设为首页 收藏本站
查看: 783|回复: 0

[经验分享] Haproxy+Keepalived高可用环境部署梳理(主主和主从模式)

[复制链接]

尚未签到

发表于 2018-12-31 06:21:05 | 显示全部楼层 |阅读模式
--------------------------------------------------------------------------------------------------------------------------  
关闭 SElinux、配置防火墙(Haproxy_Keepalived_Master 和 Haproxy_Keepalived_Backup两台机器都要操作)
  
[root@Haproxy_Keepalived_Master ~]# vim /etc/sysconfig/selinux
  
#SELINUX=enforcing                #注释掉
  
#SELINUXTYPE=targeted             #注释掉
  
SELINUX=disabled                  #增加
  

  
[root@Haproxy_Keepalived_Master ~]# setenforce 0      #临时关闭selinux。上面文件配置后,重启机器后就永久生效。
  

  
注意下面182.148.15.0/24是服务器的公网网段,192.168.1.0/24是服务器的私网网段
  
一定要注意:加上这个组播规则后,MASTER和BACKUP故障时,才能实现VIP资源的正常转移。其故障恢复后,VIP也还会正常转移回来。
  
[root@Haproxy_Keepalived_Master ~]# vim /etc/sysconfig/iptables
  
.......
  
-A INPUT -s 182.148.15.0/24 -d 224.0.0.18 -j ACCEPT      #允许组播地址通信。
  
-A INPUT -s 192.168.1.0/24 -d 224.0.0.18 -j ACCEPT
  
-A INPUT -s 182.148.15.0/24 -p vrrp -j ACCEPT            #允许 VRRP(虚拟路由器冗余协)通信
  
-A INPUT -s 192.168.1.0/24 -p vrrp -j ACCEPT
  
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
  

  
[root@Haproxy_Keepalived_Master ~]# /etc/init.d/iptables restart
  

  

  
----------------------------------------------------------------------------------------------------------------------
  
下载Haproxy地址:http://www.haproxy.org/download/1.6/src/
  

  
1)安装Haproxy(Haproxy_Keepalived_Master 和 Haproxy_Keepalived_Backup两台机器都要操作)  注意:安装之前,先执行yum install gcc gcc-c++ make openssl-devel kernel-devel
  
[root@Haproxy_Keepalived_Master src]# wget http://www.haproxy.org/download/1.6/src/haproxy-1.6.12.tar.gz
  
[root@Haproxy_Keepalived_Master src]# tar -zvxf haproxy-1.6.12.tar.gz
  
[root@Haproxy_Keepalived_Master src]# cd haproxy-1.6.12
  
[root@Haproxy_Keepalived_Master haproxy-1.6.12]# make TARGET=linux26 CPU=x86_64 PREFIX=/usr/local/haprpxy USE_OPENSSL=1 ADDLIB=-lz
  

  
参数说明:
  
TARGET=linux26      #使用 uname -r 查看内核,如:2.6.32-642.el6.x86_64,此时该参数就为linux26
  
CPU=x86_64          #使用 uname -r 查看系统信息,如 x86_64 GNU/Linux,此时该参数就为 x86_64
  
PREFIX=/usr/local/haprpxy      #haprpxy 安装路径
  

  
[root@Haproxy_Keepalived_Master haproxy-1.6.12]# ldd haproxy | grep ssl
  
  libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007f6f3d9b2000)
  
[root@Haproxy_Keepalived_Master haproxy-1.6.12]# make install PREFIX=/usr/local/haproxy
  

  
[root@Haproxy_Keepalived_Master haproxy-1.6.12]# mkdir -p /usr/local/haproxy/conf
  
[root@Haproxy_Keepalived_Master haproxy-1.6.12]# mkdir -p /etc/haproxy
  
[root@Haproxy_Keepalived_Master haproxy-1.6.12]# cp /usr/local/src/haproxy-1.6.12/examples/option-http_proxy.cfg /usr/local/haproxy/conf/haproxy.cfg
  
[root@Haproxy_Keepalived_Master haproxy-1.6.12]# ln -s /usr/local/haproxy/conf/haproxy.cfg /etc/haproxy/haproxy.cfg
  
[root@Haproxy_Keepalived_Master haproxy-1.6.12]# cp -r /usr/local/src/haproxy-1.6.12/examples/errorfiles  /usr/local/haproxy/errorfiles
  
[root@Haproxy_Keepalived_Master haproxy-1.6.12]# ln -s /usr/local/haproxy/errorfiles /etc/haproxy/errorfiles
  
[root@Haproxy_Keepalived_Master haproxy-1.6.12]# mkdir -p /usr/local/haproxy/log
  
[root@Haproxy_Keepalived_Master haproxy-1.6.12]# touch /usr/local/haproxy/log/haproxy.log
  
[root@Haproxy_Keepalived_Master haproxy-1.6.12]# ln -s /usr/local/haproxy/log/haproxy.log /var/log/haproxy.log
  
[root@Haproxy_Keepalived_Master haproxy-1.6.12]# cp /usr/local/src/haproxy-1.6.12/examples/haproxy.init /etc/rc.d/init.d/haproxy
  
[root@Haproxy_Keepalived_Master haproxy-1.6.12]# chmod +x /etc/rc.d/init.d/haproxy
  
[root@Haproxy_Keepalived_Master haproxy-1.6.12]# chkconfig haproxy on
  
[root@Haproxy_Keepalived_Master haproxy-1.6.12]# ln -s /usr/local/haproxy/sbin/haproxy /usr/sbin
  

  
2)配置 haproxy.cfg 参数(Haproxy_Keepalived_Master 和 Haproxy_Keepalived_Backup两台机器都要操作)
  
[root@Haproxy_Keepalived_Master ~]# cp /usr/local/haproxy/conf/haproxy.cfg /usr/local/haproxy/conf/haproxy.cfg.bak
  
[root@Haproxy_Keepalived_Master ~]# vim /usr/local/haproxy/conf/haproxy.cfg
  
global
  
   log 127.0.0.1 local3 info         #在本机记录日志
  
   maxconn 65535                     #每个进程可用的最大连接数
  
   chroot /usr/local/haproxy         #haproxy 安装目录
  
   uid 99                            #运行haproxy的用户uid(cat /etc/passwd 查看,这里是nobody的uid)
  
   gid 99                            #运行haproxy的用户组id(cat /etc/passwd 查看,这里是nobody组id)
  
   daemon                            #以后台守护进程运行
  

  
defaults
  
   log global
  
   mode http                         #运行模式 tcp、 http、 health
  
   retries 3                         #三次连接失败,则判断服务不可用
  
   option redispatch                 #如果后端有服务器宕机,强制切换到正常服务器
  
   stats uri /haproxy                #统计页面 URL 路径
  
   stats refresh 30s                 #统计页面自动刷新时间
  
   stats realm haproxy-status        #统计页面输入密码框提示信息
  
   stats auth admin:dxInCtFianKtL]36   #统计页面用户名和密码
  
   stats hide-version                 #隐藏统计页面上 HAProxy 版本信息
  
   maxconn 65535                     #每个进程可用的最大连接数
  
   timeout connect 5000              #连接超时
  
   timeout client 50000              #客户端超时
  
   timeout server 50000              #服务器端超时
  

  
frontend http-in                     #自定义描述信息
  
   mode http                         #运行模式 tcp、 http、 health
  
   maxconn 65535                     #每个进程可用的最大连接数
  
   bind :80                          #监听 80 端口
  
   log global
  
   option httplog
  
   option httpclose                  #每次请求完毕后主动关闭 http 通道
  
   acl is_a hdr_beg(host) -i www.wangshibo.com        #规则设置,-i 后面是要访问的域名
  
   acl is_b hdr_beg(host) -i www.guohuihui.com        #如果多个域名,就写多个规则,一规则对应一个域名;即后面有多个域名,就写 is_c、 is-d….,这个名字可以随意起。但要与下面的use_backend 对应
  
   use_backend web-server if is_a    #如果访问 is_a 设置的域名,就负载均衡到下面backend 设置的对应 web-server 上。web-server所负载的域名要都部署到下面的web01和web02上。如果是不同的域名部署到不同的机器上,就定义不同的web-server。
  
   use_backend web-server if is_b
  

  
backend web-server
  
   mode http
  
   balance roundrobin                #设置负载均衡模式,source 保存 session 值,roundrobin 轮询模式
  
   cookie SERVERID insert indirect nocache
  
   option httpclose
  
   option forwardfor
  
   server web01 182.148.15.233:80 weight 1 cookie 3 check inter 2000 rise 2 fall 5
  
   server web02 182.148.15.238:80 weight 1 cookie 4 check inter 2000 rise 2 fall 5
  

  
注意参数解释:inter 2000 心跳检测时间;rise 2 三次连接成功,表示服务器正常;fall 5 三次连接失败,表示服务器异常; weight 1 权重设置
  

  

  
3)启动haproxy(Haproxy_Keepalived_Master 和 Haproxy_Keepalived_Backup两台机器都要操作)
  
[root@Haproxy_Keepalived_Master ~]# service haproxy start    #启动
  
[root@Haproxy_Keepalived_Master ~]# service haproxy stop     #关闭
  
[root@Haproxy_Keepalived_Master ~]# service haproxy restart  #重启
  
[root@Haproxy_Keepalived_Master ~]# service haproxy status   #查看服务状态
  

  
4)设置HAProxy日志(Haproxy_Keepalived_Master 和 Haproxy_Keepalived_Backup两台机器都要操作)
  
[root@Haproxy_Keepalived_Master ~]# vim /etc/rsyslog.conf
  
.......
  
$ModLoad imudp                       #取消注释 ,这一行不注释,日志就不会写
  
$UDPServerRun 514                    #取消注释 ,这一行不注释,日志就不会写
  
.......
  
local0.*                                                /var/log/haproxy.log      #这一行可以没有,可以不用写
  
local3.*                                                /var/log/haproxy.log      #这一行必须要写
  

  
[root@Haproxy_Keepalived_Master ~]# vim /etc/sysconfig/rsyslog
  
SYSLOGD_OPTIONS="-r -m 0"           #接收远程服务器日志
  

  
[root@Haproxy_Keepalived_Master ~]# service rsyslog restart
  

  

  
-------------------------------------------------------------------------------------------------------------------------
  

  
1)安装Keepalived(Haproxy_Keepalived_Master 和 Haproxy_Keepalived_Backup两台机器都要操作)
  
[root@Haproxy_keepalived_Master ~]# yum install -y openssl-devel
  
[root@Haproxy_keepalived_Master ~]# cd /usr/local/src/
  
[root@Haproxy_keepalived_Master src]# wget http://www.keepalived.org/software/keepalived-1.3.5.tar.gz
  
[root@Haproxy_keepalived_Master src]# tar -zvxf keepalived-1.3.5.tar.gz
  
[root@Haproxy_keepalived_Master src]# cd keepalived-1.3.5
  
[root@Haproxy_keepalived_Master keepalived-1.3.5]# ./configure --prefix=/usr/local/keepalived
  
[root@Haproxy_keepalived_Master keepalived-1.3.5]# make && make install
  

  
[root@Haproxy_keepalived_Master keepalived-1.3.5]# cp /usr/local/src/keepalived-1.3.5/keepalived/etc/init.d/keepalived /etc/rc.d/init.d/
  
[root@Haproxy_keepalived_Master keepalived-1.3.5]# cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
  
[root@Haproxy_keepalived_Master keepalived-1.3.5]# mkdir /etc/keepalived/
  
[root@Haproxy_keepalived_Master keepalived-1.3.5]# cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
  
[root@Haproxy_keepalived_Master keepalived-1.3.5]# cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
  
[root@Haproxy_keepalived_Master keepalived-1.3.5]# echo "/etc/init.d/keepalived start" >> /etc/rc.local
  

  
[root@Haproxy_keepalived_Master keepalived-1.3.5]# chmod +x /etc/rc.d/init.d/keepalived      #添加执行权限
  
[root@Haproxy_keepalived_Master keepalived-1.3.5]# chkconfig keepalived on                   #设置开机启动
  
[root@Haproxy_keepalived_Master keepalived-1.3.5]# service keepalived start                   #启动
  
[root@Haproxy_keepalived_Master keepalived-1.3.5]# service keepalived stop                    #关闭
  
[root@Haproxy_keepalived_Master keepalived-1.3.5]# service keepalived restart                 #重启
  

  
2)Haproxy_Keepalived_Master服务器上的Keepalived配置如下:
  
[root@Haproxy_Keepalived_Master ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf-bak
  
[root@Haproxy_Keepalived_Master ~]# vim /etc/keepalived/keepalived.conf
  
! Configuration File for keepalived
  
global_defs {
  
  notification_email {
  
    root@localhost
  
    }
  

  
notification_email_from keepalived@localhost
  
smtp_server 127.0.0.1
  
smtp_connect_timeout 30
  
router_id HAproxy237
  
}
  

  
vrrp_script chk_haproxy {                                   #HAproxy 服务监控脚本
  
  script "/etc/keepalived/check_haproxy.sh"
  
  interval 2
  
  weight 2
  
}
  

  
vrrp_instance VI_1 {
  
  state MASTER
  
  interface eth0
  
  virtual_router_id 51
  
  priority 100
  
  advert_int 1
  
  authentication {
  
    auth_type PASS
  
    auth_pass 1111
  
}
  
  track_script {
  
    chk_haproxy
  
}
  
virtual_ipaddress {
  
    182.148.15.239
  
}
  
notify_master "/etc/keepalived/clean_arp.sh 182.148.15.239"
  
}
  
vrrp_instance VI_2 {
  
  state BACKUP
  
  interface eth0
  
  virtual_router_id 52
  
  priority 99
  
  advert_int 1
  
  authentication {
  
    auth_type PASS
  
    auth_pass 1111
  
}
  
virtual_ipaddress {
  
  182.148.15.235
  
}
  
notify_master "/etc/keepalived/clean_arp.sh 182.148.15.235"
  
}
  

  

  
3)Haproxy_Keepalived_Backup服务器上的Keepalived配置如下:
  
[root@Haproxy_Keepalived_Backup ~]# /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf-bak
  
[root@Haproxy_Keepalived_Backup ~]# vim /etc/keepalived/keepalived.conf
  
! Configuration File for keepalived
  
global_defs {
  
  notification_email {
  
    root@localhost
  
    }
  

  
notification_email_from keepalived@localhost
  
smtp_server 127.0.0.1
  
smtp_connect_timeout 30
  
router_id HAproxy236
  
}
  

  
vrrp_script chk_haproxy {
  
  script "/etc/keepalived/check_haproxy.sh"
  
  interval 2
  
  weight 2
  
}
  

  
vrrp_instance VI_1 {
  
  state BACKUP
  
  interface eth0
  
  virtual_router_id 51
  
  priority 99
  
  advert_int 1
  
  authentication {
  
    auth_type PASS
  
    auth_pass 1111
  
}
  
  track_script {
  
    chk_haproxy
  
}
  
virtual_ipaddress {
  
    182.148.15.239
  
}
  
notify_master "/etc/keepalived/clean_arp.sh 182.148.15.239"
  
}
  
vrrp_instance VI_2 {
  
  state MASTER
  
  interface eth0
  
  virtual_router_id 52
  
  priority 100
  
  advert_int 1
  
  authentication {
  
    auth_type PASS
  
    auth_pass 1111
  
}
  
virtual_ipaddress {
  
  182.148.15.235
  
}
  
notify_master "/etc/keepalived/clean_arp.sh 182.148.15.235"
  
}
  

  
4)设置HAproxy服务监控脚本(Haproxy_Keepalived_Master 和 Haproxy_Keepalived_Backup两台机器都要操作)
  
[root@Haproxy_Keepalived_Master ~]# vim /etc/keepalived/check_haproxy.sh
  
#!/bin/bash
  
A=`ps -C haproxy --no-header | wc -l`
  
if [ $A -eq 0 ];then
  
/etc/init.d/haproxy start
  
sleep 3
  
if [ `ps -C haproxy --no-header | wc -l ` -eq 0 ];then
  
/etc/init.d/keepalived stop
  
fi
  
fi
  

  
[root@Haproxy_Keepalived_Master ~]# chmod +x /etc/keepalived/check_haproxy.sh
  

  
5)设置更新虚拟服务器(VIP)地址的arp记录到网关脚本(Haproxy_Keepalived_Master 和 Haproxy_Keepalived_Backup两台机器都要操作)
  
[root@Haproxy_Keepalived_Master ~]# vim /etc/keepalived/clean_arp.sh
  
#!/bin/sh
  
VIP=$1
  
GATEWAY=182.148.15.254                                      #这个是本机的外网网卡网关地址
  
/sbin/arping -I eth0 -c 5 -s $VIP $GATEWAY &>/dev/null
  

  
6)系统内核优化(Haproxy_Keepalived_Master 和 Haproxy_Keepalived_Backup两台机器都要操作)
  
[root@Haproxy_Keepalived_Master ~]# echo 1024 60999 > /proc/sys/net/ipv4/ip_local_port_range
  
[root@Haproxy_Keepalived_Master ~]# echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
  
[root@Haproxy_Keepalived_Master ~]# echo 4096 > /proc/sys/net/ipv4/tcp_max_syn_backlog
  
[root@Haproxy_Keepalived_Master ~]# echo 262144 > /proc/sys/net/ipv4/tcp_max_tw_buckets
  
[root@Haproxy_Keepalived_Master ~]# echo 262144 > /proc/sys/net/ipv4/tcp_max_orphans
  
[root@Haproxy_Keepalived_Master ~]# echo 300 > /proc/sys/net/ipv4/tcp_keepalive_time
  
[root@Haproxy_Keepalived_Master ~]# echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle
  
[root@Haproxy_Keepalived_Master ~]# echo 0 > /proc/sys/net/ipv4/tcp_timestamps
  
[root@Haproxy_Keepalived_Master ~]# echo 0 > /proc/sys/net/ipv4/tcp_ecn
  
[root@Haproxy_Keepalived_Master ~]# echo 1 > /proc/sys/net/ipv4/tcp_sack
  
[root@Haproxy_Keepalived_Master ~]# echo 0 > /proc/sys/net/ipv4/tcp_dsack
  

  
7)分别启动Haproxy_Keepalived_Master 和 Haproxy_Keepalived_Backup的keealived和haproxy服务,并查看vip
  
[root@Haproxy_Keepalived_Master ~]# /etc/init.d/keepalived start
  
[root@Haproxy_Keepalived_Master ~]# /etc/init.d/haproxy start
  
[root@Haproxy_Keepalived_Master ~]# ip addr
  
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN
  
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  
    inet 127.0.0.1/8 scope host lo
  
    inet6 ::1/128 scope host
  
       valid_lft forever preferred_lft forever
  
2: eth0:  mtu 1500 qdisc pfifo_fast state UP qlen 1000
  
    link/ether 52:54:00:68:dc:b6 brd ff:ff:ff:ff:ff:ff
  
    inet 182.148.15.237/27 brd 182.148.15.255 scope global eth0
  
    inet 182.148.15.239/32 scope global eth0
  
    inet6 fe80::5054:ff:fe68:dcb6/64 scope link
  
       valid_lft forever preferred_lft forever
  

  
[root@Haproxy_Keepalived_Backup ~]# /etc/init.d/keepalived start
  
[root@Haproxy_Keepalived_Backup ~]# /etc/init.d/haproxy start
  
[root@Haproxy_Keepalived_Backup ~]# ip addr
  
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN
  
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  
    inet 127.0.0.1/8 scope host lo
  
    inet6 ::1/128 scope host
  
       valid_lft forever preferred_lft forever
  
2: eth0:  mtu 1500 qdisc pfifo_fast state UP qlen 1000
  
    link/ether 52:54:00:7c:b8:f0 brd ff:ff:ff:ff:ff:ff
  
    inet 182.148.15.236/27 brd 182.148.15.255 scope global eth0
  
    inet 182.148.15.235/32 scope global eth0
  
    inet6 fe80::5054:ff:fe7c:b8f0/64 scope link
  
       valid_lft forever preferred_lft forever



运维网声明 1、欢迎大家加入本站运维交流群:群②:261659950 群⑤:202807635 群⑦870801961 群⑧679858003
2、本站所有主题由该帖子作者发表,该帖子作者与运维网享有帖子相关版权
3、所有作品的著作权均归原作者享有,请您和我们一样尊重他人的著作权等合法权益。如果您对作品感到满意,请购买正版
4、禁止制作、复制、发布和传播具有反动、淫秽、色情、暴力、凶杀等内容的信息,一经发现立即删除。若您因此触犯法律,一切后果自负,我们对此不承担任何责任
5、所有资源均系网友上传或者通过网络收集,我们仅提供一个展示、介绍、观摩学习的平台,我们不对其内容的准确性、可靠性、正当性、安全性、合法性等负责,亦不承担任何法律责任
6、所有作品仅供您个人学习、研究或欣赏,不得用于商业或者其他用途,否则,一切后果均由您自己承担,我们对此不承担任何法律责任
7、如涉及侵犯版权等问题,请您及时通知我们,我们将立即采取措施予以解决
8、联系人Email:admin@iyunv.com 网址:www.yunweiku.com

所有资源均系网友上传或者通过网络收集,我们仅提供一个展示、介绍、观摩学习的平台,我们不对其承担任何法律责任,如涉及侵犯版权等问题,请您及时通知我们,我们将立即处理,联系人Email:kefu@iyunv.com,QQ:1061981298 本贴地址:https://www.yunweiku.com/thread-657723-1-1.html 上篇帖子: linux服务之haproxy+keepalived 下篇帖子: 手把手教你搭建MySQL双主MM+keepalived高可用架构
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

扫码加入运维网微信交流群X

扫码加入运维网微信交流群

扫描二维码加入运维网微信交流群,最新一手资源尽在官方微信交流群!快快加入我们吧...

扫描微信二维码查看详情

客服E-mail:kefu@iyunv.com 客服QQ:1061981298


QQ群⑦:运维网交流群⑦ QQ群⑧:运维网交流群⑧ k8s群:运维网kubernetes交流群


提醒:禁止发布任何违反国家法律、法规的言论与图片等内容;本站内容均来自个人观点与网络等信息,非本站认同之观点.


本站大部分资源是网友从网上搜集分享而来,其版权均归原作者及其网站所有,我们尊重他人的合法权益,如有内容侵犯您的合法权益,请及时与我们联系进行核实删除!



合作伙伴: 青云cloud

快速回复 返回顶部 返回列表