haproxy+keepalived配置
一、环境系统:CentOS 6.4x64最小化安装
ha-keep-m:192.168.3.15
ha-keep-s:192.168.3.22
httpd-16:192.168.3.16
httpd-17:192.168.3.17
VIP:192.168.3.28
二、在ha-keep-m和ha-keep-s上安装haproxy
1
2
3
4
5
6
7
8
# rpm -ivh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
Retrieving http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
warning: /var/tmp/rpm-tmp.9Aawka: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
Preparing... ###########################################
1:epel-release ###########################################
# sed -i 's@#b@b@g' /etc/yum.repos.d/epel.repo
# sed-i 's@mirrorlist@#mirrorlist@g' /etc/yum.repos.d/epel.repo
# yum install haproxy -y
配置haproxy的日志编辑文件/etc/sysconfig/rsyslog
1
2
3
4
5
6
# cat /etc/sysconfig/rsyslog
# Options for rsyslogd
# Syslogd options are deprecated since rsyslog v3.
# If you want to use them, switch to compatibility mode 2 by "-c 2"
# See rsyslogd(8) for more details
SYSLOGD_OPTIONS="-c 2"
增加日志设备
1
2
3
4
5
# grep haproxy.log /etc/rsyslog.conf
local2.* /var/log/haproxy.log
# service rsyslog restart
Shutting down system logger:
Starting system logger:
haproxy配置文件内容如下
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
# cat /etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# Example configuration for a possible web application.See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events.This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend http
bind *:80
mode http
log global
option logasap
#option forwardfor
option dontlognull
option forwardfor except 127.0.0.0/8
capture request header Host len 20
capture request header Referer len 20
default_backend web
frontend healthcheck
bind :1099
mode http
option httpclose
#option forwardfor
default_backend web
backend web
balance roundrobin
server web16 192.168.3.16:80 check maxconn 2000
server web17 192.168.3.17:80 check maxconn 2000
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
将配置文件复制到ha-keep-s上,然后启动haproxy服务
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# service haproxy start
Starting haproxy:
# netstat -anpt |grep haproxy
tcp 0 0 0.0.0.0:1099 0.0.0.0:* LISTEN 22340/haproxy
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 22340/haproxy
#开放80端口
# iptables -I INPUT -p tcp --dport 80 -j ACCEPT
# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:
#测试
# curl http://192.168.3.22
httpd-17
# curl http://192.168.3.22
httpd-16
# curl http://192.168.3.22
httpd-17
# curl http://192.168.3.22
httpd-16
# curl http://192.168.3.15
httpd-17
# curl http://192.168.3.15
httpd-16
# curl http://192.168.3.15
httpd-17
# curl http://192.168.3.15
httpd-16
#以上结果显示2台haproxy都能正常代理后端的web server
三、在ha-keep-m和ha-keep-s上安装keepalived,安装过程相同,这里只给出ha-keep-m的操作过程
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# yum install openssl openssl-devel -y
# wget http://www.keepalived.org/software/keepalived-1.2.13.tar.gz
# tar xf keepalived-1.2.13.tar.gz
# cd keepalived-1.2.13
# ./configure
# make && make install
#将keepalived配置成开机启动
# cp /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/
# cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
# mkdir/etc/keepalived
# ln -s /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
# ln -s /usr/local/sbin/keepalived/usr/sbin/
#备份keepalived.conf文件
# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
#keepalived配置文件内容如下
# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
lyao@weyee.com #配置管理员邮箱
}
notification_email_from root #配置发件人
smtp_server 127.0.0.1 #配置邮件服务器
smtp_connect_timeout 30
router_id haproxy-m
}
vrrp_script check_haproxy {
script "/etc/keepalived/check_haproxy.sh" #定义haproxy状态检查脚本
intervar 1
weight -5
fail 2
rise 1
}
vrrp_instance VI_1 {
state MASTER #配置模式
interface eth0
virtual_router_id 99
priority 101 #配置优先级
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.3.28 #配置虚拟IP地址
}
notify_master /etc/keepalived/to_master.sh #这里指定的是切换成master状态时要执行的通知脚本
notify_backup /etc/keepalived/to_backup.sh #这里指定的是切换成backup状态时要执行的通知脚本
notify_fault /etc/keepalived/to_fault.sh #这里指定的是切换成fault状态时要执行的通知脚本
track_script {
check_haproxy
}
}
编写check_haproxy,to_master.sh,to_backup.sh,to_fault.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
#haproxy的检查脚本
# cat /etc/keepalived/check_haproxy.sh
A=`ps -C haproxy --no-header |wc -l`
if [ $A -eq 0 ]; then
/etc/init.d/haproxystart
sleep 2
if [ `ps -C haproxy --no-header |wc -l` -eq 0 ]; then
/etc/init.d/keepalived stop
fi
fi
# chmod +x /etc/keepalived/check_haproxy.sh
#to_master.sh脚本内容,当服务器改变为主时执行此脚本
# cat /etc/keepalived/to_master.sh
#!/bin/bash
Date=$(date +%F" "%T)
IP=$(ifconfig eth0 |grep "inet addr" |cut -d":" -f2 |awk '{print $1}')
Mail="lyao@weyee.com" #这里的邮箱地址根据自己的需要更改
echo "$Date`hostname`:$IP change to Master." |mail -s "Master-Backup Change Status" $Mail
# chmod +x /etc/keepalived/to_master.sh
#to_backup.sh脚本内容,当服务器改变为备时执行此脚本
# cat /etc/keepalived/to_backup.sh
#!/bin/bash
Date=$(date +%F" "%T)
IP=$(ifconfig eth0 |grep "inet addr" |cut -d":" -f2 |awk '{print $1}')
Mail="lyao@weyee.com"
echo "$Date`hostname`:$IP change to Backup." |mail -s "Master-Backup Change Status" $Mail
# chmod +x /etc/keepalived/to_backup.sh
#to_fault.sh脚本内容,当服务器改变为故障时执行此脚本
# cat /etc/keepalived/to_fault.sh
#!/bin/bash
Date=$(date +%F" "%T)
IP=$(ifconfig eth0 |grep "inet addr" |cut -d":" -f2 |awk '{print $1}')
Mail="lyao@weyee.com"
echo "$Date`hostname`:$IP change to Fault." |mail -s "Master-Backup Change Status" $Mail
# chmod +x /etc/keepalived/to_fault.sh
#启动keepalived服务
# service keepalived start
# ps aux |grep keepalived |grep -v grep
root 240680.00.039888 988 ? Ss 15:32 0:00 keepalived -D
root 240700.00.2440642188 ? S 15:32 0:00 keepalived -D
root 240710.00.1440641564 ? S 15:32 0:00 keepalived -D
#在iptables中对vrrp协议进行放行
# iptables -I INPUT -p vrrp -j ACCEPT
# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT 112--0.0.0.0/0 0.0.0.0/0
ACCEPT tcp--0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT all--0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp --0.0.0.0/0 0.0.0.0/0
ACCEPT all--0.0.0.0/0 0.0.0.0/0
ACCEPT tcp--0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
REJECT all--0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all--0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
#测试访问http://192.168.3.28能够正常访问后端服务器
# curl http://192.168.3.28
httpd-17
# curl http://192.168.3.28
httpd-16
# curl http://192.168.3.28
httpd-17
# curl http://192.168.3.28
httpd-16
# curl http://192.168.3.28
httpd-17
ha-keep-s的keepalived.conf文件内容如下
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
lyao@weyee.com #配置管理员邮箱
}
notification_email_from root #配置发件人
smtp_server 127.0.0.1 #配置邮件服务器
smtp_connect_timeout 30
router_id haproxy-s #用来标识主机
}
vrrp_script check_haproxy {
script "/etc/keepalived/check_haproxy.sh"
intervar 1
weight -5
fail 2
rise 1
}
vrrp_instance VI_1 {
state BACKUP #配置模式,修改这里
interface eth0
virtual_router_id 99
priority 90 #配置优先级
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.3.28 #配置虚拟IP地址
}
notify_master /etc/keepalived/to_master.sh #这里指定的是切换成master状态时要执行的通知脚本
notify_backup /etc/keepalived/to_backup.sh #这里指定的是切换成backup状态时要执行的通知脚本
notify_fault /etc/keepalived/to_fault.sh #这里指定的是切换成fault状态时要执行的通知脚本
track_script {
check_haproxy
}
}
#启动keepalived
# service keepalived start
Starting keepalived:
#放行vrrp协议
# iptables -I INPUT -p vrrp -j ACCEPT
# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:
2台keepalived都启动后,查看VIP情况
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
#在ha-keep-m上查看
# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:9a:39:42 brd ff:ff:ff:ff:ff:ff
inet 192.168.3.15/24 brd 192.168.3.255 scope global eth0
inet 192.168.3.28/32 scope global eth0
inet6 fe80::20c:29ff:fe9a:3942/64 scope link
valid_lft forever preferred_lft forever
#在ha-keep-s上查看
# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:d8:d9:a6 brd ff:ff:ff:ff:ff:ff
inet 192.168.3.22/24 brd 192.168.3.255 scope global eth0
inet6 fe80::20c:29ff:fed8:d9a6/64 scope link
valid_lft forever preferred_lft forever
#查看结果显示VIP正常
四、测试结果
通过curl进行测试
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
#这个时候VIP是在ha-keep-m上的
# curl http://192.168.3.28
httpd-16
# curl http://192.168.3.28
httpd-17
# curl http://192.168.3.28
httpd-16
# curl http://192.168.3.28
httpd-17
#我们将ha-keep-m上的haproxy停止掉,看VIP是否能正常漂移到ha-keep-s上
# service haproxy stop
Stopping haproxy:
#在ha-keep-s上查看VIP,显示VIP已成漂移过来
# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:d8:d9:a6 brd ff:ff:ff:ff:ff:ff
inet 192.168.3.22/24 brd 192.168.3.255 scope global eth0
inet 192.168.3.28/32 scope global eth0
inet6 fe80::20c:29ff:fed8:d9a6/64 scope link
valid_lft forever preferred_lft forever
测试访问http://192.168.3.28
1
2
3
4
5
6
7
8
# curl http://192.168.3.28
httpd-17
# curl http://192.168.3.28
httpd-16
# curl http://192.168.3.28
httpd-17
# curl http://192.168.3.28
httpd-16
访问结果一切正常,到此haproxy+keepalived配置完成
页:
[1]