一:部署环境
四台主机:
Node1:192.168.197.131 VIP(192.168.197.100)
在node1主机上添加VIP (192.168.197.100)
命令:ifconfig ens33:1 192.168.197.100/32
Node2:192.168.197.132
在node2主机上添加VIP
Web1:192.168.197.133
Web3:192.168.197.134
所需资源:
haproxy-1.8.20.tar.gz,keepalived(光盘yum源),httpd(光盘yum源)
二:实验步骤:
2.1 分别在node1、node2主机上安装haproxy
node1、node2 两台主机都源码编译haproxy (操作相同)
[root@node1 data]# yum install -y gcc gcc-c++ pcre pcre-devel openssl openssl-devel systemd-devel
[root@node1 data]# tar -xvf haproxy-1.8.20.tar.gz
[root@node1 haproxy-1.8.20]# make ARCH=x86_64 TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_CPU_AFFINITY=1 PREFIX=/usr/local/haproxy
[root@node1 haproxy-1.8.20]# make install PREFIX=/usr/local/haproxy
[root@node1 haproxy-1.8.20]# cp haproxy /usr/bin/
#配置启动文件
[root@node1 system]# vim /usr/lib/systemd/system/haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target
[Service]
ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
ExecStart=/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /usr/local/haproxy/run/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
[Install]
WantedBy=multi-user.target
#创建用户与配置文件
[root@node1 system]# useradd -r -s /sbin/nologin haproxy
[root@node1 system]# mkdir /etc/haproxy
[root@node1 system]# mkdir /usr/local/haproxy/run
[root@node1 system]# mkdir /var/lib/haproxy
[root@node1 system]# chown -R haproxy:haproxy /var/lib/haproxy/
global
maxconn 100000
chroot /usr/local/haproxy
#stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
#uid 981
#gid 981
user haproxy
group haproxy
daemon
#nbproc 4
#cpu-map 1 0
#cpu-map 2 1
#cpu-map 3 2
#cpu-map 4 3
pidfile /usr/local/haproxy/run/haproxy.pid
log 127.0.0.1 local3 info
defaults
option http-keep-alive
option forwardfor
maxconn 100000
mode http
timeout connect 300000ms
timeout client 300000ms
timeout server 300000ms
listen stats
mode http
bind 192.168.197.131:9999
stats enable
log global
stats uri /haproxy-status
stats auth admin:123456
listen web_port
bind 192.168.197.100:80 #此处为VIP
mode http
log global
server web1 192.168.197.133:80 check inter 3000 fall 2 rise 5 #后端服务器
server web1 192.168.197.134:80 check inter 3000 fall 2 rise 5 #后端服务器
2.2安装keepalived服务
[root@node1 system]# yum install -y keepalived
[root@node2 haproxy-1.8.20]# yum install -y keepalived
2.3配置keepalived
[root@node1 keepalived]# cp /etc/keepalived/keepalived.conf{,.bak}
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1 #192.168.197.132主机上此处改为node2
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.100.100.100
}
vrrp_instance VI_1 {
state MASTER #192.168.197.132主机上此处改为BACKUP
interface ens33
virtual_router_id 51
priority 100 #192.168.197.132主机上此处改为80
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.197.100/32
2.4 修改内核参数
因haproxy配置文件中绑定的IP是一个虚拟IP,会haproxy服务导致启动不了,此时需要修改内核参数
# 添加以下两行
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
2.5 安装后端web服务器
[root@web1 ~]# yum install -y httpd
[root@web2 ~]# yum install -y httpd
#准备页面
[root@web1 ~]# echo 'web page 192.168.197.133' > /var/www/html/index.html
[root@web2 ~]# echo 'web page 192.168.197.134' > /var/www/html/index.html
#启动httpd服务
[root@web1 ~]# systemctl start httpd
[root@web2 ~]# systemctl start httpd
2.6 修改VIP防火墙策略
在node1 和node2 上分别添加这个 vrrp_iptables
2.7 启动服务,进行测试
[root@node1 ~]# systemctl start haproxy keepalived
[root@node2 ~]# systemctl start haproxy keepalived
现在#node1 上查看 ip a | grep 192.168.197.100,正常是存在的
#node2 上暂时是没有的
[root@web1 ~]# while true;do curl http://192.168.197.100; sleep 1;done
#停掉node1 上的keepalived 服务
[root@node1 ~]# systemctl stop keepalived
#在node2 上查看vip192.168.197.100是否转移过来了,转移过来就是正常运行的
[root@node2 ~]# ip a | grep 192.168.197.100
#再次查看web1 主机是否正常运行,依然正常运行
三:实现Haproxy 高可用
上述配置,只有前主节点的keepalived 出现故障之后才会切换vip, keepalived只是监控了了自己,并没有监控haproxy,因此也会造成业务故障,解决方法便是要在keepalived配置文件中添加监控haproxy 的脚本,主节点的haproxy坏了才会会自动切换vip,,根据监控的结果状态实现动态调整。
vrrp_script <SCRIPT_NAME> {
#定义一个检测脚本,在global_defs 之外配置
script <STRING>|<QUOTED-STRING> #shell命令或脚本路径
interval <INTEGER> #间隔时间,单位为秒,默认1秒
timeout <INTEGER> #超时时间
weight <INTEGER:-254..254> #权重,脚本监测失败后会执行权重+/-操作
fall <INTEGER> #脚本几次失败转换为失败
rise <INTEGER> #脚本连续几次监测成功后,把服务器从失败标记为成功
user USERNAME [GROUPNAME] #执行监测的用户或组
init_fail #设置默认标记为失败状态,监测成功之后再转换为成功状态
}
vrrp_instance VI_1 {
…
track_script {
#触发脚本
chk_down
}
}
3.1 在node1(192.168.197.131)主机上
[root@node1 ~]# vim /etc/keepalived/chk_haproxy.sh
#!/bin/bash
/usr/bin/killall -0 haproxy
[root@node1 ~]# chmod +x /etc/keepalived/chk_haproxy.sh
[root@node1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_script chk_haproxy {
script "/etc/keepalived/chk_haproxy.sh"
interval 2
weight -50
fall 3
rise 5
timeout 3
}
track_script {
chk_haproxy
}
将chk_haproxy.sh传送至node2(192.168.197.132)主机上:
[root@node1 ~]# scp /etc/keepalived/chk_haproxy.sh 192.168.197.132:/etc/keepalived/
在node2(192.168.197.132)上修改keepalived配置文件:
vrrp_script chk_haproxy {
script "/etc/keepalived/chk_haproxy.sh"
interval 2
weight -50
fall 3
rise 5
timeout 3
}
track_script {
chk_haproxy
}
3.2 重启keepalived 服务
[root@node1 ~]# systemctl stop keepalived
VIP 目前在node1主节点上
Node2(192.168.197.132)上没有192.168.197.100
目前测试没有问题,可以正常访问
测试停掉node1 主节点上的haproxy
[root@node1 keepalived]# systemctl stop haproxy.service
主节点顺利切换到node2 主机上
访问依然正常
在node1主节上重新启动haproxy服务
[root@node1 keepalived]# systemctl start haproxy.service
VIP正常切换至node1 主机上
Web1服务器正常访问
四、实现keepalived的邮件通知功能
#定义通知脚本:
notify_master <STRING>|<QUOTED-STRING>: 当前节点成为主节点时触发的脚本
notify_backup <STRING>|<QUOTED-STRING>: 当前节点转为备节点时触发的脚本
notify_fault <STRING>|<QUOTED-STRING>: 当前节点转为“失败”状态时触发的脚本
notify <STRING>|<QUOTED-STRING>: 通用格式的通知触发机制,一个脚本可完成以上三种状态的转换时的通知
```=
```bash
#安装邮件服务
[root@node1 ~]# yum install -y postfix
#发件人配置
[root@node1 ~]# vim /etc/mail.rc
set from=(个人QQ邮箱)@qq.com
set smtp=smtp.qq.com
set smtp-auth-user=(个人QQ邮箱)@qq.com
set smtp-auth-password=mfcjxxjezahijgddj #到QQ邮箱里配置生成
set smtp-auth=login
set ssl-verify=ignore
=========================================================================
注意:这里的 (set smtp-auth-password=mfcjxxjezahijgddj #到QQ邮箱里配置生成)
需要到QQ邮箱页面申请开放
步骤:QQ邮箱首页-->设置-->账户-->拉至下方找到开启服务:pop3/smtp服务
=========================================================================
#准备通知脚本
[root@node1 ~]# cat /etc/keepalived/nodify.sh
#!/bin/bash
contact='(个人QQ邮箱)@qq.com'
notify() {
mailsubject="$(hostname) to be $1, vip 转移"
mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"
echo "$mailbody" | mail -s "$mailsubject" $contact
}
case $1 in
master)
notify master
;;
backup)
notify backup
;;
fault)
notify fault
;;
*)
echo "Usage: $(basename $0) {master|backup|fault}"
exit 1
;;
esac
#脚本的调用方法,在vrrp_instance中配置即可
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
#如下所示
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.197.100/24 dev ens33 label ens33:0
}
track_script {
chk_haproxy
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}