centos7+keepalive+haproxy
最小化安装centos7
一、 环境说明
站在用户的角度思考问题,与客户深入沟通,找到象山网站设计与象山网站推广的解决方案,凭借多年的经验,让设计与互联网技术结合,创造个性化、用户体验好的作品,建站类型包括:网站制作、成都网站制作、企业官网、英文网站、手机端网站、网站推广、主机域名、虚拟主机、企业邮箱。业务覆盖象山地区。
- HA和负载主的IP地址为:10.10.10.111
- HA和负载备的IP地址为:10.10.10.112
-
HA的虚地址为:10.10.10.110
二、基础配置
1.配置网卡
vi /etc/sysconfig/network-scripts/ifcfg-ens36
vi /etc/sysconfig/network-scripts/ifcfg-ens33
2.安装net-tools
注:这个软件包会安装ifconfig,route等命令
[root@localhost ~]# rpm -ql net-tools
/bin/netstat
/sbin/arp
/sbin/ether-wake
/sbin/ifconfig
/sbin/ipmaddr
/sbin/iptunnel
/sbin/mii-diag
/sbin/mii-tool
/sbin/nameif
/sbin/plipconfig
/sbin/route
/sbin/slattachmkdir /media/cdrom
mount /dev/cdrom /media/cdrom
vi /etc/fstab
/dev/cdrom /media/cdrom iso9660 defaults 0 0
cd /media/cdrom/Packages
rpm -ivh net-tools-….[tab]
rpm -ivh lrzsz…[tab]
3.关闭没必要的服务,禁止开机启动
[root@localhost ~]# systemctl disable postfix.service
[root@localhost ~]# systemctl disable firewalld.service
[root@localhost ~]# iptables -F
[root@localhost ~]# iptables -t nat –F
4.关闭selinux
[root@localhost sbin]# cat /etc/sysconfig/selinuxThis file controls the state of SELinux on the system.
SELINUX= can take one of these three values:
enforcing - SELinux security policy is enforced.
permissive - SELinux prints warnings instead of enforcing.
disabled - No SELinux policy is loaded.
SELINUX=disabled
SELINUXTYPE= can take one of three two values:
targeted - Targeted processes are protected,
minimum - Modification of targeted policy. Only selected processes are protected.
mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@localhost sbin]# getenforce
Enforcing
[root@localhost sbin]# setenforce 0
[root@localhost sbin]# getenforce
Permissive
5.关闭IPv6
[root@localhost keepalived]# cat /etc/default/grub
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="ipv6.disable=1 crashkernel=auto rhgb quiet"
GRUB_DISABLE_RECOVERY="true"
运行grub2-mkconfig -o /boot/grub2/grub.cfg重新生成grub.cfg文件
注:此操作需要重启才能生效
二、安装keepalived
下载地址http://www.keepalived.org/download.html - 安装openssl openssl-devel gcc gcc-c++ make pcre-devel bzip2-devel
[root@localhost src]# cd /usr/local/src/
[root@localhost src]# yum install -y openssl openssl-devel gcc gcc-c++ make pcre-devel bzip2-devel
2.下载最新版本keepalived并将keepalived-2.0.7.tar.gz放在/usr/local/src/目录下,安装会用到openssl openssl-devel
[root@localhost src]# tar -zxvf keepalived-2.0.7.tar.gz
[root@localhost src]#cd /usr/local/src/keepalived-2.0.7
3.安装并配置keepalived
[root@localhost keepalived-2.0.7]# mkdir /usr/local/keepalived
[root@localhost keepalived-2.0.7]# ./configure --prefix=/usr/local/keepalived/
[root@localhost keepalived-2.0.7]# make && make install
[root@localhost ~]#mkdir /etc/keepalived
[root@localhost ~]#cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived
Killall需要安装psmisc
yum install –y psmisc
负载主配置:
[root@localhost keepalived]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {acassen@firewall.loc
br/>acassen@firewall.loc
br/>sysadmin@firewall.loc
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server localhost
smtp_connect_timeout 30
router_id NodeA
}
vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 2
weight -2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script{
chk_haproxy
}
virtual_ipaddress {
虚拟IP地址
}
}
负载备配置:
[root@localhost keepalived]# vim keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {acassen@firewall.loc
br/>acassen@firewall.loc
br/>sysadmin@firewall.loc
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server localhost
smtp_connect_timeout 30
router_id NodeA
}
vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 2
weight -2
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script{
chk_haproxy
}
virtual_ipaddress {
虚拟IP地址(同主)
}
}
4.分别启动两个keepalive
[root@localhost /]# /usr/local/keepalived/sbin/keepalived -D
5.查看进程:ps aux | grep keepalived
[root@localhost ~]# ps aux | grep keepalived
root 828 0.0 0.0 40848 676 ? Ss 09:45 0:00 /usr/local/keepalived/sbin/keepalived -D
root 829 0.0 0.0 40848 1200 ? S 09:45 0:00 /usr/local/keepalived/sbin/keepalived -D
root 1101 0.0 0.0 112704 972 pts/0 S+ 09:46 0:00 grep --color=auto keepalived
- 添加开启启动:
[root@localhost /]# echo "/usr/local/keepalived/sbin/keepalived -D" >> /etc/rc.d/rc.local
[root@localhost /]# chmod +x /etc/rc.d/rc.local
测试:
Win7 ping 10.10.10.110 -t
将负载1网卡down掉10.10.10.110还能通
Win7 arp –a mac地址和负载1相同
将负载1网卡down掉 mac地址和负载2相同
至此HA测试成功
三、安装Haproxy
下载地址 http://pkgs.fedoraproject.org/repo/pkgs/haproxy/
- 下载最新版本hpproxy并将haproxy-1.8.13.tar.gz放在/usr/local/src/目录下,安装会用到pcre-devel bzip2-devel
[root@localhost ~]# cd /usr/local/src/
[root@localhost src]# tar -zxvf haproxy-1.8.13.tar.gz
[root@localhost src]# cd haproxy-1.8.13
[root@localhost haproxy-1.8.13]# make TARGET=linux2628
[root@localhost haproxy-1.8.13]# make install
[root@localhost haproxy-1.8.13]# mkdir /etc/haproxy
[root@localhost haproxy-1.8.13]# mkdir /usr/local/haproxy
[root@localhost haproxy-1.8.13]# groupadd haproxy
[root@localhost haproxy-1.8.13]# useradd -s /sbin/nologin -M -g haproxy haproxy
[root@localhost haproxy-1.8.13]# id haproxy
uid=1000(haproxy) gid=1000(haproxy) groups=1000(haproxy)
3.添加配置文件(主备配置相同)
[root@localhost haproxy-1.8.13]# vim /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local0 info
#log 127.0.0.1 local3
#log 127.0.0.1 local1 notice
#log loghost local0 info
maxconn 4096
chroot /usr/local/haproxy
uid 99
gid 99
daemon
nbproc 2
pidfile /var/run/haproxy.pid
#debug
#quiet
defaults
#log global
log 127.0.0.1 local3
mode http
option httplog
option dontlognull
option forwardfor
option httpclose
retries 3
option redispatch
maxconn 5000
contimeout 20000
clitimeout 80000
srvtimeout 80000
stats uri /haproxy-admin
stats auth admin:(管理界面的密码)
stats hide-version
frontend http-in
bind *:80
mode http
option httplog
log global
default_backend (自定义名称)
backend (自定义名称)
balance roundrobin
cookie SESSION_COOKIE insert indirect nocache
option httpchk HEAD /loginkey.aspx HTTP/1.0
server 名称01 10.10.10.20:80 cookie 名称1 weight 5 check inter 2000 rise 2 fall 3
server 名称02 10.10.10.30:80 cookie 名称2 weight 3 check inter 2000 rise 2 fall 3
4.添加开机启动
[root@localhost examples]# cp /usr/local/src/haproxy-1.8.13/examples/haproxy.init /etc/init.d/haproxy
[root@localhost examples]# chmod 755 /etc/init.d/haproxy
[root@localhost examples]# chkconfig --add haproxy
[root@localhost examples]# ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy
[root@localhost examples]# service haproxy start
Starting haproxy (via systemctl): [ OK ]
[root@localhost examples]# chkconfig haproxy on
[root@localhost examples]# netstat -anpt | grep haproxy
tcp 0 0 0.0.0.0:80 0.0.0.0: LISTEN 6836/haproxy
tcp 0 1 10.10.10.111:60196 ...:80 SYN_SENT 6836/haproxy
tcp 0 1 10.10.10.111:60198 ...*:80 SYN_SENT 6837/haproxy
新闻名称:centos7+keepalive+haproxy
URL分享:http://scyanting.com/article/pdpoos.html