1.在生产环境中haproxy广泛用于四层和七层的反向负载,haproxy则通过VRRP技术实现虚拟IP高可用从而实现haproxy的高可用,本文将侧重于介绍keepalived方面的知识及相关配置介绍,haproxy只用于测试web代理,具体如下:
1.1:编译安装haproxy:
[root@linux ]# cd /usr/local/src/
[root@linux src]# wget http://www.haproxy.org/download/1.7/src/haproxy-1.7.3.tar.gz
[root@linux src]# tar xvf haproxy-1.7.3.tar.gz
[root@linux src]# cd haproxy-1.7.3/
[root@linux haproxy-1.7.3]# yum install gcc pcre pcre-devel openssl openssl-devel -y
[root@linux haproxy-1.7.3]# vim README #安装文档及相关帮助信息
[root@linux haproxy-1.7.3]# make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy
[root@linux haproxy-1.7.3]# make install PREFIX=/usr/local/haproxy
1.2 准备启动脚本文件:
[root@linux haproxy-1.7.3]# vim /usr/lib/systemd/system/haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target
[Service]
EnvironmentFile=/etc/sysconfig/haproxy
ExecStart=/usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid $OPTIONS
ExecReload=/bin/kill -USR2 $MAINPID
[Install]
WantedBy=multi-user.target
1.3 复制启动脚本:
[root@linux haproxy-1.7.3]# cp haproxy-systemd-wrapper /usr/sbin/haproxy-systemd-wrapper
[root@linux haproxy-1.7.3]# cp haproxy /usr/sbin/haproxy
准备sysconfig配置文件:
[root@linux haproxy-1.7.3]# vim /etc/sysconfig/haproxy
# Add extra options to the haproxy daemon here. This can be useful for
# specifying multiple configuration files with multiple -f options.
# See haproxy(1) for a complete list of options.
OPTIONS=""
1.4 主备配置文件,简单配置,后续完善:
[root@linux haproxy-1.7.3]# mkdir /etc/haproxy
[root@linux haproxy-1.7.3]# vim /etc/haproxy/haproxy.cfg
global
maxconn 100000
chroot /usr/local/haproxy
uid 99
gid 99
daemon
nbproc 1
pidfile /usr/local/haproxy/run/haproxy.pid
log 127.0.0.1 local3 info
defaults
option http-keep-alive
option forwardfor
maxconn 100000
mode http
timeout connect 300000ms
timeout client 300000ms
timeout server 300000ms
listen stats
mode http
bind 0.0.0.0:9999
stats enable
log global
stats uri /haproxy-status
stats auth haadmin:123456
listen web_port
bind 0.0.0.0:80
mode http
log global
server web1 172.20.0.128:80 check inter 3000 fall 2 rise 5
1.5:启动haproxy:
[root@linux haproxy-1.7.3]# systemctl restart haproxy
1.6: 后端web服务器安装http:
[root@web ~]# yum install httpd
[root@web html]# echo "Test Page" > /var/www/html/index.html
[root@web ~]# systemctl restart httpd
1.7: 开启haproxy日志:
[root@linux ~]# vim /etc/rsyslog.conf
15 $ModLoad imudp
16 $UDPServerRun 514
92 local3.* /var/log/haproxy.log #保存后的日志目录
1.8:重启rsyslog服务:
[root@linux ~]# systemctl restart rsyslog
1.9:配置haproxy调用rsyslog:
[root@linux ~]# vim /etc/haproxy/haproxy.cfg
9 log 127.0.0.1 local3 info
[root@linux ~]# systemctl restart haproxy
1.10: 访问web界面并验证haproxy日志目录:
[root@linux ~]# tail /var/log/haproxy.log
Mar 9 16:04:40 localhost haproxy[55688]: Proxy stats started.
Mar 9 16:04:40 localhost haproxy[55688]: Proxy web_port started.
Mar 9 16:06:45 localhost haproxy[55689]: Connect from 192.168.10.1:2623 to
192.168.10.137:80 (web_port/TCP)
2.Keepalived安装及配置:
2.1:编译安装keepalived:
[root@linux ~]# cd /usr/local/src/
[root@linux src]# wget http://www.keepalived.org/software/keepalived-1.3.4.tar.gz
[root@linux src]# tar xvf keepalived-1.3.4.tar.gz
[root@linux src]# cd keepalived-1.3.4/
[root@linux keepalived-1.3.4]# yum install libnfnetlink-devel libnfnetlink ipvsadm libnl libnl-devel \
libnl3 libnl3-devel lm_sensors-libs net-snmp-agent-libs net-snmp-libs openssh-server openssh-clients openssl \
openssl-devel automake iproute
[root@linux keepalived-1.3.4]# ./configure --prefix=/usr/local/keepalived --disable-fwmark
[root@linux keepalived-1.3.4]# make && amke install
2.2: 复制相关配置文件及启动脚本:
[root@linux keepalived-1.3.4]# cp /usr/local/src/keepalived-1.3.4/keepalived/etc/init.d/keepalived.rh.init /etc/sysconfig/keepalived.sysconfig
[root@linux keepalived-1.3.4]# cp /usr/local/src/keepalived-1.3.4/keepalived/keepalived.service /usr/lib/systemd/system/
[root@linux keepalived-1.3.4]# cp /usr/local/src/keepalived-1.3.4/bin/keepalived /usr/sbin/
2.3: 准备一个简单的配置文件:
[root@linux-node137 keepalived-1.3.4]# mkdir /etc/keepalived
[root@linux-node137 keepalived-1.3.4]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 80
priority 100
advert_int 1
#unicast_src_ip 172.20.1.128
#unicast_peer {
# 172.10.1.38
#}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.10.15 dev eth0 label eth0:0
}
}