haproxy + keeplived
两台主机:
192.168.2.163
192.168.2.165
# yum安装haproxy
yum install haproxy
# cat /etc/haproxy/haproxy.cfg
实际使用的:
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
nbproc 4
maxconn 100000
tune.ssl.default-dh-param 2048
defaults
log global
option httplog
option forwardfor
option abortonclose
option dontlognull
retries 2
maxconn 100000
timeout connect 5s
timeout client 10m
timeout server 10m
listen admin_stats
mode http
bind *:8899
stats enable
stats refresh 30s
stats uri /stats
stats realm XingCloud\ Haproxy
stats auth admin:admin
stats hide-version
listen www
bind 0.0.0.0:8888 # 80端口被占用了,这里改用8888端口
mode http
balance roundrobin
server www1 192.168.2.162:8080 check inter 2000 rise 30 fall 15
server www2 192.168.2.164:8080 check inter 2000 rise 30 fall 15
#### 以下这些是参考的 ##########
global
log 127.0.0.1 local0
maxconn 100000
user haproxy
group haproxy
daemon
nbproc 4
tune.ssl.default-dh-param 2048
defaults
log global
mode http
#option httpclose
option redispatch
option forwardfor
option abortonclose
option dontlognull
retries 2
maxconn 100000
#balance source
timeout connect 10000
timeout client 100000
timeout server 100000
listen admin_stats
bind *:8899
mode http
option httplog
log 127.0.0.1 local0 err
maxconn 10
stats refresh 30s
stats uri /stats
stats realm XingCloud\ Haproxy
stats auth admin:admin
stats hide-version
listen redis
bind 0.0.0.0:6379
mode tcp
balance roundrobin
server node1 10.10.72.45:6379 minconn 4 maxconn 10000 check inter 2000 rise 2 fall 5
server node2 10.10.72.46:6379 minconn 4 maxconn 10000 check inter 2000 rise 2 fall 5
listen gxpt-dsqz
bind 0.0.0.0:52001
mode http
balance roundrobin
option httpchk GET /
server node1 10.10.72.29:52001 minconn 100 maxconn 10000 check inter 2000 rise 1 fall 2
server node2 10.10.72.30:52001 minconn 100 maxconn 10000 check inter 2000 rise 1 fall 2
server node3 10.10.72.31:52001 minconn 100 maxconn 10000 check inter 2000 rise 1 fall 2
server node4 10.10.72.32:52001 minconn 100 maxconn 10000 check inter 2000 rise 1 fall 2
server node5 10.10.72.33:52001 minconn 100 maxconn 10000 check inter 2000 rise 1 fall 2
server node6 10.10.72.34:52001 minconn 100 maxconn 10000 check inter 2000 rise 1 fall 2
listen gxpt-dsqz-ssl
bind 0.0.0.0:54001 ssl crt /opt/cert/gxpt.pem verify none
mode http
balance roundrobin
option httpchk GET /
server node1 10.10.72.2:5001 ssl verify none minconn 100 maxconn 10000 check inter 2000 rise 1 fall 2
server node2 10.10.72.3:5001 ssl verify none minconn 100 maxconn 10000 check inter 2000 rise 1 fall 2
# 在client增加cookie
backend backend_www
option forwardfor
cookie SERVERID insert indirect nocache #插入session信息
option redispatch #当后端rs挂了,可立即切换,不会出现503错误
option httpchk HEAD / HTTP/1.0
balance roundrobin
server www1 192.168.1.198:80 cookie www1check inter 2000 rise 30 fall 15
server www2 192.168.1.52:80 cookie www2 checkinter 2000 rise 30 fall 15
# balance source 根据原ip,经过hash计算后,指定后端固定的rs
backend backend_www
option forwardfor
option httpchk HEAD / HTTP/1.0
balance source
server www1 192.168.1.198:80 check inter2000 rise 30 fall 15
server www2 192.168.1.52:80check inter 2000 rise 30 fall 15
frontend frontend_58001
bind 0.0.0.0:58001
mode http
option tcplog
acl fpcloud-yypt path_beg -i /fpcloud-yypt
use_backend fpcloud-yypt if fpcloud-yypt
acl fpcloud-web path_beg -i /fpcloud-web
use_backend fpcloud-web if fpcloud-web
backend fpcloud-web
mode http
balance leastconn
server node1 10.72.1.233:58001 minconn 100 maxconn 10000 check inter 2000 rise 1 fall 2
server node2 10.72.1.241:58001 minconn 100 maxconn 10000 check inter 2000 rise 1 fall 2
backend fpcloud-yypt
mode http
balance leastconn
server node1 10.72.1.233:58002 minconn 100 maxconn 10000 check inter 2000 rise 1 fall 2
server node2 10.72.1.241:58002 minconn 100 maxconn 10000 check inter 2000 rise 1 fall 2
# 启动haproxy
systemctl start haproxy.service
systemctl enable haproxy.service
2 配置haproxy 日志
# 编辑haproxy配置文件,这一步配置文件中已经写过了,这里不用再修改了
# vim haproxy.cfg
global
log 127.0.0.1 local2
#local2是设备,对应于/etc/rsyslog.conf中的配置,默认是info的日志级别
defaults
log global # 必须配置
option httplog # 配置
# 编辑系统日志配置
# 为haproxy创建一个独立的配置文件
# vim /etc/rsyslog.d/haproxy.conf
$ModLoad imudp
$UDPServerRun 514
local2.* /opt/var/logs/haproxy/haproxy.log
local2.warning /opt/var/logs/haproxy/haproxy_warn.log
# 如果不加下面的的配置则除了在/opt/var/logs/haproxy/haproxy.log 中写入日志外,也会写入message文件
# vim /etc/rsyslog.conf
默认有下面的设置,会读取 /etc/rsyslog.d/*.conf目录下的配置文件
$IncludeConfig /etc/rsyslog.d/*.conf
# 禁止写入message
*.info;mail.none;authpriv.none;cron.none;local2.none /var/log/messages
# mkdir /opt/var/logs/haproxy/ -p
# 配置rsyslog的主配置文件,开启远程日志
# vim /etc/sysconfig/rsyslog
SYSLOGD_OPTIONS="-c 2 -r -m 0"
#-c 2 使用兼容模式,默认是 -c 5
#-r 开启远程日志
#-m 0 标记时间戳。单位是分钟,为0时,表示禁用该功能
# 重启haproxy和rsyslog服务
# centos7
# systemctl restart rsyslog
# systemctl restart haproxy
# systemctl enable rsyslog
3 配置haproxy日志轮转
# vim /etc/logrotate.d/haproxy
/opt/var/logs/haproxy/haproxy*.log {
daily
rotate 7
create
missingok
notifempty
dateext
compress
sharedscripts
postrotate
# /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
# /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
/etc/init.d/rsyslog restart
endscript
}
参考系统默认配置:
/opt/var/logs/haproxy/*.log {
daily
rotate 10
missingok
notifempty
compress
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
/bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}
# 强制轮转测试
# logrotate -vf /etc/logrotate.d/haproxy
安装keeplived
yum -y install epel-release
yum -y install keepalived
# 163主机操作,作为master
# vim /etc/keepalived/keepalived.conf
global_defs {
router_id haproxy_ha1
}
vrrp_script chk_maintaince_down {
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
interval 1
weight 2
}
vrrp_script chk_haproxy {
script "/etc/keepalived/scripts/haproxy_check.sh"
interval 2
timeout 2
fall 3
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 29
priority 100
authentication {
auth_type PASS
auth_pass 1e3459f77aba4ded
}
track_interface {
ens33
}
virtual_ipaddress {
192.168.2.250 dev ens33 label ens33:1
}
track_script {
chk_haproxy
}
notify_master "/etc/keepalived/scripts/haproxy_master.sh"
}
165主机操作,作为back
# vim /etc/keepalived/keepalived.conf
global_defs {
router_id haproxy_ha1
}
vrrp_script chk_maintaince_down {
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
interval 1
weight 2
}
vrrp_script chk_haproxy {
script "/etc/keepalived/scripts/haproxy_check.sh"
interval 2
timeout 2
fall 3
}
vrrp_instance VI_1 {
state BACK # 与上面的不同
interface ens33
virtual_router_id 29
priority 90 # 比上面的小
authentication {
auth_type PASS
auth_pass 1e3459f77aba4ded
}
track_interface {
ens33
}
virtual_ipaddress {
192.168.2.250 dev ens33 label ens33:1
}
track_script {
chk_haproxy
}
notify_master "/etc/keepalived/scripts/haproxy_master.sh"
}
两台主机都需要做的操作:
mkdir -p /etc/keepalived/scripts
mkdir -p /opt/var/logs/keepalived/
# vim /etc/keepalived/scripts/haproxy_check.sh
#!/bin/bash
LOGFILE="/opt/var/logs/keepalived/keepalived-haproxy-state.log"
if [ `ps -C haproxy --no-header |wc -l` -eq 0 ];then
date >> $LOGFILE
systemctl restart haproxy
sleep 1
if [ `ps -C haproxy --no-header |wc -l` -eq 0 ];then
echo "fail: check_haproxy status" >> $LOGFILE
exit 1
else
echo "success: restart_haproxy status" >> $LOGFILE
exit 0
fi
else
exit 0
fi
# vim /etc/keepalived/scripts/haproxy_master.sh
#!/bin/bash
LOGFILE="/opt/var/logs/keepalived/keepalived-haproxy-state.log"
echo "Being Master ..." >> $LOGFILE
chmod a+x /etc/keepalived/scripts/haproxy_check.sh /etc/keepalived/scripts/haproxy_master.sh
两台主机启动keepalived
163主机网卡信息
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:56:3a:cc:20 brd ff:ff:ff:ff:ff:ff
inet 192.168.2.163/24 brd 192.168.2.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.2.250/32 scope global ens33:1
valid_lft forever preferred_lft forever
inet6 fe80::8041:19f:b29:7354/64 scope link noprefixroute
valid_lft forever preferred_lft forever
165主机网卡信息
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:56:35:92:64 brd ff:ff:ff:ff:ff:ff
inet 192.168.2.165/24 brd 192.168.2.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::7320:404e:a7f2:6fbf/64 scope link noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::6435:91f7:6c5:fa28/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::8ebe:5815:b0b3:d833/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
haproxy故障漂移测试
目前脚本的作用是在keepalive vip 那台服务器 停止haproxy服务,会立刻再启动haproxy服务,除非这台主机关机,没法再启动haproxy服务,
此时keepalive vip 才会漂移到另外一台haproxy服务上。
当原有主机再次启动haproxy服务后,keepalive vip 又会回来。
问题:
1.在keepalive vip 漂移过程中会有短暂的服务访问缓慢的情况
2.haproxy中设置的是轮询,火狐浏览器上会看到效果,谷歌浏览器上效果不明显
haproxy + keeplived的更多相关文章
- 【原】基于 HAproxy 1.6.3 Keeplived 在 Centos 7 中实现mysql mariadb galera cluster 集群分发读写 —— 上篇
前言 有一段时间没有写blogs,乘着周末开始整理下haproxy + keeplived 实现 mysql mariadb galera cluster 集群访问环境的搭建工作. 本文集中讲hapr ...
- 负载均衡之Haproxy配置详解(及httpd配置)
下图描述了使用keepalived+Haproxy主从配置来达到能够针对前段流量进行负载均衡到多台后端web1.web2.web3.img1.img2.但是由于haproxy会存在单点故障问题,因此使 ...
- k8s Kubernetes v1.10 最简易安装 shell
k8s Kubernetes v1.10 最简易安装 shell # Master 单节点快速安装 # 最简单的安装shell,只为快速部署k8s测试环境 #环境centos 7.4 #1 初始化环境 ...
- Percona XtraDB Cluster(PXC)-高可用架构设计说明
Mycat+PXC高可用集群 一.架构图 架构说明: 1.mysql 集群高可用部分: l 针对业务场景选用Percona XtraDB Cluter(PXC)复制集群.两个片集群 PXC-dataN ...
- 记录一次k8s环境尝试过程(初始方案,现在已经做过很多完善,例如普罗米修斯)
记录一次Team k8s环境搭建过程(初始方案,现在已经做过很多完善,例如普罗米修斯) span::selection, .CodeMirror-line > span > span::s ...
- RabbitMQ从零到集群高可用(.NetCore5.0) -高可用集群构建落地
系列文章: RabbitMQ从零到集群高可用(.NetCore5.0) - RabbitMQ简介和六种工作模式详解 RabbitMQ从零到集群高可用(.NetCore5.0) - 死信队列,延时队列 ...
- HAProxy(三):Keeplived+HAProxy搭建高可用负载均衡动静分离架构基础配置示例
一.安装环境 1.软件版本 HAProxy:1.5.18 Keepalived:1.3.5 Nginx:1.12.2 PHP:7.2 系统版本:CentOS 7.4 2.IP分配与架构图 3.安装软件 ...
- [Z]haproxy+keepalived高可用群集
http://blog.51cto.com/13555423/2067131 Haproxy是目前比较流行的一种集群调度工具Haproxy 与LVS.Nginx的比较LVS性能最好,但是搭建相对复杂N ...
- Nginx + Keeplived双主测试
Author: JinDate: 20130613Title: Nginx + Keeplived 双主测试 前言:一年多前做过一次测试,时间久了忘记了,现在又重新做一次 一.环境1.基本信息和规划p ...
随机推荐
- c# SerialPort HEX there is no data received
C#窗口程序进行串口通信,按照串口通信协议,设置com口,波特率,停止位,校验位,数据位,本地虚拟串口调试ok,但是和外设调试时,发送HEX模式数据命令,没有数据返回, 所以关键问题在于HEX模式,发 ...
- SkyWalking分布式系统应用程序性能监控工具-上
概述 微服务系统监控三要素 现在系统基本都是微服务架构,对于复杂微服务链路调用如下问题如何解决? 一个请求经过了这些服务后其中出现了一个调用失败的问题,如何定位问题发生的地方? 如何计算每个节点访问流 ...
- RSA算法概述
RSA算法的概述(个人理解,欢迎纠正) RSA是一种基于公钥密码体制的优秀加密算法,1978年由美国(MIT)的李维斯特(Rivest).沙米尔(Shamir).艾德曼(Adleman)提的.RSA算 ...
- 洛谷 P5627 题解
题意 Link 求 \[\sum_{i=1}^{2^n}\log_2\left(\prod_{j=1}^i\operatorname{lowbit}(j)\right) \] \(n\le 2^{64 ...
- JS中操作数组、字符串的速度比较
对相同轻量级的数组和字符串进行检索: const arr = [1, 2, 3, 4, 5, 6, 7, 8, 'q'] const string = '12345678q' const Q = ...
- 2022了你还不会『低代码』?数据科学也能玩转Low-Code啦! ⛵
作者:韩信子@ShowMeAI 数据分析实战系列:http://www.showmeai.tech/tutorials/40 机器学习实战系列:http://www.showmeai.tech/tut ...
- 2019国家集训队论文《整点计数》命题报告 学习笔记/Min25
\(2019\)国家集训队论文<整点计数>命题报告 学习笔记/\(Min25\) 补了个大坑 看了看提交记录,发现\(hz\)的\(xdm\)早过了... 前置知识,\(HAOI\)< ...
- BZOJ3262/Luogu3810 陌上花开 (三维偏序,CDQ)
一个下午的光阴之死,凶手是细节与手残. 致命的一枪:BIT存权值时: for(; x <= maxx; x += x&-x) t[x] += w; //for(; x <= n; ...
- django的csrf跨站请求伪造
1.什么是跨站请求伪造 请看图: 我们自行写了一个网站模仿中国银行,用户不知道是否是真的中国银行,并且提交了转账信息,生成一个form表单,向银行服务器发送转账请求,这个form表单和正规银行网站的f ...
- java学习第二天面向对象.day07
变量的生命周期 成员变量:存储在堆内存中,随着对象的销毁而销毁 局部变量:存储在栈内存中,随着所定义方法的调用结束而销毁 局部变量存储在方法中,每次调用方法都会在栈空间开辟一块内存空间--栈帧,方法调 ...