Haproxy 基础

HAProxy提供高可用性、负载均衡以及基于TCP和HTTP的应用代理,支持虚拟主机,它是免费、快速并且可靠的一种负载均衡解决方案。适合处理高负载站点的七层数据请求。类似的代理服务可以屏蔽内部真实服务器,防止内部服务器遭受攻击。

 软件:haproxy---主要是做负载均衡的7层,也可以做4层负载均衡
 apache也可以做7层负载均衡,但是很麻烦。实际工作中没有人用。
 7层负载均衡:用的7层http协议,
 4层负载均衡:用的是tcp协议加端口号做的负载均衡
 ​
 ------------------------------------------------------------------------------------------------------------------------------
 ha-proxy概述
 ha-proxy是一款高性能的负载均衡软件。因为其专注于负载均衡这一些事情,因此与nginx比起来在负载均衡这件事情上做更好,更专业。
 ​
 ha-proxy的特点:
 ha-proxy 作为目前流行的负载均衡软件,必须有其出色的一面。下面介绍一下ha-proxy负载均衡软件的优点:
 ​
 1.支持tcp / http 两种协议层的负载均衡,使得其负载均衡功能非常丰富。
 2.支持8种左右的负载均衡算法支持会话保持,尤其是在http模式时,有许多非常实在的负载均衡算法,适用各种需求。
 3.性能非常优秀,单进程处理模式(和Nginx类似)让其性能卓越。
 4.拥有一个功能出色的监控页面,实时了解系统的当前状况。
 5.功能强大的ACL支持,给用户极大的方便。
 6.支持原生SSL,同时支持客户端和服务器的SSL.
 7.并发连接40000-50000个,单位时间处理最大请求20000个,最大数据处理10Gbps.
 8.支持虚拟主机
 ​
 haproxy算法:
 1.roundrobin---基于权重进行轮询,此算法是动态的,这表示其权重可以在运行时进行调整.不过在设计上,每个后端服务器仅能最多接受4128个连接
 2.static-rr---基于权重进行轮询,与roundrobin类似,但是为静态方法,在运行时调整其服务器权重不会生效.不过,其在后端服务器连接数上没有限制
 3.leastconn----新的连接请求被派发至具有最少连接数目的后端服务器.

1、Haproxy 实现七层负载

 Keepalived + Haproxy
 =================================================================================
 ​
 /etc/haproxy/haproxy.cfg
 global                                                    //关于进程的全局参数
     log                     127.0.0.1 local2 info  #日志服务器
     pidfile                 /var/run/haproxy.pid  #pid文件
     maxconn         4000     #最大连接数
     user                    haproxy   #用户
     group               haproxy      #组
     daemon          #守护进程方式后台运行
     nbproc 1        #工作进程数量  cpu内核是几就写几
 defaults 段用于为其它配置段提供默认参数
 listen是frontend和backend的结合体
 ​
 frontend        虚拟服务VIrtual Server
 backend        真实服务器Real Server
 Keepalived + Haproxy
 =================================================================================
 ​
 ​
 拓扑结构
 ​
                             [vip: 192.168.246.17]
 ​
                         [LB1 Haproxy]       [LB2 Haproxy]
                         192.168.246.169     192.168.246.161
 ​
                        [httpd]                    [httpd] 
                     192.168.246.162              192.168.246.163
 ​
 一、Haproxy实施步骤               
 1. 准备工作(集群中所有主机)
 [root@ha-proxy-master ~]# cat /etc/hosts
 127.0.0.1       localhost
 192.168.246.169 ha-proxy-master
 192.168.246.161 ha-proxy-slave
 192.168.246.162 test-nginx1 
 192.168.246.163 test-nginx2
 2. RS配置
 配置好网站服务器,测试所有RS,所有机器安装nginx
 [root@test-nginx1 ~]# yum install -y nginx
 [root@test-nginx1 ~]# systemctl start nginx
 [root@test-nginx1 ~]# echo "test-nginx1" >> /usr/share/nginx/html/index.html
 # 所有nginx服务器按顺序输入编号,方便区分。
 3. 调度器配置Haproxy(主/备)都执行
 [root@ha-proxy-master ~]# yum -y install haproxy
 [root@ha-proxy-master ~]# cp -rf /etc/haproxy/haproxy.cfg{,.bak}
 [root@ha-proxy-master ~]# sed -i -r '/^[ ]*#/d;/^$/d' /etc/haproxy/haproxy.cfg
 [root@ha-proxy-master ~]# vim /etc/haproxy/haproxy.cfg
 global
     log         127.0.0.1 local2 info
     pidfile     /var/run/haproxy.pid
     maxconn     4000   #优先级低
     user        haproxy
     group       haproxy
     daemon               #以后台形式运行ha-proxy
     nbproc 1            #工作进程数量  cpu内核是几就写几
 defaults
     mode                    http  #工作模式 http ,tcp 是 4 层,http是 7 层   
     log                     global
     retries                 3   #健康检查。3次连接失败就认为服务器不可用,主要通过后面的check检查
     option                  redispatch  #服务不可用后重定向到其他健康服务器。
     maxconn                 4000  #优先级中
     contimeout              5000  #ha服务器与后端服务器连接超时时间,单位毫秒ms
     clitimeout              50000 #客户端超时
     srvtimeout              50000 #后端服务器超时
 listen stats
     bind            *:81
     stats                       enable
     stats uri               /haproxy  #使用浏览器访问 http://192.168.246.169/haproxy,可以看到服务器状态  
     stats auth              qianfeng:123  #用户认证,客户端使用elinks浏览器的时候不生效
 frontend  web
     mode                    http  
     bind                            *:80   #监听哪个ip和什么端口
     option                  httplog     #日志类别 http 日志格式
     acl html url_reg  -i  \.html$  #1.访问控制列表名称html。规则要求访问以html结尾的url
     use_backend httpservers if  html #2.如果满足acl html规则,则推送给后端服务器httpservers
     default_backend    httpservers   #默认使用的服务器组
 backend httpservers    #名字要与上面的名字必须一样
     balance     roundrobin  #负载均衡的方式
     server  http1 192.168.246.162:80 maxconn 2000 weight 1  check inter 1s rise 2 fall 2
     server  http2 192.168.246.163:80 maxconn 2000 weight 1  check inter 1s rise 2 fall 2
 将配置文件拷贝到slave服务器
 [root@ha-proxy-master ~]# scp  /etc/haproxy/haproxy.cfg 192.168.246.161:/etc/haproxy/
 两台机器启动设置开机启动
 [root@ha-proxy-master ~]# systemctl start haproxy
 [root@ha-proxy-master ~]# systemctl enable haproxy
 #check inter 2000          检测心跳频率
 #rise 2     2 次正确认为服务器可用
 #fall 2      2 次失败认为服务器不可用

4.测试主/备(浏览器访问)

主:

备:

 页面主要参数解释
 Queue
 Cur: current queued requests //当前的队列请求数量
 Max:max queued requests     //最大的队列请求数量
 Limit:           //队列限制数量
 ​
 Errors
 Req:request errors             //错误请求
 Conn:connection errors          //错误的连接
 ​
 Server列表:
 Status:状态,包括up(后端机活动)和down(后端机挂掉)两种状态
 LastChk:    持续检查后端服务器的时间
 Wght: (weight) : 权重
 ========================================================
 2.测试访问
 通过访问haparoxy的ip地址访问到后端服务器
 # curl http://192.168.246.169
 如果出现bind失败的报错,执行下列命令
 setsebool -P haproxy_connect_any=1
 二、Keepalived实现调度器HA
 注:主/备调度器均能够实现正常调度
 1. 主/备调度器安装软件
 [root@ha-proxy-master ~]# yum install -y keepalived
 [root@ha-proxy-slave ~]# yum install -y keepalived
 [root@ha-proxy-master ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
 [root@ha-proxy-master ~]# vim /etc/keepalived/keepalived.conf
 ! Configuration File for keepalived
 ​
 global_defs {
    router_id director1
 }
 vrrp_instance VI_1 {
     state MASTER
     interface ens33
     virtual_router_id 80
     priority 100
     advert_int 1
     authentication {
         auth_type PASS
         auth_pass 1111
     }
     virtual_ipaddress {
         192.168.246.17/24
     }
 }
 ​
 [root@ha-proxy-slave ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
 [root@ha-proxy-slave ~]# vim /etc/keepalived/keepalived.conf
 ! Configuration File for keepalived
 ​
 global_defs {
    router_id directory2
 }
 vrrp_instance VI_1 {
     state BACKUP
     interface ens33
     virtual_router_id 80
     priority 50
     advert_int 1
     authentication {
         auth_type PASS
         auth_pass 1111
     }
     virtual_ipaddress {
         192.168.246.17/24
     }
 }
 3. 启动KeepAlived(主备均启动)
 [root@ha-proxy-master ~]# chkconfig keepalived on
 [root@ha-proxy-master ~]# service keepalived start
 [root@ha-proxy-master ~]# ip a
 ​
 4. 扩展对调度器Haproxy健康检查(可选)
 思路:一台机器做
 让Keepalived以一定时间间隔执行一个外部脚本,脚本的功能是当Haproxy失败,则关闭本机的Keepalived
 a. script
 [root@ha-proxy-master ~]# cat /etc/keepalived/check_haproxy_status.sh
 #!/bin/bash                                                                                /usr/bin/curl -I http://localhost &>/dev/null   
 if [ $? -ne 0 ];then                                                                            
 #       /etc/init.d/keepalived stop
         systemctl stop keepalived
 fi                                                                      
 [root@ha-proxy-master ~]# chmod a+x /etc/keepalived/check_haproxy_status.sh
 b. keepalived使用script
 [root@ha-proxy-master keepalived]# vim keepalived.conf
 ! Configuration File for keepalived
 ​
 global_defs {
    router_id director1
 }
 vrrp_script check_haproxy {
    script "/etc/keepalived/check_haproxy_status.sh"
    interval 5
 }
 ​
 vrrp_instance VI_1 {
     state MASTER
     interface ens33
     virtual_router_id 80
     priority 100
     advert_int 1
     authentication {
         auth_type PASS
         auth_pass 1111
     }
     virtual_ipaddress {
         192.168.246.17/24
     }
     track_script {
         check_haproxy
     }
 }
 [root@ha-proxy-slave keepalived]# vim keepalived.conf
 ! Configuration File for keepalived
 ​
 global_defs {
    router_id directory2
 }
 vrrp_script check_haproxy {
    script "/etc/keepalived/check_haproxy_status.sh"
    interval 5
 }
 ​
 vrrp_instance VI_1 {
     state BACKUP
     interface ens33
     virtual_router_id 80
     priority 50
     advert_int 1
     authentication {
         auth_type PASS
         auth_pass 1111
     }
     virtual_ipaddress {
         192.168.246.17/24
     }
     track_script {
         check_haproxy
     }
 }
 [root@ha-proxy-master keepalived]# systemctl restart keepalived
 [root@ha-proxy-slave keepalived]# systemctl restart keepalived
 注:必须先启动haproxy,再启动keepalived
 两台机器都配置haproxy的日志:需要打开注释并添加
 [root@ha-proxy-master ~]# vim /etc/rsyslog.conf 
 # Provides UDP syslog reception  #由于haproxy的日志是用udp传输的,所以要启用rsyslog的udp监听
 $ModLoad imudp
 $UDPServerRun 514
 找到  #### RULES ####   下面添加
 local2.info                       /var/log/haproxy.log
 [root@ha-proxy-master ~]# systemctl restart rsyslog
 [root@ha-proxy-master ~]# systemctl restart haproxy
 [root@ha-proxy-master ~]# tail -f /var/log/haproxy.log 
 2019-07-13T23:11:35+08:00 localhost haproxy[906]: Connect from 192.168.246.1:56866 to 192.168.246.17:80 (web/HTTP)
 2019-07-13T23:11:35+08:00 localhost haproxy[906]: Connect from 192.168.246.1:56867 to 192.168.246.17:80 (web/HTTP)
 2019-07-13T23:13:39+08:00 localhost haproxy[906]: Connect from 192.168.246.1:56889 to 192.168.246.17:80 (stats/HTTP)
 2019-07-13T23:13:39+08:00 localhost haproxy[906]: Connect from 192.168.246.1:56890 to 192.168.246.17:80 (web/HTTP)
 2019-07-13T23:14:07+08:00 localhost haproxy[906]: Connect from 192.168.246.1:56895 to 192.168.246.17:80 (web/HTTP)
 2019-07-13T23:14:07+08:00 localhost haproxy[906]: Connect from 192.168.246.1:56896 to 192.168.246.17:80 (stats/HTTP)

四层代理mysql

 准备两台机器,关闭防火墙和selinux。
 1.两台机器部署mysql并制作互为主从----略
 2.安装haproxy制作代理
 [root@haproxy-server ~]# yum -y install haproxy
 [root@haproxy-server ~]# cp -rf /etc/haproxy/haproxy.cfg{,.bak}
 [root@haproxy-server ~]# sed -i -r '/^[ ]*#/d;/^$/d' /etc/haproxy/haproxy.cfg
 [root@haproxy-server ~]# vim /etc/haproxy/haproxy.cfg
 global
     log         127.0.0.1 local2
     pidfile     /var/run/haproxy.pid
     maxconn     4000
     user        haproxy
     group       haproxy
     daemon
     nbproc 1
 defaults
     mode                    http
     log                     global
     option                  redispatch
     retries                 3
     maxconn                 3000
     contimeout              5000
     clitimeout              50000
     srvtimeout              50000
 listen stats
     bind            *:81
     stats                       enable
     stats uri               /haproxy
     stats auth              qianfeng:123
 listen mysql
     bind *:3307
     mode tcp
     balance roundrobin
     server mysql1 192.168.198.149:3306 weight 1  check inter 1s rise 2 fall 2
     server mysql2 192.168.198.150:3306 weight 1  check inter 1s rise 2 fall 2
 [root@haproxy-server ~]# systemctl start haproxy
 [root@haproxy-server ~]# netstat -lntp | grep 3307
 tcp        0      0 0.0.0.0:3307            0.0.0.0:*               LISTEN      11866/haproxy
 ​
 3.验证:
 [root@haproxy-server ~]# mysql -uroot -p'QianFeng@123!' -P 3307
 mysql: [Warning] Using a password on the command line interface can be insecure.
 Welcome to the MySQL monitor.  Commands end with ; or \g.
 Your MySQL connection id is 6
 Server version: 5.7.31-log MySQL Community Server (GPL)
 ​
 Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
 ​
 Oracle is a registered trademark of Oracle Corporation and/or its
 affiliates. Other names may be trademarks of their respective
 owners.
 ​
 Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 ​
 mysql> show databases;
 +--------------------+
 | Database           |
 +--------------------+
 | information_schema |
 | mysql              |
 | performance_schema |
 | sys                |
 +--------------------+
 4 rows in set (0.00 sec)
 ​
 mysql>