基于Keepalived+Haproxy搭建四层负载均衡器
一、前言
Haproxy是稳定、高性能、高可用性的负载均衡解决方案,支持HTTP及TCP代理后端服务器池,因支持强大灵活的7层acl规则,广泛作为HTTP反向代理。本文则详细介绍如何利用它的四层交换与Keepalived实现一个负载均衡器,适用于Socket、ICE、Mail、Mysql、私有通讯等任意TCP服务。系统架构图如下:
=======================================================================================
App Server1 App Server1 App Server1 App Server1
|__________________________________________________________|
|
LB1-Master<-------VRRP------>LB2-Backup Haproxy rr
| Health Check
| Mail Notify
| Failover
|——————————————————————————————————————————————————————|
| | TCP MODE
Socket App1 Socket App1 Socket App1 Socket App1
==========================================================================================
二、平台环境
OS:Centos5.5
MASTER:172.16.34.235
BACKUP:172.16.34.236
VIP:172.16.34.225
Serivce Port:11231
三、平台安装配置
1、添加非本机IP邦定支持
#vi /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind=1
#sysctl –p
2、配置平台日志支持
#vi /etc/syslog.conf
添加:
local3.* /var/log/haproxy.log
local0.* /var/log/haproxy.log
#vi /etc/sysconfig/syslog
修改:
SYSLOGD_OPTIONS="-r -m 0"
#/etc/init.d/syslog restart
3、关闭SELINUX
vi /etc/sysconfig/selinux
修改:
SELINUX=disabled
#setenforce 0
====================================================
#!/bin/sh
echo "# Add by hanxiaoqi" >>/etc/sysctl.conf
echo "net.ipv4.ip_nonlocal_bind=1" >>/etc/sysctl.conf
/sbin/sysctl -p
echo "# Set log path by hanxiaoqi" >>/etc/syslog.conf
echo "local3.* /var/log/haproxy.log" >>/etc/syslog.conf
echo "local0.* /var/log/haproxy.log" >>/etc/syslog.conf
sed -i 's#SYSLOGD_OPTIONS="-m 0"#SYSLOGD_OPTIONS="-r -m 0"#g' /etc/sysconfig/syslog
/etc/init.d/syslog restart
======================================================
4、配置iptables,添加VRRP通讯支持
iptables -A INPUT -d 224.0.0.18 -j ACCEPT
5、Keepalived的安装、配置
cd keepalived-1.1.19
./configure --prefix=/usr/local/keepalived
make && make install
cp /usr/local/keepalived/sbin/keepalived /usr/sbin
cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
#vi /etc/keepalived/keepalived.conf
---------------------------------------------
! Configuration File for keepalived
global_defs {
notification_email {
hanxiaoqi@xqhan.com
}
notification_email_from hanxiaoqi@xqhan.com
smtp_server 127.0.0.1
smtp_connect_timeout 3
router_id LVS_DEVEL
}
vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 2
weight 2
}
vrrp_instance VI_1 {
state MASTER #从为BACKUP
interface eth0
virtual_router_id 51 #路由ID,可通过#tcpdump vrrp查看
priority 100 #从为80
advert_int 1 #VRRP Multicast广播周期秒数
garp_master_delay 1 #主从切换时间,单位为秒
authentication {
auth_type PASS
auth_pass pwadmin
}
track_interface {
eth0
eth1
virtual_ipaddress {
172.16.34.225
}
track_script {
chk_haproxy
}
notify_master "/etc/keepalived/Mailnotify.py master"
notify_backup "/etc/keepalived/Mailnotify.py backup"
notify_fault "/etc/keepalived/Mailnotify.py fault"
}
---------------------------------------------
6、Haproxy的安装与配置
#cd /data/lvs
#wget http://haproxy.1wt.eu/download/1.4/src/haproxy-1.4.11.tar.gz
#tar -zxvf haproxy-1.4.11.tar.gz
#cd haproxy-1.4.11
#make install
#mkdir -p /usr/local/haproxy/etc
#mkdir -p /usr/local/haproxy/sbin
#cp examples/haproxy.cfg /usr/local/haproxy/etc
#ln -s /usr/local/sbin/haproxy /usr/local/haproxy/sbin/haproxy
#vi /usr/local/haproxy/etc/haproxy.cfg
--------------------------------------------------
# this config needs haproxy-1.1.28 or haproxy-1.2.1
global
#log 127.0.0.1 local0
log 127.0.0.1 local1 notice
#log loghost local0 info
maxconn 4096
#chroot /usr/share/haproxy
uid 99
gid 99
daemon
#debug
#quiet
pidfile /usr/local/haproxy/haproxy.pid
defaults
log global
mode http
#option httplog
option dontlognull
retries 3
redispatch
maxconn 2000
contimeout 5000
clitimeout 50000
srvtimeout 50000
listen web 172.16.34.225:80
mode tcp
maxconn 2000
#cookie SERVERID rewrite
balance roundrobin
server web_1 172.16.34.237:80 cookie check inter 5000 rise 2 fall 5
server web_2 172.16.34.238:80 cookie check inter 5000 rise 2 fall 5
srvtimeout 20000
listen stats_auth 172.16.34.238:80
stats enable
stats uri /admin-status #管理地址
stats auth admin:pwadmin #管理帐号:管理密码
# listen stats_auth 172.16.34.237:80 # backup config
stats admin if TRUE
----------------------------------------------------------
7、邮件通知程序(python实现)
#vi /etc/keepalived/Mailnotify.py
#!/usr/local/bin/python
#coding: utf-8
from email.MIMEMultipart import MIMEMultipart
from email.MIMEText import MIMEText
from email.MIMEImage import MIMEImage
from email.header import Header
import sys
import smtplib
#---------------------------------------------------------------
# Name: Mailnotify.py
# Purpose: Mail notify to SA
# Author: hanxiaoqi
# Email: hanxiaoqi@xqhan.com
# Created: 2012/11/28
# Copyright: (c) 2012
#--------------------------------------------------------------
strFrom = 'hanxiaoqi@xqhan.com'
strTo = 'hanxiaoqi@xqhan.com'
smtp_server='smtp.xqhan.com'
smtp_user='hanxiaoqi@xqhan.com'
smtp_pass='123456'
if sys.argv[1]!="master" and sys.argv[1]!="backup" and sys.argv[1]!="fault":
sys.exit()
else:
notify_type=sys.argv[1]
mail_title='[紧急]负载均衡器邮件通知'
mail_body_plain=notify_type+'被激活,请做好应急处理。'
mail_body_html='<b><font color=red>'+notify_type+'被激活,请做好应急处理。</font></b>'
msgRoot = MIMEMultipart('related')
msgRoot['Subject'] =Header(mail_title,'utf-8')
msgRoot['From'] = strFrom
msgRoot['To'] = strTo
msgAlternative = MIMEMultipart('alternative')
msgRoot.attach(msgAlternative)
msgText = MIMEText(mail_body_plain, 'plain', 'utf-8')
msgAlternative.attach(msgText)
msgText = MIMEText(mail_body_html, 'html','utf-8')
msgAlternative.attach(msgText)
smtp = smtplib.SMTP()
smtp.connect(smtp_server)
smtp.login(smtp_user,smtp_pass)
smtp.sendmail(strFrom, strTo, msgRoot.as_string())
smtp.quit()
--------------------------------------------------
注:修改成系统python实际路径“#!/usr/local/bin/python”(第一行)
#chmod +x /etc/keepalived/Mailnotify.py
#/usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/etc/haproxy.cfg
#service keepalived start
8、查看VRRP通讯记录
#tcpdump vrrp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
15:49:05.270017 IP 192.168.0.20 > VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 50, prio 100, authtype simple, intvl 1s, length 20
四、Haproxy界面
访问http://172.16.34.235/admin-status,输入帐号admin密码pwadmin进入管理监控平台。
haproxy-1.4.9以后版本最大的亮点是添加了手工启用/禁用功能,对升级变更应用时非常有用。
转载于:https://blog.51cto.com/hanxiaoqi/1096820