haproxy+keepalived安装配置
1 环境准备
1.1 主机规划
| 服务器说明 | IP地址 | 主机名称规则| 安装服务 |
| -------- | -------- | -------- |
| haproxy主机1 | 192.168.3.90| haproxy01 | Haproxy、Nginx、keepalived |
| haproxy主机2 | 192.168.3.80| haproxy02 | Haproxy、Nginx、keepalived |
| | 192.168.3.100| 虚拟IP地址VIP |
设置主机名
hostnamectl set-hostname haproxy01
hostnamectl set-hostname haproxy02
以下都是两台机器操作
1.2 hosts解析文件
vim /etc/hosts
192.168.3.90 haproxy01
192.168.3.80 haproxy02
1.3 操作系统版本
CentOS7.3
[root@haproxy01 ~]# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)
[root@haproxy01 ~]# uname -r
3.10.0-514.el7.x86_64
[root@haproxy01 ~]# uname -m
x86_64
1.4 涉及软件版本
haproxy:1.5.18
nginx:1.14.2
keepalived:1.3.5
1.5 系统基础优化
1. 关闭selinux
sed -i ‘7s#enforcing#disabled#g’ /etc/selinux/config
2. 关闭iptables**
systemctl stop firewalld.service
systemctl disable firewalld.service
安装基本的依赖包
yum -y install net-tools vim lrzsz tree screen lsof tcpdump nc mtr nmap gcc glibc gcc-c++
4. 系统网卡名设置为eth0(安装过程中设置,如果不是eth0,keepalived里设置网卡的根据具体环境配置,比如本次的网卡是ens33)
2. 安装haproxy(两台主机都按照)
安装haproxy和其他软件类似,基本上也分为源码安装和yum安装,采用yu’m安装得版本可能稍微比较旧,在CentOS7系统下一般为1.5版本。这两个方式本身区别并不太大,但是安装目录会有一定得出入,在配置程序得时候需要稍微注意。
本文的配置均采用yum安装方式路径,编译安装就不细说,两者任选其一均可。
1、yum安装(配置文件均采用这种方式的配置)
yum -y install haproxy
#查看版本信息
[root@haproxy01 ~]# haproxy -v
HA-Proxy version 1.5.18 2016/05/10
Copyright 2000-2016 Willy Tarreau
2、编译安装(仅在这里介绍)
#下载haproxy软件
cd /usr/local/src
wget https://src.fedoraproject.org/repo/pkgs/haproxy/haproxy-1.6.3.tar.gz/3362d1e268c78155c2474cb73e7f03f9/haproxy-1.6.3.tar.g
#安装包md5码
[root@haproxy02 src]# md5sum haproxy-1.6.3.tar.gz
3362d1e268c78155c2474cb73e7f03f9 haproxy-1.6.3.tar.gz
#解压
tar xf haproxy-1.6.3.tar.gz
#编译安装
#编译参数解释:TARGET=linux2628 系统内核版本,如果大于2.6.28的用:TARGET=linux2628;ARCH=x86_64 #系统位数
cd haproxy-1.6.3
make TARGET=linux2628 ARCH=x86_64 PREFIX=/usr/local/haproxy-1.6.3
make install
cp /usr/local/sbin/haproxy /usr/sbin/
cp examples/haproxy.init /etc/init.d/haproxy
chmod 755 /etc/init.d/haproxy
#查看安装结果
[root@haproxy01 haproxy-1.6.3]# haproxy -v
HA-Proxy version 1.6.3 2015/12/25
Copyright 2000-2015 Willy Tarreau willy@haproxy.org
2.2 配置haproxy
2.2.1 配置rsyslog
Haproxy在Centos7上默认没有记录日志,需要配置rsyslog服务开启日志记录的功能。rsyslog默认情况下,需要在514端口监听,所需要做如下修改:
1.创建记录日志文件
mkdir /var/log/haproxy
chmod a+w /var/log/haproxy
2.开启rsyslog记录haproxy日志功能
vim /etc/rsyslog.conf
#将如下两行得注释取消
$ModLoad imudp
$UDPServerRun 514
#在该文件添加如下内容:
# Save haproxy log
local3.* /var/log/haproxy/haproxy.log
3.修改“/etc/sysconfig/rsyslog”文件,内容如下
vim /etc/sysconfig/rsyslog
# Options for rsyslogd
# Syslogd options are deprecated since rsyslog v3.
# If you want to use them, switch to compatibility mode 2 by "-c 2"
# See rsyslogd(8) for more details
SYSLOGD_OPTIONS="-r -m 0 -c 2"
4. 配置haproxy
编辑haproxy配置文件,进行如下内容修改:
vim /etc/haproxy/haproxy.cfg
编辑haproxy配置文件,进行如下内容修改:
log 127.0.0.1 local3 info
重启服务
systemctl restart rsyslog.service
#查看日志记录(好像会没有)
tailf /var/log/haproxy/haproxy.log
2.2.2 配置haproxy
备份以前的配置文件直接新建后复制内容进配置文件
(1)haproxy01上面的配置
vim /etc/haproxy/haproxy.cfg
global
maxconn 10000
chroot /var/lib/haproxy
uid haproxy
gid haproxy
daemon
nbproc 1
pidfile /var/lib/haproxy/haproxy.pid
log 127.0.0.1 local3 info
defaults
mode http
log global
option http-keep-alive
maxconn 10000
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
listen stats
mode http
bind 0.0.0.0:8888
stats refresh 30s
stats enable
stats uri /stats
stats auth haproxy:123456
frontend frontend_www_example_com
bind 192.168.3.90:80
mode http
option httplog
log global
default_backend backend_www_example_com
backend backend_www_example_com
option forwardfor header X-REAL-IP
option httpchk HEAD / HTTP/1.0
balance source
server web-node1 192.168.3.90:8080 check inter 2000 rise 30 fall 15
server web-node2 192.168.3.80:8080 check inter 2000 rise 30 fall 15
(2)haproxy02的配置
global
maxconn 10000
chroot /var/lib/haproxy
uid haproxy
gid haproxy
daemon
nbproc 1
pidfile /var/lib/haproxy/haproxy.pid
log 127.0.0.1 local3 info
defaults
mode http
log global
option http-keep-alive
maxconn 10000
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
listen stats
mode http
bind 0.0.0.0:8888
stats refresh 30s
stats enable
stats uri /stats
stats auth haproxy:123456
frontend frontend_www_example_com
bind 192.168.3.80:80
mode http
option httplog
log global
default_backend backend_www_example_com
backend backend_www_example_com
option forwardfor header X-REAL-IP
option httpchk HEAD / HTTP/1.0
balance source
server web-node1 192.168.3.90:8080 check inter 2000 rise 30 fall 15
server web-node2 192.168.3.80:8080 check inter 2000 rise 30 fall 15
2.3启动haproxy(重启主机后好像不会自动重启)
systemctl start haproxy.service
systemctl enable haproxy.service
#这里会有一个告警,这是因为我们还没有配置后端的服务
[root@haproxy02 haproxy]# systemctl start haproxy.service
[root@haproxy02 haproxy]#
Message from syslogd@localhost at Feb 24 21:33:33 ...
haproxy[3763]: backend backend_www_example_com has no server available!
2.4 验证
? 分别在浏览器输入地址: http://192.168.3.90:8888/stats
输入用户名:haproxy,密码:123456,如果出现如下信息说明haproxy已经成功启动了。
3.安装nginx
这里仅使用nginx来做负载均衡的测试,因此只需yum安装即可。
3.1安装nginx
rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
yum -y install nginx
#查看版本信息
[root@haproxy01 yum.repos.d]# nginx -v
nginx version: nginx/1.14.2
3.2配置nginx
修改监听端口为8080
1.sed -i 's#80#8080#g' /etc/nginx/conf.d/default.conf
2.配置测试内容/usr/share/nginx/html/index.html
修改主页信息
(1)haproxy01
echo haproxy01 > /usr/share/nginx/html/index.html
(2)haproxy02上修改
echo haproxy02 > /usr/share/nginx/html/index.html
3.3启动nginx
systemctl start nginx.service
systemctl enable nginx.service
3.4结果验证
1、通过浏览器访问监控页面,如果发现web-node1和web-node2状态变为绿色则说明nginx已经启动成功。
2、通过浏览器访问服务器IP,发现haproxy01和haproxy02在来回切换说明负载均衡配置正确!
192.168.3.90:8080
192.168.3.80:8080/
4.安装keepalived
keepalived采用只需yum安装即可
4.1安装keepalived
yum -y install keepalived
#查看keepalived版本
[root@haproxy02 haproxy]# keepalived -v
Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2
Copyright(C) 2001-2017 Alexandre Cassen,
4.2配置keepalived
(1)haproxy01上的配置(这里没有配置去监听haproxy服务,有需要的同学可以自己配置)
mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.confbak (不用原来的配置文件直接复制)
vim /etc/keepalived/keepalived.conf (主要配置网卡名字和 virtual_ipaddress下的VIP)
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id haproxy_ha
}
vrrp_instance haproxy_ha {
state MASTER
interface ens33
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.3.100
}
}
(2)haproxy02上的配置
vim /etc/keepalived/keepalived.conf (主要配置网卡名字和 virtual_ipaddress下的VIP)
global_defs {
notification_email {
acassen@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id haproxy_ha
}
vrrp_instance haproxy_ha {
state BACKUP
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.3.100
}
}
4.3启动keepalived服务
systemctl start keepalived.service
systemctl enable keepalived.service
4.4验证keepalived
在haproxy01上查看是否有虚拟IP地址192.168.3.100,并且haproxy02上没有,则说明安装成功。
5.haproxy结合keepalived使用
? haproxy和keepalived的结合使用,是通过修改haproxy的配置文件去监听虚拟IP地址10.0.0.43。但是这样配置会出现一个问题,那就是作为BACKUP的keepalived的节点上面没有虚拟IP地址的时候,haproxy无法启动。
? 针对这个问题,需要配置haproxy去监听非本地IP!!注意如果不是部署keepalived的服务器不能这样做,这样比较危险。监听非本地修改如下配置参数:
#查看默认参数
[root@haproxy01 keepalived]# cat /proc/sys/net/ipv4/ip_nonlocal_bind
0
5.1#修改参数
echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind
sysctl -w net.ipv4.ip_nonlocal_bind=1
#永久生效
echo 'net.ipv4.ip_nonlocal_bind=1' >> /etc/sysctl.conf
5.2 haproxy修改监听地址
修改/etc/haproxy/haproxy.cfg,使其监听VIP:
#haproxy01上修改:
sed -i 's#bind 192.168.3.90:80#bind 192.168.3.100:80#g' /etc/haproxy/haproxy.cfg
#haproxy02上修改:
sed -i 's#bind192.168.3.80:80#bind 192.168.3.100:80#g' /etc/haproxy/haproxy.cfg
5.3 重启haproxy
重启haproxy,使配置文件生效
systemctl restart haproxy.service
5.4 验证结果
查看两台服务器的监听地址,如果都是监听的10.0.0.43,则说明修改成功。
netstat -anp |grep haproxy
参考链接 https://blog.51cto.com/u_13178102/2354243