搭建 CentOS 6 服务器(13)

师傅你而

（一）Keepalived
（1）安装
# cd /usr/local/src
# wget http://www.keepalived.org/software/keepalived-1.2.15.tar.gz
# tar zxvf keepalived-1.2.15.tar.gz
# cd keepalived-1.2.15
# ./configure
# make && make install

（2）配置
# cp /usr/local/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
# cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
# mkdir /etc/keepalived
# cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
# cp /usr/local/sbin/keepalived /usr/sbin/
# mv /etc/keepalived/keepalived.cfg /etc/keepalived/keepalived.cfg.org
# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
cluster-admin@example.org
}
notification_email_from noreply@example.org
smtp_server smtp.example.org
smtp_connect_timeout 30
router_id act
}
include haproxy_servers.conf  #设置HAProxy
include lvs_*_servers.conf      #设置LVS
# /etc/init.d/keepalived start

（二）HAProxy
（1）安装
# cd /usr/local/src
# wget http://www.haproxy.org/download/1.5/src/haproxy-1.5.11.tar.gz
# tar zxvf haproxy-1.5.11.tar.gz
# cd haproxy-1.5.11
# make TARGET=linux2628 CPU=x86_64 USE_OPENSSL=1 USE_ZLIB=1 USE_PCRE=1
# make install

（2）添加用户
# useradd -s /usr/sbin/nologin -r haproxy

（3）SSL证书
# mkdir -p /etc/rensn/certs
# openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/rensn/certs/haproxy.pem -out /etc/rensn/certs/haproxy.pem -days 365
# cd /etc/rensn/certs
# chmod 600 haproxy.pem

（4）配置
# cp /usr/local/sbin/haproxy* /usr/sbin/
# cp /usr/local/src/haproxy-1.5.11/examples/haproxy.init /etc/init.d/haproxy
# chmod +x /etc/init.d/haproxy
# mkdir -p /etc/haproxy
# cp /usr/local/src/haproxy-1.5.11/examples/examples.cfg /etc/haproxy/haproxy.cfg
# mkdir -p /var/lib/haproxy
# touch /var/lib/haproxy/stats
# vi /etc/haproxy/haproxy.cfg
global
# 设置日志
log         127.0.0.1 local2 info
chroot    /var/lib/haproxy
pidfile     /var/run/haproxy.pid
# 最大链接数
maxconn     256
# 运行的用户
user        haproxy
group       haproxy
# 启动服务
daemon
# 最大SSL链接数
maxsslconn     256
# Diffie-Hellman
tune.ssl.default-dh-param 2048
# 运行HAProxy的线程数（建议为1）
nbproc  1
defaults
# Layer4负载均衡
mode              tcp
# 日志设置继承global
log                global
# 获取HTTP请求日志
option             httplog
# 后端未响应的超时时间
timeout connect    10s
# 后端的超时时间
timeout client     30s
# 服务器超时时间
timeout server     30s
# 前端定义 ( http-in 为任意字符 )
frontend http-in
# 监听80端口
bind *:80
# 默认的后端定义
default_backend    backend_servers
# 传递X-Forwarded-For
option             forwardfor
# 监听443端口
bind *:443 ssl crt /etc/rensn/certs/haproxy.pem
# 后端定义
backend backend_servers
# 负载均衡方式
balance            roundrobin
# 后端服务器的定义
server             www01 192.168.21.100:80 check
server             www02 192.168.21.110:80 check
server             www02 192.168.21.120:80 check disabled
# service haproxy start

（5）keepalived设置
# vi /etc/keepalived/haproxy_servers.conf
vrrp_script chk_haproxy {
script "killall -0 haproxy"   # verify the pid existance
interval 2                    # check every 2 seconds
weight 2                      # add 2 points of prio if OK
}
vrrp_instance VI_1 {
state MASTER              # MASTER on master, BACKUP on backup
interface eth1                # interface to monitor
virtual_router_id 51          # Assign one ID for this route (tcpdump vrrp)
priority 101                  # 101 on master, 100 on backup
virtual_ipaddress {
192.168.21.100            # the virtual IP
}
track_script {
chk_haproxy
}
}
# /etc/init.d/keepalived restart

（三）LVS
（1）安装
Linux内核里已经包含了ip_vs模块，只需要安装管理工具
# yum -y install ipvsadm

（2）网络设置
# vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
# sysctl -p
# cat /proc/sys/net/ipv4/ip_forward
1
# sevice network restart

（3）LB设置
# ipvsadm -C
# ipvsadm -A -t 192.168.21.100:80
# ipvsadm -ln
# service ipvsadm save

（4）keepalived设置
# vi /etc/keepalived/lvs_http_servers.conf
virtual_server <lvs_srv_ip> 80 {
delay_loop   20
lvs_sched    lc
lvs_method   NAT
protocol     TCP
real_server  <web1_srv_ip> 80 {
weight 1
inhibit_on_failure
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 5
nb_get_retry 3
delay_before_retry 20
}
}
real_server  <web2_srv_ip> 80 {
weight 1
inhibit_on_failure
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 5
nb_get_retry 3
delay_before_retry 20
}
}
# /etc/init.d/keepalived restart