HaProxy 負載均衡叢集
阿新 • • 發佈:2019-01-06
HAProxy是一個使用C語言編寫的自由及開放原始碼軟體,其提供高可用性、負載均衡,以及基於TCP和HTTP的應用程式代理,特別適用於那些負載特大的web站點,這些站點通常又需要會話保持或七層處理。HAProxy執行在當前的硬體上,完全可以支援數以萬計的併發連線。並且它的執行模式使得它可以很簡單安全的整合進您當前的架構中, 同時可以保護你的web伺服器不被暴露到網路上。
編譯安裝HaProxy
1.安裝編譯環境和Haproxy所依賴的包檔案.
[[email protected] ~]# yum install -y gcc autoconf automake Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile Package gcc-4.8.5-36.el7.x86_64 already installed and latest version Package autoconf-2.69-11.el7.noarch already installed and latest version Package automake-1.13.4-3.el7.noarch already installed and latest version Nothing to do
2.編譯並安裝Haproxy.
[[email protected] ~]# wget https://src.fedoraproject.org/repo/pkgs/haproxy/
[[email protected] ~]# mkdir -p /usr/local/haproxy
[[email protected] ~]# useradd -s /sbin/nologin -M haproxy
[[email protected] ~]# tar -xzvf haproxy-1.8.8.tar.gz
[[email protected] ~]# cd haproxy-1.8.8/
[ [email protected] ~]# make TARGET=linux2628 ARCH=x86_64 PREFIX=/usr/local/haproxy
[[email protected] ~]# make install PREFIX=/usr/local/haproxy
[[email protected] ~]# /usr/local/haproxy/sbin/haproxy -v
3.核心優化,開啟NAT轉發,追加寫入以下兩個選項即可.
[[email protected] ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1 #開啟轉發功能
net.ipv4.ip_nonlocal_bind = 1 #允許沒監聽IP時啟動
[ [email protected] ~]# echo "1" > /proc/sys/net/ipv4/ip_forward
[[email protected]ost ~]# echo "1" > /proc/sys/net/ipv4/ip_nonlocal_bind
[[email protected] ~]# sysctl -p
4.由於Haproxy不會生成日誌檔案,下面自己新增haproxy日誌路徑.
[[email protected] ~]# sed -i 's/^#$ModLoad imudp/$ModLoad imudp/g' /etc/rsyslog.conf
[[email protected] ~]# sed -i 's/^#$UDPServerRun 514/$UDPServerRun 514/g' /etc/rsyslog.conf
[[email protected] ~]# echo 'local0.* /var/log/haproxy.log'>>/etc/rsyslog.conf
[[email protected] ~]# systemctl restart rsyslog
實現Web叢集
1.手動生成配置檔案,由於Haproxy不會生成配置檔案,所有應手動建立(寫入以下內容)
[[email protected] ~]# vim /usr/local/haproxy/haproxy.cfg
######################全域性配置####################
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
daemon
#nbproc 1 #程序數量
maxconn 4096 #最大連線數
user haproxy #執行使用者
group haproxy #執行組
chroot /usr/local/haproxy #haproxy路徑
pidfile /var/run/haproxy.pid #程序ID
###################預設配置#######################
defaults
log global
mode http #預設模式{ tcp|http|health }
option httplog #日誌類別,採用httplog
option dontlognull #不記錄健康檢查日誌資訊
retries 2 #2次連線失敗不可用
option forwardfor #後端服務獲得真實ip
option httpclose #請求完畢後主動關閉http通道
option abortonclose #伺服器負載很高,自動結束比較久的連結
maxconn 4096 #最大連線數
timeout connect 5m #連線超時
timeout client 1m #客戶端超時
timeout server 31m #伺服器超時
timeout check 10s #心跳檢測超時
balance roundrobin #負載均衡方式,輪詢
###################統計頁面配置###################
listen stats
bind 0.0.0.0:1080
mode http
option httplog
log 127.0.0.1 local0 err
stats refresh 30s
maxconn 10 #最大連線數
stats uri /admin #狀態頁面 http//ip:1080/admin訪問
stats realm Haproxy\ Statistics
stats auth admin:admin #使用者和密碼:admin
stats hide-version #隱藏版本資訊
stats admin if TRUE #設定手工啟動/禁用
##############設定haproxy 錯誤頁面#################
#errorfile 403 /opt/haproxy/errorfiles/403.http
#errorfile 500 /opt/haproxy/errorfiles/500.http
#errorfile 502 /opt/haproxy/errorfiles/502.http
errorloc 503 https://www.baidu.com/
#errorfile 504 /opt/errorfiles/504.http
#################frontend前端配置#################
frontend http_main #指定型別(http_main/mysql)
bind *:80 #本機偵聽埠(80/3306)
option forwardfor
acl web hdr(host) -i elven.win #acl規則,-i忽略大小寫,訪問*就觸發web規則
use_backend web1 if web
acl web_kvm path_beg -i /kvm
use_backend kvm if web_kvm
default_backend web1 #不滿足則響應的預設頁面
#################backend後端配置#################
backend web1 #www1作用域
cookie SERVERID
balance roundrobin
option httpchk HEAD /index.html HTTP/1.0
server web1 192.168.1.10:80 weight 1 check inter 2000 rise 2 fall 3 #web1均衡(應新增內容)
server web2 192.168.1.11:80 weight 1 check inter 2000 rise 2 fall 3 #web2均衡(應新增內容)
backend kvm
server kvm1 127.0.0.1:8000
#################################################
2.設定許可權
[[email protected] ~]# chmod 755 -R /usr/local/haproxy
[[email protected] ~]# chown -R haproxy:haproxy /usr/local/haproxy
3.啟動HaProxy,並設定開機自啟動
[[email protected] ~]# /usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/haproxy.cfg
[[email protected] ~]# echo "/usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/haproxy.cfg" >> /etc/profile
4.檢視Web監控頁面,和日誌檔案
[[email protected] ~]# elinks http://127.0.0.1:1080/admin
[[email protected] ~]# cat /var/log/haproxy.log
實現MariaDB叢集
1.手動生成配置檔案,由於Haproxy不會生成配置檔案,所有應手動建立(寫入以下內容)
[[email protected] ~]# vim /usr/local/haproxy/haproxy.cfg
global
maxconn 4096
daemon
chroot /usr/local/haproxy
pidfile /var/run/haproxy.pid
#debug
#quiet
user haproxy
group haproxy
defaults
log global
mode http
option httplog
option dontlognull
log 127.0.0.1 local0
retries 3
option redispatch
maxconn 2000
#contimeout 5000
#clitimeout 50000
#srvtimeout 50000
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
listen admin_stats
bind *:1080
mode http
stats uri /admin
stats realm Global\ statistics
stats auth admin:admin
stats hide-version
listen proxy-mysql #MySQL代理欄位
bind *:3306
mode tcp
balance roundrobin
option tcplog
option mysql-check user haproxy #在mysql中建立無任何許可權使用者haproxy且無密碼
server MySQL1 192.168.1.13:3306 check weight 1 maxconn 2000 #均衡主機1
server MySQL2 192.168.1.14:3306 check weight 1 maxconn 2000 #均衡主機2
option tcpka
2.進入從資料庫,建立Mysql使用者
MariaDB [(none)]> create user 'haproxy'@'%';
Query OK, 0 rows affected (0.10 sec)
MariaDB [(none)]> create user 'haproxy'@'localhost';
Query OK, 0 rows affected (0.00 sec)
3.設定許可權
[[email protected] ~]# chmod 755 -R /usr/local/haproxy
[[email protected] ~]# chown -R haproxy:haproxy /usr/local/haproxy
4.啟動HaProxy,並設定開機自啟動
[[email protected] ~]# /usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/haproxy.cfg
[[email protected] ~]# echo "/usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/haproxy.cfg" >> /etc/profile
5.檢視Web監控頁面,和日誌檔案
[[email protected] ~]# elinks http://127.0.0.1:1080/admin
[[email protected] ~]# cat /var/log/haproxy.log
6.測試MySQL負載均衡
[[email protected] ~]# mysql -uroot -p -h 192.168.1.12
grant all privileges on *.* to [email protected]'%' identified by "123";
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| wang |
+--------------------+
4 rows in set (0.18 sec)
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| rui |
+--------------------+
4 rows in set (0.01 sec)
實現Web動靜分離
實際應用環境中,往往需要根據業務請求將相關不同請求跳轉到指定的後端server,比如客戶靜態資源請求交給靜態資源server處理,php請求交給php server處理,jsp請求交給tomcat處理,即業務上的應用請求分離,而haproxy完全可以利用acl匹配規則實現這一目的.
角色名稱 ip資訊
haproxy server eth0:172.51.96.233/24 && eth1:192.168.0.233/24
static server eth1:192.168.0.247/24
php server eth1:192.168.0.235/24
tomcat server eth1:192.168.0.238/24
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
log 127.0.0.1 local3
maxconn 204800
chroot /usr/local/haproxy
user haproxy
group haproxy
daemon
nbproc 1
pidfile /var/run/haproxy.pid
stats socket /usr/local/haproxy/stats
description haproxy server
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
log global
mode http
maxconn 10000
option httplog
option httpclose
option dontlognull
option forwardfor except 127.0.0.0/8
retries 3
option redispatch
option abortonclose
balance roundrobin
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
#---------------------------------------------------------------------
# use listen setting the haproxy status for site
#---------------------------------------------------------------------
listen admin_status #設定haproxy監控狀態
bind *:3030
mode http
log 127.0.0.1 local3 err
stats refresh 5s
stats uri /status #監控狀態頁面訪問url
stats realm www.skeryp.com
stats auth admin:admin
stats hide-version
stats admin if TRUE
#---------------------------------------------------------------------
# main listen which proxys to the backends
#---------------------------------------------------------------------
listen www
bind *:80
maxconn 5000
mode http
log global
option httplog
option httpclose
option forwardfor
log global
default_backend default #設定預設訪問頁面
#定義當請求的內容是靜態內容時,將請求轉交給static server的acl規則
acl url_static path_beg -i /static /images /img /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js .html
acl host_static hdr_beg(host) -i img. video. download. ftp. imags. videos.
#定義當請求的內容是php內容時,將請求轉交給php server的acl規則
acl url_php path_end -i .php
#定義當請求的內容是.jsp或.do內容時,將請求轉交給tomcat server的acl規則
acl url_jsp path_end -i .jsp .do
#引用acl匹配規則
use_backend static_pool if url_static or host_static
use_backend php_pool if url_php
use_backend tomcat_pool if url_jsp
#定義後端backend server
backend static_pool
option httpchk GET /index.html
server static1 192.168.0.247:80 cookie id1 check inter 2000 rise 2 fall 3
backend php_pool
option httpchk GET /info.php
server php1 192.168.0.235:80 cookie id1 check inter 2000 rise 2 fall 3
backend tomcat_pool
option httpchk GET /index.jsp
server tomcat1 192.168.0.238:8086 cookie id2 check inter 2000 rise 2 fall 3
#<----------------------default site for listen and frontend------------------------------------>
backend default
mode http
option httpchk GET /index.html
server default 192.168.0.127:80 cookie id1 check inter 2000 rise 2 fall 3 maxconn 5000