標籤:haproxy keepalived 高可用 動靜分離 負載平衡
大致規劃:
| 主機 | IP | 描述 |
| VIP | 192.168.0.222 | 對外提供高可用IP |
| haproxy+keepalived (node1) | 192.168.0.111 | haproxy為後端兩台WEB服務的做動靜分離;keepalived為haproxy做高可用。 |
| haproxy+keepalived (node2) | 192.168.0.112 | |
| WEB (node3) | 192.168.0.113 | 提供靜態請求響應 |
| Apache+PHP+MySQL (node4) | 192.168.0.114 | 提供動態請求響應 |
650) this.width=650;" src="http://s3.51cto.com/wyfs02/M02/25/8B/wKioL1NjUnCD4CJDAAErkscIJt4586.jpg" title="映像 055.jpg" alt="wKioL1NjUnCD4CJDAAErkscIJt4586.jpg" />
一、KeepAlived的簡介以原理
Keepalived的作用是檢測web伺服器的狀態,如果有一台web伺服器死機,或工作出現故障,Keepalived將檢測到,並將有故障的web伺服器從系統中剔除,當web伺服器工作正常後Keepalived自動將web伺服器加入到伺服器群中,這些工作全部自動完成,不需要人工幹涉,需要人工做的只是修複故障的web伺服器。
Layer3,4&7工作在IP/TCP協議棧的IP層,TCP層,及應用程式層,原理分別如下:
Layer3:Keepalived使用Layer3的方式工作式時,Keepalived會定期向伺服器群中的伺服器發送一個ICMP的資料包(既我們平時用的Ping程式),如果發現某台服務的IP地址沒有啟用,Keepalived便報告這台伺服器失效,並將它從伺服器群中剔除,這種情況的典型例子是某台伺服器被非法關機。Layer3的方式是以伺服器的IP地址是否有效作為伺服器工作正常與否的標準。在本文中將採用這種方式。
Layer4:如果您理解了Layer3的方式,Layer4就容易了。Layer4主要以TCP連接埠的狀態來決定伺服器工作正常與否。如web server的服務連接埠一般是80,如果Keepalived檢測到80連接埠沒有啟動,則Keepalived將把這台伺服器從伺服器群中剔除。
Layer7:Layer7就是工作在具體的應用程式層了,比Layer3,Layer4要複雜一點,在網路上佔用的頻寬也要大一些。Keepalived將根據使用者的設定檢查伺服器程式的運行是否正常,如果與使用者的設定不相符,則Keepalived將把伺服器從伺服器群中剔除。
--引用百度百科
二、安裝相關軟體
WEB和LAMP搭建這裡不做贅述;安裝完成後可以測試是否正常訪問。
650) this.width=650;" src="http://s3.51cto.com/wyfs02/M02/25/8A/wKiom1NjVRfRlDxfAADl932OBRk864.jpg" title="映像 056.jpg" alt="wKiom1NjVRfRlDxfAADl932OBRk864.jpg" />
650) this.width=650;" src="http://s3.51cto.com/wyfs02/M01/25/8B/wKioL1NjVPrgCghMAAEjpXxWvrQ427.jpg" title="映像 057.jpg" alt="wKioL1NjVPrgCghMAAEjpXxWvrQ427.jpg" />
測試兩台機器正常訪問。
為node1和node2各自安裝keepalived和haproxy;為了簡便;yum安裝即可
[[email protected] ~]# rpm -q keepalived haproxykeepalived-1.2.7-3.el6.x86_64haproxy-1.4.24-2.el6.x86_64 ----------------------------------------------- [[email protected] ~]# rpm -q keepalived haproxykeepalived-1.2.7-3.el6.x86_64haproxy-1.4.24-2.el6.x86_64[[email protected] ~]#
三、配置haproxy實現動靜分離
這裡在node1上示範;node2同樣的配置:
[[email protected] ~]# vim /etc/haproxy/haproxy.cfg#這裡對應global段和default段不做任何修改;但是日誌需要在global段開啟;#其餘的全部注釋;任何重新添加以下內容;#具體含義上一篇以做解釋;這裡就不做詳細介紹frontend web bind *:80 acl url_static path_beg -i /static /images /javascript /stylesheets acl url_static path_end -i .jpg .gif .png .css .js .html .htm acl url_dynamic path_end -i .php use_backend static if url_static use_backend dynamic if url_dynamic default_backend staticbackend static balance roundrobin server node3 192.168.0.113:80 checkbackend dynamic balance roundrobin server node4 192.168.0.114:80 checklisten stats mode http bind *:1234 stats enable stats refresh 3s stats hide-version stats uri /admin?stats stats realm HAProxy\ Statistics stats auth admin:haproxy stats admin if TRUE -------------------------------------------------------------------#複製一份到node2即可;各自啟動haproxy [[email protected] ~]# scp /etc/haproxy/haproxy.cfg node2:/etc/haproxy/haproxy.cfg 100% 3896 3.8KB/s 00:00 [[email protected] ~]#
查看stats資訊:
650) this.width=650;" src="http://s3.51cto.com/wyfs02/M02/25/8B/wKioL1NjZLvyNBcUAATw7yxWOH4863.jpg" title="映像 058.jpg" alt="wKioL1NjZLvyNBcUAATw7yxWOH4863.jpg" />
如後端有多台機器;則可以實現負載平衡;這裡未做執行個體。
四、配置keepalived實現haproxy的高可用
同樣在node1上配置;但是node2需要更改兩個地方:
[[email protected] ~]# vim /etc/keepalived/keepalived.conf! Configuration File for keepalived global_defs { #全域配置 notification_email { [email protected] #接受郵件方 } notification_email_from [email protected] #寄件者 smtp_server 127.0.0.1 #郵件伺服器 smtp_connect_timeout 30 #逾時時間長度 router_id LVS_DEVEL #ID;隨意即可} vrrp_script chk_down { #添加監控規則 script "[[ -f /root/down ]] && exit 1 || exit 0"#上面說明如果在/roo/下有down檔案;就失敗;轉移到從上;否則正常 interval 1 #多久監控一次 weight 2 #權重} vrrp_script chk_haproxy { #監控haproxy服務的 script "pidof haproxy &> /dev/null && exit 0 || exit 1" interval 1 weight 2} vrrp_instance VI_1 { #添加一個執行個體 state MASTER #定義主從 #注意node2從的上為BACKUP interface eth0 #網路介面 virtual_router_id 222 #虛擬路由ID;根據該ID產生虛擬MAC;保證其唯一性 priority 100 #優先順序別;BACKUP要低於MASTER advert_int 1 #心跳廣播間隔 authentication { #認證 auth_type PASS #明文認證 auth_pass 1111 #password } virtual_ipaddress { #虛擬IP 192.168.0.222 } track_script { #指令碼追蹤;生效上述定義指令碼 chk_down chk_haproxy } notify_master "/etc/keepalived/notify.sh master" #郵件通知 notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault"}#更改以上資訊;其餘設定檔中的資訊全部注釋即可---------------------------------------------------------#複製一份到node2;根據上述描述變更
提供haproxy指令碼:
[[email protected] ~]# vim /etc/keepalived/notify.sh#!/bin/bash# Author: MageEdu <[email protected]># description: An example of notify script#vip=192.168.0.222contact=‘[email protected]‘notify() { #定義發送郵件格式等資訊 mailsubject="`hostname` to be $1: $vip floating" mailbody="`date ‘+%F %H:%M:%S‘`: vrrp transition, `hostname` changed to be $1" echo $mailbody | mail -s "$mailsubject" $contact} case "$1" in master) #根據參數進行執行對應命令 notify master /etc/rc.d/init.d/haproxy start exit 0 ;; backup) notify backup /etc/rc.d/init.d/haproxy stop exit 0 ;; fault) notify fault /etc/rc.d/init.d/haproxy stop exit 0 ;; *) echo ‘Usage: `basename $0` {master|backup|fault}‘ exit 1 ;;esac #完成後複製一份到node2即可#啟動keepalived即可
五、測試haproxy的高可用
[[email protected] ~]# ip a1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 link/ether 00:0c:29:5e:1e:4f brd ff:ff:ff:ff:ff:ff inet 192.168.0.111/16 brd 192.168.255.255 scope global eth0 inet 192.168.0.222/32 scope global eth0 inet6 fe80::20c:29ff:fe5e:1e4f/64 scope link valid_lft forever preferred_lft forever #查看虛擬IP目前在node1上;
650) this.width=650;" src="http://s3.51cto.com/wyfs02/M01/25/8B/wKioL1NjcfPQuN2hAAIaatxUA24321.jpg" title="映像 059.jpg" alt="wKioL1NjcfPQuN2hAAIaatxUA24321.jpg" />
測試訪問正常;下面down掉node1看下;
#由於設定檔定義了一個down的指令碼;直接建立檔案即可[[email protected] ~]# touch down[[email protected] ~]# ip a1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 link/ether 00:0c:29:5e:1e:4f brd ff:ff:ff:ff:ff:ff inet 192.168.0.111/16 brd 192.168.255.255 scope global eth0 inet6 fe80::20c:29ff:fe5e:1e4f/64 scope link valid_lft forever preferred_lft foreverYou have new mail in /var/spool/mail/root #這裡也提示有郵件資訊 ------------------------------------------------------------------ [[email protected] ~]# ip a1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:df:70:b6 brd ff:ff:ff:ff:ff:ff inet 192.168.0.112/16 brd 192.168.255.255 scope global eth0 inet 192.168.0.222/32 scope global eth0 #測試已轉移到node2上
同時測試頁面也是正常的。
測試haproxy指令碼是否能夠執行
[[email protected] ~]# service haproxy stopStopping haproxy: [ OK ][[email protected] ~]# ip a1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 link/ether 00:0c:29:5e:1e:4f brd ff:ff:ff:ff:ff:ff inet 192.168.0.111/16 brd 192.168.255.255 scope global eth0 inet6 fe80::20c:29ff:fe5e:1e4f/64 scope link ---------------------------------------------------------------------- [[email protected] ~]# ip a1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:df:70:b6 brd ff:ff:ff:ff:ff:ff inet 192.168.0.112/16 brd 192.168.255.255 scope global eth0 inet 192.168.0.222/32 scope global eth0 --------------------------------------------------------------------- [[email protected] ~]# tail -5 /var/log/messagesMay 2 18:25:10 node1 Keepalived_vrrp[5331]: VRRP_Script(chk_haproxy) failedMay 2 18:25:10 node1 Keepalived_vrrp[5331]: VRRP_Instance(VI_1) Received higher prio advertMay 2 18:25:10 node1 Keepalived_vrrp[5331]: VRRP_Instance(VI_1) Entering BACKUP STATEMay 2 18:25:10 node1 Keepalived_vrrp[5331]: VRRP_Instance(VI_1) removing protocol VIPs.May 2 18:25:10 node1 Keepalived_healthcheckers[5330]: Netlink reflector reports IP 192.168.0.222 removed #可以查看系統日誌也記錄詳細資料#測試啟動haproxy後;虛擬IP會自動轉回。
到此;HAProxy+KeepAlived配置以全部完成;相關功能也都已測試成功。
如有錯誤;懇請糾正。
本文出自 “Soul” 部落格,請務必保留此出處http://chenpipi.blog.51cto.com/8563610/1405554
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
