1.搭建环境描述:
操作系统:
[root@HA-1 ~]# cat /etc/redhat-release
CentOS release 6.7 (Final)
地址规划:
| 主机名 | IP地址 | 集群角色 | 虚拟IP |
| haproxy-server | 10.0.0.35 | 主HAProxyServer | 10.0.0.40 |
| haproxy-backup |
10.0.0.36 |
备用HAProxyServer | |
| webapp1 | 10.0.0.150 | Backend Server | 无 |
| webapp2 |
10.0.0.151 |
||
| webapp3 | 10.0.0.152 |
拓扑结构:
此结构要实现的功能是:通过HAProxy实现三个站点的负载均衡,即当用户通过域名www.zb.com访问网站时,HAProxy要将请求发送到webapp1主机;当用户通过域名static.zb.com访问网站时,HAProxy要将请求发送到webapp2主机;当用户通过域名video.zb.com访问网站时,HAProxy要将请求发送到webapp3主机;当主HAProxyServer发送故障后,能立刻将负载均衡切换到备用HAProxyServer上。
为了实现HAProxy的高可用功能,这里采用Keepalived作为高可用监控软件。
2.配置HAProxy负载均衡服务器
关于HAProxy的安装,我这里使用yum安装的,就不做详细介绍。haproxy配置文件如下:
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
nbproc 1
# turn on stats unix socket
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
retries 3
timeout connect 5s
timeout client 30s
timeout server 30s
timeout check 2s
listen admin_stats
bind 0.0.0.0:19088
mode http
log 127.0.0.1 local0 err
stats refresh 30s
stats uri /haproxy-status
stats realm welcome login Haproxy
stats auth admin:admin
stats hide-version
stats admin if TRUE
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend www
bind *:80
mode http
option httplog
option forwardfor
log global
acl host_www hdr_dom(host) -i www.zb.com
acl host_static hdr_dom(host) -i static.zb.com
acl host_video hdr_dom(host) -i video.zb.com
use_backend server_www if host_www
use_backend server_static if host_static
use_backend server_video if host_video
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend server_www
mode http
option redispatch
option abortonclose
balance roundrobin
option httpchk GET /index.html
server web01 10.0.0.150:80 weight 6 check inter 2000 rise 2 fall 3
backend server_static
mode http
option redispatch
option abortonclose
balance roundrobin
option httpchk GET /index.html
server web02 10.0.0.151:80 weight 6 check inter 2000 rise 2 fall 3
backend server_video
mode http
option redispatch
option abortonclose
balance roundrobin
option httpchk GET /index.html
server web03 10.0.0.152:80 weight 6 check inter 2000 rise 2 fall 3
在这个HAProxy配置中,通过ACL规则将三个站点分别转向webapp1、webapp2和webapp3三个服务节点上,这样变相地实现了负载均衡。三个后端实例server_www、server_static和server_video虽然只有一台服务器,但是如果站点访问量增加,可以很容易地增加后端服务器,实现真正的负载均衡。
将haproxy.conf文件复制到备用的haproxy-backup服务器上,然后在主、备HAProxy上依次启动HAProxy服务。
3.配置主、备Keepalived服务器
依次在主、备两个节点上安装Keepalived。我这还是用yum安装,在haproxy-server主机上,keepalived.conf的内容如下:
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script check_haproxy {
script "killall -0 haproxy"
interval 2
}
vrrp_instance HAProxy_HA {
state BACKUP
interface eth0
virtual_router_id 80
priority 100
advert_int 2
nopreempt
authentication {
auth_type PASS
auth_pass aaaa
}
notify_master "/etc/keepalived/mail_notify.sh master"
notify_backup "/etc/keepalived/mail_notify.sh backup"
notify_fault "/etc/keepalived/mail_notify.sh fault"
track_script {
check_haproxy
}
virtual_ipaddress {
10.0.0.40/24 dev eth0
}
}
其中,/etc/keepalived/mail_notify.sh文件是一个邮件通知程序,当keepalived进行Master、Backup、Fault状态切换时,将会发送通知邮件给运维人员,这样可以及时了解高可用集群的运行状态,以便在适当的时候人为介入处理故障。mail_notify.sh文件的内容如下:
#!/bin/bash
#监控keepalived切换状态脚本
IP=`ifconfig | grep 10.0.0|awk '{print $2}'|awk -F ':' '{print $2}'`
echo "${IP} $1 状态被激活,请确认HAProxy服务运行状态!"|mail -s "HAProyx状态切换报警" 11*******11@qq.com
最后,将keepalived.conf文件和mail_notify.sh文件复制到haproxy-backup服务器上对应的位置,然后将keepalived文件中priority值修改为90,由于配置的是不抢占模式,因此,还需要在backup-haproxy服务器上去掉nopreempt选项。
完成所有配置后,分别在haproxy-server和haproxy-backup主机上依次启动HAProxy服务和Keepalived服务。注意,这里一定要先启动HAProxy服务,因为Keepalived服务在启动的时候回自动检测HAProxy服务是否正常,如果发现HAProxy服务没有启动,那么主、备Keepalived将自动进入Fault状态。在依次启动服务后,在正常情况下VIP地址应该运行在haproxy-server服务器上,通过命令“ip a”可以查看VIP是否已经正常加载。
4.测试HAProxy+Keepalived高可用负载均衡集群
高可用的HAProxy负载均衡系统能够实现HAProxy的高可用性、负载均衡特性和故障切换特性。
测试keepalived的高可用功能:
高可用性是通过HAProxy的两个HAProxy Server完成的。为了模拟故障,先将主haproxy-server上面的HAProxy服务停止,接着观察haproxy-server上的keepalived的运行日志,信息如下:
Jul 24 16:04:13 data-1-1 Keepalived_vrrp[25735]: VRRP_Script(check_haproxy) failed
Jul 24 16:04:14 data-1-1 Keepalived_vrrp[25735]: VRRP_Instance(HAProxy_HA) Received higher prio advert
Jul 24 16:04:14 data-1-1 Keepalived_vrrp[25735]: VRRP_Instance(HAProxy_HA) Entering BACKUP STATE
Jul 24 16:04:14 data-1-1 Keepalived_vrrp[25735]: VRRP_Instance(HAProxy_HA) removing protocol VIPs.
Jul 24 16:04:14 data-1-1 Keepalived_healthcheckers[25734]: Netlink reflector reports IP 10.0.0.40 removed
这段日志显示了check_haproxy检测失败后,haproxy-server自动进入了backup状态,同时释放了虚拟IP。由于执行了角色切换,此时mail_notify.sh脚本应该会自动执行并发送状态切换邮件。
然后观察备机haproxy-backup上Keepalived的运行日志,信息如下:
Jul 24 16:04:14 data-1-2 Keepalived_vrrp[25243]: VRRP_Instance(HAProxy_HA) forcing a new MASTER election
Jul 24 16:04:14 data-1-2 Keepalived_vrrp[25243]: VRRP_Instance(HAProxy_HA) forcing a new MASTER election
Jul 24 16:04:16 data-1-2 Keepalived_vrrp[25243]: VRRP_Instance(HAProxy_HA) Transition to MASTER STATE
Jul 24 16:04:18 data-1-2 Keepalived_vrrp[25243]: VRRP_Instance(HAProxy_HA) Entering MASTER STATE
Jul 24 16:04:18 data-1-2 Keepalived_vrrp[25243]: VRRP_Instance(HAProxy_HA) setting protocol VIPs.
Jul 24 16:04:18 data-1-2 Keepalived_healthcheckers[25242]: Netlink reflector reports IP 10.0.0.40 added
Jul 24 16:04:18 data-1-2 Keepalived_vrrp[25243]: VRRP_Instance(HAProxy_HA) Sending gratuitous ARPs on eth0 for 10.0.0.40
Jul 24 16:04:23 data-1-2 Keepalived_vrrp[25243]: VRRP_Instance(HAProxy_HA) Sending gratuitous ARPs on eth0 for 10.0.0.40
从日志中可以看出,主机出现故障后,haproxy-backup立刻检测到,此时,haproxy-backup变成Master角色,并且接管了主机的虚拟IP资源,最后将虚拟IP绑定在eth0设备上。
接着,重新启动主haproxy-server上的haproxy服务,然后观察haproxy-server上的日志状态:
Jul 24 18:22:16 data-1-1 Keepalived_vrrp[30896]: VRRP_Script(check_haproxy) succeeded
Jul 24 18:22:17 data-1-1 Keepalived_vrrp[30896]: VRRP_Instance(HAProxy_HA) Entering BACKUP STATE
从日志输出可知,在HAProxy服务启动后,Keepalived监控程序vrrp_script检测到HAProxy已经正常运行,但是并没有执行切换操作,这是由于Keepalived集群中设置了不抢占模式的缘故。
测试负载均衡功能:
将www.zb.com、static.zb.com、video.zb.com这个三个域名解析到10.0.0.40这个虚拟IP上,然后依次访问网站,如果HAProxy运行正常,并且ACL规则设置正确,这里三个网站应该都能正常访问,如果出现错误,可通过查看HAProxy的运行日志判断哪里出现问题。
转自
案例一(haproxy+keepalived高可用负载均衡系统)-闫利朋的博客-51CTO博客
http://blog.51cto.com/6284444/2149581