HAProxy高可用负载均衡集群部署
基本信息:
系统平台:VMware WorkStation
系统版本: CentOS Linux release 7.2.1511 (Core)
内核版本: 3.10.0-327.el7.x86_64
集群架构:
前端:HAProxy
1、虚拟FQDN:www.simpletime.net
2、VIP:192.168.39.1;DIP:172.16.39.50
3、调度服务器:Varnish1、Varnish2
4、调度算法:URL_Hash_Consistent
5、集群统计页:172.16.39.50:9091/simpletime?admin
缓存服务器:Varnish
1、VarnishServer1:172.16.39.14:9527
2、VarnishServer2:172.16.39.15:9527
3、开启健康状态探测,提供高可用
4、负载均衡后端Web服务器组
5、动静分离后端服务器,并动静都提供负载均衡效果
后端服务器:
StaticServer1:172.16.39.14:80
StaticServer2:172.16.39.15:80
DynamicServer1:172.16.39.151
DynamicServer2:172.16.39.152
Mysql服务器:
MysqlServer:172.16.39.150
思考:
1、负载均衡动静分离后,会话如何保持?
2、负载均衡动静分离后,存储如何解决?
3、该方案适用于什么样的场景?
4、该方案缺陷有哪些?
5、如何改进?
一、部署HAProxy
1、安装HAProxy ~]# yum install HAProxy 2、配置HAProxy #--------------------------------------------------------------------- # main frontend which proxys to the backends #--------------------------------------------------------------------- frontend web *:80 #acl url_static path_beg -i /static /images /javascript /stylesheets #acl url_static path_end -i .jpg .gif .png .css .js .html .txt .htm #acl url_dynamic path_begin -i .php .jsp #default_backend static_srv if url_static #use_backend dynamic_srv if url_dynamic use_backend varnish_srv #--------------------------------------------------------------------- # round robin balancing between the various backends #--------------------------------------------------------------------- backend varnish_srv balance uri #使用基于URL的一致性哈希调度算法 hash-type consistent server varnish1 172.16.39.14:9527 check server varnish2 172.16.39.15:9527 check listen stats #开启HAProxy图形化Web管理功能 bind :9091 stats enable stats uri /simpletime?admin stats hide-version stats auth admin:abc.123 stats admin if TRUE 3、启动服务 ~]# systemctl start haproxy ~]# systemctl status haproxy #查看状态 ~]# ss -tnlp #查看80和9091端口是否启用 ~]# systemctl enable haproxy #设置开机启动
二、部署Varnish,两台配置一致(172.16.39.14|15)
1、安装及配置 ~]# yum install varnish -y ~]# vim /etc/varnish/varnish.params VARNISH_LISTEN_PORT=9527 #更改默认端口 ~]# systemctl start varnish ~]# systemctl enable varnish ~]# vim /etc/varnish/default.vcl vcl 4.0; ##############启用负载均衡模块############### import directors; ################定义Purge-ACL控制####################### acl purgers { "127.0.0.1"; "172.16.39.0"/16; } # Default backend definition. Set this to point to your content server. ##############配置健康状态探测############## probe HE { #静态检测 .url = "/health.html"; #指定检测URL .timeout = 2s; #探测超时时长 .window = 5; #探测次数 .threshold = 2; #探测次数成功多少次才算健康 .initial = 2; #Varnish启动探测后端主机2次健康后加入主机 .interval = 2s; #探测间隔时长 .expected_response = 200; #期望状态响应码 } probe HC { #动态监测 .url = "/health.php"; .timeout = 2s; .window = 5; .threshold = 2; .initial = 2; .interval = 2s; .expected_response = 200; } #############添加后端主机################ backend web1 { .host = "172.16.39.151:80"; .port = "80"; .probe = HC; } backend web2 { .host = "172.16.39.152:80"; .port = "80"; .probe = HC; } backend app1 { .host = "172.16.39.14:80"; .port = "80"; .probe = HE; } backend app2 { .host = "172.16.39.15:80"; .port = "80"; .probe = HE; } #############定义负载均衡及算法############### sub vcl_init { new webcluster = directors.round_robin(); webcluster.add_backend(web1); webcluster.add_backend(web2); new appcluster = directors.round_robin(); appcluster.add_backend(app1); appcluster.add_backend(app2); } ################定义vcl_recv函数段###################### sub vcl_recv { #####ACL未授权,不允许PURGE,并返回405##### if (req.method == "PURGE") { if(!client.ip ~ purgers){ return(synth(405,"Purging not allowed for" + client.ip)); } return (purge); } #####添加首部信息,使后端服务记录访问者的真实IP # if (req.restarts == 0) { # set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip; # } else { # set req.http.X-Forwarded-For = client.ip; # } # set req.backend_hint = webcluster.backend(); # set req.backend_hint = appcluster.backend(); #注:因为Varnish不是一级代理,配置forward只能取到上级代理IP,而上级代理IP,本身就包含在HAProxy发送过来的Forward里,所以没必要配置,而后端服务器只要日志格式有启用记录Forward信息,并且上级代理没有做限制,那么,就能获取到客户端真实IP; #####动静分离##### if (req.url ~ "(?i)/.(php|asp|aspx|jsp|do|ashx|shtml)($|/?)") { set req.backend_hint = appcluster.backend(); } #####不正常的请求不缓存##### if (req.method != "GET" && req.method != "HEAD" && req.method != "PUT" && req.method != "POST" && req.method != "TRACE" && req.method != "OPTIONS" && req.method != "PATCH" && req.method != "DELETE") { return (pipe); } #####如果请求不是GET或者HEAD,不缓存##### if (req.method != "GET" && req.method != "HEAD") { return (pass); } #####如果请求包含Authorization授权或Cookie认证,不缓存##### if (req.http.Authorization || req.http.Cookie) { return (pass); } #####启用压缩,但排除一些流文件压缩##### if (req.http.Accept-Encoding) { if (req.url ~ "/.(bmp|png|gif|jpg|jpeg|ico|gz|tgz|bz2|tbz|zip|rar|mp3|mp4|ogg|swf|flv)$") { unset req.http.Accept-Encoding; } elseif (req.http.Accept-Encoding ~ "gzip") { set req.http.Accept-Encoding = "gzip"; } elseif (req.http.Accept-Encoding ~ "deflate") { set req.http.Accept-Encoding = "deflate"; } else { unset req.http.Accept-Encoding; } } return (hash); } ####################定义vcl_pipe函数段################# sub vcl_pipe { return (pipe); } sub vcl_miss { return (fetch); } ####################定义vcl_hash函数段################# sub vcl_hash { hash_data(req.url); if (req.http.host) { hash_data(req.http.host); } else { hash_data(server.ip); } if (req.http.Accept-Encoding ~ "gzip") { hash_data ("gzip"); } elseif (req.http.Accept-Encoding ~ "deflate") { hash_data ("deflate"); } } ##############设置资源缓存时长################# sub vcl_backend_response { if (beresp.http.cache-control !~ "s-maxage") { if (bereq.url ~ "(?i)/.(jpg|jpeg|png|gif|css|js|html|htm)$") { unset beresp.http.Set-Cookie; set beresp.ttl = 3600s; } } } ################启用Purge##################### sub vcl_purge { return(synth(200,"Purged")); } ###############记录缓存命中状态############## sub vcl_deliver { if (obj.hits > 0) { set resp.http.X-Cache = "HIT from " + req.http.host; set resp.http.X-Cache-Hits = obj.hits; } else { set resp.http.X-Cache = "MISS from " + req.http.host; } unset resp.http.X-Powered-By; unset resp.http.Server; unset resp.http.Via; unset resp.http.X-Varnish; unset resp.http.Age; } 2、加载配置,因为还没有配置后端应用服务器,可以看到后端主机健康检测全部处于Sick状态 ~]# varnishadm -S /etc/varnish/secret -T 127.0.0.1:6082 varnish> vcl.load conf1 default.vcl 200 VCL compiled. varnish> vcl.use conf1 200 VCL 'conf1' now active varnish> backend.list 200 Backend name Refs Admin Probe web1(172.16.39.151,,80) 15 probe Sick 0/5 web2(172.16.39.152,,80) 15 probe Sick 0/5 app1(172.16.39.14,,80) 15 probe Sick 0/5 app2(172.16.39.15,,80) 15 probe Sick 0/5
三、部署Mysql(172.16.39.150)
八、总结
1、架构优点: (1)HAProxy为Varnish缓存服务器提供了高可用的负载均衡,其使用的算法,也为Varnish提升了缓存命中率; (2)HAProxy提供Web图形化管理界面,节约了学习成本; (3)Varnish的高效缓存机制极大的提升了Web应用的性能,降低了Web服务器的压力; (4)Varnish给后端Web服务器提供了高可用负载均衡,并使用了动态分离技术,保障了后端主机的冗余,显著提升了其性能; (5)NFS+Rsync+inodify基本解决了该架构存储的问题,该架构文件存储因服务器有限,并没有设计好,储存服务器因有单独的网络存储服务器来提供; 2、冗余不足: (1)Nginx负载均衡调度器,没有冗余能力,易出现单点故障。 解决方案:增加服务器,使用Keepalive做高可用。 (2)MysqlServer,没有冗余能力。 解决方案:主从复制、MHA。 (3)NFS文件服务,没有冗余能力。 解决方案:可以增加服务器,使用rsync+inodify实现数据实时同步,再用keepalive做高可用。 3、性能瓶颈: (1)NFS文件系统,因网络IO能力与磁盘本身性能,多台主机同时挂载执行读取读写操作,势必带来性能下降,根据木桶原理,此短板已成为该群集方案性能瓶颈。 (2)在大量的读写访问下,数据库的压力会非常大,从而影响性能。 解决方案:数据库主从复制,读写分离; 友情链接: 1、Nginx日志过滤模块官网下载链接 https://github.com/cfsego/ngx_log_if/ 2、Varnish4.0官方帮助指南 http://www.varnish-cache.org/docs/4.0/users-guide/ 以上均为个人观点,本架构还有许多不足之处,仅作学习交流之用; 作者:AllenYang1990
原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/tech/aiops/54645.html