centos7+keepalive+haproxy

最小化安装centos7
一、 环境说明

站在用户的角度思考问题,与客户深入沟通,找到象山网站设计与象山网站推广的解决方案,凭借多年的经验,让设计与互联网技术结合,创造个性化、用户体验好的作品,建站类型包括:网站制作、成都网站制作、企业官网、英文网站、手机端网站、网站推广、主机域名虚拟主机、企业邮箱。业务覆盖象山地区。

  1. HA和负载主的IP地址为:10.10.10.111
  2. HA和负载备的IP地址为:10.10.10.112
  3. HA的虚地址为:10.10.10.110
    二、基础配置
    1.配置网卡
    vi /etc/sysconfig/network-scripts/ifcfg-ens36
    vi /etc/sysconfig/network-scripts/ifcfg-ens33
    2.安装net-tools
    注:这个软件包会安装ifconfig,route等命令
    [root@localhost ~]# rpm -ql net-tools
    /bin/netstat
    /sbin/arp
    /sbin/ether-wake
    /sbin/ifconfig
    /sbin/ipmaddr
    /sbin/iptunnel
    /sbin/mii-diag
    /sbin/mii-tool
    /sbin/nameif
    /sbin/plipconfig
    /sbin/route
    /sbin/slattach

    mkdir /media/cdrom
    mount /dev/cdrom /media/cdrom
    vi /etc/fstab
    /dev/cdrom /media/cdrom iso9660 defaults 0 0
    cd /media/cdrom/Packages
    rpm -ivh net-tools-….[tab]
    rpm -ivh lrzsz…[tab]
    3.关闭没必要的服务,禁止开机启动
    [root@localhost ~]# systemctl disable postfix.service
    [root@localhost ~]# systemctl disable firewalld.service
    [root@localhost ~]# iptables -F
    [root@localhost ~]# iptables -t nat –F
    4.关闭selinux
    [root@localhost sbin]# cat /etc/sysconfig/selinux

    This file controls the state of SELinux on the system.

    SELINUX= can take one of these three values:

    enforcing - SELinux security policy is enforced.

    permissive - SELinux prints warnings instead of enforcing.

    disabled - No SELinux policy is loaded.

    SELINUX=disabled

    SELINUXTYPE= can take one of three two values:

    targeted - Targeted processes are protected,

    minimum - Modification of targeted policy. Only selected processes are protected.

    mls - Multi Level Security protection.

    SELINUXTYPE=targeted
    [root@localhost sbin]# getenforce
    Enforcing
    [root@localhost sbin]# setenforce 0
    [root@localhost sbin]# getenforce
    Permissive
    5.关闭IPv6
    [root@localhost keepalived]# cat /etc/default/grub
    GRUB_TIMEOUT=5
    GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
    GRUB_DEFAULT=saved
    GRUB_DISABLE_SUBMENU=true
    GRUB_TERMINAL_OUTPUT="console"
    GRUB_CMDLINE_LINUX="ipv6.disable=1 crashkernel=auto rhgb quiet"
    GRUB_DISABLE_RECOVERY="true"
    运行grub2-mkconfig -o /boot/grub2/grub.cfg重新生成grub.cfg文件
    注:此操作需要重启才能生效
    二、安装keepalived
    下载地址http://www.keepalived.org/download.html

  4. 安装openssl openssl-devel gcc gcc-c++ make pcre-devel bzip2-devel
    [root@localhost src]# cd /usr/local/src/
    [root@localhost src]# yum install -y openssl openssl-devel gcc gcc-c++ make pcre-devel bzip2-devel

2.下载最新版本keepalived并将keepalived-2.0.7.tar.gz放在/usr/local/src/目录下,安装会用到openssl openssl-devel
[root@localhost src]# tar -zxvf keepalived-2.0.7.tar.gz
[root@localhost src]#cd /usr/local/src/keepalived-2.0.7

3.安装并配置keepalived
[root@localhost keepalived-2.0.7]# mkdir /usr/local/keepalived
[root@localhost keepalived-2.0.7]# ./configure --prefix=/usr/local/keepalived/
[root@localhost keepalived-2.0.7]# make && make install
[root@localhost ~]#mkdir /etc/keepalived
[root@localhost ~]#cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived

Killall需要安装psmisc
yum install –y psmisc

负载主配置:
[root@localhost keepalived]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {acassen@firewall.loc
br/>acassen@firewall.loc
br/>sysadmin@firewall.loc
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server localhost
smtp_connect_timeout 30
router_id NodeA
}

vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 2
weight -2
}

vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script{
chk_haproxy
}
virtual_ipaddress {
虚拟IP地址
}
}

负载备配置:
[root@localhost keepalived]# vim keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {acassen@firewall.loc
br/>acassen@firewall.loc
br/>sysadmin@firewall.loc
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server localhost
smtp_connect_timeout 30
router_id NodeA
}

vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 2
weight -2
}

vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script{
chk_haproxy
}
virtual_ipaddress {
虚拟IP地址(同主)
}
}

4.分别启动两个keepalive
[root@localhost /]# /usr/local/keepalived/sbin/keepalived -D

5.查看进程:ps aux | grep keepalived
[root@localhost ~]# ps aux | grep keepalived
root 828 0.0 0.0 40848 676 ? Ss 09:45 0:00 /usr/local/keepalived/sbin/keepalived -D
root 829 0.0 0.0 40848 1200 ? S 09:45 0:00 /usr/local/keepalived/sbin/keepalived -D
root 1101 0.0 0.0 112704 972 pts/0 S+ 09:46 0:00 grep --color=auto keepalived

  1. 添加开启启动:
    [root@localhost /]# echo "/usr/local/keepalived/sbin/keepalived -D" >> /etc/rc.d/rc.local
    [root@localhost /]# chmod +x /etc/rc.d/rc.local

测试:
Win7 ping 10.10.10.110 -t
将负载1网卡down掉10.10.10.110还能通
Win7 arp –a mac地址和负载1相同
将负载1网卡down掉 mac地址和负载2相同
至此HA测试成功

三、安装Haproxy

  1. 下载地址 http://pkgs.fedoraproject.org/repo/pkgs/haproxy/

  2. 下载最新版本hpproxy并将haproxy-1.8.13.tar.gz放在/usr/local/src/目录下,安装会用到pcre-devel bzip2-devel
    [root@localhost ~]# cd /usr/local/src/
    [root@localhost src]# tar -zxvf haproxy-1.8.13.tar.gz
    [root@localhost src]# cd haproxy-1.8.13
    [root@localhost haproxy-1.8.13]# make TARGET=linux2628
    [root@localhost haproxy-1.8.13]# make install
    [root@localhost haproxy-1.8.13]# mkdir /etc/haproxy
    [root@localhost haproxy-1.8.13]# mkdir /usr/local/haproxy
    [root@localhost haproxy-1.8.13]# groupadd haproxy
    [root@localhost haproxy-1.8.13]# useradd -s /sbin/nologin -M -g haproxy haproxy
    [root@localhost haproxy-1.8.13]# id haproxy
    uid=1000(haproxy) gid=1000(haproxy) groups=1000(haproxy)

3.添加配置文件(主备配置相同)
[root@localhost haproxy-1.8.13]# vim /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local0 info
#log 127.0.0.1 local3
#log 127.0.0.1 local1 notice
#log loghost local0 info
maxconn 4096
chroot /usr/local/haproxy
uid 99
gid 99
daemon
nbproc 2
pidfile /var/run/haproxy.pid
#debug
#quiet

defaults
#log global
log 127.0.0.1 local3
mode http
option httplog
option dontlognull
option forwardfor
option httpclose
retries 3
option redispatch
maxconn 5000
contimeout 20000
clitimeout 80000
srvtimeout 80000
stats uri /haproxy-admin
stats auth admin:(管理界面的密码)
stats hide-version

frontend http-in
bind *:80
mode http
option httplog
log global
default_backend (自定义名称)

backend (自定义名称)
balance roundrobin
cookie SESSION_COOKIE insert indirect nocache
option httpchk HEAD /loginkey.aspx HTTP/1.0
server 名称01 10.10.10.20:80 cookie 名称1 weight 5 check inter 2000 rise 2 fall 3
server 名称02 10.10.10.30:80 cookie 名称2 weight 3 check inter 2000 rise 2 fall 3

4.添加开机启动
[root@localhost examples]# cp /usr/local/src/haproxy-1.8.13/examples/haproxy.init /etc/init.d/haproxy
[root@localhost examples]# chmod 755 /etc/init.d/haproxy
[root@localhost examples]# chkconfig --add haproxy
[root@localhost examples]# ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy
[root@localhost examples]# service haproxy start
Starting haproxy (via systemctl): [ OK ]
[root@localhost examples]# chkconfig haproxy on
[root@localhost examples]# netstat -anpt | grep haproxy
tcp 0 0 0.0.0.0:80 0.0.0.0: LISTEN 6836/haproxy
tcp 0 1 10.10.10.111:60196
...:80 SYN_SENT 6836/haproxy
tcp 0 1 10.10.10.111:60198
...*:80 SYN_SENT 6837/haproxy


新闻名称:centos7+keepalive+haproxy
URL分享:http://scyanting.com/article/pdpoos.html