Haproxy

1. Haproxy安装配置

# yum安装haproxy

yum install haproxy

# cat /etc/haproxy/haproxy.cfg

 

global

        log 127.0.0.1 local0

        maxconn 100000

        user haproxy

        group haproxy

        daemon

        nbproc 8

 

defaults

        log global

        mode http

        #option httpclose

        option redispatch

        option forwardfor

        option abortonclose

        option dontlognull

        retries 2

        maxconn 100000

        #balance source

        timeout connect      10000

        timeout client       100000

        timeout server       100000

 

listen  admin_stats

        bind *:8899

        mode http

        option httplog

        log 127.0.0.1 local0 err

        maxconn 10

        stats refresh 30s

        stats uri /stats

        stats realm XingCloud\ Haproxy

        stats auth admin:admin

        stats hide-version  

listen redis

         bind 0.0.0.0:6379

         mode tcp 

         balance roundrobin 

         server node1 10.10.72.45:6379 minconn 4 maxconn 10000 check inter 2000 rise 2 fall 5

         server node2 10.10.72.46:6379 minconn 4 maxconn 10000 check inter 2000 rise 2 fall 5

 

listen gxpt-dsqz

        bind 0.0.0.0:52001

        mode http

        balance roundrobin

        server node1 10.10.72.29:52001 minconn 100 maxconn 10000 check inter 2000 rise 1 fall 2

        server node2 10.10.72.30:52001 minconn 100 maxconn 10000 check inter 2000 rise 1 fall 2

        server node3 10.10.72.31:52001 minconn 100 maxconn 10000 check inter 2000 rise 1 fall 2

        server node4 10.10.72.32:52001 minconn 100 maxconn 10000 check inter 2000 rise 1 fall 2

        server node5 10.10.72.33:52001 minconn 100 maxconn 10000 check inter 2000 rise 1 fall 2

        server node6 10.10.72.34:52001 minconn 100 maxconn 10000 check inter 2000 rise 1 fall 2

 

listen gxpt-dsqz-ssl

        bind 0.0.0.0:54001 ssl crt /opt/cert/gxpt.pem verify none

        mode http

        balance roundrobin

        server node1 10.10.72.2:5001 ssl verify none minconn 100 maxconn 10000 check inter 2000 rise 1 fall 2

        server node2 10.10.72.3:5001 ssl verify none minconn 100 maxconn 10000 check inter 2000 rise 1 fall 2

 

listen SKServer

        bind 0.0.0.0:8080

        mode http

        cookie SKServer  insert  nocache

        server node1   10.72.31.49:8080 cookie server1 check inter 2000 rise 1 fall 2

        server node2   10.72.31.50:8080 cookie server2 check inter 2000 rise 1 fall 2

 

frontend frontend_58001

        bind 0.0.0.0:58001

        mode http

        option tcplog

        acl fpcloud-yypt path_beg  -i /fpcloud-yypt

        use_backend fpcloud-yypt if fpcloud-yypt

        acl fpcloud-web path_beg  -i /fpcloud-web

        use_backend fpcloud-web if fpcloud-web

 

backend fpcloud-web

        mode http

        balance roundrobin

        server node1 10.72.1.233:58001 minconn 100 maxconn 10000 check inter 2000 rise 1 fall 2

        server node2 10.72.1.241:58001 minconn 100 maxconn 10000 check inter 2000 rise 1 fall 2

 

backend fpcloud-yypt

        mode http

        balance roundrobin

        server node1 10.72.1.233:58002 minconn 100 maxconn 10000 check inter 2000 rise 1 fall 2

        server node2 10.72.1.241:58002 minconn 100 maxconn 10000 check inter 2000 rise 1 fall 2

 

# 启动haproxy

/etc/init.d/haproxy start

chkconfig haproxy on

 

2. 配置haproxy 日志

# 编辑haproxy配置文件

# vim haproxy.cfg

global

log 127.0.0.1 local2

#local2是设备，对应于/etc/rsyslog.conf中的配置，默认是info的日志级别

defaults

log global  # 必须配置

option httplog  # 配置

 

# 编辑系统日志配置

# vim /etc/rsyslog.conf

 默认有下面的设置，会读取 /etc/rsyslog.d/*.conf目录下的配置文件

 $IncludeConfig /etc/rsyslog.d/*.conf

 

# 为haproxy创建一个独立的配置文件

# vim  /etc/rsyslog.d/haproxy.conf

$ModLoad imudp

$UDPServerRun 514

local2.* /opt/var/logs/haproxy/haproxy.log

local2.warning  /opt/var/logs/haproxy/haproxy_warn.log

# 如果不加下面的的配置则除了在/opt/var/logs/haproxy/haproxy.log 中写入日志外，也会写入message文件

 

# mkdir /opt/var/logs/haproxy/ -p

 

# 配置rsyslog的主配置文件，开启远程日志

# vim /etc/sysconfig/rsyslog

 SYSLOGD_OPTIONS="-c 2 -r -m 0"

 #-c 2 使用兼容模式，默认是 -c 5

 #-r 开启远程日志

 #-m 0 标记时间戳。单位是分钟，为0时，表示禁用该功能

 

 

# 重启haproxy和rsyslog服务

# centos 6

# /etc/init.d/rsyslog restart

# /etc/init.d/haproxy restart

# chkconfig rsyslog on

 

# centos7

# systemctl restart rsyslog

# systemctl restart haproxy

# systemctl enable rsyslog

3. 配置haproxy日志轮转

# vim /etc/logrotate.d/haproxy

/opt/var/logs/haproxy/*.log {

    daily

    rotate 7

    create

    missingok

    notifempty

    dateext

    compress

    sharedscripts

    postrotate

#        /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true

#        /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true       

    /etc/init.d/rsyslog restart

    endscript

}

 

参考系统默认配置：

/opt/var/logs/haproxy/*.log {

    daily

    rotate 10

    missingok

    notifempty

    compress

    sharedscripts

    postrotate

        /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true

        /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true

    endscript

}

 

# 强制轮转测试

# logrotate -vf /etc/logrotate.d/haproxy

 

Keepalived

Keepalived VIP: 10.10.72.20

1、安装keepalived

# 上传keepalived rpm包以及相关依赖包(或者yum安装)

# sudo rpm -ivh lm_sensors-libs-3.1.1-17.el6.x86_64.rpm  net-snmp-libs-5.5-54.el6_7.1.x86_64.rpm

# sudo rpm -ivh keepalived-1.2.13-5.el6_6.x86_64.rpm

 

2、配置HA1（10.10.72.21）节点

# sudo vim /etc/keepalived/keepalived.conf

global_defs {

#   notification_email {

#   sysadmin@lyk.com

#   }

#   notification_email_from monitor@lyk.com

#   smtp_server 127.0.0.1

#   smtp_connect_timeout 30

   router_id service_ha

}

vrrp_instance HA_1 {

  state BACKUP

  interface eth0

  virtual_router_id 80

  priority 100

  advert_int 2

  nopreempt

  authentication {

    auth_type PASS

    auth_pass 1111

  }

  virtual_ipaddress {

    10.10.72.20 dev eth0 label eth0:1

  }

}

virtual_server 10.10.72.20 8899 {

  delay_loop 2

  lb_algo wlc

  lb_kind DR

  nat_mask 255.255.255.0

  protocol TCP

  persistence_timeout 60

  real_server 10.10.72.21 8899 {

    weight 1

    notify_down /etc/rc.d/keepalived.sh

    TCP_CHECK {

      connect_port 8899

      connect_timeout 3

      nb_get_retry 2

      delay_before_retry 1

    }

  }

}

 

# sudo vim /etc/rc.d/keepalived.sh

#!/bin/sh

/etc/init.d/haproxy restart

if pgrep haproxy;then

         exit 0

else

/etc/init.d/keepalived stop

exit 0

fi

# sudo chmod +x /etc/rc.d/keepalived.sh  

 

3、配置haproxy2（10.10.72.22）节点

# sudo vim /etc/keepalived/keepalived.conf

global_defs {

#   notification_email {

#   sysadmin@lyk.com

#   }

#   notification_email_from monitor@lyk.com

#   smtp_server 127.0.0.1

#   smtp_connect_timeout 30

   router_id service_ha

}

vrrp_instance HA_1 {

  state BACKUP

  interface eth0

  virtual_router_id 80

  priority 90

  advert_int 2

  nopreempt

  authentication {

    auth_type PASS

    auth_pass 1111

  }

  virtual_ipaddress {

    10.10.72.20 dev eth0 label eth0:1

  }

}

virtual_server 10.10.72.20 8899 {

  delay_loop 2

  lb_algo wlc

  lb_kind DR

  nat_mask 255.255.255.0

  protocol TCP

  persistence_timeout 60

  real_server 10.10.72.22 8899 {

    weight 1

    notify_down /etc/rc.d/keepalived.sh

    TCP_CHECK {

      connect_port 8899

      connect_timeout 3

      nb_get_retry 2

      delay_before_retry 1

    }

  }

}

 

# sudo vim /etc/rc.d/keepalived.sh

#!/bin/sh

/etc/init.d/haproxy restart

if pgrep haproxy;then

         exit 0

else

/etc/init.d/keepalived stop

exit 0

fi

# sudo chmod +x /etc/rc.d/keepalived.sh

 

4、所有节点启动keepalive

# sudo /etc/init.d/keepalived start

# sudo chkconfig keepalived on

5、测试验证

# ifconfig

eth0:1    Link encap:Ethernet  HWaddr 00:50:56:BB:BF:BA 

          inet addr:10.10.72.20  Bcast:0.0.0.0  Mask:255.255.255.0

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

6、haproxy故障漂移测试

# 在keepalive vip 那台服务器 停止haproxy服务，验证keepalive vip 会漂移到另外一台haproxy服务上。