搭建 CentOS 6 服务器(15)
搭建 CentOS 6 服务器(15) - Keepalived、HAProxy、LVS博客分类:
[*]Linux
(一)Keepalived
(1)安装
Shell代码
[*]# cd /usr/local/src
[*]# wget http://www.keepalived.org/software/keepalived-1.2.15.tar.gz
[*]# tar zxvf keepalived-1.2.15.tar.gz
[*]# cd keepalived-1.2.15
[*]# ./configure
[*]# make && make install
(2)配置
Shell代码
[*]# cp /usr/local/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
[*]# cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
[*]# mkdir /etc/keepalived
[*]# cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
[*]# cp /usr/local/sbin/keepalived /usr/sbin/
[*]# mv /etc/keepalived/keepalived.cfg /etc/keepalived/keepalived.cfg.org
[*]# vi /etc/keepalived/keepalived.conf
[*] ! Configuration File for keepalived
[*]
[*] global_defs {
[*] notification_email {
[*] cluster-admin@example.org
[*] }
[*] notification_email_from noreply@example.org
[*] smtp_server smtp.example.org
[*] smtp_connect_timeout 30
[*] router_id act
[*] }
[*]
[*] include haproxy_servers.conf#设置HAProxy
[*] include lvs_*_servers.conf #设置LVS
[*]# /etc/init.d/keepalived start
(二)HAProxy
(1)安装
Shell代码
[*]# cd /usr/local/src
[*]# wget http://www.haproxy.org/download/1.5/src/haproxy-1.5.11.tar.gz
[*]# tar zxvf haproxy-1.5.11.tar.gz
[*]# cd haproxy-1.5.11
[*]# make TARGET=linux2628 CPU=x86_64 USE_OPENSSL=1 USE_ZLIB=1 USE_PCRE=1
[*]# make install
(2)添加用户
Shell代码
[*]# useradd -s /usr/sbin/nologin -r haproxy
(3)SSL证书
Shell代码
[*]# mkdir -p /etc/rensn/certs
[*]# openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/rensn/certs/haproxy.pem -out /etc/rensn/certs/haproxy.pem -days 365
[*]# cd /etc/rensn/certs
[*]# chmod 600 haproxy.pem
(4)配置
Shell代码
[*]# cp /usr/local/sbin/haproxy* /usr/sbin/
[*]# cp /usr/local/src/haproxy-1.5.11/examples/haproxy.init /etc/init.d/haproxy
[*]# chmod +x /etc/init.d/haproxy
[*]# mkdir -p /etc/haproxy
[*]# cp /usr/local/src/haproxy-1.5.11/examples/examples.cfg /etc/haproxy/haproxy.cfg
[*]# mkdir -p /var/lib/haproxy
[*]# touch /var/lib/haproxy/stats
[*]# vi /etc/haproxy/haproxy.cfg
[*] global
[*] # 设置日志
[*] log 127.0.0.1 local2 info
[*] chroot /var/lib/haproxy
[*] pidfile /var/run/haproxy.pid
[*] # 最大链接数
[*] maxconn 256
[*] # 运行的用户
[*] user haproxy
[*] group haproxy
[*] # 启动服务
[*] daemon
[*] # 最大SSL链接数
[*] maxsslconn 256
[*] # Diffie-Hellman
[*] tune.ssl.default-dh-param 2048
[*] # 运行HAProxy的线程数(建议为1)
[*] nbproc1
[*]
[*] defaults
[*] # Layer4负载均衡
[*] mode tcp
[*] # 日志设置继承global
[*] log global
[*] # 获取HTTP请求日志
[*] option httplog
[*] # 后端未响应的超时时间
[*] timeout connect 10s
[*] # 后端的超时时间
[*] timeout client 30s
[*] # 服务器超时时间
[*] timeout server 30s
[*]
[*] # 前端定义 ( http-in 为任意字符 )
[*] frontend http-in
[*] # 监听80端口
[*] bind *:80
[*] # 默认的后端定义
[*] default_backend backend_servers
[*] # 传递X-Forwarded-For
[*] option forwardfor
[*] # 监听443端口
[*] bind *:443 ssl crt /etc/rensn/certs/haproxy.pem
[*]
[*] # 后端定义
[*] backend backend_servers
[*] # 负载均衡方式
[*] balance roundrobin
[*] # 后端服务器的定义
[*] server www01 192.168.21.100:80 check
[*] server www02 192.168.21.110:80 check
[*] server www02 192.168.21.120:80 check disabled
[*]# service haproxy start
(5)keepalived设置
Shell代码
[*]# vi /etc/keepalived/haproxy_servers.conf
[*] vrrp_script chk_haproxy {
[*] script "killall -0 haproxy" # verify the pid existance
[*] interval 2 # check every 2 seconds
[*] weight 2 # add 2 points of prio if OK
[*] }
[*]
[*] vrrp_instance VI_1 {
[*] state MASTER # MASTER on master, BACKUP on backup
[*] interface eth1 # interface to monitor
[*] virtual_router_id 51 # Assign one ID for this route (tcpdump vrrp)
[*] priority 101 # 101 on master, 100 on backup
[*] virtual_ipaddress {
[*] 192.168.21.100 # the virtual IP
[*] }
[*] track_script {
[*] chk_haproxy
[*] }
[*] }
[*]# /etc/init.d/keepalived restart
(三)LVS
(1)安装
Linux内核里已经包含了ip_vs模块,只需要安装管理工具
Shell代码
[*]# yum -y install ipvsadm
(2)网络设置
Shell代码
[*]# vi /etc/sysctl.conf
[*] net.ipv4.ip_forward = 1
[*] net.ipv4.conf.default.rp_filter = 0
[*]# sysctl -p
[*]# cat /proc/sys/net/ipv4/ip_forward
[*] 1
[*]# sevice network restart
(3)LB设置
Shell代码
[*]# ipvsadm -C
[*]# ipvsadm -A -t 192.168.21.100:80
[*]# ipvsadm -ln
[*]# service ipvsadm save
(4)keepalived设置
Shell代码
[*]# vi /etc/keepalived/lvs_http_servers.conf
[*] virtual_server <lvs_srv_ip> 80 {
[*] delay_loop 20
[*] lvs_sched lc
[*] lvs_method NAT
[*] protocol TCP
[*]
[*] real_server<web1_srv_ip> 80 {
[*] weight 1
[*] inhibit_on_failure
[*] HTTP_GET {
[*] url {
[*] path /
[*] status_code 200
[*] }
[*] connect_timeout 5
[*] nb_get_retry 3
[*] delay_before_retry 20
[*] }
[*] }
[*] real_server<web2_srv_ip> 80 {
[*] weight 1
[*] inhibit_on_failure
[*] HTTP_GET {
[*] url {
[*] path /
[*] status_code 200
[*] }
[*] connect_timeout 5
[*] nb_get_retry 3
[*] delay_before_retry 20
[*] }
[*] }
[*]# /etc/init.d/keepalived restart
页:
[1]