一、前言
Haproxy是稳定、高性能、高可用性的负载均衡解决方案,支持HTTP及TCP代理后端服务器池,因支持强大灵活的7层acl规则,广泛作为HTTP反向代理。本文则详细介绍如何利用它的四层交换与Keepalived实现一个负载均衡器,适用于Socket、ICE、Mail、Mysql、私有通讯等任意TCP服务。系统架构图如下:
二、平台环境
引用
OS:Centos5.4(64X)
MASTER:192.168.0.20
BACKUP:192.168.0.21
VIP:192.168.0.100
Serivce Port:11231
三、平台安装配置
1、添加非本机IP邦定支持
引用
#vi /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind=1
#sysctl –p
2、配置平台日志支持
引用
#vi /etc/syslog.conf
添加:
local3.* /var/log/haproxy.log
local0.* /var/log/haproxy.log
#vi /etc/sysconfig/syslog
修改:
SYSLOGD_OPTIONS="-r -m 0"
#/etc/init.d/syslog restart
3、关闭SELINUX
引用
vi /etc/sysconfig/selinux
修改:
SELINUX=disabled
#setenforce 0
4、配置iptables,添加VRRP通讯支持
引用
iptables -A INPUT -d 224.0.0.18 -j ACCEPT
5、Keepalived的安装、配置
引用
#mkdir -p /home/install/keepalivedha
#cd /home/install/keepalivedha
#wget http://www.keepalived.org/software/keepalived-1.2.2.tar.gz
#tar zxvf keepalived-1.2.2.tar.gz
#cd keepalived-1.2.2
#./configure
#make && make install
引用
#cp /usr/local/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
#cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
#mkdir /etc/keepalived
#cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
#cp /usr/local/sbin/keepalived /usr/sbin/
#vi /etc/keepalived/keepalived.conf
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
2
3 global_defs {
4 notification_email {
5 liutiansi@gmail.com
6 }
7 notification_email_from liutiansi@gmail.com
8 smtp_connect_timeout 3
9 smtp_server 127.0.0.1
10 router_id LVS_DEVEL
11 }
12 vrrp_script chk_haproxy {
13
14 script "killall -0 haproxy"
15
16 interval 2
17 weight 2
18 }
19 vrrp_instance VI_1 {
20 interface eth1
21
22 state MASTER \# 从为"BACKUP"
23
24 priority 101 \# 从为100
25 virtual_router_id 50 \#路由ID,可通过\#tcpdump vrrp查看。
26 garp_master_delay 1 \#主从切换时间,单位为秒。
27
28 authentication {
29 auth_type PASS
30 auth_pass KJj23576hYgu23IP
31 }
32 track_interface {
33 eth0
34 eth1
35 }
36 virtual_ipaddress {
37 192.168.0.100
38 }
39 track_script {
40 chk_haproxy
41 }
42
43 #状态通知
44
45 notify_master "/etc/keepalived/Mailnotify.py master"
46
47
48 notify_backup "/etc/keepalived/Mailnotify.py backup"
49
50 notify_fault "/etc/keepalived/Mailnotify.py fault"
51
52 }
53
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
2
3global_defs{
4
5 notification_email{
6 liutiansi@gmail.com
7 }
8 notification_email_from liutiansi@gmail.com
9 smtp_connect_timeout 3
10 smtp_server 127.0.0.1
11 router_id LVS_DEVEL
12 }
13 vrrp_script chk_haproxy {
14 script "killall -0 haproxy"
15 interval 2
16 weight 2
17 }
18 vrrp_instance VI_1 {
19 interface eth1
20 state MASTER \# 从为"BACKUP"
21 priority 101 \# 从为100
22 virtual_router_id 50 \#路由ID,可通过\#tcpdump vrrp查看。
23 garp_master_delay 1 \#主从切换时间,单位为秒。
24 authentication {
25 auth_type PASS
26 auth_pass KJj23576hYgu23IP
27 }
28 track_interface {
29 eth0
30 eth1
31 }
32 virtual_ipaddress {
33 192.168.0.100
34 }
35 track_script {
36 chk_haproxy
37 }
38 #状态通知
39 notify_master "/etc/keepalived/Mailnotify.py master"
40 notify_backup "/etc/keepalived/Mailnotify.py backup"
41 notify_fault "/etc/keepalived/Mailnotify.py fault"
42 }
43
6、Haproxy的安装与配置
引用
#cd /home/install/keepalivedha
#wget http://haproxy.1wt.eu/download/1.4/src/haproxy-1.4.11.tar.gz
#tar -zxvf haproxy-1.4.11.tar.gz
#cd haproxy-1.4.11
#make install
#mkdir -p /usr/local/haproxy/etc
#mkdir -p /usr/local/haproxy/sbin
#cp examples/haproxy.cfg /usr/local/haproxy/etc
#ln -s /usr/local/sbin/haproxy /usr/local/haproxy/sbin/haproxy
#vi /usr/local/haproxy/etc/haproxy.cfg
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
2# this config needs haproxy-1.1.28 or haproxy-1.2.1
3
4
5global
6
7# log 127.0.0.1 local0
8
9 log 127.0.0.1 local1 notice
10 maxconn 5000
11 uid 99
12 gid 99
13 daemon
14 pidfile /usr/local/haproxy/haproxy.pid
15
16
17defaults
18 log global
19 mode http
20 #option httplog
21 option dontlognull
22 retries 3
23 option redispatch
24 maxconn 2000
25 contimeout 5000 clitimeout 50000 srvtimeout 50000
26 listen ICE01 192.168.0.100:11231
27 mode tcp \#配置TCP模式
28 maxconn 2000
29 balance roundrobin server ice-192.168.0.128 192.168.0.128:11231 check inter 5000 fall 1 rise 2 server ice-192.168.0.129 192.168.0.129:11231 check inter 5000 fall 1 rise 2 server ice-192.168.0.130 192.168.0.130:11231 check inter 5000 fall 1 rise 2 server ice-192.168.0.131 192.168.0.131:11231 check inter 5000 fall 1 rise 2 server ice-192.168.0.132 192.168.0.132:11231 check inter 5000 fall 1 rise 2 server ice-192.168.0.34 192.168.0.34:11231 check inter 5000 fall 1 rise 2 srvtimeout 20000
30 listen stats_auth 192.168.0.20:80
31
32# listen stats_auth 192.168.0.21:80 # backup config
33
34 stats enable
35 stats uri /admin-status #管理地址
36 stats auth admin:123456 #管理帐号:管理密码
37
38 stats admin if TRUE
39
40
7、邮件通知程序(python实现)
#vi /etc/keepalived/Mailnotify.py
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
2#!/usr/local/bin/python
3#coding: utf-8
4
5from email.MIMEMultipart import MIMEMultipart
6from email.MIMEText import MIMEText
7from email.MIMEImage import MIMEImage
8from email.header import Header
9import sys
10import smtplib
11
12#---------------------------------------------------------------
13# Name: Mailnotify.py
14# Purpose: Mail notify to SA
15# Author: Liutiansi
16# Email: liutiansi@gamil.com
17# Created: 2011/03/09
18# Copyright: (c) 2011
19#--------------------------------------------------------------
20strFrom = 'admin@domain.com' strTo = 'liutiansi@gmail.com'
21smtp_server='smtp.domain.com'
22smtp_pass='123456'
23
24if sys.argv[1]!="master" and sys.argv[1]!="backup" and sys.argv[1]!="fault":
25 sys.exit()
26else:
27 notify_type=sys.argv[1]
28
29mail_title='[紧急]负载均衡器邮件通知'
301. mail_body_plain=notify_type+'被激活,请做好应急处理。'
31mail_body_html='<b><font color=red>'+notify_type+'被激活,请做好应急处理。</font></b>'
32msgRoot = MIMEMultipart('related') msgRoot['Subject'] =Header(mail_title,'utf-8')
33msgRoot['From'] = strFrom
34msgRoot['To'] = strTo
35 msgAlternative = MIMEMultipart('alternative')
36 msgRoot.attach(msgAlternative)
37 msgText = MIMEText(mail_body_plain, 'plain', 'utf-8')
38 msgAlternative.attach(msgText)
39
40 msgText = MIMEText(mail_body_html, 'html','utf-8')
41
42msgAlternative.attach(msgText)
43
44smtp = smtplib.SMTP()
45smtp.connect(smtp_server)
46smtp.login(smtp_user,smtp_pass)
47 smtp.sendmail(strFrom, strTo, msgRoot.as_string())
48smtp.quit()
49
注:修改成系统python实际路径“#!/usr/local/bin/python”(第一行)
#chmod +x /etc/keepalived/Mailnotify.py
#/usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/etc/haproxy.cfg
#service keepalived start
8、查看VRRP通讯记录
#tcpdump vrrp
引用
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
15:49:05.270017 IP 192.168.0.20 > VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 50, prio 100, authtype simple, intvl 1s, length 20
四、Haproxy界面
访问http://192.168.0.20/admin-status,输入帐号admin密码123456进入管理监控平台。
haproxy-1.4.11最大的亮点是添加了手工启用/禁用功能,对升级变更应用时非常有用。
五、邮件通知
