed to imgserver. Use_backend webserver if web use_backend imgserver if img backend webserver # webserver SCOPE mode http balance roundrobin # banlance roundrobin round robin, balance source stores session values, supports static-rr, leastconn, first, uri and other Parameter options httpchk/index.html plugin check file. If the index.html file cannot be accessed after the device is sent separately, it will not be distributed to it. Server web01 192.168.158.116: 80 check inter 2000 fall 3 weight 20 server web02 192.168.158.117: 80 check inter 2000 fall 3 weight 10 server web03 192.168.158.118: 80 check inter 2000 fall 3 weight 10 backend imgserver mode http option httpchk/index. php balance roundrobin server img01 192.168.149.119: 80 check inter 2000 fall 3 server img02 192.168.149.120: 80 check inter 2000 fall 3

4. Start the Haproxy service and check the status.

#service  haproxy  start

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/1I0295258-1.png "title =" haproxy1.png "/>

5. install and configure two keepalived instances in the same way)

#tar zxvf  -1.2.7.tar.gz#cd keepalived-1.2.7#./configure --prefix=/usr/local/keepalived#make#make install#cp /usr/local/keepalived/sbin/keepalived /usr/sbin/#cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/#cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/#mkdir /etc/keepalived#cp /usr/local/keepalived/etc/keepalived/keepalived.conf  /etc/keepalived/

6. The first keepalived configuration file. The first master with 192.168.150.222vip and backup with 192.168.150.223.

# Vim/etc/keepalived. conf! Configuration File for rule {router_id LVS_DEVEL} vrrp_script failed {script "/usr/local/keepalived/messages" interval 2 weight 2} vrrp_instance VI_1 {state MASTER interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication {auth_type PASS auth_pass 5555} track_script {signature # monitor haproxy Process status} virtual_ipaddress {signature} vrrp_instance VI_2 {state BACKUP interface eth0 limit 52 priority 99 advert_int 1 authentication {auth_type PASS auth_pass} virtual_ipaddress {192.168.150.223 }}

7. Configure the second keepalived instance.

# Vim/etc/keepalived. conf! Configuration File for rule {router_id LVS_DEVEL} vrrp_script failed {script "/usr/local/keepalived/messages" interval 2 weight 2} vrrp_instance VI_1 {state BACKUP interface eth0 virtual_router_id 51 priority 99 advert_int 1 authentication {auth_type PASS auth_pass 5555} track_script {signature # monitor haproxy Process status} virtual_ipaddress {signature} vrrp_instance VI_2 {state MASTER interface eth0 limit 52 priority 100 advert_int 1 authentication {auth_type PASS auth_pass} virtual_ipaddress {192.168.150.223 }}

8, Check the script. To prevent keepalived from automatically switching because the haproxy service is disabled.

#vim /usr/local/keepalived/check_haproxy.sh#!/bin/bashif [ $(ps -C haproxy --no-header | wc -l) -eq 0 ]; then     /etc/init.d/haproxy  startfisleep 2if [ $(ps -C haproxy --no-header | wc -l) -eq 0 ]; then       /etc/init.d/keepalived stopfi

9. Start two keepalived and Haproxy services.

#servcie haproxy  start#service keepalived  start

10. view the VIP addresses of the two servers

#ip addr

11. kernel optimization suggestions on the official website.

echo 1024 60999 > /proc/sys/net/ipv4/ip_local_port_rangeecho 30 > /proc/sys/net/ipv4/tcp_fin_timeoutecho 4096 > /proc/sys/net/ipv4/tcp_max_syn_backlogecho 262144 > /proc/sys/net/ipv4/tcp_max_tw_bucketsecho 262144 > /proc/sys/net/ipv4/tcp_max_orphansecho 300 > /proc/sys/net/ipv4/tcp_keepalive_timeecho 1 > /proc/sys/net/ipv4/tcp_tw_recycleecho 0 > /proc/sys/net/ipv4/tcp_timestampsecho 0 > /proc/sys/net/ipv4/tcp_ecnecho 1 > /proc/sys/net/ipv4/tcp_sackecho 0 > /proc/sys/net/ipv4/tcp_dsack

12. Test whether to disable any keepalived or unplug any keepalived network cable. Img and www domain names can be accessed normally.

This article from "Zhang yupo" blog, please be sure to keep this source http://fighter.blog.51cto.com/1318618/1254815