基于Haproxy+Keepalived实现Haproxy的高可用

一:实验环境

  准备4台linux服务器,系统都为CentOS Linux release 7.3.1611 (Core) 版本的虚拟机,IP分别及安装服务为:

    192.168.37.101:haproxy+keepalived

    192.168.37.102:haproxy+keepalived

    192.168.37.103:web1服务器

    192.168.37.104:web2服务器

  软件:haproxy-1.8.20.tar.gz,keepalived(光盘yum源),httpd(光盘yum源)

二:安装步骤:

   1:在101,102机器上安装分别源码安装haproxy服务,如下

      

#安装相关依赖包
[root@localhost src]# yum install gcc gcc-c++ glibc glibc-devel pcre pcre-devel openssl openssl-devel systemd-devel net-tools vim iotop bc zip unzip zlib-devel lrzsz tree screen lsof tcpdump wget ntpdate -y


#上传解压的haproxy源码并进入haproxy源码目录
[root@localhost src]# tar xf haproxy-1.8.20.tar.gz 
[root@localhost src]# cd haproxy-1.8.20
[root@localhost haproxy-1.8.20]#

#编译安装
[root@localhost haproxy-1.8.20]# mkdir /data/haproxy -p
[root@localhost haproxy-1.8.20]# make  ARCH=x86_64 TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1  USE_CPU_AFFINITY=1  PREFIX=/data/haproxy

#创建服务启动脚本
[root@localhost system]# cat haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target

[Service]
ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
ExecStart=/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID

[Install]
WantedBy=multi-user.target


#创建用户和目录
[root@localhost ~]# mkdir /etc/haproxy
[root@localhost ~]# useradd haproxy -s /sbin/nologin 
[root@localhost ~]# chown haproxy.haproxy /data/haproxy/  /etc/haproxy/ -R

#关闭并禁用防火墙及selinux服务
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld

[root@localhost ~]# vim /etc/selinux/config 
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled  #此处禁用
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
#启动haproxy服务并验证
[root@molson ~]# systemctl enable  haproxy
Created symlink from /etc/systemd/system/multi-user.target.wants/haproxy.service to /usr/lib/systemd/system/haproxy.service.

  

#上传写好的配置文件/etc/haproxy/haproxy.cfg

  
global
  maxconn 100000
  chroot /data/haproxy
  stats socket /data/haproxy/haproxy.sock mode 600 level admin
  uid 99
  gid 99
  daemon
  #nbproc 4
  #cpu-map 1 0
  #cpu-map 2 1
  #cpu-map 3 2
  #cpu-map 4 3
  pidfile /run/haproxy.pid
  log 127.0.0.1 local3 info


defaults
  option http-keep-alive
  option forwardfor
  maxconn 100000
  mode http
  timeout connect 300000ms
  timeout client 300000ms
  timeout server 300000ms


listen stats
  mode http 
  bind 0.0.0.0:9999
  stats enable
  log global
  stats uri /haproxy-status
  stats auth haadmin:q1w2e3r4ys

  

 启动的服务见下图:

  

 

  

     

 

  2:在101,102主机上分别通过yun安装keepalived服务,如下

    

[root@molson ~]# yum install keepalived -y

  在101主机上修改keepalived的配置文件,如下

  

[root@molson ~]# vim /etc/keepalived/keepalived.conf 

! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VIP_1 {     #实例的名称
    state MASTER      #主还是备
    interface ens33      #网卡名称
    virtual_router_id 51
    priority 100       #权重
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass molson    #设置密码   
    }
    virtual_ipaddress {
        192.168.37.200 dev ens33 label ens33:0
    }
}

  102服务器上keepalived配置文件的修改

    

[root@localhost haproxy]# vim /etc/keepalived/keepalived.conf 

! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   vrrp_strict
  vrrp_iptables vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_instance VIP_1 { state BACKUP #备份 interface ens33 #网卡名 virtual_router_id 51 priority 80 #权重 advert_int 1 authentication { auth_type PASS auth_pass molson #密码 } virtual_ipaddress { 192.168.37.200 dev ens33 label ens33:0 #虚拟的IP及网卡 } }

  101,102上启动keepalived并验证,如下图

[root@localhost haproxy]# systemctl start keepalived

  

    

 

  

 

 

  

三:两外两台服务器103,104分别安装httpd服务,如下

  

[root@molson ~]# yum install httpd -y

四:101,102机器修改haproxy的配置文件,进行负载均衡,如下 

#在之前的配置文件后增加以下内容就可以
#/etc/haproxy/haproxy.cfg

listen WEB_PORT_80
        mode http
        bind 192.168.37.200:80     #绑定的虚拟IP及端口
        server web1 192.168.37.103:80 check    #转发的地址
        server web2 192.168.37.104:80 check    #转发的地址

 

五:启动haproxy程序,如下

  

[root@molson ~]# ss -ntl
State       Recv-Q Send-Q                                                 Local Address:Port                                                        
LISTEN      0      128                                                                *:9999                                                        
LISTEN      0      128                                                                *:22                                                          
LISTEN      0      100                                                        127.0.0.1:25                                                          
LISTEN      0      128                                                               :::22                                                          
LISTEN      0      100                                                              ::1:25  

    通过上述信息可以看出,端口80没有打开,修改内核参数,如下

  

[root@molson ~]# vim /etc/sysctl.conf
#添加以下两行
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
[root@molson ~]# sysctl -p    #使配置生效
#102机器上一样配置

  再一次启动haproxy程序,并检查端口,如下

  

[root@localhost ~]# ss -ntl
State       Recv-Q Send-Q                            Local Address:Port                                           Peer Address:Port              
LISTEN      0      128                                           *:9999                                                      *:*                  
LISTEN      0      128                              192.168.37.200:80                                                        *:*                  
LISTEN      0      128                                           *:22                                                        *:*                  
LISTEN      0      100                                   127.0.0.1:25                                                        *:*                  
LISTEN      0      128                                          :::22                                                       :::*                  
LISTEN      0      100                                         ::1:25                                                       :::*                  
[root@localhost ~]# 

  

六:验证高可用服务,如下

  

    上图为101机器上验证,由上图可知,101和102组成高可以服务,只要其中一台服务停止了,还是可以正常服务的

  

  由上图可知,在101机器上keepalived服务停止了,在102机器上还是可以正常服务的,当在102机器上也停止了,服务不可访问,如下

  

  

  当101和102组成高可用服务的时候,主服务停止工作了,备份服务马上开启工作,见下图日志

  

 

  由以上可知,简单的Haproxy+keepalived高可用服务服务搭建成功

 

posted @ 2020-09-17 11:40  Molson  阅读(336)  评论(0编辑  收藏  举报