CentOS 6サーバ(15)-Keepalived、HAProxy、LVSを構築する。
6312 ワード
(一)Keepalived
(1)据え付け
(1)据え付け
(1)据え付け
Linuxカーネルにはip_が含まれています。vsモジュールは、管理ツールをインストールするだけです。
(1)据え付け
# cd /usr/local/src
# wget http://www.keepalived.org/software/keepalived-1.2.15.tar.gz
# tar zxvf keepalived-1.2.15.tar.gz
# cd keepalived-1.2.15
# ./configure
# make && make install# cp /usr/local/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
# cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
# mkdir /etc/keepalived
# cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
# cp /usr/local/sbin/keepalived /usr/sbin/
# mv /etc/keepalived/keepalived.cfg /etc/keepalived/keepalived.cfg.org
# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server smtp.example.org
smtp_connect_timeout 30
router_id act
}
include haproxy_servers.conf # HAProxy
include lvs_*_servers.conf # LVS
# /etc/init.d/keepalived start(1)据え付け
# cd /usr/local/src
# wget http://www.haproxy.org/download/1.5/src/haproxy-1.5.11.tar.gz
# tar zxvf haproxy-1.5.11.tar.gz
# cd haproxy-1.5.11
# make TARGET=linux2628 CPU=x86_64 USE_OPENSSL=1 USE_ZLIB=1 USE_PCRE=1
# make install# useradd -s /usr/sbin/nologin -r haproxy# mkdir -p /etc/rensn/certs
# openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/rensn/certs/haproxy.pem -out /etc/rensn/certs/haproxy.pem -days 365
# cd /etc/rensn/certs
# chmod 600 haproxy.pem# cp /usr/local/sbin/haproxy* /usr/sbin/
# cp /usr/local/src/haproxy-1.5.11/examples/haproxy.init /etc/init.d/haproxy
# chmod +x /etc/init.d/haproxy
# mkdir -p /etc/haproxy
# cp /usr/local/src/haproxy-1.5.11/examples/examples.cfg /etc/haproxy/haproxy.cfg
# mkdir -p /var/lib/haproxy
# touch /var/lib/haproxy/stats
# vi /etc/haproxy/haproxy.cfg
global
#
log 127.0.0.1 local2 info
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
#
maxconn 256
#
user haproxy
group haproxy
#
daemon
# SSL
maxsslconn 256
# Diffie-Hellman
tune.ssl.default-dh-param 2048
# HAProxy ( 1)
nbproc 1
defaults
# Layer4
mode tcp
# global
log global
# HTTP
option httplog
#
timeout connect 10s
#
timeout client 30s
#
timeout server 30s
# ( http-in )
frontend http-in
# 80
bind *:80
#
default_backend backend_servers
# X-Forwarded-For
option forwardfor
# 443
bind *:443 ssl crt /etc/rensn/certs/haproxy.pem
#
backend backend_servers
#
balance roundrobin
#
server www01 192.168.21.100:80 check
server www02 192.168.21.110:80 check
server www02 192.168.21.120:80 check disabled
# service haproxy start# vi /etc/keepalived/haproxy_servers.conf
vrrp_script chk_haproxy {
script "killall -0 haproxy" # verify the pid existance
interval 2 # check every 2 seconds
weight 2 # add 2 points of prio if OK
}
vrrp_instance VI_1 {
state MASTER # MASTER on master, BACKUP on backup
interface eth1 # interface to monitor
virtual_router_id 51 # Assign one ID for this route (tcpdump vrrp)
priority 101 # 101 on master, 100 on backup
virtual_ipaddress {
192.168.21.100 # the virtual IP
}
track_script {
chk_haproxy
}
}
# /etc/init.d/keepalived restart(1)据え付け
Linuxカーネルにはip_が含まれています。vsモジュールは、管理ツールをインストールするだけです。
# yum -y install ipvsadm# vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
# sysctl -p
# cat /proc/sys/net/ipv4/ip_forward
1
# sevice network restart# ipvsadm -C
# ipvsadm -A -t 192.168.21.100:80
# ipvsadm -ln
# service ipvsadm save# vi /etc/keepalived/lvs_http_servers.conf
virtual_server <lvs_srv_ip> 80 {
delay_loop 20
lvs_sched lc
lvs_method NAT
protocol TCP
real_server <web1_srv_ip> 80 {
weight 1
inhibit_on_failure
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 5
nb_get_retry 3
delay_before_retry 20
}
}
real_server <web2_srv_ip> 80 {
weight 1
inhibit_on_failure
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 5
nb_get_retry 3
delay_before_retry 20
}
}
# /etc/init.d/keepalived restart