本文共 9491 字,大约阅读时间需要 31 分钟。
环境就不多做介绍了,还是上一篇中用到的四台机器,这里只是之前Heartbeat+Haproxy实现负载均衡高可用的补充罢了,废话少说,进入正题。
本文的目的将实现heartbeat绑定多个VIP,多个VIP又将分别代理多个不同的web服务,这些web服务之间做负载均衡,而VIP是高可用,进而实现haproxy的高可用。
| 主机名 | 角色 | IP地址 | 说明 |
| mylinux1.contoso.com | Heartbeat+Haproxy | eth0:192.168.100.121 eth1:172.16.100.121 | VIP:192.168.100.120 |
| mylinux2.contoso.com | Heartbeat+Haproxy | eth0:192.168.100.122 eth1:172.16.100.122 | VIP:192.168.100.110 |
| mylinux3.contoso.com | apache | eth0:192.168.100.181 | Web:80,8001,8002 |
| mylinux4.contoso.com | apache | eth0:192.168.100.182 | Web:80,8001,8002 |
这里heartbeat服务将产生两个VIP,mylinux1上默认启动VIP 192.168.100.120,而mylinux2上默认启动VIP 192.168.100.110,当某一台发生故障时,另一台将接管故障服务器的VIP。Haproxy两个服务器的配置相同,都将绑定192.168.100.110和192.168.100.120两个IP地址,从而达到高可用的目的。
注意:大家应该注意到,如果将两个VIP都绑定到同一台服务器上,然后让heartbeat控制haproxy服务,也可以达到上面的目的,但是这样的话,无论何时必定有一台主机获得两个VIP,且提供代理服务,而另外一个主机可能什么服务都没有,完全处于备用状态,为了充分利用服务器资源,所以不采用这种方式,因此才有了本文的介绍。
一、配置heartbeat
heartbeat的配置就不多介绍了,这里主要是修改haresources文件。
| 1 2 3 4 5 6 7 | [root@mylinux1 conf] # vi /etc/ha.d/haresources [root@mylinux1 conf] # tail -2 /etc/ha.d/haresources mylinux1.contoso.com IPaddr::192.168.100.120 /24/eth0 mylinux2.contoso.com IPaddr::192.168.100.110 /24/eth0 [root@mylinux2 ~] # tail -2 /etc/ha.d/haresources mylinux1.contoso.com IPaddr::192.168.100.120 /24/eth0 mylinux2.contoso.com IPaddr::192.168.100.110 /24/eth0 |
二、修改haproxy配置文件
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 | [root@mylinux1 conf] # cat haproxy.cfg # this config needs haproxy-1.1.28 or haproxy-1.2.1 global #log 127.0.0.1 local0 log 127.0.0.1:514 local0 warning pidfile /usr/local/haproxy/var/run/haproxy .pid daemon maxconn 4096 chroot /usr/local/haproxy/var/chroot user haproxy group haproxy nbproc 1 defaults logglobal mode http retries3 option httplog option httpclose option dontlognull option forwardfor option redispatch maxconn2000 balance roundrobin timeout connect 5000 timeout client 50000 timeoutserver 50000 listen haproxy_stats bind *:8000 mode http option httplog maxconn 20 stats enable stats refresh 30s stats uri /haproxy_status stats auth admin:123456 stats hide-version listenwebsites_01 bind 192.168.100.120:80 option forwardfor #option httpchk GET /info.txt #option httpchk HEAD /check.html HTTP/1.0 timeout server 15s timeout connect 30s server web1 192.168.100.181:8001 check port 8001 inter 2000 fall 3 server web2 192.168.100.182:8001 check port 8001 inter 2000 fall 3 listenwebsites_02 bind 192.168.100.110:80 option forwardfor #option httpchk GET /info.txt #option httpchk HEAD /check.html HTTP/1.0 timeout server 15s timeout connect 30s server web1 192.168.100.181:8002 check port 8002 inter 2000 fall 3 server web2 192.168.100.182:8002 check port 8002 inter 2000 fall 3 [root@mylinux1 conf] # scp haproxy.cfg mylinux2:/usr/local/haproxy/conf/ root@mylinux2's password: haproxy.cfg 100% 1608 1.6KB /s 00:00 |
注意,要保证mylinux1和mylinux2上的配置文件一模一样。
三、同时启动heartbeat服务
| 1 2 3 4 5 6 7 8 | [root@mylinux1 conf] # /etc/init.d/heartbeat start Starting High-Availability services: INFO: Resource is stopped INFO: Resource is stopped Done. [root@mylinux2 conf] # /etc/init.d/heartbeat start Starting High-Availability services: INFO: Resource is stopped INFO: Resource is stopped Done. |
最后,要确保VIP成功绑定:
| 1 2 3 4 | [root@mylinux1 conf] # ip a |grep 120 inet 192.168.100.120 /24 brd 192.168.100.255 scope global secondary eth0 [root@mylinux2 conf] # ip a |grep 110 inet 192.168.100.110 /24 brd 192.168.100.255 scope global secondary eth0 |
四、启动haproxy服务
在mylinux1上启动haproxy服务:
| 1 2 3 4 5 | [root@mylinux1 conf] # service haproxy start [ALERT] 275 /163638 (2078) : Starting proxy websites_02: cannot bind socket [192.168.100.110:80] Start haproxy failed. [root@mylinux1 conf] # ps -ef|grep haproxy root 2080 1035 0 16:36 pts /0 00:00:00 grep haproxy |
发现无法启动,错误是因为无法绑定IP地址192.168.100.110,所以启动不成功。同样的,在mylinux2上也因为无法绑定IP地址192.168.100.120而无法启动。
解决方法:
在/etc/sysctl.conf中添加如下配置:
net.ipv4.ip_nonlocal_bind = 1
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | [root@mylinux1 conf] # echo "net.ipv4.ip_nonlocal_bind = 1" >>/etc/sysctl.conf [root@mylinux1 conf] # tail -1 /etc/sysctl.conf net.ipv4.ip_nonlocal_bind = 1 [root@mylinux1 conf] # sysctl -p net.ipv4.ip_forward = 1 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 kernel.sysrq = 0 kernel.core_uses_pid = 1 net.ipv4.tcp_syncookies = 1 kernel.msgmnb = 65536 kernel.msgmax = 65536 kernel.shmmax = 68719476736 kernel.shmall = 4294967296 fs. file -max = 2097152 fs.nr_open = 2097152 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_fin_timeout = 30 net.ipv4.tcp_keepalive_time = 1200 net.ipv4.ip_local_port_range = 1024 65000 net.ipv4.tcp_max_syn_backlog = 81920 net.ipv4.ip_nonlocal_bind = 1 |
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | [root@mylinux2 conf] # echo "net.ipv4.ip_nonlocal_bind = 1" >>/etc/sysctl.conf [root@mylinux2 conf] # sysctl -p net.ipv4.ip_forward = 1 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 kernel.sysrq = 0 kernel.core_uses_pid = 1 net.ipv4.tcp_syncookies = 1 error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key error: "net.bridge.bridge-nf-call-iptables" is an unknown key error: "net.bridge.bridge-nf-call-arptables" is an unknown key kernel.msgmnb = 65536 kernel.msgmax = 65536 kernel.shmmax = 68719476736 kernel.shmall = 4294967296 net.ipv4.ip_nonlocal_bind = 1 |
然后再次尝试启动haproxy服务:
| 1 2 3 4 5 | [root@mylinux1 conf] # service haproxy start Start haproxy successful. [root@mylinux1 conf] # ps -ef|grep haproxy haproxy 2102 1 0 16:43 ? 00:00:00 /usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/conf/haproxy .cfg root 2104 1035 0 16:43 pts /0 00:00:00 grep haproxy |
| 1 2 3 4 5 | [root@mylinux2 conf] # service haproxy start Start haproxy successful. [root@mylinux2 conf] # ps -ef|grep haproxy haproxy 3225 1 0 16:44 ? 00:00:00 /usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/conf/haproxy .cfg root 3227 2036 0 16:44 pts /0 00:00:00 grep haproxy |
五、测试代理访问
访问192.168.100.120,是转发给http://192.168.100.181:8001/和http://192.168.100.182:8001/,没有问题。
访问192.168.100.110,是转发给http://192.168.100.181:8002/和http://192.168.100.182:8002/,这里也显示正常。
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | [root@mylinux1 conf] # for i in {1..10};do curl http://192.168.100.120/;done web1 web3 web1 web3 web1 web3 web1 web3 web1 web3 [root@mylinux1 conf] # for i in {1..10};do curl http://192.168.100.110/;done web2 web4 web2 web4 web2 web4 web2 web4 web2 web4 |
在linux上进行测试,代理访问也正常。
六、模拟故障切换
这里将mylinux1上的heartbeat服务关闭,然后再进行代理访问测试。
| 1 2 3 4 5 | [root@mylinux1 conf] # /etc/init.d/heartbeat stop Stopping High-Availability services: Done. [root@mylinux1 conf] # ip a |grep 192.168.100.120 [root@mylinux1 conf] # service haproxy status Haproxy (pid 2102) is running... |
| 1 2 3 4 5 6 | [root@mylinux2 conf] # ip a |grep 192.168.100 inet 192.168.100.122 /24 brd 192.168.100.255 scope global eth0 inet 192.168.100.110 /24 brd 192.168.100.255 scope global secondary eth0 inet 192.168.100.120 /24 brd 192.168.100.255 scope global secondary eth0 [root@mylinux2 conf] # service haproxy status Haproxy (pid 3225) is running... |
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | [root@mylinux1 conf] # for i in {1..10};do curl http://192.168.100.120/;done web1 web3 web1 web3 web1 web3 web1 web3 web1 web3 [root@mylinux1 conf] # for i in {1..10};do curl http://192.168.100.110/;done web2 web4 web2 web4 web2 web4 web2 web4 web2 web4 |
然后将mylinux1的heartbeat服务开启,同时将mylinux2的heartbeat服务关闭,再次进行代理访问测试。
| 1 2 3 4 5 6 | [root@mylinux1 conf] # /etc/init.d/heartbeat start Starting High-Availability services: INFO: Resource is stopped INFO: Resource is stopped Done. [root@mylinux2 conf] # /etc/init.d/heartbeat stop Stopping High-Availability services: Done. |
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 | [root@mylinux3 conf] # for i in {1..1000};do curl http://192.168.100.120/;sleep 1;done web3 web1 web3 web1 web3 web1 web3 web1 web3 web1 web3 web1 web3 web1 web1 web3 web1 web3 web1 web3 web1 web3 web1 web3 web1 web3 web1 web3 web1 web3 web1 web3 web1 web3 [root@mylinux4 conf] # for i in {1..1000};do curl http://192.168.100.110/;sleep 1;done web4 web2 web4 web2 web4 web2 web4 web2 web4 web2 web4 web2 web4 web2 web4 web2 web4 web2 web4 web2 web4 web2 web4 web2 web4 web2 web4 web2 web4 web2 web4 web2 web4 web2 web4 web2 web4 web2 web4 web2 web4 web2 web4 web2 web4 web2 web4 web2 web4 web2 web4 |
在客户端上的测试发现,VIP的转移基本没有造成服务的中断,说明haproxy代理服务高可用设置成功。
七、建议配置
因为heartbeat的停止或者服务器宕机都会影响VIP的切换,但是haproxy服务需要自动启动,而不能由heartbeat控制,所以建议在开机启动项中把haproxy设置为开机启动,至于heartbeat服务,不建议设置开机启动,以防止出现裂脑现象。
| 1 2 3 4 5 6 7 8 | [root@mylinux1 conf] # chkconfig --add haproxy [root@mylinux1 conf] # chkconfig haproxy on [root@mylinux1 conf] # chkconfig --list haproxy haproxy 0:off1:off2:on3:on4:on5:on6:off [root@mylinux2 conf] # chkconfig --add haproxy [root@mylinux2 conf] # chkconfig haproxy on [root@mylinux2 conf] # chkconfig --list haproxy haproxy 0:off1:off2:on3:on4:on5:on6:off |
注意:要让haproxy脚本能添加到chkconfig列表中去,需要添加如下内容:
#!/bin/bash
#
#chkconfig: 2345 20 70
#description: Start and stop haproxy service.
#
...
这样,以后只需要在重启服务器后手动开启heartbeat服务即可,即使出现脑裂,也只需要人为的处理一下,从而避免了haproxy服务的维护,提高了工作效率。
本文转自 jerry1111111 51CTO博客,原文链接:http://blog.51cto.com/jerry12356/1858448,如需转载请自行联系原作者