<![CDATA[运维进行时]]>

<![CDATA[运维进行时]]> https://www.liuts.com/index.php zh-cn https://www.liuts.com/post/223/ <![CDATA[基于Keepalived+Haproxy搭建四层负载均衡器[原创]]]> 刘天斯 <liutiansi@gmail.com> Thu, 10 Mar 2011 10:17:57 +0000 https://www.liuts.com/post/223/ 一、前言
Haproxy是稳定、高性能、高可用性的负载均衡解决方案，支持HTTP及TCP代理后端服务器池，因支持强大灵活的7层acl规则，广泛作为HTTP反向代理。本文则详细介绍如何利用它的四层交换与Keepalived实现一个负载均衡器，适用于Socket、ICE、Mail、Mysql、私有通讯等任意TCP服务。系统架构图如下：

二、平台环境

引用

OS:Centos5.4(64X)
MASTER:192.168.0.20
BACKUP:192.168.0.21
VIP:192.168.0.100
Serivce Port:11231

三、平台安装配置
1、添加非本机IP邦定支持

引用

#vi /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind=1
#sysctl –p

2、配置平台日志支持

引用

#vi /etc/syslog.conf
添加：
local3.* /var/log/haproxy.log
local0.* /var/log/haproxy.log

#vi /etc/sysconfig/syslog
修改：
SYSLOGD_OPTIONS="-r -m 0"
#/etc/init.d/syslog restart

3、关闭SELINUX

引用

vi /etc/sysconfig/selinux
修改：
SELINUX=disabled
#setenforce 0

4、配置iptables，添加VRRP通讯支持

引用

iptables -A INPUT -d 224.0.0.18 -j ACCEPT

5、Keepalived的安装、配置

引用

#mkdir -p /home/install/keepalivedha
#cd /home/install/keepalivedha
#wget http://www.keepalived.org/software/keepalived-1.2.2.tar.gz
#tar zxvf keepalived-1.2.2.tar.gz
#cd keepalived-1.2.2
#./configure
#make && make install

引用

#cp /usr/local/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
#cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
#mkdir /etc/keepalived
#cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
#cp /usr/local/sbin/keepalived /usr/sbin/

#vi /etc/keepalived/keepalived.conf

6、Haproxy的安装与配置

引用

#cd /home/install/keepalivedha
#wget http://haproxy.1wt.eu/download/1.4/src/haproxy-1.4.11.tar.gz
#tar -zxvf haproxy-1.4.11.tar.gz
#cd haproxy-1.4.11
#make install
#mkdir -p /usr/local/haproxy/etc
#mkdir -p /usr/local/haproxy/sbin
#cp examples/haproxy.cfg /usr/local/haproxy/etc
#ln -s /usr/local/sbin/haproxy /usr/local/haproxy/sbin/haproxy

#vi /usr/local/haproxy/etc/haproxy.cfg

# this config needs haproxy-1.1.28 or haproxy-1.2.1

global
#        log 127.0.0.1   local0
        log 127.0.0.1   local1 notice
        maxconn 5000
        uid 99
        gid 99
        daemon
        pidfile /usr/local/haproxy/haproxy.pid

defaults
        log     global
        mode    http
        #option httplog
        option  dontlognull
        retries 3
        option redispatch
        maxconn 2000
        contimeout      5000
        clitimeout      50000
        srvtimeout      50000

listen  ICE01   192.168.0.100:11231
        mode tcp #配置TCP模式
        maxconn 2000
        balance roundrobin
        server  ice-192.168.0.128 192.168.0.128:11231 check inter 5000 fall 1 rise 2
        server  ice-192.168.0.129 192.168.0.129:11231 check inter 5000 fall 1 rise 2
        server  ice-192.168.0.130 192.168.0.130:11231 check inter 5000 fall 1 rise 2
        server  ice-192.168.0.131 192.168.0.131:11231 check inter 5000 fall 1 rise 2
        server  ice-192.168.0.132 192.168.0.132:11231 check inter 5000 fall 1 rise 2
        server  ice-192.168.0.34 192.168.0.34:11231 check inter 5000 fall 1 rise 2
        srvtimeout      20000

listen stats_auth 192.168.0.20:80
# listen stats_auth 192.168.0.21:80 # backup config
        stats enable
        stats uri  /admin-status #管理地址
        stats auth  admin:123456 #管理帐号:管理密码
        stats admin if TRUE

7、邮件通知程序(python实现)
#vi /etc/keepalived/Mailnotify.py

#!/usr/local/bin/python
#coding: utf-8
from email.MIMEMultipart import MIMEMultipart
from email.MIMEText import MIMEText
from email.MIMEImage import MIMEImage
from email.header import Header
import sys
import smtplib

#---------------------------------------------------------------
# Name:        Mailnotify.py
# Purpose:     Mail notify to SA
# Author:      Liutiansi
# Email:       liutiansi@gamil.com
# Created:     2011/03/09
# Copyright:   (c) 2011
#--------------------------------------------------------------
strFrom = 'admin@domain.com'
strTo = 'liutiansi@gmail.com'
smtp_server='smtp.domain.com'
smtp_pass='123456'

if sys.argv[1]!="master" and sys.argv[1]!="backup"  and sys.argv[1]!="fault":
    sys.exit()
else:
    notify_type=sys.argv[1]

mail_title='[紧急]负载均衡器邮件通知'
mail_body_plain=notify_type+'被激活，请做好应急处理。'
mail_body_html='<b><font color=red>'+notify_type+'被激活，请做好应急处理。</font></b>'

msgRoot = MIMEMultipart('related')
msgRoot['Subject'] =Header(mail_title,'utf-8')
msgRoot['From'] = strFrom
msgRoot['To'] = strTo

msgAlternative = MIMEMultipart('alternative')
msgRoot.attach(msgAlternative)

msgText = MIMEText(mail_body_plain, 'plain', 'utf-8')
msgAlternative.attach(msgText)

msgText = MIMEText(mail_body_html, 'html','utf-8')
msgAlternative.attach(msgText)

smtp = smtplib.SMTP()
smtp.connect(smtp_server)
smtp.login(smtp_user,smtp_pass)
smtp.sendmail(strFrom, strTo, msgRoot.as_string())
smtp.quit()

注：修改成系统python实际路径“#!/usr/local/bin/python”(第一行)
#chmod +x /etc/keepalived/Mailnotify.py
#/usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/etc/haproxy.cfg
#service keepalived start

8、查看VRRP通讯记录
#tcpdump vrrp

引用

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
15:49:05.270017 IP 192.168.0.20 > VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 50, prio 100, authtype simple, intvl 1s, length 20

四、Haproxy界面
访问http://192.168.0.20/admin-status，输入帐号admin密码123456进入管理监控平台。

haproxy-1.4.9以后版本最大的亮点是添加了手工启用/禁用功能，对升级变更应用时非常有用。

五、邮件通知

如大家有什么疑问或感兴趣的话题可以通过weibo与我交流：http://t.qq.com/yorkoliu
Tags - keepalived , haproxy , 四层 , 4layer , 负载均衡 ]]> https://www.liuts.com/post/174/ <![CDATA[Load Balancing QoS with HAProxy]]> root <admin@yourname.com> Mon, 23 Nov 2009 02:40:44 +0000 https://www.liuts.com/post/174/ 点击在新窗口中浏览此图片

A brand new Rails/Merb app you put together over a weekend, a pack of Mongrels, a reverse proxy (like Nginx), and you're up and running. Well, almost, what about that one request that tends to run forever, often forcing the user to double check their internet connection? Response time is king, and you always want to make sure that your site feel snappy to the user. Did you know that Flickr optimizes all of their pages to render in sub 250ms?
When you're fighting with response times, the worst thing you can possibly do is queue up another request behind an already long running process. Not only does the first request take forever, but everyone else must wait in line for it to finish as well! To mitigate the problem HAProxy goes beyond a simple round-robin scheduler, and implements a very handy feature: intelligent request queuing!

.................................
更多http://www.igvita.com/2008/05/13/load-balancing-qos-with-haproxy/
Tags - haproxy ]]>