haproxy+keepalived安裝配置
1.1 主機規劃
| 服務器說明 | IP地址 | 主機名稱規則 | 安裝服務 |
|---|---|---|---|
| haproxy主機1 | 10.0.0.41 | haproxy01 | Haproxy、Nginx、keepalived |
| haproxy主機2 | 10.0.0.42 | haproxy01 | Haproxy、Nginx、keepalived |
| 10.0.0.43 | 虛擬IP地址VIP |
1.2 hosts解析文件
10.0.0.41 dns01
10.0.0.42 dns021.3 操作系統版本
CentOS7.3
[root@haproxy01 ~]# cat /etc/redhat-release CentOS Linux release 7.3.1611 (Core) [root@haproxy01 ~]# uname -r 3.10.0-514.el7.x86_64 [root@haproxy01 ~]# uname -m x86_64
1.4 涉及軟件版本
haproxy:1.5.18
nginx:1.14.2
keepalived:1.3.5
1.5 系統基礎優化
1. 關閉selinux
sed -i ‘7s#enforcing#disabled#g‘ /etc/selinux/config
2. 關閉iptables
systemctl stop firewalld.service
systemctl disable firewalld.service
3. 安裝基本的依賴包
yum -y install net-tools vim lrzsz tree screen lsof tcpdump nc mtr nmap gcc glibc gcc-c++
4. 系統網卡名設置為eth0(安裝過程中設置)
2. 安裝haproxy
2.1 安裝haproxy
安裝haproxy和其他軟件類似,基本上也分為源碼安裝和yum安裝,采用yu‘m安裝得版本可能稍微比較舊,在CentOS7系統下一般為1.5版本。這兩個方式本身區別並不太大,但是安裝目錄會有一定得出入,在配置程序得時候需要稍微註意。
本文的配置均采用yum安裝方式路徑,編譯安裝就不細說,兩者任選其一均可。
1、yum安裝(配置文件均采用這種方式的配置)
yum -y install haproxy #查看版本信息 [root@haproxy01 ~]# haproxy -v HA-Proxy version 1.5.18 2016/05/10 Copyright 2000-2016 Willy Tarreau <[email protected]>
2、編譯安裝(僅在這裏介紹)
#下載haproxy軟件
cd /usr/local/src
wget https://src.fedoraproject.org/repo/pkgs/haproxy/haproxy-1.6.3.tar.gz/3362d1e268c78155c2474cb73e7f03f9/haproxy-1.6.3.tar.g
#安裝包md5碼
[root@haproxy02 src]# md5sum haproxy-1.6.3.tar.gz
3362d1e268c78155c2474cb73e7f03f9 haproxy-1.6.3.tar.gz
#解壓
tar xf haproxy-1.6.3.tar.gz
#編譯安裝
#編譯參數解釋:TARGET=linux2628 系統內核版本,如果大於2.6.28的用:TARGET=linux2628;ARCH=x86_64 #系統位數
cd haproxy-1.6.3
make TARGET=linux2628 ARCH=x86_64 PREFIX=/usr/local/haproxy-1.6.3
make install
cp /usr/local/sbin/haproxy /usr/sbin/
cp examples/haproxy.init /etc/init.d/haproxy
chmod 755 /etc/init.d/haproxy
#查看安裝結果
[root@haproxy01 haproxy-1.6.3]# haproxy -v
HA-Proxy version 1.6.3 2015/12/25
Copyright 2000-2015 Willy Tarreau <[email protected]>2.2 配置haproxy
2.2.1 配置rsyslog
Haproxy在Centos7上默認沒有記錄日誌,需要配置rsyslog服務開啟日誌記錄的功能。rsyslog默認情況下,需要在514端口監聽,所需要做如下修改:
1.創建記錄日誌文件
mkdir /var/log/haproxy
chmod a+w /var/log/haproxy2.開啟rsyslog記錄haproxy日誌功能
vim /etc/rsyslog.conf
#將如下兩行得註釋取消
$ModLoad imudp
$UDPServerRun 514
#在該文件添加如下內容:
# Save haproxy log
local3.* /var/log/haproxy/haproxy.log3.修改“/etc/sysconfig/rsyslog”文件,內容如下
vim /etc/sysconfig/rsyslog
# Options for rsyslogd
# Syslogd options are deprecated since rsyslog v3.
# If you want to use them, switch to compatibility mode 2 by "-c 2"
# See rsyslogd(8) for more details
SYSLOGD_OPTIONS="-r -m 0 -c 2"4. 配置haproxy
編輯haproxy配置文件,進行如下內容修改:
log 127.0.0.1 local3 info5.重啟服務
systemctl restart rsyslog.service
#查看日誌記錄
tailf /var/log/haproxy/haproxy.log2.2.2 配置haproxy
- /etc/haproxy/haproxy.cfg
(1)haproxy01上面的配置
global
maxconn 10000
chroot /var/lib/haproxy
uid haproxy
gid haproxy
daemon
nbproc 1
pidfile /var/lib/haproxy/haproxy.pid
log 127.0.0.1 local3 info
defaults
mode http
log global
option http-keep-alive
maxconn 10000
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
listen stats
mode http
bind 0.0.0.0:8888
stats refresh 30s
stats enable
stats uri /stats
stats auth haproxy:123456
frontend frontend_www_example_com
bind 10.0.0.41:80
mode http
option httplog
log global
default_backend backend_www_example_com
backend backend_www_example_com
option forwardfor header X-REAL-IP
option httpchk HEAD / HTTP/1.0
balance source
server web-node1 10.0.0.41:8080 check inter 2000 rise 30 fall 15
server web-node2 10.0.0.42:8080 check inter 2000 rise 30 fall 15(2)haproxy的配置
global
maxconn 10000
chroot /var/lib/haproxy
uid haproxy
gid haproxy
daemon
nbproc 1
pidfile /var/lib/haproxy/haproxy.pid
log 127.0.0.1 local3 info
defaults
mode http
log global
option http-keep-alive
maxconn 10000
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
listen stats
mode http
bind 0.0.0.0:8888
stats refresh 30s
stats enable
stats uri /stats
stats auth haproxy:123456
frontend frontend_www_example_com
bind 10.0.0.42:80
mode http
option httplog
log global
default_backend backend_www_example_com
backend backend_www_example_com
option forwardfor header X-REAL-IP
option httpchk HEAD / HTTP/1.0
balance source
server web-node1 10.0.0.41:8080 check inter 2000 rise 30 fall 15
server web-node2 10.0.0.42:8080 check inter 2000 rise 30 fall 152.3啟動haproxy
systemctl start haproxy.service
systemctl enable haproxy.service
#這裏會有一個告警,這是因為我們還沒有配置後端的服務
[root@haproxy02 haproxy]# systemctl start haproxy.service
[root@haproxy02 haproxy]#
Message from syslogd@localhost at Feb 24 21:33:33 ...
haproxy[3763]: backend backend_www_example_com has no server available!2.4 驗證
? 分別在瀏覽器輸入地址:http://10.0.0.41:8888/stats,
輸入用戶名:haproxy,密碼:123456,如果出現如下信息說明haproxy已經成功啟動了。
3.安裝nginx
這裏僅使用nginx來做負載均衡的測試,因此只需yum安裝即可。
3.1安裝nginx
rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
yum -y install nginx
#查看版本信息
[root@haproxy01 yum.repos.d]# nginx -v
nginx version: nginx/1.14.23.2配置nginx
1./etc/nginx/conf.d/default.conf
修改監聽端口為8080
sed -i ‘s#80#8080#g‘ /etc/nginx/conf.d/default.conf2./usr/share/nginx/html/index.html
修改主頁信息
(1)haproxy01
echo haproxy01 > /usr/share/nginx/html/index.html(2)haproxy02上修改
echo haproxy02 > /usr/share/nginx/html/index.html3.3啟動nginx
systemctl start nginx.service3.4結果驗證
1、通過瀏覽器訪問監控頁面,如果發現web-node1和web-node2狀態變為綠色則說明nginx已經啟動成功。
2、通過瀏覽器訪問服務器IP,發現haproxy01和haproxy02在來回切換說明負載均衡配置正確!
4.安裝keepalived
keepalived采用只需yum安裝即可,且keepalived相關內容查找[keepalived權威指南]即可。
鏈接:https://pan.baidu.com/s/14EZJ6B8IqRYLzz9IofCbmQ
提取碼:tvv3
4.1安裝keepalived
yum -y install keepalived
#查看keepalived版本
[root@haproxy02 haproxy]# keepalived -v
Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2
Copyright(C) 2001-2017 Alexandre Cassen, <[email protected]>
4.2配置keepalived
1./etc/keepalived/keepalived.conf
(1)haproxy01上的配置(這裏沒有配置去監聽haproxy服務,有需要的同學可以自己配置)
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id haproxy_ha
}
vrrp_instance haproxy_ha {
state MASTER
interface eth0
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.43
}
}(2)haproxy02上的配置
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id haproxy_ha
}
vrrp_instance haproxy_ha {
state BACKUP
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.43
}
}4.3啟動keepalived服務
systemctl start keepalived.service
systemctl enable keepalived.service4.4驗證keepalived
在haproxy01上查看是否有虛擬IP地址10.0.0.43,並且haproxy02上沒有,則說明安裝成功。
5.haproxy結合keepalived使用
5.1、修改內核參數
? haproxy和keepalived的結合使用,是通過修改haproxy的配置文件去監聽虛擬IP地址10.0.0.43。但是這樣配置會出現一個問題,那就是作為BACKUP的keepalived的節點上面沒有虛擬IP地址的時候,haproxy無法啟動。
? 針對這個問題,需要配置haproxy去監聽非本地IP!!註意如果不是部署keepalived的服務器不能這樣做,這樣比較危險。監聽非本地修改如下配置參數:
#查看默認參數
[root@haproxy01 keepalived]# cat /proc/sys/net/ipv4/ip_nonlocal_bind
0
#修改參數
echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind
sysctl -w net.ipv4.ip_nonlocal_bind=1
#永久生效
echo ‘net.ipv4.ip_nonlocal_bind=1‘ >> /etc/sysctl.conf5.2 haproxy修改監聽地址
修改/etc/haproxy/haproxy.cfg,使其監聽VIP:
#haproxy01上修改:
sed -i ‘s#bind 10.0.0.41:80#bind 10.0.0.43:80#g‘ /etc/haproxy/haproxy.cfg
#haproxy02上修改:
sed -i ‘s#bind 10.0.0.42:80#bind 10.0.0.43:80#g‘ /etc/haproxy/haproxy.cfg5.3 重啟haproxy
重啟haproxy,使配置文件生效
systemctl restart haproxy.service5.4 驗證結果
查看兩臺服務器的監聽地址,如果都是監聽的10.0.0.43,則說明修改成功。
至此,haproxy+keepalived的配置到此結束,還請各位同學指正!!
haproxy+keepalived安裝配置