Building of Web services based on haproxy+keepalived high availability load Balancer

A brief introduction to the principle

1.HAProxy
Haproxy provides high availability, load balancing, and proxies based on TCP and HTTP applications, supporting virtual hosting, which is a free, fast, and reliable solution. Haproxy is especially useful for Web sites that are heavily loaded, and often require session-hold or seven-tier processing. Haproxy runs on today's hardware and can support tens of thousands of concurrent connections. and its operating mode makes it easy and safe to integrate into the current architecture, while protecting the Web server from being exposed to the network.
2.Keepalived
Keepalived is a high-availability scheme for LVS services based on the VRRP protocol, which can be used to avoid single points of failure. A LVS service will have 2 servers running keepalived, one master server (master), one for backup server, but external as a virtual IP, the primary server will send a specific message to the backup server, when the backup server does not receive this message, That is, when the primary server goes down, the backup server takes over the virtual IP and continues to serve, guaranteeing high availability. Keepalived is the perfect realization of VRRP.
3.VRRP protocol
In a real-world network environment, two hosts that need to communicate do not have a direct physical connection in most cases. For such a situation, how do they choose between routes? How the host selects the next hop route to the destination host, there are two common ways to solve this problem:
Use dynamic routing protocol (RIP, OSPF, etc.) on the host
Configure static routes on the host
It is obvious that configuring dynamic routing on a host is impractical because of the many issues of management, maintenance costs, and support. Configuring static routes becomes popular, but routers, or default gateways, are often a single point of failure. The purpose of VRRP is to solve the problem of a static routing single point of failure, VRRP a campaign (election) protocol to dynamically hand over the routing task to a VRRP router in the virtual router on the LAN.

two operating environments

1. System
CentOS Linux release 7.2.1511 (Core)
2. Application software
Haproxy-1.5.14-3.el7.x86_64
Keepalived-1.2.13-7.el7.x86_64
Httpd-2.4.6-45.el7.centos.x86_64
Php-5.4.16-42.el7.x86_64
Mariadb-server-5.5.52-1.el7.x86_64
Mariadb.x86_64
Wordpress-4.3.1-zh_cn.zip
Nfs-utils-1.3.0-0.33.el7.x86_64
Rpcbind-0.2.0-38.el7.x86_64
3.IP Configuration
Load Balancer
dip1:172.18.67.13
dip2:172.18.67.14
Back-end Real Server
rip1:172.18.67.11
rip2:172.18.67.12
Database server
mip:172.18.67.1
Client IP
ip:172.18.67.3
vip:172,.18.67.33

three-architecture topology and application software installation

1. Topology diagram

2. Deploy the application software
Install deployment Haproxy, keepalived on servers with IP 172.18.67.13 and 172.18.67.14

[[email protected] ~]# Yum install haproxy keepalived-y[[email protected] ~]# yum install haproxy keepalived-y

Install Deployment httpd, PHP on servers with IP 172.18.67.11 and 172.18.67.12

[[email protected] ~]# Yum install httpd php-y[[email protected] ~]# yum install httpd php-y

Deploy MARIADB, Mariadb-server, php-mysql on servers with IP 172.18.67.1

[email protected] ~]# Yum install mariadb mariadb-server php-mysql-y

In addition, due to the way the database is file-sharing, we also install NFS on the real server side and the database server to install the NFS application software nfs-utils, Rpcbind

[[email protected] ~]# Yum install nfs-utils rpcbind-y[[email protected] ~]# yum install nfs-utils rpcbind-y[[email prot Ected] ~]# yum install nfs-utils rpcbind-y

Four configuration

1.Real Server Configuration
Here we set the IP for 172.18.67.11 and 172.18.67.12 Server 80 port to the dynamic resource station, the IP is 172.18.67.11 and 172.18.67.12 8080 Port server simulation of another two servers set to static resource station: the WordPress application Unzip to/var/www/html/and modify the owner and owner group of the Directory

[Email protected] ~]# unzip wordpress-4.3.1-zh_cn.zip-c/var/www/html/[[email protected] ~]# chown-r Apache:apache/var /www/html/wordpress[[email protected] ~]# unzip wordpress-4.3.1-zh_cn.zip-c/var/www/html/[[email protected] ~]# chown -R apache:apache/var/www/html/wordpress

Modify the httpd configuration file for the backend server to modify the site directory from the default/var/www/html to/var/www/html/wordpress.
2.NFS Configuration
Database-Side Modification configuration file

[Email protected] ~]# vim/etc/exports/data/172.18.67.11 (rw,async)/data/172.18.67.12 (Rw,async)

Modify the NFS app to start the real server and the database server after the save is complete

[[email protected] ~]# systemctl start rpcbind[[email protected] ~]# systemctl start nfs[[email protected] ~]# systemctl s  Tart Rpcbind[[email protected] ~]# systemctl start nfs[[email protected] ~]# systemctl start rpcbind[[email protected] ~]# Systemctl Start NFS

Create data storage directory and modify right

[Email protected] ~]# mkdir/data[[email protected] ~]# chown-r mysql:mysql/data

Modifying the database configuration file data store directory

[Email protected] ~]# vim/etc/my.cnfdatadir=/data/

Start the database

[Email protected] ~]# systemctl start mariadb-server

mount a database directory to a Web dynamic resource server

[[email protected] ~]# mount-t NFS 172.18.67.1:/data//mnt[[email protected] ~]# mount-t NFS 172.18.67.1:/data//mnt

3.keepalived Configuration
MASTER

BACKUP

Notification script

#!/bin/bash#contact= ' [email protected] ' notify () {mailsubject= "$ (hostname) to is $, VIP floating" mailbody= "$ (date + '%F %T '): VRRP transition, $ (hostname) changed to be $ "echo" $mailbody "| Mail-s "$mailsubject" $contact}case $ inmaster) notify Master;; Backup) notify backup;; fault) notify fault;; *) echo "Usage: $ (basename $) {Master|backup|fault}" exit 1;; Esac

4.haproxy Configuration
The configuration content of the two nodes is the same, as follows:

[[email protected] haproxy]# vim haproxy.cfgglobal    log          127.0.0.1 local2    chroot     /var/lib/haproxy     pidfile    /var/run/haproxy.pid    maxconn     4000     user        haproxy    group        haproxy    daemon    Stats socket/var/lib/haproxy/ statsdefaults    mode                     http    log                      global    option                   Httplog     option                   dontlognull    option http-server-close    option forwardfor        except 127.0.0.0/8    option                   redispatch    retries                  3    Timeout http-request    10s    Timeout queue            1m    Timeout connect         10s     Timeout client          1m    timeout server          1m    Timeout http-keep-alive 10s    Timeout check           10s    maxconn                 3000frontend  Web *:80    mode      http    maxconn       2000    ACL url_static     path_beg       -i /static/images/javascript/stylesheets    ACL url_static      path_end      -i . jpg. gif. png. css. js. html. txt. htm & nbsp;  use_backend staticsrvs  if url_static    default_backend     Appsrvsbackend staticsrvs    balance      roundrobin    server      STCSRVS1 172.18.67.11:8080 check    Server        stcsrvs2 172.18.67.12:8080 checkbackend appsrvs    balance       roundrobin    server      WP1 172.18.67.11:80 check    server        wp2 172.18.67.12:80 checklisten Stats     bind:10086    stats   enable    stats   URI     /admin?stats    stats   auth    admin:admin     stats   admin   If TRUE

Five start the service and test

1. Start Haproxy and keepalived

[[email protected] ~]# systemctl restart Haproxy[[email protected] ~]# systemctl restart Keepalived[[email protected] ~]# Systemctl restart Haproxy[[email protected] ~]# systemctl restart keepalived

2. Testing
Inode2:

[[email protected] ~]# systemctl status-l keepalived Keepalived.service-lvs and VRRP high availability MONITOR&NB sp;  loaded:loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset:disabled)    Active:active (running) since Wed 2017-05-17 23:49:45 CST; 6s ago  process:28940 execstart=/usr/sbin/keepalived $KEEPALIVED _options (code=exited, status=0/success)   Main pid:28941 (keepalived)    CGroup:/system.slice/keepalived.service           ├─28941/usr/sbin/keepalived-D           ├─28942/usr/sbin/keepalived-d          └─28943/ Usr/sbin/keepalived-dmay 23:49:45 Inode2 keepalived_vrrp[28943]: Registering gratuitous ARP shared Channelmay 17 23:49 : Inode2 keepalived_vrrp[28943]: Opening file '/etc/keepalived/keepalived.conf '. May 23:49:45 Inode2 keepalived_vrrp[28943]: Configuration is using:63025 bytesmay 23:49:45 inode2 keepalived_vrrp[28943]: Using Linkwatch kernel netlink reflect Or ... May 23:49:45 Inode2 keepalived_vrrp[28943]: VRRP sockpool: [IfIndex (2), Proto (), unicast (0), FD (10,11)]may 17 23:49: Inode2 keepalived_vrrp[28943]: vrrp_instance (HTTP) Transition to MASTER statemay 23:49:47 inode2 keepalived_vrrp[28 943]: vrrp_instance (http) Entering MASTER statemay 23:49:47 inode2 keepalived_vrrp[28943]: vrrp_instance (HTTP) Setting protocol Vips.may 23:49:47 Inode2 keepalived_healthcheckers[28942]: NetLink Reflector reports IP 172.18.67.33 A Ddedmay 23:49:47 inode2 keepalived_vrrp[28943]: vrrp_instance (HTTP) sending gratuitous ARPs on eno16777736 for 172.18.6 7.33

We saw the Inode2 node go into master mode and see the status of Inode3.

[[email protected] ~]# systemctl start keepalived[[email protected] ~]# systemctl status-l  keepalived Keepalived.service-lvs and VRRP High Availability monitor   loaded:loaded (/usr/lib/systemd/system/ Keepalived.service; Disabled Vendor preset:disabled)    Active:active (running) since Wed 2017-05-17 23:51:08 CST; 5s ago  process:42610 execstart=/usr/sbin/keepalived $KEEPALIVED _options (code=exited, status=0/success)   Main pid:42611 (keepalived)    CGroup:/system.slice/keepalived.service           ├─42611/usr/sbin/keepalived-D           ├─42612/usr/sbin/keepalived-d          └─42613/ Usr/sbin/keepalived-dmay 23:51:08 inode3 keepalived_vrrp[42613]: NetLink Reflector reports IP fe80::20c:29ff:fe78 : 24c3 addedmay 23:51:08 inode3 keepalived_vrrp[42613]: Registering KerNel netlink reflectormay 23:51:08 inode3 keepalived_healthcheckers[42612]: Using linkwatch kernel netlink reflector ... May 23:51:08 Inode3 keepalived_vrrp[42613]: Registering Kernel netlink command channelmay 23:51:08 inode3 keepalived _VRRP[42613]: Registering gratuitous ARP shared Channelmay 23:51:08 inode3 keepalived_vrrp[42613]: Opening file '/etc/k Eepalived/keepalived.conf '. 23:51:08 inode3 keepalived_vrrp[42613]: Configuration is using:63023 bytesmay-23:51:08 inode3 keepalived_vrrp[ 42613]: Using linkwatch kernel netlink reflector ... May 23:51:08 Inode3 keepalived_vrrp[42613]: vrrp_instance (http) Entering BACKUP Statemay + 23:51:08 inode3 keepalived_ VRRP[42613]: VRRP sockpool: [IfIndex (2), Proto (), unicast (0), FD (10,11)]

It is not difficult to see that the INODE3 node is in backup state, and we will stop the Inode2 keepalived service at this time

[[email protected] ~]# systemctl stop keepalived[[email protected] ~]# systemctl status-l  keepalived Keepalived.service-lvs and VRRP High Availability monitor   loaded:loaded (/usr/lib/systemd/system/ Keepalived.service; Disabled Vendor preset:disabled)    Active:active (running) since Wed 2017-05-17 23:51:08 CST; 1min 2s ago  process:42610 execstart=/usr/sbin/keepalived $KEEPALIVED _options (code=exited, status=0/success)  main pid:42611 (keepalived)    CGroup:/system.slice/keepalived.service           ├─42611/usr/sbin/keepalived-D           ├─42612/usr/sbin/keepalived-D           └─42613/usr/sbin/keepalived-dmay 23:51:08 inode3 keepalived_vrrp[42613]: Opening file '/etc/keepalived/ Keepalived.conf '. 23:51:08 inode3 keepalived_vrrp[42613]: Configuration is using: 63023 bytesmay 23:51:08 inode3 keepalived_vrrp[42613]: Using linkwatch kernel netlink reflector ... May 23:51:08 Inode3 keepalived_vrrp[42613]: vrrp_instance (http) Entering BACKUP Statemay + 23:51:08 inode3 keepalived_ VRRP[42613]: VRRP sockpool: [IfIndex (2), Proto (), unicast (0), FD (10,11)]may + 23:52:07 Inode3 keepalived_vrrp[42613] : Vrrp_instance (HTTP) Transition to MASTER statemay 23:52:08 inode3 keepalived_vrrp[42613]: vrrp_instance (HTTP) enteri ng MASTER Statemay 23:52:08 inode3 keepalived_vrrp[42613]: vrrp_instance (HTTP) Setting protocol Vips.may + 23:52:08 in Ode3 keepalived_healthcheckers[42612]: NetLink Reflector reports IP 172.18.67.33 Addedmay + 23:52:08 inode3 keepalived_v RRP[42613]: vrrp_instance (HTTP) sending gratuitous ARPs on eno16777736 for 172.18.67.33

We found that the INODE3 node entered the master state, thus showing the high availability of the feature
Next we test the characteristics of the haproxy, in the Haproxy configuration file There is the following paragraph

Listen stats bind:10086 stats enable stats uri/admin?stats Stats Auth admin:admin stats ad Min if TRUE

This configuration allows us to view and modify the Haproxy statistics interface in the browser to enable the relevant parameters, enter Http://172.18.67.33:10086/admin?stats in the browser, the following status will appear, enter the account and password, The Haproxy related parameter Configuration page is entered.

In the two Web servers can be seen load balancing one responsible for dynamic resource resolution, the other is responsible for static resources. The data for the dynamic resource resides on the backend NFS server.

Next we will be able to install WordPress by accessing http://172.18.67.33 in the browser. At this point a simple high-availability load balancing service is built.

Building of Web services based on haproxy+keepalived high availability load Balancer