keepalived高可用haproxy配合varnish实现w

haproxy.png

通过haproxy调度访问后台，并且用varnish服务器提供缓存，提高网站的可靠性于性能

实验环境：

haproxy 101搭建haproxy和Keepalived服务
ip：172.16.254.101

haproxy 103搭建haproxy和Keepalived服务
ip：172.16.254.103

varnish 105 服务
ip：172.16.254.105

WordPress静态服务器搭建httpd服务
ip：172.16.254.102

WordPress动态服务器搭建httpd+PHP+mysql
ip：172.16.254.104

实验步骤

配置web服务器

在服务器上安装WordPress
可以参考
centos7.3编译安装lamp,并实现wordpress

varnish

安装varnish服务

yum -y istall varnish 

安装服务后修改配置文件

vim /etc/varnish/default.vcl 

# This is an example VCL file for Varnish.
#
# It does not do anything by default, delegating control to the
# builtin VCL. The builtin VCL is called when there is no explicit
# return statement.
#
# See the VCL chapters in the Users Guide at https://www.varnish-cache.org/docs/
# and http://varnish-cache.org/trac/wiki/VCLExamples for more examples.

# Marker to tell the VCL compiler that this VCL has been adapted to the
# new 4.0 format.
vcl 4.0;
import directors; #调用多个后端主机做集群
# Default backend definition. Set this to point to your content server.
probe check{  #定义健康状态检测
        .url = "/.check.html"; #测试文件
        .window = 5; #检测次数
        .threshold = 3; #检测几次失败视为失效
        .interval = 2s; #检测间隔
        .timeout = 3s; #超时时长

}


backend dynamic { #定义动态主机
    .host = "172.16.254.104";
    .port = "80";
    # rewriting the request, etc.
if (req.url ~ "(?i)\.php\.*") {
        set req.backend_hint = dynameic;
  }else{
        set req.backend_hint = static;
       }
        return (pass);
}
}

sub vcl_backend_response {
    # Happens after we have read the response headers from the backend.
    #
    # Here you clean the response headers, removing silly Set-Cookie headers
    # and other mistakes your backend does.
    #当后端服务器回复给varnish的响应如果不包含公共缓存信息，而且请求为jpg等静态资源，则卸载
cookie信息并缓存资源1小时#
        if (beresp.http.cache-control !~ "s-maxage") {  
                if (bereq.url ~ "(?i)\.(jpg|jpeg|png|gif|css|js|xml)$") {
                                unset beresp.http.Set-Cookie;
                                                set beresp.ttl = 3600s;
                                                        }
                                                            }    #当varnish请求后端服务器的url包括php，则卸载cookie信息并缓存资源1小时#       if (bereq.url ~ "(?i).*php.*") {            unset beresp.http.Set-Cookie;             set beresp.ttl = 3600s;                  
                   }

}

sub vcl_deliver {
    # Happens when we have all the pieces we need, and are about to send the
    # response to the client.
    #
    # You can do accounting or modifying the final object here.
    if (obj.hits>0) {
        set resp.http.X-Cache = "HIT via "+server.ip;
    } else {
        set resp.http.X-Cache = "MISS via "+server.ip;
    }

varnish在探测到请求和响应报文头部有cookie信息的时候是不缓存的，所以缓存命中率会非常低。这就是为什么要卸载php页面和jpg等动态资源cookie的原因。

启动服务并部署
systemctl start varnish
varnish_reload_vcl

haproxy

安装haproxy

yum install -y haproxy

更改配置文件

vim /etc/haproxy/haproxy.cfg

#---------------------------------------------------------------------
# Example configuration for a possible web application.  See the
# full configuration options online.
#
#   http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    log         127.0.0.1 local2  #日志记录

    chroot      /var/lib/haproxy  #禁锢haproxy，防止被劫持
    pidfile     /var/run/haproxy.pid
    maxconn     4000    #每个进程最大连接数
    user        haproxy
    group       haproxy
    daemon              #服务方式运行

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http        #七层代理
    log                     global      #日志采用global
    option                  httplog     #以http方式记录日志
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3   #最大尝试连接数
    timeout http-request    10s #等待请求时间
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
listen stats  #定义状态页
        bind *:9000
        stats  enable
        stats auth  admin:admin
        stats uri  /admin?stats
        stats realm  "status-page"
        stats refresh 30s
        stats hide-version  #隐藏版本信息
        stats admin if TRUE #开启后端管理功能


frontend  web
    bind *:80,
    default_backend             appsrvs

#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend appsrvs
    server static 172.16.254.105:6081  check

配置完后发送到haproxy一份

scp /etc/haproxy/haproxy.cfg root@172.16.254.103:/etc/haproxy/

然后启动服务。
可以访问一下管理页面
http://172.16.254.101:9000/admin?stats

image.png

说明管理页面也没有问题，可以访问一下服务器，查看是否能够访问。

Keepalived

在haproxy服务器中都安装Keepalived服务

yum install -y keepalived

修改Keepalived配置文件

vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     root@localhost
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id node1
   vrrp_mcast_group4 224.0.115.15 #配置广播地址
}


vrrp_script chk_haproxy {

        script "killall -0 haproxy && exit 0 || exit 1"
        interval 1
        weight -5
        fall 2
        rise 1
}


vrrp_instance VI_1 {
    state MASTER
    interface ens34
    virtual_router_id 132
    priority 101
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
              }
    virtual_ipaddress {
        172.16.254.106 dev ens34 label ens34:0
    }
   track_script {
        chk_haproxy
}

    notify_master "/etc/keepalived/notify.sh master"
    notify_backup "/etc/keepalived/notify.sh backup"
    notify_fault "/etc/keepalived/notify.sh fault"
}

这个是主keepalived。备用Keepalived只需要更改一段代码就行。

vrrp_instance VI_1 {
    state BACKUP  #改为备用
    interface ens34
    virtual_router_id 132
    priority 100  #把默认优先级改的低于MASTER的
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }

notify.sh文件

#!/bin/bash
#

contact='root@localhost'

notify() {
        local mailsubject="$(hostname) to be $1,vip floating."
        local mailbody="$(date + '%F %T'):vrrp transition,$(hostname) changed to be $1."
        echo "$mailbody" | mail -s "$mailsubject" $contact
}

case $1 in
master)
        notify master;;
backup)
        notify backup;;
fault)
        notify fault;;
*)
        echo "Usage: $(basename $0) {master|backup|fault}"
        exit 1;;
esac

这时这个网站的架构已经完成，可以把haproxy101的haproxy服务关闭和开启，查看vip所在服务器，来验证keepalived是否生效。

定义的haproxy的虚拟ip为172.16.254.106，此时任何一个haproxy主机或者haproxy服务故障都不会影响网站的正常访问，通过192.168.11.200即可访问到网站。

这个架构还存在单点故障，以后还需要改进