centos7+keepalive+haproxy

最小化安装centos7
一、 环境说明

1. HA和负载主的IP地址为：10.10.10.111
2. HA和负载备的IP地址为：10.10.10.112

3. HA的虚地址为：10.10.10.110
   二、基础配置
   1.配置网卡
   vi /etc/sysconfig/network-scripts/ifcfg-ens36
   vi /etc/sysconfig/network-scripts/ifcfg-ens33
   2.安装net-tools
   注：这个软件包会安装ifconfig,route等命令
   [root@localhost ~]# rpm -ql net-tools
   /bin/netstat
   /sbin/arp
   /sbin/ether-wake
   /sbin/ifconfig
   /sbin/ipmaddr
   /sbin/iptunnel
   /sbin/mii-diag
   /sbin/mii-tool
   /sbin/nameif
   /sbin/plipconfig
   /sbin/route
   /sbin/slattach

   mkdir /media/cdrom
   mount /dev/cdrom /media/cdrom
   vi /etc/fstab
   /dev/cdrom /media/cdrom iso9660 defaults 0 0
   cd /media/cdrom/Packages
   rpm -ivh net-tools-….[tab]
   rpm -ivh lrzsz…[tab]
   3.关闭没必要的服务，禁止开机启动
   [root@localhost ~]# systemctl disable postfix.service
   [root@localhost ~]# systemctl disable firewalld.service
   [root@localhost ~]# iptables -F
   [root@localhost ~]# iptables -t nat –F
   4.关闭selinux
   [root@localhost sbin]# cat /etc/sysconfig/selinux

   This file controls the state of SELinux on the system.

   SELINUX= can take one of these three values:

   enforcing - SELinux security policy is enforced.

   permissive - SELinux prints warnings instead of enforcing.

   disabled - No SELinux policy is loaded.

   SELINUX=disabled

   SELINUXTYPE= can take one of three two values:

   targeted - Targeted processes are protected,

   minimum - Modification of targeted policy. Only selected processes are protected.

   mls - Multi Level Security protection.

   SELINUXTYPE=targeted
   [root@localhost sbin]# getenforce
   Enforcing
   [root@localhost sbin]# setenforce 0
   [root@localhost sbin]# getenforce
   Permissive
   5.关闭IPv6
   [root@localhost keepalived]# cat /etc/default/grub
   GRUB_TIMEOUT=5
   GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
   GRUB_DEFAULT=saved
   GRUB_DISABLE_SUBMENU=true
   GRUB_TERMINAL_OUTPUT="console"
   GRUB_CMDLINE_LINUX="ipv6.disable=1 crashkernel=auto rhgb quiet"
   GRUB_DISABLE_RECOVERY="true"
   运行grub2-mkconfig -o /boot/grub2/grub.cfg重新生成grub.cfg文件
   注：此操作需要重启才能生效
   二、安装keepalived
   下载地址http://www.keepalived.org/download.html

4. 安装openssl openssl-devel gcc gcc-c++ make pcre-devel bzip2-devel
   [root@localhost src]# cd /usr/local/src/
   [root@localhost src]# yum install -y openssl openssl-devel gcc gcc-c++ make pcre-devel bzip2-devel

2.下载最新版本keepalived并将keepalived-2.0.7.tar.gz放在/usr/local/src/目录下，安装会用到openssl openssl-devel
[root@localhost src]# tar -zxvf keepalived-2.0.7.tar.gz
[root@localhost src]#cd /usr/local/src/keepalived-2.0.7

3.安装并配置keepalived
[root@localhost keepalived-2.0.7]# mkdir /usr/local/keepalived
[root@localhost keepalived-2.0.7]# ./configure --prefix=/usr/local/keepalived/
[root@localhost keepalived-2.0.7]# make && make install
[root@localhost ~]#mkdir /etc/keepalived
[root@localhost ~]#cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived

Killall需要安装psmisc
yum install –y psmisc

负载主配置：
[root@localhost keepalived]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {acassen@firewall.loc
br/>acassen@firewall.loc
br/>sysadmin@firewall.loc
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server localhost
smtp_connect_timeout 30
router_id NodeA
}

vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 2
weight -2
}

vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script{
chk_haproxy
}
virtual_ipaddress {
虚拟IP地址
}
}

负载备配置：
[root@localhost keepalived]# vim keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {acassen@firewall.loc
br/>acassen@firewall.loc
br/>sysadmin@firewall.loc
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server localhost
smtp_connect_timeout 30
router_id NodeA
}

vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 2
weight -2
}

vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script{
chk_haproxy
}
virtual_ipaddress {
虚拟IP地址(同主)
}
}

4.分别启动两个keepalive
[root@localhost /]# /usr/local/keepalived/sbin/keepalived -D

5.查看进程：ps aux | grep keepalived
[root@localhost ~]# ps aux | grep keepalived
root 828 0.0 0.0 40848 676 ? Ss 09:45 0:00 /usr/local/keepalived/sbin/keepalived -D
root 829 0.0 0.0 40848 1200 ? S 09:45 0:00 /usr/local/keepalived/sbin/keepalived -D
root 1101 0.0 0.0 112704 972 pts/0 S+ 09:46 0:00 grep --color=auto keepalived

6. 添加开启启动：
   [root@localhost /]# echo "/usr/local/keepalived/sbin/keepalived -D" >> /etc/rc.d/rc.local
   [root@localhost /]# chmod +x /etc/rc.d/rc.local

测试：
Win7 ping 10.10.10.110 -t
将负载1网卡down掉10.10.10.110还能通
Win7 arp –a mac地址和负载1相同
将负载1网卡down掉 mac地址和负载2相同
至此HA测试成功

三、安装Haproxy

1. 下载地址 http://pkgs.fedoraproject.org/repo/pkgs/haproxy/

2. 下载最新版本hpproxy并将haproxy-1.8.13.tar.gz放在/usr/local/src/目录下,安装会用到pcre-devel bzip2-devel
   [root@localhost ~]# cd /usr/local/src/
   [root@localhost src]# tar -zxvf haproxy-1.8.13.tar.gz
   [root@localhost src]# cd haproxy-1.8.13
   [root@localhost haproxy-1.8.13]# make TARGET=linux2628
   [root@localhost haproxy-1.8.13]# make install
   [root@localhost haproxy-1.8.13]# mkdir /etc/haproxy
   [root@localhost haproxy-1.8.13]# mkdir /usr/local/haproxy
   [root@localhost haproxy-1.8.13]# groupadd haproxy
   [root@localhost haproxy-1.8.13]# useradd -s /sbin/nologin -M -g haproxy haproxy
   [root@localhost haproxy-1.8.13]# id haproxy
   uid=1000(haproxy) gid=1000(haproxy) groups=1000(haproxy)

3.添加配置文件(主备配置相同)
[root@localhost haproxy-1.8.13]# vim /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local0 info
#log 127.0.0.1 local3
#log 127.0.0.1 local1 notice
#log loghost local0 info
maxconn 4096
chroot /usr/local/haproxy
uid 99
gid 99
daemon
nbproc 2
pidfile /var/run/haproxy.pid
#debug
#quiet

defaults
#log global
log 127.0.0.1 local3
mode http
option httplog
option dontlognull
option forwardfor
option httpclose
retries 3
option redispatch
maxconn 5000
contimeout 20000
clitimeout 80000
srvtimeout 80000
stats uri /haproxy-admin
stats auth admin:（管理界面的密码)
stats hide-version

frontend http-in
bind *:80
mode http
option httplog
log global
default_backend (自定义名称)

backend (自定义名称)
balance roundrobin
cookie SESSION_COOKIE insert indirect nocache
option httpchk HEAD /loginkey.aspx HTTP/1.0
server 名称01 10.10.10.20:80 cookie 名称1 weight 5 check inter 2000 rise 2 fall 3
server 名称02 10.10.10.30:80 cookie 名称2 weight 3 check inter 2000 rise 2 fall 3

4.添加开机启动
[root@localhost examples]# cp /usr/local/src/haproxy-1.8.13/examples/haproxy.init /etc/init.d/haproxy
[root@localhost examples]# chmod 755 /etc/init.d/haproxy
[root@localhost examples]# chkconfig --add haproxy
[root@localhost examples]# ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy
[root@localhost examples]# service haproxy start
Starting haproxy (via systemctl): [ OK ]
[root@localhost examples]# chkconfig haproxy on
[root@localhost examples]# netstat -anpt | grep haproxy
tcp 0 0 0.0.0.0:80 0.0.0.0: LISTEN 6836/haproxy
tcp 0 1 10.10.10.111:60196 ...:80 SYN_SENT 6836/haproxy
tcp 0 1 10.10.10.111:60198 ...*:80 SYN_SENT 6837/haproxy