1.先安装所需要的服务进程:
#yum ‐y install haproxy keepalived
2.编辑keeoalived的配置文件
[root@dragon ~]# cat /etc/keepalived/keepalived.conf
global_defs {
notification_email {
keepalived
}
notification_email_from keepalived@domain.local
smtp_server 192.168.1.200
smtp_connect_timeout 30
router_id 10.10.1.222
}
vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 1 # 监控HAproxy在本机是否存活
weight 2
}
vrrp_instance VI_1 {
interface eth0 #虚拟ip绑定在本机的eth0网卡上
state MASTER
smtp_alert
virtual_router_id 51
priority 101 # 101 是 master优先级, 100 是 slaves的优先级
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.10.1.222 #虚拟IP
}
track_script {
chk_haproxy
}
}3.允许keepalied的虚拟IP绑定,编辑/etc/sysctl.conf配置文件
net.ipv4.ip_nonlocal_bind = 1
4.配置防火墙
接受VRRP广播域的包
iptables ‐I INPUT ‐d 224.0.0.0/8 ‐j ACCEPT
为vrrp协议添加规则
iptables ‐I INPUT ‐p 112 ‐j ACCEPT
开放80和443端口
iptables ‐I INPUT ‐p tcp ‐‐dport 80 ‐j ACCEPT iptables ‐I INPUT ‐p tcp ‐‐dport 443 ‐j ACCEPT service iptables save
5.编辑haproxy的配置文件:
--------------------------------------------------------------- # Global settings #--------------------------------------------------------------------- global # to have these messages end up in /var/log/haproxy.log you will # need to: # # 1) configure syslog to accept network log events. This is done # by adding the ‘-r‘ option to the SYSLOGD_OPTIONS in # /etc/sysconfig/syslog # # 2) configure local2 events to go to the /var/log/haproxy.log # file. A line like the following can be added to # /etc/sysconfig/syslog # # local2.* /var/log/haproxy.log # log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon # turn on stats unix socket stats socket /var/lib/haproxy/stats #--------------------------------------------------------------------- # common defaults that all the ‘listen‘ and ‘backend‘ sections will # use if not designated in their block #--------------------------------------------------------------------- defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 stats refresh 30s stats uri /stats stats realm welcome stats auth admin:dragon123 stats hide-version #--------------------------------------------------------------------- # main frontend which proxys to the backends #--------------------------------------------------------------------- #frontend main *:5000 # acl url_static path_beg -i /static /images /javascript /stylesh # acl url_static path_end -i .jpg .gif .png .css .js # # use_backend static if url_static # default_backend app #--------------------------------------------------------------------- # static backend for serving up images, stylesheets and such #--------------------------------------------------------------------- #backend static # balance roundrobin # server static 127.0.0.1:4331 check #--------------------------------------------------------------------- # round robin balancing between the various backends #--------------------------------------------------------------------- #backend app # balance roundrobin # server app1 127.0.0.1:5001 check # server app2 127.0.0.1:5002 check # server app3 127.0.0.1:5003 check # server app4 127.0.0.1:5004 check # frontend unsecured bind 10.10.1.222:80 redirect location https://view.domain.local #--------------------------------------------------------------------- # frontend secured #--------------------------------------------------------------------- frontend secured bind 10.10.1.222:443 #ssl crt ./haproxy-cert.pem mode tcp default_backend view #--------------------------------------------------------------------- # balancing between the various backends #--------------------------------------------------------------------- backend view mode tcp balance source server view01 10.10.1.38:443 weight 1 check port 443 inter 2000 rise 2 fall 5 server view02 10.10.1.36:443 weight 1 check port 443 inter 2000 rise 2 fall 5
6.开启服务:
chkconfig haproxy on chkconfig keepalived on service haproxy start service keepalived start
查看虚拟ip
ip addr sh eth0
连接虚拟IP
验证密码
查看调度情况:
原文地址:http://dragon123.blog.51cto.com/9152073/1670963
