Keepalived + haproxy for high-availability load balancing of Web dual-master Models

1. The architecture diagram of this article:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/25/90/wKioL1Nki0jiTqeUAAE35qbWq7g043.jpg "title=" Haproxy, Keepalived.png "alt=" Wkiol1nki0jitqeuaae35qbwq7g043.jpg "/>

Describe the purpose of each server:

1, Haproxy in this framework is the implementation of: Load Balancing

2, keepalived to achieve the high availability of haproxy

3, Apache static page access to implement

4. Dynamic page access is implemented in Aoache, and two of the graphs are load balanced.

Configure each function module:

First, configure Haproxy and keepalived

Verify:

1, when a keepalived downtime, VIP will not be transferred to another server

2, when a Haproxy service failure, VIP will not be transferred to another server

Attention:

If keepalived down, haproxy service is still working, should we let another server take the VIP?

Theoretically: It's best not to, but the script in our keepalived monitors the process of haproxy, and after keepalived down, there is no way to know the health of Haproxy, nor to decide whether to lower the priority priorities. Therefore, in theory, it is best not to, but the actual light by keepalived is not to be done.

Configuration:

1, install the keepalived on two servers respectively

[Email protected] ~]# yum-y install keepalived

2, Configuration keepalived

[[email protected] ~]# vim/etc/keepalived/keepalived.conf!   Configuration File for Keepalivedglobal_defs {notification_email {[email protected] config service state change send mail to which address    } Notification_email_from [email protected] smtp_server 127.0.0.1 to which SMTP server to send mail smtp_connect_timeout 30  Contact the above SMTP server 30 seconds does not contact, the time-out router_id lvs_devel}vrrp_script chk_haproxy {This script is used to detect the health status of Haproxy services on the server script "Killall -0 haproxy "Interval 1 weight-2}vrrp_instance vi_1 {State MASTER This is too server-based keepalived interface eth0 via E Th0 network card broadcast virtual_router_id 200 virtual route ID to be changed if there are multiple keepalived cluster priority 100 priorities Advert_int 1 Authenticatio in a local area network        n {auth_type PASS auth_pass 11112222} track_script {Chk_haproxy} virtual_ipaddress { 192.168.1.200 native Virtual IP} notify_master "/etc/keepalived/notify.sh master" scripts run in a different state notify_backup "/etc/ keepalived/notify.sh backup "Notify_fault"/etc/keepalived/notify.sh Fault "}VRRp_instance vi_2 {Another master keepalived from state BACKUP interface eth0 virtual_router_id 99 is set to a different        Primary keepalived Priority Low Advert_int 1 authentication {auth_type PASS auth_pass 1111} track_script { Chk_mantaince_down} virtual_ipaddress {192.168.1.201}}

3, write keepalived in different state run script

#!/bin/bash# author:mageedu <[email protected]># Description:an Example of notify script#vip= 192.168.1.200contact= ' [email protected] ' notify () {mailsubject= "' hostname ' to be $: $vip floating" mailbody= " Date ' +%f%h:%m:%s ': vrrp transition, ' hostname ' changed to be $ ' echo $mailbody |                                                                                                                                                                                                                    Mail-s "$mailsubject" $contact}                                                                                                                          Case "$    "In Master" notify Master/etc/rc.d/init.d/haproxy start exit 0;;    Backup) notify Backup/etc/rc.d/init.d/haproxy stop exit 0;;    Fault) notify Fault/etc/rc.d/init.d/haproxy stop exit 0;; *) echo ' Usage: ' basename $ ' {master|backup|fault} ' exit 1;; Esac to script to execute permissions: chmod +x/etc/keepalived/notify.sh

4, Configuration Haproxy

Because we want to achieve static and static separation, then in the configuration file, we need to define the dynamic resource transfer to different services.

[[email protected] ~]# yum-y install haproxy installation haproxy[[email protected] ~]# Vim/etc/haproxy/haproxy.cfg #    Log 127.0.0.1 local2 chroot/var/lib/haproxy pidfile/var/run/haproxy.pid maxconn 4000 User Haproxy Group Haproxy Daemon # turn on stats UNIX socket stats Socket/var/lib/haproxy/sta ts#---------------------------------------------------------------------# Common defaults that all the ' listen ' and ' Backend ' sections will# use if not designated in their block#----------------------------------------------------------                  -----------Defaults mode HTTP specifies haproxy operating mode for HTTP log global option Httplog option dontlognull option Http-server-close allows the server to disconnect when the client times out Optio n forwardfor except 127.0.0.0/8 in HTTP response header join Forwardfor option Redispatch #在使用了基于cookie的会话保持的 When a backend server is down, you can always add aThe words are re-distributed to other upstream servers retries 3 Timeout Http-request 10s Timeout queue 1m Tim Eout Connect 10s Timeout client 1m timeout server 1m timeout http-keep-alive 10s Tim Eout Check 10s maxconn 3000#----------------------------------------------------------------- ----# main frontend which proxys to the backends#-------------------------------------------------------------------- -frontend main *:80 front-end proxy ACL url_static path_beg-i/static/images/javascript/stylesheets ACL url_s           Tatic path_end-i. jpg. gif. png. css. js ACL url_dynamic path_end-i. php use_backend Static If url_static default_backend dynamic#----------------------------------------------------------- ----------# Static backend for serving up images, stylesheets and such#------------------------------------------------ ---------------------Backend STAStatic request response for Tic back end balance Roundrobin server static 192.168.1.100:80 inter rise 2 Fall 3 Check Maxconn 50 00#---------------------------------------------------------------------# round robin balancing between the various backends# Dynamic Request Response balance R---------------------------------------------------------------------Backend Dynamics backend Oundrobin Server Dynamic1 192.168.1.101:80 Inter rise 2 Fall 3 Check maxconn the server Dynamic2 192.168.1.1         02:80 Inter rise 2 Fall 3 check Maxconn 5000listen statistics mode HTTP bind *:8080~ stats enable Stats Auth admin:admin Stats uri/admin?stats Specifies the access path of the URI stats admin if TRUE stats hide-ver        Sion stats Refresh 5s ACL allow src 192.168.0.0/24 define access control List Tcp-request content accept if allow Tcp-request content Reject

5. Configure another Haproxy server

Because the configuration of the two servers is basically the same, we will directly say the above configured copy files and script files are uploaded to this haproxy server, do the next repair on it

[Email protected] ~]# scp/etc/keepalived/keepalived.conf [email protected]:/etc/keepalived/[email protected] ' s password:keepalived.conf                                                                               100% 4546     4.4kb/s   00:00 [[email protected] ~]# scp/etc/keepalived/notify.sh [ Email protected]:/etc/keepalived/[email protected] ' s password:notify.sh                                                                                     100%  751     0.7kb/s   00:00 [[ Email protected] ~]# scp/etc/haproxy/haproxy.cfg [email protected]:/etc/haproxy/[email protected] ' s password: Haproxy.cfg                                                                                   100% 3529     3.5kb/s   00:00

Transfer complete, then configure/etc/keepalived/keepalived.conf because the same/etc/haproxy/haproxy.cfg on two nodes does not have to be changed

    Interface eth0! Configuration File for Keepalivedglobal_defs {notification_email {[email protected]} Notification_ema Il_from [email protected] smtp_server 127.0.0.1 smtp_connect_timeout-router_id lvs_devel}vrrp_script Chk_hap Roxy {Script "killall-0 haproxy" Interval 1 weight-2}vrrp_instance vi_1 {State BACKUP this one changed master to BAC        Kup interface eth0 virtual_router_id 99 priority tune is lower than last Advert_int 1 authentication { Auth_type PASS Auth_pass 11112222} track_script {Chk_haproxy} virtual_ipaddress {192.     168.1.200}}vrrp_instance vi_2 {State Master this one to be converted to master, last is backup interface eth0 virtual_router_id 57 Priority 100 is also higher than the previous Advert_int 1 authentication {auth_type PASS auth_pass 1111} VI rtual_ipaddress {192.168.1.201} notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keep Alived/notify.sh backup "Notify_fault"/etc/keepalived/notify.sh Fault "} 

Attention:

notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup"

notify_fault "/etc/keepalived/notify.sh Fault"

3 states to execute the script, can only be placed in master, the reason is: because it is the main from each other, each master will have a separate master from, if

Write this "3 state execution script" to the zone from which the other master will execute the script because it will stop the high-availability

program, which resulted in the transfer of all two VIPs to one of the servers.

Let's verify that if keepalived and haproxy are down separately, the VIP will not transfer:

Keepalived and Haproxy services are started on two nodes

[[Email protected] ~]# service haproxy startstarting haproxy:                                          [  OK  ][[email protected] ~]# service keepalived startstarting keepalived:                                       [  OK  ]

The following are the normal conditions:

Keepalived 1:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/25/90/wKiom1Nkl9uBLSLkAAI7Nv82x7o994.jpg "title=" 111. PNG "alt=" wkiom1nkl9ublslkaai7nv82x7o994.jpg "/>

Keepalived 2:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/25/90/wKioL1Nkl--RJs-GAAHu-Fe95vg162.jpg "title=" 222. JPG "alt=" wkiol1nkl--rjs-gaahu-fe95vg162.jpg "/>

Let's simulate the first haproxy stop, and then look at the VIP will be all the way to keepalived 2:

[[Email protected] ~]# service haproxy stopstopping haproxy:                                          [  OK  ]

View keepalived 1 and keepalived 2

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/25/91/wKioL1NksZLBURk8AAH68TIiVaw151.jpg "title=" 11111. PNG "alt=" wkiol1nkszlburk8aah68tiivaw151.jpg "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/25/91/wKioL1NksbmgAwBPAAGZbYr2wF4250.jpg "title=" 111111.png "alt=" Wkiol1nksbmgawbpaagzbyr2wf4250.jpg "/>

Look, it's all over.

Verify that load balancing is very dynamic and separate

We give 3 Web services different Web pages

1. Give Apache a static page to verify that if the page file that is not requested by. PHP Ends is directed to this server.

2, to the Apache Dynamic 1, 2 two index.php, to achieve Dynamic Web page load Balancing

We give Apache static a Web page that conforms to the-i jpg. gif. png. css. js .

Apache Static

SCP 1.png [Email protected]:/var/www/html

Apache Dynamic 1

vim/var/www/html/index.php192.168.1.101<?php    phpinfo ();? >

Apache Dynamic 2

vim/var/www/html/index.php192.168.1.102<?php    phpinfo ();? >

1. We want to request the static file at the end of 1.png

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/25/91/wKiom1Nkw6uDu_vyAAHCiPEKG6g430.jpg "title=" Static.png "alt=" Wkiom1nkw6udu_vyaahcipekg6g430.jpg "/>

2, we come to request. PHP End of page

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/25/91/wKioL1NkxHDg_K8DAAFLVYOf_d4414.jpg "title=" dh.png "alt=" Wkiol1nkxhdg_k8daaflvyof_d4414.jpg "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/25/91/wKioL1NkxIfym9afAAE52TC8wJ8462.jpg "title=" Dh2.png "alt=" Wkiol1nkxifym9afaae52tc8wj8462.jpg "/>

In this case, load balancing has been done on the dynamic pages of. php.

Let's try this virtual IP access again via 192.168.1.201:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/25/91/wKiom1NkxeKzjSWPAAFM55WLzgs165.jpg "title=" dh.png "alt=" Wkiom1nkxekzjswpaafm55wlzgs165.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/25/91/wKioL1Nkxe-jm0ZaAAEqNN02zgU592.jpg "title=" dh.png "alt=" Wkiol1nkxe-jm0zaaaeqnn02zgu592.jpg "/>

From this, we also realized the dual-master model, two haproxy can also serve ...

3. Let's take a look at the status page

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/25/91/wKiom1Nkx9_B57xfAAEctjJMZnc262.jpg "title=" dh.png "alt=" Wkiom1nkx9_b57xfaaectjjmznc262.jpg "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/25/91/wKioL1Nkx8nz0IfTAAEa74C_zWI937.jpg "title=" Dh2.png "alt=" Wkiol1nkx8nz0iftaaea74c_zwi937.jpg "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/25/91/wKioL1Nkx9iAeZsaAAeekRUkLfg471.jpg "title=" Dh1.png "alt=" Wkiol1nkx9iaezsaaaeekruklfg471.jpg "/>

This article is from the Linux OPS blog, so be sure to keep this source http://xz159065974.blog.51cto.com/8618592/1405812