haproxy
haproxy简介
HAProxy是一个使用C语言编写的自由及开放源代码软件,其提供高可用性、负载均衡,以及基于TCP和tHTTP的应用程序代理。
HAProxy特别适用于那些负载特大的web站点,这些站点通常又需要会话保持或七层处理。HAProxy运行在当前的硬件上,完全可以支持数以万计的并发连接。并且它的运行模式使得它可以很简单安全的整合进您当前的架构中, 同时可以保护你的web服务器不被暴露到网络上。
HAProxy实现了一种事件驱动, 单一进程模型,此模型支持非常大的并发连接数。多进程或多线程模型受内存限制 、系统调度器限制以及无处不在的锁限制,很少能处理数千并发连接。事件驱动模型因为在有更好的资源和时间管理的用户空间(User-Space) 实现所有这些任务,所以没有这些问题。此模型的弊端是,在多核系统上,这些程序通常扩展性较差。这就是为什么他们必须进行优化以 使每个CPU时间片(Cycle)做更多的工作。
包括 GitHub、Bitbucket、Stack OverFlow、Reddit、Tumblr、Twitter和Tuenti在内的知名网站,及亚马逊网络服务系统都使用了HAProxy。
基本概念
一种高效、可靠、免费的高可用及负载均衡软件,非常适合于高负载站点的七层数据请求。客户端通过Haproxy代理服务器获得站点页面,而代理服务器收到客户请求后根据负载均衡的规则将请求数据转发给后端真实服务器
实现了一种事件驱动、单一进程模型,能支持非常大的并发连接数
同一客户端访问服务器,Haproxy保持回话的三种方案:
- Haproxy将客户端ip进行Hash计算并保存,由此确保相同IP访问时被转发到同一真实服务器上。
- Haproxy依靠真实服务器发送给客户端的cookie信息进行回话保持。
- Haproxy保存真实服务器的session及服务器标识,实现会话保持功能。
负载均衡
二层负载均衡(mac)
用于虚拟mac地址方式,外部对虚拟mac地址请求,负载均衡接收后分配给后端实际的mac地址响应。
三层负载均衡(ip)
一般用于虚拟ip地址的方式,外部对虚拟ip地址请求,负载均衡接收后分配给后端实际的ip地址响应。
四层负载均衡(tcp)
在三层负载均衡的基础上,用ip+port接收请求,在转发到对应的机器上。
产品大概有:F5,lvs,nginx,haproxy…
七层负载均衡(http)
根据虚拟的url或者ip,主机名接收请求,在转发到相应的处理服务器上。
产品大概有:haproxy,nginx,apache,mysql proxy…
haproxy安装
//安装编译环境
[root@localhost ~]# yum -y install make gcc pcre-devel bzip2-devel openssl-devel systemd-devel
.......................
//创建haproxy用户
[root@localhost ~]# useradd -rMs /sbin/nologin haproxy
//解压和安装
[root@localhost ~]# ls
anaconda-ks.cfg haproxy-2.1.3.tar.gz
[root@localhost ~]# tar xf haproxy-2.1.3.tar.gz
[root@localhost ~]# ls
anaconda-ks.cfg haproxy-2.1.3 haproxy-2.1.3.tar.gz
[root@localhost ~]# cd haproxy-2.1.3
[root@localhost haproxy-2.1.3]# make clean
[root@localhost haproxy-2.1.3]# make -j $(grep 'processor' /proc/cpuinfo | wc -l) \
> TARGET=linux-glibc \
> USE_OPENSSL=1 \
> USE_ZLIB=1 \
> USE_PCRE=1 \
> USE_SYSTEMD=1
..................
[root@localhost haproxy-2.1.3]# make install PREFIX=/usr/local/haproxy
[root@localhost haproxy-2.1.3]# cp haproxy /usr/sbin/
//设置Linux内核参数
[root@localhost haproxy-2.1.3]# vim /etc/sysctl.conf
[root@localhost haproxy-2.1.3]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
//配置haproxy服务
[root@localhost haproxy-2.1.3]# mkdir /etc/haproxy
[root@localhost haproxy-2.1.3]# vim /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local0 info
#log loghost local0 info
maxconn 20480
#chroot /usr/local/haproxy
pidfile /var/run/haproxy.pid
#maxconn 4000
user haproxy
group haproxy
daemon
#---------------------------------------------------------------------
#common defaults that all the 'listen' and 'backend' sections will
#use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option dontlognull
option httpclose
option httplog
#option forwardfor
option redispatch
balance roundrobin
timeout connect 10s
timeout client 10s
timeout server 10s
timeout check 10s
maxconn 60000
retries 3
#--------------统计页面配置------------------
listen admin_stats
bind 0.0.0.0:8189
stats enable
mode http
log global
stats uri /haproxy_stats
stats realm Haproxy\ Statistics
stats auth admin:admin
#stats hide-version
stats admin if TRUE
stats refresh 30s
#---------------web设置-----------------------
listen webcluster
bind 0.0.0.0:80
mode http
#option httpchk GET /index.html
log global
maxconn 3000
balance roundrobin
cookie SESSION_COOKIE insert indirect nocache
server web01 172.16.103.130:80 check inter 2000 fall 5
#server web01 192.168.80.102:80 cookie web01 check inter 2000 fall 5
//启动haproxy,配置haproxy.service服务单元文件
[root@localhost ~]# vim /usr/lib/systemd/system/haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target
[Service]
ExecStartPre=/usr/local/haproxy/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
ExecStart=/usr/local/haproxy/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
[Install]
WantedBy=multi-user.target
[root@localhost ~]# systemctl daemon-reload
//配置日志信息
[root@localhost ~]# vim /etc/rsyslog.conf
local0.info /var/log/haproxy.log
[root@localhost ~]# systemctl restart haproxy.service
[root@localhost ~]# systemctl enable haproxy.service
Created symlink /etc/systemd/system/multi-user.target.wants/haproxy.service → /usr/lib/systemd/system/haproxy.service.
[root@localhost ~]# systemctl restart rsyslog
[root@localhost ~]# systemctl enable rsyslog
Haproxy搭建http负载均衡
//环境
主机名称 | IP地址 | 需要安装的应用 | 系统版本 |
---|---|---|---|
client | 192.168.205.154 | 无 | centOS8 |
lijiang | 192.168.205.144 | haproxy | centOS8 |
RS1 | 192.168.205.152 | httpd | centOS8 |
RS2 | 192.168.205.155 | httpd | centOS8 |
//lijiang、RS1、RS2都关闭防火墙和selinux
[root@lijiang ~]# systemctl stop firewalld
[root@lijiang ~]# systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@lijiang ~]# setenforce 0
[root@lijiang ~]# vim /etc/selinux/config
SELINUX=disabled
[root@RS1 ~]# systemctl stop firewalld
[root@RS1 ~]# systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@RS1 ~]# setenforce 0
[root@RS1 ~]# vim /etc/selinux/config
SELINUX=disabled
[root@RS2 ~]# systemctl stop firewalld
[root@RS2 ~]# systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@RS2 ~]# setenforce 0
[root@RS2 ~]# vim /etc/selinux/config
SELINUX=disabled
//RS1和RS2部署httpd
[root@RS1 ~]# yum -y install httpd
[root@RS1 ~]# echo RS1 > /var/www/html/index.html
[root@RS1 ~]# systemctl restart httpd
[root@RS1 ~]# systemctl enable httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
[root@RS2 ~]# yum -y install httpd
[root@RS2 ~]# echo RS2 > /var/www/html/index.html
[root@RS2 ~]# systemctl restart httpd
[root@RS2 ~]# systemctl enable httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
//修改lijiang的内核参数
[root@lijiang ~]# vim /etc/sysctl.conf
[root@lijiang ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
//修改haproxy配置文件
[root@lijiang ~]# vim /etc/haproxy/haproxy.cfg
global
daemon
maxconn 256
defaults
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
frontend http-in
bind *:80
default_backend servers
backend servers
server web01 192.168.205.152:80
server web02 192.168.205.155:80
[root@lijiang ~]# systemctl restart haproxy
//客户端验证
[root@client ~]# curl http://192.168.205.144
RS1
[root@client ~]# curl http://192.168.205.144
RS2
[root@client ~]# curl http://192.168.205.144
RS1
[root@client ~]# curl http://192.168.205.144
RS2
//使用WEB网页访问测试
[root@lijiang ~]# vim /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local0 info
#log loghost local0 info
maxconn 20480
#chroot /usr/local/haproxy
pidfile /var/run/haproxy.pid
#maxconn 4000
user haproxy
group haproxy
daemon
#---------------------------------------------------------------------
#common defaults that all the 'listen' and 'backend' sections will
#use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option dontlognull
option httpclose
option httplog
#option forwardfor
option redispatch
balance roundrobin
timeout connect 10s
timeout client 10s
timeout server 10s
timeout check 10s
maxconn 60000
retries 3
#--------------统计页面配置------------------
listen admin_stats
bind 0.0.0.0:8189
stats enable
mode http
log global
stats uri /haproxy_stats //访问网页后缀URL
stats realm Haproxy\ Statistics
stats auth admin:admin //用户名和密码
#stats hide-version
stats admin if TRUE
stats refresh 30s
#---------------web设置-----------------------
listen webcluster
bind 0.0.0.0:80
mode http
#option httpchk GET /index.html
log global
maxconn 3000
balance roundrobin
cookie SESSION_COOKIE insert indirect nocache
server web01 192.168.205.152:80 check inter 2000 fall 5
server web02 192.168.205.155:80 check inter 2000 fall 5
//重启服务
[root@lijiang ~]# systemctl restart haproxy.service
[root@lijiang ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:8189 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
网页访问测试
用户名和密码都为admin