--------------------------------------------------------------------------------------------------------------------------
關閉 SElinux、配置防火牆(Haproxy_Keepalived_Master 和 Haproxy_Keepalived_Backup兩臺機器都要操作)
[root@Haproxy_Keepalived_Master ~] # vim /etc/sysconfig/selinux
#SELINUX=enforcing #註釋掉
#SELINUXTYPE=targeted #註釋掉
SELINUX=disabled #增加
[root@Haproxy_Keepalived_Master ~] # setenforce 0 #臨時關閉selinux。上面文件配置後,重啓機器後就永久生效。
注意下面182.148.15.0 /24 是服務器的公網網段,192.168.1.0 /24 是服務器的私網網段
一定要注意:加上這個組播規則後,MASTER和BACKUP故障時,才能實現VIP資源的正常轉移。其故障恢復後,VIP也還會正常轉移回來。
[root@Haproxy_Keepalived_Master ~] # vim /etc/sysconfig/iptables
.......
-A INPUT -s 182.148.15.0 /24 -d 224.0.0.18 -j ACCEPT #允許組播地址通信。
-A INPUT -s 192.168.1.0 /24 -d 224.0.0.18 -j ACCEPT
-A INPUT -s 182.148.15.0 /24 -p vrrp -j ACCEPT #允許 VRRP(虛擬路由器冗餘協)通信
-A INPUT -s 192.168.1.0 /24 -p vrrp -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
[root@Haproxy_Keepalived_Master ~] # /etc/init.d/iptables restart
----------------------------------------------------------------------------------------------------------------------
下載Haproxy地址:http: //www .haproxy.org /download/1 .6 /src/
1)安裝Haproxy(Haproxy_Keepalived_Master 和 Haproxy_Keepalived_Backup兩臺機器都要操作) 注意:安裝之前,先執行yum install gcc gcc -c++ make openssl-devel kernel-devel
[root@Haproxy_Keepalived_Master src] # wget http://www.haproxy.org/download/1.6/src/haproxy-1.6.12.tar.gz
[root@Haproxy_Keepalived_Master src] # tar -zvxf haproxy-1.6.12.tar.gz
[root@Haproxy_Keepalived_Master src] # cd haproxy-1.6.12
[root@Haproxy_Keepalived_Master haproxy-1.6.12] # make TARGET=linux26 CPU=x86_64 PREFIX=/usr/local/haprpxy USE_OPENSSL=1 ADDLIB=-lz
參數說明:
TARGET=linux26 #使用 uname -r 查看內核,如:2.6.32-642.el6.x86_64,此時該參數就爲linux26
CPU=x86_64 #使用 uname -r 查看系統信息,如 x86_64 GNU/Linux,此時該參數就爲 x86_64
PREFIX= /usr/local/haprpxy #haprpxy 安裝路徑
[root@Haproxy_Keepalived_Master haproxy-1.6.12] # ldd haproxy | grep ssl
libssl.so.10 => /usr/lib64/libssl .so.10 (0x00007f6f3d9b2000)
[root@Haproxy_Keepalived_Master haproxy-1.6.12] # make install PREFIX=/usr/local/haproxy
[root@Haproxy_Keepalived_Master haproxy-1.6.12] # mkdir -p /usr/local/haproxy/conf
[root@Haproxy_Keepalived_Master haproxy-1.6.12] # mkdir -p /etc/haproxy
[root@Haproxy_Keepalived_Master haproxy-1.6.12] # cp /usr/local/src/haproxy-1.6.12/examples/option-http_proxy.cfg /usr/local/haproxy/conf/haproxy.cfg
[root@Haproxy_Keepalived_Master haproxy-1.6.12] # ln -s /usr/local/haproxy/conf/haproxy.cfg /etc/haproxy/haproxy.cfg
[root@Haproxy_Keepalived_Master haproxy-1.6.12] # cp -r /usr/local/src/haproxy-1.6.12/examples/errorfiles /usr/local/haproxy/errorfiles
[root@Haproxy_Keepalived_Master haproxy-1.6.12] # ln -s /usr/local/haproxy/errorfiles /etc/haproxy/errorfiles
[root@Haproxy_Keepalived_Master haproxy-1.6.12] # mkdir -p /usr/local/haproxy/log
[root@Haproxy_Keepalived_Master haproxy-1.6.12] # touch /usr/local/haproxy/log/haproxy.log
[root@Haproxy_Keepalived_Master haproxy-1.6.12] # ln -s /usr/local/haproxy/log/haproxy.log /var/log/haproxy.log
[root@Haproxy_Keepalived_Master haproxy-1.6.12] # cp /usr/local/src/haproxy-1.6.12/examples/haproxy.init /etc/rc.d/init.d/haproxy
[root@Haproxy_Keepalived_Master haproxy-1.6.12] # chmod +x /etc/rc.d/init.d/haproxy
[root@Haproxy_Keepalived_Master haproxy-1.6.12] # chkconfig haproxy on
[root@Haproxy_Keepalived_Master haproxy-1.6.12] # ln -s /usr/local/haproxy/sbin/haproxy /usr/sbin
2)配置 haproxy.cfg 參數(Haproxy_Keepalived_Master 和 Haproxy_Keepalived_Backup兩臺機器都要操作)
[root@Haproxy_Keepalived_Master ~] # cp /usr/local/haproxy/conf/haproxy.cfg /usr/local/haproxy/conf/haproxy.cfg.bak
[root@Haproxy_Keepalived_Master ~] # vim /usr/local/haproxy/conf/haproxy.cfg
global
log 127.0.0.1 local3 info #在本機記錄日誌
maxconn 65535 #每個進程可用的最大連接數
chroot /usr/local/haproxy #haproxy 安裝目錄
uid 99 #運行haproxy的用戶uid(cat /etc/passwd 查看,這裏是nobody的uid)
gid 99 #運行haproxy的用戶組id(cat /etc/passwd 查看,這裏是nobody組id)
daemon #以後臺守護進程運行
defaults
log global
mode http #運行模式 tcp、 http、 health
retries 3 #三次連接失敗,則判斷服務不可用
option redispatch #如果後端有服務器宕機,強制切換到正常服務器
stats uri /haproxy #統計頁面 URL 路徑
stats refresh 30s #統計頁面自動刷新時間
stats realm haproxy-status #統計頁面輸入密碼框提示信息
stats auth admin:dxInCtFianKtL]36 #統計頁面用戶名和密碼
stats hide-version #隱藏統計頁面上 HAProxy 版本信息
maxconn 65535 #每個進程可用的最大連接數
timeout connect 5000 #連接超時
timeout client 50000 #客戶端超時
timeout server 50000 #服務器端超時
frontend http- in #自定義描述信息
mode http #運行模式 tcp、 http、 health
maxconn 65535 #每個進程可用的最大連接數
bind :80 #監聽 80 端口
log global
option httplog
option httpclose #每次請求完畢後主動關閉 http 通道
acl is_a hdr_beg(host) -i www.wangshibo.com #規則設置,-i 後面是要訪問的域名
acl is_b hdr_beg(host) -i www.guohuihui.com #如果多個域名,就寫多個規則,一規則對應一個域名;即後面有多個域名,就寫 is_c、 is-d….,這個名字可以隨意起。但要與下面的use_backend 對應
use_backend web-server if is_a #如果訪問 is_a 設置的域名,就負載均衡到下面backend 設置的對應 web-server 上。web-server所負載的域名要都部署到下面的web01和web02上。如果是不同的域名部署到不同的機器上,就定義不同的web-server。
use_backend web-server if is_b
backend web-server
mode http
balance roundrobin #設置負載均衡模式,source 保存 session 值,roundrobin 輪詢模式
cookie SERVERID insert indirect nocache
option httpclose
option forwardfor
server web01 182.148.15.233:80 weight 1 cookie 3 check inter 2000 rise 2 fall 5
server web02 182.148.15.238:80 weight 1 cookie 4 check inter 2000 rise 2 fall 5
注意參數解釋:inter 2000 心跳檢測時間;rise 2 三次連接成功,表示服務器正常;fall 5 三次連接失敗,表示服務器異常; weight 1 權重設置
3)啓動haproxy(Haproxy_Keepalived_Master 和 Haproxy_Keepalived_Backup兩臺機器都要操作)
[root@Haproxy_Keepalived_Master ~] # service haproxy start #啓動
[root@Haproxy_Keepalived_Master ~] # service haproxy stop #關閉
[root@Haproxy_Keepalived_Master ~] # service haproxy restart #重啓
[root@Haproxy_Keepalived_Master ~] # service haproxy status #查看服務狀態
4)設置HAProxy日誌(Haproxy_Keepalived_Master 和 Haproxy_Keepalived_Backup兩臺機器都要操作)
[root@Haproxy_Keepalived_Master ~] # vim /etc/rsyslog.conf
.......
$ModLoad imudp #取消註釋 ,這一行不註釋,日誌就不會寫
$UDPServerRun 514 #取消註釋 ,這一行不註釋,日誌就不會寫
.......
local0.* /var/log/haproxy .log #這一行可以沒有,可以不用寫
local3.* /var/log/haproxy .log #這一行必須要寫
[root@Haproxy_Keepalived_Master ~] # vim /etc/sysconfig/rsyslog
SYSLOGD_OPTIONS= "-r -m 0" #接收遠程服務器日誌
[root@Haproxy_Keepalived_Master ~] # service rsyslog restart
-------------------------------------------------------------------------------------------------------------------------
1)安裝Keepalived(Haproxy_Keepalived_Master 和 Haproxy_Keepalived_Backup兩臺機器都要操作)
[root@Haproxy_keepalived_Master ~] # yum install -y openssl-devel
[root@Haproxy_keepalived_Master ~] # cd /usr/local/src/
[root@Haproxy_keepalived_Master src] # wget http://www.keepalived.org/software/keepalived-1.3.5.tar.gz
[root@Haproxy_keepalived_Master src] # tar -zvxf keepalived-1.3.5.tar.gz
[root@Haproxy_keepalived_Master src] # cd keepalived-1.3.5
[root@Haproxy_keepalived_Master keepalived-1.3.5] # ./configure --prefix=/usr/local/keepalived
[root@Haproxy_keepalived_Master keepalived-1.3.5] # make && make install
[root@Haproxy_keepalived_Master keepalived-1.3.5] # cp /usr/local/src/keepalived-1.3.5/keepalived/etc/init.d/keepalived /etc/rc.d/init.d/
[root@Haproxy_keepalived_Master keepalived-1.3.5] # cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
[root@Haproxy_keepalived_Master keepalived-1.3.5] # mkdir /etc/keepalived/
[root@Haproxy_keepalived_Master keepalived-1.3.5] # cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
[root@Haproxy_keepalived_Master keepalived-1.3.5] # cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
[root@Haproxy_keepalived_Master keepalived-1.3.5] # echo "/etc/init.d/keepalived start" >> /etc/rc.local
[root@Haproxy_keepalived_Master keepalived-1.3.5] # chmod +x /etc/rc.d/init.d/keepalived #添加執行權限
[root@Haproxy_keepalived_Master keepalived-1.3.5] # chkconfig keepalived on #設置開機啓動
[root@Haproxy_keepalived_Master keepalived-1.3.5] # service keepalived start #啓動
[root@Haproxy_keepalived_Master keepalived-1.3.5] # service keepalived stop #關閉
[root@Haproxy_keepalived_Master keepalived-1.3.5] # service keepalived restart #重啓
2)Haproxy_Keepalived_Master服務器上的Keepalived配置如下:
[root@Haproxy_Keepalived_Master ~] # cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf-bak
[root@Haproxy_Keepalived_Master ~] # vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id HAproxy237
}
vrrp_script chk_haproxy { #HAproxy 服務監控腳本
script "/etc/keepalived/check_haproxy.sh"
interval 2
weight 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_haproxy
}
virtual_ipaddress {
182.148.15.239
}
notify_master "/etc/keepalived/clean_arp.sh 182.148.15.239"
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 52
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
182.148.15.235
}
notify_master "/etc/keepalived/clean_arp.sh 182.148.15.235"
}
3)Haproxy_Keepalived_Backup服務器上的Keepalived配置如下:
[root@Haproxy_Keepalived_Backup ~] # /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf-bak
[root@Haproxy_Keepalived_Backup ~] # vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id HAproxy236
}
vrrp_script chk_haproxy {
script "/etc/keepalived/check_haproxy.sh"
interval 2
weight 2
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_haproxy
}
virtual_ipaddress {
182.148.15.239
}
notify_master "/etc/keepalived/clean_arp.sh 182.148.15.239"
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
182.148.15.235
}
notify_master "/etc/keepalived/clean_arp.sh 182.148.15.235"
}
4)設置HAproxy服務監控腳本(Haproxy_Keepalived_Master 和 Haproxy_Keepalived_Backup兩臺機器都要操作)
[root@Haproxy_Keepalived_Master ~] # vim /etc/keepalived/check_haproxy.sh
#!/bin/bash
A=` ps -C haproxy --no-header | wc -l`
if [ $A - eq 0 ]; then
/etc/init .d /haproxy start
sleep 3
if [ ` ps -C haproxy --no-header | wc -l ` - eq 0 ]; then
/etc/init .d /keepalived stop
fi
fi
[root@Haproxy_Keepalived_Master ~] # chmod +x /etc/keepalived/check_haproxy.sh
5)設置更新虛擬服務器(VIP)地址的arp記錄到網關腳本(Haproxy_Keepalived_Master 和 Haproxy_Keepalived_Backup兩臺機器都要操作)
[root@Haproxy_Keepalived_Master ~] # vim /etc/keepalived/clean_arp.sh
#!/bin/sh
VIP=$1
GATEWAY=182.148.15.254 這個是本機的外網網卡網關地址
/sbin/arping -I eth0 -c 5 -s $VIP $GATEWAY &> /dev/null
6)系統內核優化(Haproxy_Keepalived_Master 和 Haproxy_Keepalived_Backup兩臺機器都要操作)
[root@Haproxy_Keepalived_Master ~] # echo 1024 60999 > /proc/sys/net/ipv4/ip_local_port_range
[root@Haproxy_Keepalived_Master ~] # echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
[root@Haproxy_Keepalived_Master ~] # echo 4096 > /proc/sys/net/ipv4/tcp_max_syn_backlog
[root@Haproxy_Keepalived_Master ~] # echo 262144 > /proc/sys/net/ipv4/tcp_max_tw_buckets
[root@Haproxy_Keepalived_Master ~] # echo 262144 > /proc/sys/net/ipv4/tcp_max_orphans
[root@Haproxy_Keepalived_Master ~] # echo 300 > /proc/sys/net/ipv4/tcp_keepalive_time
[root@Haproxy_Keepalived_Master ~] # echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle
[root@Haproxy_Keepalived_Master ~] # echo 0 > /proc/sys/net/ipv4/tcp_timestamps
[root@Haproxy_Keepalived_Master ~] # echo 0 > /proc/sys/net/ipv4/tcp_ecn
[root@Haproxy_Keepalived_Master ~] # echo 1 > /proc/sys/net/ipv4/tcp_sack
[root@Haproxy_Keepalived_Master ~] # echo 0 > /proc/sys/net/ipv4/tcp_dsack
7)分別啓動Haproxy_Keepalived_Master 和 Haproxy_Keepalived_Backup的keealived和haproxy服務,並查看vip
[root@Haproxy_Keepalived_Master ~] # /etc/init.d/keepalived start
[root@Haproxy_Keepalived_Master ~] # /etc/init.d/haproxy start
[root@Haproxy_Keepalived_Master ~] # ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link /loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1 /8 scope host lo
inet6 ::1 /128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link /ether 52:54:00:68: dc :b6 brd ff:ff:ff:ff:ff:ff
inet 182.148.15.237 /27 brd 182.148.15.255 scope global eth0
inet 182.148.15.239 /32 scope global eth0
inet6 fe80::5054:ff:fe68:dcb6 /64 scope link
valid_lft forever preferred_lft forever
[root@Haproxy_Keepalived_Backup ~] # /etc/init.d/keepalived start
[root@Haproxy_Keepalived_Backup ~] # /etc/init.d/haproxy start
[root@Haproxy_Keepalived_Backup ~] # ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link /loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1 /8 scope host lo
inet6 ::1 /128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link /ether 52:54:00:7c:b8:f0 brd ff:ff:ff:ff:ff:ff
inet 182.148.15.236 /27 brd 182.148.15.255 scope global eth0
inet 182.148.15.235 /32 scope global eth0
inet6 fe80::5054:ff:fe7c:b8f0 /64 scope link
valid_lft forever preferred_lft forever
|