基于Keepalived+Haproxy搭建四层负载均衡器

http://blog.liuts.com/post/223/

一、前言
Haproxy是稳定、高性能、高可用性的负载均衡解决方案，支持HTTP及TCP代理后端服务器池，因支持强大灵活的7层acl规则，广泛作为HTTP反向代理。本文则详细介绍如何利用它的四层交换与Keepalived实现一个负载均衡器，适用于Socket、ICE、Mail、Mysql、私有通讯等任意TCP服务。系统架构图如下：



二、平台环境

引用

OS:Centos5.4(64X)
MASTER:192.168.0.20
BACKUP:192.168.0.21
VIP:192.168.0.100
Serivce Port:11231

三、平台安装配置
1、添加非本机IP邦定支持

引用

#vi /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind=1
#sysctl –p

2、配置平台日志支持

引用

#vi /etc/syslog.conf
添加：
local3.*/var/log/haproxy.log
local0.*/var/log/haproxy.log

#vi /etc/sysconfig/syslog
修改：
SYSLOGD_OPTIONS="-r -m 0"
#/etc/init.d/syslog restart

3、关闭SELINUX

引用

vi /etc/sysconfig/selinux
修改：
SELINUX=disabled
#setenforce 0

4、配置iptables，添加VRRP通讯支持

引用

iptables -A INPUT -d 224.0.0.18 -j ACCEPT

5、Keepalived的安装、配置

引用

#mkdir -p /home/install/keepalivedha
#cd /home/install/keepalivedha
#wget http://www.keepalived.org/software/keepalived-1.2.2.tar.gz
#tar zxvf keepalived-1.2.2.tar.gz
#cd keepalived-1.2.2
#./configure
#make && make install

引用

#cp /usr/local/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
#cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
#mkdir /etc/keepalived
#cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
#cp /usr/local/sbin/keepalived /usr/sbin/

#vi /etc/keepalived/keepalived.conf

view plain copy to clipboard print ?

1. !ConfigurationFileforkeepalived
3. global_defs{
4. notification_email{
5. liutiansi@gmail.com
6. }
7. notification_email_fromliutiansi@gmail.com
8. smtp_connect_timeout3
9. smtp_server127.0.0.1
10. router_idLVS_DEVEL
11. }
12. vrrp_scriptchk_haproxy{
13. script"killall-0haproxy"
14. interval2
15. weight2
16. }
17. vrrp_instanceVI_1{
18. interfaceeth1
19. stateMASTER#从为"BACKUP"
20. priority101#从为100
21. virtual_router_id50#路由ID，可通过#tcpdumpvrrp查看。
22. garp_master_delay1#主从切换时间，单位为秒。
24. authentication{
25. auth_typePASS
26. auth_passKJj23576hYgu23IP
27. }
28. track_interface{
29. eth0
30. eth1
31. }
32. virtual_ipaddress{
33. 192.168.0.100
34. }
35. track_script{
36. chk_haproxy
37. }
39. #状态通知
40. notify_master"/etc/keepalived/Mailnotify.pymaster"
41. notify_backup"/etc/keepalived/Mailnotify.pybackup"
42. notify_fault"/etc/keepalived/Mailnotify.pyfault"
43. }

! Configuration File for keepalived global_defs { notification_email { liutiansi@gmail.com } notification_email_from liutiansi@gmail.com smtp_connect_timeout 3 smtp_server 127.0.0.1 router_id LVS_DEVEL } vrrp_script chk_haproxy { script "killall -0 haproxy" interval 2 weight 2 } vrrp_instance VI_1 { interface eth1 state MASTER # 从为"BACKUP" priority 101 # 从为100 virtual_router_id 50 #路由ID，可通过#tcpdump vrrp查看。 garp_master_delay 1 #主从切换时间，单位为秒。 authentication { auth_type PASS auth_pass KJj23576hYgu23IP } track_interface { eth0 eth1 } virtual_ipaddress { 192.168.0.100 } track_script { chk_haproxy } #状态通知 notify_master "/etc/keepalived/Mailnotify.py master" notify_backup "/etc/keepalived/Mailnotify.py backup" notify_fault "/etc/keepalived/Mailnotify.py fault" }
6、Haproxy的安装与配置

引用

#cd /home/install/keepalivedha
#wget http://haproxy.1wt.eu/download/1.4/src/haproxy-1.4.11.tar.gz
#tar -zxvf haproxy-1.4.11.tar.gz
#cd haproxy-1.4.11
#make install
#mkdir -p /usr/local/haproxy/etc
#mkdir -p /usr/local/haproxy/sbin
#cp examples/haproxy.cfg /usr/local/haproxy/etc
#ln -s /usr/local/sbin/haproxy /usr/local/haproxy/sbin/haproxy

#vi /usr/local/haproxy/etc/haproxy.cfg

view plain copy to clipboard print ?

1. #thisconfigneedshaproxy-1.1.28orhaproxy-1.2.1
3. global
4. #log127.0.0.1local0
5. log127.0.0.1local1notice
6. maxconn5000
7. uid99
8. gid99
9. daemon
10. pidfile/usr/local/haproxy/haproxy.pid
13. defaults
14. logglobal
15. modehttp
16. #optionhttplog
17. optiondontlognull
18. retries3
19. optionredispatch
20. maxconn2000
21. contimeout5000
22. clitimeout50000
23. srvtimeout50000
25. listenICE01192.168.0.100:11231
26. modetcp#配置TCP模式
27. maxconn2000
28. balanceroundrobin
29. serverice-192.168.0.128192.168.0.128:11231checkinter5000fall1rise2
30. serverice-192.168.0.129192.168.0.129:11231checkinter5000fall1rise2
31. serverice-192.168.0.130192.168.0.130:11231checkinter5000fall1rise2
32. serverice-192.168.0.131192.168.0.131:11231checkinter5000fall1rise2
33. serverice-192.168.0.132192.168.0.132:11231checkinter5000fall1rise2
34. serverice-192.168.0.34192.168.0.34:11231checkinter5000fall1rise2
35. srvtimeout20000
37. listenstats_auth192.168.0.20:80
38. #listenstats_auth192.168.0.21:80#backupconfig
39. statsenable
40. statsuri/admin-status#管理地址
41. statsauthadmin:123456#管理帐号:管理密码
42. statsadminifTRUE

# this config needs haproxy-1.1.28 or haproxy-1.2.1 global #log 127.0.0.1 local0 log 127.0.0.1 local1 notice maxconn 5000 uid 99 gid 99 daemon pidfile /usr/local/haproxy/haproxy.pid defaults log global modehttp #option httplog optiondontlognull retries 3 option redispatch maxconn 2000 contimeout5000 clitimeout50000 srvtimeout50000 listenICE01 192.168.0.100:11231 mode tcp #配置TCP模式 maxconn 2000 balance roundrobin serverice-192.168.0.128 192.168.0.128:11231 check inter 5000 fall 1 rise 2 serverice-192.168.0.129 192.168.0.129:11231 check inter 5000 fall 1 rise 2 serverice-192.168.0.130 192.168.0.130:11231 check inter 5000 fall 1 rise 2 serverice-192.168.0.131 192.168.0.131:11231 check inter 5000 fall 1 rise 2 serverice-192.168.0.132 192.168.0.132:11231 check inter 5000 fall 1 rise 2 serverice-192.168.0.34 192.168.0.34:11231 check inter 5000 fall 1 rise 2 srvtimeout20000 listen stats_auth 192.168.0.20:80 # listen stats_auth 192.168.0.21:80 # backup config stats enable stats uri/admin-status #管理地址 stats authadmin:123456 #管理帐号:管理密码 stats admin if TRUE
7、邮件通知程序(python实现)
#vi /etc/keepalived/Mailnotify.py

view plain copy to clipboard print ?

1. #!/usr/local/bin/python
2. #coding:utf-8
3. fromemail.MIMEMultipartimportMIMEMultipart
4. fromemail.MIMETextimportMIMEText
5. fromemail.MIMEImageimportMIMEImage
6. fromemail.headerimportHeader
7. importsys
8. importsmtplib
10. #---------------------------------------------------------------
11. #Name:Mailnotify.py
12. #Purpose:MailnotifytoSA
13. #Author:Liutiansi
14. #Email:liutiansi@gamil.com
15. #Created:2011/03/09
16. #Copyright:(c)2011
17. #--------------------------------------------------------------
18. strFrom='admin@domain.com'
19. strTo='liutiansi@gmail.com'
20. smtp_server='smtp.domain.com'
21. smtp_pass='123456'
23. ifsys.argv[1]!="master"andsys.argv[1]!="backup"andsys.argv[1]!="fault":
24. sys.exit()
25. else:
26. notify_type=sys.argv[1]
29. mail_title='[紧急]负载均衡器邮件通知'
30. mail_body_plain=notify_type+'被激活，请做好应急处理。'
31. mail_body_html='<b><fontcolor=red>'+notify_type+'被激活，请做好应急处理。</font></b>'
33. msgRoot=MIMEMultipart('related')
34. msgRoot['Subject']=Header(mail_title,'utf-8')
35. msgRoot['From']=strFrom
36. msgRoot['To']=strTo
38. msgAlternative=MIMEMultipart('alternative')
39. msgRoot.attach(msgAlternative)
41. msgText=MIMEText(mail_body_plain,'plain','utf-8')
42. msgAlternative.attach(msgText)
45. msgText=MIMEText(mail_body_html,'html','utf-8')
46. msgAlternative.attach(msgText)
49. smtp=smtplib.SMTP()
50. smtp.connect(smtp_server)
51. smtp.login(smtp_user,smtp_pass)
52. smtp.sendmail(strFrom,strTo,msgRoot.as_string())
53. smtp.quit()

#!/usr/local/bin/python #coding: utf-8 from email.MIMEMultipart import MIMEMultipart from email.MIMEText import MIMEText from email.MIMEImage import MIMEImage from email.header import Header import sys import smtplib #--------------------------------------------------------------- # Name:Mailnotify.py # Purpose: Mail notify to SA # Author:Liutiansi # Email: liutiansi@gamil.com # Created: 2011/03/09 # Copyright: (c) 2011 #-------------------------------------------------------------- strFrom = 'admin@domain.com' strTo = 'liutiansi@gmail.com' smtp_server='smtp.domain.com' smtp_pass='123456' if sys.argv[1]!="master" and sys.argv[1]!="backup"and sys.argv[1]!="fault": sys.exit() else: notify_type=sys.argv[1] mail_title='[紧急]负载均衡器邮件通知' mail_body_plain=notify_type+'被激活，请做好应急处理。' mail_body_html='<b><font color=red>'+notify_type+'被激活，请做好应急处理。</font></b>' msgRoot = MIMEMultipart('related') msgRoot['Subject'] =Header(mail_title,'utf-8') msgRoot['From'] = strFrom msgRoot['To'] = strTo msgAlternative = MIMEMultipart('alternative') msgRoot.attach(msgAlternative) msgText = MIMEText(mail_body_plain, 'plain', 'utf-8') msgAlternative.attach(msgText) msgText = MIMEText(mail_body_html, 'html','utf-8') msgAlternative.attach(msgText) smtp = smtplib.SMTP() smtp.connect(smtp_server) smtp.login(smtp_user,smtp_pass) smtp.sendmail(strFrom, strTo, msgRoot.as_string()) smtp.quit()
注：修改成系统python实际路径“#!/usr/local/bin/python”(第一行)
#chmod +x /etc/keepalived/Mailnotify.py
#/usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/etc/haproxy.cfg
#service keepalived start

8、查看VRRP通讯记录
#tcpdump vrrp

引用

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
15:49:05.270017 IP 192.168.0.20 > VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 50, prio 100, authtype simple, intvl 1s, length 20

四、Haproxy界面
访问http://192.168.0.20/admin-status，输入帐号admin密码123456进入管理监控平台。

haproxy-1.4.11最大的亮点是添加了手工启用/禁用功能，对升级变更应用时非常有用。

五、邮件通知