一、实验规划
node1:haproxy+keepalived IP地址:192.168.200.111(主)
node2:haproxy+keepalived IP地址:192.168.200.111(从)
nginx1:nginx IP地址:192.168.200.113
nginx2:nginx IP地址:192.168.200.114
VIP地址:192.168.200.200
二、前期准备工作
1. 修改主机名
#node1
hostname node1
bash
#node2
hostname node2
bash
#nginx1
hostname nginx1
bash
#nginx2
hostname nginx2
2. 配置主机名与IP地址的映射关系(修改hosts文件)
192.168.200.111 node1
192.168.200.112 node2
192.168.200.113 nginx1
192.168.200.114 nginx2
3. 关闭防火墙与安全机制
systemctl stop firewalld
setenforce 0
iptables -F
4. 配置yum源及epel源(不再介绍)
三、node1的操作
1. 安装haproxy
#安装haproxy
yum -y install haproxy
#配置haproxy
vim /etc/haproxy/haproxy.cfg
# 配置说明:本配置基于yum安装后默认的配置文件上修改而来的
# 其中 `listen admin_stats` 的配置是启用haproxy的监控web界面,
# 跟本次实验无关,是可选的
# 修改 `backend app`,转到nginx1与nginx2
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#---------------------------------------------------------------
listen admin_stats
bind 0.0.0.0:48800
bind-process 1
stats enable
mode http
log global
stats hide-version
stats uri /haproxy #访问的uri ip:8888/haproxy
stats realm Haproxy\ Statistics
stats auth admin:admin #访问帐密
stats admin if TRUE # 管理界面,如果认证成功,是否可通过WebUI操作节点
stats refresh 30s #监控状态刷新频率
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main *:5000 #本次采用5000端口访问
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js
use_backend static if url_static
default_backend app
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend static
balance roundrobin
server static 127.0.0.1:4331 check
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
balance roundrobin
server app1 192.168.200.113:80 check
server app2 192.168.200.114:80 check
2. 安装keepalived
#安装keepalived
yum -y install keepalived
#配置keepalived
vim /etc/keepalived/keepalived.conf
vrrp_script chk_http_port {
script "/etc/keepalived/check_haproxy.sh"
interval 2
weight 2
}
vrrp_instance VI_1 {
state MASTER
interface eno16777728
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_http_port
}
virtual_ipaddress {
192.168.200.200
}
}
#准备检查脚本
vim /etc/keepalived/check_haproxy.sh
#!/bin/bash
A=`ps -C haproxy --no-header |wc -l`
if [ $A -eq 0 ];then
systemctl restart haproxy &> /dev/null
sleep 3
if [ `ps -C haproxy --no-header |wc -l` -eq 0 ];then
systemctl stop keepalived
fi
fi
#给脚本加执行权限
chmod 755 /etc/keepalived/check_haproxy,sh
复制代码
四、node2的操作
1. 安装haproxy
#安装haproxy
yum -y install haproxy
#配置haproxy
vim /etc/haproxy/haproxy.cfg
# 配置说明:本配置基于yum安装后默认的配置文件上修改而来的
# 其中 `listen admin_stats` 的配置是启用haproxy的监控web界面,
# 跟本次实验无关,是可选的
# 修改 `backend app`,转到nginx1与nginx2
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#---------------------------------------------------------------
listen admin_stats
bind 0.0.0.0:48800
bind-process 1
stats enable
mode http
log global
stats hide-version
stats uri /haproxy #访问的uri ip:8888/haproxy
stats realm Haproxy\ Statistics
stats auth admin:admin #访问帐密
stats admin if TRUE # 管理界面,如果认证成功,是否可通过WebUI操作节点
stats refresh 30s #监控状态刷新频率
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main *:5000 #本次采用5000端口访问
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js
use_backend static if url_static
default_backend app
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend static
balance roundrobin
server static 127.0.0.1:4331 check
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
balance roundrobin
server app1 192.168.200.113:80 check
server app2 192.168.200.114:80 check
2. 安装keepalived
#安装keepalived
yum -y install keepalived
#配置keepalived
vim /etc/keepalived/keepalived.conf
global_defs { #全局设置,可以不用加
script_user root #这里指定脚本运行用户,小编这里不指定用户脚本不启动所以加上
enable_script_security
}
vrrp_script chk_http_port {
script "/etc/keepalived/check_haproxy.sh"
interval 2
weight 2
}
vrrp_instance VI_1 {
state BACKUP
interface eno16777736
virtual_router_id 51
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_http_port
}
virtual_ipaddress {
192.168.200.200
}
}
#准备检查脚本
vim /etc/keepalived/check_haproxy.sh
#!/bin/bash
A=`ps -C haproxy --no-header |wc -l`
if [ $A -eq 0 ];then
systemctl restart haproxy &> /dev/null
sleep 3
if [ `ps -C haproxy --no-header |wc -l` -eq 0 ];then
systemctl stop keepalived
fi
fi
#给脚本加执行权限
chmod 755 /etc/keepalived/check_haproxy,sh
五、nginx1与nginx2的操作
#两台机器相同操作
yum -y install nginx
#nginx1准备访问网页
cat >> /usr/share/nginx/html/index.html << EOF
113
EOF
#nginx2准备访问网页
cat >> /usr/share/nginx/html/index.html << EOF
114
EOF
#启动nginx
systemctl restart nginx
六、测试
#启动haproxy与keepalived
systemctl start haproxy
systemctl enable haproxy
systemctl start keepalived
systemctl enable keepalived
1.网页访问测试
2. 服务停止测试
haproxy服务停止
keepalive停止