(一)Keepalived
(1)安装
Shell代码 
- # cd /usr/local/src
- # wget http://www.keepalived.org/software/keepalived-1.2.15.tar.gz
- # tar zxvf keepalived-1.2.15.tar.gz
- # cd keepalived-1.2.15
- # ./configure
- # make && make install
(2)配置
Shell代码
- # cp /usr/local/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
- # cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
- # mkdir /etc/keepalived
- # cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
- # cp /usr/local/sbin/keepalived /usr/sbin/
- # mv /etc/keepalived/keepalived.cfg /etc/keepalived/keepalived.cfg.org
- # vi /etc/keepalived/keepalived.conf
- ! Configuration File for keepalived
- global_defs {
- notification_email {
- cluster-admin@example.org
- }
- notification_email_from noreply@example.org
- smtp_server smtp.example.org
- smtp_connect_timeout 30
- router_id act
- }
- include haproxy_servers.conf #设置HAProxy
- include lvs_*_servers.conf #设置LVS
- # /etc/init.d/keepalived start
(二)HAProxy
(1)安装
Shell代码
- # cd /usr/local/src
- # wget http://www.haproxy.org/download/1.5/src/haproxy-1.5.11.tar.gz
- # tar zxvf haproxy-1.5.11.tar.gz
- # cd haproxy-1.5.11
- # make TARGET=linux2628 CPU=x86_64 USE_OPENSSL=1 USE_ZLIB=1 USE_PCRE=1
- # make install
(2)添加用户
Shell代码
- # useradd -s /usr/sbin/nologin -r haproxy
(3)SSL证书
Shell代码
- # mkdir -p /etc/rensn/certs
- # openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/rensn/certs/haproxy.pem -out /etc/rensn/certs/haproxy.pem -days 365
- # cd /etc/rensn/certs
- # chmod 600 haproxy.pem
(4)配置
Shell代码
- # cp /usr/local/sbin/haproxy* /usr/sbin/
- # cp /usr/local/src/haproxy-1.5.11/examples/haproxy.init /etc/init.d/haproxy
- # chmod +x /etc/init.d/haproxy
- # mkdir -p /etc/haproxy
- # cp /usr/local/src/haproxy-1.5.11/examples/examples.cfg /etc/haproxy/haproxy.cfg
- # mkdir -p /var/lib/haproxy
- # touch /var/lib/haproxy/stats
- # vi /etc/haproxy/haproxy.cfg
- global
- # 设置日志
- log 127.0.0.1 local2 info
- chroot /var/lib/haproxy
- pidfile /var/run/haproxy.pid
- # 最大链接数
- maxconn 256
- # 运行的用户
- user haproxy
- group haproxy
- # 启动服务
- daemon
- # 最大SSL链接数
- maxsslconn 256
- # Diffie-Hellman
- tune.ssl.default-dh-param 2048
- # 运行HAProxy的线程数(建议为1)
- nbproc 1
- defaults
- # Layer4负载均衡
- mode tcp
- # 日志设置继承global
- log global
- # 获取HTTP请求日志
- option httplog
- # 后端未响应的超时时间
- timeout connect 10s
- # 后端的超时时间
- timeout client 30s
- # 服务器超时时间
- timeout server 30s
- # 前端定义 ( http-in 为任意字符 )
- frontend http-in
- # 监听80端口
- bind *:80
- # 默认的后端定义
- default_backend backend_servers
- # 传递X-Forwarded-For
- option forwardfor
- # 监听443端口
- bind *:443 ssl crt /etc/rensn/certs/haproxy.pem
- # 后端定义
- backend backend_servers
- # 负载均衡方式
- balance roundrobin
- # 后端服务器的定义
- server www01 192.168.21.100:80 check
- server www02 192.168.21.110:80 check
- server www02 192.168.21.120:80 check disabled
- # service haproxy start
(5)keepalived设置
Shell代码
- # vi /etc/keepalived/haproxy_servers.conf
- vrrp_script chk_haproxy {
- script "killall -0 haproxy" # verify the pid existance
- interval 2 # check every 2 seconds
- weight 2 # add 2 points of prio if OK
- }
- vrrp_instance VI_1 {
- state MASTER # MASTER on master, BACKUP on backup
- interface eth1 # interface to monitor
- virtual_router_id 51 # Assign one ID for this route (tcpdump vrrp)
- priority 101 # 101 on master, 100 on backup
- virtual_ipaddress {
- 192.168.21.100 # the virtual IP
- }
- track_script {
- chk_haproxy
- }
- }
- # /etc/init.d/keepalived restart
(三)LVS
(1)安装
Linux内核里已经包含了ip_vs模块,只需要安装管理工具
Shell代码
- # yum -y install ipvsadm
(2)网络设置
Shell代码
- # vi /etc/sysctl.conf
- net.ipv4.ip_forward = 1
- net.ipv4.conf.default.rp_filter = 0
- # sysctl -p
- # cat /proc/sys/net/ipv4/ip_forward
- 1
- # sevice network restart
(3)LB设置
Shell代码
- # ipvsadm -C
- # ipvsadm -A -t 192.168.21.100:80
- # ipvsadm -ln
- # service ipvsadm save
(4)keepalived设置
Shell代码
- # vi /etc/keepalived/lvs_http_servers.conf
- virtual_server <lvs_srv_ip> 80 {
- delay_loop 20
- lvs_sched lc
- lvs_method NAT
- protocol TCP
- real_server <web1_srv_ip> 80 {
- weight 1
- inhibit_on_failure
- HTTP_GET {
- url {
- path /
- status_code 200
- }
- connect_timeout 5
- nb_get_retry 3
- delay_before_retry 20
- }
- }
- real_server <web2_srv_ip> 80 {
- weight 1
- inhibit_on_failure
- HTTP_GET {
- url {
- path /
- status_code 200
- }
- connect_timeout 5
- nb_get_retry 3
- delay_before_retry 20
- }
- }
- # /etc/init.d/keepalived restart