--------------------------------------------------------------------------------------------------------------------------關(guān)閉 SElinux、配置防火墻(Haproxy_Keepalived_Master 和 Haproxy_Keepalived_Backup兩臺機(jī)器都要操作)[root@Haproxy_Keepalived_Master ~]# vim /etc/sysconfig/selinux#SELINUX=enforcing #注釋掉#SELINUXTYPE=targeted #注釋掉SELINUX=disabled #增加[root@Haproxy_Keepalived_Master ~]# setenforce 0 #臨時關(guān)閉selinux。上面文件配置后,重啟機(jī)器后就永久生效。注意下面182.148.15.0/24是服務(wù)器的公網(wǎng)網(wǎng)段,192.168.1.0/24是服務(wù)器的私網(wǎng)網(wǎng)段一定要注意:加上這個組播規(guī)則后,MASTER和BACKUP故障時,才能實現(xiàn)VIP資源的正常轉(zhuǎn)移。其故障恢復(fù)后,VIP也還會正常轉(zhuǎn)移回來。[root@Haproxy_Keepalived_Master ~]# vim /etc/sysconfig/iptables .......-A INPUT -s 182.148.15.0/24 -d 224.0.0.18 -j ACCEPT #允許組播地址通信。 -A INPUT -s 192.168.1.0/24 -d 224.0.0.18 -j ACCEPT-A INPUT -s 182.148.15.0/24 -p vrrp -j ACCEPT #允許 VRRP(虛擬路由器冗余協(xié))通信-A INPUT -s 192.168.1.0/24 -p vrrp -j ACCEPT-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT [root@Haproxy_Keepalived_Master ~]# /etc/init.d/iptables restart----------------------------------------------------------------------------------------------------------------------下載Haproxy地址:http://www.haproxy.org/download/1.6/src/1)安裝Haproxy(Haproxy_Keepalived_Master 和 Haproxy_Keepalived_Backup兩臺機(jī)器都要操作) 注意:安裝之前,先執(zhí)行yum install gcc gcc-c++ make openssl-devel kernel-devel[root@Haproxy_Keepalived_Master src]# wget http://www.haproxy.org/download/1.6/src/haproxy-1.6.12.tar.gz[root@Haproxy_Keepalived_Master src]# tar -zvxf haproxy-1.6.12.tar.gz[root@Haproxy_Keepalived_Master src]# cd haproxy-1.6.12[root@Haproxy_Keepalived_Master haproxy-1.6.12]# make TARGET=linux26 CPU=x86_64 PREFIX=/usr/local/haprpxy USE_OPENSSL=1 ADDLIB=-lz參數(shù)說明:TARGET=linux26 #使用 uname -r 查看內(nèi)核,如:2.6.32-642.el6.x86_64,此時該參數(shù)就為linux26CPU=x86_64 #使用 uname -r 查看系統(tǒng)信息,如 x86_64 GNU/Linux,此時該參數(shù)就為 x86_64PREFIX=/usr/local/haprpxy #haprpxy 安裝路徑[root@Haproxy_Keepalived_Master haproxy-1.6.12]# ldd haproxy | grep ssl libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007f6f3d9b2000)[root@Haproxy_Keepalived_Master haproxy-1.6.12]# make install PREFIX=/usr/local/haproxy [root@Haproxy_Keepalived_Master haproxy-1.6.12]# mkdir -p /usr/local/haproxy/conf[root@Haproxy_Keepalived_Master haproxy-1.6.12]# mkdir -p /etc/haproxy[root@Haproxy_Keepalived_Master haproxy-1.6.12]# cp /usr/local/src/haproxy-1.6.12/examples/option-http_proxy.cfg /usr/local/haproxy/conf/haproxy.cfg[root@Haproxy_Keepalived_Master haproxy-1.6.12]# ln -s /usr/local/haproxy/conf/haproxy.cfg /etc/haproxy/haproxy.cfg[root@Haproxy_Keepalived_Master haproxy-1.6.12]# cp -r /usr/local/src/haproxy-1.6.12/examples/errorfiles /usr/local/haproxy/errorfiles[root@Haproxy_Keepalived_Master haproxy-1.6.12]# ln -s /usr/local/haproxy/errorfiles /etc/haproxy/errorfiles[root@Haproxy_Keepalived_Master haproxy-1.6.12]# mkdir -p /usr/local/haproxy/log[root@Haproxy_Keepalived_Master haproxy-1.6.12]# touch /usr/local/haproxy/log/haproxy.log[root@Haproxy_Keepalived_Master haproxy-1.6.12]# ln -s /usr/local/haproxy/log/haproxy.log /var/log/haproxy.log[root@Haproxy_Keepalived_Master haproxy-1.6.12]# cp /usr/local/src/haproxy-1.6.12/examples/haproxy.init /etc/rc.d/init.d/haproxy[root@Haproxy_Keepalived_Master haproxy-1.6.12]# chmod +x /etc/rc.d/init.d/haproxy[root@Haproxy_Keepalived_Master haproxy-1.6.12]# chkconfig haproxy on[root@Haproxy_Keepalived_Master haproxy-1.6.12]# ln -s /usr/local/haproxy/sbin/haproxy /usr/sbin2)配置 haproxy.cfg 參數(shù)(Haproxy_Keepalived_Master 和 Haproxy_Keepalived_Backup兩臺機(jī)器都要操作)[root@Haproxy_Keepalived_Master ~]# cp /usr/local/haproxy/conf/haproxy.cfg /usr/local/haproxy/conf/haproxy.cfg.bak[root@Haproxy_Keepalived_Master ~]# vim /usr/local/haproxy/conf/haproxy.cfgglobal log 127.0.0.1 local3 info #在本機(jī)記錄日志 maxconn 65535 #每個進(jìn)程可用的最大連接數(shù) chroot /usr/local/haproxy #haproxy 安裝目錄 uid 99 #運(yùn)行haproxy的用戶uid(cat /etc/passwd 查看,這里是nobody的uid) gid 99 #運(yùn)行haproxy的用戶組id(cat /etc/passwd 查看,這里是nobody組id) daemon #以后臺守護(hù)進(jìn)程運(yùn)行defaults log global mode http #運(yùn)行模式 tcp、 http、 health retries 3 #三次連接失敗,則判斷服務(wù)不可用 option redispatch #如果后端有服務(wù)器宕機(jī),強(qiáng)制切換到正常服務(wù)器 stats uri /haproxy #統(tǒng)計頁面 URL 路徑 stats refresh 30s #統(tǒng)計頁面自動刷新時間 stats realm haproxy-status #統(tǒng)計頁面輸入密碼框提示信息 stats auth admin:dxInCtFianKtL]36 #統(tǒng)計頁面用戶名和密碼 stats hide-version #隱藏統(tǒng)計頁面上 HAProxy 版本信息 maxconn 65535 #每個進(jìn)程可用的最大連接數(shù) timeout connect 5000 #連接超時 timeout client 50000 #客戶端超時 timeout server 50000 #服務(wù)器端超時frontend http-in #自定義描述信息 mode http #運(yùn)行模式 tcp、 http、 health maxconn 65535 #每個進(jìn)程可用的最大連接數(shù) bind :80 #監(jiān)聽 80 端口 log global option httplog option httpclose #每次請求完畢后主動關(guān)閉 http 通道 acl is_a hdr_beg(host) -i www.wangshibo.com #規(guī)則設(shè)置,-i 后面是要訪問的域名 acl is_b hdr_beg(host) -i www.guohuihui.com #如果多個域名,就寫多個規(guī)則,一規(guī)則對應(yīng)一個域名;即后面有多個域名,就寫 is_c、 is-d….,這個名字可以隨意起。但要與下面的use_backend 對應(yīng) use_backend web-server if is_a #如果訪問 is_a 設(shè)置的域名,就負(fù)載均衡到下面backend 設(shè)置的對應(yīng) web-server 上。web-server所負(fù)載的域名要都部署到下面的web01和web02上。如果是不同的域名部署到不同的機(jī)器上,就定義不同的web-server。 use_backend web-server if is_bbackend web-server mode http balance roundrobin #設(shè)置負(fù)載均衡模式,source 保存 session 值,roundrobin 輪詢模式 cookie SERVERID insert indirect nocache option httpclose option forwardfor server web01 182.148.15.233:80 weight 1 cookie 3 check inter 2000 rise 2 fall 5 server web02 182.148.15.238:80 weight 1 cookie 4 check inter 2000 rise 2 fall 5注意參數(shù)解釋:inter 2000 心跳檢測時間;rise 2 三次連接成功,表示服務(wù)器正常;fall 5 三次連接失敗,表示服務(wù)器異常; weight 1 權(quán)重設(shè)置3)啟動haproxy(Haproxy_Keepalived_Master 和 Haproxy_Keepalived_Backup兩臺機(jī)器都要操作)[root@Haproxy_Keepalived_Master ~]# service haproxy start #啟動[root@Haproxy_Keepalived_Master ~]# service haproxy stop #關(guān)閉[root@Haproxy_Keepalived_Master ~]# service haproxy restart #重啟[root@Haproxy_Keepalived_Master ~]# service haproxy status #查看服務(wù)狀態(tài)4)設(shè)置HAProxy日志(Haproxy_Keepalived_Master 和 Haproxy_Keepalived_Backup兩臺機(jī)器都要操作)[root@Haproxy_Keepalived_Master ~]# vim /etc/rsyslog.conf.......$ModLoad imudp #取消注釋 ,這一行不注釋,日志就不會寫$UDPServerRun 514 #取消注釋 ,這一行不注釋,日志就不會寫.......local0.* /var/log/haproxy.log #這一行可以沒有,可以不用寫local3.* /var/log/haproxy.log #這一行必須要寫[root@Haproxy_Keepalived_Master ~]# vim /etc/sysconfig/rsyslogSYSLOGD_OPTIONS="-r -m 0" #接收遠(yuǎn)程服務(wù)器日志[root@Haproxy_Keepalived_Master ~]# service rsyslog restart-------------------------------------------------------------------------------------------------------------------------1)安裝Keepalived(Haproxy_Keepalived_Master 和 Haproxy_Keepalived_Backup兩臺機(jī)器都要操作)[root@Haproxy_keepalived_Master ~]# yum install -y openssl-devel[root@Haproxy_keepalived_Master ~]# cd /usr/local/src/[root@Haproxy_keepalived_Master src]# wget http://www.keepalived.org/software/keepalived-1.3.5.tar.gz[root@Haproxy_keepalived_Master src]# tar -zvxf keepalived-1.3.5.tar.gz[root@Haproxy_keepalived_Master src]# cd keepalived-1.3.5[root@Haproxy_keepalived_Master keepalived-1.3.5]# ./configure --prefix=/usr/local/keepalived[root@Haproxy_keepalived_Master keepalived-1.3.5]# make && make install [root@Haproxy_keepalived_Master keepalived-1.3.5]# cp /usr/local/src/keepalived-1.3.5/keepalived/etc/init.d/keepalived /etc/rc.d/init.d/[root@Haproxy_keepalived_Master keepalived-1.3.5]# cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/[root@Haproxy_keepalived_Master keepalived-1.3.5]# mkdir /etc/keepalived/[root@Haproxy_keepalived_Master keepalived-1.3.5]# cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/[root@Haproxy_keepalived_Master keepalived-1.3.5]# cp /usr/local/keepalived/sbin/keepalived /usr/sbin/[root@Haproxy_keepalived_Master keepalived-1.3.5]# echo "/etc/init.d/keepalived start" >> /etc/rc.local[root@Haproxy_keepalived_Master keepalived-1.3.5]# chmod +x /etc/rc.d/init.d/keepalived #添加執(zhí)行權(quán)限[root@Haproxy_keepalived_Master keepalived-1.3.5]# chkconfig keepalived on #設(shè)置開機(jī)啟動[root@Haproxy_keepalived_Master keepalived-1.3.5]# service keepalived start #啟動[root@Haproxy_keepalived_Master keepalived-1.3.5]# service keepalived stop #關(guān)閉[root@Haproxy_keepalived_Master keepalived-1.3.5]# service keepalived restart #重啟2)Haproxy_Keepalived_Master服務(wù)器上的Keepalived配置如下:[root@Haproxy_Keepalived_Master ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf-bak[root@Haproxy_Keepalived_Master ~]# vim /etc/keepalived/keepalived.conf! Configuration File for keepalivedglobal_defs { notification_email { root@localhost }notification_email_from keepalived@localhostsmtp_server 127.0.0.1smtp_connect_timeout 30router_id HAproxy237}vrrp_script chk_haproxy { #HAproxy 服務(wù)監(jiān)控腳本 script "/etc/keepalived/check_haproxy.sh" interval 2 weight 2}vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111} track_script { chk_haproxy }virtual_ipaddress { 182.148.15.239 }notify_master "/etc/keepalived/clean_arp.sh 182.148.15.239"}vrrp_instance VI_2 { state BACKUP interface eth0 virtual_router_id 52 priority 99 advert_int 1 authentication { auth_type PASS auth_pass 1111}virtual_ipaddress { 182.148.15.235}notify_master "/etc/keepalived/clean_arp.sh 182.148.15.235"}3)Haproxy_Keepalived_Backup服務(wù)器上的Keepalived配置如下:[root@Haproxy_Keepalived_Backup ~]# /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf-bak[root@Haproxy_Keepalived_Backup ~]# vim /etc/keepalived/keepalived.conf! Configuration File for keepalivedglobal_defs { notification_email { root@localhost }notification_email_from keepalived@localhostsmtp_server 127.0.0.1smtp_connect_timeout 30router_id HAproxy236}vrrp_script chk_haproxy { script "/etc/keepalived/check_haproxy.sh" interval 2 weight 2}vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 51 priority 99 advert_int 1 authentication { auth_type PASS auth_pass 1111} track_script { chk_haproxy }virtual_ipaddress { 182.148.15.239}notify_master "/etc/keepalived/clean_arp.sh 182.148.15.239"}vrrp_instance VI_2 { state MASTER interface eth0 virtual_router_id 52 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111}virtual_ipaddress { 182.148.15.235}notify_master "/etc/keepalived/clean_arp.sh 182.148.15.235"}4)設(shè)置HAproxy服務(wù)監(jiān)控腳本(Haproxy_Keepalived_Master 和 Haproxy_Keepalived_Backup兩臺機(jī)器都要操作)[root@Haproxy_Keepalived_Master ~]# vim /etc/keepalived/check_haproxy.sh#!/bin/bashA=`ps -C haproxy --no-header | wc -l`if [ $A -eq 0 ];then/etc/init.d/haproxy startsleep 3if [ `ps -C haproxy --no-header | wc -l ` -eq 0 ];then/etc/init.d/keepalived stopfifi[root@Haproxy_Keepalived_Master ~]# chmod +x /etc/keepalived/check_haproxy.sh5)設(shè)置更新虛擬服務(wù)器(VIP)地址的arp記錄到網(wǎng)關(guān)腳本(Haproxy_Keepalived_Master 和 Haproxy_Keepalived_Backup兩臺機(jī)器都要操作)[root@Haproxy_Keepalived_Master ~]# vim /etc/keepalived/clean_arp.sh#!/bin/shVIP=$1GATEWAY=182.148.15.254 #這個是本機(jī)的外網(wǎng)網(wǎng)卡網(wǎng)關(guān)地址/sbin/arping -I eth0 -c 5 -s $VIP $GATEWAY &>/dev/null6)系統(tǒng)內(nèi)核優(yōu)化(Haproxy_Keepalived_Master 和 Haproxy_Keepalived_Backup兩臺機(jī)器都要操作)[root@Haproxy_Keepalived_Master ~]# echo 1024 60999 > /proc/sys/net/ipv4/ip_local_port_range[root@Haproxy_Keepalived_Master ~]# echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout[root@Haproxy_Keepalived_Master ~]# echo 4096 > /proc/sys/net/ipv4/tcp_max_syn_backlog[root@Haproxy_Keepalived_Master ~]# echo 262144 > /proc/sys/net/ipv4/tcp_max_tw_buckets[root@Haproxy_Keepalived_Master ~]# echo 262144 > /proc/sys/net/ipv4/tcp_max_orphans[root@Haproxy_Keepalived_Master ~]# echo 300 > /proc/sys/net/ipv4/tcp_keepalive_time[root@Haproxy_Keepalived_Master ~]# echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle[root@Haproxy_Keepalived_Master ~]# echo 0 > /proc/sys/net/ipv4/tcp_timestamps[root@Haproxy_Keepalived_Master ~]# echo 0 > /proc/sys/net/ipv4/tcp_ecn[root@Haproxy_Keepalived_Master ~]# echo 1 > /proc/sys/net/ipv4/tcp_sack[root@Haproxy_Keepalived_Master ~]# echo 0 > /proc/sys/net/ipv4/tcp_dsack7)分別啟動Haproxy_Keepalived_Master 和 Haproxy_Keepalived_Backup的keealived和haproxy服務(wù),并查看vip[root@Haproxy_Keepalived_Master ~]# /etc/init.d/keepalived start[root@Haproxy_Keepalived_Master ~]# /etc/init.d/haproxy start[root@Haproxy_Keepalived_Master ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 52:54:00:68:dc:b6 brd ff:ff:ff:ff:ff:ff inet 182.148.15.237/27 brd 182.148.15.255 scope global eth0 inet 182.148.15.239/32 scope global eth0 inet6 fe80::5054:ff:fe68:dcb6/64 scope link valid_lft forever preferred_lft forever[root@Haproxy_Keepalived_Backup ~]# /etc/init.d/keepalived start[root@Haproxy_Keepalived_Backup ~]# /etc/init.d/haproxy start[root@Haproxy_Keepalived_Backup ~]# ip addr1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 52:54:00:7c:b8:f0 brd ff:ff:ff:ff:ff:ff inet 182.148.15.236/27 brd 182.148.15.255 scope global eth0 inet 182.148.15.235/32 scope global eth0 inet6 fe80::5054:ff:fe7c:b8f0/64 scope link valid_lft forever preferred_lft forever聯(lián)系客服
