标题:基于Keepalived+Haproxy搭建四层负载均衡器[原创] 出处:运维进行时 时间:Thu, 10 Mar 2011 18:17:57 +0000 作者:刘天斯 地址:https://blog.liuts.com/post/223/ 内容: 一、前言 Haproxy是稳定、高性能、高可用性的负载均衡解决方案,支持HTTP及TCP代理后端服务器池,因支持强大灵活的7层acl规则,广泛作为HTTP反向代理。本文则详细介绍如何利用它的四层交换与Keepalived实现一个负载均衡器,适用于Socket、ICE、Mail、Mysql、私有通讯等任意TCP服务。系统架构图如下: 点击在新窗口中浏览此图片 https://blog.liuts.com/attachment.php?fid=288 二、平台环境 引用 OS:Centos5.4(64X) MASTER:192.168.0.20 BACKUP:192.168.0.21 VIP:192.168.0.100 Serivce Port:11231 三、平台安装配置 1、添加非本机IP邦定支持 引用 #vi /etc/sysctl.conf net.ipv4.ip_nonlocal_bind=1 #sysctl –p 2、配置平台日志支持 引用 #vi /etc/syslog.conf 添加: local3.* /var/log/haproxy.log local0.* /var/log/haproxy.log #vi /etc/sysconfig/syslog 修改: SYSLOGD_OPTIONS="-r -m 0" #/etc/init.d/syslog restart 3、关闭SELINUX 引用 vi /etc/sysconfig/selinux 修改: SELINUX=disabled #setenforce 0 4、配置iptables,添加VRRP通讯支持 引用 iptables -A INPUT -d 224.0.0.18 -j ACCEPT 5、Keepalived的安装、配置 引用 #mkdir -p /home/install/keepalivedha #cd /home/install/keepalivedha #wget http://www.keepalived.org/software/keepalived-1.2.2.tar.gz #tar zxvf keepalived-1.2.2.tar.gz #cd keepalived-1.2.2 #./configure #make && make install 引用 #cp /usr/local/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/ #cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/ #mkdir /etc/keepalived #cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/ #cp /usr/local/sbin/keepalived /usr/sbin/ #vi /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { liutiansi@gmail.com } notification_email_from liutiansi@gmail.com smtp_connect_timeout 3 smtp_server 127.0.0.1 router_id LVS_DEVEL } vrrp_script chk_haproxy { script "killall -0 haproxy" interval 2 weight 2 } vrrp_instance VI_1 { interface eth1 state MASTER # 从为BACKUP priority 101 # 从为100 virtual_router_id 50 #路由ID,可通过#tcpdump vrrp查看。 garp_master_delay 1 #主从切换时间,单位为秒。 authentication { auth_type PASS auth_pass KJj23576hYgu23IP } track_interface { eth0 eth1 } virtual_ipaddress { 192.168.0.100 } track_script { chk_haproxy } #状态通知 notify_master "/etc/keepalived/Mailnotify.py master" notify_backup "/etc/keepalived/Mailnotify.py backup" notify_fault "/etc/keepalived/Mailnotify.py fault" } 6、Haproxy的安装与配置 引用 #cd /home/install/keepalivedha #wget http://haproxy.1wt.eu/download/1.4/src/haproxy-1.4.11.tar.gz #tar -zxvf haproxy-1.4.11.tar.gz #cd haproxy-1.4.11 #make install #mkdir -p /usr/local/haproxy/etc #mkdir -p /usr/local/haproxy/sbin #cp examples/haproxy.cfg /usr/local/haproxy/etc #ln -s /usr/local/sbin/haproxy /usr/local/haproxy/sbin/haproxy #vi /usr/local/haproxy/etc/haproxy.cfg # this config needs haproxy-1.1.28 or haproxy-1.2.1 global # log 127.0.0.1 local0 log 127.0.0.1 local1 notice maxconn 5000 uid 99 gid 99 daemon pidfile /usr/local/haproxy/haproxy.pid defaults log global mode http #option httplog option dontlognull retries 3 option redispatch maxconn 2000 contimeout 5000 clitimeout 50000 srvtimeout 50000 listen ICE01 192.168.0.100:11231 mode tcp #配置TCP模式 maxconn 2000 balance roundrobin server ice-192.168.0.128 192.168.0.128:11231 check inter 5000 fall 1 rise 2 server ice-192.168.0.129 192.168.0.129:11231 check inter 5000 fall 1 rise 2 server ice-192.168.0.130 192.168.0.130:11231 check inter 5000 fall 1 rise 2 server ice-192.168.0.131 192.168.0.131:11231 check inter 5000 fall 1 rise 2 server ice-192.168.0.132 192.168.0.132:11231 check inter 5000 fall 1 rise 2 server ice-192.168.0.34 192.168.0.34:11231 check inter 5000 fall 1 rise 2 srvtimeout 20000 listen stats_auth 192.168.0.20:80 # listen stats_auth 192.168.0.21:80 # backup config stats enable stats uri /admin-status #管理地址 stats auth admin:123456 #管理帐号:管理密码 stats admin if TRUE 7、邮件通知程序(python实现) #vi /etc/keepalived/Mailnotify.py #!/usr/local/bin/python #coding: utf-8 from email.MIMEMultipart import MIMEMultipart from email.MIMEText import MIMEText from email.MIMEImage import MIMEImage from email.header import Header import sys import smtplib #--------------------------------------------------------------- # Name: Mailnotify.py # Purpose: Mail notify to SA # Author: Liutiansi # Email: liutiansi@gamil.com # Created: 2011/03/09 # Copyright: (c) 2011 #-------------------------------------------------------------- strFrom = 'admin@domain.com' strTo = 'liutiansi@gmail.com' smtp_server='smtp.domain.com' smtp_pass='123456' if sys.argv[1]!="master" and sys.argv[1]!="backup" and sys.argv[1]!="fault": sys.exit() else: notify_type=sys.argv[1] mail_title='[紧急]负载均衡器邮件通知' mail_body_plain=notify_type+'被激活,请做好应急处理。' mail_body_html=''+notify_type+'被激活,请做好应急处理。' msgRoot = MIMEMultipart('related') msgRoot['Subject'] =Header(mail_title,'utf-8') msgRoot['From'] = strFrom msgRoot['To'] = strTo msgAlternative = MIMEMultipart('alternative') msgRoot.attach(msgAlternative) msgText = MIMEText(mail_body_plain, 'plain', 'utf-8') msgAlternative.attach(msgText) msgText = MIMEText(mail_body_html, 'html','utf-8') msgAlternative.attach(msgText) smtp = smtplib.SMTP() smtp.connect(smtp_server) smtp.login(smtp_user,smtp_pass) smtp.sendmail(strFrom, strTo, msgRoot.as_string()) smtp.quit() 注:修改成系统python实际路径“#!/usr/local/bin/python”(第一行) #chmod +x /etc/keepalived/Mailnotify.py #/usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/etc/haproxy.cfg #service keepalived start 8、查看VRRP通讯记录 #tcpdump vrrp 引用 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 15:49:05.270017 IP 192.168.0.20 > VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 50, prio 100, authtype simple, intvl 1s, length 20 四、Haproxy界面 访问http://192.168.0.20/admin-status,输入帐号admin密码123456进入管理监控平台。 点击在新窗口中浏览此图片 https://blog.liuts.com/attachment.php?fid=290 haproxy-1.4.9以后版本最大的亮点是添加了手工启用/禁用功能,对升级变更应用时非常有用。 五、邮件通知 点击在新窗口中浏览此图片 https://blog.liuts.com/attachment.php?fid=291 如大家有什么疑问或感兴趣的话题可以通过weibo与我交流:http://t.qq.com/yorkoliu Generated by Bo-blog 2.1.1 Release