一、系统配置
1.挂载磁盘
1.磁盘分区
fdisk /dev/sdb
分区格式化
blkid #看文件系统什么格式
mkfs.xfs /dev/sdb1
3.挂在分区
mount /dev/sdb1 /opt
4.开机自动挂载
Blkid //查看UID
修改/etc/fstab
检查df –lh
双网卡配置
vi /etc/sysconfig/network-scripts/ifcfg-eth1
2.配置内网卡
vi /etc/sysconfig/network-scripts/ifcfg-eth2
3.配置内网路由
vi /etc/sysconfig/network-scripts/route-eth2
172.25.0.0/16 via 172.25.28.254
4.检查
(三)准备工作
1.vi /etc/sysconfig/network
HOSTNAME:服务器名称
NOZEROCONF:不显示169.254.0.0
2.vi /etc/sysctl.conf
sysctl -p
vi /etc/selinux/config
#SELINUX=enforcing #注释掉
#SELINUXTYPE=targeted #注释掉
SELINUX=disabled #增加
:wq! #保存退出
setenforce 0 #使配置立即生效
4.vi /etc/pam.d/login
最后面增加:
session required pam_limits.so
vi /etc/security/limits.conf
最后面增加:
* soft nproc 65535
* hard nproc 65535
* soft nofile 819200
* hard nofile 819200
6.关闭防火墙
systemctl stop firewalld #停止firewall
firewall-cmd --reload #重启防火墙检测是否生效
systemctl disable firewalld #禁止firewall 开机启动
Yum install -y iptables iptables-services
部署keepalived
1.安装
yum install keepalived
2.配置文件
vi /etc/keepalived/keepalived.conf
global_defs {
notification_email {
234556@gmail.com
123456@gmail.com #设置收件人
}
notification_email_from ha@localhost #设置发件人
smtp_server 142.35.8.7 # 定义邮件服务器,本机IP
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_http_port {
script "/etc/keepalived/check_haproxy.sh" 监控脚本
interval 2
weight 2
}
vrrp_instance VI_1 {
state BACKUP
interface ens192
priority 152
advert_int 1
virtual_router_id 80
authentication {
auth_type PASS
auth_pass 1234
} #备用服务器
track_script {
chk_haproxy_port
}
virtual_ipaddress {
虚拟IP
}
}
监控脚本
#!/bin/bash
if [ $(ps -C haproxy --no-header | wc -l) -eq 0 ]; then
/opt/haproxy/sbin/haproxy -f /opt/haproxy/conf/haproxy.cfg
sleep 3
if [ $(ps -C haproxy --no-header | wc -l) -eq 0 ]; then
systemctl stop keepalived.service
fi
fi
部署Haproxy
#!/bin/bash
echo -e '\033[5;32m本脚本用来安装haproxy \033[0m'
echo -e '\033[5;32m 请把软件包放在/root/目录下\033[0m'
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -i '/SELINUX=/s/SELINUX=enforcing/SELINUX=disabled/' /etc/sysconfig/selinux
mkdir -p /opt/haproxy/conf
mkdir -p /etc/haproxy
mkdir -p /opt/haproxy/logs
ls /root/haproxy*.tar.gz
if [ $? -eq 0 ];then
ln -s /opt/haproxy/conf/haproxy.cfg /etc/haproxy/haproxy.cfg
cd /root/
tar -zxvf haproxy-1.7.5.tar.gz
cp -r /root/haproxy-1.7.5/examples/errorfiles /opt/haproxy/errorfiles
ln -s /opt/haproxy/errorfiles /etc/haproxy/errorfiles
touch /opt/haproxy/logs/haproxy.log
ln -s /opt/haproxy/logs/haproxy.log /var/log/haproxy.log
cp /root/haproxy-1.7.5/examples/haproxy.init /etc/rc.d/init.d/haproxy
chmod +x /etc/rc.d/init.d/haproxy
chkconfig --level 2345 haproxy on
ln -s /opt/haproxy/sbin/haproxy /usr/sbin
sed -i '/#$ModLoad imudp/s/#$ModLoad imudp/$ModLoad imudp/' /etc/rsyslog.conf
sed -i '/$UDPServerRun 514/s/#$UDPServerRun 514/$UDPServerRun 514/' /etc/rsyslog.conf
echo 'local0.* /var/log/haproxy.log ' >> /etc/rsyslog.conf
sed -i '/SYSLOGD_OPTIONS=/s/SYSLOGD_OPTIONS=.*/SYSLOGD_OPTIONS="-r -m 0 -c 2"/' /etc/sysconfig/rsyslog
yum -y install pcre* pcre-devel GeoIP gd libXpm ncurses-devel perl make gcc gcc-c++ ncurses-devel zlib zlib-devel openssl*
cd /root/haproxy-1.7.5/
make TARGET=linux2628 USE_STATIC_PCRE=1 USE_REGPARM=1 USE_LINUX_TPROXY=1 USE_OPENSSL=1 USE_ZLIB=1 ARCH=x86_64
ldd haproxy | grep ssl
make install PREFIX=/opt/haproxy
fi
echo 'global
log 127.0.0.1 local0
maxconn 65535
pidfile /var/run/haproxy.pid
nbproc 1
daemon
ulimit-n 819200
tune.ssl.default-dh-param 2048
defaults
mode http
log global
option httplog
option redispatch
option dontlognull
option httpclose
option forwardfor
maxconn 65535
balance source
retries 5
timeout connect 5000
timeout client 3600000
timeout server 3600000
timeout check 10s
timeout http-request 20s
timeout queue 1m
timeout http-keep-alive 20s
listen admin_status
mode http
bind *:8080
stats uri refresh 30s
stats uri /status
stats realm status
stats auth admin:Iv0011.net!
stats hide-version' > /opt/haproxy/conf/haproxy.cfg
systemctl start haproxy
ss -tnulp |grep haproxy
echo -e '\033[33m 验证haproxy是否成功安装请访问127.0.0.1:8080/status \033[0m'
haproxy配置
全局默认配置
global
log 127.0.0.1 local0
maxconn 65535
pidfile /var/run/haproxy.pid
nbproc 1
daemon
ulimit-n 819200
tune.ssl.default-dh-param 2048
defaults
mode http
log global
option httplog
option redispatch
option dontlognull
option httpclose
option forwardfor
maxconn 65535
balance source
retries 5
timeout connect 5000
timeout client 3600000
timeout server 3600000
timeout check 10s
timeout http-request 20s
timeout queue 1m
timeout http-keep-alive 20s
listen admin_status
mode http
bind *:8080 这个是ha状态访问端口
stats uri refresh 30s
stats uri /status
stats realm status
stats auth admin:'Iv0011.net!' #登录的账号密码
stats hide-version
frontend AD_FG
mode http
bind *:80 #这个写转发的服务端口。
capture request header Host len 64
capture request header User-Agent len 128
capture request header X-Forwarded-For len 100
capture request header Referer len 200
capture response header Server len 40
capture response header Server-ID len 40
log-format "%ci:%cp \"[%tr]\" %ST %B \"%r\" \"%b\" \"%f\" \"%hrl\" \"%bi\" %si:%sp"
转发的配置
样例
控制列表
acl update_ruu_w hdr_reg(host) -i ^ab006.*.abcd.com
use_backend upr_Servers if update_Ali_AB
backend upr_Servers 注意这个三个名字要对应一致
mode http
balance source
option originalto
stick on src
stick-table type ip size 20480k expire 30m
server upr_Servers01 122.106.12.12:80 check inter 5000 weight 1 rise 2 fall 3