#环境:centos8
10.0.0.150 ka1
10.0.0.160 ka2
10.0.0.170 web1
10.0.0.180 web2
10.0.0.190 client
######ka1配置
#安装软件包
[root@ka1 ~]#yum install -y haproxy keepalived
#配置haroxy
[root@ka1 ~]#cat /etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# https://www.haproxy.org/download/1.8/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
# utilize system-wide crypto-policies
ssl-default-bind-ciphers PROFILE=SYSTEM
ssl-default-server-ciphers PROFILE=SYSTEM
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
listen httpd_80
bind 10.0.0.188:80
mode tcp
server web1 10.0.0.170:80 check
server web2 10.0.0.180:80 check
listen stats
mode http
bind 10.0.0.150:9999
stats enable
log global
stats uri /haproxy-status
stats auth haadmin:123456
#启用内核参数
[root@ka1 ~]#echo "net.ipv4.ip_nonlocal_bind = 1" >/etc/sysctl.conf
[root@ka1 ~]#sysctl -p
net.ipv4.ip_nonlocal_bind = 1
#配置keepalived
[root@ka1 ~]#cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.188/24 dev eth0 label eth0:1
}
}
#启动haproxy和keepalived服务
[root@ka1 ~]#systemctl enable --now haproxy keepalived
#查看端口
[root@ka1 ~]#lsof -i :80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
haproxy 35741 haproxy 7u IPv4 117609 0t0 TCP 10.0.0.188:http (LISTEN)
[root@ka1 ~]#ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:42603 0.0.0.0:*
LISTEN 0 128 10.0.0.150:9999 0.0.0.0:*
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 128 10.0.0.188:80
######ka2配置
#安装软件包
[root@ka2 ~]#yum install -y haproxy keepalived
#配置haroxy
[root@ka2 ~]#cat /etc/haproxy/haproxy.cfg
[root@ka2 ~]#cat /etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# https://www.haproxy.org/download/1.8/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
# utilize system-wide crypto-policies
ssl-default-bind-ciphers PROFILE=SYSTEM
ssl-default-server-ciphers PROFILE=SYSTEM
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
listen httpd_80
bind 10.0.0.188:80
server web1 10.0.0.170:80 check
server web2 10.0.0.180:80 check
#启用内核参数
[root@ka2 ~]#echo "net.ipv4.ip_nonlocal_bind = 1" >/etc/sysctl.conf
[root@ka2 ~]#sysctl -p
net.ipv4.ip_nonlocal_bind = 1
#配置keepalived
[root@ka2 ~]#cat /etc/keepalived/keepalived.conf
[root@ka2 ~]#cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.188/24 dev eth0 label eth0:1
}
}
#启动haproxy和keepalived服务
[root@ka2 ~]#systemctl enable --now haproxy keepalived
#查看端口
[root@ka2 ~]#lsof -i :80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
haproxy 34824 haproxy 7u IPv4 99144 0t0 TCP 10.0.0.188:http (LISTEN)
[root@ka2 ~]#ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 127.0.0.1:6011 0.0.0.0:*
LISTEN 0 128 0.0.0.0:53277 0.0.0.0:*
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 128 10.0.0.188:80 0.0.0.0:*
######web1配置
#安装软件包,编写主页文件,启动httpd服务
[root@web1 ~]#yum install -y httpd && echo "<h1>`hostname`</h1>" > /var/www/html/index.html &&systemctl enable --now httpd
######web2配置
#安装软件包,编写主页文件,启动httpd服务
[root@web2 ~]#yum install -y httpd && echo "<h1>`hostname`</h1>" > /var/www/html/index.html &&systemctl enable --now httpd
######在client上验证访问httpd和haproxy状态页
[root@client ~]#while :; do curl 10.0.0.188; sleep 1; done;
<h1>web1.tan.com</h1>
<h1>web2.tan.com</h1>
<h1>web1.tan.com</h1>
<h1>web2.tan.com</h1>
[root@client ~]#curl http://haadmin:123456@10.0.0.150:9999/haproxy-status|grep httpd
######故障模拟:停掉ka1主机的keepalived和haproxy访问不受影响
[root@ka1 ~]#systemctl stop keepalived.service haproxy.service
[root@client ~]#while :; do curl 10.0.0.188; sleep 1; done;
<h1>web1.tan.com</h1>
<h1>web2.tan.com</h1>
<h1>web1.tan.com</h1>
<h1>web2.tan.com</h1>
<h1>web1.tan.com</h1>
实现haproxy+keepalived集群高可用集群转发
发布时间 2023-10-08 09:45:56作者: 小糊涂90