原创作品,允许转载,转载时请务必以超链接形式标明文章
原始出处 、作者信息和本声明。否则将追究法律责任。
http://jerry12356.blog.51cto.com/4308715/1858204
| 主机名 | 角色 | IP地址 |
| mylinux1.contoso.com | Haproxy | |
| mylinux3.contoso.com | ssh server(做tcp实验用) | eth0:192.168.100.181 |
| mylinux4.contoso.com | ssh server(做tcp实验用) | eth1:192.168.100.182 |
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
# 检查防火墙
[root@mylinux1 ~]
# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt
source
destination
Chain FORWARD (policy ACCEPT)
target prot opt
source
destination
Chain OUTPUT (policy ACCEPT)
target prot opt
source
destination
# 检查SELinux
[root@mylinux1 ~]
# getenforce
Disabled
# 检查时间同步
[root@mylinux1 ~]
# crontab -l
0 * * * *
/usr/sbin/ntpdate
210.72.145.44 64.147.116.229
time
.nist.gov
# 设置yum源
mkdir
-p
/etc/yum
.repos.d
/bak
mv
/etc/yum
.repos.d/*.*
/etc/yum
.repos.d
/bak/
wget -O
/etc/yum
.repos.d
/CentOS-Base
.repo http:
//mirrors
.aliyun.com
/repo/Centos-6
.repo
yum clean all
yum makecache
# 设置主机名
sed
-i
'/^HOSTNAME/s/^/#/'
/etc/sysconfig/network
sed
-i
'/#HOSTNAME/aHOSTNAME=[主机名]'
/etc/sysconfig/network
hostname
[主机名]
|
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
[root@mylinux1 ~]
# mkdir -p /opt/tools
[root@mylinux1 ~]
# cd /opt/tools/
[root@mylinux1 tools]
# ll
total 2608
-rw-r--r-- 1 root root 1360582 Sep 30 11:02 haproxy-1.5.18.
tar
.gz
[root@mylinux1 tools]
# tar -zxf haproxy-1.5.18.tar.gz
[root@mylinux1 tools]
# cd haproxy-1.5.18
[root@mylinux1 haproxy-1.5.18]
# ls
CHANGELOG CONTRIBUTING ebtree include Makefile ROADMAP SUBVERS VERDATE
contrib doc examples LICENSE README src tests VERSION
[root@mylinux1 haproxy-1.5.18]
# mkdir -p /usr/local/haproxy
[root@mylinux1 haproxy-1.5.18]
# make TARGET=linux26 ARCH=x86_64 PREFIX=/usr/local/haproxy/
[root@mylinux1 haproxy-1.5.18]
# make install PREFIX=/usr/local/haproxy
[root@mylinux1 haproxy-1.5.18]
# cd /usr/local/haproxy/
[root@mylinux1 haproxy]
# tree
├── doc
│ └── haproxy
│ ├── architecture.txt
│ ├── configuration.txt
│ ├── haproxy-en.txt
│ └── haproxy-fr.txt
├── sbin
│ └── haproxy
└── share
└──
man
└── man1
└── haproxy.1
6 directories, 6 files
|
|
1
2
|
[root@mylinux1 haproxy-1.5.18]
# mkdir -p /usr/local/haproxy/conf
[root@mylinux1 haproxy-1.5.18]
# cp examples/haproxy.cfg /usr/local/haproxy/conf/
|
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
[root@mylinux1 conf]
# sed -i '/net.ipv4.ip_forward/s/0/1/' /etc/sysctl.conf
[root@mylinux1 conf]
# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
fs.
file
-max = 2097152
fs.nr_open = 2097152
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_max_syn_backlog = 81920
|
|
1
2
|
[root@mylinux1 conf]
# mkdir -p /usr/local/haproxy/logs
[root@mylinux1 conf]
# mkdir -p /usr/local/haproxy/var/{run,chroot}
|
|
1
2
3
4
5
|
[root@mylinux1 conf]
# id haproxy
id
: haproxy: No such user
[root@mylinux1 conf]
# useradd haproxy -s /sbin/nologin
[root@mylinux1 conf]
# id haproxy
uid=606(haproxy) gid=606(haproxy)
groups
=606(haproxy)
|
|
1
2
3
4
5
|
[root@mylinux1 conf]
# echo -e "# Haproxy log setting\nlocal0.* /usr/local/haproxy/logs/haproxy.log\n#End" >>/etc/rsyslog.conf
[root@mylinux1 conf]
# tail -3 /etc/rsyslog.conf
# Haproxy log setting
local0.*
/usr/local/haproxy/logs/haproxy
.log
#End
|
|
1
2
3
4
5
6
7
8
9
10
11
|
[root@mylinux1 conf]
# cp /etc/sysconfig/rsyslog /etc/sysconfig/rsyslog.bak$(date +%F)
[root@mylinux1 conf]
# vi /etc/sysconfig/rsyslog
[root@mylinux1 conf]
# tail -2 /etc/sysconfig/rsyslog
#SYSLOGD_OPTIONS="-c 5"
SYSLOGD_OPTIONS=
"-c 2 -m 0 -r -x"
[root@mylinux1 conf]
# diff /etc/sysconfig/rsyslog.bak2016-09-30 /etc/sysconfig/rsyslog
5c5,6
< SYSLOGD_OPTIONS=
"-c 5"
---
>
#SYSLOGD_OPTIONS="-c 5"
> SYSLOGD_OPTIONS=
"-c 2 -m 0 -r -x"
|
|
1
2
3
|
[root@mylinux1 ~]
# netstat -lntup|grep 514
[root@mylinux1 ~]
# lsof -i :514
[root@mylinux1 ~]
#
|
|
1
2
3
4
5
6
|
[root@mylinux1 ~]
# sed -i '/imudp/s/^#//' /etc/rsyslog.conf
[root@mylinux1 ~]
# sed -i '/UDPServerRun 514/s/^#//' /etc/rsyslog.conf
[root@mylinux1 ~]
# grep imudp /etc/rsyslog.conf
$ModLoad imudp
[root@mylinux1 ~]
# grep UDPServerRun /etc/rsyslog.conf
$UDPServerRun 514
|
|
1
2
3
|
[root@mylinux1 conf]
# /etc/init.d/rsyslog restart
Shutting down system logger: [ OK ]
Starting system logger: [ OK ]
|
|
1
2
3
4
5
6
7
|
[root@mylinux1 ~]
# lsof -i :514
COMMAND PID USER FD TYPE DEVICE SIZE
/OFF
NODE NAME
rsyslogd 2436 root 3u IPv4 24957 0t0 UDP *:syslog
rsyslogd 2436 root 4u IPv6 24958 0t0 UDP *:syslog
[root@mylinux1 ~]
# netstat -tunlp|grep 514
udp 0 0 0.0.0.0:514 0.0.0.0:* 2436
/rsyslogd
udp 0 0 :::514 :::* 2436
/rsyslogd
|
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
[root@mylinux1 conf]
# cat haproxy.cfg
# this config needs haproxy-1.1.28 or haproxy-1.2.1
global
log 127.0.0.1 local0
#日志将记录在本机,通过local0设备输出
log 127.0.0.1:514 local0 warning
#定义haproxy日志级别,这里是warning
pidfile
/usr/local/haproxy/var/run/haproxy
.pid
#定义PID文件位置
daemon
#以守护进程(后台)方式运行
maxconn 20480
#默认的最大连接数,不能超过ulimit -n限制
chroot
/usr/local/haproxy/var/chroot
#设置chroot的运行路径,是一种安全策略
user haproxy
#运行haproxy的用户
group haproxy
#运行haproxy用户的组
spread-checks 3
nbproc 1
#设置进程数量
defaults
logglobal
retries3
#3次连接失败就认为是服务器不可用,也可以通过后面设置
option redispatch
#当serverId对应的服务器挂掉后,强制定向到其他健康的服务器
maxconn2000
#默认的最大连接数
timeout connect 5000
#连接超时时长,单位为ms
timeout client 50000
#客户端超时时长
timeoutserver 50000
#服务器超时时长
listenssh
bind 172.16.100.121:80
#绑定的IP和端口
mode tcp
#haproxy工作在http的7层模式中的哪一层,这里是tcp
balance roundrobin
#轮询
timeout server 15s
timeout connect 30s
server mylinux3 192.168.100.181:22 check port 22
#后端服务器信息,IP和端口,还有检查端口
server mylinux4 192.168.100,182:22 check port 22
|
|
1
2
|
[root@mylinux1 conf]
# /usr/local/haproxy/sbin/haproxy -f haproxy.cfg -c
Configuration
file
is valid
|
|
1
|
[root@mylinux1 conf]
# /usr/local/haproxy/sbin/haproxy -f haproxy.cfg -D
|
|
1
2
3
4
5
6
|
[root@mylinux1 conf]
# ps -ef|grep haproxy
haproxy 1550 1 0 18:25 ? 00:00:00
/usr/local/haproxy/sbin/haproxy
-f haproxy.cfg -D
root 1553 1015 0 18:26 pts
/1
00:00:00
grep
haproxy
[root@mylinux1 conf]
# lsof -i :80
COMMAND PID USER FD TYPE DEVICE SIZE
/OFF
NODE NAME
haproxy 1550 haproxy 4u IPv4 12088 0t0 TCP 172.16.100.121:http (LISTEN)
|
|
1
2
3
4
5
6
7
8
9
10
11
|
[root@mylinux1 conf]
# ssh -p80 172.16.100.121
The authenticity of host
'[172.16.100.121]:80 ([172.16.100.121]:80)'
can't be established.
RSA key fingerprint is ea:b0:45:d6:fa:48:60:41:a9:e4:f7:30:b9:ed:16:a4.
Are you sure you want to
continue
connecting (
yes
/no
)?
yes
Warning: Permanently added
'[172.16.100.121]:80'
(RSA) to the list of known hosts.
root@172.16.100.121's password:
Last login: Fri Sep 30 12:42:12 2016 from 192.168.100.1
[root@mylinux4 ~]
# hostname
mylinux4.contoso.com
[root@mylinux4 ~]
# ip a|grep 192.168.100
inet 192.168.100.182
/24
brd 192.168.100.255 scope global eth0
|
|
1
|
[root@mylinux1 conf]
# >/root/.ssh/known_hosts
|
|
1
2
3
4
5
6
7
8
9
10
11
|
[root@mylinux1 conf]
# ssh -p80 172.16.100.121
The authenticity of host
'[172.16.100.121]:80 ([172.16.100.121]:80)'
can't be established.
RSA key fingerprint is 99:05:e5:e4:d3:78:bd:cf:94:e9:80:36:b5:5d:cc:11.
Are you sure you want to
continue
connecting (
yes
/no
)?
yes
Warning: Permanently added
'[172.16.100.121]:80'
(RSA) to the list of known hosts.
root@172.16.100.121's password:
Last login: Fri Sep 30 18:29:10 2016 from 192.168.100.121
[root@mylinux3 ~]
# hostname
mylinux3.contoso.com
[root@mylinux3 ~]
# ip a |grep 192.168.100
inet 192.168.100.181
/24
brd 192.168.100.255 scope global eth0
|
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
