ubuntu+haproxy+keepalived主主負載
一.測試環境:
系統:ubuntu server 12.04
haproxy版本:1.4.24
keepalived版本:keepalived-1.2.7
haporxy01:eth0:172.16.1.36 eth1:192.168.100.36
haporxy02:eth0:172.16.1.37 eth1:192.168.100.37
vip1:172.16.1.30
vip2:172.16.1.31
nignx1 website顯示:nginx1
nginx2 website顯示:ningx2
nginx3 website顯示:nginx3
nginx4 website顯示:nginx4
二.網絡結構
user
|
|
(vip1) | (vip2)
haproxy01-------keepalived-------haproxy02
/ \ / \
/ \ / \
/ \ / \
/ \ / \
--------------------------------------------------------
| nginx1 nginx2 nginx3 nginx4 |
--------------------------------------------------------
三.安裝
1.安裝keepalvied
主機haproxy01:
wget http://www.keepalived.org/software/keepalived-1.2.7.tar.gz
tar xf keepalived-1.2.7.tar.gz
cd keepalived-1.2.7
./configure --prefix=/usr/local/
提示:
checking for openssl/ssl.h... no
configure: error:
!!! OpenSSL is not properly installed on your system. !!!
!!! Can not include OpenSSL headers files. !!!
安裝libssl.dev
apt-get install libssl.dev
繼續:
./configure --prefix=/usr/local/
提示:
checking for poptGetContext in -lpopt... no
configure: error: Popt libraries is required
安裝libpopt-dev
apt-get install libpopt-dev
繼續:
./configure --prefix=/usr/local/
make
make install
2.編輯keepalived.conf
mkdir /etc/keepalived/
vi /etc/keepalived/keepalived.conf
######## keepalived.conf ########
global_defs {
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER # haproxy02:BACKUP
interface eth0
virtual_router_id 51
priority 91 # 比haproxy02大
advert_int 1
authentication {
auth_type PASS
auth_pass 123456789
}
virtual_ipaddress {
172.16.1.30
}
vrrp_instance VI_2 {
state BACKUP # haproxy02:MASTER
interface eth0
virtual_router_id 52
priority 90 # 比haproxy02小
advert_int 1
authentication {
auth_type PASS
auth_pass 123456789
}
virtual_ipaddress {
172.16.1.31
}
######## keepalived.conf ########
3.啟動keepalived
/usr/local/sbin/keepalvied -f /etc/keepalived/keepalived.conf
4.查看vip
ip addr
顯示:
eth0:
inet 172.16.1.30/32 scope global eth0
inet 172.16.1.31/32 scope global eth0 #(haproxy02的keepalived未啟動,vip2在haproxy01中,haproxy02中keepalived啟動後,vip2自動跳轉到haproxy02中eth0上)
主機haproxy02:
keepalived安裝同上,keepalived.conf如下:
######## keepalived.conf ########
global_defs {
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state BACKUP # haproxy01:MASTER
interface eth0
virtual_router_id 51
priority 90 # 比haproxy01小
advert_int 1
authentication {
auth_type PASS
auth_pass 123456789
}
virtual_ipaddress {
172.16.1.30
}
vrrp_instance VI_2 {
state MASTER # haproxy01:BACKUP
interface eth0
virtual_router_id 52
priority 91 # 比haproxy01大
advert_int 1
authentication {
auth_type PASS
auth_pass 123456789
}
virtual_ipaddress {
172.16.1.31
}
######## keepalived.conf ########
啟動keepalived
/usr/local/sbin/keepalvied -f /etc/keepalived/keepalived.conf
查看vip:
ip addr
顯示:
eth0:
inet 172.16.1.31/32 scope global eth0 # (haproxy中eth0上vip2消失,只有vip1)
停止任意一台keepalived服務,另外一台均可自動生成vip1和vip2,確保2台haproxy高可用性
2.安裝haproxy
wget http://haproxy.1wt.eu/download/1.4/src/haproxy-1.4.24.tar.gz
tar xf haproxy-1.4.24.tar.gz
cd haproxy-1.4.24
查看ubuntu版本信息:
uname -a
顯示:
Linux ubuntu37 3.2.0-51-generic #77-Ubuntu SMP Wed Jul 24 20:18:19 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
make TARGET=37-ubuntu
make PREFIX=/usr/local/haproxy install
建立haproxy用戶
useradd haproxy
2.編輯haproxy.cfg
mkdir /etc/haproxy
vi /etc/haproxy/haproxy.cfg
######## haproxy.cfg ########
global
log 127.0.0.1 local0
maxconn 51200
user haproxy
group haproxy
daemon
defaults
log 127.0.0.1 local3
mode http
option dontlognull
balance roundrobin
retries 2
option redispatch
option abortonclose
maxconn 51200
contimeout 5000
clitimeout 50000
srvtimeout 50000
listen haproxy01
bind 172.16.1.30:80
mode http
option httpclose
option forceclose
option forwardfor
option originalto
option redispatch
balance leastconn
timeout check 5s
stats uri /stats # haproxy負載監控頁面 例:http://172.16.1.30/stats
stats refresh 15s # 監控頁面刷新時間
stats realm baison-test-Haproxy
stats auth admin:admin # 監控頁面賬號密碼
stats hide-version # 隱藏haproxy版本信息
cookie SESSION_COOKIE insert indirect nocache
maxconn 40960
server nginx1 192.168.100.11:80 weight 1 cookie nginx1 check inter 2000 rise 2 fall 3
server nginx2 192.168.100.12:80 weight 1 cookie nginx2 check inter 2000 rise 2 fall 3
listen haproxy02
bind 172.16.1.31:80
mode http
option httpclose
option forceclose
option forwardfor
option originalto
option redispatch
balance leastconn
cookie SESSION_COOKIE insert indirect nocache
maxconn 40960
server nginx3 192.168.100.13:80 weight 1 cookie nginx3 check inter 2000 rise 2 fall 3
server nginx4 192.168.100.14:80 weight 1 cookie nginx4 check inter 2000 rise 2 fall 3
######## haproxy.cfg ########
啟動haproxy:
/usr/local/haproxy/sbin/haproxy -f /etc/haproxy/haproxy.cfg
主機haproxy02:
安裝同上,haproxy.cfg同上
啟動haproxy:
/usr/local/haproxy/sbin/haproxy -f /etc/haproxy/haproxy.cfg
四:測試
通過浏覽器訪問:
http://172.16.1.30
頁面顯示:nginx1、nginx2輪詢切換
http://172.16.1.31
頁面顯示:nginx3、nginx4輪詢切換
可通過監控頁面查看負載情況:
http://172.16.1.30/stats
停止任意一台haproxy服務,站點均不受影響
五:haproxy日志
1.在/etc/rsyslog.conf中:
添加haproxy日志路徑:
local0.* /var/log/haproxy.log
local3.* /var/log/haproxy.log
取消注釋:
#$ModLoad imudp ==》$ModLoad imudp
#$UDPServerRun 514 ==》$UDPServerRun 514
重啟rsyslog服務
service rsyslog restart
2.核實services文件
grep 514 /etc/services
顯示:
syslog 514/udp 為ok!!!
如不存在,手動添加:
vi /etc/default/rsyslog
RSYSLOGD_OPTIONS="-r -c 5"
重啟syslog服務,
service rsyslog restart
六:優化haproxy服務器
1.內核結果如下:
sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.ip_local_port_range = 1024 65535
net.nf_conntrack_max = 1310720
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 15
net.core.netdev_max_backlog = 4096
net.core.rmem_max = 16777216
net.core.somaxconn = 1310720
net.core.wmem_max = 16777216
net.ipv4.tcp_max_syn_backlog = 20480
net.ipv4.tcp_max_tw_buckets = 400000
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_wmem = 4096 65536 16777216
vm.min_free_kbytes = 65536
net.ipv4.tcp_sack = 1
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_tw_recycle = 1
拷貝至sysctl.conf中
vi /etc/sysctl.conf
2.ulimit數值永久化
執行:
ulimit -SHn
顯示:
1024
永久化:
a.在/etc/pam.d/login中,添加:
pam_limits.so (有時候系統默認添加)
查找文件位置:
find / -name pam_limits.so
顯示:
/lib/x86_64-linux-gnu/security/pam_limits.so
b.在/etc/security/limits.conf中,添加:
root soft nofile 10240 #實際值
root hard nofile 10240 #實際值
c.修改 /etc/rc.local 添加:
echo 8061540 > /proc/sys/fs/file-max
執行:
echo 8061540 > /proc/sys/fs/file-max
3.nginx服務器內核參數優化
sysctl -p
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_intvl = 2
net.ipv4.tcp_keepalive_probes = 2
net.ipv4.tcp_keepalive_time = 120
net.ipv4.tcp_syn_retries = 10
net.ipv4.tcp_sack = 1
net.ipv4.tcp_timestamps = 1