349 lines
No EOL
18 KiB
HTML
349 lines
No EOL
18 KiB
HTML
<!DOCTYPE html>
|
||
<html>
|
||
<head>
|
||
<meta charset="utf-8">
|
||
<meta name="tool" content="leanote-desktop-app">
|
||
<title>基于Keepalived+Haproxy搭建四层负载均衡器</title>
|
||
<style>
|
||
|
||
*{font-family:"lucida grande","lucida sans unicode",lucida,helvetica,"Hiragino Sans GB","Microsoft YaHei","WenQuanYi Micro Hei",sans-serif;}
|
||
|
||
body {
|
||
margin: 0;
|
||
}
|
||
|
||
/*公用文字样式*/
|
||
h1{font-size:30px}h2{font-size:24px}h3{font-size:18px}h4{font-size:14px}
|
||
.note-container{
|
||
width:850px;
|
||
margin:auto;
|
||
padding: 10px 20px;
|
||
box-shadow: 1px 1px 10px #eee;
|
||
}
|
||
#title {
|
||
margin: 0;
|
||
}
|
||
table {
|
||
margin-bottom: 16px;
|
||
border-collapse: collapse;
|
||
}
|
||
table th, table td {
|
||
padding: 6px 13px;
|
||
border: 1px solid #ddd;
|
||
}
|
||
table th {
|
||
font-weight: bold;
|
||
}
|
||
|
||
table tr {
|
||
background-color: none;
|
||
border-top: 1px solid #ccc;
|
||
}
|
||
table tr:nth-child(2n) {
|
||
background-color: rgb(247, 247, 249);
|
||
}
|
||
.mce-item-table, .mce-item-table td, .mce-item-table th, .mce-item-table caption {
|
||
border: 1px solid #ddd;
|
||
border-collapse: collapse;
|
||
padding: 6px 13px;
|
||
}
|
||
blockquote {
|
||
border-left-width:10px;
|
||
background-color:rgba(128,128,128,0.05);
|
||
border-top-right-radius:5px;
|
||
border-bottom-right-radius:5px;
|
||
padding:15px 20px;
|
||
border-left:5px solid rgba(128,128,128,0.075);
|
||
}
|
||
blockquote p {
|
||
margin-bottom:1.1em;
|
||
font-size:1em;
|
||
line-height:1.45
|
||
}
|
||
blockquote ul:last-child,blockquote ol:last-child {
|
||
margin-bottom:0
|
||
}
|
||
pre {
|
||
padding: 18px;
|
||
background-color: #f7f7f9;
|
||
border: 1px solid #e1e1e8;
|
||
border-radius: 3px;
|
||
display: block;
|
||
}
|
||
code {
|
||
padding: 2px 4px;
|
||
font-size: 90%;
|
||
color: #c7254e;
|
||
white-space: nowrap;
|
||
background-color: #f9f2f4;
|
||
border-radius: 4px;
|
||
}
|
||
.footnote {
|
||
vertical-align: top;
|
||
position: relative;
|
||
top: -0.5em;
|
||
font-size: .8em;
|
||
}
|
||
|
||
hr {
|
||
margin:2em 0
|
||
}
|
||
img {
|
||
max-width:100%
|
||
}
|
||
pre {
|
||
word-break:break-word
|
||
}
|
||
p,pre,pre.prettyprint,blockquote {
|
||
margin:0 0 1.1em
|
||
}
|
||
hr {
|
||
margin:2em 0
|
||
}
|
||
img {
|
||
max-width:100%
|
||
}
|
||
.sequence-diagram,.flow-chart {
|
||
text-align:center;
|
||
margin-bottom:1.1em
|
||
}
|
||
.sequence-diagram text,.flow-chart text {
|
||
font-size:15px !important;
|
||
font-family:"Source Sans Pro",sans-serif !important
|
||
}
|
||
.sequence-diagram [fill="#ffffff"],.flow-chart [fill="#ffffff"] {
|
||
fill:#f6f6f6
|
||
}
|
||
.sequence-diagram [stroke="#000000"],.flow-chart [stroke="#000000"] {
|
||
stroke:#3f3f3f
|
||
}
|
||
.sequence-diagram text[stroke="#000000"],.flow-chart text[stroke="#000000"] {
|
||
stroke:none
|
||
}
|
||
.sequence-diagram [fill="#000"],.flow-chart [fill="#000"],.sequence-diagram [fill="#000000"],.flow-chart [fill="#000000"],.sequence-diagram [fill="black"],.flow-chart [fill="black"] {
|
||
fill:#3f3f3f
|
||
}
|
||
ul,ol {
|
||
margin-bottom:1.1em
|
||
}
|
||
ul ul,ol ul,ul ol,ol ol {
|
||
margin-bottom:1.1em
|
||
}
|
||
kbd {
|
||
padding:.1em .6em;
|
||
border:1px solid rgba(63,63,63,0.25);
|
||
-webkit-box-shadow:0 1px 0 rgba(63,63,63,0.25);
|
||
box-shadow:0 1px 0 rgba(63,63,63,0.25);
|
||
font-size:.7em;
|
||
font-family:sans-serif;
|
||
background-color:#fff;
|
||
color:#333;
|
||
border-radius:3px;
|
||
display:inline-block;
|
||
margin:0 .1em;
|
||
white-space:nowrap
|
||
}
|
||
.toc ul {
|
||
list-style-type:none;
|
||
margin-bottom:15px
|
||
}
|
||
</style>
|
||
<!-- 该css供自定义样式 -->
|
||
<link href="../leanote-html.css" rel="stylesheet">
|
||
</head>
|
||
|
||
<body>
|
||
|
||
<div class="note-container">
|
||
<h1 class="title" id="leanote-title">基于Keepalived+Haproxy搭建四层负载均衡器</h1>
|
||
<div class="content-html" id="leanote-content"><h2>一、前言</h2><p>Haproxy是稳定、高性能、高可用性的负载均衡解决方案,支持HTTP及TCP代理后端服务器池,因支持强大灵活的7层acl规则,广泛作为HTTP反向代理。本文则详细介绍如何利用它的四层交换与Keepalived实现一个负载均衡器,适用于Socket、ICE、<a title="mail命令" href="http://man.linuxde.net/mail" target="_blank" data-mce-href="http://man.linuxde.net/mail">mail</a>、<a title="mysql命令" href="http://man.linuxde.net/mysql" target="_blank" data-mce-href="http://man.linuxde.net/mysql">mysql</a>、私有通讯等任意TCP服务。系统架构图如下:</p><p><img src="基于Keepalived-Haproxy搭建四层负载均衡器_files/599b462cd01cce1c4d000016.png" alt="" data-mce-src="/api/file/getImage?fileId=599b462cd01cce1c4d000016"></p><h2>二、平台环境</h2><pre id="leanote_ace_1479781780621_0" class="ace-tomorrow" data-mce-style="line-height: 1.5; font-size: 14px; height: 105px;">OS:Centos5.4(64X)
|
||
MASTER:192.168.0.20
|
||
BACKUP:192.168.0.21
|
||
VIP:192.168.0.100
|
||
Serivce Port:11231</pre><h2>三、平台安装配置</h2><p><strong>1、添加非本机<a title="ip命令" href="http://man.linuxde.net/ip" target="_blank" data-mce-href="http://man.linuxde.net/ip">ip</a>邦定支持</strong></p><pre id="leanote_ace_1479781780643_0" class="ace-tomorrow" data-mce-style="line-height: 1.5; font-size: 14px; height: 63px;">#vi /etc/sysctl.conf
|
||
net.ipv4.ip_nonlocal_bind=1
|
||
#sysctl –p</pre><p><strong>2、配置平台日志支持</strong></p><pre id="leanote_ace_1479781780653_0" class="ace-tomorrow" data-mce-style="line-height: 1.5; font-size: 14px; height: 189px;">#vi /etc/syslog.conf
|
||
添加:
|
||
local3.* /var/log/haproxy.log
|
||
local0.* /var/log/haproxy.log
|
||
|
||
#vi /etc/sysconfig/syslog
|
||
修改:
|
||
SYSLOGD_OPTIONS="-r -m 0"
|
||
#/etc/init.d/syslog restart</pre><p><strong>3、关闭SELINUX</strong></p><pre id="leanote_ace_1479781780663_0" class="ace-tomorrow" data-mce-style="line-height: 1.5; font-size: 14px; height: 84px;">vi /etc/sysconfig/selinux
|
||
修改:
|
||
SELINUX=disabled
|
||
#setenforce 0</pre><p><strong>4、配置<a title="iptables命令" href="http://man.linuxde.net/iptables" target="_blank" data-mce-href="http://man.linuxde.net/iptables">iptables</a>,添加VRRP通讯支持</strong></p><pre id="leanote_ace_1479781780673_0" class="ace-tomorrow" data-mce-style="line-height: 1.5; font-size: 14px; height: 21px;">iptables -A INPUT -d 224.0.0.18 -j accept</pre><p><strong>5、Keepalived的安装、配置</strong></p><pre id="leanote_ace_1479781780682_0" class="ace-tomorrow" data-mce-style="line-height: 1.5; font-size: 14px; height: 1239px;">#mkdir -p /home/install/keepalivedha
|
||
#cd /home/install/keepalivedha
|
||
#wget http://www.keepalived.org/software/keepalived-1.2.2.tar.gz
|
||
#tar zxvf keepalived-1.2.2.tar.gz
|
||
#cd keepalived-1.2.2
|
||
#./configure
|
||
#make && make install
|
||
|
||
#cp /usr/local/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
|
||
#cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
|
||
#mkdir /etc/keepalived
|
||
#cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
|
||
#cp /usr/local/sbin/keepalived /usr/sbin/
|
||
|
||
#vi /etc/keepalived/keepalived.conf
|
||
|
||
! Configuration file for keepalived
|
||
|
||
global_defs {
|
||
notification_email {
|
||
liutiansi@gmail.com
|
||
}
|
||
notification_email_from liutiansi@gmail.com
|
||
smtp_connect_timeout 3
|
||
smtp_server 127.0.0.1
|
||
router_id LVS_DEVEL
|
||
}
|
||
vrrp_script chk_haproxy {
|
||
script "killall -0 haproxy"
|
||
interval 2
|
||
weight 2
|
||
}
|
||
vrrp_instance VI_1 {
|
||
interface eth1
|
||
state MASTER # 从为BACKUP
|
||
priority 101 # 从为100
|
||
virtual_router_id 50 #路由ID,可通过#tcpdump vrrp查看。
|
||
garp_master_delay 1 #主从切换时间,单位为秒。
|
||
|
||
authentication {
|
||
auth_type PASS
|
||
auth_pass KJj23576hYgu23IP
|
||
}
|
||
track_interface {
|
||
eth0
|
||
eth1
|
||
}
|
||
virtual_ipaddress {
|
||
192.168.0.100
|
||
}
|
||
track_script {
|
||
chk_haproxy
|
||
}
|
||
|
||
#状态通知
|
||
notify_master "/etc/keepalived/Mailnotify.py master"
|
||
notify_backup "/etc/keepalived/Mailnotify.py backup"
|
||
notify_fault "/etc/keepalived/Mailnotify.py fault"
|
||
}</pre><p><strong>6、Haproxy的安装与配置</strong></p><pre id="leanote_ace_1479781780693_0" class="ace-tomorrow" data-mce-style="line-height: 1.5; font-size: 14px; height: 231px;">#cd /home/install/keepalivedha
|
||
#wget http://haproxy.1wt.eu/download/1.4/src/haproxy-1.4.11.tar.gz
|
||
#tar -zxvf haproxy-1.4.11.tar.gz
|
||
#cd haproxy-1.4.11
|
||
#make install
|
||
#mkdir -p /usr/local/haproxy/etc
|
||
#mkdir -p /usr/local/haproxy/sbin
|
||
#cp examples/haproxy.cfg /usr/local/haproxy/etc
|
||
#ln -s /usr/local/sbin/haproxy /usr/local/haproxy/sbin/haproxy
|
||
|
||
#vi /usr/local/haproxy/etc/haproxy.cfg</pre><pre id="leanote_ace_1479781780704_0" class="ace-tomorrow" data-mce-style="line-height: 1.5; font-size: 14px; height: 924px;"># this config needs haproxy-1.1.28 or haproxy-1.2.1
|
||
|
||
global
|
||
# log 127.0.0.1 local0
|
||
log 127.0.0.1 local1 notice
|
||
maxconn 5000
|
||
uid 99
|
||
gid 99
|
||
|
||
daemon
|
||
pidfile /usr/local/haproxy/haproxy.pid
|
||
|
||
|
||
defaults
|
||
log global
|
||
mode http
|
||
|
||
#option httplog
|
||
option dontlognull
|
||
retries 3
|
||
option redispatch
|
||
maxconn 2000
|
||
contimeout 5000
|
||
clitimeout 50000
|
||
srvtimeout 50000
|
||
|
||
listen ICE01 192.168.0.100:11231
|
||
mode tcp #配置TCP模式
|
||
maxconn 2000
|
||
balance roundrobin
|
||
server ice-192.168.0.128 192.168.0.128:11231 check inter 5000 fall 1 rise 2
|
||
server ice-192.168.0.129 192.168.0.129:11231 check inter 5000 fall 1 rise 2
|
||
server ice-192.168.0.130 192.168.0.130:11231 check inter 5000 fall 1 rise 2
|
||
server ice-192.168.0.131 192.168.0.131:11231 check inter 5000 fall 1 rise 2
|
||
server ice-192.168.0.132 192.168.0.132:11231 check inter 5000 fall 1 rise 2
|
||
server ice-192.168.0.34 192.168.0.34:11231 check inter 5000 fall 1 rise 2
|
||
srvtimeout 20000
|
||
|
||
listen stats_auth 192.168.0.20:80
|
||
# listen stats_auth 192.168.0.21:80 # backup config
|
||
stats enable
|
||
stats uri /admin-status #管理地址
|
||
stats auth admin:123456 #管理帐号:管理密码
|
||
stats admin if TRUE</pre><p><strong>7、邮件通知程序(python实现)<br></strong></p><pre id="leanote_ace_1479781780716_0" class="ace-tomorrow" data-mce-style="line-height: 1.5; font-size: 14px; height: 21px;">#vi /etc/keepalived/Mailnotify.py</pre><pre id="leanote_ace_1479781780725_0" class="ace-tomorrow" data-mce-style="line-height: 1.5; font-size: 14px; height: 1113px;">#!/usr/local/bin/python
|
||
#coding: utf-8
|
||
from email.MIMEMultipart import MIMEMultipart
|
||
from email.MIMEText import MIMEText
|
||
from email.MIMEImage import MIMEImage
|
||
from email.header import Header
|
||
import sys
|
||
import smtplib
|
||
|
||
#---------------------------------------------------------------
|
||
# Name: Mailnotify.py
|
||
# Purpose: Mail notify to SA
|
||
# Author: Liutiansi
|
||
# Email: liutiansi@gamil.com
|
||
# Created: 2011/03/09
|
||
# Copyright: (c) 2011
|
||
#--------------------------------------------------------------
|
||
strFrom = 'admin@domain.com'
|
||
strTo = 'liutiansi@gmail.com'
|
||
smtp_server='smtp.domain.com'
|
||
smtp_pass='123456'
|
||
|
||
if sys.argv[1]!="master" and sys.argv[1]!="backup" and sys.argv[1]!="fault":
|
||
sys.exit()
|
||
else:
|
||
notify_type=sys.argv[1]
|
||
|
||
|
||
mail_title='[紧急]负载均衡器邮件通知'
|
||
mail_body_plain=notify_type+'被激活,请做好应急处理。'
|
||
mail_body_html='<b><font color=red>'+notify_type+'被激活,请做好应急处理。</font></b>'
|
||
|
||
msgRoot = MIMEMultipart('related')
|
||
msgRoot['Subject'] =Header(mail_title,'utf-8')
|
||
msgRoot['From'] = strFrom
|
||
msgRoot['To'] = strTo
|
||
|
||
msgAlternative = MIMEMultipart('alternative')
|
||
msgRoot.attach(msgAlternative)
|
||
|
||
msgText = MIMEText(mail_body_plain, 'plain', 'utf-8')
|
||
msgAlternative.attach(msgText)
|
||
|
||
|
||
msgText = MIMEText(mail_body_html, 'html','utf-8')
|
||
msgAlternative.attach(msgText)
|
||
|
||
|
||
smtp = smtplib.SMTP()
|
||
smtp.connect(smtp_server)
|
||
smtp.login(smtp_user,smtp_pass)
|
||
smtp.sendmail(strFrom, strTo, msgRoot.as_string())
|
||
smtp.quit()</pre><p>注:修改成系统python实际路径“#!/usr/local/bin/python”(第一行)</p><pre id="leanote_ace_1479781780738_0" class="ace-tomorrow" data-mce-style="line-height: 1.5; font-size: 14px; height: 63px;">#chmod +x /etc/keepalived/Mailnotify.py
|
||
#/usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/etc/haproxy.cfg
|
||
#service keepalived start</pre><p><strong>8、查看VRRP通讯记录<br></strong></p><pre id="leanote_ace_1479781780748_0" class="ace-tomorrow" data-mce-style="line-height: 1.5; font-size: 14px; height: 21px;">#tcpdump vrrp</pre><pre id="leanote_ace_1479781780758_0" class="ace-tomorrow" data-mce-style="line-height: 1.5; font-size: 14px; height: 63px;">tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
|
||
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
|
||
15:49:05.270017 IP 192.168.0.20 > VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 50, prio 100, authtype simple, intvl 1s, length 20</pre><h2>四、Haproxy界面</h2><p>访问http://192.168.0.20/admin-status,输入帐号admin密码123456进入管理监控平台。</p><p><img src="基于Keepalived-Haproxy搭建四层负载均衡器_files/599b462cd01cce1c4d000015.png" alt="" data-mce-src="/api/file/getImage?fileId=599b462cd01cce1c4d000015"></p><p>haproxy-1.4.9以后版本最大的亮点是添加了手工启用/禁用功能,对升级变更应用时非常有用。</p><h2>五、邮件通知</h2><p><img src="基于Keepalived-Haproxy搭建四层负载均衡器_files/599b462cd01cce1c4d000014.png" alt="" data-mce-src="/api/file/getImage?fileId=599b462cd01cce1c4d000014"></p></div>
|
||
</div>
|
||
|
||
<!-- 该js供其它处理 -->
|
||
<script src="../leanote-html.js"></script>
|
||
</body>
|
||
</html> |