haproxy+keepalived反向代理,查看状态,后端主机上下线配置

本文描述的是haproxy做代理,负载均衡,haproxy状态查看,后端主机的上下线,keepalived高可用

一、前提条件

1.1 至少两台服务器 操作系统为centos7

IP:192.168.238.138/24机器名:ceph4

IP:192.168.238.139/24机器名:ceph5

1.2 部署软件(两台都有)

Keepalived高可用

Haproxy1.7.9反向代理

Apache HTTP后端主机

1.3 在两台主机设置分别机器名

#hostnamectl ceph4

#hostnamectl ceph4

1.4编辑vi /etc/hosts中加入(两台都有)

#加入本机的域名解析

192.168.238.138 ceph4

192.168.238.139 ceph5

1.5 关闭防火墙,selinux(两台都有)

#systemctl stop firewalld#停止正在运行的防火墙

#systemctl disabled firewalld#禁止开机启动

#setenforce 0#临时禁止selinux

#sed -i "s/^SELINUX\=enforcing/SELINUX\=disabled/g"/etc/selinux/config#永久禁止


二、安装配置后端软件apache http

2.1 安装http软件(两台都有)

#yum install httpd -y

2.2 编辑配置文件改监听的端口

安装完编辑vi /etc/httpd/conf/httpd.conf

Listen 8080 #监听端口改为8080,可以不修改,我的是主机的80端口已经被占用

2.3 配置访问的页面

Ceph4

#echo 'ceph4' >/var/www/html/index.html

Ceph5:

#echo 'ceph5' >/var/www/html/index.html

2.4 启动http并测试

#systemctl start httpd

#curl ceph4:8080

ceph4#结果不同,以方便之后的测试

#curl ceph5:8080

ceph5


三、Haproxy安装部署

下边的操作两个节点都需要安装

3.1 相关系统包的安装

#yum install -y gcc glibc gcc-c++ make screen tree lrzsz

3.2 Haproxy安装

#mkdir /soft#创建目录

#cd /soft/

#wgethttp://www.haproxy.org/download/1.7/src/haproxy-1.7.9.tar.gz#下载安装包

#tar xf haproxy-1.7.9.tar.gz#解压

#cd haproxy-1.7.9

#make TARGET=linux2628 PREFIX=/usr/local/haproxy1.7.9#编译

#make install#安装

install -d "/usr/local/sbin"

install haproxy"/usr/local/sbin"

install -d "/usr/local/share/man"/man1

install -m 644 doc/haproxy.1 "/usr/local/share/man"/man1

install -d "/usr/local/doc/haproxy"

for x in configuration management architecture cookie-options luaWURFL-device-detection proxy-protocol linux-syn-cookies network-namespacesDeviceAtlas-device-detection 51Degrees-device-detectionnetscaler-client-ip-insertion-protocol close-options SPOE intro; do \

install -m 644doc/$x.txt "/usr/local/doc/haproxy" ; \

#cp /usr/local/sbin/haproxy /usr/sbin/#启动文件

#haproxy-v#查看安装结果

HA-Proxy version 1.7.9 2017/08/18

Copyright 2000-2017 Willy Tarreauwilly@haproxy.org

创建haproxy启动脚本

#cp examples/haproxy.init /etc/init.d/haproxy

#/etc/init.d/haproxy start#启动

创建需要的相关的目录

#useradd -r haproxy

#mkdir /etc/haproxy

#mkdir /var/lib/haproxy

#mkdir /var/run/haproxy

编辑haproxy配置文件

#vi /etc/haproxy/haproxy.cfg

global

log 127.0.0.1 local3 info

chroot /var/lib/haproxy

maxconn10000#设置允许的最大连接数,需要考虑ulimit -n的限制

user haproxy

group haproxy

daemon

defaults

log global

mode http

option httplog

option dontlognull

timeout connect 5000

timeout client 50000

timeout server 50000

frontend front#前端

mode http

bind *:8088#这里的端口为8088,也可以是其他为占用的端口

stats uri /haproxy?stats

default_backend default_backend

backend default_backend#后端

#source cookie SERVERID

option forwardfor header X-REAL-IP

option httpchk GET /index.html#检查的url

balance roundrobin

server ceph5 192.168.238.139:8080 check inter 2000 rise 3 fall 3 weight1

server ceph4 192.168.238.138:8080 check inter 2000 rise 3 fall 3 weight1

日志设置

#sed -i 's@\#\$ModLoad imudp@\$ModLoad imudp@g' /etc/rsyslog.conf

#sed-i 's@\#\$UDPServerRun514@\$UDPServerRun 514@g' /etc/rsyslog.conf

#echo "local3.*/var/log/haproxy.log" >> /etc/rsyslog.conf

启动:

#/etc/init.d/haproxy start

Startinghaproxy (via systemctl):[OK]

测试:

# ceph5的haproxy配置正常

[root@ceph4 ~]# curlceph5:8088

ceph5

[root@ceph4 ~]# curlceph5:8088

ceph4

# ceph4的haproxy配置正常

[root@ceph4 ~]# curlceph4:8088

ceph5

[root@ceph4 ~]# curlceph4:8088

ceph4

看到访问url的结果是两台服务器轮换相应

状态管理页面

在浏览器访问http://192.168.238.138:8088/haproxy?stats,查看状态

3.3 Haproxy动态维护(两点都需要)

在配置文件的global下添加socket文件

stats socket /var/lib/haproxy/haproxy.sockmode 600 level admin

stats timeout 2m

安装socat

#yum install -y socat

查看haproxy的帮助

#echo "help" |socat stdio /var/lib/haproxy/haproxy.sock

查看info状态信息,可以通过zabbix来监控相关状态值

#echo "show info" |socat stdio/var/lib/haproxy/haproxy.sock

Name: HAProxy

Version: 1.7.9

Release_date: 2017/08/18

Nbproc: 1

Process_num: 1

Pid: 5145

Uptime: 0d 0h03m34s

Uptime_sec: 214

Memmax_MB: 0

PoolAlloc_MB: 0

PoolUsed_MB: 0

PoolFailed: 0

Ulimit-n: 20033

Maxsock: 20033

Maxconn: 10000

Hard_maxconn: 10000

CurrConns: 0

CumConns: 4

CumReq: 4

Maxpipes: 0

PipesUsed: 0

PipesFree: 0

ConnRate: 0

ConnRateLimit: 0

MaxConnRate: 0

SessRate: 0

SessRateLimit: 0

MaxSessRate: 0

CompressBpsIn: 0

CompressBpsOut: 0

CompressBpsRateLim: 0

Tasks: 7

Run_queue: 1

Idle_pct: 100

node: ceph4

haproxy维护模式(主机上下线)


在ceph4上做测试,下线default_backend下的ceph4主机

#echo "disable server default_backend/ceph4 " |socat stdio/var/lib/haproxy/haproxy.sock

注:ceph4已经不在线

上线default_backend下的ceph4

#echo "enable server default_backend/ceph4 " |socat stdio/var/lib/haproxy/haproxy.sock

注:ceph4恢复

3.4 Haproxy生产使用建议

haproxy的本地端口会出现用尽情况,解决方案如下4条

1.更改local的端口范围,调整内核参数

#cat /proc/sys/net/ipv4/ip_local_port_range

3276861000

2.调整timewait的端口复用,设置为1

#cat /proc/sys/net/ipv4/tcp_tw_reuse

1

3.调整tcp_wait的时间,不建议修改

#cat /proc/sys/net/ipv4/tcp_fin_timeout

60

4.最佳方案:增加多个ip,端口数量就足够




四、Keepalived

Mail配置使用

4.1安装mailx邮件服务

yum install mailx -y

#配置文件追加信息(/etc/mail.rc)

vim /etc/mail.rc

#发件人信息

set from=zhouguanjie2005@163.com#发件人邮箱地址(163设置得开起允许代理)

set smtp=smtp.163.com#smtp地址

setsmtp-auth-user=zhouguanjie2005@163.com#邮箱用户名,不用加域名

set smtp-auth-password=******#邮箱密码(邮件密码是smtp代理授权码)

set smtp-auth=login#邮箱验证方式

#测试发送

echo "hello world" | mail -s"hello"18706768942@163.comzhuguanjie@qq.com#会看到测试邮件信息,可以发送多个邮件

#echo "邮件内容"

| mail -s "标题"邮箱地址

#最好把你的发送邮件地址加入你接收邮箱的白名单,不然发多了可能被认为发送垃圾邮件而被163拒绝,这是真的

4.2.安装配置keepalived(两节点都需要)

# yum install -y keepalived

# keepalived -v#查看版本

Keepalived v1.3.5 (03/19,2017), git commitv1.3.5-6-g6fa32f2

在/etc/keepalived下建立文件如下(两节点):

# ls

check_haproxy.shcheck_haproxy_url.shdown.shkeepalived.confvrrp.sh

#主要是一些脚本和keepalived配置文件

# vi check_haproxy.sh#检测haproxy进程是否村子,不存在的话重启

#!/bin/bash

counter=$(ps -C haproxy --no-heading|wc -l)

if [ "${counter}" = "0"]; then

/etc/init.d/haproxy start

fi

exit 0

# vi check_haproxy_url.sh#通过url检测如果不成功返回非0,待达到次数后,keepalived会降权值变为backup节点

#!/bin/bash

# curl -ILhttp://localhost/member/login.htm

# curl --data"memberName=fengkan&password=22" http://localhost/member/login.htm

count=0

for (( k=0; k<2; k++ ))

do

check_code=$( curl --connect-timeout 3 -sL -w"%{http_code}\\n" http://localhost:8088/index.html -o /dev/null )

if [ "$check_code" != "200" ]; then

# count = count +1

let "count += 1"

continue

else

count=0

break

fi

done

if [ "$count" != "0" ];then

#/etc/init.d/keepalived stop

exit 1

else

exit 0

fi

# vi down.sh#维护用的脚本,不需要手动关闭keepalived

#!/bin/bash

#判断down文件是否存在,在需要维护的时候,建立一个down文件,虚拟地址会自动转移走

if [-f /etc/keepalived/down ]; then

exit 1

else

exit 0

fi

# vi vrrp.sh (ceph4)#状态发生变换,邮件提醒

#!/bin/bash

#当状态发生变换的时候,发送邮件提醒

echo "192.168.238.138 ceph4$1状态被激活,请确认HAProxy服务运行状态"|mail -s "HAProxy状态切换警告"15063176713@139.com

# vi vrrp.sh (ceph5)#状态发生变换,邮件提醒

#!/bin/bash

echo "192.168.238.139 ceph5$1状态被激活,请确认HAProxy服务运行状态"|mail -s "HAProxy状态切换警告"15063176713@139.com

建立完脚本后不要忘记赋予可执行的权限

#chmod +x check_haproxy.sh check_haproxy_url.sh vrrp.sh down.sh

Keepalived主配置文件

这里ceph4为master节点,ceph5为backup节点

ceph4:

vi /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {

notification_email {

acassen

}

notification_email_from Alexandre.Cassen@firewall.loc

smtp_server 192.168.200.1

smtp_connect_timeout 30

router_id LVS_DEVEL

}

vrrp_script chk_haproxy_url {

script "/etc/keepalived/check_haproxy_url.sh"#查看链接是否能正常访问,不正常两次后降级,看下边的配置

interval 2# check every 2 seconds

weight -5

fall 2#失败两次后,触发weight减5操作,想有降级操作必须有

rise 2#成功两次后,恢复

}

vrrp_script chk_haproxy {

script "/etc/keepalived/check_haproxy.sh"#查看haproxy进程是否存在,不存在的话启动,无降权

interval 2#check every 2 seconds,执行的时间间隔

}

vrrp_script chk_mantaince_down {

script "/etc/keepalived/down.sh"

interval 2# check every 2 seconds

weight -5

fall 2#维护操作命令,在/etc/keepalived建立down文件开始维护

rise 2

}

vrrp_instance VI_1 {

state MASTER#这里主备不一样,注意

interface ens33#根据自己的网卡修改

virtual_router_id 50

#nopreempt

priority 101#设置优先级

advert_int 1

virtual_ipaddress {

192.168.238.200#虚拟IP地址

}

track_script {

chk_haproxy_url#与上边的执行vrrp_script脚本对应

chk_haproxy

chk_mantaince_down

}

#状态转换的时候,邮件告警

notify_backup "/etc/keepalived/vrrp.shBACKUP"

notify_master "/etc/keepalived/vrrp.shMASTER"

notify_fault"/etc/keepalived/vrrp.shFAULT"

}

Ceph5

backup节点

#这里只标出与master不一样的地方,其他同上

vi /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {

notification_email {

acassen

}

notification_email_from Alexandre.Cassen@firewall.loc

smtp_server 192.168.200.1

smtp_connect_timeout 30

router_id LVS_DEVEL

}

vrrp_script chk_haproxy_url {

script "/etc/keepalived/check_haproxy_url.sh"# cheaper than pidof

interval 2#check every 2 seconds

weight -5

fall 2

rise 2

}

vrrp_script chk_haproxy {

script "/etc/keepalived/check_haproxy.sh"# cheaper than pidof

interval 2#check every 2 seconds

}

vrrp_script chk_mantaince_down {

script "/etc/keepalived/down.sh"

interval 2#check every 2 seconds

weight -5

fall 2

rise 2

}

vrrp_instance VI_1 {

state BACKUP#这里为BACKUP

interface ens33

virtual_router_id 50

#nopreempt

priority 100#设置级别

advert_int 1

virtual_ipaddress {

192.168.238.200

}

track_script {

chk_haproxy_url

chk_haproxy

chk_mantaince_down

}

notify_backup "/etc/keepalived/vrrp.shBACKUP"

notify_master "/etc/keepalived/vrrp.shMASTER"

notify_fault"/etc/keepalived/vrrp.shFAULT"

}

测试:

分别启动keepalived

会看到

Ceph4日志:

# tailf /var/log/messages

Sep 21 15:09:55 ceph4 Keepalived[50677]:Starting Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2

Sep 21 15:09:55 ceph4 Keepalived[50677]:Unable to resolve default script username 'keepalived_script' - ignoring

Sep 21 15:09:55 ceph4 Keepalived[50677]:Opening file '/etc/keepalived/keepalived.conf'.

Sep 21 15:09:55 ceph4 systemd: PID file/var/run/keepalived.pid not readable (yet?) after start.

Sep 21 15:09:55 ceph4 Keepalived[50678]:Starting Healthcheck child process, pid=50679

Sep 21 15:09:55 ceph4 Keepalived[50678]:Starting VRRP child process, pid=50680

Sep 21 15:09:55 ceph4 systemd: Started LVSand VRRP High Availability Monitor.

Sep 21 15:09:55 ceph4Keepalived_healthcheckers[50679]: Opening file '/etc/keepalived/keepalived.conf'.

Sep 21 15:09:55 ceph4Keepalived_vrrp[50680]: Registering Kernel netlink reflector

Sep 21 15:09:55 ceph4Keepalived_vrrp[50680]: Registering Kernel netlink command channel

Sep 21 15:09:55 ceph4Keepalived_vrrp[50680]: Registering gratuitous ARP shared channel

Sep 21 15:09:55 ceph4Keepalived_vrrp[50680]: Opening file '/etc/keepalived/keepalived.conf'.

Sep 21 15:09:55 ceph4Keepalived_vrrp[50680]: VRRP_Instance(VI_1) removing protocol VIPs.

Sep 21 15:09:55 ceph4 Keepalived_vrrp[50680]:Unsafe permissions found for script '/etc/keepalived/check_haproxy_url.sh'.

Sep 21 15:09:55 ceph4Keepalived_vrrp[50680]: SECURITY VIOLATION - scripts are being executed butscript_security not enabled. There are insecure scripts.

Sep 21 15:09:55 ceph4Keepalived_vrrp[50680]: Using LinkWatch kernel netlink reflector...

Sep 21 15:09:55 ceph4Keepalived_vrrp[50680]: VRRP sockpool: [ifindex(2), proto(112), unicast(0),fd(10,11)]

Sep 21 15:09:55 ceph4Keepalived_vrrp[50680]: VRRP_Script(chk_mantaince_down) succeeded

Sep 21 15:09:55 ceph4Keepalived_vrrp[50680]: VRRP_Script(chk_haproxy) succeeded

Sep 21 15:09:55 ceph4Keepalived_vrrp[50680]: VRRP_Script(chk_haproxy_url) succeeded

Sep 21 15:09:56 ceph4Keepalived_vrrp[50680]: VRRP_Instance(VI_1) Transition to MASTER STATE

Sep21 15:09:57 ceph4 Keepalived_vrrp[50680]: VRRP_Instance(VI_1) Entering MASTERSTATE#现在虚拟地址在主节点上

Sep 21 15:09:57 ceph4Keepalived_vrrp[50680]: VRRP_Instance(VI_1) setting protocol VIPs.

Sep 21 15:09:57 ceph4Keepalived_vrrp[50680]: Sending gratuitous ARP on ens33 for 192.168.238.200

测试一、现在我在ceph4(模拟不关机维护)

# touch /etc/keepalived/down#创建down文件

Sep 21 15:12:49 ceph4Keepalived_vrrp[50680]: /etc/keepalived/down.sh exited with status 1

Sep 21 15:12:51 ceph4Keepalived_vrrp[50680]: /etc/keepalived/down.sh exited with status 1

Sep 21 15:12:51 ceph4Keepalived_vrrp[50680]: VRRP_Script(chk_mantaince_down) failed

Sep 21 15:12:51 ceph4Keepalived_vrrp[50680]: VRRP_Instance(VI_1) Changing effective priority from101 to 96

Sep 21 15:12:52 ceph4Keepalived_vrrp[50680]: VRRP_Instance(VI_1) Received advert with higherpriority 100, ours 96

Sep 21 15:12:52 ceph4Keepalived_vrrp[50680]: VRRP_Instance(VI_1)Entering BACKUP STATE#在创建down文件后,weight降级了,变为了BACKUP节点

Sep 21 15:12:52 ceph4 Keepalived_vrrp[50680]:VRRP_Instance(VI_1) removing protocol VIPs.

邮箱收到信息如下:

Ceph4变为backup



Ceph5变为激活master


Ceph5变为激活master

说明测试成功,地址已经漂移到ceph5,ceph4可以维护了

将down文件删掉后

# rmdown

rm:remove regular empty file ‘down’? y

ceph4

Sep 21 15:17:18 ceph4Keepalived_vrrp[50680]: VRRP_Script(chk_mantaince_down) succeeded

Sep 21 15:17:18 ceph4Keepalived_vrrp[50680]: VRRP_Instance(VI_1) Changing effective priority from 96to 101

Sep 21 15:17:18 ceph4Keepalived_vrrp[50680]: VRRP_Instance(VI_1) forcing a new MASTER election

Sep 21 15:17:19 ceph4Keepalived_vrrp[50680]: VRRP_Instance(VI_1) Transition to MASTER STATE

Sep21 15:17:20 ceph4 Keepalived_vrrp[50680]: VRRP_Instance(VI_1) Entering MASTERSTATE#变为主的状态

Sep 21 15:17:20 ceph4Keepalived_vrrp[50680]: VRRP_Instance(VI_1) setting protocol VIPs.

Sep 21 15:17:20 ceph4Keepalived_vrrp[50680]: Sending gratuitous ARP on ens33 for 192.168.238.200

Ceph5:

Sep 21 15:17:18 ceph5Keepalived_vrrp[11531]: VRRP_Instance(VI_1) Received advert with higherpriority 101, ours 100

Sep 21 15:17:18 ceph5Keepalived_vrrp[11531]: VRRP_Instance(VI_1) Entering BACKUP STATE

Sep21 15:17:18 ceph5 Keepalived_vrrp[11531]: VRRP_Instance(VI_1) removing protocolVIPs.#地址已经漂移走了,回到了ceph4





最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
  • 序言:七十年代末,一起剥皮案震惊了整个滨河市,随后出现的几起案子,更是在滨河造成了极大的恐慌,老刑警刘岩,带你破解...
    沈念sama阅读 216,001评论 6 498
  • 序言:滨河连续发生了三起死亡事件,死亡现场离奇诡异,居然都是意外死亡,警方通过查阅死者的电脑和手机,发现死者居然都...
    沈念sama阅读 92,210评论 3 392
  • 文/潘晓璐 我一进店门,熙熙楼的掌柜王于贵愁眉苦脸地迎上来,“玉大人,你说我怎么就摊上这事。” “怎么了?”我有些...
    开封第一讲书人阅读 161,874评论 0 351
  • 文/不坏的土叔 我叫张陵,是天一观的道长。 经常有香客问我,道长,这世上最难降的妖魔是什么? 我笑而不...
    开封第一讲书人阅读 58,001评论 1 291
  • 正文 为了忘掉前任,我火速办了婚礼,结果婚礼上,老公的妹妹穿的比我还像新娘。我一直安慰自己,他们只是感情好,可当我...
    茶点故事阅读 67,022评论 6 388
  • 文/花漫 我一把揭开白布。 她就那样静静地躺着,像睡着了一般。 火红的嫁衣衬着肌肤如雪。 梳的纹丝不乱的头发上,一...
    开封第一讲书人阅读 51,005评论 1 295
  • 那天,我揣着相机与录音,去河边找鬼。 笑死,一个胖子当着我的面吹牛,可吹牛的内容都是我干的。 我是一名探鬼主播,决...
    沈念sama阅读 39,929评论 3 416
  • 文/苍兰香墨 我猛地睁开眼,长吁一口气:“原来是场噩梦啊……” “哼!你这毒妇竟也来了?” 一声冷哼从身侧响起,我...
    开封第一讲书人阅读 38,742评论 0 271
  • 序言:老挝万荣一对情侣失踪,失踪者是张志新(化名)和其女友刘颖,没想到半个月后,有当地人在树林里发现了一具尸体,经...
    沈念sama阅读 45,193评论 1 309
  • 正文 独居荒郊野岭守林人离奇死亡,尸身上长有42处带血的脓包…… 初始之章·张勋 以下内容为张勋视角 年9月15日...
    茶点故事阅读 37,427评论 2 331
  • 正文 我和宋清朗相恋三年,在试婚纱的时候发现自己被绿了。 大学时的朋友给我发了我未婚夫和他白月光在一起吃饭的照片。...
    茶点故事阅读 39,583评论 1 346
  • 序言:一个原本活蹦乱跳的男人离奇死亡,死状恐怖,灵堂内的尸体忽然破棺而出,到底是诈尸还是另有隐情,我是刑警宁泽,带...
    沈念sama阅读 35,305评论 5 342
  • 正文 年R本政府宣布,位于F岛的核电站,受9级特大地震影响,放射性物质发生泄漏。R本人自食恶果不足惜,却给世界环境...
    茶点故事阅读 40,911评论 3 325
  • 文/蒙蒙 一、第九天 我趴在偏房一处隐蔽的房顶上张望。 院中可真热闹,春花似锦、人声如沸。这庄子的主人今日做“春日...
    开封第一讲书人阅读 31,564评论 0 21
  • 文/苍兰香墨 我抬头看了看天上的太阳。三九已至,却和暖如春,着一层夹袄步出监牢的瞬间,已是汗流浃背。 一阵脚步声响...
    开封第一讲书人阅读 32,731评论 1 268
  • 我被黑心中介骗来泰国打工, 没想到刚下飞机就差点儿被人妖公主榨干…… 1. 我叫王不留,地道东北人。 一个月前我还...
    沈念sama阅读 47,581评论 2 368
  • 正文 我出身青楼,却偏偏与公主长得像,于是被迫代替她去往敌国和亲。 传闻我的和亲对象是个残疾皇子,可洞房花烛夜当晚...
    茶点故事阅读 44,478评论 2 352

推荐阅读更多精彩内容