Haproxy+keepalived to achieve high availability of Web services, static and dynamic separation, etc.

Source: Internet
Author: User

General Planning:

Host Ip Describe
Vip 192.168.0.222 Provide high-availability IP externally
Haproxy+keepalived (Node1) 192.168.0.111

Haproxy for the back-end two Web services to do static and dynamic separation, keepalived for haproxy to do high availability.

Haproxy+keepalived (Node2) 192.168.0.112
WEB (NODE3) 192.168.0.113 Providing a static request response
Apache+php+mysql (NODE4) 192.168.0.114 Provide dynamic request response

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/25/8B/wKioL1NjUnCD4CJDAAErkscIJt4586.jpg "title=" image 055. JPG "alt=" wkiol1njuncd4cjdaaerkscijt4586.jpg "/>

I. Introduction to the principle of keepalived

The role of keepalived is to detect the state of the Web server, if a Web server freezes, or a work failure occurs, keepalived detects and rejects the failed Web server from the system. When the Web server is working properly, Keepalived automatically joins the Web server to the server farm, all of which are done automatically, without the need for manual intervention, and the only thing that needs to be done manually is to repair the failed Web server.

The layer3,4&7 works in the IP layer, TCP layer, and application layer of the IP/TCP protocol stack, respectively, as follows:

    • Layer3:keepalived when working in Layer3 mode, keepalived periodically sends an ICMP packet to the server in the server farm (both our usual ping program), and if the IP address of a service is not activated, Keepalived reports that the server is invalid and rejects it from the server farm, a typical example of a server being illegally shut down. The Layer3 is based on whether the server's IP address is valid as a standard for the server to function properly or not. This is the way it will be used in this article.

    • Layer4: If you understand the Layer3 way, Layer4 is easy. The LAYER4 is primarily based on the status of the TCP port to determine whether the server is working properly. If the Web server's service port is typically 80, keepalived will remove the server from the server farm if Keepalived detects that port 80 is not booting.

    • Layer7:layer7 is to work in the specific application layer, more complex than Layer3,layer4, the network occupies a larger bandwidth. Keepalived will check the server program according to user's settings is normal, if the user's settings do not match, then keepalived will remove the server from the server farm.

--quoting Baidu Encyclopedia

Second, the installation of related software

The web and lamp building are not to be mentioned here; after the installation is complete, you can test for normal access.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/25/8A/wKiom1NjVRfRlDxfAADl932OBRk864.jpg "title=" image 056. JPG "alt=" wkiom1njvrfrldxfaadl932obrk864.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/25/8B/wKioL1NjVPrgCghMAAEjpXxWvrQ427.jpg "title=" image 057. JPG "alt=" wkiol1njvprgcghmaaejpxxwvrq427.jpg "/>

Test two machines for normal access.

Install keepalived and haproxy for Node1 and Node2 respectively; yum installation is easy

[Email protected] ~]# rpm-q keepalived haproxykeepalived-1.2.7-3.el6.x86_64haproxy-1.4.24-2.el6.x86_64                                                                                                                                                                                                                                      ------- ----------------------------------------                                                                                                                                                                                                                                    [[email protected] ~]# rpm-q keepalived Haproxykeepalived-1.2.7-3.el6.x86_64haproxy-1.4.24-2.el6.x86_64[[email protected] ~]#

Three, the configuration Haproxy realizes the static and dynamic separation

This is demonstrated here on Node1; Node2 the same configuration:

[[email protected] ~]# vim/etc/haproxy/haproxy.cfg# There are no changes to the global segment and the default segment, but the log needs to be opened in the global segment; #其余的全部注释 Any re-additions to the following; #具体含义上一篇以做解释; frontend web bind *:80 ACL url_static path_beg-i/static/images/ja      Vascript/stylesheets ACL url_static path_end-i. jpg. gif. png. css. js. html. htm ACL url_dynamic                                                                                                                                                                                             Path_end-i. php Use_backend Static if u    Rl_static use_backend Dynamic if url_dynamic default_backend staticbackend static balance Roundrobin Server Node3 192.168.0.113:80 checkbackend dynamic balance roundrobin server Node4 192.168.0. 114:80 Checklisten Stats mode http bind *:1234 stats enable stats refresh 3s stats hide-version St ATS Uri/admin?stats Stats Realm haproxy\ Statistics Stats auth admin:haproxy stats admin if TRUE -------------------------------------------------------------------#复制一份到node2即可; start Haproxy [[email                                                           Protected] ~]# scp/etc/haproxy/haproxy.cfg node2:/etc/haproxy/haproxy.cfg 100% 3896 3.8kb/s 00:00 [[email protected] ~]#

View stats information:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/25/8B/wKioL1NjZLvyNBcUAATw7yxWOH4863.jpg "title=" image 058. JPG "alt=" wkiol1njzlvynbcuaatw7yxwoh4863.jpg "/>

If there are multiple machines at the back end, load balancing can be achieved, and no instances are made here.

Iv. configuration keepalived for high availability of haproxy

Also configured on Node1, but the node2 needs to change two places:

[[email protected] ~]# vim/etc/keepalived/keepalived.conf!                                                                                                                                              Configuration File for Keepalived global_defs {#全局配置 Notification_email {[em                   Ail protected] #接受邮件方} notification_email_from [email protected] #发件人 smtp_server 127.0.0.1                                                                                                                             #邮件服务器 smtp_connect_timeout #超时时长 router_id lvs_devel #ID; Vrrp_script Chk_down {#添加监控规则 script "[[-f/root/down]] && Exit 1 | |                                                                                                 Exit 0 "#上面说明如果在/roo/down file; fail; move to the top; interval 1 #多久监控一次 weight 2 #权重}                                             Vrrp_script Chk_haproxy {#监控haproxy服务的 script "pidof haproxy &>/ Dev/null && Exit 0 | |                                                                                                                                              Exit 1 "Interval 1 weight 2}     Vrrp_instance vi_1 {#添加一个实例 State MASTER #定义主从  #注意node2从的上为BACKUP interface eth0 #网络接口 virtual_router_id 222 #虚拟路由ID; Generate a virtual Mac based on this ID; ensure its uniqueness priority #优先级别 backup is lower than master Advert_int 1 #心跳广播间隔 authentication {#认证 Auth_type P #明文认证 auth_pass 1111 #password} virtual_ipaddress {#虚拟IP 192.168.0.222} tra Ck_script {#脚本追踪; in effect the definition script above Chk_down chk_haproxy} notify_master "/etc/keepalived/notify.sh ma Ster "#邮件通知 notify_backup"/etc/keepalived/notify.sh backup "Notify_fault"/etc/keepalived/notify.sh Fault "}#更改以上信息; All the information in the rest of the configuration files can be---------------------------------------------------------#复制一份到node2, and changed according to the above description 

provide Haproxy script:

[[email protected] ~]# vim/etc/keepalived/notify.sh#!/bin/bash# author:mageedu <[email protected]> # Description:an Example of notify script#vip=192.168.0.222contact= ' [email protected] ' notify () {#定义发送邮件格式等信 mailsubject= "' hostname ' to be $: $vip floating" mailbody= "' Date ' +%f%h:%m:%s ': vrrp transition, ' hostname ' Chan Ged to be $ "echo $mailbody |                                                                                                                                  Mail-s "$mailsubject" $contact} Case "$" in master) #根据参数进行执行对应命令 notify master/e    Tc/rc.d/init.d/haproxy start exit 0;;    Backup) notify Backup/etc/rc.d/init.d/haproxy stop exit 0;;    Fault) notify Fault/etc/rc.d/init.d/haproxy stop exit 0;; *) echo ' Usage: ' basename $ ' {master|backup|fault} ' exit 1;;                                                   Esac                                                                               #完成后复制一份到node2即可 # Start Keepalived 

V. High availability of Test haproxy

[[Email protected] ~]# IP a1:lo: <LOOPBACK,UP,LOWER_UP> MTU 16436 qdisc noqueue State UNKNOWN    link/loopback 00: 00:00:00:00:00 BRD 00:00:00:00:00:00    inet 127.0.0.1/8 Scope host lo    INET6:: 1/128 scope host       Valid_lft Forever Preferred_lft Forever2:eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> MTU qdisc pfifo_fast State UNKNOWN Qle N-    link/ether 00:0c:29:5e:1e:4f brd ff:ff:ff:ff:ff:ff    inet 192.168.0.111/16 BRD 192.168.255.255 Scope Global eth0    inet 192.168.0.222/32 scope global eth0    inet6 fe80::20c:29ff:fe5e:1e4f/64 scope link       valid_ LfT Forever Preferred_lft Forever                                                                                                                              #查看虚拟IP目前在node1上;

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/25/8B/wKioL1NjcfPQuN2hAAIaatxUA24321.jpg "title=" image 059. JPG "alt=" wkiol1njcfpqun2haaiaatxua24321.jpg "/>

Test access is normal; below down node1 look down;

#由于配置文件定义了一个down的脚本; direct file creation [[email protected] ~]# touch down[[email protected] ~]# IP a1:lo: <loopback, Up,lower_up> MTU 16436 qdisc noqueue State UNKNOWN link/loopback 00:00:00:00:00:00 BRD 00:00:00:00:00:00 inet 127 .0.0.1/8 Scope Host lo inet6:: 1/128 scope host Valid_lft forever Preferred_lft Forever2:eth0: <broadcast,mul Ticast,up,lower_up> MTU Qdisc pfifo_fast State UNKNOWN Qlen-link/ether 00:0c:29:5e:1e:4f BRD ff:ff:ff:ff:f       F:ff inet 192.168.0.111/16 BRD 192.168.255.255 scope global eth0 inet6 fe80::20c:29ff:fe5e:1e4f/64 scope link                                                                                                           Valid_lft Forever preferred_lft foreveryou have new mail in/var/spool/mail/root #这里也提示有邮件信息 ------------------------------------------                                                                                                           ------------------------ [[Email protecTed] ~]# IP a1:lo: <LOOPBACK,UP,LOWER_UP> MTU 16436 qdisc noqueue State UNKNOWN Link/loopback 00:00:00:00:00:00 BRD 00:00:00:00:00:00 inet 127.0.0.1/8 Scope host lo inet6:: 1/128 scope host Valid_lft Forever Preferred_lft Forever2:eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> MTU Qdisc Pfifo_fast State up Qlen, Link/ether 00:0c:2 9:df:70:b6 BRD ff:ff:ff:ff:ff:ff inet 192.168.0.112/16 BRD 192.168.255.255 scope Global eth0 inet 192.168.0.222/32 s                                                                                                           Cope Global eth0 #测试已转移到node2上

It is also normal to test the page.

Test whether the Haproxy script can execute

[[email protected] ~]# service haproxy stopstopping haproxy: [OK][[email  protected] ~]# IP a1:lo: <LOOPBACK,UP,LOWER_UP> MTU 16436 qdisc noqueue State UNKNOWN link/loopback 00:00: 00:00:00:00 BRD 00:00:00:00:00:00 inet 127.0.0.1/8 Scope host lo inet6:: 1/128 scope host VALID_LFT Forever PR Eferred_lft forever2:eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> MTU qdisc pfifo_fast State UNKNOWN Qlen Ink/ether 00:0c:29:5e:1e:4f BRD ff:ff:ff:ff:ff:ff inet 192.168.0.111/16 BRD 192.168.255.255 scope global eth0 Inet6 FE80::20C:29FF:FE5E:1E4F/64 Scope Link--                                                                                  -------------------------------------------------------------------- [[email protected] ~]# IP a1:lo: <LOOPBACK,UP,LOWER_UP> MTU 16436 Qdisc Noqueue St Ate UNKNOWN Link/loopBack 00:00:00:00:00:00 BRD 00:00:00:00:00:00 inet 127.0.0.1/8 Scope host lo inet6:: 1/128 Scope host Valid_lft Forever Preferred_lft Forever2:eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> MTU Qdisc pfifo_fast State up Qlen 100    0 link/ether 00:0c:29:df:70:b6 brd ff:ff:ff:ff:ff:ff inet 192.168.0.112/16 BRD 192.168.255.255 Scope Global eth0 inet 192.168.0.222/32 Scope Global eth0-                                                                                  -------------------------------------------------------------------- [[email protected] ~]# tail-5/var/log/messagesmay 2 18:25:10 node1 keepalived_vrrp[533 1]: Vrrp_script (chk_haproxy) Failedmay 2 18:25:10 node1 keepalived_vrrp[5331]: vrrp_instance (vi_1) Received higher Prio A Dvertmay 2 18:25:10 node1 keepalived_vrrp[5331]: vrrp_instance (vi_1) Entering BACKUP statemay 2 18:25:10 node1 Keepalive D_VRRP[5331]: Vrrp_instaNCE (vi_1) removing protocol Vips.may 2 18:25:10 Node1 keepalived_healthcheckers[5330]: NetLink Reflector reports IP 192.1 68.0.222 removed #可以查看系统日志也记录详细信息 # test start hap After Roxy, the virtual IP is automatically reversed.

The haproxy+keepalived configuration is complete and the related functions have been tested successfully.




If there is an error, please correct it.

This article is from the "Soul" blog, make sure to keep this source http://chenpipi.blog.51cto.com/8563610/1405554

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.