实验环境:
Centos7.4 x 4台
192.168.1.101 master
192.168.1.102 backup
192.168.1.103 web1
192.168.1.104 web2
漂移IP(即VIP):192.168.1.250
1.关闭防火墙和SELINUX(略)
2.配置本地yum源(略),只需挂载光盘即可
3.配置keepalived+haproxy主服务器
[root@master ~]# yum install keepalived pcre-devel bzip2-devel -y # 安装依赖软件
[root@master ~]# tar xf haproxy-1.5.19.tar.gz # 解包
[root@master ~]# cd haproxy-1.5.19/ # 切换至源码目录
[root@master haproxy-1.5.19]# make TARGET=linux2628 && make install # 编译安装,根据内核版本选定TARGET的值,此处为3.10所以为linux2628
[root@master haproxy-1.5.19]# mkdir /etc/haproxy # 创建配置文件目录
[root@master haproxy-1.5.19]# cp examples/haproxy.cfg /etc/haproxy/ # 将源码包自带的配置文件目录复制过来
[root@master haproxy-1.5.19]# cd
[root@master ~]# vim /etc/haproxy/haproxy.cfg # 编辑主配置文件,根据当前环境,将主配置文件修改如下
# this config needs haproxy-1.1.28 or haproxy-1.2.1
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
#log loghost local0 info
maxconn 4096
#chroot /usr/share/haproxy # 将该行注释掉
uid 99
gid 99
daemon
#debug
#quiet
defaults
log global
mode http
option httplog
option dontlognull
retries 3
redispatch
maxconn 2000
contimeout 5000
clitimeout 50000
srvtimeout 50000
listen webcluster 0.0.0.0:80 # webcluster为集群名称,可自定义,修改后面的端口号
option httpchk /index.html
balance roundrobin # 表示采用轮询算法
server ins1 192.168.1.103:80 check inter 2000 fall 3 # web节点1
server ins2 192.168.1.104:80 check inter 2000 fall 3 # web节点2
注:
在配置文件下,有很多listen配置项,找到和我们需要的差不多的listen项复制到#defaults配置项下,然后将后面的配置项删除,若不删除,启动的时候可能会报错。
[root@master ~]# cd haproxy-1.5.19/examples/ # 切换至指定目录
[root@master examples]# cp haproxy.init /etc/init.d/haproxy # 复制服务控制脚本
[root@master examples]# ln -s /usr//local/sbin/haproxy /usr/sbin/haproxy # 创建软链接,加入系统环境变量
[root@master examples]# chmod +x /etc/init.d/haproxy # 赋予文件执行权限
[root@master examples]# chkconfig --add haproxy # 添加为系统服务
[root@master examples]# systemctl restart haproxy # 启动haproxy服务
[root@master examples]# netstat -anpt | grep 80 # 查看是否在监听
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3752/haproxy
以下部分开始配置keepalived,haproxy已经配置完成了
[root@master ~]# vim /etc/keepalived/keepalived.conf # 编辑keepalived配置文件
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL1 # 定义服务器名称,不可与其他服务器名称冲突
}
vrrp_instance VI_1 {
state MASTER
interface ens33 # 修改承载漂移IP地址的物理网卡
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.250 # 指定漂移IP地址
}
}
注:
配置项至此保存退出就可以了,将后面的所有配置项删除,以免影响服务启动
[root@master ~]# systemctl restart keepalived # 重启keepalived服务
4.配置keepalived+haproxy备份服务器:
[root@master ~]# yum install keepalived pcre-devel bzip2-devel -y # 安装依赖软件
[root@master ~]# tar xf haproxy-1.5.19.tar.gz # 解包
[root@master ~]# cd haproxy-1.5.19/ # 切换至源码目录
[root@master haproxy-1.5.19]# make TARGET=linux2628 && make install # 编译安装,根据内核版本选定TARGET的值,此处为3.10所以为linux2628
[root@master haproxy-1.5.19]# mkdir /etc/haproxy # 创建配置文件目录
[root@backup ~]# scp root@192.168.1.101:/etc/haproxy/haproxy.cfg /etc/haproxy/
The authenticity of host '192.168.1.101 (192.168.1.101)' can't be established.
ECDSA key fingerprint is SHA256:f/y/4lfQMxmDViBMkdNTyfslN9i/xKsYsYn0qOx4qy0.
ECDSA key fingerprint is MD5:20:55:fe:7d:c2:c4:16:a4:3a:8c:14:0e:dd:d2:77:b4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.101' (ECDSA) to the list of known hosts.
root@192.168.1.101's password: # 输入master的用户密码
haproxy.cfg 100% 563 681.3KB/s 00:00
[root@backup ~]# scp root@192.168.1.101:/etc/init.d/haproxy /etc/init.d/
root@192.168.1.101's password:
haproxy 100% 2553 1.4MB/s 00:00
[root@backup ~]# ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy # 创建软链接
[root@backup ~]# chkconfig --add haproxy # 添加为系统服务
[root@backup ~]# systemctl start haproxy # 启动haproxy服务
[root@backup ~]# netstat -anpt | grep 80 # 查看是否在监听
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 55367/haproxy # haproxy服务默认监听在80端口
[root@backup ~]# scp root@192.168.1.101:/etc/keepalived/keepalived.conf /etc/keepalived/
root@192.168.1.101's password:
keepalived.conf 100% 538 688.0KB/s 00:00
[root@backup ~]# vim /etc/keepalived/keepalived.conf # 修改以下三个配置项:
router_id LVS_DEVEL2 # 将服务器名称改一下,别和主服务冲突
............
state BACKUP # 将状态改为BACKUP
............
priority 90 # 修改一下优先级,要比主服务器优先级低
............
5.配置web节点,安装httpd服务进行测试:
web1:
[root@web1 ~]# yum install httpd -y
[root@web1 ~]# echo "<h1>Web Server1 1111111111111111111</h1>" > /var/www/html/index.html
[root@web1 ~]# systemctl start httpd
web2:
[root@web2 ~]# yum install httpd -y
[root@web2 ~]# echo "<h1>Web Server2 2222222222222222222</h1>" > /var/www/html/index.html
[root@web2 ~]# systemctl start httpd
至此,Keepalived+Haproxy就配置完成了,可以使用client进行访问,模拟主服务器宕机等问题,测试高可用。