Building of Web services based on haproxy+keepalived high availability load Balancer

A brief introduction to the principle

1.HAProxy
Haproxy provides high availability, load balancing, and proxies based on TCP and HTTP applications, supporting virtual hosting, which is a free, fast, and reliable solution. Haproxy is especially useful for Web sites that are heavily loaded, and often require session-hold or seven-tier processing. Haproxy runs on today's hardware and can support tens of thousands of concurrent connections. and its operating mode makes it easy and safe to integrate into the current architecture, while protecting the Web server from being exposed to the network.
2.Keepalived
Keepalived is a high-availability scheme for LVS services based on the VRRP protocol, which can be used to avoid single points of failure. A LVS service will have 2 servers running keepalived, one master server (master), one for backup server, but external as a virtual IP, the primary server will send a specific message to the backup server, when the backup server does not receive this message, That is, when the primary server goes down, the backup server takes over the virtual IP and continues to serve, guaranteeing high availability. Keepalived is the perfect realization of VRRP.
3.VRRP protocol
In a real-world network environment, two hosts that need to communicate do not have a direct physical connection in most cases. For such a situation, how do they choose between routes? How the host selects the next hop route to the destination host, there are two common ways to solve this problem:
Use dynamic routing protocol (RIP, OSPF, etc.) on the host
Configure static routes on the host
It is obvious that configuring dynamic routing on a host is impractical because of the many issues of management, maintenance costs, and support. Configuring static routes becomes popular, but routers, or default gateways, are often a single point of failure. The purpose of VRRP is to solve the problem of a static routing single point of failure, VRRP a campaign (election) protocol to dynamically hand over the routing task to a VRRP router in the virtual router on the LAN.

two operating environments

1. System
CentOS Linux release 7.2.1511 (Core)
2. Application software
Haproxy-1.5.14-3.el7.x86_64
Keepalived-1.2.13-7.el7.x86_64
Httpd-2.4.6-45.el7.centos.x86_64
Php-5.4.16-42.el7.x86_64
Mariadb-server-5.5.52-1.el7.x86_64
Mariadb.x86_64
Wordpress-4.3.1-zh_cn.zip
Nfs-utils-1.3.0-0.33.el7.x86_64
Rpcbind-0.2.0-38.el7.x86_64
3.IP Configuration
Load Balancer
dip1:172.18.67.13
dip2:172.18.67.14
Back-end Real Server
rip1:172.18.67.11
rip2:172.18.67.12
Database server
mip:172.18.67.1
Client IP
ip:172.18.67.3
vip:172,.18.67.33

three-architecture topology and application software installation

1. Topology diagram

2. Deploy the application software
Install deployment Haproxy, keepalived on servers with IP 172.18.67.13 and 172.18.67.14

[[email protected] ~]# Yum install haproxy keepalived-y[[email protected] ~]# yum install haproxy keepalived-y

Install the deployment httpd, PHP on the IP-172.18.67.11 server

[email protected] ~]# Yum install httpd php-y

Install Deployment httpd, PHP, Mariadb-server, php-mysql on servers with IP 172.18.67.12

[email protected] ~]# yum install httpd php mariadb mariadb-server php-mysql-y

Deploy MARIADB, Mariadb-server, php-mysql on servers with IP 172.18.67.1

[email protected] ~]# Yum install mariadb mariadb-server php-mysql-y

In addition, due to the way the database is file-sharing, we also install NFS on the real server side and the database server to install the NFS application software nfs-utils, Rpcbind

[[email protected] ~]# Yum install nfs-utils rpcbind-y[[email protected] ~]# yum install nfs-utils rpcbind-y

Four configuration

1.Real Server Configuration
Here we set the IP-172.18.67.11 server as a dynamic resource station, set the IP-172.18.67.12 server to a static resource stack: Unzip the WordPress app to/var/www/html/, and modify the owner and owner group of the Directory

[Email protected] ~]# unzip wordpress-4.3.1-zh_cn.zip-c/var/www/html/[[email protected] ~]# chown-r Apache:apache/var /www/html/wordpress[[email protected] ~]# unzip wordpress-4.3.1-zh_cn.zip-c/var/www/html/[[email protected] ~]# chown -R apache:apache/var/www/html/wordpress

Modify the Server1 httpd configuration file to change the site directory from the default/var/www/html to the/var/www/html/wordpress,server2 site directory by default.
2.NFS Configuration
Database-Side Modification configuration file

[Email protected] ~]# vim/etc/exports/data/172.18.67.11 (rw,async)/var/www/html/172.18.67.12 (Rw,async)

Modify the NFS app to start the real server and the database server after the save is complete

[[email protected] ~]# systemctl start rpcbind[[email protected] ~]# systemctl start nfs[[email protected] ~]# systemctl s  Tart Rpcbind[[email protected] ~]# systemctl start nfs[[email protected] ~]# systemctl start rpcbind[[email protected] ~]# Systemctl Start NFS

Create data storage directory and modify right

[Email protected] ~]# mkdir/data[[email protected] ~]# chown-r mysql:mysql/data

Modifying the database configuration file data store directory

[Email protected] ~]# vim/etc/my.cnfdatadir=/data/

Start the database

[Email protected] ~]# systemctl start mysql-server

mount a database directory to a Web dynamic resource server

[Email protected] ~]# mount-t NFS 172.18.67.1:/data//mnt

3.keepalived Configuration
MASTER

[[email protected] keepalived]# vim keepalived.conf! Configuration File for Keepalivedglobal_defs {    notification_email { [email protected]    }    notification_email_from [email protected]    smtp_ Server 127.0.0.1 #邮件本地地址     smtp_connect_timeout #连接超时     router_id inode2     vrrp_mcast_group4 224.0.67.67 #多播地址}vrrp_script chk_down {    Script "[[-f/etc/keepalived /down]] && Exit 1 | | Exit 0 "#检测keepalived服务是否启用     interval 1    weight-5 #如果检测到down, then weight minus 5}vrrp_script chk _nginx {    Script "killall-0 nginx && exit 0 | | Exit 1 "#向nginx发信号检测nginx进程是否存在     interval 1    weight-5    fall 2     Rise 1}vrrp_instance MYR {    State master    Interface eno16777736& nbsp;   virtual_router_id 167    priority #优先级     advert_int 1    Authentication { auth_ Type Pass auth_pass 571f97b2   }    virtual_ipaddress { 172.18.67.33/16 dev eno16777736   }    Track_script { chk_down chk_nginx   }     notify_master "/etc/keepalived/notify.sh master" #启用脚本通知功能     notify_backup "/etc/ keepalived/notify.sh Backup "    notify_fault"/etc/keepalived/notify.sh Fault "}

BACKUP

[[email protected] keepalived]# vim keepalived.conf! Configuration File for Keepalivedglobal_defs {    notification_email { [email protected]    }    notification_email_from [email protected]    smtp_ Server 127.0.0.1    smtp_connect_timeout 30    router_id inode3    VRRP _MCAST_GROUP4 224.0.67.67}vrrp_script chk_down {    Script "[[-f/etc/keepalived/down]] && exit 1 | | Exit 0 "    interval 1    weight-5}vrrp_script chk_nginx {    Script" killall-0 nginx && Exit 0 | | Exit 1 "    interval 1    weight-5    fall 2    Rise 1}VRRP _instance MYR {    State backup    interface eno16777736    Virtual_ router_id 167    priority 95    Advert_int 1   Authentication { auth_type Pass auth_pass 571f97b2   }    Virtual_ IPAddress { 172.18.67.33/16 Dev eno16777736   }    track_script { chk_down  chk_nginx   }    notify_master "/etc/keepalived/notify.sh master"      Notify_backup "/etc/keepalived/notify.sh backup"     notify_fault "/etc/keepalived/notify.sh Fault "}

Notification script

#!/bin/bash#contact= ' [email protected] ' notify () {mailsubject= "$ (hostname) to is $, VIP floating" mailbody= "$ (date + '%F %T '): VRRP transition, $ (hostname) changed to be $ "echo" $mailbody "| Mail-s "$mailsubject" $contact}case $ inmaster) notify Master;; Backup) notify backup;; fault) notify fault;; *) echo "Usage: $ (basename $) {Master|backup|fault}" exit 1;; Esac

4.haproxy Configuration
The configuration content of the two nodes is the same, as follows:

[[email protected] haproxy]# vim haproxy.cfgglobal    log          127.0.0.1 local2    chroot     /var/lib/haproxy     pidfile    /var/run/haproxy.pid    maxconn     4000     user        haproxy    group        haproxy    daemon    Stats socket/var/lib/haproxy/ statsdefaults    mode                     http #启用七层模型     log                      global    option                  Httplog    option                   dontlognull    option http-server-close    option forwardfor        except 127.0.0.0/8    option                   redispatch    retries                  3    Timeout http-request    10s    Timeout queue            1m    Timeout connect         10s     Timeout client          1m    Timeout server          1m    Timeout Http-keep-alivE 10s    Timeout check           10s     maxconn                 3000frontend  Web *:80    mode      http    maxc onn      #最大连接数量     ACL url_static     path_beg& nbsp;     -i /static/images/javascript/stylesheets #启用acl     ACL URL _static     path_end      -i . jpg. gif. png. css. js. html. TXT .htm    use_backend staticsrvs  if url_static    default_backend     appsrvsbackend Staticsrvs #静态资源     balance      Roundrobin # Round robin algorithm     server      Stcsrvs 172.18.67.12:80 checkbackend Appsrvs #动态资源     balance      roundrobin     server      WP 172.18.67.11:80 Checklisten stats    bind:10086 #绑定端口 & nbsp;   stats   enable #启用stats功能     stats   uri     /admin?stats #设置非默认uri     stats   auth    admin:admin #认证账号密码      stats   admin   If TRUE

Five start the service and test

1. Start Haproxy and keepalived

[[email protected] ~]# systemctl restart Haproxy[[email protected] ~]# systemctl restart Keepalived[[email protected] ~]# Systemctl restart Haproxy[[email protected] ~]# systemctl restart keepalived

2. Testing
Inode2:

[[email protected] ~]# systemctl status-l keepalived Keepalived.service-lvs and VRRP high availability MONITOR&NB sp;  loaded:loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset:disabled)    Active:active (running) since Wed 2017-05-17 20:53:58 CST; 10min ago  process:2156 execstart=/usr/sbin/keepalived $KEEPALIVED _options (code=exited, status=0/success)  main pid:2157 (keepalived)    CGroup:/system.slice/keepalived.service           ├─2157/usr/sbin/keepalived-D           ├─2158/usr/sbin/keepalived-D           └─2159/usr/sbin/keepalived-dmay 20:53:58 inode2 keepalived_healthcheckers[2158]: Opening file '/etc/keepalived/ Keepalived.conf '. 20:53:58 Inode2 keepalived_healthcheckers[2158]: Configuration is using:7521 bytesmay-20:53:58 inode2 Keepaliv Ed_heALTHCHECKERS[2158]: Using linkwatch kernel netlink reflector ... 20:53:59 Inode2 keepalived_vrrp[2159]: vrrp_instance (MYR) Transition to MASTER statemay 20:54:00 inode2 Keepaliv ED_VRRP[2159]: vrrp_instance (MYR) Entering MASTER statemay 20:54:00 inode2 keepalived_vrrp[2159]: vrrp_instance (MYR) Setting protocol Vips.may 20:54:00 Inode2 keepalived_vrrp[2159]: vrrp_instance (MYR) sending gratuitous ARPs on eno16777 736 for 172.18.67.33May 20:54:00 inode2 keepalived_vrrp[2159]: Opening script File/etc/keepalived/notify.shmay 17 20:5 4:00pm Inode2 keepalived_healthcheckers[2158]: NetLink Reflector reports IP 172.18.67.33 Addedmay + 20:54:05 inode2 Keepali VED_VRRP[2159]: vrrp_instance (MYR) sending gratuitous ARPs on eno16777736 for 172.18.67.33

We see the INODE2 node enter master mode, and then view the status of Inode3

[[email protected] ~]# systemctl status-l keepalived keepalived.service- LVS and VRRP High Availability Monitor loaded:loaded (/usr/lib/systemd/system/keepalived.service; disabled; Vendor pres et:disabled) active:active (running) since Wed 2017-05-17 21:55:22 CST;  2s ago process:20030 execstart=/usr/sbin/keepalived $KEEPALIVED _options (code=exited, status=0/success) Main pid:19577   (keepalived) CGroup:/system.slice/keepalived.service├─19577/usr/sbin/keepalived-d├─19578/usr/sbin/keepalived -d└─19579/usr/sbin/keepalived-dmay 21:55:22 Inode3 systemd[1]: Starting LVS and VRRP high availability Mon Itor ... May-21:55:22 Inode3 keepalived[20030]: Starting keepalived v1.2.13 (11/20,2015) may + 21:55:22 Inode3 keepalived[20030] : Daemon is already runningmay-21:55:22 inode3 systemd[1]: Started LVS and VRRP high availability Monitor. 

It is not difficult to see the INODE3 node in the backup state, at which point we will stop the Inode2 keepalived service

[[email protected] ~]# systemctl stop keepalived[[email protected] ~]# systemctl status-l keepalived Keepalived.service-lvs and VRRP High Availability Monitor loaded:loaded (/usr/lib/systemd/system/keepalived.service; Disabled Vendor preset:disabled) active:active (running) since Wed 2017-05-17 20:54:37 CST; 12min ago process:1653 execstart=/usr/sbin/keepalived $KEEPALIVED _options (code=exited, status=0/success) Main pid:165 4 (keepalived) CGroup:/system.slice/keepalived.service├─1654/usr/sbin/keepalived-d├─1655/usr/s Bin/keepalived-d└─1656/usr/sbin/keepalived-dmay 20:54:38 inode3 keepalived_healthcheckers[1655]: Register ing Kernel netlink command channelmay 20:54:38 inode3 keepalived_healthcheckers[1655]: Opening file '/etc/keepalived/k Eepalived.conf '. 20:54:38 inode3 keepalived_healthcheckers[1655]: Configuration is using:7519 bytesmay-20:54:38 inode3 Keepaliv ED_HEALTHCHECKERS[1655]: Using linkwatch kerNel netlink reflector ... 21:06:34 inode3 keepalived_vrrp[1656]: vrrp_instance (MYR) Transition to MASTER statemay 21:06:35 inode3 Keepaliv ED_VRRP[1656]: vrrp_instance (MYR) Entering MASTER statemay 21:06:35 inode3 keepalived_vrrp[1656]: vrrp_instance (MYR) Setting protocol Vips.may 21:06:35 inode3 keepalived_vrrp[1656]: vrrp_instance (MYR) sending gratuitous ARPs on eno16777 736 for 172.18.67.33May 21:06:35 inode3 keepalived_vrrp[1656]: Opening script File/etc/keepalived/notify.shmay 17 21:0 6:35 inode3 keepalived_healthcheckers[1655]: NetLink Reflector reports IP 172.18.67.33 added

We found that the INODE3 node entered the master state, thus showing the high availability of the feature
Next we test the characteristics of the haproxy, in the Haproxy configuration file There is the following paragraph

Listen stats bind:10086 stats enable stats uri/admin?stats Stats Auth admin:admin stats ad Min if TRUE

This configuration allows us to view and modify the Haproxy statistics interface in the browser to enable the relevant parameters, enter Http://172.18.67.33:10086/admin?stats in the browser, the following status will appear, enter the account and password, The Haproxy related parameter Configuration page is entered.

In the two Web servers can be seen load balancing one responsible for dynamic resource resolution, the other is responsible for static resources. The data for the dynamic resource resides on the backend NFS server.

Next we will be able to install WordPress by accessing http://172.18.67.33 in the browser. At this point a simple high-availability load balancing service is built.

Building of Web services based on haproxy+keepalived high availability load Balancer