HAPROXY + Keepalived
7层调度(基于服务,如url)
配置
/etc/haproxy/haproxy.cfg
global //关于进程的全局参数
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
defaults、listen、frontend、backend //关于Proxy配置段
defaults 段用于为其他配置段提供默认参数
listen是frontend和backend的结合体
frontend 虚拟服务Virtual Server 监听器 接受访问并调度
backend 真实服务器Real Server Web 被调度的服务器
调度器可以同时为多个站点调度,如果使用frontend、backend的方式:
frontend1 backend1
frontend2 backend2
frontend3 backend3
拓扑实例
VIP:192.168.122.100
LB1:Haproxy 192.168.122.2 LB2:Haproxy 192.168.122.3
httpd:192.168.122.10 192.168.122.20 1992.168.122.30
调度器配置Haproxy
yum -y install haproxy
sed -i -r '/^[ ]*#/d;/^$/d' /etc/haproxy/haproxy.cfg
vim /etc/haproxy/haproxy.cfg
global defaults -----------------配置监控【可选】--------------- listen stats #定义标签 bind *:1314 #绑定在接口的1314端口上 stats enable #状态启用 stats refresh 30s #30s刷新一次 stats hide-version #隐藏版本 stats uri /haproxystats #自定义查看状态的uri,当访问网站的haproxystats时可以看到状态监控 stats realm Haproxy\ stats #当登录的时候弹出提示消息 stats auth suminem:123 #定义用户名和密码 stats admin if TRUE #验证成功则为admin权限 ------------------------------------------------
frontend web mode http bind *:80 #配置完keepalived后*改成VIP default_backend httpservers backend httpservers balance roundrobin server http1 192.168.122.10:80 maxconn 2000 weight 1 check inter 1s rise 2 fall 2 #不配置参数则参照defaults server http2 192.168.122.20:80 maxconn 2000 weight 1 check inter 1s rise 2 fall 2 server http3 192.168.122.30:80 maxconn 2000 weight 1 check inter 1s rise 2 fall 2
也可去掉frontend和backend改成listen,不用定义除了web之外的backend名称,如下
listen web mode http bind *:80 balance roundrobin server http1 192.168.122.10:80 maxconn 2000 weight 1 check inter 1s rise 2 fall 2 server http2 192.168.122.20:80 maxconn 2000 weight 1 check inter 1s rise 2 fall 2 server http3 192.168.122.30:80 maxconn 2000 weight 1 check inter 1s rise 2 fall 2
service haproxy restart
配置Keepalived
global_defs { router_id haproxy_master #备机改名称 } vrrp_instance VI_1 { state BACKUP nopreempt imterface eth0 virtual_router_id 80 priority 100 #备机上改成50 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.122.100 }
}
问题:
如果haproxy服务挂了,则会导致服务异常(四层),需要添加定期检测
扩展对调度器Haproxy的健康检查
a. 脚本实现
#!/bin/bash /usr/bin/curl -I http://localhost &>/dev/null if [ $? -ne 0];then /etc/init.d/keepalived stop fi
b.将脚本加入到keepalived中,定义vrrp_script并调用,注意,脚本中的命令需要写绝对路径
global_defs { router_id haproxy_master #备机改名称 } vrrp_script check_haproxy { script "/etc/keepalived/haproxy_check.sh" interval 2 #2s检查一次 } vrrp_instance VI_1 { state BACKUP nopreempt imterface eth0 virtual_router_id 80 priority 100 #备机上改成50 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.122.100 } track_script { check_haroxy } }
配置日志
tcpdump -i eth0 -nn port 514 #抓包,514为rsyslog用的端口
vim /etc/rsyslog.conf
打开UDP和TCP端口设置,并添加local2.*
# Provides UDP syslog reception $ModLoad imudp $UDPServerRun 514 # Provides TCP syslog reception $ModLoad imtcp $InputTCPServerRun 514
.........
local2.* /var/log/haproxy.log
service rsyslog restart
