?

一、haproxy

haproxy 是一款提供高可用性、負(fù)載均衡以及基于TCP（第四層）和HTTP（第七層）應(yīng)用的代理軟件，支持虛擬主機(jī)，它是免費(fèi)、快速并且可靠的一種解決方案。 HAProxy特別適用于那些負(fù)載特大的web站點(diǎn)，這些站點(diǎn)通常又需要會(huì)話保持或七層處理。HAProxy運(yùn)行在時(shí)下的硬件上，完全可以支持?jǐn)?shù)以萬(wàn)計(jì)的 并發(fā)連接。并且它的運(yùn)行模式使得它可以很簡(jiǎn)單安全的整合進(jìn)您當(dāng)前的架構(gòu)中， 同時(shí)可以保護(hù)你的web服務(wù)器不被暴露到網(wǎng)絡(luò)上。

實(shí)驗(yàn)環(huán)境：
虛擬機(jī)配置可以參考上篇文章

server1	172.25.1.1	作為haproxy服務(wù)器及集群管理服務(wù)器
server2	172.25.1.2	負(fù)載均衡（后端服務(wù)器）
server3	172.25.1.3	負(fù)載均衡（后端服務(wù)器）
server4	172.25.1.4	集群管理服務(wù)器

?

二、安裝配置haproxy

[root@server1 ~]# yum install haproxy -y

配置vim /etc/haproxy/haproxy.cfg

#--------------------------------------------------------------------- # Example configuration for a possible web application. See the # full configuration options online. # # http://haproxy.1wt.eu/download/1.4/doc/configuration.txt # #---------------------------------------------------------------------#--------------------------------------------------------------------- # Global settings #--------------------------------------------------------------------- global# to have these messages end up in /var/log/haproxy.log you will# need to:## 1) configure syslog to accept network log events. This is done# by adding the '-r' option to the SYSLOGD_OPTIONS in# /etc/sysconfig/syslog## 2) configure local2 events to go to the /var/log/haproxy.log# file. A line like the following can be added to# /etc/sysconfig/syslog## local2.* /var/log/haproxy.log#log 127.0.0.1 local2chroot /var/lib/haproxypidfile /var/run/haproxy.pidmaxconn 4000user haproxygroup haproxydaemon# turn on stats unix socketstats socket /var/lib/haproxy/stats #--------------------------------------------------------------------- # common defaults that all the 'listen' and 'backend' sections will # use if not designated in their block #--------------------------------------------------------------------- defaultsmode httplog globaloption httplogoption dontlognulloption http-server-closeoption forwardfor except 127.0.0.0/8option redispatchretries 3timeout http-request 10stimeout queue 1mtimeout connect 10stimeout client 1mtimeout server 1mtimeout http-keep-alive 10stimeout check 10smaxconn 3000stats uri /status#--------------------------------------------------------------------- # main frontend which proxys to the backends #--------------------------------------------------------------------- frontend main *:80 # acl url_static path_beg -i /static /images /javascript /stylesheets # acl url_static path_end -i .jpg .gif .png .css .js # # use_backend static if url_staticdefault_backend app#--------------------------------------------------------------------- # static backend for serving up images, stylesheets and such #--------------------------------------------------------------------- #backend static # balance roundrobin # server static 127.0.0.1:4331 check#--------------------------------------------------------------------- # round robin balancing between the various backends #--------------------------------------------------------------------- backend appbalance roundrobinserver app1 172.25.1.2:80 checkserver app2 172.25.1.3:80 check

對(duì)配置文件修改如下：?

?

配置完成之后開啟服務(wù)并查看服務(wù)狀態(tài) [root@server1 ~]# systemctl start haproxy.service [root@server1 ~]# netstat -antlp

?測(cè)試：

可以通過(guò)網(wǎng)頁(yè)進(jìn)行查看后端服務(wù)器的狀態(tài)?

?

?roundrobin算法（根據(jù)服務(wù)器權(quán)重輪詢的算法，可以自定義權(quán)重，它支持慢啟動(dòng)，并能在運(yùn)行時(shí)修改權(quán)重，所以是一種動(dòng)態(tài)算法。最多支持4095臺(tái)后端主機(jī)。）

?

source 調(diào)度算法（對(duì)請(qǐng)求的源IP地址進(jìn)行hash處理，根據(jù)hash運(yùn)算處理結(jié)果調(diào)度至后端服務(wù)器。可使固定IP的請(qǐng)求始終調(diào)度至統(tǒng)一服務(wù)器。）?

當(dāng)關(guān)閉某一個(gè)服務(wù)器的http服務(wù)時(shí)如下：說(shuō)明其具有對(duì)后端服務(wù)器健康檢查的功能?

status的加密訪問(wèn)

?三、HAProxy的日志管理

[root@server1 ~]# vim /etc/security/limits.conf haproxy - nofile 4096 [root@server1 ~]# vim /etc/sysconfig/rsyslog # Options for rsyslogd # Syslogd options are deprecated since rsyslog v3. # If you want to use them, switch to compatibility mode 2 by "-c 2" # See rsyslogd(8) for more details SYSLOGD_OPTIONS="-r" [root@server1 ~]# vim /etc/rsyslog.conf [root@server1 ~]# systemctl restart rsyslog.service

?

測(cè)試：?

四、haproxy 的動(dòng)態(tài)和靜態(tài)分離

?

[root@server3 html]# mkdir images

測(cè)試：?

設(shè)置訪問(wèn)黑名單：

當(dāng)訪問(wèn)失敗時(shí)，給他定向到其他頁(yè)面，例如：?

?另外一種方式（重定向）

五、HAProxy的讀寫分離

?server2和server3同樣操作

[root@server2 html]# yum install php -y [root@server3 html]# yum install php -y [root@server3 html]# vim index.php <html> <body><form action="upload_file.php" method="post" enctype="multipart/form-data"> <label for="file">Filename:</label> <input type="file" name="file" id="file" /> <br /> <input type="submit" name="submit" value="Submit" /> </form></body> </html> [root@server3 html]# vim upload_file.php [root@server3 html]# mkdir upload [root@server3 html]# chmod 777 upload <?php if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/pjpeg")) && ($_FILES["file"]["size"] < 2000000)){if ($_FILES["file"]["error"] > 0){echo "Return Code: " . $_FILES["file"]["error"] . "<br />";}else{echo "Upload: " . $_FILES["file"]["name"] . "<br />";echo "Type: " . $_FILES["file"]["type"] . "<br />";echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";if (file_exists("upload/" . $_FILES["file"]["name"])){echo $_FILES["file"]["name"] . " already exists. ";}else{move_uploaded_file($_FILES["file"]["tmp_name"],"upload/" . $_FILES["file"]["name"]);echo "Stored in: " . "upload/" . $_FILES["file"]["name"];}}} else{echo "Invalid file";} ?>

注意：需要重啟httpd?

測(cè)試：?

六、corosync+pacemaker部署

corosync是集群框架引擎程序，pacemaker是高可用集群資源管理器

下載及配置

[root@server4 ~]# yum install haproxy.x86_64 [root@server4 ~]# ssh-keygen [root@server4 ~]# ssh-copy-id server1 [root@server4 ~]# yum install -y pacemaker pcs psmisc policycoreutils-python [root@server4 ~]# ssh server1 yum install -y pacemaker pcs psmisc policycoreutils-python [root@server4 yum.repos.d]# systemctl enable --now pcsd.service [root@server4 yum.repos.d]# ssh server1 systemctl enable --now pcsd.service [root@server1 haproxy]# scp /etc/haproxy/haproxy.cfg server4:/etc/haproxy/ [root@server4 ~]# passwd hacluster [root@server4 ~]# ssh server1 passwd hacluster ## 給用戶密碼##

[root@server4 ~]# pcs cluster auth server1 server4

[root@server4 ~]# pcs cluster setup --name mycluster server ##在同一個(gè)節(jié)點(diǎn)上使用pcs集群設(shè)置來(lái)生成和同步crosync配置##

[root@server4 ~]# pcs cluster start --all ##啟動(dòng)集群## [root@server4 ~]# pcs cluster enable --all ##開機(jī)自啟動(dòng)##

?

[root@server4 ~]# pcs status ##查看集群狀態(tài)##

[root@server4 ~]# crm_verify -LV ##查看集群狀態(tài)報(bào)錯(cuò)##

[root@server4 ~]# pcs property set stonith-enabled=false ##解決剛才集群狀態(tài)報(bào)錯(cuò)問(wèn)題##

Add a Resource

[root@server4 ~]# pcs resource --help [root@server4 ~]# pcs resource create ClusterIP ocf:heartbeat:IPaddr2 ip=172.25.1.100 op monitor interval=30s

[root@server4 ~]# pcs cluster stop server1 ##當(dāng)停止server1時(shí)查看集群狀態(tài)##

[root@server4 ~]# pcs resource agents systemd | grep haproxy ##查看資源管理器中有沒(méi)有haproxy程序管理##

[root@server4 ~]# pcs resource create haproxy systemd:haproxy op monitor interval=60s ##將haproxy與集群建立連接##

[root@server4 ~]# pcs resource group add hagroup ClusterIP haproxy ##建立資源管理組，約束資源，控制資源啟動(dòng)順序，使其運(yùn)行在統(tǒng)一服務(wù)器上##

如果ClusterIP或者h(yuǎn)aproxy服務(wù)停掉，集群就會(huì)自動(dòng)重啟服務(wù)或者添加ClusterIP [root@server4 ~]# systemctl stop haproxy.service

測(cè)試：

如果將正在使用的服務(wù)器的網(wǎng)卡down掉，他會(huì)自動(dòng)跳到集群另外一臺(tái)服務(wù)器上 [root@server4 ~]# ip link set down eth0

測(cè)試：

[root@server4 ~]# yum install -y fence-virt.x86_64 [root@server4 ~]# ssh server1 yum install -y fence-virt.x86_64 ## [root@server1 ~]# echo c > /proc/sysrq-trigger ##使內(nèi)核崩潰##

測(cè)試：

[root@Sun_s ~]# dnf install fence-virtd-libvirt.x86_64 fence-virtd-multicast.x86_64 fence-virtd.x86_64 -y ##在真機(jī)下載## [root@Sun_s ~]# fence_virtd -c Module search path [/usr/lib64/fence-virt]: Available backends:libvirt 0.3 Available listeners:multicast 1.2Listener modules are responsible for accepting requests from fencing clients.Listener module [multicast]: The multicast listener module is designed for use environments where the guests and hosts may communicate over a network using multicast.The multicast address is the address that a client will use to send fencing requests to fence_virtd.Multicast IP Address [225.0.0.12]: Using ipv4 as family.Multicast IP Port [1229]: Setting a preferred interface causes fence_virtd to listen only on that interface. Normally, it listens on all interfaces. In environments where the virtual machines are using the host machine as a gateway, this *must* be set (typically to virbr0). Set to 'none' for no interface.Interface [virbr0]: br0The key file is the shared key information which is used to authenticate fencing requests. The contents of this file must be distributed to each physical host and virtual machine within a cluster.Key File [/etc/cluster/fence_xvm.key]: Backend modules are responsible for routing requests to the appropriate hypervisor or management layer.Backend module [libvirt]: The libvirt backend module is designed for single desktops or servers. Do not use in environments where virtual machines may be migrated between hosts.Libvirt URI [qemu:///system]: Configuration complete.=== Begin Configuration === backends {libvirt {uri = "qemu:///system";}}listeners {multicast {port = "1229";family = "ipv4";interface = "br0";address = "225.0.0.12";key_file = "/etc/cluster/fence_xvm.key";}}fence_virtd {module_path = "/usr/lib64/fence-virt";backend = "libvirt";listener = "multicast"; }=== End Configuration === Replace /etc/fence_virt.conf with the above [y/N]? y

注意：只有網(wǎng)絡(luò)那里需要手動(dòng)輸入你的網(wǎng)橋名字，其余全部回車即可

[root@Sun_s ~]# cd /etc/ [root@Sun_s etc]# mkdir cluster/ ##由于這個(gè)目錄沒(méi)有，所以需要手動(dòng)創(chuàng)建## [root@Sun_s cluster]# dd if=/dev/urandom of=fence_xvm.key bs=128 count=1 ##生成密鑰##

[root@Sun_s cluster]# systemctl restart fence_virtd.service [root@Sun_s cluster]# scp fence_xvm.key root@172.25.1.4:/etc/cluster/ [root@Sun_s cluster]# scp fence_xvm.key root@172.25.1.1:/etc/cluster/ ##將密鑰傳給資源管理的服務(wù)器## [root@server4 ~]# mkdir /etc/cluster [root@server4 ~]# ssh server1 mkdir /etc/cluster ##創(chuàng)建目錄存放密鑰## [root@server4 ~]# pcs stonith create vmfence fence_xvm pcmk_host_map="server1:sun1;server4:sun4" op monitor interval=60s “將主機(jī)名和設(shè)備對(duì)應(yīng)關(guān)系”加到集群中

[root@server4 ~]# pcs property set stonith-enabled=true ##將stonith啟用##

測(cè)試：

[root@server1 ~]# echo c > /proc/sysrq-trigger ##將server1模擬系統(tǒng)崩潰##此時(shí)打開server1的虛擬窗口觀察變化

?

?

總結(jié)

以上是生活随笔為你收集整理的HAProxy实现负载均衡及高可用集群（corosync+pacemaker）的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺(jué)得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。