一:本文将详细介绍haproxy的配置使用以及高级功能的使用,比如通过haproxy进行动态添加删除负载集群中的后端web服务器的指定主机,另外将详细介绍keepalived的详细配置方法、配置实例及实现方式,具体如下:

1.1:通过haproxy动态增减web集群中的主机,打开haproxy的主机在线维护功能,主要原理是haproxy监听本地socket文件,mysql写localhost会查抄默认路径为/var/lib/mysql/mysql.socket文件,但是使用IP地址是使用的TCP协议访问,就不需要查找socket文件了,所以使用localhost连接本机MySQL和写127.0.0.1连接本机MySQL的实现方式是不一样的,haproxy配置socket文件路径:

1.1.1:haproxy配置文件添加socket配置信息如下:

[root@localhost ~]# cat /etc/haproxy/haproxy.cfg

global

maxconn 100000

chroot /usr/local/haproxy

uid 99

gid 99

daemon

nbproc 1

pidfile /usr/local/haproxy/logs/haproxy.pid

log 127.0.0.1 local0 info

stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin #设置socket文件路径,权限为600级别为admin,还有其他级别,但是动态添加主机需要admin权限

1.1.2:创建保存socket文件的目录:

# mkdir  /var/lib/haproxy

1.1.3:重启haproxy服务:

[root@localhost ~]# /etc/init.d/haproxy  restart

Restarting haproxy (via systemctl):                        [  OK  ]

1.1.4:验证haproxy的socket文件:

[root@localhost ~]# ll /var/lib/haproxy/

total 0

srw------- 1 root root 0 Dec 31 21:02 haproxy.socket

1.2:安装socat命令,socat是和socket通信的命令:

1.2.1:安装命令:

[root@localhost ~]# yum install socat

1.2.2:命令使用帮助:

[root@localhost ~]# echo "help" | socat stdio /var/lib/haproxy/haproxy.socket

Unknown command. Please enter one of the following commands only :

  help           : this message

  prompt         : toggle interactive mode with prompt

  quit           : disconnect

  disable agent  : disable agent checks (use 'set server' instead)

  disable health : disable health checks (use 'set server' instead)

  disable server : disable a server for maintenance (use 'set server' instead)

  enable agent   : enable agent checks (use 'set server' instead)

  enable health  : enable health checks (use 'set server' instead)

  enable server  : enable a disabled server (use 'set server' instead)

  set maxconn server : change a server's maxconn setting

  set server     : change a server's state, weight or address

  get weight     : report a server's current weight

  set weight     : change a server's weight (deprecated)

  disable frontend : temporarily disable specific frontend

  enable frontend : re-enable specific frontend

  set maxconn frontend : change a frontend's maxconn setting

  show servers state [id]: dump volatile server information (for backend <id>)

  show backend   : list backends in the current running config

  shutdown frontend : stop a specific frontend

  clear table    : remove an entry from a table

  set table [id] : update or create a table entry's data

  show table [id]: report table usage stats or dump this table's contents

  show errors    : report last request and response errors for each proxy

  clear counters : clear max statistics counters (add 'all' for all counters)

  show info      : report information about the running process

  show stat      : report counters for each proxy and server

  show sess [id] : report the list of current sessions or dump this session

  shutdown session : kill a specific session

  shutdown sessions server : kill sessions on a server

  show pools     : report information about the memory pools usage

  add acl        : add acl entry

  clear acl <id> : clear the content of this acl

  del acl        : delete acl entry

  get acl        : report the patterns matching a sample for an ACL

  show acl [id]  : report available acls or dump an acl's contents

  add map        : add map entry

  clear map <id> : clear the content of this map

  del map        : delete map entry

  get map        : report the keys and values matching a sample for a map

  set map        : modify map entry

  show map [id]  : report available maps or dump a map's contents

  show stat resolvers [id]: dumps counters from all resolvers section and

                          associated name servers

  set maxconn global : change the per-process maxconn setting

  set rate-limit : change a rate limiting value

  set timeout    : change a timeout setting

  show env [var] : dump environment variables known to the process

  show tls-keys [id|*]: show tls keys references or dump tls ticket keys when id specifie

1.2.3:查看haproxy的详细信息:

[root@localhost ~]# echo "show info" | socat stdio /var/lib/haproxy/haproxy.socket

Name: HAProxy

Version: 1.7.1

Release_date: 2016/12/13

Nbproc: 1

Process_num: 1

Pid: 20077

Uptime: 0d 0h04m49s

Uptime_sec: 289

Memmax_MB: 0

PoolAlloc_MB: 0

PoolUsed_MB: 0

PoolFailed: 0

Ulimit-n: 200034

Maxsock: 200034

Maxconn: 100000

Hard_maxconn: 100000

CurrConns: 0

CumConns: 3

CumReq: 3

MaxSslConns: 0

CurrSslConns: 0

CumSslConns: 0

Maxpipes: 0

PipesUsed: 0

PipesFree: 0

ConnRate: 0

ConnRateLimit: 0

MaxConnRate: 0

SessRate: 0

SessRateLimit: 0

MaxSessRate: 0

SslRate: 0

SslRateLimit: 0

MaxSslRate: 0

SslFrontendKeyRate: 0

SslFrontendMaxKeyRate: 0

SslFrontendSessionReuse_pct: 0

SslBackendKeyRate: 0

SslBackendMaxKeyRate: 0

SslCacheLookups: 0

SslCacheMisses: 0

CompressBpsIn: 0

CompressBpsOut: 0

CompressBpsRateLim: 0

ZlibMemUsage: 0

MaxZlibMemUsage: 0

Tasks: 7

Run_queue: 1

Idle_pct: 100

node: localhost

1.3:关闭一个后端服务器中的web服务器并在管理界面进行验证:

1.3.1:动态关闭一台web服务器:

[root@localhost ~]# echo "disable server web_port/web1" | socat stdio /var/lib/haproxy/haproxy.socket  #关闭指定backend下的某台web服务器

1.3.2:在haproxy的管理端进行验证该web服务器是否从负载中下线:

1.3.3:动态开启服务器:

[root@localhost ~]# echo "enable  server web_port/web1" | socat stdio /var/lib/haproxy/haproxy.socket

1.3.4:验证服务器是否开启:

二:Keepalived 应用:

官方下载地址:http://www.keepalived.org/download.html

Keepalived权威指南:Keepalived权威指南

2.1:keepalived是VRRP协议在linux系统上的完美实现的解决方案,详细如下:

虚拟路由冗余协议(Virtual Router
Redundancy
Protocol,简称VRRP)是由IETF提出的解决局域网中配置静态网关出现单点失效现象的路由协议,1998年已推出正式的RFC2338协议标准。VRRP广泛应用在边缘网络中,它的设计目标是支持特定情况下IP数据流量失败转移不会引起混乱,允许主机使用单路由器,以及及时在实际第一跳路由器使用失败的情形下仍能够维护路由器间的连通性。VRRP是一种选择协议,它可以把一个虚拟路由器的责任动态分配到局域网上的
VRRP 路由器中的一台。控制虚拟路由器 IP 地址的 VRRP 路由器称为主路由器,它负责转发数据包到这些虚拟 IP 地址。[1]
 一旦主路由器不可用,这种选择过程就提供了动态的故障转移机制,这就允许虚拟路由器的 IP
地址可以作为终端主机的默认第一跳路由器。是一种LAN接入设备备份协议。一个局域网络内的所有主机都设置缺省网关,这样主机发出的目的地址不在本网段的报文将被通过缺省网关发往三层交换机,从而实现了主机和外部网络的通信。

VRRP是一种路由容错协议,也可以叫做备份路由协议。一个局域网络内的所有主机都设置缺省路由,当网内主机发出的目的地址不在本网段时,报文将被通过缺省路由发往外部路由器,从而实现了主机与外部网络的通信。当缺省路由器down掉(即端口关闭)之后,内部主机将无法与外部通信,如果路由器设置了VRRP时,那么这时,虚拟路由将启用备份路由器,从而实现全网通信。

脑裂是backup收不到master的心跳组播包,可以使用网线直连做心跳。

2.2:部署两台服务器,各安装haproxy和keepalived,实现负载高可用:

2.2.1:haproxy安装方式在上一篇博客有详细介绍:

2.2.2:编译安装keepalived:

# tar xvf keepalived-1.2.24.tar.gz

# cd keepalived-1.2.24

# ./configure  --prefix=/usr/local/keepalived-1.2.24

# make && make install

# ln -sv /usr/local/keepalived-1.2.24/ /usr/local/keepalived

# cp keepalived/etc/init.d/keepalived.sysconfig  /etc/sysconfig/keepalived

# cp keepalived/etc/init.d/keepalived.init  /etc/init.d/keepalive

# chmod  a+x /etc/init.d/keepalived

# mkdir  /etc/keepalived

# ln -sv /usr/local/keepalived/sbin/keepalived   /usr/bin/ #不做软连接报错,提示/bin/bash/keepakived找不到

2.2.3:server1 编辑keepalived配置文件:

! Configuration File for keepalived

global_defs {

  notification_email {  #指定keepalived在发生事件,比如切换IP的时候需要发生邮件的地址,可以有多个,一行一个即可

    acassen@firewall.loc

    failover@firewall.loc

    sysadmin@firewall.loc

  }

  notification_email_from Alexandre.Cassen@firewall.loc  #指定smtp服务器设置

  smtp_server 192.168.200.1

  smtp_connect_timeout 30

  router_id LVS_DEVEL  #运行keepalived的标示,可以写主机名等信息

}

vrrp_instance IP1 {   #监听一组VIP

    state BACKUP #指定初始状态为backup即备份状态

    interface br0 #监听的本地网卡名称,此处是一块桥接网卡,

    virtual_router_id 10  #路由id,多个网卡环境下,id一定不能一样,范围为10-255

    priority 90 #优先级,高的为master

    advert_int 1  #进行通告

    authentication { #配置认证机制

        auth_type PASS #认证类型为密码

        auth_pass 5555 #认证密码

    }

    virtual_ipaddress {

        192.168.10.100

    }

}

vrrp_instance IP2 {

    state MASTER #第二组IP初始状态是master

    interface br0

    virtual_router_id 20

    priority 100

    advert_int 1

    authentication {

         auth_type PASS

         auth_pass 1111

    }

    virtual_ipaddress {

         192.168.10.101 #具体的虚拟IP地址,两个keepalived设置要一样,否则服务不生效

     }

}

2.3.4:server 2的keepalived配置:

# cat /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {

  notification_email {

    acassen@firewall.loc

    failover@firewall.loc

    sysadmin@firewall.loc

  }

  notification_email_from Alexandre.Cassen@firewall.loc

  smtp_server 192.168.200.1

  smtp_connect_timeout 30

  router_id LVS_DEVEL

}

vrrp_instance IP1 {

    state MASTER  #服务器1的master

    interface eth1

    virtual_router_id 10

    priority 150

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 5555

    }

    virtual_ipaddress {

        192.168.10.100

    }

}

vrrp_instance IP2 {

    state BACKUP #是服务器1的备份

    interface eth1

    virtual_router_id 20

    priority 50

    advert_int 1

    authentication {

         auth_type PASS

         auth_pass 1111

    }

    virtual_ipaddress {

         192.168.10.101

     }

}

2.4:关闭一个keepalived服务,在日志记录中验证IP地址是否会迁移到backup服务器:

2.4.1:在server 1关闭keepalived:

[root@localhost keepalived-1.2.24]# /etc/init.d/keepalived  stop

Stopping keepalived (via systemctl):                       [  OK

2.4.2:在server 2查看日志:

2.4.3:验证server 2的IP地址:

2.4.4:开启server 1的keepalived:

[root@localhost keepalived-1.2.24]# /etc/init.d/keepalived  start

Starting keepalived (via systemctl):                       [  OK  ]

2.4.5:验证server 2的日志:

2.4.6:验证server 2的IP地址:

2.4.7:验证server 1的ip地址:

2.4.8:使用tcpdump抓取心跳检测的数据包:

2.5:关于keepalived的不抢占:

抢占发生在Master和Backup环境中Master 出现问题导致虚拟IP漂移到了Backup,但是当Master恢复之后IP地址会再次漂移到Master上,并且反反复复出现这样的问题,从而导致出现出现频繁网络切换,而可能引起未知的网络问题,因此可以配置不抢占,当IP漂移到了Backup之后不再往回迁IP,需要手动将IP配置回去才可以,具体如下:

2.5.1:Server1的不抢占的详细配置:

[root@localhost keepalived-1.2.24]# cat  /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {

  notification_email {

    acassen@firewall.loc

    failover@firewall.loc

    sysadmin@firewall.loc

  }

  notification_email_from Alexandre.Cassen@firewall.loc

  smtp_server 192.168.200.1

  smtp_connect_timeout 30

  router_id LVS_DEVEL

}

vrrp_instance IP1 {

    state BACKUP

    interface br0

    virtual_router_id 10

    priority 90

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 5555

    }

    virtual_ipaddress {

        192.168.10.100

    }

}

vrrp_instance IP2 {

    state BACKUP #不抢占需要配置在BACKUP组内,并且优先级高于备份服务器的keepalived组内

    interface br0

    virtual_router_id 20

    nopreempt #声明不抢占,即当IP飘走之后不再根据优先级抢占IP,但是当对方服务出现问题依然可以绑定IP到本地

    priority 100 #配置在高优先级的keepalived组内,低优先级的就不需要配置抢占了

    advert_int 1

    authentication {

         auth_type PASS

         auth_pass 1111

    }

    virtual_ipaddress {

         192.168.10.101

     }

}

2.5.2:Serevr 2不抢占的详细配置:

[root@node10 ~]# cat  /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {

  notification_email {

    acassen@firewall.loc

    failover@firewall.loc

    sysadmin@firewall.loc

  }

  notification_email_from Alexandre.Cassen@firewall.loc

  smtp_server 192.168.200.1

  smtp_connect_timeout 30

  router_id LVS_DEVEL

}

vrrp_instance IP1 {

    state BACKUP  #状态必须是BACKUP

    interface eth1

    virtual_router_id 10

    priority 150

    nopreempt #不抢占,优先级比Server 1的同组高

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 5555

    }

    virtual_ipaddress {

        192.168.10.100

    }

}

vrrp_instance IP2 {

    state BACKUP #状态为BACKUP

    interface eth1

    virtual_router_id 20

    priority 50 #比Server 1的的同组低,就不需要配置不抢占了

    advert_int 1

    authentication {

         auth_type PASS

         auth_pass 1111

    }

    virtual_ipaddress {

         192.168.10.101

     }

}

2.5.3:查看IP现在在那个服务器,将keepalived服务关闭在开启,验证IP地址是否还会配置在本地:

[root@localhost keepalived-1.2.24]# ip addr | grep 192

    inet 192.168.10.128/24 brd 192.168.10.255 scope global br0

    inet 192.168.10.101/32 scope global br0

    inet 192.168.10.100/32 scope global br0

    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0

[root@localhost keepalived-1.2.24]# /etc/init.d/keepalived   stop

Stopping keepalived (via systemctl):                       [  OK  ]

[root@localhost keepalived-1.2.24]#

[root@localhost keepalived-1.2.24]# ip addr | grep 192

    inet 192.168.10.128/24 brd 192.168.10.255 scope global br0

    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0

[root@localhost keepalived-1.2.24]# /etc/init.d/keepalived   start

Starting keepalived (via systemctl):                       [  OK  ]

[root@localhost keepalived-1.2.24]# ip addr | grep 192

    inet 192.168.10.128/24 brd 192.168.10.255 scope global br0

    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0

2.5.4:验证server 2的IP地址:

[root@node10 ~]# ip addr | grep 192

    inet 192.168.10.129/24 brd 192.168.10.255 scope global eth1

    inet 192.168.10.100/32 scope global eth1

    inet 192.168.10.101/32 scope global eth1

    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0

注:由此可见,在非抢占模式下,IP地址发送变动后不会再向优先级高的服务器进行漂移,减少了因为IP变动而引起的网络故障。

haproxy动态增减主机与keepalived高级应用的更多相关文章

  1. Soat控制HAProxy 动态增减服务器

    Soat控制HaProxy 动态增减服务器 安装HaProxy-1.5.18: yum install haproxy -y yum install socat -y HaProxy-1.5.18 配 ...

  2. Haproxy/LVS负载均衡实现+keepalived实现高可用

    haproxy+keepalived 集群高可用集群转发 环境介绍 #内核版本 Ubuntu 18.04.4 LTS \n \l 107-Ubuntu SMP Thu Jun 4 11:27:52 U ...

  3. Apache实现动态虚拟主机

    经常在开发中为Apache web server添加虚拟主机  方便多个项目的 同时运营,但是每次增加新的项目时都得重新配置增加VirtualHost:虚拟主机    部分,时间久了VirtualHo ...

  4. iOS 实现脉冲雷达以及动态增减元素 By Swift-感谢分享

    Swift经过Xcode6 Beta4一版更新后,基本上已经可以作为生产工具了,虽然有一些地方和ObjC比起来要“落后”一些,但也无伤大雅.这里就用Xcode6 Beta4+iOS SDK 8.0开发 ...

  5. OpenStack neutron 环境云主机使用keepalived vip + 给vip绑定浮动IP 步骤及注意事项

    在openstack环境创建的多台云主机配置keepalived作主备,默认情况下无法生效,直接对云主机一张网卡配置两个IP进行测试也是同样结果,因为: 可以看到,port所在的宿主机上iptable ...

  6. Cluster基础(三):配置HAProxy负载平衡集群、Keepalived高可用服务器、Keepalived+LVS服务器

    一.配置HAProxy负载平衡集群 目标: 准备三台Linux服务器,两台做Web服务器,一台安装HAProxy,实现如下功能: 客户端访问HAProxy,HAProxy分发请求到后端Real Ser ...

  7. [py]flask动态展示主机内存图

    echarts基础 需要借助这个图来绘制,动态内存图. 绘制步骤 写py脚本来入库日志 选取合适的echart,并观察图所需的数据格式 用flask返回这个静态的echarts 用flask写接口返回 ...

  8. 动态创建Lambda表达式实现高级查询

    需求简介 最近这几天做的东西总算是回归咱的老本行了,给投资管理项目做一个台账的东西,就是类似我们的报表.其 中有一个功能是一个高级查询的需求,在查询条件方面大概有7.8个查询条件.需求就是如果一个条件 ...

  9. 三主机配置 keepalived VIP高可用

    三台主机: 192.168.33.134 192.168.33.136 192.168.33.137   实验前: 关闭selinux 和iptables     1). 192.168.33.134 ...

随机推荐

  1. 自定义容器tomcat应用

    看不懂可以先去看:https://www.cnblogs.com/leihongnu/p/14506704.html 1.将103服务器上的mytomcat镜像打包为mytomcat.gz(花时间比较 ...

  2. fabric运行错误汇总

    Error generating signCA for org org1.example.com: Failed storing key [ECDSAP256]: Failed storing ECD ...

  3. Linux ns 3. Mnt Namespace 详解

    1. 文件系统层次化 对 Linux 系统来说一切皆文件,Linux 使用树形的层次化结构来管理所有的文件对象. 完整的Linux文件系统,是由多种设备.多种文件系统组成的一个混合的树形结构.我们首先 ...

  4. GoLang设计模式14 - 状态模式

    状态模式,顾名思义,是一种基于有限状态机制的设计模式.在这种设计模式中,行为是由相应的状态来决定的.接下来我们会用一个售卖机的例子来说明下状态模式.为了便于说明,我们把场景简化一下,假设有一台售卖机只 ...

  5. [atARC110E]Shorten ABC

    考虑令$a$.$b$和$c$分别对应1.2和3,那么每一次相当于令$x$和$y$变为$x\oplus y$(要求$x\ne y$) 根据异或的结合律,我们相当于将其划分为若干个区间求异或值 (另外还有 ...

  6. SpringCloud升级之路2020.0.x版-41. SpringCloudGateway 基本流程讲解(1)

    本系列代码地址:https://github.com/JoJoTec/spring-cloud-parent 接下来,将进入我们升级之路的又一大模块,即网关模块.网关模块我们废弃了已经进入维护状态的 ...

  7. 【知识详解】JAVA基础(秋招总结)

    JAVA基础 目录 JAVA基础 问:面向过程(POP)和面向对象(OOP)? 问:Python和Java的区别? 问:java的八大基本数据类型? 问:封装继承多态说一下? 问:方法和函数的区别? ...

  8. PIC16 bootloader之UART bootloader

    了解更多关于bootloader 的C语言实现,请加我Q扣: 1273623966 (验证信息请填 bootloader),欢迎咨询或定制bootloader(在线升级程序). PIC16 bootl ...

  9. 为了拿捏 Redis 数据结构,我画了 40 张图(完整版)

    大家好,我是小林. Redis 为什么那么快? 除了它是内存数据库,使得所有的操作都在内存上进行之外,还有一个重要因素,它实现的数据结构,使得我们对数据进行增删查改操作时,Redis 能高效的处理. ...

  10. 简单聊下.NET6 Minimal API的使用方式

    前言 随着.Net6的发布,微软也改进了对之前ASP.NET Core构建方式,使用了新的Minimal API模式.之前默认的方式是需要在Startup中注册IOC和中间件相关,但是在Minimal ...