Haproxy 基础

行业观察

HAProxy提供高可用性、负载均衡以及基于TCP和HTTP的应用代理,支持虚拟主机,它是免费、快速并且可靠的一种负载均衡解决方案。适合处理高负载站点的七层数据请求。类似的代理服务可以屏蔽内部真实服务器,防止内部服务器遭受攻击。

Haproxy 基础

软件:haproxy—主要是做负载均衡的7层,也可以做4层负载均衡

apache也可以做7层负载均衡,但是很麻烦。实际工作中没有人用。

7层负载均衡:用的7层http协议,

4层负载均衡:用的是tcp协议加端口号做的负载均衡

——————————————————————————————————————————

ha-proxy概述

ha-proxy是一款高性能的负载均衡软件。因为其专注于负载均衡这一些事情,因此与nginx比起来在负载均衡这件事情上做更好,更专业。

ha-proxy的特点:

ha-proxy 作为目前流行的负载均衡软件,必须有其出色的一面。下面介绍一下ha-proxy负载均衡软件的优点:

1.支持tcp / http 两种协议层的负载均衡,使得其负载均衡功能非常丰富。

2.支持8种左右的负载均衡算法支持会话保持,尤其是在http模式时,有许多非常实在的负载均衡算法,适用各种需求。

3.性能非常优秀,单进程处理模式(和Nginx类似)让其性能卓越。

4.拥有一个功能出色的监控页面,实时了解系统的当前状况。

5.功能强大的ACL支持,给用户极大的方便。

6.支持原生SSL,同时支持客户端和服务器的SSL.

7.并发连接40000-50000个,单位时间处理最大请求20000个,最大数据处理10Gbps.

8.支持虚拟主机

haproxy算法:

1.roundrobin—基于权重进行轮询,此算法是动态的,这表示其权重可以在运行时进行调整.不过在设计上,每个后端服务器仅能最多接受4128个连接

2.static-rr—基于权重进行轮询,与roundrobin类似,但是为静态方法,在运行时调整其服务器权重不会生效.不过,其在后端服务器连接数上没有限制

3.leastconn—-新的连接请求被派发至具有最少连接数目的后端服务器.

1、Haproxy 实现七层负载

Keepalived + Haproxy

=================================================================================

/etc/haproxy/haproxy.cfg

global //关于进程的全局参数

log 127.0.0.1 local2 info #日志服务器

pidfile /var/run/haproxy.pid #pid文件

maxconn 4000 #最大连接数

user haproxy #用户

group haproxy #组

daemon #守护进程方式后台运行

nbproc 1 #工作进程数量 cpu内核是几就写几

defaults 段用于为其它配置段提供默认参数

listen是frontend和backend的结合体

frontend 虚拟服务VIrtual Server

backend 真实服务器Real Server

Keepalived + Haproxy

=================================================================================

拓扑结构

[vip: 192.168.246.17]

[LB1 Haproxy] [LB2 Haproxy]

192.168.246.169 192.168.246.161

[httpd] [httpd]

192.168.246.162 192.168.246.163

一、Haproxy实施步骤

1. 准备工作(集群中所有主机)

[root@ha-proxy-master ~]# cat /etc/hosts

127.0.0.1 localhost

192.168.246.169 ha-proxy-master

192.168.246.161 ha-proxy-slave

192.168.246.162 test-nginx1

192.168.246.163 test-nginx2

2. RS配置

配置好网站服务器,测试所有RS,所有机器安装nginx

[root@test-nginx1 ~]# yum install -y nginx

[root@test-nginx1 ~]# systemctl start nginx

[root@test-nginx1 ~]# echo “test-nginx1” >> /usr/share/nginx/html/index.html

# 所有nginx服务器按顺序输入编号,方便区分。

3. 调度器配置Haproxy(主/备)都执行

[root@ha-proxy-master ~]# yum -y install haproxy

[root@ha-proxy-master ~]# cp -rf /etc/haproxy/haproxy.cfg{,.bak}

[root@ha-proxy-master ~]# sed -i -r ‘/^[ ]*#/d;/^$/d’ /etc/haproxy/haproxy.cfg

[root@ha-proxy-master ~]# vim /etc/haproxy/haproxy.cfg

global

log 127.0.0.1 local2 info

pidfile /var/run/haproxy.pid

maxconn 4000 #优先级低

user haproxy

group haproxy

daemon #以后台形式运行ha-proxy

nbproc 1#工作进程数量 cpu内核是几就写几

defaults

mode http #工作模式 http ,tcp 是 4 层,http是 7 层

log global

retries 3 #健康检查。3次连接失败就认为服务器不可用,主要通过后面的check检查

option redispatch #服务不可用后重定向到其他健康服务器。

maxconn 4000 #优先级中

contimeout 5000 #ha服务器与后端服务器连接超时时间,单位毫秒ms

clitimeout 50000 #客户端超时

srvtimeout 50000 #后端服务器超时

listen stats

bind*:81

stats enable

stats uri /haproxy #使用浏览器访问 http://192.168.246.169/haproxy,可以看到服务器状态

stats auth qianfeng:123 #用户认证,客户端使用elinks浏览器的时候不生效

frontend web

mode http

bind *:80 #监听哪个ip和什么端口

option httplog #日志类别 http 日志格式

acl html url_reg -i .html$ #1.访问控制列表名称html。规则要求访问以html结尾的url

use_backend httpservers if html #2.如果满足acl html规则,则推送给后端服务器httpservers

default_backend httpservers #默认使用的服务器组

backend httpservers #名字要与上面的名字必须一样

balance roundrobin #负载均衡的方式

server http1 192.168.246.162:80 maxconn 2000 weight 1 check inter 1s rise 2 fall 2

server http2 192.168.246.163:80 maxconn 2000 weight 1 check inter 1s rise 2 fall 2

将配置文件拷贝到slave服务器

[root@ha-proxy-master ~]# scp /etc/haproxy/haproxy.cfg 192.168.246.161:/etc/haproxy/

两台机器启动设置开机启动

[root@ha-proxy-master ~]# systemctl start haproxy

[root@ha-proxy-master ~]# systemctl enable haproxy

#check inter 2000 检测心跳频率

#rise 2 2 次正确认为服务器可用

#fall 2 2 次失败认为服务器不可用

4.测试主/备(浏览器访问)

主:

Haproxy 基础

备:

Haproxy 基础

页面主要参数解释

Queue

Cur: current queued requests //当前的队列请求数量

Max:max queued requests //最大的队列请求数量

Limit: //队列限制数量

Errors

Req:request errors //错误请求

Conn:connection errors //错误的连接

Server列表:

Status:状态,包括up(后端机活动)和down(后端机挂掉)两种状态

LastChk: 持续检查后端服务器的时间

Wght: (weight) : 权重

========================================================

2.测试访问

通过访问haparoxy的ip地址访问到后端服务器

# curl http://192.168.246.169

如果出现bind失败的报错,执行下列命令

setsebool -P haproxy_connect_any=1

二、Keepalived实现调度器HA

注:主/备调度器均能够实现正常调度

1. 主/备调度器安装软件

[root@ha-proxy-master ~]# yum install -y keepalived

[root@ha-proxy-slave ~]# yum install -y keepalived

[root@ha-proxy-master ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak

[root@ha-proxy-master ~]# vim /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {

router_id director1

}

vrrp_instance VI_1 {

state MASTER

interface ens33

virtual_router_id 80

priority 100

advert_int 1

authentication {

auth_type PASS

auth_pass 1111

}

virtual_ipaddress {

192.168.246.17/24

}

}

[root@ha-proxy-slave ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak

[root@ha-proxy-slave ~]# vim /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {

router_id directory2

}

vrrp_instance VI_1 {

state BACKUP

interface ens33

virtual_router_id 80

priority 50

advert_int 1

authentication {

auth_type PASS

auth_pass 1111

}

virtual_ipaddress {

192.168.246.17/24

}

}

3. 启动KeepAlived(主备均启动)

[root@ha-proxy-master ~]# chkconfig keepalived on

[root@ha-proxy-master ~]# service keepalived start

[root@ha-proxy-master ~]# ip a

4. 扩展对调度器Haproxy健康检查(可选)

思路:一台机器做

让Keepalived以一定时间间隔执行一个外部脚本,脚本的功能是当Haproxy失败,则关闭本机的Keepalived

a. script

[root@ha-proxy-master ~]# cat /etc/keepalived/check_haproxy_status.sh

#!/bin/bash /usr/bin/curl -I http://localhost &>/dev/null

if [ $? -ne 0 ];then

# /etc/init.d/keepalived stop

systemctl stop keepalived

fi

[root@ha-proxy-master ~]# chmod a+x /etc/keepalived/check_haproxy_status.sh

b. keepalived使用script

[root@ha-proxy-master keepalived]# vim keepalived.conf

! Configuration File for keepalived

global_defs {

router_id director1

}

vrrp_script check_haproxy {

script “/etc/keepalived/check_haproxy_status.sh”

interval 5

}

vrrp_instance VI_1 {

state MASTER

interface ens33

virtual_router_id 80

priority 100

advert_int 1

authentication {

auth_type PASS

auth_pass 1111

}

virtual_ipaddress {

192.168.246.17/24

}

track_script {

check_haproxy

}

}

[root@ha-proxy-slave keepalived]# vim keepalived.conf

! Configuration File for keepalived

global_defs {

router_id directory2

}

vrrp_script check_haproxy {

script “/etc/keepalived/check_haproxy_status.sh”

interval 5

}

vrrp_instance VI_1 {

state BACKUP

interface ens33

virtual_router_id 80

priority 50

advert_int 1

authentication {

auth_type PASS

auth_pass 1111

}

virtual_ipaddress {

192.168.246.17/24

}

track_script {

check_haproxy

}

}

[root@ha-proxy-master keepalived]# systemctl restart keepalived

[root@ha-proxy-slave keepalived]# systemctl restart keepalived

注:必须先启动haproxy,再启动keepalived

两台机器都配置haproxy的日志:需要打开注释并添加

[root@ha-proxy-master ~]# vim /etc/rsyslog.conf

# Provides UDP syslog reception #由于haproxy的日志是用udp传输的,所以要启用rsyslog的udp监听

$ModLoad imudp

$UDPServerRun 514

找到 #### RULES #### 下面添加

local2.info /var/log/haproxy.log

[root@ha-proxy-master ~]# systemctl restart rsyslog

[root@ha-proxy-master ~]# systemctl restart haproxy

[root@ha-proxy-master ~]# tail -f /var/log/haproxy.log

2019-07-13T23:11:35+08:00 localhost haproxy[906]: Connect from 192.168.246.1:56866 to 192.168.246.17:80 (web/HTTP)

2019-07-13T23:11:35+08:00 localhost haproxy[906]: Connect from 192.168.246.1:56867 to 192.168.246.17:80 (web/HTTP)

2019-07-13T23:13:39+08:00 localhost haproxy[906]: Connect from 192.168.246.1:56889 to 192.168.246.17:80 (stats/HTTP)

2019-07-13T23:13:39+08:00 localhost haproxy[906]: Connect from 192.168.246.1:56890 to 192.168.246.17:80 (web/HTTP)

2019-07-13T23:14:07+08:00 localhost haproxy[906]: Connect from 192.168.246.1:56895 to 192.168.246.17:80 (web/HTTP)

2019-07-13T23:14:07+08:00 localhost haproxy[906]: Connect from 192.168.246.1:56896 to 192.168.246.17:80 (stats/HTTP)

四层代理mysql

准备两台机器,关闭防火墙和selinux。

1.两台机器部署mysql并制作互为主从—-略

2.安装haproxy制作代理

[root@haproxy-server ~]# yum -y install haproxy

[root@haproxy-server ~]# cp -rf /etc/haproxy/haproxy.cfg{,.bak}

[root@haproxy-server ~]# sed -i -r ‘/^[ ]*#/d;/^$/d’ /etc/haproxy/haproxy.cfg

[root@haproxy-server ~]# vim /etc/haproxy/haproxy.cfg

global

log 127.0.0.1 local2

pidfile /var/run/haproxy.pid

maxconn 4000

user haproxy

group haproxy

daemon

nbproc 1

defaults

mode http

log global

option redispatch

retries 3

maxconn 3000

contimeout 5000

clitimeout 50000

srvtimeout 50000

listen stats

bind*:81

stats enable

stats uri /haproxy

stats auth qianfeng:123

listen mysql

bind *:3307

mode tcp

balance roundrobin

server mysql1 192.168.198.149:3306 weight 1 check inter 1s rise 2 fall 2

server mysql2 192.168.198.150:3306 weight 1 check inter 1s rise 2 fall 2

[root@haproxy-server ~]# systemctl start haproxy

[root@haproxy-server ~]# netstat -lntp | grep 3307

tcp 0 0 0.0.0.0:33070.0.0.0:* LISTEN 11866/haproxy

3.验证:

[root@haproxy-server ~]# mysql -uroot -p’QianFeng@123!’ -P 3307

mysql: [Warning] Using a password on the command line interface can be insecure.

Welcome to the MySQL monitor. Commands end with ; or g.

Your MySQL connection id is 6

Server version: 5.7.31-log MySQL Community Server (GPL)

Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.

Type ‘help;’ or ‘h’ for help. Type ‘c’ to clear the current input statement.

mysql> show databases;

+——————–+

| Database |

+——————–+

| information_schema |

| mysql |

| performance_schema |

| sys |

+——————–+

4 rows in set (0.00 sec)

mysql>

来源:千锋JAVA开发学院

声明:本站部分文章及图片转载于互联网,内容版权归原作者所有,如本站任何资料有侵权请您尽早请联系jinwei@zod.com.cn进行处理,非常感谢!

上一篇 2020年9月13日
下一篇 2020年9月13日

相关推荐

首页
软件超市
企服市场
会员中心