大體規劃:javascript
主機 | IP | 描述 |
VIP | 192.168.0.222 | 對外提供高可用IP |
haproxy+keepalived (node1) | 192.168.0.111 | haproxy爲後端兩臺WEB服務的作動靜分離;keepalived爲haproxy作高可用。php |
haproxy+keepalived (node2) | 192.168.0.112 | |
WEB (node3) | 192.168.0.113 | 提供靜態請求響應 |
Apache+PHP+MySQL (node4) | 192.168.0.114 | 提供動態請求響應 |
1、KeepAlived的簡介及原理
css
Keepalived的做用是檢測web服務器的狀態,若是有一臺web服務器死機,或工做出現故障,Keepalived將檢測到,並將有故障的web服務器從系統中剔除,當web服務器工做正常後Keepalived自動將web服務器加入到服務器羣中,這些工做所有自動完成,不須要人工干涉,須要人工作的只是修復故障的web服務器。html
Layer3,4&7工做在IP/TCP協議棧的IP層,TCP層,及應用層,原理分別以下:java
Layer3:Keepalived使用Layer3的方式工做式時,Keepalived會按期向服務器羣中的服務器發送一個ICMP的數據包(既咱們平時用的Ping程序),若是發現某臺服務的IP地址沒有激活,Keepalived便報告這臺服務器失效,並將它從服務器羣中剔除,這種狀況的典型例子是某臺服務器被非法關機。Layer3的方式是以服務器的IP地址是否有效做爲服務器工做正常與否的標準。在本文中將採用這種方式。node
Layer4:若是您理解了Layer3的方式,Layer4就容易了。Layer4主要以TCP端口的狀態來決定服務器工做正常與否。如web server的服務端口通常是80,若是Keepalived檢測到80端口沒有啓動,則Keepalived將把這臺服務器從服務器羣中剔除。python
Layer7:Layer7就是工做在具體的應用層了,比Layer3,Layer4要複雜一點,在網絡上佔用的帶寬也要大一些。Keepalived將根據用戶的設定檢查服務器程序的運行是否正常,若是與用戶的設定不相符,則Keepalived將把服務器從服務器羣中剔除。linux
--引用百度百科web
2、安裝相關軟件vim
WEB和LAMP搭建這裏不作贅述;安裝完成後能夠測試是否正常訪問。
測試兩臺機器正常訪問。
爲node1和node2各自安裝keepalived和haproxy;爲了簡便;yum安裝便可
[root@node1 ~]# rpm -q keepalived haproxy keepalived-1.2.7-3.el6.x86_64 haproxy-1.4.24-2.el6.x86_64 ----------------------------------------------- [root@node2 ~]# rpm -q keepalived haproxy keepalived-1.2.7-3.el6.x86_64 haproxy-1.4.24-2.el6.x86_64 [root@node2 ~]#
3、配置haproxy實現動靜分離
這裏在node1上演示;node2一樣的配置:
[root@node1 ~]# vim /etc/haproxy/haproxy.cfg #這裏對應global段和default段不作任何修改;可是日誌須要在global段開啓; #其他的所有註釋;任何從新添加如下內容; #具體含義上一篇以作解釋;這裏就不作詳細介紹 frontend web bind *:80 acl url_static path_beg -i /static /p_w_picpaths /javascript /stylesheets acl url_static path_end -i .jpg .gif .png .css .js .html .htm acl url_dynamic path_end -i .php use_backend static if url_static use_backend dynamic if url_dynamic default_backend static backend static balance roundrobin server node3 192.168.0.113:80 check backend dynamic balance roundrobin server node4 192.168.0.114:80 check listen stats mode http bind *:1234 stats enable stats refresh 3s stats hide-version stats uri /admin?stats stats realm HAProxy\ Statistics stats auth admin:haproxy stats admin if TRUE ------------------------------------------------------------------- #複製一份到node2便可;各自啓動haproxy [root@node1 ~]# scp /etc/haproxy/haproxy.cfg node2:/etc/haproxy/ haproxy.cfg 100% 3896 3.8KB/s 00:00 [root@node1 ~]#
查看stats信息:
如後端有多臺機器;則能夠實現負載均衡;這裏未作實例。
4、配置keepalived實現haproxy的高可用
一樣在node1上配置;可是node2須要更改兩個地方:
[root@node1 ~]# vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { #全局配置 notification_email { root@localhost #接受郵件方 } notification_email_from soul@localhost #發件人 smtp_server 127.0.0.1 #郵件服務器 smtp_connect_timeout 30 #超時時長 router_id LVS_DEVEL #ID;隨意便可 } vrrp_script chk_down { #添加監控規則 script "[[ -f /root/down ]] && exit 1 || exit 0" #上面說明若是在/roo/下有down文件;就失敗;轉移到從上;不然正常 interval 1 #多久監控一次 weight 2 #權重 } vrrp_script chk_haproxy { #監控haproxy服務的 script "pidof haproxy &> /dev/null && exit 0 || exit 1" interval 1 weight 2 } vrrp_instance VI_1 { #添加一個實例 state MASTER #定義主從 #注意node2從的上爲BACKUP interface eth0 #網絡接口 virtual_router_id 222 #虛擬路由ID;根據該ID生成虛擬MAC;保證其惟一性 priority 100 #優先級別;BACKUP要低於MASTER advert_int 1 #心跳廣播間隔 authentication { #認證 auth_type PASS #明文認證 auth_pass 1111 #password } virtual_ipaddress { #虛擬IP 192.168.0.222 } track_script { #腳本追蹤;生效上述定義腳本 chk_down chk_haproxy } notify_master "/etc/keepalived/notify.sh master" #郵件通知 notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" } #更改以上信息;其他配置文件中的信息所有註釋便可 --------------------------------------------------------- #複製一份到node2;根據上述描述進行更改
提供haproxy腳本:
[root@node1 ~]# vim /etc/keepalived/notify.sh #!/bin/bash # Author: MageEdu <linuxedu@foxmail.com> # description: An example of notify script # vip=192.168.0.222 contact='root@localhost' notify() { #定義發送郵件格式等信息 mailsubject="`hostname` to be $1: $vip floating" mailbody="`date '+%F %H:%M:%S'`: vrrp transition, `hostname` changed to be $1" echo $mailbody | mail -s "$mailsubject" $contact } case "$1" in master) #根據參數進行執行對應命令 notify master /etc/rc.d/init.d/haproxy start exit 0 ;; backup) notify backup /etc/rc.d/init.d/haproxy stop exit 0 ;; fault) notify fault /etc/rc.d/init.d/haproxy stop exit 0 ;; *) echo 'Usage: `basename $0` {master|backup|fault}' exit 1 ;; esac #完成後複製一份到node2便可 #啓動keepalived便可
5、測試haproxy的高可用
[root@node1 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 link/ether 00:0c:29:5e:1e:4f brd ff:ff:ff:ff:ff:ff inet 192.168.0.111/16 brd 192.168.255.255 scope global eth0 inet 192.168.0.222/32 scope global eth0 inet6 fe80::20c:29ff:fe5e:1e4f/64 scope link valid_lft forever preferred_lft forever #查看虛擬IP目前在node1上;
測試訪問正常;下面down掉node1看下;
#因爲配置文件定義了一個down的腳本;直接創建文件便可 [root@node1 ~]# touch down [root@node1 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 link/ether 00:0c:29:5e:1e:4f brd ff:ff:ff:ff:ff:ff inet 192.168.0.111/16 brd 192.168.255.255 scope global eth0 inet6 fe80::20c:29ff:fe5e:1e4f/64 scope link valid_lft forever preferred_lft forever You have new mail in /var/spool/mail/root #這裏也提示有郵件信息 ------------------------------------------------------------------ [root@node2 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:df:70:b6 brd ff:ff:ff:ff:ff:ff inet 192.168.0.112/16 brd 192.168.255.255 scope global eth0 inet 192.168.0.222/32 scope global eth0 #測試已轉移到node2上
同時測試頁面也是正常的。
測試haproxy腳本是否可以執行
[root@node1 ~]# service haproxy stop Stopping haproxy: [ OK ] [root@node1 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 link/ether 00:0c:29:5e:1e:4f brd ff:ff:ff:ff:ff:ff inet 192.168.0.111/16 brd 192.168.255.255 scope global eth0 inet6 fe80::20c:29ff:fe5e:1e4f/64 scope link ---------------------------------------------------------------------- [root@node2 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:df:70:b6 brd ff:ff:ff:ff:ff:ff inet 192.168.0.112/16 brd 192.168.255.255 scope global eth0 inet 192.168.0.222/32 scope global eth0 --------------------------------------------------------------------- [root@node1 ~]# tail -5 /var/log/messages May 2 18:25:10 node1 Keepalived_vrrp[5331]: VRRP_Script(chk_haproxy) failed May 2 18:25:10 node1 Keepalived_vrrp[5331]: VRRP_Instance(VI_1) Received higher prio advert May 2 18:25:10 node1 Keepalived_vrrp[5331]: VRRP_Instance(VI_1) Entering BACKUP STATE May 2 18:25:10 node1 Keepalived_vrrp[5331]: VRRP_Instance(VI_1) removing protocol VIPs. May 2 18:25:10 node1 Keepalived_healthcheckers[5330]: Netlink reflector reports IP 192.168.0.222 removed #能夠查看系統日誌也記錄詳細信息 #測試啓動haproxy後;虛擬IP會自動轉回。
到此;HAProxy+KeepAlived配置以所有完成;相關功能也都已測試成功。
若有錯誤;懇請糾正。