基於Haproxy+Keepalived實現Haproxy的高可用
阿新 • • 發佈:2020-09-17
一:實驗環境
準備4臺linux伺服器,系統都為CentOS Linux release 7.3.1611 (Core) 版本的虛擬機器,IP分別及安裝服務為:
192.168.37.101:haproxy+keepalived
192.168.37.102:haproxy+keepalived
192.168.37.103:web1伺服器
192.168.37.104:web2伺服器
軟體:haproxy-1.8.20.tar.gz,keepalived(光碟yum源),httpd(光碟yum源)
二:安裝步驟:
1:在101,102機器上安裝分別原始碼安裝haproxy服務,如下
#安裝相關依賴包 [root@localhost src]# yum install gcc gcc-c++ glibc glibc-devel pcre pcre-devel openssl openssl-devel systemd-devel net-tools vim iotop bc zip unzip zlib-devel lrzsz tree screen lsof tcpdump wget ntpdate -y #上傳解壓的haproxy原始碼並進入haproxy原始碼目錄 [root@localhost src]# tar xf haproxy-1.8.20.tar.gz [root@localhost src]# cd haproxy-1.8.20 [root@localhost haproxy-1.8.20]# #編譯安裝 [root@localhost haproxy-1.8.20]# mkdir /data/haproxy -p [root@localhost haproxy-1.8.20]# make ARCH=x86_64 TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_CPU_AFFINITY=1 PREFIX=/data/haproxy #建立服務啟動指令碼 [root@localhost system]# cat haproxy.service [Unit] Description=HAProxy Load Balancer After=syslog.target network.target [Service] ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q ExecStart=/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid ExecReload=/bin/kill -USR2 $MAINPID [Install] WantedBy=multi-user.target #建立使用者和目錄 [root@localhost ~]# mkdir /etc/haproxy [root@localhost ~]# useradd haproxy -s /sbin/nologin [root@localhost ~]# chown haproxy.haproxy /data/haproxy/ /etc/haproxy/ -R #關閉並禁用防火牆及selinux服務 [root@localhost ~]# systemctl stop firewalld [root@localhost ~]# systemctl disable firewalld [root@localhost ~]# vim /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled #此處禁用 # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
#啟動haproxy服務並驗證 [root@molson ~]# systemctl enable haproxy Created symlink from /etc/systemd/system/multi-user.target.wants/haproxy.service to /usr/lib/systemd/system/haproxy.service.
#上傳寫好的配置檔案/etc/haproxy/haproxy.cfg global maxconn 100000 chroot /data/haproxy stats socket /data/haproxy/haproxy.sock mode 600 level admin uid 99 gid 99 daemon #nbproc 4 #cpu-map 1 0 #cpu-map 2 1 #cpu-map 3 2 #cpu-map 4 3 pidfile /run/haproxy.pid log 127.0.0.1 local3 info defaults option http-keep-alive option forwardfor maxconn 100000 mode http timeout connect 300000ms timeout client 300000ms timeout server 300000ms listen stats mode http bind 0.0.0.0:9999 stats enable log global stats uri /haproxy-status stats auth haadmin:q1w2e3r4ys
啟動的服務見下圖:
2:在101,102主機上分別通過yun安裝keepalived服務,如下
[root@molson ~]# yum install keepalived -y
在101主機上修改keepalived的配置檔案,如下
[root@molson ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
[email protected]
[email protected]
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VIP_1 { #例項的名稱
state MASTER #主還是備
interface ens33 #網絡卡名稱
virtual_router_id 51
priority 100 #權重
advert_int 1
authentication {
auth_type PASS
auth_pass molson #設定密碼
}
virtual_ipaddress {
192.168.37.200 dev ens33 label ens33:0
}
}
102伺服器上keepalived配置檔案的修改
[root@localhost haproxy]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
[email protected]
[email protected]
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VIP_1 {
state BACKUP #備份
interface ens33 #網絡卡名
virtual_router_id 51
priority 80 #權重
advert_int 1
authentication {
auth_type PASS
auth_pass molson #密碼
}
virtual_ipaddress {
192.168.37.200 dev ens33 label ens33:0 #虛擬的IP及網絡卡
}
}
101,102上啟動keepalived並驗證,如下圖
[root@localhost haproxy]# systemctl start keepalived
三:兩外兩臺伺服器103,104分別安裝httpd服務,如下
[root@molson ~]# yum install httpd -y
四:101,102機器修改haproxy的配置檔案,進行負載均衡,如下
#在之前的配置檔案後增加以下內容就可以
#/etc/haproxy/haproxy.cfg
listen WEB_PORT_80
mode http
bind 192.168.37.200:80 #繫結的虛擬IP及埠
server web1 192.168.37.103:80 check #轉發的地址
server web2 192.168.37.104:80 check #轉發的地址
五:啟動haproxy程式,如下
[root@molson ~]# ss -ntl State Recv-Q Send-Q Local Address:Port LISTEN 0 128 *:9999 LISTEN 0 128 *:22 LISTEN 0 100 127.0.0.1:25 LISTEN 0 128 :::22 LISTEN 0 100 ::1:25
通過上述資訊可以看出,埠80沒有開啟,修改核心引數,如下
[root@molson ~]# vim /etc/sysctl.conf #新增以下兩行 net.ipv4.ip_nonlocal_bind = 1 net.ipv4.ip_forward = 1 [root@molson ~]# sysctl -p #使配置生效 #102機器上一樣配置
再一次啟動haproxy程式,並檢查埠,如下
[root@localhost ~]# ss -ntl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:9999 *:* LISTEN 0 128 192.168.37.200:80 *:* LISTEN 0 128 *:22 *:* LISTEN 0 100 127.0.0.1:25 *:* LISTEN 0 128 :::22 :::* LISTEN 0 100 ::1:25 :::* [root@localhost ~]#
六:驗證高可用服務,如下
上圖為101機器上驗證,由上圖可知,101和102組成高可以服務,只要其中一臺服務停止了,還是可以正常服務的
由上圖可知,在101機器上keepalived服務停止了,在102機器上還是可以正常服務的,當在102機器上也停止了,服務不可訪問,如下
當101和102組成高可用服務的時候,主服務停止工作了,備份服務馬上開啟工作,見下圖日誌
由以上可知,簡單的Haproxy+keepalived高可用服務服務搭建成功