1 环境准备
1.1 主机规划
| 服务器说明 | IP地址 | 主机名称规则 | 安装服务 |
|---|---|---|---|
| haproxy主机1 | 10.0.0.41 | haproxy01 | Haproxy、Nginx、keepalived |
| haproxy主机2 | 10.0.0.42 | haproxy01 | Haproxy、Nginx、keepalived |
| 10.0.0.43 | 虚拟IP地址VIP |
1.2 hosts解析文件
10.0.0.41 dns01
10.0.0.42 dns021.3 操作系统版本
CentOS7.3
[root@haproxy01 ~]# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)
[root@haproxy01 ~]# uname -r
3.10.0-514.el7.x86_64
[root@haproxy01 ~]# uname -m
x86_641.4 涉及软件版本
haproxy:1.5.18
nginx:1.14.2
keepalived:1.3.5
1.5 系统基础优化
1. 关闭selinux
sed -i ‘7s#enforcing#disabled#g‘ /etc/selinux/config
2. 关闭iptables
systemctl stop firewalld.service
systemctl disable firewalld.service
3. 安装基本的依赖包
yum -y install net-tools vim lrzsz tree screen lsof tcpdump nc mtr nmap gcc glibc gcc-c++
4. 系统网卡名设置为eth0(安装过程中设置)
2. 安装haproxy
2.1 安装haproxy
安装haproxy和其他软件类似,基本上也分为源码安装和yum安装,采用yu‘m安装得版本可能稍微比较旧,在CentOS7系统下一般为1.5版本。这两个方式本身区别并不太大,但是安装目录会有一定得出入,在配置程序得时候需要稍微注意。
本文的配置均采用yum安装方式路径,编译安装就不细说,两者任选其一均可。
1、yum安装(配置文件均采用这种方式的配置)
yum -y install haproxy
#查看版本信息
[root@haproxy01 ~]# haproxy -v
HA-Proxy version 1.5.18 2016/05/10
Copyright 2000-2016 Willy Tarreau <willy@haproxy.org>2、编译安装(仅在这里介绍)
#下载haproxy软件
cd /usr/local/src
wget https://src.fedoraproject.org/repo/pkgs/haproxy/haproxy-1.6.3.tar.gz/3362d1e268c78155c2474cb73e7f03f9/haproxy-1.6.3.tar.g
#安装包md5码
[root@haproxy02 src]# md5sum haproxy-1.6.3.tar.gz
3362d1e268c78155c2474cb73e7f03f9 haproxy-1.6.3.tar.gz
#解压
tar xf haproxy-1.6.3.tar.gz
#编译安装
#编译参数解释:TARGET=linux2628 系统内核版本,如果大于2.6.28的用:TARGET=linux2628;ARCH=x86_64 #系统位数
cd haproxy-1.6.3
make TARGET=linux2628 ARCH=x86_64 PREFIX=/usr/local/haproxy-1.6.3
make install
cp /usr/local/sbin/haproxy /usr/sbin/
cp examples/haproxy.init /etc/init.d/haproxy
chmod 755 /etc/init.d/haproxy
#查看安装结果
[root@haproxy01 haproxy-1.6.3]# haproxy -v
HA-Proxy version 1.6.3 2015/12/25
Copyright 2000-2015 Willy Tarreau <willy@haproxy.org>2.2 配置haproxy
2.2.1 配置rsyslog
Haproxy在Centos7上默认没有记录日志,需要配置rsyslog服务开启日志记录的功能。rsyslog默认情况下,需要在514端口监听,所需要做如下修改:
1.创建记录日志文件
mkdir /var/log/haproxy
chmod a+w /var/log/haproxy2.开启rsyslog记录haproxy日志功能
vim /etc/rsyslog.conf
#将如下两行得注释取消
$ModLoad imudp
$UDPServerRun 514
#在该文件添加如下内容:
# Save haproxy log
local3.* /var/log/haproxy/haproxy.log3.修改“/etc/sysconfig/rsyslog”文件,内容如下
vim /etc/sysconfig/rsyslog
# Options for rsyslogd
# Syslogd options are deprecated since rsyslog v3.
# If you want to use them, switch to compatibility mode 2 by "-c 2"
# See rsyslogd(8) for more details
SYSLOGD_OPTIONS="-r -m 0 -c 2"4. 配置haproxy
编辑haproxy配置文件,进行如下内容修改:
log 127.0.0.1 local3 info5.重启服务
systemctl restart rsyslog.service
#查看日志记录
tailf /var/log/haproxy/haproxy.log2.2.2 配置haproxy
- /etc/haproxy/haproxy.cfg
(1)haproxy01上面的配置
global
maxconn 10000
chroot /var/lib/haproxy
uid haproxy
gid haproxy
daemon
nbproc 1
pidfile /var/lib/haproxy/haproxy.pid
log 127.0.0.1 local3 info
defaults
mode http
log global
option http-keep-alive
maxconn 10000
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
listen stats
mode http
bind 0.0.0.0:8888
stats refresh 30s
stats enable
stats uri /stats
stats auth haproxy:123456
frontend frontend_www_example_com
bind 10.0.0.41:80
mode http
option httplog
log global
default_backend backend_www_example_com
backend backend_www_example_com
option forwardfor header X-REAL-IP
option httpchk HEAD / HTTP/1.0
balance source
server web-node1 10.0.0.41:8080 check inter 2000 rise 30 fall 15
server web-node2 10.0.0.42:8080 check inter 2000 rise 30 fall 15(2)haproxy的配置
global
maxconn 10000
chroot /var/lib/haproxy
uid haproxy
gid haproxy
daemon
nbproc 1
pidfile /var/lib/haproxy/haproxy.pid
log 127.0.0.1 local3 info
defaults
mode http
log global
option http-keep-alive
maxconn 10000
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
listen stats
mode http
bind 0.0.0.0:8888
stats refresh 30s
stats enable
stats uri /stats
stats auth haproxy:123456
frontend frontend_www_example_com
bind 10.0.0.42:80
mode http
option httplog
log global
default_backend backend_www_example_com
backend backend_www_example_com
option forwardfor header X-REAL-IP
option httpchk HEAD / HTTP/1.0
balance source
server web-node1 10.0.0.41:8080 check inter 2000 rise 30 fall 15
server web-node2 10.0.0.42:8080 check inter 2000 rise 30 fall 152.3启动haproxy
systemctl start haproxy.service
systemctl enable haproxy.service
#这里会有一个告警,这是因为我们还没有配置后端的服务
[root@haproxy02 haproxy]# systemctl start haproxy.service
[root@haproxy02 haproxy]#
Message from syslogd@localhost at Feb 24 21:33:33 ...
haproxy[3763]: backend backend_www_example_com has no server available!2.4 验证
? 分别在浏览器输入地址:http://10.0.0.41:8888/stats,
输入用户名:haproxy,密码:123456,如果出现如下信息说明haproxy已经成功启动了。
3.安装nginx
这里仅使用nginx来做负载均衡的测试,因此只需yum安装即可。
3.1安装nginx
rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
yum -y install nginx
#查看版本信息
[root@haproxy01 yum.repos.d]# nginx -v
nginx version: nginx/1.14.23.2配置nginx
1./etc/nginx/conf.d/default.conf
修改监听端口为8080
sed -i ‘s#80#8080#g‘ /etc/nginx/conf.d/default.conf2./usr/share/nginx/html/index.html
修改主页信息
(1)haproxy01
echo haproxy01 > /usr/share/nginx/html/index.html(2)haproxy02上修改
echo haproxy02 > /usr/share/nginx/html/index.html3.3启动nginx
systemctl start nginx.service3.4结果验证
1、通过浏览器访问监控页面,如果发现web-node1和web-node2状态变为绿色则说明nginx已经启动成功。
2、通过浏览器访问服务器IP,发现haproxy01和haproxy02在来回切换说明负载均衡配置正确!
4.安装keepalived
keepalived采用只需yum安装即可,且keepalived相关内容查找[keepalived权威指南]即可。
链接:https://pan.baidu.com/s/14EZJ6B8IqRYLzz9IofCbmQ
提取码:tvv3
4.1安装keepalived
yum -y install keepalived
#查看keepalived版本
[root@haproxy02 haproxy]# keepalived -v
Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2
Copyright(C) 2001-2017 Alexandre Cassen, <acassen@gmail.com>
4.2配置keepalived
1./etc/keepalived/keepalived.conf
(1)haproxy01上的配置(这里没有配置去监听haproxy服务,有需要的同学可以自己配置)
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id haproxy_ha
}
vrrp_instance haproxy_ha {
state MASTER
interface eth0
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.43
}
}(2)haproxy02上的配置
global_defs {
notification_email {
acassen@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id haproxy_ha
}
vrrp_instance haproxy_ha {
state BACKUP
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.43
}
}4.3启动keepalived服务
systemctl start keepalived.service
systemctl enable keepalived.service4.4验证keepalived
在haproxy01上查看是否有虚拟IP地址10.0.0.43,并且haproxy02上没有,则说明安装成功。
5.haproxy结合keepalived使用
5.1、修改内核参数
? haproxy和keepalived的结合使用,是通过修改haproxy的配置文件去监听虚拟IP地址10.0.0.43。但是这样配置会出现一个问题,那就是作为BACKUP的keepalived的节点上面没有虚拟IP地址的时候,haproxy无法启动。
? 针对这个问题,需要配置haproxy去监听非本地IP!!注意如果不是部署keepalived的服务器不能这样做,这样比较危险。监听非本地修改如下配置参数:
#查看默认参数
[root@haproxy01 keepalived]# cat /proc/sys/net/ipv4/ip_nonlocal_bind
0
#修改参数
echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind
sysctl -w net.ipv4.ip_nonlocal_bind=1
#永久生效
echo ‘net.ipv4.ip_nonlocal_bind=1‘ >> /etc/sysctl.conf5.2 haproxy修改监听地址
修改/etc/haproxy/haproxy.cfg,使其监听VIP:
#haproxy01上修改:
sed -i ‘s#bind 10.0.0.41:80#bind 10.0.0.43:80#g‘ /etc/haproxy/haproxy.cfg
#haproxy02上修改:
sed -i ‘s#bind 10.0.0.42:80#bind 10.0.0.43:80#g‘ /etc/haproxy/haproxy.cfg5.3 重启haproxy
重启haproxy,使配置文件生效
systemctl restart haproxy.service5.4 验证结果
查看两台服务器的监听地址,如果都是监听的10.0.0.43,则说明修改成功。
至此,haproxy+keepalived的配置到此结束,还请各位同学指正!!
原文地址:https://blog.51cto.com/13178102/2354243