作为4层、7层负载均衡,Haproxy也表现得相当出色,这里就不过多的介绍haproxy了,主要还是通过实验说话。过两天再做个nginx+keepalived 的架构,和这个架构做下对比。


【实验环境】
haproxy keepalived 主:192.168.56.120
haproxy keepalived 从:192.168.56.121
VIP :192.168.56.130
Web1 : 192.168.56.113

Web2:192.168.56.114


【实验拓扑】


一、安装配置Haproxy
1、配置主机名(node2同node1)
[root@localhost ~]# vim /etc/sysconfig/network
HOSTNAME=node1
[root@localhost ~]# vim /etc/hosts
192.168.56.120  node1
192.168.56.121  node2
192.168.56.113  web1
192.168.56.114  web2

[root@localhost ~]# hostname node1


2、安装配置haproxy
[root@node1 src]# wget http://haproxy.1wt.eu/download/1.4/src/haproxy-1.4.11.tar.gz
root@node1 src]# tar xf haproxy-1.4.11.tar.gz
[root@node1 src]# cd haproxy-1.4.11
[root@node1 haproxy-1.4.11]# vim Makefile    // 编译安装的haproxy默认安装路径为/usr/local,将其改为/usrl/local/haproxy
65 PREFIX = /usr/local/haproxy
[root@node1 haproxy-1.4.11]# make install
[root@node1 haproxy-1.4.11]# mkdir -p /usr/local/haproxy/etc
[root@node1 haproxy-1.4.11]# cp examples/haproxy.cfg /usr/local/haproxy/etc
[root@node1 haproxy-1.4.11]# vim /usr/local/haproxy/etc/haproxy.cfg
# this config needs haproxy-1.1.28 or haproxy-1.2.1
global
       log 127.0.0.1   local0
       log 127.0.0.1   local1 notice
       #log loghost    local0 info
       maxconn 4096
       chroot /usr/share/haproxy
       uid 99
       gid 99
       daemon
       nbproc 1
       pidfile /usr/local/haproxy/haproxy.pid
       #debug
       #quiet
defaults
       log     global
       mode    http            # (http|tcp|health)默认7层是http,4层是tcp
       option  httplog
       option  dontlognull  #日志类别,采用httplog
       retries 3                 #3次连接失败就认为后端服务器不可用,主要通过后面的 check 检查
       option redispatch        # serverId对应的服务器挂掉后,强制定向到其他健康的服务器
       option forwardfor        # 后端服务器需要获得客户端的真实IP,将从Http Header中获得客户端IP
       maxconn 2000
       contimeout      5000
       clitimeout      50000
       srvtimeout      50000
listen  node1 0.0.0.0:80        
       cookie  SERVERID rewrite
       #option  httpchk GET /index.html  #用于健康检测的后端页面(必须存在)
       balance roundrobin
       stats enable
       stats uri /admin-status              #管理地址  
       stats auth haproxy:haproxy            #管理帐号:管理密码  
       stats hide-version                #隐藏haproxy版本信息
       server web1     192.168.56.113:80 weight 5 check inter 2000 rise 2 fall 5
       server web2     192.168.56.114:80 weight 5 check inter 2000 rise 2 fall 5
# 服务器定义,check inter 2000指检测心跳频率,rise指3次正解认为服务器可用,fall 5指失败5次认为服务器不可用,也可设置权值weigth 数字

[root@node1 haproxy-1.4.11]# mkdir -p /usr/share/haproxy
启动haproxy
[root@node1 ~]# /usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/etc/haproxy.cfg
[root@node1 ~]# netstat -nutlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name  
tcp        0      0 0.0.0.0:10001               0.0.0.0:*                   LISTEN      1478/haproxy        
udp        0      0 0.0.0.0:54483               0.0.0.0:*                               1478/haproxy
注意:启动的时候有个错误:
[root@node1 ~]# /usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/etc/haproxy.cfg
[ALERT] 212/154624 (1462) : Starting proxy www.testha.com: cannot bind socket
解决办法:

通过netstat -nultp 看看端口是否被占用,如果是,则改端口即可。


3、配置haproxy 日志
[root@node1 ~]# vim /etc/rsyslog.conf
local0.*                                                /var/log/haproxy.log
local1.*                                                /var/log/haproxy.log
[root@node1 ~]# vim /etc/sysconfig/rsyslog
找到 SYSLOGD_OPTIONS="-c 5"
改为 SYSLOGD_OPTIONS="-r -m 0"
[root@node1 ~]# service rsyslog restart      
Shutting down system logger:                               [  OK  ]

Starting system logger:                                            [  OK  ]


4、安装配置web服务器
web服务器的配置(web2同web1,只需要将相应部分改为web2即可)
[root@localhost ~]# hostname web1
[root@web1 ~]# vim /etc/hosts
192.168.56.120  node1
192.168.56.121  node2
192.168.56.113  web1
192.168.56.114  web2
[root@web1 ~]# yum install -y httpd
[root@web1 ~]# service httpd start
[root@web1 ~]# echo "welcome to web1" > /var/www/html/index.html



5、测试haproxy
在确保node1 的防火墙和selinux关闭的情况下,打开浏览器,访问http://haproxy_ip 即可看到



注意:我在测试的时候,发现用谷歌浏览器不能正常的轮询,换火狐或者IE浏览器可以根据你设置的权重(weight)的比重,很好的体现出轮询的效果。
如果是在访问不到页面,也可以在node1上装个curl 做测试:
[root@node1 etc]# yum -y install curl
测试:
[root@node1 etc]# curl -dump http://192.168.56.120
welcome to web1
[root@node1 etc]# curl -dump http://192.168.56.120
welcome to web2
上面的方法同样可以看到web服务器的轮询。
再测试下ha自带的监控页面:  http://haproxy_ip/admin-status  输入在haproxy.cfg中设置的账号密码即可登录


从上面可以清楚的看到两台web服务器以1:1的比重轮训


二、安装配置keepalived(node2配置可参考node1,大体上一样)
1、安装配置keepalived
[root@node1 src]# yum -y install popt popt-devel popt-static openssl-devel kernel-devel libnl libnl-devel
[root@node1 src]# wget http://www.keepalived.org/software/keepalived-1.2.4.tar.gz
[root@node1 src]# tar xf keepalived-1.2.4.tar.gz
[root@node1 src]# cd keepalived-1.2.4
[root@node1 keepalived-1.2.4]# ./configure --prefix=/usr/local/keepalived
[root@node1 keepalived-1.2.4]# make && make install
[root@node1 keepalived-1.2.4]# cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
[root@node1 keepalived-1.2.4]# cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
[root@node1 keepalived-1.2.4]# cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
[root@node1 keepalived-1.2.4]# mkdir -p /etc/keepalived
[root@node1 keepalived-1.2.4]# cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
[root@node1 keepalived-1.2.4]# chmod +x /etc/init.d/keepalived
配置
[root@node1 keepalived-1.2.4]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
  notification_email {
    acassen@firewall.loc
    failover@firewall.loc
    sysadmin@firewall.loc
  }
  notification_email_from pmghong@163.com
  smtp_server 192.168.56.120        # 备机这里改为其IP
  smtp_connect_timeout 30
  router_id LVS_DEVEL
}
vrrp_script chk_http_port {
       script "/etc/keepalived/checkHaproxy.sh"     # 定义检查脚本
       interval 2
       weight 2
}
vrrp_instance VI_1 {
   state MASTER            # 备机此处改为BACKUP
   interface eth0
   virtual_router_id 51        
   priority     120            # 备机此处应小于这个数(数字越大,优先级越高)
   advert_int 1
   authentication {
       auth_type PASS
       auth_pass 1111
   }
   virtual_ipaddress {
       192.168.56.130

   }

   track_script {                  
chk_http_port
   }



}


2、创建检测脚本
[root@node1 keepalived-1.2.4]# vim /etc/keepalived/checkHaproxy.sh
#!/bin/bash
A=`ps -C haproxy --no-header | wc -l`
if [ $A -eq 0 ];then
        /usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/etc/haproxy.cfg
        echo "Haproxy start"
        sleep 3
        if [ `ps -C haproxy --no-header | wc -l` -eq 0 ];then
                /etc/init.d/keepalived stop
                echo "keepalived stop"
        fi
fi


[root@node1 keepalived-1.2.4]# chmod +x /etc/keepalived/checkHaproxy.sh


3、启动服务

[root@node1 ~]# service keepalived start
Starting keepalived:                                       [  OK  ]
[root@node2 ~]# service keepalived start
Starting keepalived:                                       [  OK  ]
确保node1和node2上面的haproxy 都已经运行起来,如果没运行,应执行下/etc/keepalived/checkHaproxy.sh这个脚本,确保这个脚本能正常工作。
在node1和node2 启动完keepalived 服务之后,如果配置没出错,便可以在node1上看到VIP
[root@node1 ~]# ip addr
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
   link/ether 08:00:27:95:99:b7 brd ff:ff:ff:ff:ff:ff
   inet 192.168.56.120/24 brd 192.168.56.255 scope global eth0
   inet 192.168.56.130/32 scope global eth0
   inet6 fe80::a00:27ff:fe95:99b7/64 scope link

      valid_lft forever preferred_lft forever



4、测试
(1)打开浏览器访问http://VIP  测试网站是否能正常轮询



(2)测试keepalived

关闭node1上的keepalived 服务,看node2是否正常接管,web服务器是否能正常访问到


①关闭node1 的keepalived 服务
[root@node1 ~]# service keepalived stop

Stopping keepalived:                                       [  OK  ]


②在node1、node2之外的一台机器ping VIP

[root@web2 ~]# ping 192.168.56.130


③一旦node1的keepalived 关闭,node2 上马上可以看到VIP
[root@node2 keepalived]# ip addr
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
   link/ether 08:00:27:7f:4b:aa brd ff:ff:ff:ff:ff:ff
   inet 192.168.56.121/24 brd 192.168.56.255 scope global eth0
   inet 192.168.56.130/32 scope global eth0
   inet6 fe80::a00:27ff:fe7f:4baa/64 scope link
      valid_lft forever preferred_lft forever
而且中间几乎没有间断:
[root@web2 ~]# ping 192.168.56.130
PING 192.168.56.130 (192.168.56.130) 56(84) bytes of data.
64 bytes from 192.168.56.130: icmp_seq=1 ttl=64 time=2.41 ms
64 bytes from 192.168.56.130: icmp_seq=2 ttl=64 time=0.407 ms
64 bytes from 192.168.56.130: icmp_seq=3 ttl=64 time=0.398 ms
64 bytes from 192.168.56.130: icmp_seq=4 ttl=64 time=0.423 ms
64 bytes from 192.168.56.130: icmp_seq=6 ttl=64 time=0.392 ms
64 bytes from 192.168.56.130: icmp_seq=7 ttl=64 time=0.377 ms
64 bytes from 192.168.56.130: icmp_seq=8 ttl=64 time=0.349 ms
64 bytes from 192.168.56.130: icmp_seq=9 ttl=64 time=0.381 ms