Haproxy+Keepalived
结构
| 配置 | |
|---|---|
| 调度器 | 安装并配置Haproxy、Keepalived,haproxy1的优先级高于haproxy2 |
| web集群 | 编译安装nginx、并将存储服务器提供的共享文件挂载到网站根目录 |
| 存储服务器 | 安装nfs-utils、rpcbind;共享文件 |
| 设备 | 安装软件 | 作用 |
|---|---|---|
| haproxy1 | Haproxy、Keepalived | 主调度器、接待用户 |
| haproxy2 | Haproxy、Keepalived | 备用调度器、当主失效后、代替主 |
| nginx1 | nginx | 为用户提供服务 |
| nginx2 | nginx | 为用户提供服务 |
| nfs | nfs-utils、rpcbind | 为web集群提供存储服务 |
NFS
1.需安装nfs-utils、rpcbind软件包
yum -y install nfs-utils rpcbind
2.设置共享目录
(为了便于测试,所以设置两个不同的目录区分)
mkdir /opt/nginx1
mkdir /opt/nginx2
echo "<html><title>nginx1</title><body><h1>This is nginx1</h1></body></html>" >> /opt/nginx1/index.html
echo "<html><title>nginx2</title><body><h1>This is nginx2</h1></body></html>" >> /opt/nginx2/index.html
3.编辑配置文件,共享目录
vi /etc/exports
/opt/nginx1 192.168.2.16(ro)
/opt/nginx2 192.168.2.17(ro)
重启
systemctl restart nfs
查看本机发布的NFS共享目录
showmount -e
Web集群
使用xftp上传软件包
yum 安装依赖包
yum -y install gcc gcc-c++ make pcre pcre-devel zlib zlib-devel
创建一个不可登陆账户给ngxin使用
useradd -M -s /sbin/nologin nginx
解压
tar xf nginx-1.12.2.tar.gz
cd nginx-1.12.2/
配置内容
./configure \
--prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-http_stub_status_module
编译安装
make && make install
建立nginx软连接
ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
nginx配置文件软连接
ln -s /usr/local/nginx/conf/nginx.conf /etc/
检查nginx是都可以正常运行
nginx -t
查看NFS服务器共享的目录
showmount -e 192.168.2.18
将目录挂载到网站根目录
nginx1
mount 192.168.2.18:/opt/nginx1 /usr/local/nginx/html/
nginx2
mount 192.168.2.18:/opt/nginx2 /usr/local/nginx/html/
检查一下是否挂载成功
cat /usr/local/nginx/html/index.html
关闭防火墙
systemctl stop firewalld
setenforce 0
vi /etc/selinux/config
SELINUX=disabled
测试
curl http://localhost
调度器
1.安装配置haproxy(主备都要安装)
xftp上传文件haproxy
yum安装依赖包、解压、安装
yum -y install gcc gcc-c++ make pcre-devel bzip2-devel
tar xf haproxy-1.4.24.tar.gz
cd haproxy-1.4.24/
make TARGET=linux26
make install
创建一个目录、拷贝
mkdir /etc/haproxy
cp examples/haproxy.cfg /etc/haproxy/
编辑haproxy.cfg
vi /etc/haproxy/haproxy.cfg
注释
#chroot /usr/share/haproxy
#redispatch
删除
删除所有listen选项
添加
listen webcluster 0.0.0.0:80
option httpchk GET /index.html
balance roundrobin
server nginx1 192.168.2.16:80 check inter 2000 fall 3
server nginx2 192.168.2.17:80 check inter 2000 fall 3
2.安装keepalived(主备都要安装)
xftp上传keepalived文件,解压
tar xf keepalived-2.0.13.tar.gz
安装编译工具与插件
yum -y install gcc gcc-c++ make popt-devel kernel-devel openssl-devel
切换目录、编译安装
cd keepalived-2.0.13/
./configure --prefix=/
make && make install
加入系统管理服务、设为开机自启
cp keepalived/etc/init.d/keepalived /etc/init.d/
systemctl enable keepalived.service
haproxy1配置文件
(主调度器)
vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id Haproxy_01
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.2.100
}
}
haproxy2配置文件
(从调度器)
! Configuration File for keepalived
global_defs {
router_id Haproxy_02
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 145
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.2.100
}
}
测试
1.浏览器访问测试(主备都正常)
2.ip addr 测试(主备都正常)
3.模拟主调度器网络故障测试
Haproxy监控脚本
假如Haproxy1设备只是Haproxy服务出现故障,Keepalived没有出现故障,那么备用调度器就不会启用,就会造成服务中断。因此需要关闭Keepalived,这时候就需要编写一个脚本监控Haproxy,假如Haproxy关闭,那么脚本就会自动关闭Keepalived
编辑脚本
vi /etc/keepalived/check_haproxy.sh
#!/bin/bash
#haproxy失效关闭keepalived
A=`ps -C haproxy --no-header |wc -l`
if [ $A -eq 0 ];then
/usr/local/haproxy/sbin/haproxy -f /usr/local/haproxy/conf/haproxy.cfg
sleep 3
if [ `ps -C haproxy --no-header |wc -l` -eq 0 ];then
/etc/init.d/keepalived stop
fi
fi
加权限
chmod 755 /etc/keepalived/check_haproxy.sh
修改配置文件
vi /etc/keepalived/keepalived.conf
配置文件对比
weight -20的意思就是优先级-20;priority 150的意思就是优先级为150
这里和上面的配置文件相比增加了一个脚本检测haproxy监控功能
假设脚本检测到haproxy服务正常,优先级只有priority 150生效,此时主优先级为150,备用优先级为145,由主调度器提供服务
假设脚本检测到haproxy服务不正常,优先级由weight -20和priority 150相加决定,此时的优先级就为130,而备用的为145,这时候备用的就会代替主提供服务
! Configuration File for keepalived
vrrp_script chk_http_port {
script "/etc/keepalived/check_haproxy.sh"
interval 2
weight -20
global_defs {
router_id Haproxy_01
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_http_port
}
virtual_ipaddress {
192.168.2.100
}
}
}
测试
