准备两台服务器:
payment-balancers-01
payment-balancers-02
角色:
Master:payment-balancers-01
Slave:payment-balancers-02
1.1 Master 和 Slave 安装Haproxy
[root@payment-balancers-01 ~]# yum install -y haproxy
[root@payment-balancers-02 ~]# yum install -y haproxy
1.2 使用自己的配置的文件
说明:把haproxy.cfg 自带的配置文件清空,或者back 一份
#Master
[root@payment-balancers-01 ~]# vim /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
defaults
mode http
log global
option httplog
log 127.0.0.1 local3
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
frontend ha_server
bind 0.0.0.0:80
mode http
log global
option httpclose
option forwardfor
default_backend rel_server
backend rel_server
mode http
option httpchk GET /
balance roundrobin
server web2 10.130.69.44:80 cookie 1 weight 5 check inter 2000 rise 2 fall 3
server web3 10.130.0.70:80 cookie 1 weight 5 check inter 2000 rise 2 fall 3
server web4 10.130.25.104:80 cookie 1 weight 5 check inter 2000 rise 2 fall 3
server web5 10.130.54.165:80 cookie 1 weight 5 check inter 2000 rise 2 fall 3
server web6 10.130.54.165:80 cookie 1 weight 5 check inter 2000 rise 2 fall 3
#Slave
[root@payment-balancers-01 ~]# vim /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
defaults
mode http
log global
option httplog
log 127.0.0.1 local3
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
frontend ha_server
bind 0.0.0.0:80
mode http
log global
option httpclose
option forwardfor
default_backend rel_server
backend rel_server
mode http
option httpchk GET /
balance roundrobin
server web2 10.130.69.44:80 cookie 1 weight 5 check inter 2000 rise 2 fall 3
server web3 10.130.0.70:80 cookie 1 weight 5 check inter 2000 rise 2 fall 3
server web4 10.130.25.104:80 cookie 1 weight 5 check inter 2000 rise 2 fall 3
server web5 10.130.54.165:80 cookie 1 weight 5 check inter 2000 rise 2 fall 3
server web6 10.130.54.165:80 cookie 1 weight 5 check inter 2000 rise 2 fall 3
1.3 配置日志
#Master
[root@payment-balancers-01 ~]# vim /etc/rsyslog.conf
$ModLoad imudp //把#去掉
$UDPServerRun 514 //把#去掉
加入:
local2.* /var/log/haproxy.log
[root@payment-balancers-01 ~]# vim /etc/sysconfig/rsyslog
..........................
..........................
..........................
加入:
SYSLOGD_OPTIONS=""-r -m 0""
#Slave
[root@payment-balancers-02 ~]# vim /etc/rsyslog.conf
$ModLoad imudp //把#去掉
$UDPServerRun 514 //把#去掉
加入:
local2.* /var/log/haproxy.log
[root@payment-balancers-02 ~]# vim /etc/sysconfig/rsyslog
..........................
..........................
..........................
加入:
SYSLOGD_OPTIONS=""-r -m 0""
1.4 重启rsyslog服务器
[root@payment-balancers-01 ~]# systemctl restart rsyslog.service
[root@payment-balancers-02 ~]# systemctl restart haproxy.service
2.1 Master 和 Slave 安装Keeplived
[root@payment-balancers-01 ~]# yum install -y keepalived
[root@payment-balancers-02 ~]# yum install -y keepalived
2.2 配置keeplived.conf
Master#
[root@payment-balancers-01 ~]# cd /etc/keepalived/
[root@payment-balancers-01 keepalived]# mv keepalived.conf keepalived.conf.bak
#Slave
[root@payment-balancers-02 ~]# cd /etc/keepalived/
[root@payment-balancers-02 keepalived]# mv keepalived.conf keepalived.conf.bak
2.2.1 配置keeplived.conf -- Master
#Master
[root@payment-balancers-01 keepalived]# vim keepalived.conf
vrrp_script check_ha {
script "/etc/keepalived/check_haproxy.sh"
interval 2
weight -150
}
vrrp_instance VI_1 {
interface eth1
state MASTER
priority 200
virtual_router_id 33
unicast_src_ip 10.130.6.128 //master 内网IP
unicast_peer {
10.130.33.23 //slave 内网IP
}
authentication {
auth_type PASS
auth_pass password
}
track_script {
check_ha
}
notify_master /etc/keepalived/master.sh
}
2.2.2配置keeplived.conf -- Slave
#Slave
[root@payment-balancers-02 keepalived]# vim keepalived.conf
vrrp_script check_ha {
script "/etc/keepalived/check_haproxy.sh"
interval 2
}
vrrp_instance VI_1 {
interface eth1
state BACKUP
priority 100
virtual_router_id 33
unicast_src_ip 10.130.6.128
unicast_peer {
10.130.33.23
}
authentication {
auth_type PASS
auth_pass password
}
track_script {
check_ha
}
notify_master /etc/keepalived/master.sh
}
2.3 检测脚本
#Master
[root@payment-balancers-01 keepalived]# vim check_haproxy.sh
#!/bin/bash
port=`netstat -ln|grep -c '0.0.0.0:80'`
process=`ps aux|grep -c haproxy-systemd-wrapper`
if (($port<1||$process<2));then
# /usr/bin/systemctl stop keepalived.service
exit 1
fi
#Slave
[root@payment-balancers-02 keepalived]# vim check_haproxy.sh
#!/bin/bash
port=`netstat -ln|grep -c '0.0.0.0:80'`
process=`ps aux|grep -c haproxy-systemd-wrapper`
if (($port<1||$process<2));then
# /usr/bin/systemctl stop keepalived.service
exit 1
fi
2.4 切换VIP 的脚本
#Master
[root@payment-balancers-01 keepalived]# vim master.sh
#!/bin/bash
export DO_TOKEN='bc947d4c6b7be40fb72c6ba95610b362e7930a1e6f4863ae2ad83eef22a23ab7' //这个需要在Digitalocean API生成一个key
IP='159.89.211.127'
ID=$(curl -s http://169.254.169.254/metadata/v1/id)
HAS_FLOATING_IP=$(curl -s http://169.254.169.254/metadata/v1/floating_ip/ipv4/active)
if [ $HAS_FLOATING_IP = "false" ]; then
n=0
while [ $n -lt 10 ]
do
python /usr/local/bin/assign-ip $IP $ID && break
n=$((n+1))
sleep 3
done
fi
#Slave
[root@payment-balancers-02 keepalived]# vim master.sh
#!/bin/bash
export DO_TOKEN='bc947d4c6b7be40fb72c6ba95610b362e7930a1e6f4863ae2ad83eef22a23ab7' //这个需要在Digitalocean API生成一个key
IP='159.89.211.127'
ID=$(curl -s http://169.254.169.254/metadata/v1/id)
HAS_FLOATING_IP=$(curl -s http://169.254.169.254/metadata/v1/floating_ip/ipv4/active)
if [ $HAS_FLOATING_IP = "false" ]; then
n=0
while [ $n -lt 10 ]
do
python /usr/local/bin/assign-ip $IP $ID && break
n=$((n+1))
sleep 3
done
fi
3.Haproxy状态监控配置
[root@payment-balancers-01 ~] vim /etc/haproxy/haproxy.cfg
listen admin_stats
stats enable
bind *:8080
mode http
option httplog
log global
maxconn 10
stats refresh 30s
stats uri /admin
stats realm haproxy
stats auth sasha:1cgy1cj
stats hide-version
stats admin if TRUE
[root@payment-balancers-02 ~] vim /etc/haproxy/haproxy.cfg
listen admin_stats
stats enable
bind *:8080
mode http
option httplog
log global
maxconn 10
stats refresh 30s
stats uri /admin
stats realm haproxy
stats auth sasha:1cgy1cj //验证登录 user:sasha Password:1cgy1cj
stats hide-version
stats admin if TRUE
[root@gadmobe-balances-01 ~]# cat /usr/local/bin/assign-ip
#!/usr/bin/python
import os
import sys
import requests
import json
api_base = 'https://api.digitalocean.com/v2'
def usage():
print('{0} [Floating IP] [Droplet ID]'.format(sys.argv[0]))
print('\nYour DigitialOcean API token must be in the "DO_TOKEN"'
' environmental variable.')
def main(floating_ip, droplet_id):
payload = {'type': 'assign', 'droplet_id': droplet_id}
headers = {'Authorization': 'Bearer {0}'.format(os.environ['DO_TOKEN']),
'Content-type': 'application/json'}
url = api_base + "/floating_ips/{0}/actions".format(floating_ip)
r = requests.post(url, headers=headers, data=json.dumps(payload))
resp = r.json()
if 'message' in resp:
print('{0}: {1}'.format(resp['id'], resp['message']))
sys.exit(1)
else:
print('Moving IP address: {0}'.format(resp['action']['status']))
if __name__ == "__main__":
if 'DO_TOKEN' not in os.environ or not len(sys.argv) > 2:
usage()
sys.exit()
main(sys.argv[1], sys.argv[2])