haproxy+keepalive双主高可用实现负载均衡

前面我已经介绍了haproxy结合keepalive做简单的双主高可用，如果不清楚的话，可以去我的上一
篇博客http://3381847248.blog.51cto.com/13408601/1977014看看，根据haproxy的性能和特点，我们可以对haproxy进行优化调整，体现出haproxy的价值。
假设一家公司有多台后端web服务器（或者多台图片服务器），每一台web服务器都有自己唯一的域
名，在还没有做haproxy之前，我们需要把域名的对应关系给写到hosts文件里或者需要在DNS服务器上进
行配置，这样的话，就会给我们后端的服务器带来一定的风险；通过haproxy，我们可以把域名都解析到
haproxy服务器上，然后通过haproxy服务器进行转发，当我需要访问某个域名的时候，haproxy服务器就
会跳到那个域名所对应的后端服务器上，而我后端服务器只开放所需要的端口，这样就大大减少了对后
端服务器的风险了。

实验环境

拓扑图：

主机	ip	域名	角色
haproxy-1	10.0.0.11		haproxy+keepalive	vip1:10.0.0.100 vip2:10.0.0.200
haproxy-2	10.0.0.12		haproxy+keepalive
web-1	10.0.0.13	img.test.com	web服务器
web-2	10.0.0.14	www.test.com	web服务器
web-3	10.0.0.15	web.test.com	web服务器
client	10.0.0.5		client

开始配置

1、配置好各主机ip地址，关闭selinux和防火墙，修改hosts文件
##修改hosts文件

[root@haproxy-1 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.100  img.test.com www.test.com web.test.com
10.0.0.200  img.test.com www.test.com web.test.com

[root@haproxy-2 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.100  img.test.com www.test.com web.test.com
10.0.0.200  img.test.com www.test.com web.test.com

[root@web1 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.13   img.test.com

[root@web2 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.14   www.test.com

[root@web-3 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.15 web.test.com

[root@client ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.100  img.test.com www.test.com web.test.com
10.0.0.200  img.test.com www.test.com web.test.com

2、配置web服务器

##安装Apache
yum install -y httpd
##具体配置略
##查看web网页
[root@web1 ~]# curl 10.0.0.13
10.0.0.13 img.test.com
[root@web2 ~]# curl 10.0.0.14
10.0.0.14 www.test.com
[root@web-3 ~]# curl 10.0.0.15
10.0.0.15:80 web.test.com
[root@web-3 ~]# curl 10.0.0.15:8080
10.0.0.15:8080

3、配置haproxy

3.1、安装haproxy

yum install -y haproxy

##性能调优相关参数：
maxconn <number>：         //设定单haproxy进程的最大并发连接数；
maxconnrate <number>：   //设定单haproxy进程每秒接受的连接数；
maxsslconn <number>：     //设定单haproxy进程的ssl连接最大并发连接数；
maxsslrate <number>：       //单haproxy进程的ssl连接的创建速率上限；
spread-checks <0..50, in percent>
tune.rcvbuf.client <number>   //接收客户端请求的缓冲大小
tune.rcvbuf.server <number>  //接收服务端响应的缓冲大小
tune.sndbuf.client <number>  //向客户端发送响应的缓冲大小
tune.sndbuf.server <number> //向服务端发送请求的缓冲大小
tune.ssl.cachesize <number>   //ssl会话的缓存大小
tune.ssl.lifetime <timeout>      //ssl会话缓存的有效时长

##配置参数：
bind：
作用：设定监听的地址和端口；
语法：bind [<address>]:<port_range> [, ...]
使用位置：frontend，listen
mode { tcp|http|health }
作用：定义haproxy的工作模型：
tcp：基于layer4实现代理，可代理大多数基于tcp的应用层协议，例如ssh，mysql，pgsql等；
http：客户端的http请求会被深度解析；
health：工作为健康状态检查响应模式，当请求到达时仅回应“OK”即断开连接；

开启统计页面，相关信息：
maxconn <conns>：最大并发连接数，默认为2000，使用位置：frontend、default、listen

stats enable：作用：启用内建的统计页，在缺少其它必要的参数时，会使用默认配置；
默认配置：
- stats uri   : /haproxy?stats
- stats realm : "HAProxy Statistics"
- stats auth  : no authentication
- stats scope : no restriction
说明：
stats uri <prefix>：自定义stats页面的uri；
stats realm <realm>：启用统计信息并设置身份认证域。
stats auth <user>:<passwd>：定义认证使用的账号和密码；
stats hide-version：隐藏版本信息
stats refresh <delay>：自动刷新相关页面的时间间隔；
stats admin { if | unless } <cond>：条件满足时启用stats内建的管理功能接口；不建议启用，有安全隐患

##ACL匹配的如下所示：
1、ACL derivatives :
path     : exact string match（字符窜精确匹配）
path_beg : prefix match（前缀匹配）
path_dir : subdir match（子目录匹配）
path_dom : domain match（域匹配）
path_end : suffix match（后缀匹配）
path_len : length match（长度匹配）
path_reg : regex match（正则匹配）
path_sub : substring match（子串匹配）
例如：
acl test_path path -i  /test.txt  ##匹配具体路径
acl test_path_beg  path_beg -i /test.  #匹配前缀包含
acl test_path_end  path_end -i .html        ##匹配.html结尾

2、可以基于字符串做检测：
req.hdr([<name>[,<occ>]]) : string
对请求报文中的内容做检查
This extracts the last occurrence of header <name> in an HTTP request.
ACL derivatives :
hdr([<name>[,<occ>]])          : exact string match
hdr_beg([<name>[,<occ>]])  : prefix match
hdr_dir([<name>[,<occ>]])    : subdir match
hdr_dom([<name>[,<occ>]]) : domain match
hdr_end([<name>[,<occ>]])  : suffix match
hdr_len([<name>[,<occ>]])   : length match
hdr_reg([<name>[,<occ>]])   : regex match
hdr_sub([<name>[,<occ>]])  : substring match
res.hdr([<name>[,<occ>]]) : string
对响应报文中的内容做检测
ACL derivatives :
shdr([<name>[,<occ>]])          : exact string match
shdr_beg([<name>[,<occ>]])  : prefix match
shdr_dir([<name>[,<occ>]])    : subdir match
shdr_dom([<name>[,<occ>]]) : domain match
shdr_end([<name>[,<occ>]])   : suffix match
shdr_len([<name>[,<occ>]])   : length match
shdr_reg([<name>[,<occ>]])   : regex match
shdr_sub([<name>[,<occ>]])   : substring match

3.2、配置haproxy日志文件

##添加日志（haproxy.cfg）:
[root@haproxy-1 haproxy]# vim haproxy.cfg
log         127.0.0.1 local2

##修改syslog.conf：
[root@haproxy-1 haproxy]# vim /etc/rsyslog.conf
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

local2.*         /var/log/haproxy.log

##重启两个服务即可看到日志文件：
[root@haproxy-1 ~]# systemctl restart rsyslog
[root@haproxy-1 ~]# systemctl restart haproxy
[root@haproxy-1 ~]# cd /var/log/
[root@haproxy-1 log]# ls haproxy.log
haproxy.log

##把日志文件配置同步到主机haproxy-2上
[root@haproxy-1 ~]# scp /etc/haproxy/haproxy.cfg 10.0.0.12:/etc/haproxy/haproxy.cfg
[root@haproxy-1 ~]# scp /etc/rsyslog.conf 10.0.0.12:/etc/rsyslog.conf
[root@haproxy-2 ~]# systemctl restart rsyslog
[root@haproxy-2 ~]# systemctl restart haproxy

3.3、配置haproxy（两台机的配置是一样的）

[root@haproxy-1 ~]# cat /etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# Example configuration for a possible web application.  See the
# full configuration options online.
#
#   http://haproxy.1wt.eu/download/1.4/doc/configuration.txt #
#---------------------------------------------------------------------

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events.  This is done
#    by adding the '-r' option to the SYSLOGD_OPTIONS in
#    /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
#   file. A line like the following can be added to
#   /etc/sysconfig/syslog
#
#    local2.*                       /var/log/haproxy.log
#
log         127.0.0.1 local2

chroot      /var/lib/haproxy
pidfile     /var/run/haproxy.pid
maxconn     4000
user        haproxy
group       haproxy
daemon

# turn on stats unix socket
stats socket /var/lib/haproxy/stats

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode                    http
log                     global
option                  httplog
option                  dontlognull
option http-server-close
option forwardfor       except 127.0.0.0/8
option                  redispatch
retries                 3
timeout http-request    10s
timeout queue           1m
timeout connect         10s
timeout client          1m
timeout server          1m
timeout http-keep-alive 10s
timeout check           10s
maxconn                 3000

#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend  main *:80
stats enable     ##添加监控页面
stats uri /test?stats   ##自定义URL
stats realm Stats\ Page\ Area    ##去掉空格转译
stats auth  admin:admin      ##配置账号密码
stats refresh 5s         ##没5s刷新一次
stats hide-version       ##隐藏版本信息
stats admin if TRUE
maxconn 10000    ##定义最大并发为10000

acl url_static       path_beg       -i /static /images /javascript /stylesheets
##匹配目录是如下的地址
acl url_static       path_end       -i .jpg .gif .png .css .js
##匹配结尾是.jpg.gif的地址

acl usr_www hdr(host) -i www.test.com
acl usr_img hdr(host) -i img.test.com
acl usr_web hdr_end(host) -i .test.com   ##所有访问test.com的二级域名的，都转发到hdr_end这个位置
use_backend img if usr_img
use_backend www if usr_www
use_backend web if usr_web
use_backend static          if url_static
default_backend             web

backend static
balance     roundrobin
server      static 127.0.0.1:4331 check

backend img
balance     roundrobin
server  web-1 10.0.0.13:80    check inter 2000 rise 3 fall 3 weight 3
#check inter 2000 是检测心跳频率(check 默认 );
#rise 3 表示 3次正确认为服务器可用;
#fall 3 表示 3次失败认为服务器不可用;
#weight 表示权重。

backend www
balance     roundrobin
server  web-2 10.0.0.14:80    check inter 2000 rise 3 fall 3 weight 3

backend web
balance     roundrobin
server  web-3 10.0.0.15:80    check inter 2000 rise 3 fall 3 weight 3
server  web-3 10.0.0.15:8080  check inter 2000 rise 3 fall 3 weight 3

##启动haproxy

[root@haproxy-1 haproxy]# systemctl restart haproxy
[root@haproxy-2 ~]# systemctl restart haproxy

3.4、配置keepalive

##安装keepalive
[root@haproxy-1 ~]# yum install -y keepalived
[root@haproxy-2 ~]# yum install -y keepalived

##haproxy-1的keepalive配置文件

[root@haproxy-1 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived

vrrp_script check_haproxy {
script "/etc/keepalived/check_haproxy.sh"
interval 2
weight 2
}
global_defs {
notification_email {
acassen@firewall.loc
}
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 50
nopreempt
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
10.0.0.100
}
track_script {
check_haproxy
}
}
vrrp_instance VI_2 {
state BACKUP
interface ens33
virtual_router_id 51
nopreempt
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
10.0.0.200
}
track_script {
check_haproxy
}
}

##haproxy-2的keepalive配置文件

[root@haproxy-2 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived

vrrp_script check_haproxy {
script "/etc/keepalived/check_haproxy.sh"
interval 2
weight 2
}
global_defs {
notification_email {
acassen@firewall.loc
}
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 50
nopreempt
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
10.0.0.100
}
track_script {
check_haproxy
}
}
vrrp_instance VI_2 {
state MASTER
interface ens33
virtual_router_id 51
nopreempt
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
10.0.0.200
}
track_script {
check_haproxy
}
}

##haproxy检测脚本

[root@haproxy-1 ~]# cat /etc/keepalived/check_haproxy.sh
#!/bin/bash
h=`ps -C haproxy --no-header |wc -l`
if [ $h -eq 0 ];then
systemctl stop keepalived
fi
[root@haproxy-1 ~]# chmod a+x /etc/keepalived/check_haproxy.sh
[root@haproxy-2 ~]# cat /etc/keepalived/check_haproxy.sh
#!/bin/bash
h=`ps -C haproxy --no-header |wc -l`
if [ $h -eq 0 ];then
systemctl stop keepalived
fi
[root@haproxy-2 ~]# chmod a+x /etc/keepalived/check_haproxy.sh

##启动keepalive

[root@haproxy-1 ~]# systemctl restart keepalived
[root@haproxy-1 ~]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Active: active (running) since Sat 2017-10-28 16:00:23 CST; 12s ago
Process: 3806 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 3807 (keepalived)
CGroup: /system.slice/keepalived.service
├─3807 /usr/sbin/keepalived -D
├─3808 /usr/sbin/keepalived -D
└─3809 /usr/sbin/keepalived -D
Oct 28 16:00:28 haproxy-1 Keepalived_vrrp[3809]: Sending gratuitous ARP on ens33 for 10.0.0.200
Oct 28 16:00:29 haproxy-1 Keepalived_vrrp[3809]: VRRP_Instance(VI_2) Received advert with higher priori... 102
Oct 28 16:00:29 haproxy-1 Keepalived_vrrp[3809]: VRRP_Instance(VI_2) Entering BACKUP STATE
Oct 28 16:00:29 haproxy-1 Keepalived_vrrp[3809]: VRRP_Instance(VI_2) removing protocol VIPs.
Oct 28 16:00:30 haproxy-1 Keepalived_vrrp[3809]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 28 16:00:30 haproxy-1 Keepalived_vrrp[3809]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs o....100
Oct 28 16:00:30 haproxy-1 Keepalived_vrrp[3809]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 28 16:00:30 haproxy-1 Keepalived_vrrp[3809]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 28 16:00:30 haproxy-1 Keepalived_vrrp[3809]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 28 16:00:30 haproxy-1 Keepalived_vrrp[3809]: Sending gratuitous ARP on ens33 for 10.0.0.100
Hint: Some lines were ellipsized, use -l to show in full.
[root@haproxy-1 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:1d:7a:63 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.11/24 brd 10.0.0.255 scope global ens33
valid_lft forever preferred_lft forever
inet 10.0.0.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::8ec5:50ac:d71:20d7/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::f87c:449f:eb4a:ba03/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever

[root@haproxy-2 ~]# systemctl restart keepalived
[root@haproxy-2 ~]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Active: active (running) since Sat 2017-10-28 16:00:28 CST; 19s ago
Process: 27168 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 27169 (keepalived)
CGroup: /system.slice/keepalived.service
├─27169 /usr/sbin/keepalived -D
├─27170 /usr/sbin/keepalived -D
└─27171 /usr/sbin/keepalived -D
Oct 28 16:00:29 haproxy-2 Keepalived_vrrp[27171]: Sending gratuitous ARP on ens33 for 10.0.0.200
Oct 28 16:00:29 haproxy-2 Keepalived_vrrp[27171]: Sending gratuitous ARP on ens33 for 10.0.0.200
Oct 28 16:00:29 haproxy-2 Keepalived_vrrp[27171]: Sending gratuitous ARP on ens33 for 10.0.0.200
Oct 28 16:00:29 haproxy-2 Keepalived_vrrp[27171]: Sending gratuitous ARP on ens33 for 10.0.0.200
Oct 28 16:00:34 haproxy-2 Keepalived_vrrp[27171]: Sending gratuitous ARP on ens33 for 10.0.0.200
Oct 28 16:00:34 haproxy-2 Keepalived_vrrp[27171]: VRRP_Instance(VI_2) Sending/queueing gratuitous ARPs o...200
Oct 28 16:00:34 haproxy-2 Keepalived_vrrp[27171]: Sending gratuitous ARP on ens33 for 10.0.0.200
Oct 28 16:00:34 haproxy-2 Keepalived_vrrp[27171]: Sending gratuitous ARP on ens33 for 10.0.0.200
Oct 28 16:00:34 haproxy-2 Keepalived_vrrp[27171]: Sending gratuitous ARP on ens33 for 10.0.0.200
Oct 28 16:00:34 haproxy-2 Keepalived_vrrp[27171]: Sending gratuitous ARP on ens33 for 10.0.0.200
Hint: Some lines were ellipsized, use -l to show in full.
[root@haproxy-2 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:76:bf:48 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.12/24 brd 10.0.0.255 scope global ens33
valid_lft forever preferred_lft forever
inet 10.0.0.200/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::f87c:449f:eb4a:ba03/64 scope link
valid_lft forever preferred_lft forever

##在client上访问

[root@client ~]# curl img.test.com
10.0.0.13 img.test.com
[root@client ~]# curl www.test.com
10.0.0.14 www.test.com
[root@client ~]# curl web.test.com
10.0.0.15:80 web.test.com
[root@client ~]# curl web.test.com
10.0.0.15:8080
[root@client ~]# curl web.test.com
10.0.0.15:80 web.test.com
[root@client ~]# curl web.test.com
10.0.0.15:8080

##查看监控界面，打开浏览器，输入10.0.0.100/test?stats，输入之前设置的账号密码(admin:admin)，如图1，之后就可以看到我们配置的haproxy的内容了，如图2和图3。



图1

图2

图3
验证
当haproxy-1上的haproxy服务宕掉了之后，vip1就会从haproxy-1上飘到haproxy-2上，也就是说haproxy-2上有两个vip，而且还能正常访问web服务

##在haproxy-1上查看keepalive和vip的状态，可以看到vip已经不在了

[root@haproxy-1 ~]# systemctl stop haproxy
[root@haproxy-1 ~]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Oct 28 16:50:36 haproxy-1.test.com Keepalived_vrrp[11327]: Sending gratuitous ARP on ens33 for 10.0.0.200
Oct 28 16:50:36 haproxy-1.test.com Keepalived_vrrp[11327]: Sending gratuitous ARP on ens33 for 10.0.0.200
Oct 28 16:50:36 haproxy-1.test.com Keepalived_vrrp[11327]: VRRP_Instance(VI_2) Received advert with high...102
Oct 28 16:50:36 haproxy-1.test.com Keepalived_vrrp[11327]: VRRP_Instance(VI_2) Entering BACKUP STATE
Oct 28 16:50:36 haproxy-1.test.com Keepalived_vrrp[11327]: VRRP_Instance(VI_2) removing protocol VIPs.
Oct 28 18:28:11 haproxy-1 Keepalived[11325]: Stopping
Oct 28 18:28:11 haproxy-1 systemd[1]: Stopping LVS and VRRP High Availability Monitor...
Oct 28 18:28:11 haproxy-1 Keepalived_vrrp[11327]: VRRP_Instance(VI_1) sent 0 priority
Oct 28 18:28:11 haproxy-1 Keepalived_vrrp[11327]: VRRP_Instance(VI_1) removing protocol VIPs.
Oct 28 18:28:12 haproxy-1 systemd[1]: Stopped LVS and VRRP High Availability Monitor.
Hint: Some lines were ellipsized, use -l to show in full.
[root@haproxy-1 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:1d:7a:63 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.11/24 brd 10.0.0.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::8ec5:50ac:d71:20d7/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::f87c:449f:eb4a:ba03/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever

##在haproxy-2上查看keepalive和vip的状态，可以看到vip1已经从haproxy-1飘到haproxy-2上了

[root@haproxy-2 ~]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Active: active (running) since Sat 2017-10-28 16:50:35 CST; 1h 41min ago
Process: 34787 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 34788 (keepalived)
CGroup: /system.slice/keepalived.service
├─34788 /usr/sbin/keepalived -D
├─34789 /usr/sbin/keepalived -D
└─34790 /usr/sbin/keepalived -D
Oct 28 18:28:12 haproxy-2 Keepalived_vrrp[34790]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 28 18:28:12 haproxy-2 Keepalived_vrrp[34790]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 28 18:28:12 haproxy-2 Keepalived_vrrp[34790]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 28 18:28:12 haproxy-2 Keepalived_vrrp[34790]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 28 18:28:17 haproxy-2 Keepalived_vrrp[34790]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 28 18:28:17 haproxy-2 Keepalived_vrrp[34790]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs o...100
Oct 28 18:28:17 haproxy-2 Keepalived_vrrp[34790]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 28 18:28:17 haproxy-2 Keepalived_vrrp[34790]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 28 18:28:17 haproxy-2 Keepalived_vrrp[34790]: Sending gratuitous ARP on ens33 for 10.0.0.100
Oct 28 18:28:17 haproxy-2 Keepalived_vrrp[34790]: Sending gratuitous ARP on ens33 for 10.0.0.100
Hint: Some lines were ellipsized, use -l to show in full.
[root@haproxy-2 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:76:bf:48 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.12/24 brd 10.0.0.255 scope global ens33
valid_lft forever preferred_lft forever
inet 10.0.0.200/32 scope global ens33
valid_lft forever preferred_lft forever
inet 10.0.0.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::f87c:449f:eb4a:ba03/64 scope link
valid_lft forever preferred_lft forever

##访问web服务

[root@client ~]# curl img.test.com
10.0.0.13 img.test.com
[root@client ~]# curl img.test.com
10.0.0.13 img.test.com
[root@client ~]# curl www.test.com
10.0.0.14 www.test.com
[root@client ~]# curl www.test.com
10.0.0.14 www.test.com
[root@client ~]# curl web.test.com
10.0.0.15:80 web.test.com
[root@client ~]# curl web.test.com
10.0.0.15:8080
[root@client ~]# curl web.test.com
10.0.0.15:80 web.test.com
[root@client ~]# curl web.test.com
10.0.0.15:8080

##访问监控页面






这次的优化haproxy的实验就已经到此结束了。如果有写错的地方，欢迎各位大神指出来，我会去改正的。如果有写的不好的地方，请多多见谅！！！