搭建 CentOS 6 服务器(15) - Keepalived、HAProxy、LVS

搭建 CentOS 6 服务器(15) - Keepalived、HAProxy、LVS

博客分类：

Linux

（一）Keepalived

（1）安装

Shell代码


# cd /usr/local/src

# wget http://www.keepalived.org/software/keepalived-1.2.15.tar.gz
# tar zxvf keepalived-1.2.15.tar.gz

# cd keepalived-1.2.15

# ./configure

# make && make install

（2）配置

Shell代码


# cp /usr/local/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/

# cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/

# mkdir /etc/keepalived

# cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/

# cp /usr/local/sbin/keepalived /usr/sbin/

# mv /etc/keepalived/keepalived.cfg /etc/keepalived/keepalived.cfg.org

# vi /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {

notification_email {

cluster-admin@example.org

}

notification_email_from noreply@example.org

smtp_server smtp.example.org

smtp_connect_timeout 30

router_id act

}

include haproxy_servers.conf #设置HAProxy

include lvs_*_servers.conf #设置LVS

# /etc/init.d/keepalived start

（二）HAProxy

（1）安装

Shell代码


# cd /usr/local/src

# wget http://www.haproxy.org/download/1.5/src/haproxy-1.5.11.tar.gz
# tar zxvf haproxy-1.5.11.tar.gz

# cd haproxy-1.5.11

# make TARGET=linux2628 CPU=x86_64 USE_OPENSSL=1 USE_ZLIB=1 USE_PCRE=1

# make install

（2）添加用户

Shell代码


# useradd -s /usr/sbin/nologin -r haproxy

（3）SSL证书

Shell代码


# mkdir -p /etc/rensn/certs

# openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/rensn/certs/haproxy.pem -out /etc/rensn/certs/haproxy.pem -days 365

# cd /etc/rensn/certs

# chmod 600 haproxy.pem

（4）配置

Shell代码


# cp /usr/local/sbin/haproxy* /usr/sbin/

# cp /usr/local/src/haproxy-1.5.11/examples/haproxy.init /etc/init.d/haproxy

# chmod +x /etc/init.d/haproxy

# mkdir -p /etc/haproxy

# cp /usr/local/src/haproxy-1.5.11/examples/examples.cfg /etc/haproxy/haproxy.cfg

# mkdir -p /var/lib/haproxy

# touch /var/lib/haproxy/stats

# vi /etc/haproxy/haproxy.cfg

global

# 设置日志

log 127.0.0.1 local2 info

chroot /var/lib/haproxy

pidfile /var/run/haproxy.pid

# 最大链接数

maxconn 256

# 运行的用户

user haproxy

group haproxy

# 启动服务

daemon

# 最大SSL链接数

maxsslconn 256

# Diffie-Hellman

tune.ssl.default-dh-param 2048

# 运行HAProxy的线程数（建议为1）

nbproc 1

defaults

# Layer4负载均衡

mode tcp

# 日志设置继承global

log global

# 获取HTTP请求日志

option httplog

# 后端未响应的超时时间

timeout connect 10s

# 后端的超时时间

timeout client 30s

# 服务器超时时间

timeout server 30s

# 前端定义 ( http-in 为任意字符 )

frontend http-in

# 监听80端口

bind *:80

# 默认的后端定义

default_backend backend_servers

# 传递X-Forwarded-For

option forwardfor

# 监听443端口

bind *:443 ssl crt /etc/rensn/certs/haproxy.pem

# 后端定义

backend backend_servers

# 负载均衡方式

balance roundrobin

# 后端服务器的定义

server www01 192.168.21.100:80 check

server www02 192.168.21.110:80 check

server www02 192.168.21.120:80 check disabled

# service haproxy start

（5）keepalived设置

Shell代码


# vi /etc/keepalived/haproxy_servers.conf

vrrp_script chk_haproxy {

script "killall -0 haproxy" # verify the pid existance

interval 2 # check every 2 seconds

weight 2 # add 2 points of prio if OK

}

vrrp_instance VI_1 {

state MASTER # MASTER on master, BACKUP on backup

interface eth1 # interface to monitor

virtual_router_id 51 # Assign one ID for this route (tcpdump vrrp)

priority 101 # 101 on master, 100 on backup

virtual_ipaddress {

192.168.21.100 # the virtual IP

}

track_script {

chk_haproxy

}

}

# /etc/init.d/keepalived restart

（三）LVS

（1）安装

Linux内核里已经包含了ip_vs模块，只需要安装管理工具

Shell代码


# yum -y install ipvsadm

（2）网络设置

Shell代码


# vi /etc/sysctl.conf

net.ipv4.ip_forward = 1

net.ipv4.conf.default.rp_filter = 0

# sysctl -p

# cat /proc/sys/net/ipv4/ip_forward

1

# sevice network restart

（3）LB设置

Shell代码


# ipvsadm -C

# ipvsadm -A -t 192.168.21.100:80

# ipvsadm -ln

# service ipvsadm save

（4）keepalived设置

Shell代码


# vi /etc/keepalived/lvs_http_servers.conf

virtual_server <lvs_srv_ip> 80 {

delay_loop 20

lvs_sched lc

lvs_method NAT

protocol TCP

real_server <web1_srv_ip> 80 {

weight 1

inhibit_on_failure

HTTP_GET {

url {

path /

status_code 200

}

connect_timeout 5

nb_get_retry 3

delay_before_retry 20

}

}

real_server <web2_srv_ip> 80 {

weight 1

inhibit_on_failure

HTTP_GET {

url {

path /

status_code 200

}

connect_timeout 5

nb_get_retry 3

delay_before_retry 20

}

}

# /etc/init.d/keepalived restart