<1>配置keepalived
[root@ha_1 ~]# yum install -y keepalived [root@ha_1 ~]# cd /etc/keepalived/ [root@ha_1 keepalived]# cp keepalived.conf keepalived.conf.bak [root@ha_1 keepalived]# vim keepalived.conf ! Configuration File forkeepalived global_defs { notification_email { #邮件通知机制 root@localhost maoqiuguo@localhost } notification_email_from kaadmin@localhost smtp_server 127.0.0.1 #使用本机邮件服务 smtp_connect_timeout 30 router_id LVS_DEVEL } vrrp_script chk_haproxy { #检测haprox服务状态 script "killall -0 haproxy" interval 1 weight 2 #权重 } ###########VRRP_INSTANCE VI_1###########实例1的配置 vrrp_instance VI_1 { state MASTER #在ha_1上面是主,对端ha_2上面是备 interface eth0 virtual_router_id 100 #路由ID priority 100 #优先级 advert_int 1 authentication { #路由之间认证 auth_type PASS auth_pass 123.com } virtual_ipaddress { #VIP配置 172.16.41.100/16dev eth0 label eth0:0 } track_script { #追踪脚本 chk_haproxy } track_interface { #追踪端口 eth0 } #通知脚本 notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" } ##########VRRP_INSTANCE VI_2############实例2的配置 vrrp_instance VI_2 { state BACKUP #在ha_1上面是被,对端ha_2上面是主 interface eth0 virtual_router_id 200 #路由ID priority 199 #优先级 advert_int 1 authentication { #路由间认证 auth_type PASS auth_pass 123.com } virtual_ipaddress { #VIP配置 172.16.41.101/16dev eth0 label eth0:1 } track_interface { #追踪端口 eth0 } track_script { #追踪脚本 chk_haproxy } } ###################################### 为ha_1的keepalived提供脚本文件: [root@ha_1 ~]# vim /etc/keepalived/notify.sh #!/bin/bash # Author: MageEdu <linuxedu@foxmail.com> 脚本使用请注明出处 # description: An example of notify script # vip=172.16.41.100 contact=‘root@localhost‘ notify() { mailsubject="`hostname` to be $1: $vip floating" mailbody="`date ‘+%F %H:%M:%S‘`: vrrp transition, `hostname` changed to be $1" echo$mailbody | mail -s "$mailsubject"$contact } case"$1"in master) notify master /etc/rc.d/init.d/haproxystart exit0 ;; backup) notify backup /etc/rc.d/init.d/haproxystop exit0 ;; fault) notify fault /etc/rc.d/init.d/haproxystop exit0 ;; *) echo‘Usage: `basename $0` {master|backup|fault}‘ exit1 ;; esac #赋予执行权限: [root@ha_1 ~]# chmod +x /etc/keepalived/notify.sh |
[root@ha_1 haproxy]# yum install haproxy -y [root@ha_1 ~]# cd /etc/haproxy/ [root@ha_1 haproxy]# cp haproxy.cfg haproxy.cfg.bak [root@ha_1 haproxy]# vim haproxy.cfg global #全局配置 log 127.0.0.1 local2 #日志功能 chroot /var/lib/haproxy#修改haproxy的工作目录至指定的目录并在放弃权限之前执行chroo t()操作,可以提升haproxy的安全级别,不过需要注意的是要确保指定的目录为空 目录且任何用户均不能有写权限; pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon #让haproxy以守护进程的方式工作于后台 defaults mode http #指定haproxy的工作模式 log global #使用默认全局日志 option httplog # option dontlognull option http-server-close #若客户端超时,服务器端将关闭连接 option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 listen stats mode http bind 0.0.0.0:1080 #绑定1080端口 stats enable#开启stats功能 stats hide-version #隐藏haproxy版本信息 stats uri /myadmin?stats #在浏览器中通过什么样的URI访问stats页面 stats realm Haproxy\ Statistics #认证注释信息 stats auth maoqiu:123.com #认证机制(User:Password) stats admin ifTRUE #如果认证成功,则赋予管理权限 acl allow src 172.16.0.0/16#访问控制,只允许是这个网段的客户端访问 tcp-request content accept ifallow tcp-request content reject frontend proxy #前端代理 bind *:80 #监听80port mode http log global option httpclose option logasap option dontlognull capture request header Host len 20 capture request header Referer len 60 acl url_static path_beg -i /static/images/javascript/stylesheets acl url_static path_end -i .jpg .gif .png .css .js .html use_backend static_servers ifurl_static default_backend dynamic_servers backend static_servers #后端静态server balance source#基于source算法调度 server imgsrv1 192.168.100.2:80 check maxconn 6000 backend dynamic_servers #后端动态server balance source#基于source算法调度 server websrv1 192.168.100.1:80 check maxconn 6000 |
2.ha_2配置<172.16.41.2>:
! Configuration File forkeepalived global_defs { notification_email { root@localhost maoqiuguo@localhost } notification_email_from kaadmin@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id LVS_DEVEL } vrrp_script chk_haproxy { script "killall -0 haproxy" interval 1 weight 2 } ###########VRRP_INSTANCE VI_1########### vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 100 priority 99 advert_int 1 authentication { auth_type PASS auth_pass 123.com } virtual_ipaddress { 172.16.41.100/16dev eth0 label eth0:0 } track_script { chk_haproxy } track_interface { eth0 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" } ##########VRRP_INSTANCE VI_2############ vrrp_instance VI_2 { state MASTER interface eth0 virtual_router_id 200 priority 200 advert_int 1 authentication { auth_type PASS auth_pass 123.com } virtual_ipaddress { 172.16.41.101/16dev eth0 label eth0:1 } track_interface { eth0 } track_script { chk_haproxy } } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" } #####ha_2上面的脚本文件同ha_1,须将VIP修改为172.16.41.101,再赋予权限即可! |
[root@ha_2 keepalived]# scp root@172.16.41.1:/etc/haproxy/haproxy.cfg /etc/haproxy/ |
<1>当两个前端节点的服务正常状态时: |
<2>当把某个前端节点的haproxy服务停止后的状态: |
目前keepalived为haporxy提供高可用已经达到目的,下面继续关于haproxy的动静分离机制和haproxy 统计信息输出机制的实现.
在拓扑图中规划RS1为客户端请求的动态内容提供服务,RS2为客户端请求静态内容提供服务
1.为RS1提供动态内容页面(我这里使用直接使用一个php的测试页)
[root@RealServer1 ~]# yum install -y php php-mysql [root@RealServer1 ~]# vim /var/www/html/index.php <h1>Real Server1</h1> <?php phpinfo(); ?> [root@RealServer1 ~]# service httpd start Starting httpd: [ OK ] [root@RealServer1 ~]#
#放个html网页文档 [root@RealServer2 ~]# vim /var/www/html/index.html <h1>Real Server2</h1> #放张图片 [root@RealServer2 ~]# cd /var/www/html/ [root@RealServer2 html]# ls index.html tux_windows.jpg [root@RealServer2 html]#
四、测试:
1.静态内容测试:
2.动态内容测试:
3.haproxy统计页面输出机制:
本文出自 “一叶知秋” 博客,请务必保留此出处http://maoqiu.blog.51cto.com/8570467/1405875
基于keepalived的Haproxy高可用配置,布布扣,bubuko.com
原文:http://maoqiu.blog.51cto.com/8570467/1405875