HAProxy+KeepAlived實現web服務高可用、動靜分離等

大體規劃:javascript

主機 IP 描述
VIP 192.168.0.222 對外提供高可用IP
haproxy+keepalived (node1) 192.168.0.111

haproxy爲後端兩臺WEB服務的作動靜分離;keepalived爲haproxy作高可用。php

haproxy+keepalived (node2) 192.168.0.112
WEB                (node3) 192.168.0.113 提供靜態請求響應
Apache+PHP+MySQL   (node4) 192.168.0.114 提供動態請求響應

wKioL1NjUnCD4CJDAAErkscIJt4586.jpg

1、KeepAlived的簡介及原理
css

Keepalived的做用是檢測web服務器的狀態,若是有一臺web服務器死機,或工做出現故障,Keepalived將檢測到,並將有故障的web服務器從系統中剔除,當web服務器工做正常後Keepalived自動將web服務器加入到服務器羣中,這些工做所有自動完成,不須要人工干涉,須要人工作的只是修復故障的web服務器。html

Layer3,4&7工做在IP/TCP協議棧的IP層,TCP層,及應用層,原理分別以下:java

  • Layer3:Keepalived使用Layer3的方式工做式時,Keepalived會按期向服務器羣中的服務器發送一個ICMP的數據包(既咱們平時用的Ping程序),若是發現某臺服務的IP地址沒有激活,Keepalived便報告這臺服務器失效,並將它從服務器羣中剔除,這種狀況的典型例子是某臺服務器被非法關機。Layer3的方式是以服務器的IP地址是否有效做爲服務器工做正常與否的標準。在本文中將採用這種方式。node

  • Layer4:若是您理解了Layer3的方式,Layer4就容易了。Layer4主要以TCP端口的狀態來決定服務器工做正常與否。如web server的服務端口通常是80,若是Keepalived檢測到80端口沒有啓動,則Keepalived將把這臺服務器從服務器羣中剔除。python

  • Layer7:Layer7就是工做在具體的應用層了,比Layer3,Layer4要複雜一點,在網絡上佔用的帶寬也要大一些。Keepalived將根據用戶的設定檢查服務器程序的運行是否正常,若是與用戶的設定不相符,則Keepalived將把服務器從服務器羣中剔除。linux

--引用百度百科web

2、安裝相關軟件vim

WEB和LAMP搭建這裏不作贅述;安裝完成後能夠測試是否正常訪問。

wKiom1NjVRfRlDxfAADl932OBRk864.jpg

wKioL1NjVPrgCghMAAEjpXxWvrQ427.jpg

測試兩臺機器正常訪問。

爲node1和node2各自安裝keepalived和haproxy;爲了簡便;yum安裝便可

[root@node1 ~]# rpm -q keepalived haproxy
keepalived-1.2.7-3.el6.x86_64
haproxy-1.4.24-2.el6.x86_64
                                                                                                                                                                                                                                      
-----------------------------------------------
                                                                                                                                                                                                                                    
[root@node2 ~]# rpm -q keepalived haproxy
keepalived-1.2.7-3.el6.x86_64
haproxy-1.4.24-2.el6.x86_64
[root@node2 ~]#

3、配置haproxy實現動靜分離

這裏在node1上演示;node2一樣的配置:

[root@node1 ~]# vim /etc/haproxy/haproxy.cfg
#這裏對應global段和default段不作任何修改;可是日誌須要在global段開啓;
#其他的所有註釋;任何從新添加如下內容;
#具體含義上一篇以作解釋;這裏就不作詳細介紹
frontend  web
    bind *:80
    acl url_static       path_beg       -i /static /p_w_picpaths /javascript /stylesheets
    acl url_static       path_end       -i .jpg .gif .png .css .js .html .htm
    acl url_dynamic      path_end       -i .php
                                                                                                                                                                                         
    use_backend static          if url_static
    use_backend dynamic         if url_dynamic
    default_backend             static
backend static
     balance    roundrobin
     server  node3 192.168.0.113:80 check
backend dynamic
     balance    roundrobin
     server  node4 192.168.0.114:80 check
listen stats
     mode http
     bind *:1234
     stats enable
     stats refresh 3s
     stats hide-version
     stats uri  /admin?stats
     stats realm HAProxy\ Statistics
     stats auth admin:haproxy
     stats admin if TRUE
                                                                                                                                                                                          
-------------------------------------------------------------------
#複製一份到node2便可;各自啓動haproxy  
[root@node1 ~]# scp /etc/haproxy/haproxy.cfg node2:/etc/haproxy/
haproxy.cfg                                                          100% 3896     3.8KB/s   00:00  
[root@node1 ~]#

查看stats信息:

wKioL1NjZLvyNBcUAATw7yxWOH4863.jpg

如後端有多臺機器;則能夠實現負載均衡;這裏未作實例。

4、配置keepalived實現haproxy的高可用

一樣在node1上配置;可是node2須要更改兩個地方:

[root@node1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
                                                                                                                                              
global_defs {                 #全局配置
   notification_email {
        root@localhost        #接受郵件方
   }
   notification_email_from soul@localhost  #發件人
   smtp_server 127.0.0.1                   #郵件服務器
   smtp_connect_timeout 30                 #超時時長
   router_id LVS_DEVEL                     #ID;隨意便可
}
                                                                                                                                              
vrrp_script chk_down {                     #添加監控規則
    script "[[ -f /root/down ]] && exit 1 || exit 0"
#上面說明若是在/roo/下有down文件;就失敗;轉移到從上;不然正常
    interval 1             #多久監控一次
    weight 2               #權重
}
                                                                                                                                              
vrrp_script chk_haproxy {  #監控haproxy服務的
    script "pidof haproxy &> /dev/null && exit 0 || exit 1"
    interval 1
    weight 2
}
                                                                                                                                              
vrrp_instance VI_1 {        #添加一個實例
    state MASTER            #定義主從    #注意node2從的上爲BACKUP
    interface eth0          #網絡接口
    virtual_router_id 222   #虛擬路由ID;根據該ID生成虛擬MAC;保證其惟一性
    priority 100            #優先級別;BACKUP要低於MASTER
    advert_int 1            #心跳廣播間隔
    authentication {        #認證
        auth_type PASS      #明文認證
        auth_pass 1111      #password
    }
    virtual_ipaddress {     #虛擬IP
        192.168.0.222
    }
    track_script {          #腳本追蹤;生效上述定義腳本
        chk_down
        chk_haproxy
    }
    notify_master "/etc/keepalived/notify.sh master"   #郵件通知
    notify_backup "/etc/keepalived/notify.sh backup"
    notify_fault "/etc/keepalived/notify.sh fault"
}
#更改以上信息;其他配置文件中的信息所有註釋便可
---------------------------------------------------------
#複製一份到node2;根據上述描述進行更改

提供haproxy腳本:

[root@node1 ~]# vim /etc/keepalived/notify.sh
#!/bin/bash
# Author: MageEdu <linuxedu@foxmail.com>
# description: An example of notify script
#
vip=192.168.0.222
contact='root@localhost'
notify() {         #定義發送郵件格式等信息
    mailsubject="`hostname` to be $1: $vip floating"
    mailbody="`date '+%F %H:%M:%S'`: vrrp transition, `hostname` changed to be $1"
    echo $mailbody | mail -s "$mailsubject" $contact
}
                                                                                                                                  
case "$1" in
    master)             #根據參數進行執行對應命令
        notify master  
        /etc/rc.d/init.d/haproxy start
        exit 0
    ;;
    backup)
        notify backup
        /etc/rc.d/init.d/haproxy stop
        exit 0
    ;;
    fault)
        notify fault
        /etc/rc.d/init.d/haproxy stop
        exit 0
    ;;
    *)
        echo 'Usage: `basename $0` {master|backup|fault}'
        exit 1
    ;;
esac
                                                                                                                                  
#完成後複製一份到node2便可
#啓動keepalived便可

5、測試haproxy的高可用

[root@node1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 00:0c:29:5e:1e:4f brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.111/16 brd 192.168.255.255 scope global eth0
    inet 192.168.0.222/32 scope global eth0
    inet6 fe80::20c:29ff:fe5e:1e4f/64 scope link
       valid_lft forever preferred_lft forever
                                                                                                                              
#查看虛擬IP目前在node1上;

wKioL1NjcfPQuN2hAAIaatxUA24321.jpg

測試訪問正常;下面down掉node1看下;

#因爲配置文件定義了一個down的腳本;直接創建文件便可
[root@node1 ~]# touch down
[root@node1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 00:0c:29:5e:1e:4f brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.111/16 brd 192.168.255.255 scope global eth0
    inet6 fe80::20c:29ff:fe5e:1e4f/64 scope link
       valid_lft forever preferred_lft forever
You have new mail in /var/spool/mail/root    #這裏也提示有郵件信息
                                                                                                           
------------------------------------------------------------------
                                                                                                           
[root@node2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:df:70:b6 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.112/16 brd 192.168.255.255 scope global eth0
    inet 192.168.0.222/32 scope global eth0
                                                                                                           
#測試已轉移到node2上

同時測試頁面也是正常的。

測試haproxy腳本是否可以執行

[root@node1 ~]# service haproxy stop
Stopping haproxy:                                          [  OK  ]
[root@node1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 00:0c:29:5e:1e:4f brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.111/16 brd 192.168.255.255 scope global eth0
    inet6 fe80::20c:29ff:fe5e:1e4f/64 scope link
                                                                                  
----------------------------------------------------------------------
                                                                                  
[root@node2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:df:70:b6 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.112/16 brd 192.168.255.255 scope global eth0
    inet 192.168.0.222/32 scope global eth0
                                                                                  
---------------------------------------------------------------------
                                                                                  
[root@node1 ~]# tail -5 /var/log/messages
May  2 18:25:10 node1 Keepalived_vrrp[5331]: VRRP_Script(chk_haproxy) failed
May  2 18:25:10 node1 Keepalived_vrrp[5331]: VRRP_Instance(VI_1) Received higher prio advert
May  2 18:25:10 node1 Keepalived_vrrp[5331]: VRRP_Instance(VI_1) Entering BACKUP STATE
May  2 18:25:10 node1 Keepalived_vrrp[5331]: VRRP_Instance(VI_1) removing protocol VIPs.
May  2 18:25:10 node1 Keepalived_healthcheckers[5330]: Netlink reflector reports IP 192.168.0.222 removed
                                                                                  
#能夠查看系統日誌也記錄詳細信息
#測試啓動haproxy後;虛擬IP會自動轉回。

到此;HAProxy+KeepAlived配置以所有完成;相關功能也都已測試成功。




若有錯誤;懇請糾正。

相關文章
相關標籤/搜索