角色 | IP | 软件包 | 端口 |
master | 192.168.1.151 | Haproxy v1.5.18、Keepalived v1.3.5 | 80\10000 |
backup | 192.168.1.152 | Haproxy v1.5.18、Keepalived v1.3.5 | 80\10000 |
vip | 192.168.1.160 |
| 80\10000 |
nginx01 | 192.168.1.153 | nginx v1.11.12 | 80 |
nginx02 | 192.168.1.154 | nginx v1.11.12 | 80 |
1、初始化系统 - 角色all
# vi /etc/selinux/config
SELINUX=disabled |
# systemctl disable firewalld
# yum -y install net-tools
# hostnamectl set-hostname xxx
# reboot
2、Nginx 安装 - 角色 nginx01&02
# yum -y install gcc zlibzlib-devel openssl openssl-devel pcre pcre-devel wget
# cd /usr/local/src/
# wget http://nginx.org/download/nginx-1.11.12.tar.gz
# tar -zxf nginx-1.11.12.tar.gz
# cd nginx-1.11.12/
# ./configure --prefix=/usr/local/nginx
# make && make install
# echo nginx01> /usr/local/nginx/html/index.html # nginx01 端操作
# echo nginx02 > /usr/local/nginx/html/index.html # nginx02 端操作
# /usr/local/nginx/sbin/nginx -t # 测试配置文件有无问题
# /usr/local/nginx/sbin/nginx # 启动
3、haproxy 安装 - 角色 master & backup
# yum -y install haproxy
# cd /etc/haproxy/
# cp -a haproxy.cfg haproxy.cfg.bak
# vi haproxy.cfg
global # 全局配置 log 127.0.0.1 local2 # 日志[err warning info debug] chroot /var/lib/haproxy pidfile /var/run/haproxy.pid #pid 存放路径 maxconn 4000 # 最大连接数 user haproxy # 用户 group haproxy # 组 daemon # 启用守护进程 stats socket /var/lib/haproxy/stats defaults # 默认配置 mode http # 默认的模式mode { tcp|http|health },tcp是4层,http是7层,health只会返回OK log global # 采用全局定义的日志 option httplog # 日志类别http日志格式 option dontlognull # 不记录健康检查的日志信息 option http-server-close option forwardfor except 127.0.0.0/8 # 如果后端服务器需要获得客户端真实ip需要配置的参数,可以从Http Header中获得客户端ip option redispatch # serverId对应的服务器挂掉后,强制定向到其他健康的服务器 retries 3 # 3次连接失败就认为服务不可用,也可以通过后面设置 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m # 客户端连接超时 timeout server 1m # 服务器连接超时 timeout http-keep-alive 10s timeout check 10s maxconn 3000 # 最大连接数 frontend nginx # 前端配置,nginx 自定义名 bind *:80 # 监听端口 default_backend app # 响应 app option forwardfor # 同上 option httpclose # 每次请求完毕后主动关闭http通道 maxconn 2000 # 最大连接数 backend app balance roundrobin # 负载均衡-轮询 # check:启用监控检测;inter:健康检测间隔;fall:检测服务不可用的连续次数;rise:检测服务可用的连续次数;weight:权重 server nginx01 192.168.1.153:80 check inter 5000 fall 3 rise 2 weight 1 server nginx02 192.168.1.154:80 check inter 5000 fall 3 rise 2 weight 1 listen admin_status # 启用 manager bind *:10000 mode http stats enable stats uri /status # 根据请求的uri stats realm HAproxy Manager stats auth admin:admin # 设置登录用户名密码 |
# systemctl enable haproxy
# systemctl start haproxy
# netstat -tunlp
# tailf /var/log/message
# 在其它机器操作:
# curl 192.168.1.151(152)
nginx01
# curl 192.168.1.151(152)
nginx02
# WEB 登录 http://192.168.1.151:10000/status (http://192.168.1.152:10000/status ) 输入admin / admin 账号密码,进入manager页面
4、keepalived 安装 - 角色 master & backup
# yum -y install keepalived ipset
# cd /etc/keepalived/
# cp -a keepalived.conf keepalived.conf.bak
# vi keepalived.conf # master 端配置文件
! Configuration File for keepalived global_defs { router_id LVS_DEVEL } vrrp_script check_haproxy { script "/etc/keepalived/ha.sh" interval 3 weight 2 } vrrp_instance VI_1 { state MASTER interface eno16780032 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.1.160 } track_script { check_haproxy } } |
# vi /etc/keepalived/ha.sh # master 端haproxy进程检测脚本
#!/bin/bash num=`ps -C haproxy --no-header | wc -l` if [ $num -eq 0 ];then systemctl start haproxy echo "haproxy start" sleep 3 if [ `ps -C haproxy --no-header | wc -l`-eq 0 ];then systemctl stop keepalived echo "keepalived stop" fi fi |
# vi keepalived.conf # backup 端配置文件
! Configuration File for keepalived
global_defs { router_id LVS_DEVEL }
vrrp_instance VI_1 { state BACKUP interface eno16780032 virtual_router_id 51 priority 50 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.1.160 } } |
# systemctl enable keepalived
# systemctl start keepalived
# tailf /var/log/messages
# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eno16780032: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:50:56:a7:86:21 brd ff:ff:ff:ff:ff:ff inet 192.168.1.151/24 brd 192.168.1.255 scope global eno16780032 valid_lft forever preferred_lft forever inet 192.168.1.160/32 scope global eno16780032 valid_lft forever preferred_lft forever inet6 fe80::250:56ff:fea7:8621/64 scope link valid_lft forever preferred_lft forever |
5、测试
# curl 192.168.1.160
nginx01
# curl 192.168.1.160
nginx02
# 手动down 掉 masterhaproxy服务,查看ha.sh 脚本是否启用
# 手动 down 掉 master,查看vip 情况等等