主机名及地址 | 作用 |
---|---|
node01:192.168.16.11 | keepalived主节点 |
node02:192.168.16.12 | keepalived备节点 |
node03:192.168.16.13 | 后端服务1 |
node04:192.168.16.14 | 后端服务2 |
node06:192.168.16.16 | 测试节点 |
内核版本 | 3.10.0-1062.el7.x86_64 |
发行版本 | CentOS Linux release 7.7.1908 (Core) |
基础环境:都关闭防火墙及SElinux,并查看各服务器之间的时间是否同步
# systemctl stop firewalld.service
# date
主备节点keepalived 尽量版本一致
本示例都以源码按装,版本keepalived-2.1.0,可参考keepalived安装
1、前端配置:node1,node2
haproxy负载均衡配置安装
(1)lua环境编译安装
1、安装编译环境与lua
[root@node1 ~]# yum install gcc readline-devel -y
[root@node1 ~]# wget -c http://www.lua.org/ftp/lua-5.4.0.tar.gz
2、进行lua编译
[root@node1 ~]# tar xvf lua-5.4.0.tar.gz -C /usr/local/src/
[root@node1 ~]# cd /usr/local/src/lua-5.4.0/
[root@node1 lua-5.4.0]# make linux test
(2)Haproxy编译安装
1、HAProxy 2.0以上版本编译参数:本文使用的是社区版2.2.9
[root@node1 ~]# yum -y install gcc openssl-devel pcre-devel systemd-devel
[root@node1 ~]# wget -c https://www.haproxy.org/download/2.2/src/haproxy-2.2.9.tar.gz
[root@node1 ~]# tar xf haproxy-2.2.9.tar.gz -C /usr/local/src/
2、安装可以参考/usr/local/src/haproxy-2.2.9/INSTALL文件,文件中要求make>=3.80版本,gcc>=3.4版本
查看make与gcc版本
[root@node1 haproxy-2.2.9]# rpm -q make
make-3.82-24.el7.x86_64
[root@node1 haproxy-2.2.9]# rpm -q gcc
gcc-4.8.5-44.el7.x86_64
3、参考INSTALL文件进行编译安装
[root@node1 haproxy-2.2.9]# make ARCH=x86_64 TARGET=linux-glibc USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_LUA=1 LUA_INC=/usr/local/src/lua-5.4.0/src/ LUA_LIB=/usr/local/src/lua-5.4.0/src/
[root@node1 haproxy-2.2.9]# make install PREFIX=/usr/local/src/haproxy
4、将命令目录连接到/usr/sbin/目录下,可以直接使用haproxy命令
[root@node1 haproxy-2.2.9]# ln -sv /usr/local/src/haproxy/sbin/haproxy /usr/sbin/
"/usr/sbin/haproxy" -> "/usr/local/src/haproxy/sbin/haproxy"
(3)Haproxy启动文件
[root@node1 ~]# vim /usr/lib/systemd/system/haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target
[Service]
ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
ExecStart=/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
[Install]
WantedBy=multi-user.target
(4)Haproxy配置文件
[root@node1 ~]# vim /etc/haproxy/haproxy.cfg
global #全局配置参数
maxconn 100000 #最大连接数
chroot /usr/local/src/haproxy #haproxy连接目录
stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin #套接字
#uid 99
#gid 99
user haproxy #用户
group haproxy #组
daemon #守护进程的方式
#nbproc 1
#cpu-map 1 0
#cpu-map 2 1
#cpu-map 3 2
#cpu-map 4 3
pidfile /var/lib/haproxy/haproxy.pid #pid文件
log 127.0.0.1 local2 info #日志级别
defaults #默认配置参数
option http-keep-alive
option forwardfor
maxconn 100000
mode http
timeout connect 300000ms #超时时间
timeout client 300000ms
timeout server 300000ms
listen stats
mode http
bind 0.0.0.0:9999
stats enable
log global #全局日志记录
stats uri /haproxy-status
stats auth haadmin:123456 #认证:用户名:密码
listen webpool
mode tcp
bind :80
server web1 192.168.16.13:80 check
server web2 192.168.16.14:80 check
[root@node1 ~]# mkdir /var/lib/haproxy
创建haproxy用户
[root@node1 ~]# useradd -r -s /sbin/nologin -d /var/lib/haproxy haproxy
开启服务
[root@node1 ~]# systemctl start haproxy
keepalived配置
(1)killall命令使用的包:
# yum install psmisc.x86_64
(2)主节点 keepalived配置:node1
[root@node1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.16.10
smtp_connect_timeout 30
router_id LVS_DEVEL1
}
vrrp_script check_nginx {
script "killall -0 haproxy"
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 200
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
check_nginx
}
virtual_ipaddress {
192.168.16.100
}
}
(3)备节点 keepalived配置:node2
[root@node2 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.16.10
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script webpool {
script "killall -0 haproxy"
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
webpool
}
virtual_ipaddress {
192.168.16.100
}
}
2、后端配置:node3,node4
RS节点服务配置:node3,node4
# systemctl stop firewalld.service
# yum install httpd -y
# echo "this is `hostname -I`" > /var/www/html/index.html
# systemctl start httpd
测试:node6
[root@node6 ~]# curl 192.168.16.14
this is 192.168.16.14
[root@node6 ~]# curl 192.168.16.13
this is 192.168.16.13
3、测试:node6
[root@node1 ~]# ip a | grep 192.168.16.100
inet 192.168.16.100/32 scope global ens33
[root@ansible01 ~]# for ((i=1;i<=4;i++)); do curl 192.168.16.100; done
this is 192.168.16.13
this is 192.168.16.14
this is 192.168.16.13
this is 192.168.16.14
keepalived测试:
[root@node1 ~]# systemctl stop keepalived.service
[root@node2 ~]# ip a| grep 192.168.16.100
inet 192.168.16.100/32 scope global ens33
[root@ansible01 ~]# for ((i=1;i<=4;i++)); do curl 192.168.16.100; done
this is 192.168.16.13
this is 192.168.16.14
this is 192.168.16.13
this is 192.168.16.14
http服务测试:
[root@node1 ~]# systemctl stop haproxy.service
[root@node2 ~]# ip a| grep 192.168.16.100
inet 192.168.16.100/32 scope global ens33
[root@ansible01 ~]# for ((i=1;i<=4;i++)); do curl 192.168.16.100; done
this is 192.168.16.13
this is 192.168.16.14
this is 192.168.16.13
this is 192.168.16.14
测试成功