HAproxy+Keepalived实现高可用

HAproxy+Keepalived实现高可用

说明：
HA1：HAproxy+Keepalived(master)
HA2：HAproxy+Keepalived(backup)

1.HA1上keepalived的配置:
# Configuration File for keepalived
global_defs {
        notification_email 
        {
                from@email.com
        }
        notification_email_from alert@email.com
        smtp_server 127.0.0.1
        smtp_connect_timeout 30
        router_id LVS_DEVEL
}

vrrp_script chk_haproxy {
    script "/usr/local/keepalived/scripts/chk_haproxy.sh"
        interval 2
        weight 2
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    lvs_sync_daemon_inteface eth0
    virtual_router_id 105
    priority 151
    advert_int 1
    nopreempt
    authentication {
        auth_type PASS
        auth_pass xxx
    }
    track_interface {
        eth0
        eth1
    }
    track_script {
        chk_haproxy
    }
    virtual_ipaddress {
        xxx.xxx.xxx.xxx
    }
    notify "/usr/local/keepalived/scripts/alarm.bash"
}

2.HA2上keepalived的配置:
# Configuration File for keepalived
global_defs {
        notification_email 
        {
                from@email.com
        }
        notification_email_from alert@email.com
        smtp_server 127.0.0.1
        smtp_connect_timeout 30
        router_id LVS_DEVEL
}

vrrp_script chk_haproxy {
    script "/usr/local/keepalived/scripts/chk_haproxy.sh"
        interval 2
        weight 2
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    lvs_sync_daemon_inteface eth0
    virtual_router_id 105
    priority 141
    advert_int 1
    nopreempt
    authentication {
        auth_type PASS
        auth_pass xxx
    }
    track_interface {
        eth0
        eth1
    }
    track_script {
        chk_haproxy
        }
    virtual_ipaddress {
        xxx.xxx.xxx.xxx
    }
    notify "/usr/local/keepalived/scripts/alarm.bash"
}


3.HA1和HA2上haproxy的配置:
# this config needs haproxy-1.1.28 or haproxy-1.2.1

global
    log 127.0.0.1   local0
    log 127.0.0.1   local1 notice
    #log loghost    local0 info
    maxconn 4096
    #chroot /usr/share/haproxy
    user haproxy
    group haproxy
    daemon
    #debug
    #quiet

defaults
    log global
    mode    http
    option  httplog
    option  dontlognull
    retries 3
    option redispatch
    maxconn 2000
    contimeout  5000
    clitimeout  50000
    srvtimeout  50000

listen  fabuqi 0.0.0.0:80
    cookie  SERVERID rewrite
    balance roundrobin
    server  real_server1 rs1_ip:80 cookie app1inst1 check inter 1000 rise 2 fall 5
    server  real_server2 rs2_ip:80 cookie app1inst2 check inter 1000 rise 2 fall 5
    server  real_server3 rs3_ip:80 cookie app1inst3 check inter 1000 rise 2 fall 5 backup

listen  fabuqi_ssl 0.0.0.0:443
    mode tcp  # 只代理需要用tcp模式，没有cookie的设置
    balance roundrobin
    server  real_server1 10.20.172.131:443 check inter 1000 rise 2 fall 5
    server  real_server2 10.21.180.145:443 check inter 1000 rise 2 fall 5
    server  real_server3 10.26.2.184:443 check inter 1000 rise 2 fall 5 backup

listen stats 0.0.0.0:1080 #设置Frontend和Backend的组合体，监控组的名称，按需要自定义名称
        mode http #http的7层模式
        option httplog #采用http日志格式
        #log 127.0.0.1 local0 err #错误日志记录
        maxconn 5 #默认的最大连接数
        stats refresh 30s #统计页面自动刷新时间
        stats uri /stats #统计页面url
        stats realm XingCloud Haproxy #统计页面密码框上提示文本
        stats auth admin:xxx #设置监控页面的用户和密码:admin,可以设置多个用户名
        #stats auth Frank:xxx #设置监控页面的用户和密码：Frank
        stats hide-version #隐藏统计页面上HAProxy的版本信息
        stats admin if TRUE

4.keepalived监控haproxy脚本：
#!/bin/bash

if [[ `ps -C haproxy --no-header | wc -l` -eq 0 ]]; then
  echo [`date`] "haproxy not running,attempt to start up." >> /usr/local/keepalived/logs/chk_haproxy.log 2>&1
  haproxy -f /etc/haproxy/haproxy.cfg
  sleep 3
  if [[ `ps -C haproxy --no-header | wc -l` -eq 0 ]]; then
    /etc/init.d/keepalived stop
        echo [`date`] "haproxy start failure,stop keepalived." >> /usr/local/keepalived/logs/chk_haproxy.log 2>&1
  else
    echo [`date`] "haproxy started success." >> /usr/local/keepalived/logs/chk_haproxy.log 2>&1
  fi
fi

5.配置haproxy日志：
1)syslog-ng的配置：
# vim /etc/syslog-ng/syslog-ng.conf
# 在文件最后添加以下配置
source src_haproxy { udp(ip("0.0.0.0") port(514)); };
filter f_local03 { facility(local0,local3); };
filter custom { program("haproxy"); };
destination dst_haproxy { file("/var/log/haproxy.log"); };
log { source(src_haproxy); filter(f_local03); destination(dst_haproxy); };
log { source(src_haproxy); filter(custom); destination(dst_haproxy); };
# service syslog-ng restart
2)syslog的配置：
# vim /etc/syslog.d/haproxy.conf
local3.* /var/log/haproxy.log
local0. /var/log/haproxy.log
&~  #不打印到/var/log/message中
# vim /etc/sysconfig/syslog
SYSLOGD_OPTIONS="-r -m 0"
# service syslog restart
3)日志分割和清理脚本：
# cat /usr/local/haproxy/sbin/cut_haproxy_log.sh
#!/bin/bash  
# This script run at 00:00  
# crontab -e
# 00 00 * * * /usr/local/haproxy/sbin/cut_haproxy_log.sh >/dev/null 2>&1

# The haproxy log path
LOGPATH="/data/logs/haproxy"

[[ -z `ps aux | grep sbin/haproxy | grep -v grep` ]] && exit 1
mv ${LOGPATH}/haproxy.log ${LOGPATH}/haproxy_$(date -d "yesterday" +"%Y-%m-%d").log
rm -f ${LOGPATH}/haproxy_$(date -d "10 days ago" +"%Y-%m-%d").log 
/sbin/service syslog restart
# chmod +x /usr/local/haproxy/sbin/cut_haproxy_log.sh