实验前提: 1、本次实验实验的是RHEL6.4(64bit)的系统 2、确保每台服务器时间同步 3、本次实验共有4台服务器,其相关的地址为: haproxy1:192.168.108.230 haproxy2:192.168.108.231 web1:192.168.108.199 web2:192.168.108.201 VIP:192.168.108.111 实验拓扑结构为:
一、编译安装keepalived 1、在两台haproxy(1和2上)上编译安装keepalived # tar xf keepalived-1.2.13.tar.gz # cd keepalived-1.2.13 # ./configure –prefix=/ # make && make install # chkconfig --add keepalived # chkconfig keepalived on 2、在haproxy1修改配置文件/etc/keepalived/keepalived.conf内容为如下: ! Configuration File for keepalived global_defs { notification_email { xsl@localhost } notification_email_from root@localhost smtp_server 127.0.0.1 smtp_connect_timeout 120 router_id haproxy1 } vrrp_instance web { state MASTER #haproxy1这台服务器为MASTER interface eth0 virtual_router_id 200 priority 100 #优先级为100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.108.111 #虚拟ip地址为192.168.108.111 } } 3、将haproxy1上的配置文件/etc/keepalived/keepalived.conf复制给haproxy2 # scp /etc/keepalived/keepalived.conf 192.168.108.231:/etc/keepalived/ 复制完成后,还需要在haproxy2修改这个配置文件的如下参数: router_id haproxy2 state BACKUP priority 90 4、修改完成后再haproxy1和haproxy2启动keepalived服务 # service keepalived start 5、观察haproxy上是否有VIP地址 # ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:5f:a5:e3 brd ff:ff:ff:ff:ff:ff inet 192.168.108.230/24 brd 192.168.108.255 scope global eth0 inet 192.168.108.111/32 scope global eth0 #VIP地址已经有了 inet6 fe80::20c:29ff:fe5f:a5e3/64 scope link valid_lft forever preferred_lft forever 至此,keepalived的核心配置已经完成了。 二、配置安装haproxy 由于在RHEL6.4系统平台上自带了haproxy的RPM包。因此,在这里我就使用RPM包的方式来安装haproxy。 说明:以下步骤需要在两台服务器都完成的 1、安装haproxy软件包 # yum –y install haproxy # chkconfig haproxy on 2、修改器配置文件/etc/haproxy/haproxy.cfg为如下内容: global log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon # turn on stats unix socket stats socket /var/lib/haproxy/stats defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 frontend healthcheck bind 192.168.108.111:80 mode http option httpclose option forwardfor default_backend webserver backend webserver balance roundrobin server web1 192.168.108.199:80 inter 1000 rise 1 fall 2 check maxconn 2000 server web2 192.168.108.201:80 inter 1000 rise 1 fall 2 check maxconn 2000 3、添加日志文件 编辑/etc/sysconfig/rsyslog,修改SYSLOGD_OPTIONS="-c 5"为SYSLOGD_OPTIONS="-c 2" 然后再编辑/etc/rsyslog.conf,添加如下行信息: local2.* /var/log/haproxy.log 最后,重启2台服务器上的rsyslog服务 # service rsyslog restart 三、配置安装后端web服务器 说明:以下步骤需要在两台web服务器上都完成 1、安装httpd # yum –y install httpd 2、修改站点根目录下的默认文件index.html的内容为如下: hello <h1>web1</h1> My ip is 192.168.108.199 注意:这是web1上的index.html文件的内容 hello <h1>web2</h1> My ip is 192.168.108.201 注意:这是web2上的index.html文件的内容 四、测试 说明:在测试时,请关闭所有服务器上的防火墙(执行iptables –F即可)和关闭selinux(执行getenforce 0即可) 在浏览器上输入:http://192.168.108.111/,显示结果如下: 然后再执行刷新操作,显示结果如下: 默认haproxy采用的调度算法为加权轮调,因此,客户端的请求会均分的发送给后端的服务器进行处理。 五、为haproxy提供基于web界面的统计报告功能 需要在两台haproxy服务器的配置文件添加如下信息: listen stats mode http bind 0.0.0.0:8080 stats enable stats hide-version stats uri /haproxyadmin?stats #访问时指定的uri stats realm "hello\ haproxy" stats auth xsl:xsl stats admin if TRUE 然后创建用户xsl # useradd xsl # passwd xsl 测试,访问http://192.168.108.111:8080/ haproxyadmin?stats,显示结果如下:
通过以上步骤,基于keepalived+haproxy实现httpd的高可用服务已经成功实现 六、通过检测脚本来实现MASTER/BACKUP的切换(可选部分) 需要在两台haproxy服务器上编辑/etc/keepalived/keepalived.conf,添加如下内容: vrrp_script chk_haproxy { “[[ -f /etc/keepalived/down ]] && exit 1 || exit 0” interval 2 表示每隔2秒检测一次 weight 20 如果/etc/keepalived/down文件存在,则这台服务器的优先级降低20 fall 2 如果检测2次该服务器都不在是MASTER的话,则认为该服务器不在是MASTER rise 1 如果检测到一次该服务器成为MASTER,则认为该服务器成为MASTER } track_script { #这一段的配置需要配置在实例中 chk_haproxy } 测试,在作为MASTER的服务器上(此处为haproxy1)创建文件/etc/keepalived/down,观察VIP是否飘移到haproxy上了。 # touch /etc/keepalived/down # ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:5f:a5:e3 brd ff:ff:ff:ff:ff:ff inet 192.168.108.230/24 brd 192.168.108.255 scope global eth0 inet6 fe80::20c:29ff:fe5f:a5e3/64 scope link valid_lft forever preferred_lft forever 上述结果可以看出,VIP已经不在haproxy1上了,此时haproxy不在作为MASTER服务器。 在haproxy2上观察是否有VIP,需要执行如下命令即可观察VIP是否已经存在: # ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:70:89:f4 brd ff:ff:ff:ff:ff:ff inet 192.168.108.231/24 brd 192.168.108.255 scope global eth0 inet 192.168.108.111/32 scope global eth0 inet6 fe80::20c:29ff:fe70:89f4/64 scope link valid_lft forever preferred_lft forever 由此可以看出,haproxy2上已经有了VIP,此时haproxy将作为MASTER服务器来接受和转发请求。 通过上述步骤,就可以实现手动完成MASTER/BACKUP的切换了,这样就不需要使用停止keepalived服务的方式来进行切换。
|