Haproxy

1.ospf协议：用来做lvs的水平括扩展(高可用)
2.Fnat模式:
解决了多vlan|session共享
特性:
    LIP:多VL，支持后端RS不在同一个网络中(TUN实施成本过高)
    lvs不具备对后端RS健康检查     
性能：DR>TUN>NAT>FNAT
3.DDOS攻击|
4.TCP三次握手

Haproxy

源码编译&&制作rpm包
(1)源码编译
[root@server1 ~]# ls
haproxy-1.6.11.tar.gz
[root@server1 ~]# cd haproxy-1.6.11
[root@server1 haproxy-1.6.11]# ls
CHANGELOG     doc       include      Makefile  src      VERDATE
contrib       ebtree    LICENSE      README    SUBVERS  VERSION
CONTRIBUTING  examples  MAINTAINERS  ROADMAP   tests
[root@server1 haproxy-1.6.11]# less README 
[root@server1 haproxy-1.6.11]# yum install pcre-devel openssh-devel zlib-devel -y
[root@server1 haproxy-1.6.11]# make TARGET=linux26 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy
[root@server1 haproxy-1.6.11]# make TARGET=linux26 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy install
[root@server1 haproxy-1.6.11]# cd examples/
[root@server1 examples]# ls
acl-content-sw.cfg     debug2ansi    haproxy.spec           ssl.cfg
auth.cfg               debug2html    haproxy.vim            stats_haproxy.sh
check                  debugfind     init.haproxy           transparent_proxy.cfg
check.conf             errorfiles    option-http_proxy.cfg
content-sw-sample.cfg  haproxy.init  seamless_reload.txt
[root@server1 examples]# cp haproxy.init /etc/init.d/haproxy
[root@server1 examples]# chmod +x /etc/init.d/haproxy 


(2)制作源码包

[root@server1 examples]# yum install rpm-build -y
[root@server1 examples]# rpmbuild -bb haproxy.spec 
error: File /root/rpmbuild/SOURCES/haproxy-1.6.11.tar.gz: No such file or directory
[root@server1 examples]# cp ~/haproxy-1.6.11.tar.gz  ~/rpmbuild/SOURCES/
[root@server1 examples]# cd
[root@server1 ~]# cd rpmbuild/RPMS/
[root@server1 RPMS]# ls
x86_64
[root@server1 RPMS]# cd x86_64/
[root@server1 x86_64]# ls
haproxy-1.6.11-1.x86_64.rpm
[root@server1 x86_64]# rpm -qpl haproxy-1.6.11-1.x86_64.rpm 
/etc/haproxy
/etc/rc.d/init.d/haproxy
/usr/sbin/haproxy
/usr/share/doc/haproxy-1.6.11
/usr/share/doc/haproxy-1.6.11/CHANGELOG
/usr/share/doc/haproxy-1.6.11/README
/usr/share/doc/haproxy-1.6.11/architecture.txt
/usr/share/doc/haproxy-1.6.11/configuration.txt
/usr/share/doc/haproxy-1.6.11/intro.txt
/usr/share/doc/haproxy-1.6.11/management.txt
/usr/share/doc/haproxy-1.6.11/proxy-protocol.txt
/usr/share/man/man1/haproxy.1.gz
[root@server1 x86_64]# 

源码安装

[root@server1 x86_64]# rm -fr /usr/local/haproxy/
[root@server1 x86_64]# ls
haproxy-1.6.11-1.x86_64.rpm
[root@server1 x86_64]# rpm -ivh haproxy-1.6.11-1.x86_64.rpm 
Preparing...                ########################################### [100%]
   1:haproxy                ########################################### [100%]
[root@server1 ~]# cd haproxy-1.6.11/
[root@server1 haproxy-1.6.11]# cd examples/
[root@server1 examples]# cp content-sw-sample.cfg /etc/haproxy/haproxy.cfg
[root@server1 x86_64]# 

实现负载均衡

[root@server1 ~]# groupadd -g 200 haproxy
[root@server1 ~]# useradd -u 200 -g 200 -M -s /sbin/nologin haproxy
[root@server1 ~]# id haproxy
uid=200(haproxy) gid=200(haproxy) groups=200(haproxy)
[root@server1 ~]# vim /etc/haproxy/haproxy.cfg
.....
    10  global
    11          maxconn         10000
    12          stats socket    /var/run/haproxy.stat mode 600 level admin
    13          log             127.0.0.1 local0
    14          uid             200
    15          gid             200
    16          chroot          /var/empty
    17          daemon
    18  defaults
    19          mode            http
    20      log     global
    21      option      httplog
    22      #option     dontlogull
    23      monitor-uri /monitoruri
    24      maxconn     8000
    25          timeout client  30s
    26  
    27          stats uri       /admin/stats
    28  
    29          option prefer-last-server
    30          retries         2
    31          option redispatch
    32          timeout connect 5s
    33          timeout server  5s
    34  
    35  frontend public
    36          bind            172.25.66.1:80 name clear
    37  
    38  #        use_backend     static if { hdr_beg(host) -i img }
    39          default_backend dynamic
    40  
    41  backend dynamic     #定义算法(haproxy的8种调度算法)
    42          server          statsrv1 172.25.66.2:80 check inter 1000    weight 2    #定义后端服务器及权重
    43          server          statsrv2 172.25.66.3:80 check inter 1000
    44  
.....
[root@server1 ~]# /etc/init.d/haproxy start
Starting haproxy:                                          [  OK  ]
[root@server1 ~]#
[root@server1 ~]# vim /etc/security/limits.conf 
 51 haproxy         -       nodile          8000

测试

[root@foundation66 Desktop]# curl 172.25.66.1/monitoruri
<html><body><h1>200 OK</h1>
Service ready.
</body></html>
[root@foundation66 Desktop]# curl 172.25.66.1/admin/stats
[kiosk@foundation66 Desktop]$ for i in range {1..5};do curl 172.25.66.1;done
Server2
Server3
Server2
Server3
Server2
Server3
[kiosk@foundation66 Desktop]$ 

添加日志

**haproxy算法(8种负载均衡算法)

实现重定向

[root@server1 ~]# vim /etc/haproxy/haproxy.cfg 
.....
 37         acl badip src 172.25.66.250     #禁IP
 38         #http-request deny if badip
 39         redirect location http://172.25.66.4 if badip   #重定向到4上
.....

测试

浏览器访问：
172.25.66.1--->http://172.25.66.4/  #自动实现跳转

支持动静页面

[root@server1 ~]# vim /etc/haproxy/haproxy.cfg 
.....
    35  frontend public
    36          bind            172.25.66.1:80 name clear
    37      acl badip src 172.25.66.250
    38      acl url_static path_end -i .png .gpeg .gif
    39      #http-request deny if badip
    40      #redirect location http://172.25.66.4 if badip
    41      acl write method POST
    42      acl write method PUT
    43  
    44      use_backend     static if write
    45          default_backend dynamic
    46      
    48  backend dynamic     #动态页面定义到2
    49      balance leastconn
    50          server          statsrv1 172.25.66.2:80 check inter 1000
    51  backend static  #静态页面定义到3
    52          server          statsrv2 172.25.66.3:80 check inter 1000
 .....

RS端：

必须支持php
yum install php #重启httpd
通过上传照片实现
**先下载upload目录|修改权限|移动文件|修改文件大小
[root@server2 html]# chmod 777 upload
[root@server2 ~]# cd /var/www/html/upload/
[root@server2 html]# ls
index.html  index.php  upload  upload_file.php
[root@server2 html]# vim  upload_file.php   #修改图片大小
[root@server2 upload]# 

浏览器访问：

http://172.25.66.1  先broswer，然后submit

POST测试

[root@server3 ~]# cd /var/www/html/upload
[root@server3 upload]# ls
OSI.gif     #上传成功
[root@server3 upload]# 

Pacemaker+haproxy

Server1|Server2安装和配置pacmaker|haproxy

添加VIP

[root@server1 ~]# crm
crm(live)# configure 
crm(live)configure#  property stonith-enabled=false
crm(live)configure# primitive vip ocf:heartbeat:IPaddr2 params ip=172.25.66.100 cidr_netmask=24 op monitor interval=1min    #添加vip
crm(live)configure# commit
crm(live)configure# bye
bye
[root@server1 ~]#

添加haproxy服务

[root@server1 ~]# crm 
crm(live)# configure 
crm(live)configure# primitive haproxy lsb:haproxy op monitor interval=1min  #添加服务
crm(live)configure# property no-quorum-policy=ignore
crm(live)configure# show
node server1
node server4
primitive haproxy lsb:haproxy \
    op monitor interval="1min"
primitive vip ocf:heartbeat:IPaddr2 \
    params ip="172.25.66.100" cidr_netmask="24" \
    op monitor interval="1min"
property $id="cib-bootstrap-options" \
    dc-version="1.1.10-14.el6-368c726" \
    cluster-infrastructure="classic openais (with plugin)" \
    expected-quorum-votes="2" \
    stonith-enabled="false"
crm(live)configure# commit 
crm(live)configure# bye 
bye
[root@server1 ~]#


&&&crm_mon监控
**在添加完VIP和haproxy之后，commit，集群自动启动服务，会发现vip和haproxy都开启
    在一个节点(Server1)down掉之后，另一个(Server2)接管