Web 负载均衡解决方案——HAproxy+keepalived实现高可用负载均衡
HAProxy概念:
HAProxy提供高可用性、负载均衡以及基于TCP和HTTP应用的代理,支持虚拟主机, 它是免费、快速并且可靠的一种解决方案。HAProxy特别适用于那些负载特大的web站点, 这些站点通常又需要会话保持或七层处理。HAProxy运行在当前的硬件上,完全可以支持数以万计的并发连接。并且它的运行模式使得它可以很简单安全的整 合进您当前的架构中, 同时可以保护你的web服务器不被暴露到网络上。
软件下载地址:http://haproxy.1wt.eu/download/1.4/src/haproxy-1.4.20.tar.gz
一, 拓扑 浮动IP eth0:1 192.168.10.31/23 | +++++++++++++ +++++++++++++ + HAproxy master + + HAproxy backup + +++++++++++++ +++++++++++++ DIP eth0 192.168.10.30/23 DIP eth0 192.168.10.28/23 |______________________________| ______________|_______________ | | | | ++++++++++++ ++++++++++++ ++++++++++++ ++++++++++++ + WEB B + + WEB B + + WEB C + + WEB D + ++++++++++++ ++++++++++++ ++++++++++++ ++++++++++++ eth0 192.168.10.2/23 eth0 192.168.10.3/23 eth0 192.168.10.4/23 eth0 192.168.10.5/23 二,配置 (一) 搭建环境 操作系统:CentOS release 6.3 x86-64内核:2.6.27.21-0.1-xen cpu:Intel(R) Xeon(R) CPU E5620 @ 2.40GHz (双核) 内存:4G 软件版本:keepalived-1.2.1 ; haproxy-1.4.20 软件库环境:安装开发工具和开发库 [root@localhost ~]#yum -y groupinstall "Development libraries" "Development tools" [root@localhost ~]#yum -y install gcc openssl-devel pcre-devel zlib-devel (二) 安装keepalived [root@localhost ~]# tar -xvf keepalived-1.2.7.tar.gz [root@localhost ~]# cd keepalived-1.2.7 [root@localhost keepalived-1.2.7]#./configure --prefix=/ Keepalived configuration ------------------------ Keepalived version : 1.2.7 Compiler : gcc Compiler flags : -g -O2 Extra Lib : -lpopt -lssl -lcrypto Use IPVS Framework : Yes IPVS sync daemon support : Yes IPVS use libnl : No Use VRRP Framework : Yes Use VRRP VMAC : Yes SNMP support : No Use Debug flags : No 显示如上为编译成功 [root@localhost keepalived-1.2.7]#make && make install [root@localhost ~]# vi /etc/keepalived/keepalived.conf global_defs { notification_email { root@localhost } notification_email_from keepalived@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id nginx1 } vrrp_script chk_haproxy { script "/etc/keepalived/chk_haproxy.sh" interval 5 } vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } track_script { chk_haproxy } virtual_ipaddress { 192.168.10.31/23 } } [root@localhost ~]# chkconfig keepalived on [root@localhost ~]# chkconfig --list keepalived keepalived 0:off 1:off 2:on 3:on 4:on 5:on 6:off 辅keepalived配置与主相同但在keepalived配置文件中修改: state BACKUP priority 50 (三) 编写haproxy的监控脚本,当haproxy无法启动时关闭keepalived将服务切换到辅服务器 [root@localhost ~]# vi /etc/keepalived/chk_haproxy.sh #!/bin/bash A=`ps -C haproxy --no-header | wc -l` if [ $A -eq 0 ] then /usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/conf/haproxy.cfg sleep 3 if [ `ps -C haproxy --no-header | wc -l ` -eq 0 ] then /etc/init.d/keepalived stop fi fi (四)安装haproxy [root@localhost ~]# tar -xvf haproxy-1.4.20.tar.gz [root@localhost haproxy-1.4.20]# make TARGET=linux26 PREFIX=/usr/local/haproxy install [root@localhost haproxy-1.4.20]# cd /usr/local/haproxy/ [root@localhost haproxy]# mkdir conf logs [root@localhost haproxy]# cd conf/ [root@localhost conf]# vim haproxy.cfg global log 127.0.0.1 local3 info 需要在/etc/syslog.conf里添加local3.* /var/log/haproxy.log maxconn 4096 uid nobody gid nobody daemon nbproc 4 defaults log global mode http maxconn 2048 #最大连接数 retries 3 #3 次连接失败就认为服务器不可用 option httpclose #每次请求完毕后主动关闭http通道 option forwardfor #如果后端服务器需要获得客户端真实ip需要配置的参数,可以从Http Header中获得客户端ip option abortonclose #当服务器负载很高的时候,自动结束掉当前队列处理比较久的连接 option redispatch #serverId对应的服务器挂掉后,强制定向到其他健康的服务器 stats refresh 30 #统计页面刷新间隔 stats uri /haproxy #监控后端服务器的页面 stats auth admin:zgrtqgjxglzx #登陆监控页面的用户名和密码 contimeout 5000 #连接超时 clitimeout 50000 #客户端超时 srvtimeout 50000 #服务器超时 listen http-in bind 0.0.0.0:80 mode http #http 表示七层 log global option httplog balance roundrobin #默认的负载均衡的方式,轮询方式 balance leastconn option httpchk GET /login.jsp #心跳检测的文件 此处不是项目里真实的文件 #option httpchk GET /index.html cookie SERVERID insert indirect nocache server jsp-A 192.168.10.2:80 weight 1 cookie 1 check inter 2000 rise 2 fall 5 #cookie 1 标识 serverid 为 1 server jsp-B 192.168.10.3:80 weight 1 cookie 2 check inter 2000 rise 2 fall 5 #check inter 2000 检测心跳频率 server jsp-C 192.168.10.4:80 weight 1 cookie 3 check inter 2000 rise 2 fall 5 #rise 2 2 次正确认为服务器可用 server jsp-D 192.168.10.5:80 weight 1 cookie 4 check inter 2000 rise 2 fall 5 #fall 5 5 次失败认为服务器不可用 最后将/usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/conf/haproxy.cfg 加入/etc/rc.loal 设置开机启动 (五)启动haproxy [root@localhost conf]# /usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/conf/haproxy.cfg 三、测试 在客户端访问 HAproxy 测试 [root@localhost ~]# elinks –dump http:// 192.168.122.254
在客户机访问HAproxy健康检查页面