A brief introduction to the principle
1.HAProxy
Haproxy provides high availability, load balancing, and proxies based on TCP and HTTP applications, supporting virtual hosting, which is a free, fast, and reliable solution. Haproxy is especially useful for Web sites that are heavily loaded, and often require session-hold or seven-tier processing. Haproxy runs on today's hardware and can support tens of thousands of concurrent connections. and its operating mode makes it easy and safe to integrate into the current architecture, while protecting the Web server from being exposed to the network.
2.Keepalived
Keepalived is a high-availability scheme for LVS services based on the VRRP protocol, which can be used to avoid single points of failure. A LVS service will have 2 servers running keepalived, one master server (master), one for backup server, but external as a virtual IP, the primary server will send a specific message to the backup server, when the backup server does not receive this message, That is, when the primary server goes down, the backup server takes over the virtual IP and continues to serve, guaranteeing high availability. Keepalived is the perfect realization of VRRP.
3.VRRP protocol
In a real-world network environment, two hosts that need to communicate do not have a direct physical connection in most cases. For such a situation, how do they choose between routes? How the host selects the next hop route to the destination host, there are two common ways to solve this problem:
Use dynamic routing protocol (RIP, OSPF, etc.) on the host
Configure static routes on the host
It is obvious that configuring dynamic routing on a host is impractical because of the many issues of management, maintenance costs, and support. Configuring static routes becomes popular, but routers, or default gateways, are often a single point of failure. The purpose of VRRP is to solve the problem of a static routing single point of failure, VRRP a campaign (election) protocol to dynamically hand over the routing task to a VRRP router in the virtual router on the LAN.
two operating environments
1. System
CentOS Linux release 7.2.1511 (Core)
2. Application software
Haproxy-1.5.14-3.el7.x86_64
Keepalived-1.2.13-7.el7.x86_64
Httpd-2.4.6-45.el7.centos.x86_64
Php-5.4.16-42.el7.x86_64
Mariadb-server-5.5.52-1.el7.x86_64
Mariadb.x86_64
Wordpress-4.3.1-zh_cn.zip
Nfs-utils-1.3.0-0.33.el7.x86_64
Rpcbind-0.2.0-38.el7.x86_64
3.IP Configuration
Load Balancer
dip1:172.18.67.13
dip2:172.18.67.14
Back-end Real Server
rip1:172.18.67.11
rip2:172.18.67.12
Database server
mip:172.18.67.1
Client IP
ip:172.18.67.3
vip:172,.18.67.33
three-architecture topology and application software installation
1. Topology diagram
2. Deploy the application software
Install deployment Haproxy, keepalived on servers with IP 172.18.67.13 and 172.18.67.14
[[email protected] ~]# Yum install haproxy keepalived-y[[email protected] ~]# yum install haproxy keepalived-y
Install the deployment httpd, PHP on the IP-172.18.67.11 server
[email protected] ~]# Yum install httpd php-y
Install Deployment httpd, PHP, Mariadb-server, php-mysql on servers with IP 172.18.67.12
[email protected] ~]# yum install httpd php mariadb mariadb-server php-mysql-y
Deploy MARIADB, Mariadb-server, php-mysql on servers with IP 172.18.67.1
[email protected] ~]# Yum install mariadb mariadb-server php-mysql-y
In addition, due to the way the database is file-sharing, we also install NFS on the real server side and the database server to install the NFS application software nfs-utils, Rpcbind
[[email protected] ~]# Yum install nfs-utils rpcbind-y[[email protected] ~]# yum install nfs-utils rpcbind-y
Four configuration
1.Real Server Configuration
Here we set the IP-172.18.67.11 server as a dynamic resource station, set the IP-172.18.67.12 server to a static resource stack: Unzip the WordPress app to/var/www/html/, and modify the owner and owner group of the Directory
[Email protected] ~]# unzip wordpress-4.3.1-zh_cn.zip-c/var/www/html/[[email protected] ~]# chown-r Apache:apache/var /www/html/wordpress[[email protected] ~]# unzip wordpress-4.3.1-zh_cn.zip-c/var/www/html/[[email protected] ~]# chown -R apache:apache/var/www/html/wordpress
Modify the Server1 httpd configuration file to change the site directory from the default/var/www/html to the/var/www/html/wordpress,server2 site directory by default.
2.NFS Configuration
Database-Side Modification configuration file
[Email protected] ~]# vim/etc/exports/data/172.18.67.11 (rw,async)/var/www/html/172.18.67.12 (Rw,async)
Modify the NFS app to start the real server and the database server after the save is complete
[[email protected] ~]# systemctl start rpcbind[[email protected] ~]# systemctl start nfs[[email protected] ~]# systemctl s Tart Rpcbind[[email protected] ~]# systemctl start nfs[[email protected] ~]# systemctl start rpcbind[[email protected] ~]# Systemctl Start NFS
Create data storage directory and modify right
[Email protected] ~]# mkdir/data[[email protected] ~]# chown-r mysql:mysql/data
Modifying the database configuration file data store directory
[Email protected] ~]# vim/etc/my.cnfdatadir=/data/
Start the database
[Email protected] ~]# systemctl start mysql-server
mount a database directory to a Web dynamic resource server
[Email protected] ~]# mount-t NFS 172.18.67.1:/data//mnt
3.keepalived Configuration
MASTER
[[email protected] keepalived]# vim keepalived.conf! Configuration File for Keepalivedglobal_defs { notification_email { [email protected] } notification_email_from [email protected] smtp_ Server 127.0.0.1 #邮件本地地址 smtp_connect_timeout #连接超时 router_id inode2 vrrp_mcast_group4 224.0.67.67 #多播地址}vrrp_script chk_down { Script "[[-f/etc/keepalived /down]] && Exit 1 | | Exit 0 "#检测keepalived服务是否启用 interval 1 weight-5 #如果检测到down, then weight minus 5}vrrp_script chk _nginx { Script "killall-0 nginx && exit 0 | | Exit 1 "#向nginx发信号检测nginx进程是否存在 interval 1 weight-5 fall 2 Rise 1}vrrp_instance MYR { State master Interface eno16777736& nbsp; virtual_router_id 167 priority #优先级 advert_int 1 Authentication { auth_ Type Pass auth_pass 571f97b2 } virtual_ipaddress { 172.18.67.33/16 dev eno16777736 } Track_script { chk_down chk_nginx } notify_master "/etc/keepalived/notify.sh master" #启用脚本通知功能 notify_backup "/etc/ keepalived/notify.sh Backup " notify_fault"/etc/keepalived/notify.sh Fault "}
BACKUP
[[email protected] keepalived]# vim keepalived.conf! Configuration File for Keepalivedglobal_defs { notification_email { [email protected] } notification_email_from [email protected] smtp_ Server 127.0.0.1 smtp_connect_timeout 30 router_id inode3 VRRP _MCAST_GROUP4 224.0.67.67}vrrp_script chk_down { Script "[[-f/etc/keepalived/down]] && exit 1 | | Exit 0 " interval 1 weight-5}vrrp_script chk_nginx { Script" killall-0 nginx && Exit 0 | | Exit 1 " interval 1 weight-5 fall 2 Rise 1}VRRP _instance MYR { State backup interface eno16777736 Virtual_ router_id 167 priority 95 Advert_int 1 Authentication { auth_type Pass auth_pass 571f97b2 } Virtual_ IPAddress { 172.18.67.33/16 Dev eno16777736 } track_script { chk_down chk_nginx } notify_master "/etc/keepalived/notify.sh master" Notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh Fault "}
Notification script
#!/bin/bash#contact= ' [email protected] ' notify () {mailsubject= "$ (hostname) to is $, VIP floating" mailbody= "$ (date + '%F %T '): VRRP transition, $ (hostname) changed to be $ "echo" $mailbody "| Mail-s "$mailsubject" $contact}case $ inmaster) notify Master;; Backup) notify backup;; fault) notify fault;; *) echo "Usage: $ (basename $) {Master|backup|fault}" exit 1;; Esac
4.haproxy Configuration
The configuration content of the two nodes is the same, as follows:
[[email protected] haproxy]# vim haproxy.cfgglobal log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon Stats socket/var/lib/haproxy/ statsdefaults mode http #启用七层模型 log global option Httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 Timeout http-request 10s Timeout queue 1m Timeout connect 10s Timeout client 1m Timeout server 1m Timeout Http-keep-alivE 10s Timeout check 10s maxconn 3000frontend Web *:80 mode http maxc onn #最大连接数量 ACL url_static path_beg& nbsp; -i /static/images/javascript/stylesheets #启用acl ACL URL _static path_end -i . jpg. gif. png. css. js. html. TXT .htm use_backend staticsrvs if url_static default_backend appsrvsbackend Staticsrvs #静态资源 balance Roundrobin # Round robin algorithm server Stcsrvs 172.18.67.12:80 checkbackend Appsrvs #动态资源 balance roundrobin server WP 172.18.67.11:80 Checklisten stats bind:10086 #绑定端口 & nbsp; stats enable #启用stats功能 stats uri /admin?stats #设置非默认uri stats auth admin:admin #认证账号密码 stats admin If TRUE
Five start the service and test
1. Start Haproxy and keepalived
[[email protected] ~]# systemctl restart Haproxy[[email protected] ~]# systemctl restart Keepalived[[email protected] ~]# Systemctl restart Haproxy[[email protected] ~]# systemctl restart keepalived
2. Testing
Inode2:
[[email protected] ~]# systemctl status-l keepalived Keepalived.service-lvs and VRRP high availability MONITOR&NB sp; loaded:loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset:disabled) Active:active (running) since Wed 2017-05-17 20:53:58 CST; 10min ago process:2156 execstart=/usr/sbin/keepalived $KEEPALIVED _options (code=exited, status=0/success) main pid:2157 (keepalived) CGroup:/system.slice/keepalived.service ├─2157/usr/sbin/keepalived-D ├─2158/usr/sbin/keepalived-D └─2159/usr/sbin/keepalived-dmay 20:53:58 inode2 keepalived_healthcheckers[2158]: Opening file '/etc/keepalived/ Keepalived.conf '. 20:53:58 Inode2 keepalived_healthcheckers[2158]: Configuration is using:7521 bytesmay-20:53:58 inode2 Keepaliv Ed_heALTHCHECKERS[2158]: Using linkwatch kernel netlink reflector ... 20:53:59 Inode2 keepalived_vrrp[2159]: vrrp_instance (MYR) Transition to MASTER statemay 20:54:00 inode2 Keepaliv ED_VRRP[2159]: vrrp_instance (MYR) Entering MASTER statemay 20:54:00 inode2 keepalived_vrrp[2159]: vrrp_instance (MYR) Setting protocol Vips.may 20:54:00 Inode2 keepalived_vrrp[2159]: vrrp_instance (MYR) sending gratuitous ARPs on eno16777 736 for 172.18.67.33May 20:54:00 inode2 keepalived_vrrp[2159]: Opening script File/etc/keepalived/notify.shmay 17 20:5 4:00pm Inode2 keepalived_healthcheckers[2158]: NetLink Reflector reports IP 172.18.67.33 Addedmay + 20:54:05 inode2 Keepali VED_VRRP[2159]: vrrp_instance (MYR) sending gratuitous ARPs on eno16777736 for 172.18.67.33
We see the INODE2 node enter master mode, and then view the status of Inode3
[[email protected] ~]# systemctl status-l keepalived keepalived.service- LVS and VRRP High Availability Monitor loaded:loaded (/usr/lib/systemd/system/keepalived.service; disabled; Vendor pres et:disabled) active:active (running) since Wed 2017-05-17 21:55:22 CST; 2s ago process:20030 execstart=/usr/sbin/keepalived $KEEPALIVED _options (code=exited, status=0/success) Main pid:19577 (keepalived) CGroup:/system.slice/keepalived.service├─19577/usr/sbin/keepalived-d├─19578/usr/sbin/keepalived -d└─19579/usr/sbin/keepalived-dmay 21:55:22 Inode3 systemd[1]: Starting LVS and VRRP high availability Mon Itor ... May-21:55:22 Inode3 keepalived[20030]: Starting keepalived v1.2.13 (11/20,2015) may + 21:55:22 Inode3 keepalived[20030] : Daemon is already runningmay-21:55:22 inode3 systemd[1]: Started LVS and VRRP high availability Monitor.
It is not difficult to see the INODE3 node in the backup state, at which point we will stop the Inode2 keepalived service
[[email protected] ~]# systemctl stop keepalived[[email protected] ~]# systemctl status-l keepalived Keepalived.service-lvs and VRRP High Availability Monitor loaded:loaded (/usr/lib/systemd/system/keepalived.service; Disabled Vendor preset:disabled) active:active (running) since Wed 2017-05-17 20:54:37 CST; 12min ago process:1653 execstart=/usr/sbin/keepalived $KEEPALIVED _options (code=exited, status=0/success) Main pid:165 4 (keepalived) CGroup:/system.slice/keepalived.service├─1654/usr/sbin/keepalived-d├─1655/usr/s Bin/keepalived-d└─1656/usr/sbin/keepalived-dmay 20:54:38 inode3 keepalived_healthcheckers[1655]: Register ing Kernel netlink command channelmay 20:54:38 inode3 keepalived_healthcheckers[1655]: Opening file '/etc/keepalived/k Eepalived.conf '. 20:54:38 inode3 keepalived_healthcheckers[1655]: Configuration is using:7519 bytesmay-20:54:38 inode3 Keepaliv ED_HEALTHCHECKERS[1655]: Using linkwatch kerNel netlink reflector ... 21:06:34 inode3 keepalived_vrrp[1656]: vrrp_instance (MYR) Transition to MASTER statemay 21:06:35 inode3 Keepaliv ED_VRRP[1656]: vrrp_instance (MYR) Entering MASTER statemay 21:06:35 inode3 keepalived_vrrp[1656]: vrrp_instance (MYR) Setting protocol Vips.may 21:06:35 inode3 keepalived_vrrp[1656]: vrrp_instance (MYR) sending gratuitous ARPs on eno16777 736 for 172.18.67.33May 21:06:35 inode3 keepalived_vrrp[1656]: Opening script File/etc/keepalived/notify.shmay 17 21:0 6:35 inode3 keepalived_healthcheckers[1655]: NetLink Reflector reports IP 172.18.67.33 added
We found that the INODE3 node entered the master state, thus showing the high availability of the feature
Next we test the characteristics of the haproxy, in the Haproxy configuration file There is the following paragraph
Listen stats bind:10086 stats enable stats uri/admin?stats Stats Auth admin:admin stats ad Min if TRUE
This configuration allows us to view and modify the Haproxy statistics interface in the browser to enable the relevant parameters, enter Http://172.18.67.33:10086/admin?stats in the browser, the following status will appear, enter the account and password, The Haproxy related parameter Configuration page is entered.
In the two Web servers can be seen load balancing one responsible for dynamic resource resolution, the other is responsible for static resources. The data for the dynamic resource resides on the backend NFS server.
Next we will be able to install WordPress by accessing http://172.18.67.33 in the browser. At this point a simple high-availability load balancing service is built.
Building of Web services based on haproxy+keepalived high availability load Balancer