一、概述:
HAProxy是一个用于4层或7层的高性能负载均衡软件,在大型网站的大型Web服务器群集中,HAProxy可用来替代专业的硬件负载均衡设备,节省大量的开支。
通常情况下,为了避免整个体系中出现单点故障,在至关重要的架构中,都需要部署备份设备,同样,负载均衡设备也不能部署单台,一旦主设备出现问题之后,备份设备可对主设备进行接管。实现不间断的服务,这便是Keepalived的作用。
于是,HAProxy和Keepalived的组合便成了省钱高效的Web服务器负载均衡架构。
拓扑图:
二、前端负载均衡层配置:
1.ha_1配置<172.16.41.1>:
<1>配置keepalived
[root@ha_1 ~]# yum install -y keepalived[root@ha_1 ~]# cd /etc/keepalived/[root@ha_1 keepalived]# cp keepalived.conf keepalived.conf.bak[root@ha_1 keepalived]# vim keepalived.conf! Configuration File forkeepalivedglobal_defs {notification_email { #邮件通知机制root@localhostmaoqiuguo@localhost}notification_email_from kaadmin@localhostsmtp_server 127.0.0.1 #使用本机邮件服务smtp_connect_timeout 30router_id LVS_DEVEL}vrrp_script chk_haproxy { #检测haprox服务状态script “killall -0 haproxy”interval 1weight 2 #权重}###########VRRP_INSTANCE VI_1###########实例1的配置vrrp_instance VI_1 {state MASTER #在ha_1上面是主,对端ha_2上面是备interface eth0virtual_router_id 100 #路由IDpriority 100 #优先级advert_int 1authentication { #路由之间认证auth_type PASSauth_pass 123.com}virtual_ipaddress { #VIP配置172.16.41.100/16dev eth0 label eth0:0}track_script { #追踪脚本chk_haproxy}track_interface { #追踪端口eth0}#通知脚本notify_master “/etc/keepalived/notify.sh master”notify_backup “/etc/keepalived/notify.sh backup”notify_fault “/etc/keepalived/notify.sh fault”}##########VRRP_INSTANCE VI_2############实例2的配置vrrp_instance VI_2 {state BACKUP #在ha_1上面是被,对端ha_2上面是主interface eth0virtual_router_id 200 #路由IDpriority 199 #优先级advert_int 1authentication { #路由间认证auth_type PASSauth_pass 123.com}virtual_ipaddress { #VIP配置172.16.41.101/16dev eth0 label eth0:1}track_interface { #追踪端口eth0}track_script { #追踪脚本chk_haproxy}}######################################为ha_1的keepalived提供脚本文件:[root@ha_1 ~]# vim /etc/keepalived/notify.sh#!/bin/bash# Author: MageEdu <linuxedu@foxmail.com> 脚本使用请注明出处# description: An example of notify script#vip=172.16.41.100contact=’root@localhost’notify() {mailsubject=”`hostname` to be $1: $vip floating”mailbody=”`date ‘+%F %H:%M:%S’`: vrrp transition, `hostname` changed to be $1″echo$mailbody | mail -s “$mailsubject”$contact}case”$1″inmaster)notify master/etc/rc.d/init.d/haproxystartexit0;;backup)notify backup/etc/rc.d/init.d/haproxystopexit0;;fault)notify fault/etc/rc.d/init.d/haproxystopexit0;;*)echo’Usage: `basename $0` {master|backup|fault}’exit1;;esac#赋予执行权限:[root@ha_1 ~]# chmod +x /etc/keepalived/notify.sh
<2>配置haproxy.
[root@ha_1 haproxy]# yum install haproxy -y[root@ha_1 ~]# cd /etc/haproxy/[root@ha_1 haproxy]# cp haproxy.cfg haproxy.cfg.bak[root@ha_1 haproxy]# vim haproxy.cfgglobal #全局配置log127.0.0.1 local2 #日志功能chroot/var/lib/haproxy#修改haproxy的工作目录至指定的目录并在放弃权限之前执行chroot()操作,,可以提升haproxy的安全级别,不过需要注意的是要确保指定的目录为空目录且任何用户均不能有写权限;pidfile/var/run/haproxy.pidmaxconn4000userhaproxygrouphaproxydaemon #让haproxy以守护进程的方式工作于后台defaultsmodehttp #指定haproxy的工作模式logglobal #使用默认全局日志optionhttplog #optiondontlognulloption http-server-close #若客户端超时,服务器端将关闭连接option forwardforexcept 127.0.0.0/8optionredispatch retries3timeout http-request 10stimeout queue1mtimeout connect10stimeout client1mtimeout server1mtimeout http-keep-alive 10stimeout check10smaxconn3000listen statsmode httpbind 0.0.0.0:1080 #绑定1080端口stats enable#开启stats功能stats hide-version #隐藏haproxy版本信息stats uri /myadmin?stats #在浏览器中通过什么样的URI访问stats页面stats realm Haproxy\ Statistics #认证注释信息stats auth maoqiu:123.com #认证机制(User:Password)stats admin ifTRUE #如果认证成功,则赋予管理权限acl allow src 172.16.0.0/16#访问控制,只允许是这个网段的客户端访问tcp-request content accept ifallowtcp-request content rejectfrontend proxy #前端代理bind *:80 #监听80portmode httplog globaloption httpcloseoption logasapoption dontlognullcapture request header Host len 20capture request header Referer len 60acl url_staticpath_beg-i /static/images/javascript/stylesheetsacl url_staticpath_end-i .jpg .gif .png .css .js .htmluse_backend static_servers ifurl_staticdefault_backend dynamic_serversbackend static_servers #后端静态serverbalance source#基于source算法调度server imgsrv1 192.168.100.2:80 check maxconn 6000backend dynamic_servers #后端动态serverbalance source#基于source算法调度server websrv1 192.168.100.1:80 check maxconn 6000
2.ha_2配置<172.16.41.2>:
<1>配置keepalived:
可见内心底对旅行是多么的淡漠。
