搭建 CentOS 6 服务器(15) - Keepalived、HAProxy、LVS
(一)Keepalived
(1)安装
(2)配置
(二)HAProxy
(1)安装
(2)添加用户
(3)SSL证书
(4)配置
(5)keepalived设置
(三)LVS
(1)安装
Linux内核里已经包含了ip_vs模块,只需要安装管理工具
(2)网络设置
(3)LB设置
(4)keepalived设置
(1)安装
# cd /usr/local/src # wget http://www.keepalived.org/software/keepalived-1.2.15.tar.gz # tar zxvf keepalived-1.2.15.tar.gz # cd keepalived-1.2.15 # ./configure # make && make install
(2)配置
# cp /usr/local/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
# cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
# mkdir /etc/keepalived
# cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
# cp /usr/local/sbin/keepalived /usr/sbin/
# mv /etc/keepalived/keepalived.cfg /etc/keepalived/keepalived.cfg.org
# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server smtp.example.org
smtp_connect_timeout 30
router_id act
}
include haproxy_servers.conf #设置HAProxy
include lvs_*_servers.conf #设置LVS
# /etc/init.d/keepalived start
(二)HAProxy
(1)安装
# cd /usr/local/src # wget http://www.haproxy.org/download/1.5/src/haproxy-1.5.11.tar.gz # tar zxvf haproxy-1.5.11.tar.gz # cd haproxy-1.5.11 # make TARGET=linux2628 CPU=x86_64 USE_OPENSSL=1 USE_ZLIB=1 USE_PCRE=1 # make install
(2)添加用户
# useradd -s /usr/sbin/nologin -r haproxy
(3)SSL证书
# mkdir -p /etc/rensn/certs # openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/rensn/certs/haproxy.pem -out /etc/rensn/certs/haproxy.pem -days 365 # cd /etc/rensn/certs # chmod 600 haproxy.pem
(4)配置
# cp /usr/local/sbin/haproxy* /usr/sbin/
# cp /usr/local/src/haproxy-1.5.11/examples/haproxy.init /etc/init.d/haproxy
# chmod +x /etc/init.d/haproxy
# mkdir -p /etc/haproxy
# cp /usr/local/src/haproxy-1.5.11/examples/examples.cfg /etc/haproxy/haproxy.cfg
# mkdir -p /var/lib/haproxy
# touch /var/lib/haproxy/stats
# vi /etc/haproxy/haproxy.cfg
global
# 设置日志
log 127.0.0.1 local2 info
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
# 最大链接数
maxconn 256
# 运行的用户
user haproxy
group haproxy
# 启动服务
daemon
# 最大SSL链接数
maxsslconn 256
# Diffie-Hellman
tune.ssl.default-dh-param 2048
# 运行HAProxy的线程数(建议为1)
nbproc 1
defaults
# Layer4负载均衡
mode tcp
# 日志设置继承global
log global
# 获取HTTP请求日志
option httplog
# 后端未响应的超时时间
timeout connect 10s
# 后端的超时时间
timeout client 30s
# 服务器超时时间
timeout server 30s
# 前端定义 ( http-in 为任意字符 )
frontend http-in
# 监听80端口
bind *:80
# 默认的后端定义
default_backend backend_servers
# 传递X-Forwarded-For
option forwardfor
# 监听443端口
bind *:443 ssl crt /etc/rensn/certs/haproxy.pem
# 后端定义
backend backend_servers
# 负载均衡方式
balance roundrobin
# 后端服务器的定义
server www01 192.168.21.100:80 check
server www02 192.168.21.110:80 check
server www02 192.168.21.120:80 check disabled
# service haproxy start
(5)keepalived设置
# vi /etc/keepalived/haproxy_servers.conf
vrrp_script chk_haproxy {
script "killall -0 haproxy" # verify the pid existance
interval 2 # check every 2 seconds
weight 2 # add 2 points of prio if OK
}
vrrp_instance VI_1 {
state MASTER # MASTER on master, BACKUP on backup
interface eth1 # interface to monitor
virtual_router_id 51 # Assign one ID for this route (tcpdump vrrp)
priority 101 # 101 on master, 100 on backup
virtual_ipaddress {
192.168.21.100 # the virtual IP
}
track_script {
chk_haproxy
}
}
# /etc/init.d/keepalived restart
(三)LVS
(1)安装
Linux内核里已经包含了ip_vs模块,只需要安装管理工具
# yum -y install ipvsadm
(2)网络设置
# vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
# sysctl -p
# cat /proc/sys/net/ipv4/ip_forward
1
# sevice network restart
(3)LB设置
# ipvsadm -C # ipvsadm -A -t 192.168.21.100:80 # ipvsadm -ln # service ipvsadm save
(4)keepalived设置
# vi /etc/keepalived/lvs_http_servers.conf
virtual_server <lvs_srv_ip> 80 {
delay_loop 20
lvs_sched lc
lvs_method NAT
protocol TCP
real_server <web1_srv_ip> 80 {
weight 1
inhibit_on_failure
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 5
nb_get_retry 3
delay_before_retry 20
}
}
real_server <web2_srv_ip> 80 {
weight 1
inhibit_on_failure
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 5
nb_get_retry 3
delay_before_retry 20
}
}
# /etc/init.d/keepalived restart