Common web cluster scheduler
Current common web cluster scheduler into software and hardware, software commonly used open source LVS, Haproxy, Nginx, generally use more hardware is F5, there are a lot of people use some domestic products such as pike, the Green League, etc.
Haproxy Application Analysis
LVS in enterprise applications a strong anti-load capacity, but there is insufficient
- LVS does not support regular treatment, it can not achieve static and dynamic separation
- For large sites, LVS implementation of complex configuration, maintenance costs are relatively high
Haproxy is a can provide high availability, load balancing, and proxy-based TCP and HTTP application software
- Especially for particularly large load of web sites
- Running on current hardware can support thousands of concurrent connections a connection request
Haproxy scheduling algorithm principle
RR: The most commonly used simple, round robin scheduling
for example:
- There are three nodes A, B, C, access will be first assigned to a user node A, the second user will be assigned to access a Node B, a third user may be assigned to access node
- The fourth user continues to access assigned to the nodes A, polling assignment access request to achieve load balancing effect
LC: Minimum number of connections algorithm, the number of connection request according to the size of the distal end node dynamically allocated backend
for example:
- There are three nodes A, B, C, the number of the nodes are connected to A: 4, B: 5, C: 6, with a first time if a user connection requests will be assigned to the A, the number of connections becomes A: 5, B: 5, C: 6
- The second user, the request will be assigned to the A, the number of connections becomes A: 6, B: 5, C: 6, no new request will be allocated to B, each time a new request is assigned to the minimum number of connections client
- Since the actual number of connections A, B, C is dynamically released, there will be very difficult - like when the number of connections, so this algorithm compared rr greatly improved algorithm, is used more and more in an algorithm -
SH: source access scheduling algorithm, for there is a session recorded session on the server side, can be based on source ip, cookie do cluster scheduling
- There are three nodes A, B, C, a first user assigned to the first access A, the first access to a second user assigned to the B
- When the first user to access the second time continue to be assigned to the A, B will still be assigned to the second user when the second access, as long as the load equalizer does not restart the scheduler, a first user access are assigned a, the second user access are assigned to B, to achieve the cluster scheduling
- This scheduling algorithm is to realize the benefits of keeping the session, but some lead when IP traffic is very large | from the load imbalance, a large part of the node traffic, affecting business use
Haproxy log management
Haproxy log to syslog default output system, is generally defined in a production environment it alone
The method defined in step
-
Haproxy modify the configuration file on the logging configuration options, adding configuration:
log /devlog local0 info log /dev/log local0 notice - Rsyslog modified configuration, the configuration is defined independently Haproxy related to haproxy.conf, and placed under /etc/rsyslog.d/
- Save the configuration file and restart the rsyslog service, complete rsyslog configuration
Haproxy parameter optimization
With increasing corporate website load, haproxy very important parameter optimization
maxconn:最大连接数,根据应用实际情况进行调整,推荐使用10240
daemon:守护进程模式,Haproxy可以使用非守护进程模式启动,建议使用守护进程模式启动
nbproc:负载均衡的并发进程数,建议与当前服务器CPU核数相等或为其2倍
retries:重试次数,主要用于对集群节点的检查,如果节点多,且并发量大,设置为2次或3次
option http-server-close:主动关闭http请求选项,建议在生产环境中使用此选项
timeout http-keep-alive:长连接超时时间,设置长连接超时时间可以设置为10s
timeout http-request:http请求超时时间,建议将此时间设置为5~10s,增加http连接释放速度
timeout client:客户端超时时间,如果访问量过大,节点响应慢可以将此时间设置短一些,建议设置为1min左右就可以了Experimental topology
lab environment
Haporxy服务器:192.168.100.210
Nginx服务器1:192.168.100.201
Nginx服务器2:192.168.100.202
client测试机:192.168.100.1001, are required to install the experimental environment package on three Linux servers
Nginx服务器1:
[root@localhost ~]# yum install -y pcre-devel zlib-devel gcc gcc-c++ make
Nginx服务器2:
[root@localhost ~]# yum install -y pcre-devel zlib-devel gcc gcc-c++ make
Haporxy服务器:
[root@localhost ~]# yum install -y pcre-devel bzip2-devel gcc gcc-c++ make2, the network model are four virtual machines to host only mode (same)
3, the host share out the desired Toolkit
Nginx server configuration 1
1, a fixed IP address
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static #dhcp改为static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=8ecd53ce-afdb-46f8-b7ff-b2f428a3bc8f
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.100.201 #IP地址
NETMASK=255.255.255.0 #子网掩码
GATEWAY=192.168.100.1 #网关
[root@localhost ~]# systemctl restart network #重启网络服务
[root@localhost ~]# ifconfig #查看网卡信息
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.201 netmask 255.255.255.0 broadcast 192.168.100.255 #IP地址配置成功
inet6 fe80::c776:9d00:618:88f2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:eb:34:07 txqueuelen 1000 (Ethernet)
RX packets 51789 bytes 75688349 (72.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7987 bytes 543001 (530.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 02, the tool mount, extract Nginx Source Package
[root@localhost ~]# mkdir /mnt/tools #创建挂载点
[root@localhost ~]# mount.cifs //192.168.100.100/tools /mnt/tools/ #挂载
Password for root@//192.168.100.100/tools:
[root@localhost ~]# cd /mnt/tools/LNMP/
[root@localhost LNMP]# ls
Discuz_X3.4_SC_UTF8.zip nginx-1.12.2.tar.gz php-7.1.20.tar.gz
mysql-boost-5.7.20.tar.gz php-7.1.10.tar.bz2
[root@localhost LNMP]# tar zxf nginx-1.12.2.tar.gz -C /opt/ #解压源码包
[root@localhost LNMP]# cd /opt/
[root@localhost opt]# ls
nginx-1.12.2 rh
[root@localhost opt]# 3, compile and install Nginx Service
[root@localhost opt]# cd nginx-1.12.2/
[root@localhost nginx-1.12.2]# ls
auto CHANGES CHANGES.ru conf configure contrib html LICENSE man README src
[root@localhost nginx-1.12.2]# useradd -M -s /sbin/nologin nginx #创建nginx用户
[root@localhost nginx-1.12.2]# ./configure \ #配置Nginx服务
> --prefix=/usr/local/nginx \ #安装路径
> --user=nginx \ #属主
> --group=nginx \ #属组
> --with-http_stub_status_module
#启用ngx_http_stub_status_module支持(获取nginx自上次启动以来的工作状态)
[root@localhost nginx-1.12.2]# make && make install #编译安装Nginx服务4, configure Nginx service site home page, and open service
[root@localhost nginx-1.12.2]# cd /usr/local/nginx/html/
[root@localhost html]# echo "this is abc web" > index.html #创建站点首页
[root@localhost html]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/ #建立软链接
[root@localhost html]# nginx -t #检查配置文件语法
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost html]# nginx #开启服务
[root@localhost html]# netstat -ntap | grep 80 #查看端口
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 18683/nginx: master
[root@localhost html]# systemctl stop firewalld.service #关闭防火墙
[root@localhost html]# setenforce 0 #关闭增强型安全功能
[root@localhost html]# 5, test access Nginx Service
Nginx server configuration 2
1, a fixed IP address
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static #dhcp改为static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=09073596-a7cf-404c-a098-28c3ff58c44b
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.100.202 #IP地址
NETMASK=255.255.255.0 #子网掩码
GATEWAY=192.168.100.1 #网关
[root@localhost ~]# systemctl restart network #重启网络服务
[root@localhost ~]# ifconfig #查看网卡信息
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.202 netmask 255.255.255.0 broadcast 192.168.100.255 #IP地址配置成功
inet6 fe80::5134:22f5:842b:5201 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:0d:f1:75 txqueuelen 1000 (Ethernet)
RX packets 50790 bytes 74736905 (71.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7366 bytes 466513 (455.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 02, the tool mount, extract Nginx Source Package
[root@localhost ~]# mkdir /mnt/tools #创建挂载点
[root@localhost ~]# mount.cifs //192.168.100.100/tools /mnt/tools/ #挂载
Password for root@//192.168.100.100/tools:
[root@localhost ~]# cd /mnt/tools/LNMP/
[root@localhost LNMP]# ls
Discuz_X3.4_SC_UTF8.zip nginx-1.12.2.tar.gz php-7.1.20.tar.gz
mysql-boost-5.7.20.tar.gz php-7.1.10.tar.bz2
[root@localhost LNMP]# tar zxf nginx-1.12.2.tar.gz -C /opt/ #解压源码包
[root@localhost LNMP]# cd /opt/
[root@localhost opt]# ls
nginx-1.12.2 rh
[root@localhost opt]# 3, compile and install Nginx Service
[root@localhost opt]# cd nginx-1.12.2/
[root@localhost nginx-1.12.2]# ls
auto CHANGES CHANGES.ru conf configure contrib html LICENSE man README src
[root@localhost nginx-1.12.2]# useradd -M -s /sbin/nologin nginx #创建nginx用户
[root@localhost nginx-1.12.2]# ./configure \ #配置Nginx服务
> --prefix=/usr/local/nginx \ #安装路径
> --user=nginx \ #属主
> --group=nginx \ #属组
> --with-http_stub_status_module
#启用ngx_http_stub_status_module支持(获取nginx自上次启动以来的工作状态)
[root@localhost nginx-1.12.2]# make && make install #编译安装Nginx服务4, configure Nginx service site home page, and open service
[root@localhost nginx-1.12.2]# cd /usr/local/nginx/html/
[root@localhost html]# echo "this is xyz web" > index.html #创建站点首页
[root@localhost html]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/ #建立软链接
[root@localhost html]# nginx -t #检查配置文件语法
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost html]# nginx #开启服务
[root@localhost html]# netstat -ntap | grep 80 #查看端口
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 18683/nginx: master
[root@localhost html]# systemctl stop firewalld.service #关闭防火墙
[root@localhost html]# setenforce 0 #关闭增强型安全功能
[root@localhost html]# 5, test access Nginx Service
Haproxy Server Configuration
1, a fixed IP address
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static #dhcp改为static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=3ceed540-b04c-48d6-a4f7-79951f09ea1d
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.100.210 #IP地址
NETMASK=255.255.255.0 #子网掩码
GATEWAY=192.168.100.1 #网关
[root@localhost ~]# systemctl restart network #重启网络服务
[root@localhost ~]# ifconfig #查看网卡信息
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.210 netmask 255.255.255.0 broadcast 192.168.100.255 #IP地址配置成功
inet6 fe80::3e1d:31ba:f66a:6f80 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:95:9b:1b txqueuelen 1000 (Ethernet)
RX packets 51747 bytes 75871654 (72.3 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7407 bytes 470471 (459.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 02, compile and install haproxy Service
[root@localhost ~]# mkdir /mnt/tools #创建挂载点
[root@localhost ~]# mount.cifs //192.168.100.100/tools /mnt/tools/ #挂载
Password for root@//192.168.100.100/tools:
[root@localhost ~]# cd /mnt/tools/MySQL/
[root@localhost MySQL]# ls
amoeba-mysql-binary-2.2.0.tar.gz haproxy-1.5.19.tar.gz mysql-5.5.24.tar.gz
boost_1_59_0.tar.gz jdk-6u14-linux-x64.bin mysql-5.7.17.tar.gz
[root@localhost MySQL]# tar zxf haproxy-1.5.19.tar.gz -C /opt/ #解压haproxy源码包
[root@localhost MySQL]# cd /opt/
[root@localhost opt]# ls
haproxy-1.5.19 rh
[root@localhost opt]#
[root@localhost opt]# cd haproxy-1.5.19/
[root@localhost haproxy-1.5.19]# make TARGET=linux26 #编译haproxy服务
[root@localhost haproxy-1.5.19]# make install #安装haproxy服务3, configure the service haproxy
[root@localhost haproxy-1.5.19]# mkdir /etc/haproxy #创建配置文件目录
[root@localhost haproxy-1.5.19]# cp examples/haproxy.cfg /etc/haproxy/ #模板复制到配置目录下
[root@localhost haproxy-1.5.19]# vim /etc/haproxy/haproxy.cfg #编辑配置文件
chroot /usr/share/haproxy ##注释掉
redispatch ##注释掉
# this config needs haproxy-1.1.28 or haproxy-1.2.1
#为全局配置
global
log 127.0.0.1 local0 #配置日志记,local0为日志设备,默认存放到系统日志
log 127.0.0.1 local1 notice #notice为 日志级别,通常有24个级别
#log loghost local0 info
maxconn 4096 #最大连接数
uid 99 #用户uid
gid 99 #用户gid
daemon
#debug
#quiet
#defaults配置项配置默认参数,一般会被应用组件继承,如果在应用组件中没有特别声明,将安装默认配置参数设置
defaults
log global #定义日志为global配置中的日志定义
mode http #模式为http
option httplog #采用http日志格式记录日志
option dontlognull #日志不为空
retries 3 #检查节点服务器失败连续达到三次则认为节点不可用
maxconn 2000 #最大连接数
contimeout 5000 #连接超时时间
clitimeout 50000 #客户端超时时间
srvtimeout 50000 #服务器超时时间
listen webcluster 0.0.0.0:80
option httpchk GET /index.html #检查服务器的index.html文件
balance roundrobin #负载均衡调度算法使用轮询算法
server inst1 192.168.100.201:80 check inter 2000 fall 3 #定义备份节点,健康检查请求三次
server inst2 192.168.100.202:80 check inter 2000 fall 3
[root@localhost haproxy-1.5.19]# cp /opt/haproxy-1.5.19/examples/haproxy.init /etc/init.d/haproxy #启动文件
[root@localhost haproxy-1.5.19]# chmod +x /etc/init.d/haproxy #添加执行权限
[root@localhost haproxy-1.5.19]# chkconfig --add haproxy #添加到service
[root@localhost haproxy-1.5.19]# ln -s /usr/local/sbin/haproxy /usr/sbin/ #便于系统识别
[root@localhost haproxy-1.5.19]#
[root@localhost haproxy-1.5.19]# service haproxy start #开启服务
Starting haproxy (via systemctl): [ 确定 ]
[root@localhost haproxy-1.5.19]# systemctl stop firewalld.service #关闭防火墙
[root@localhost haproxy-1.5.19]# setenforce 0 #关闭增强型安全功能
[root@localhost haproxy-1.5.19]# 4, access server IP address with the test haproxy host
5, log define, modify configuration files haproxy
[root@localhost haproxy-1.5.19]# cd /etc/haproxy/
[root@localhost haproxy]# vim haproxy.cfg
log /dev/log local0 info #添加
log /dev/log local0 notice #添加
#log 127.0.0.1 local0 #注释
#log 127.0.0.1 local1 notice #注释
[root@haproxy haproxy]# service haproxy restart ##重启服务
[root@haproxy haproxy]# touch /etc/rsyslog.d/haproxy.conf ##创建系统日志haproxy配置文件
[root@haproxy haproxy]# vim /etc/rsyslog.d/haproxy.conf
if ($programname == 'haproxy' and $syslogseverity-text == 'info') ##根据级别创建不同的日志文件
then -/var/log/haproxy/haproxy-info.log
&~
if ($programname == 'haproxy' and $syslogseverity-text == 'notice')
then -/var/log/haproxy/haproxy-notice.log
&~
[root@haproxy haproxy]# systemctl restart rsyslog.service ##重启系统日志服务
[root@haproxy haproxy]# cd /var/log/ ##此时是没有haproxy日志
##重新访问网页
[root@haproxy haproxy]# cd /var/log/haproxy/
[root@haproxy haproxy]# ls ##此时就生成了info级别的日志文件
haproxy-info.log