redhat 6.4(64位)下HAproxy+Keepalived 负载均衡架构搭建
![redhat 6.4(64位)下HAproxy+Keepalived 负载均衡架构搭建](https://img.360docs.net/img76/03jjsvqo3o6jft72kqod-61.webp)
![redhat 6.4(64位)下HAproxy+Keepalived 负载均衡架构搭建](https://img.360docs.net/img76/03jjsvqo3o6jft72kqod-12.webp)
redhat 6.4(64位)下HAproxy+Keepalived 负载均衡架构搭建(实践版)
一、环境
系统:redhat 6.4 64位
软件:haproxy-1.4.25.tar.gz
keepalived-1.2.12.tar.gz
网络:
MASTER_IP(haproxy)=192.168.101.1
BACKUP_IP(haproxy)=192.168.101.2
VIP(虚拟IP)=192.168.101.4
关闭SELINUX
# vi /etc/sysconfig/config (修改)
SELINUX=disabled
# setenforce 0 (这个为临时生效,上面的为重启后生效)
关闭防火墙
二、haproxy的安装配置(两台Haproxy的安装配置步骤一样)
1、192.168.101.1主机上的安装haproxy
检查系统的内核版本
# uname -a
Linux rac1 2.6.32-358.el6.x86_64 #1 SMP Tue Jan 29 11:47:41 EST 2013 x86_64 x86_64 x86_64 GNU/Linux
#使用uname -r查看内核,如:2.6.18-371.el5,此时该参数就为linux26
如x86_64 x86_64 x86_64 GNU/Linux,此时该参数就为x86_64
# tar zxvf haproxy-1.4.25.tar.gz
# cd haproxy-1.4.25
# make TARGET=linux2628 ARCH=x86_64 PREFIX=/usr/local/haproxy \\编译参数参考README,其中TARGET是指定内核版本,ARCH指定CPU架构,PREFIX=/usr/local/haproxy安装目录。
gcc -m64 -march=x86-64 -g -o haproxy src/haproxy.o src/sessionhash.o src/base64.o src/protocols.o src/uri_auth.o src/standard.o src/buffers.o src/log.o src/task.o src/time.o src/fd.o src/pipe.o src/regex.o src/cfgparse.o src/server.o src/checks.o src/queue.o src/client.o src/proxy.o src/stick_table.o src/proto_uxst.o src/proto_http.o src/stream_sock.o src/appsession.o src/backend.o src/lb_chash.o src/lb_fwlc.o src/lb_fwrr.o src/lb_map.o src/stream_interface.o src/dumpstats.o src/proto_tcp.o src/session.o src/hdr_idx.o src/ev_select.o src/signal.o src/acl.o src/pattern.o src/memory.o src/freq_ctr.o src/auth.o src/ev_poll.o src/ev_epoll.o src/ev_sepoll.o ebtree/ebtree.o ebtree/eb32tree.o ebtree/eb64tree.o ebtree/ebmbtree.o ebtree/ebsttree.o ebtree/ebimtree.o ebtree/ebistree.o -lcrypt
注:README编译参数参考
Also, you might want to build with libpcre support, which will provide a very
efficient regex implementation and will also fix some badness on Solaris' one.
To build haproxy, you have to choose your target OS amongst the following ones
and assign it to the TARGET variable :
- linux22 for Linux 2.2
- linux24 for Linux 2.4 and above (default)
- linux24e for Linux 2.4 with support for a working epoll (> 0.21)
- linux26 for Linux 2.6 and above
- linux2628 for Linux 2.6.28 and above (enables splice and tproxy)
- solaris for Solaris 8 or 10 (others untested)
- freebsd for FreeBSD 5 to 8.0 (others untested)
- osx for Mac OS/X
- openbsd for OpenBSD 3.1 to 5.2 (others untested)
- aix52 for AIX 5.2
- cygwin for Cygwin
- generic for any other OS.
- custom to manually adjust every setting
# make install PREFIX=/usr/local/haproxy
install -d /usr/local/haproxy/sbin
install haproxy /usr/local/haproxy/sbin
install -d /usr/local/haproxy/share/man/man1
install -m 644 doc/haproxy.1 /usr/local/haproxy/share/man/man1
install -d /usr/local/haproxy/doc/haproxy
for x in configuration architecture haproxy-en haproxy-fr; do \
install -m 644 doc/$x.txt /usr/local/haproxy/doc/haproxy ; \ done
安装完毕,在/usr/local/haproxy/目录下会看到三个目录:doc、sbin、share
2、安装完毕后,创建配置文件和启动文件
# cd /usr/local/haproxy
# cp /home/soft/haproxy-1.4.25/examples/haproxy.cfg /usr/local/haproxy/conf/
默认haproxy配置文件内容:
# more /home/soft/haproxy-1.4.25/examples/haproxy.cfg
# this config needs haproxy-1.1.28 or haproxy-1.2.1
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
#log loghost local0 info
maxconn 4096
chroot /usr/share/haproxy
uid 99
gid 99
daemon
#debug
#quiet
defaults
log global
mode http
option httplog
option dontlognull
retries 3
redispatch
maxconn 2000
contimeout 5000
clitimeout 50000
srvtimeout 50000
listen appli1-rewrite 0.0.0.0:10001
cookie SERVERID rewrite
balance roundrobin
server app1_1 192.168.34.23:8080 cookie app1inst1 check inter 2000 rise
2 fall 5
server app1_2 192.168.34.32:8080 cookie app1inst2 check inter 2000 rise 2 fall 5
server app1_3 192.168.34.27:8080 cookie app1inst3 check inter 2000 rise 2 fall 5
server app1_4 192.168.34.42:8080 cookie app1inst4 check inter 2000 rise 2 fall 5
listen appli2-insert 0.0.0.0:10002
option httpchk
balance roundrobin
cookie SERVERID insert indirect nocache
server inst1 192.168.114.56:80 cookie server01 check inter 2000 fall 3
server inst2 192.168.114.56:81 cookie server02 check inter 2000 fall 3
capture cookie vgnvisitor= len 32
option httpclose # disable keep-alive
rspidel ^Set-cookie:\ IP= # do not let this cookie tell our intern
al IP address
listen appli3-relais 0.0.0.0:10003
dispatch 192.168.135.17:80
listen appli4-backup 0.0.0.0:10004
option httpchk /index.html
option persist
balance roundrobin
server inst1 192.168.114.56:80 check inter 2000 fall 3
server inst2 192.168.114.56:81 check inter 2000 fall 3 backup
listen ssl-relay 0.0.0.0:8443
option ssl-hello-chk
balance source
server inst1 192.168.110.56:443 check inter 2000 fall 3
server inst2 192.168.110.57:443 check inter 2000 fall 3
server back1 192.168.120.58:443 backup
listen appli5-backup 0.0.0.0:10005
option httpchk *
balance roundrobin
cookie SERVERID insert indirect nocache
server inst1 192.168.114.56:80 cookie server01 check inter 2000 fall 3
server inst2 192.168.114.56:81 cookie server02 check inter 2000 fall 3
server inst3 192.168.114.57:80 backup check inter 2000 fall 3
capture cookie ASPSESSION len 32
srvtimeout 20000
option httpclose # disable keep-alive
option checkcache # block response if set-cookie & cacheab le
rspidel ^Set-cookie:\ IP= # do not let this cookie tell our intern
al IP address
errorloc 502 http://192.168.114.58/error502.html
errorfile 503 /etc/haproxy/errors/503.http
编辑配置文件(两台Haproxy配置文件相同):
# vim /usr/local/haproxy/conf/haproxy.cfg
defaults
log global
mode http
option httplog
option dontlognull
retries 3
option redispatch
maxconn 2000
contimeout 5000
clitimeout 50000
srvtimeout 50000
listen web 192.168.10.222:80
mode http
option httplog
log global
option httpchk HEAD /test/test.jsp
server ha1 192.168.10.71:8080 check inter 2000 fall 3 weight 20
server ha2 192.168.10.72:8080 check inter 2000 fall 3 weight 10
创建启动文件:
# vim /etc/rc.d/init.d/haproxy
#!/bin/sh
#
# haproxy
#
# chkconfig: 35 85 15
# description: HAProxy is a free, very fast and reliable solution
# offering high availability, load balancing, and
# proxying for TCP and HTTP-based applications
# processname: haproxy
# config: /usr/local/haproxy/conf/haproxy.cfg
# pidfile: /var/run/haproxy.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
config="/usr/local/haproxy/conf/haproxy.cfg"
exec="/usr/local/haproxy/sbin/haproxy"
prog=$(basename $exec)
[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
lockfile=/var/lock/subsys/haproxy
check() {
$exec -c -V -f $config
}
start() {
$exec -c -q -f $config
if [ $? -ne 0 ]; then
echo "Errors in configuration file, check with $prog check."
return 1
fi
echo -n $"Starting $prog: "
# start it up here, usually something like "daemon $exec"
daemon $exec -D -f $config -p /var/run/$prog.pid
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
# stop it here, often "killproc $prog"
killproc $prog
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
$exec -c -q -f $config
if [ $? -ne 0 ]; then
echo "Errors in configuration file, check with $prog check."
return 1
fi
stop
start
}
reload() {
$exec -c -q -f $config
if [ $? -ne 0 ]; then
echo "Errors in configuration file, check with $prog check."
return 1
fi
echo -n $"Reloading $prog: "
$exec -D -f $config -p /var/run/$prog.pid -sf $(cat /var/run/$prog.pid) retval=$?
echo
return $retval
}
force_reload() {
restart
}
fdr_status() {
status $prog
}
case "$1" in
start|stop|restart|reload)
$1
;;
force-reload)
force_reload
;;
checkconfig)
check
;;
status)
fdr_status
;;
condrestart|try-restart)
[ ! -f $lockfile ] || restart
;;
*)
echo $"Usage: $0 {start|stop|status|checkconfig|restart|try-restart|relo
ad|force-reload}"
exit 2
esac
# chmod +x /etc/rc.d/init.d/haproxy
3、启动测试haproxy
# service haproxy start
4、haproxy日志配置
默认情况下,HAProxy为了节省读写IO所消耗的性能,默认情况下没有日志输出,以下是我配置log的过程:
RHEL6.4 默认使用的是rsyslog管理log
rsyslog 默认情况下,需要在514端口监听UDP,所以可以把/etc/rsyslog.conf如下的注释去掉
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
新增以下条目:\\ 和haproxy.conf中的要一致
local0.* /var/log/haproxy.log
local1.* /var/log/haproxy.log
# vim /etc/sysconfig/rsyslog
#SYSLOGD_OPTIONS="-c 4"
SYSLOGD_OPTIONS="-c 5"
重启rsyslog服务
# /etc/init.d/rsyslog restart
重启haproxy
# service haproxy stop
# service haproxy start
查看haproxy.log
# tail -f /var/log/haproxy.log
Jun 19 11:18:52 localhost haproxy[9805]: Proxy web started.
三、keepalived安装配置
1、在主服务器上安装keepalived
注:安装keepalived需要gcc gcc-c++ glib* openssl-devel popt-devel libnl-devel make 依赖包。如果系统是64位的,那么可能需要32位、64位的都要安装。
# tar zxvf keepalived-1.2.12.tar.gz
# cd keepalived-1.2.12
# ./configure --prefix=/usr/local/keepalived
configure: creating ./config.status
config.status: creating Makefile
config.status: creating genhash/Makefile
config.status: creating keepalived/core/Makefile
config.status: creating lib/config.h
config.status: creating keepalived.spec
config.status: creating keepalived/Makefile
config.status: creating lib/Makefile
config.status: creating keepalived/vrrp/Makefile
config.status: creating keepalived/check/Makefile
config.status: creating keepalived/libipvs-2.6/Makefile
Keepalived configuration
------------------------
Keepalived version : 1.2.12
Compiler : gcc
Compiler flags : -g -O2 -DFALLBACK_LIBNL1
Extra Lib : -lssl -lcrypto -lcrypt -lnl
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
IPVS use libnl : Yes
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
SNMP support : No
SHA1 support : No
Use Debug flags : No
注:必须看到以下提示,说明配置正确,才能继续安装
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
Use VRRP Framework : Yes
# make
make[2]: Leaving directory `/home/soft/keepalived-1.2.12/keepalived/libipvs-2.6' Building ../bin/keepalived
strip ../bin/keepalived
Make complete
make[1]: Leaving directory `/home/soft/keepalived-1.2.12/keepalived'
make -C genhash
make[1]: Entering directory `/home/soft/keepalived-1.2.12/genhash'
gcc -g -O2 -DFALLBACK_LIBNL1 -I/usr/src/linux/include -I/usr/src/linux/include -I../lib -Wall -Wunused -Wstrict-prototypes -c -o main.o main.c
gcc -g -O2 -DFALLBACK_LIBNL1 -I/usr/src/linux/include -I/usr/src/linux/include -I../lib -Wall -Wunused -Wstrict-prototypes -c -o sock.o sock.c
gcc -g -O2 -DFALLBACK_LIBNL1 -I/usr/src/linux/include -I/usr/src/linux/include -I../lib -Wall -Wunused -Wstrict-prototypes -c -o layer4.o layer4.c
gcc -g -O2 -DFALLBACK_LIBNL1 -I/usr/src/linux/include -I/usr/src/linux/include -I../lib -Wall -Wunused -Wstrict-prototypes -c -o http.o http.c
gcc -g -O2 -DFALLBACK_LIBNL1 -I/usr/src/linux/include -I/usr/src/linux/include -I../lib -Wall -Wunused -Wstrict-prototypes -c -o ssl.o ssl.c
Building ../bin/genhash
strip ../bin/genhash
Make complete
make[1]: Leaving directory `/home/soft/keepalived-1.2.12/genhash'
Make complete
# make install
make -C keepalived install
make[1]: Entering directory `/home/soft/keepalived-1.2.12/keepalived'
install -d /usr/local/keepalived/sbin
install -m 700 ../bin/keepalived /usr/local/keepalived/sbin/
install -d /usr/local/keepalived/etc/rc.d/init.d
install -m 755 etc/init.d/keepalived.init /usr/local/keepalived/etc/rc.d/init.d/keepalived
install -d /usr/local/keepalived/etc/sysconfig
install -m 755 etc/init.d/keepalived.sysconfig /usr/local/keepalived/etc/sysconfig/keepalived install -d /usr/local/keepalived/etc/keepalived/samples
install -m 644 etc/keepalived/keepalived.conf /usr/local/keepalived/etc/keepalived/
install -m 644 ../doc/samples/* /usr/local/keepalived/etc/keepalived/samples/
install -d /usr/local/keepalived/share/man/man5
install -d /usr/local/keepalived/share/man/man8
install -m 644 ../doc/man/man5/keepalived.conf.5 /usr/local/keepalived/share/man/man5 install -m 644 ../doc/man/man8/keepalived.8 /usr/local/keepalived/share/man/man8
make[1]: Leaving directory `/home/soft/keepalived-1.2.12/keepalived'
make -C genhash install
make[1]: Entering directory `/home/soft/keepalived-1.2.12/genhash'
install -d /usr/local/keepalived/bin
install -m 755 ../bin/genhash /usr/local/keepalived/bin/
install -d /usr/local/keepalived/share/man/man1
install -m 644 ../doc/man/man1/genhash.1 /usr/local/keepalived/share/man/man1
make[1]: Leaving directory `/home/soft/keepalived-1.2.12/genhash'
# cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
# cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/ \\ keepalived 启动脚本
# cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/ \\ keepalived启动脚本默认keepalived命令目录
# mkdir /etc/keepalived
# cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/ \\ keepalived配置文件目录
(或者修改keepalived执行命令的目录和keepalived配置文件的目录,
修改/etc/rc.d/init.d/keepalived, 寻找大约15行左右的. /etc/sysconfig/keepalived, 修改为:. /usr/local/keepalived/etc/sysconfig/keepalived, 即指向正确的文件位置\\这个修改根据你的实际目录修改
修改/usr/local/keepalived/etc/sysconfig/keepalived文件,设置正确的服务启动参数\\这项根据你的实际目录修改
KEEPALIVED_OPTIONS="-D -f /usr/local/keepalived/etc/keepalived/keepalived.conf")
主机keepalived配置文件:
# vim /usr/local/keepalived/etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id LVA_DEVEL
}
vrrp_script chk_haproxy {
script "/usr/local/haproxy/sbin/check_haproxy.sh"
interval 2
weight 2
}
vrrp_instance VI_1 {
state MASTER
interface bond0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_haproxy
}
virtual_ipaddress {
192.168.10.3
}
}
备机keepalived配置文件:
! Configuration File for keepalived
global_defs {
router_id LVA_DEVEL
}
vrrp_script chk_haproxy {
script "/usr/local/haproxy/sbin/check_haproxy.sh"
interval 2
weight 2
}
vrrp_instance VI_1 {
state BACKUP
interface bond0
virtual_router_id 51
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_haproxy
}
virtual_ipaddress {
192.168.10.3
}
}