轉載自https://blog.51cto.com/3381847248/1977073
前面我已經介紹了haproxy結合keepalive做簡單的雙主高可用,如果不清楚的話,可以去我的上一
篇博客http://3381847248.blog.51cto.com/13408601/1977014看看,根據haproxy的性能和特點,我們可以對haproxy進行優化調整,體現出haproxy的價值。
假設一家公司有多台后端web服務器(或者多台圖片服務器),每一台web服務器都有自己唯一的域
名,在還沒有做haproxy之前,我們需要把域名的對應關系給寫到hosts文件里或者需要在DNS服務器上進
行配置,這樣的話,就會給我們后端的服務器帶來一定的風險;通過haproxy,我們可以把域名都解析到
haproxy服務器上,然后通過haproxy服務器進行轉發,當我需要訪問某個域名的時候,haproxy服務器就
會跳到那個域名所對應的后端服務器上,而我后端服務器只開放所需要的端口,這樣就大大減少了對后
端服務器的風險了。
實驗環境
拓撲圖:
| 主機 | ip | 域名 | 角色 | |
| haproxy-1 | 10.0.0.11 | haproxy+keepalive |
vip1:10.0.0.100 vip2:10.0.0.200 |
|
| haproxy-2 | 10.0.0.12 | haproxy+keepalive | ||
| web-1 | 10.0.0.13 | img.test.com | web服務器 | |
| web-2 | 10.0.0.14 | www.test.com | web服務器 | |
| web-3 | 10.0.0.15 | web.test.com | web服務器 | |
| client | 10.0.0.5 | client |
開始配置
1、配置好各主機ip地址,關閉selinux和防火牆,修改hosts文件
##修改hosts文件
[root@haproxy-1 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.100 img.test.com www.test.com web.test.com
10.0.0.200 img.test.com www.test.com web.test.com
[root@haproxy-2 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.100 img.test.com www.test.com web.test.com
10.0.0.200 img.test.com www.test.com web.test.com
[root@web1 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.13 img.test.com
[root@web2 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.14 www.test.com
[root@web-3 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.15 web.test.com
[root@client ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.100 img.test.com www.test.com web.test.com
10.0.0.200 img.test.com www.test.com web.test.com
2、配置web服務器
##安裝Apache
yum install -y httpd
##具體配置略
##查看web網頁
[root@web1 ~]# curl 10.0.0.13
10.0.0.13 img.test.com
[root@web2 ~]# curl 10.0.0.14
10.0.0.14 www.test.com
[root@web-3 ~]# curl 10.0.0.15
10.0.0.15:80 web.test.com
[root@web-3 ~]# curl 10.0.0.15:8080
10.0.0.15:80803、配置haproxy
3.1、安裝haproxy
yum install -y haproxy##性能調優相關參數:
maxconn <number>: //設定單haproxy進程的最大並發連接數;
maxconnrate <number>: //設定單haproxy進程每秒接受的連接數;
maxsslconn <number>: //設定單haproxy進程的ssl連接最大並發連接數;
maxsslrate <number>: //單haproxy進程的ssl連接的創建速率上限;
spread-checks <0..50, in percent>
tune.rcvbuf.client <number> //接收客戶端請求的緩沖大小
tune.rcvbuf.server <number> //接收服務端響應的緩沖大小
tune.sndbuf.client <number> //向客戶端發送響應的緩沖大小
tune.sndbuf.server <number> //向服務端發送請求的緩沖大小
tune.ssl.cachesize <number> //ssl會話的緩存大小
tune.ssl.lifetime <timeout> //ssl會話緩存的有效時長
##配置參數:
bind:
作用:設定監聽的地址和端口;
語法:bind [<address>]:<port_range> [, ...]
使用位置:frontend,listen
mode { tcp|http|health }
作用:定義haproxy的工作模型:
tcp:基於layer4實現代理,可代理大多數基於tcp的應用層協議,例如ssh,mysql,pgsql等;
http:客戶端的http請求會被深度解析;
health:工作為健康狀態檢查響應模式,當請求到達時僅回應“OK”即斷開連接;
開啟統計頁面,相關信息:
maxconn <conns>:最大並發連接數,默認為2000,使用位置:frontend、default、listen
stats enable:作用:啟用內建的統計頁,在缺少其它必要的參數時,會使用默認配置;
默認配置:
- stats uri : /haproxy?stats
- stats realm : "HAProxy Statistics"
- stats auth : no authentication
- stats scope : no restriction
說明:
stats uri <prefix>:自定義stats頁面的uri;
stats realm <realm>:啟用統計信息並設置身份認證域。
stats auth <user>:<passwd>:定義認證使用的賬號和密碼;
stats hide-version:隱藏版本信息
stats refresh <delay>:自動刷新相關頁面的時間間隔;
stats admin { if | unless } <cond>:條件滿足時啟用stats內建的管理功能接口;不建議啟用,有安全隱患
##ACL匹配的如下所示:
1、ACL derivatives :
path : exact string match(字符竄精確匹配)
path_beg : prefix match(前綴匹配)
path_dir : subdir match(子目錄匹配)
path_dom : domain match(域匹配)
path_end : suffix match(后綴匹配)
path_len : length match(長度匹配)
path_reg : regex match(正則匹配)
path_sub : substring match(子串匹配)
例如:
acl test_path path -i /test.txt ##匹配具體路徑
acl test_path_beg path_beg -i /test. #匹配前綴包含
acl test_path_end path_end -i .html ##匹配.html結尾
2、可以基於字符串做檢測:
req.hdr([<name>[,<occ>]]) : string
對請求報文中的內容做檢查
This extracts the last occurrence of header <name> in an HTTP request.
ACL derivatives :
hdr([<name>[,<occ>]]) : exact string match
hdr_beg([<name>[,<occ>]]) : prefix match
hdr_dir([<name>[,<occ>]]) : subdir match
hdr_dom([<name>[,<occ>]]) : domain match
hdr_end([<name>[,<occ>]]) : suffix match
hdr_len([<name>[,<occ>]]) : length match
hdr_reg([<name>[,<occ>]]) : regex match
hdr_sub([<name>[,<occ>]]) : substring match
res.hdr([<name>[,<occ>]]) : string
對響應報文中的內容做檢測
ACL derivatives :
shdr([<name>[,<occ>]]) : exact string match
shdr_beg([<name>[,<occ>]]) : prefix match
shdr_dir([<name>[,<occ>]]) : subdir match
shdr_dom([<name>[,<occ>]]) : domain match
shdr_end([<name>[,<occ>]]) : suffix match
shdr_len([<name>[,<occ>]]) : length match
shdr_reg([<name>[,<occ>]]) : regex match
shdr_sub([<name>[,<occ>]]) : substring match
3.2、配置haproxy日志文件
##添加日志(haproxy.cfg):
[root@haproxy-1 haproxy]# vim haproxy.cfg
log 127.0.0.1 local2
##修改syslog.conf:
[root@haproxy-1 haproxy]# vim /etc/rsyslog.conf
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
local2.* /var/log/haproxy.log
##重啟兩個服務即可看到日志文件:
[root@haproxy-1 ~]# systemctl restart rsyslog
[root@haproxy-1 ~]# systemctl restart haproxy
[root@haproxy-1 ~]# cd /var/log/
[root@haproxy-1 log]# ls haproxy.log
haproxy.log
##把日志文件配置同步到主機haproxy-2上
[root@haproxy-1 ~]# scp /etc/haproxy/haproxy.cfg 10.0.0.12:/etc/haproxy/haproxy.cfg
[root@haproxy-1 ~]# scp /etc/rsyslog.conf 10.0.0.12:/etc/rsyslog.conf
[root@haproxy-2 ~]# systemctl restart rsyslog
[root@haproxy-2 ~]# systemctl restart haproxy
3.3、配置haproxy(兩台機的配置是一樣的)
[root@haproxy-1 ~]# cat /etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main *:80
stats enable ##添加監控頁面
stats uri /test?stats ##自定義URL
stats realm Stats\ Page\ Area ##去掉空格轉譯
stats auth admin:admin ##配置賬號密碼
stats refresh 5s ##沒5s刷新一次
stats hide-version ##隱藏版本信息
stats admin if TRUE
maxconn 10000 ##定義最大並發為10000
acl url_static path_beg -i /static /p_w_picpaths /javascript /stylesheets
##匹配目錄是如下的地址
acl url_static path_end -i .jpg .gif .png .css .js
##匹配結尾是.jpg.gif的地址
acl usr_www hdr(host) -i www.test.com
acl usr_img hdr(host) -i img.test.com
acl usr_web hdr_end(host) -i .test.com ##所有訪問test.com的二級域名的,都轉發到hdr_end這個位置
use_backend img if usr_img
use_backend www if usr_www
use_backend web if usr_web
use_backend static if url_static
default_backend web
backend static
balance roundrobin
server static 127.0.0.1:4331 check
backend img
balance roundrobin
server web-1 10.0.0.13:80 check inter 2000 rise 3 fall 3 weight 3
#check inter 2000 是檢測心跳頻率(check 默認 );
#rise 3 表示 3次正確認為服務器可用;
#fall 3 表示 3次失敗認為服務器不可用;
#weight 表示權重。
backend www
balance roundrobin
server web-2 10.0.0.14:80 check inter 2000 rise 3 fall 3 weight 3
backend web
balance roundrobin
server web-3 10.0.0.15:80 check inter 2000 rise 3 fall 3 weight 3
server web-3 10.0.0.15:8080 check inter 2000 rise 3 fall 3 weight 3##啟動haproxy
[root@haproxy-1 haproxy]# systemctl restart haproxy
[root@haproxy-2 ~]# systemctl restart haproxy
3.4、配置keepalive
##安裝keepalive
[root@haproxy-1 ~]# yum install -y keepalived
[root@haproxy-2 ~]# yum install -y keepalived##haproxy-1的keepalive配置文件
[root@haproxy-1 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
vrrp_script check_haproxy {
script "/etc/keepalived/check_haproxy.sh"
interval 2
weight 2
}
global_defs {
notification_email {
acassen@firewall.loc
}
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 50
nopreempt
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
10.0.0.100
}
track_script {
check_haproxy
}
}
vrrp_instance VI_2 {
state BACKUP
interface ens33
virtual_router_id 51
nopreempt
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
10.0.0.200
}
track_script {
check_haproxy
}
}##haproxy-2的keepalive配置文件
[root@haproxy-2 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
vrrp_script check_haproxy {
script "/etc/keepalived/check_haproxy.sh"
interval 2
weight 2
}
global_defs {
notification_email {
acassen@firewall.loc
}
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 50
nopreempt
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
10.0.0.100
}
track_script {
check_haproxy
}
}
vrrp_instance VI_2 {
state MASTER
interface ens33
virtual_router_id 51
nopreempt
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
10.0.0.200
}
track_script {
check_haproxy
}
}##haproxy檢測腳本
[root@haproxy-1 ~]# cat /etc/keepalived/check_haproxy.sh
#!/bin/bash
h=`ps -C haproxy --no-header |wc -l`
if [ $h -eq 0 ];then
systemctl stop keepalived
fi
[root@haproxy-1 ~]# chmod a+x /etc/keepalived/check_haproxy.sh
[root@haproxy-2 ~]# cat /etc/keepalived/check_haproxy.sh
#!/bin/bash
h=`ps -C haproxy --no-header |wc -l`
if [ $h -eq 0 ];then
systemctl stop keepalived
fi
[root@haproxy-2 ~]# chmod a+x /etc/keepalived/check_haproxy.sh##啟動keepalive
[root@haproxy-1 ~]# systemctl restart keepalived
[root@haproxy-1 ~]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Active: active (running) since Sat 2017-10-28 16:00:23 CST; 12s ago
Process: 3806 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 3807 (keepalived)
CGroup: /system.slice/keepalived.service
├─3807 /usr/sbin/keepalived -D
├─3808 /usr/sbin/keepalived -D
└─3809 /usr/sbin/keepalived -D
Oct 28 16:00:28 haproxy-1 Keepalived_vrrp[3809]: Sending gratuitous ARP on ens33 for 10.0.0.200
Oct 28 16:00:29 haproxy-1 Keepalived_vrrp[3809]: VRRP_Instance(VI_2) Received advert with higher priori... 102
Oct 28 16:00:29 haproxy-1 Keepalived_vrrp[3809]: VRRP_Instance(VI_2) Entering BACKUP STATE
Oct 28 16:00:29 haproxy-1 Keepalived_vrrp[3809]: VRRP_Instance(VI_2) removing protocol VIPs.
Oct 28 16:00:30 haproxy-1 Keepalived_vrrp[3809]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 28 16:00:30 haproxy-1 Keepalived_vrrp[3809]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs o....100
Oct 28 16:00:30 haproxy-1 Keepalived_vrrp[3809]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 28 16:00:30 haproxy-1 Keepalived_vrrp[3809]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 28 16:00:30 haproxy-1 Keepalived_vrrp[3809]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 28 16:00:30 haproxy-1 Keepalived_vrrp[3809]: Sending gratuitous ARP on ens33 for 10.0.0.100
Hint: Some lines were ellipsized, use -l to show in full.
[root@haproxy-1 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:1d:7a:63 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.11/24 brd 10.0.0.255 scope global ens33
valid_lft forever preferred_lft forever
inet 10.0.0.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::8ec5:50ac:d71:20d7/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::f87c:449f:eb4a:ba03/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever[root@haproxy-2 ~]# systemctl restart keepalived
[root@haproxy-2 ~]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Active: active (running) since Sat 2017-10-28 16:00:28 CST; 19s ago
Process: 27168 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 27169 (keepalived)
CGroup: /system.slice/keepalived.service
├─27169 /usr/sbin/keepalived -D
├─27170 /usr/sbin/keepalived -D
└─27171 /usr/sbin/keepalived -D
Oct 28 16:00:29 haproxy-2 Keepalived_vrrp[27171]: Sending gratuitous ARP on ens33 for 10.0.0.200
Oct 28 16:00:29 haproxy-2 Keepalived_vrrp[27171]: Sending gratuitous ARP on ens33 for 10.0.0.200
Oct 28 16:00:29 haproxy-2 Keepalived_vrrp[27171]: Sending gratuitous ARP on ens33 for 10.0.0.200
Oct 28 16:00:29 haproxy-2 Keepalived_vrrp[27171]: Sending gratuitous ARP on ens33 for 10.0.0.200
Oct 28 16:00:34 haproxy-2 Keepalived_vrrp[27171]: Sending gratuitous ARP on ens33 for 10.0.0.200
Oct 28 16:00:34 haproxy-2 Keepalived_vrrp[27171]: VRRP_Instance(VI_2) Sending/queueing gratuitous ARPs o...200
Oct 28 16:00:34 haproxy-2 Keepalived_vrrp[27171]: Sending gratuitous ARP on ens33 for 10.0.0.200
Oct 28 16:00:34 haproxy-2 Keepalived_vrrp[27171]: Sending gratuitous ARP on ens33 for 10.0.0.200
Oct 28 16:00:34 haproxy-2 Keepalived_vrrp[27171]: Sending gratuitous ARP on ens33 for 10.0.0.200
Oct 28 16:00:34 haproxy-2 Keepalived_vrrp[27171]: Sending gratuitous ARP on ens33 for 10.0.0.200
Hint: Some lines were ellipsized, use -l to show in full.
[root@haproxy-2 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:76:bf:48 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.12/24 brd 10.0.0.255 scope global ens33
valid_lft forever preferred_lft forever
inet 10.0.0.200/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::f87c:449f:eb4a:ba03/64 scope link
valid_lft forever preferred_lft forever
##在client上訪問
[root@client ~]# curl img.test.com
10.0.0.13 img.test.com
[root@client ~]# curl www.test.com
10.0.0.14 www.test.com
[root@client ~]# curl web.test.com
10.0.0.15:80 web.test.com
[root@client ~]# curl web.test.com
10.0.0.15:8080
[root@client ~]# curl web.test.com
10.0.0.15:80 web.test.com
[root@client ~]# curl web.test.com
10.0.0.15:8080
##查看監控界面,打開瀏覽器,輸入10.0.0.100/test?stats,輸入之前設置的賬號密碼(admin:admin),如圖1,之后就可以看到我們配置的haproxy的內容了,如圖2和圖3。
圖1
圖2
圖3
驗證
當haproxy-1上的haproxy服務宕掉了之后,vip1就會從haproxy-1上飄到haproxy-2上,也就是說haproxy-2上有兩個vip,而且還能正常訪問web服務
##在haproxy-1上查看keepalive和vip的狀態,可以看到vip已經不在了
[root@haproxy-1 ~]# systemctl stop haproxy
[root@haproxy-1 ~]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Oct 28 16:50:36 haproxy-1.test.com Keepalived_vrrp[11327]: Sending gratuitous ARP on ens33 for 10.0.0.200
Oct 28 16:50:36 haproxy-1.test.com Keepalived_vrrp[11327]: Sending gratuitous ARP on ens33 for 10.0.0.200
Oct 28 16:50:36 haproxy-1.test.com Keepalived_vrrp[11327]: VRRP_Instance(VI_2) Received advert with high...102
Oct 28 16:50:36 haproxy-1.test.com Keepalived_vrrp[11327]: VRRP_Instance(VI_2) Entering BACKUP STATE
Oct 28 16:50:36 haproxy-1.test.com Keepalived_vrrp[11327]: VRRP_Instance(VI_2) removing protocol VIPs.
Oct 28 18:28:11 haproxy-1 Keepalived[11325]: Stopping
Oct 28 18:28:11 haproxy-1 systemd[1]: Stopping LVS and VRRP High Availability Monitor...
Oct 28 18:28:11 haproxy-1 Keepalived_vrrp[11327]: VRRP_Instance(VI_1) sent 0 priority
Oct 28 18:28:11 haproxy-1 Keepalived_vrrp[11327]: VRRP_Instance(VI_1) removing protocol VIPs.
Oct 28 18:28:12 haproxy-1 systemd[1]: Stopped LVS and VRRP High Availability Monitor.
Hint: Some lines were ellipsized, use -l to show in full.
[root@haproxy-1 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:1d:7a:63 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.11/24 brd 10.0.0.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::8ec5:50ac:d71:20d7/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::f87c:449f:eb4a:ba03/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
##在haproxy-2上查看keepalive和vip的狀態,可以看到vip1已經從haproxy-1飄到haproxy-2上了
[root@haproxy-2 ~]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Active: active (running) since Sat 2017-10-28 16:50:35 CST; 1h 41min ago
Process: 34787 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 34788 (keepalived)
CGroup: /system.slice/keepalived.service
├─34788 /usr/sbin/keepalived -D
├─34789 /usr/sbin/keepalived -D
└─34790 /usr/sbin/keepalived -D
Oct 28 18:28:12 haproxy-2 Keepalived_vrrp[34790]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 28 18:28:12 haproxy-2 Keepalived_vrrp[34790]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 28 18:28:12 haproxy-2 Keepalived_vrrp[34790]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 28 18:28:12 haproxy-2 Keepalived_vrrp[34790]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 28 18:28:17 haproxy-2 Keepalived_vrrp[34790]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 28 18:28:17 haproxy-2 Keepalived_vrrp[34790]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs o...100
Oct 28 18:28:17 haproxy-2 Keepalived_vrrp[34790]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 28 18:28:17 haproxy-2 Keepalived_vrrp[34790]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 28 18:28:17 haproxy-2 Keepalived_vrrp[34790]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 28 18:28:17 haproxy-2 Keepalived_vrrp[34790]: Sending gratuitous ARP on ens33 for 10.0.0.100
Hint: Some lines were ellipsized, use -l to show in full.
[root@haproxy-2 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:76:bf:48 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.12/24 brd 10.0.0.255 scope global ens33
valid_lft forever preferred_lft forever
inet 10.0.0.200/32 scope global ens33
valid_lft forever preferred_lft forever
inet 10.0.0.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::f87c:449f:eb4a:ba03/64 scope link
valid_lft forever preferred_lft forever
##訪問web服務
[root@client ~]# curl img.test.com
10.0.0.13 img.test.com
[root@client ~]# curl img.test.com
10.0.0.13 img.test.com
[root@client ~]# curl www.test.com
10.0.0.14 www.test.com
[root@client ~]# curl www.test.com
10.0.0.14 www.test.com
[root@client ~]# curl web.test.com
10.0.0.15:80 web.test.com
[root@client ~]# curl web.test.com
10.0.0.15:8080
[root@client ~]# curl web.test.com
10.0.0.15:80 web.test.com
[root@client ~]# curl web.test.com
10.0.0.15:8080
##訪問監控頁面
這次的優化haproxy的實驗就已經到此結束了。如果有寫錯的地方,歡迎各位大神指出來,我會去改正的。如果有寫的不好的地方,請多多見諒!!!