Keepalived+HAProxy基于ACL实现单IP多域名负载功能 |
您所在的位置:网站首页 › php客户端ip 服务器ip › Keepalived+HAProxy基于ACL实现单IP多域名负载功能 |
Keepalived+HAProxy基于ACL实现单IP多域名负载功能
|
在10.0.0.7主机上搭建www.yanlinux.org(VIP:10.0.0.100)和www.yanlinux.edu(VIP:10.0.0.200)的DNS解析。 配置的关键: 在主配置文件/etc/named.conf中要将listen-on port 53 { 127.0.0.1; }中的127.0.0.1改为localhost;还需要将allow-query { localhost; };前面加上//注释掉,或者将其中的localhost改为any,或者在后面加上各个网段信息。 各个域名解析库文件的权限应改为641,属组为named #利用脚本自动搭建www.yanlinux.org的dns解析配置 [root@dns ~]$ cat install_dns.sh #!/bin/bash DOMAIN=yanlinux.org HOST=www HOST_IP=10.0.0.100 CPUS=`lscpu |awk '/^CPU\(s\)/{print $2}'` . /etc/os-release color () { RES_COL=60 MOVE_TO_COL="echo -en \\033[${RES_COL}G" SETCOLOR_SUCCESS="echo -en \\033[1;32m" SETCOLOR_FAILURE="echo -en \\033[1;31m" SETCOLOR_WARNING="echo -en \\033[1;33m" SETCOLOR_NORMAL="echo -en \E[0m" echo -n "$1" && $MOVE_TO_COL echo -n "[" if [ $2 = "success" -o $2 = "0" ] ;then ${SETCOLOR_SUCCESS} echo -n $" OK " elif [ $2 = "failure" -o $2 = "1" ] ;then ${SETCOLOR_FAILURE} echo -n $"FAILED" else ${SETCOLOR_WARNING} echo -n $"WARNING" fi ${SETCOLOR_NORMAL} echo -n "]" echo } install_dns () { if [ $ID = 'centos' -o $ID = 'rocky' ];then yum install -y bind bind-utils elif [ $ID = 'ubuntu' ];then color "不支持Ubuntu操作系统,退出!" 1 exit #apt update #apt install -y bind9 bind9-utils else color "不支持此操作系统,退出!" 1 exit fi } config_dns () { sed -i -e '/listen-on/s/127.0.0.1/localhost/' -e '/allow-query/s/localhost/any/' /etc/named.conf cat >> /etc/named.rfc1912.zones 27 28 29 30 31 #修改此行为true,指定备份服务器的rsync配置的用户和密码 ...... #以后台方式执行同步 [root@NFS ~]$ sersync2 -dro /usr/local/sersync/confxml.xml ##web2(jpress)业务共享配置 [root@NFS ~]$ cd /usr/local/sersync/ root@NFS sersync]$ cp confxml.xml jpress.xml ###相较于web1只需修改下面标记的两处 [root@NFS sersync]$ vi jpress.xml 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 #只需要将web1中的这个共享目录改成web2的 25 #这个是备份服务器中定义对应web2的rsync daemon的模块名 26 27 28 29 30 31 32 33 34 35 #后台独立运行web2对应服务 [root@NFS sersync]$ sersync2 -dro /usr/local/sersync/jpress.xml #为了防止服务器重启后手动执行的服务断开,将执行命令写进文件中,随开机启动 [root@NFS ~]$ echo -e "/usr/local/sersync/sersync2 -dro /usr/local/sersync/confxml.xml &> /dev/null\n/usr/local/sersync/sersync2 -dro /usr/local/sersync/jpress.xml &> /dev/null" > /etc/profile.d/sersync2.sh [root@NFS ~]$ chmod +x /etc/profile.d/sersync2.sh 部署nfs备份服务器 #在10.0.0.78 NFS备份服务器以独立服务方式运行rsync并实现验证功能 [root@NFS-bak ~]$ yum -y install rsync-daemon #创建备份目录 [root@NFS-bak ~]$ mkdir /data/backup -p [root@NFS-bak ~]$ mkdir /data/web2-backup #修改配置文件,添加以下信息 [root@NFS-bak ~]$ vi /etc/rsyncd.conf uid = www #指定以哪个用户来访问共享目录,将之指定为生成的文件所有者,默认是nobody gid = www max connections = 0 ignore errors exclude = lost+found/ log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid lock file = /var/run/rsyncd.lock reverse lookup = no [backup] #每个模块名对应一个不同的path目录,如果同名后面模块生效 path = /data/backup/ comment = backup dir read only = no #默认是yes,即只读 auth users = rsyncuser #默认anonymous可以访问rsync服务器,主服务器中指定的用户 secrets file = /etc/rsync.pas [web2-backup] path = /data/web2-backup/ comment = backup dir read only = no auth users = rsyncuser secrets file = /etc/rsync.pas #创建验证文件 [root@NFS-bak ~]$ echo "rsyncuser:lgq123456" > /etc/rsync.pas #创建传输用户 [root@NFS-bak ~]$ chmod 600 /etc/rsync.pas [root@NFS-bak ~]$ groupadd -g 666 www [root@NFS-bak ~]$ useradd -u 666 www -g 666 [root@NFS-bak ~]$ chown www.www /data/backup/ -R [root@NFS-bak ~]$ chown -R www.www /data/web2-backup/ #重载配置 [root@NFS-bak ~]$ rsync --daemon #放进文件中,随主机开启自启动 [root@NFS-bak ~]$ echo "rsync --daemon" > /etc/profile.d/rsync.sh [root@NFS-bak ~]$ chmod +x /etc/profile.d/rsync.sh 测试是否主备同步数据 #在NFS主服务器上共享目录创建一个test.txt文件,查看备份服务器上是否同步 [root@NFS ~]$ cd /data/www/ [root@NFS www]$ touch test.txt [root@NFS www]$ ll total 0 -rw-r--r-- 1 root root 0 Mar 9 22:23 test.txt [root@NFS-bak ~]$ ll /data/backup/ total 0 -rw-r--r-- 1 www www 0 Mar 9 22:23 test.txt 4 在10.0.0.48和10.0.0.58主机上搭建MySQL主从节点 主节点:10.0.0.48 从节点:10.0.0.58 搭建主节点 #安装mysql [root@mysql-master ~]$ yum -y install mysql-server #创建二进制日志存放路径,并在配置文件中指定路径以及日子文件的前缀 [root@mysql-master ~]$ mkdir /data/binlog [root@mysql-master ~]$ chown mysql. /data/binlog/ #设置配置文件,并启动服务 [root@mysql-master ~]$ cat /etc/my.cnf [mysqld] server-id=48 log_bin=/data/binlog/mysql-bin [root@mysql-master ~]$ systemctl enable --now mysqld #创建复制用户以及授权 [root@mysql-master ~]$ mysql -uroot -plgq123456 -e "create user 'repluser'@'10.0.0.%' identified by 'lgq123456';" [root@mysql-master ~]$ mysql -uroot -plgq123456 -e "grant replication slave on *.* to 'repluser'@'10.0.0.%';" #创建kodbox对应数据库以及账号 [root@mysql-master ~]$ mysql -uroot -plgq123456 -e "create database kodbox;" [root@mysql-master ~]$ mysql -uroot -plgq123456 -e "create user kodbox@'10.0.0.%' identified by 'lgq123456';" [root@mysql-master ~]$ mysql -uroot -plgq123456 -e "grant all on kodbox.* to kodbox@'10.0.0.%';" #创建web2业务对应的数据库和用户 [root@mysql-master ~]$ mysql -uroot -plgq123456 -e "create database jpress;" [root@mysql-master ~]$ mysql -uroot -plgq123456 -e "create user jpress@'10.0.0.%' identified by '123456';" [root@mysql-master ~]$ mysql -uroot -plgq123456 -e "grant all on jpress.* to jpress@'10.0.0.%';" #进行完全备份 [root@mysql-master ~]$ mysqldump -uroot -plgq123456 -A -F --single-transaction --master-data=1 > full_backup.sql #拷贝备份数据到从节点 [root@mysql-master ~]$ scp full_backup.sql 10.0.0.58: 搭建从节点 #安装 [root@mysql-slave ~]$ yum -y install mysql-server #修改配置文件,并启动 [root@mysql-slave ~]$ vi /etc/my.cnf #添加下面信息 [mysqld] server-id=58 read-only [root@mysql-slave ~]$ systemctl enable --now mysqld #修改备份文件,在change master to中添加主节点信息 [root@mysql-slave ~]$ vi full_backup.sql ...... CHANGE MASTER TO MASTER_HOST='10.0.0.48', #添上主节点ip地址 MASTER_USER='repluser', #添上在主节点创建的账号 MASTER_PASSWORD='lgq123456', #添上账号密码 MASTER_PORT=3306, #添上端口号 MASTER_LOG_FILE='mysql-bin.000003', MASTER_LOG_POS=157; ...... #还原备份 ###暂时关闭二进制日志 [root@mysql-slave ~]$ mysql mysql> set sql_log_bin=0; ###还原 mysql> source /root/full_backup.sql; ##开启主从节点的链接线程 mysql> start slave; ##查看状态 mysql> show slave status\G *************************** 1. row *************************** Slave_IO_State: Waiting for source to send event Master_Host: 10.0.0.48 Master_User: repluser Master_Port: 3306 Connect_Retry: 60 Master_Log_File: mysql-bin.000003 Read_Master_Log_Pos: 157 Relay_Log_File: mysql-slave-relay-bin.000002 Relay_Log_Pos: 326 Relay_Master_Log_File: mysql-bin.000003 Slave_IO_Running: Yes Slave_SQL_Running: Yes Replicate_Do_DB: Replicate_Ignore_DB: Replicate_Do_Table: Replicate_Ignore_Table: Replicate_Wild_Do_Table: Replicate_Wild_Ignore_Table: Last_Errno: 0 Last_Error: Skip_Counter: 0 Exec_Master_Log_Pos: 157 Relay_Log_Space: 542 Until_Condition: None Until_Log_File: Until_Log_Pos: 0 Master_SSL_Allowed: No Master_SSL_CA_File: Master_SSL_CA_Path: Master_SSL_Cert: Master_SSL_Cipher: Master_SSL_Key: Seconds_Behind_Master: 0 Master_SSL_Verify_Server_Cert: No Last_IO_Errno: 0 Last_IO_Error: Last_SQL_Errno: 0 Last_SQL_Error: Replicate_Ignore_Server_Ids: Master_Server_Id: 48 Master_UUID: bdcb41ce-be61-11ed-808a-000c2924e25d Master_Info_File: mysql.slave_master_info SQL_Delay: 0 SQL_Remaining_Delay: NULL Slave_SQL_Running_State: Replica has read all relay log; waiting for more updates Master_Retry_Count: 86400 Master_Bind: Last_IO_Error_Timestamp: Last_SQL_Error_Timestamp: Master_SSL_Crl: Master_SSL_Crlpath: Retrieved_Gtid_Set: Executed_Gtid_Set: Auto_Position: 0 Replicate_Rewrite_DB: Channel_Name: Master_TLS_Version: Master_public_key_path: Get_master_public_key: 0 Network_Namespace: 1 row in set, 1 warning (0.01 sec) 测试主从是否同步 #在主节点上创建一个测试数据库 mysql> create database t1; Query OK, 1 row affected (0.00 sec) mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | kodbox | | mysql | | performance_schema | | sys | | t1 | +--------------------+ 6 rows in set (0.00 sec) #在从节点查看是否存在 mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | kodbox | | mysql | | performance_schema | | sys | | t1 | +--------------------+ 6 rows in set (0.01 sec) ##说明主从复制已经可以同步了 5 在10.0.0.88主机上部署redis #安装redis [root@redis ~]$ yum -y install redis #修改配置文件 [root@redis ~]$ vi /etc/redis.conf bind 0.0.0.0 #将此行的127.0.0.1改为0.0.0.0,实现远程访问 [root@redis ~]$ systemctl enable --now redis 6 搭建 www.yanlinux.org web1业务(可道云业务) 6.1 在10.0.0.28上搭建nginx和php-fpm # 1.利用脚本一键编译安装nginx [root@web1 ~]$ cat install_nginx.sh #!/bin/bash OS_TYPE=`awk -F'[ "]' '/^NAME/{print $2}' /etc/os-release` OS_VERSION=`awk -F'[".]' '/^VERSION_ID/{print $2}' /etc/os-release` CPU=`lscpu |awk '/^CPU\(s\)/{print $2}'` SRC_DIR=/usr/local/src read -p "$(echo -e '\033[1;32m请输入下载的版本号:\033[0m')" NUM NGINX_FILE=nginx-${NUM} NGINX_INSTALL_DIR=/apps/nginx color () { RES_COL=60 MOVE_TO_COL="echo -en \\033[${RES_COL}G" SETCOLOR_SUCCESS="echo -en \\033[1;32m" SETCOLOR_FAILURE="echo -en \\033[1;31m" SETCOLOR_WARNING="echo -en \\033[1;33m" SETCOLOR_NORMAL="echo -en \E[0m" echo -n "$1" && $MOVE_TO_COL echo -n "[" if [ $2 = "success" -o $2 = "0" ] ;then ${SETCOLOR_SUCCESS} echo -n $" OK " elif [ $2 = "failure" -o $2 = "1" ] ;then ${SETCOLOR_FAILURE} echo -n $"FAILED" else ${SETCOLOR_WARNING} echo -n $"WARNING" fi ${SETCOLOR_NORMAL} echo -n "]" echo } #下载源码 wget_package(){ [ -e ${NGINX_INSTALL_DIR} ] && { color "nginx 已安装,请卸载后再安装" 1; exit; } cd ${SRC_DIR} if [ -e ${NGINX_FILE}.tar.gz ];then color "源码包已经准备好" 0 else color "开始下载源码包" 0 wget http://nginx.org/download/${NGINX_FILE}.tar.gz [ $? -ne 0 ] && { color "下载 ${NGINX_FILE}.tar.gz文件失败" 1; exit; } fi } #编译安装 install_nginx(){ color "开始安装nginx" 0 if id nginx &> /dev/null;then color "nginx用户已经存在" 1 else useradd -s /sbin/nologin -r nginx color "nginx用户账号创建完成" 0 fi color "开始安装nginx依赖包" 0 if [ $OS_TYPE == "Centos" -a ${OS_VERSION} == '7' ];then yum -y install make gcc pcre-devel openssl-devel zlib-devel perl-ExtUtils-Embed elif [ $OS_TYPE == "Centos" -a ${OS_VERSION} == '8' ];then yum -y install make gcc-c++ libtool pcre pcre-devel zlib zlib-devel openssl openssl-devel perl-ExtUtils-Embed elif [ $OS_TYPE == "Rocky" ];then yum -y install make gcc libtool pcre pcre-devel zlib zlib-devel openssl openssl-devel perl-ExtUtils-Embed elif [ $OS_TYPE == "Ubuntu" ];then apt update apt -y install make gcc libpcre3 libpcre3-dev openssl libssl-dev zlib1g-dev else color '不支持此系统!' 1 exit fi #开始编译安装 color "开始编译安装nginx" 0 cd $SRC_DIR tar xf ${NGINX_FILE}.tar.gz cd ${SRC_DIR}/${NGINX_FILE} ./configure --prefix=${NGINX_INSTALL_DIR} --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module make -j ${CPU} && make install [ $? -eq 0 ] && color "nginx 编译安装成功" 0 || { color "nginx 编译安装失败,退出!" 1 ;exit; } ln -s ${NGINX_INSTALL_DIR}/sbin/nginx /usr/sbin/ &> /dev/null #创建service文件 cat > /lib/systemd/system/nginx.service /dev/null || { color "nginx 启动失败,退出!" 1 ; exit; } color "nginx 安装完成" 0 } wget_package install_nginx ##执行脚本安装nginx [root@web1 ~]$ sh install_nginx.sh [root@web1 ~]$ ss -ntl State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 128 0.0.0.0:80 0.0.0.0:* # 2.安装配置php-fpm [root@web1 ~]$ yum -y install php-fpm ##安装php-mysql 以及php-redis所依赖的包 [root@web1 ~]$ php-mysqlnd php-json php-cli php-devel ##下载php-redis [root@web1 ~]$ wget https://pecl.php.net/get/redis-5.3.7.tgz -P /usr/local/src/ [root@web1 ~]$ cd /usr/local/src/ [root@web1 src]$ tar xf redis-5.3.7.tgz [root@web1 src]$ cd redis-5.3.7/ [root@web1 redis-5.3.7]$ phpize Configuring for: PHP Api Version: 20170718 Zend Module Api No: 20170718 Zend Extension Api No: 320170718 [root@web1 redis-5.3.7]$ ./configure [root@web1 redis-5.3.7]$ make && make install ##创建php支持redis扩展的配置文件 [root@web1 redis-5.3.7]$ vi /etc/php.d/31-redis.ini extension=redis #加入此行 [root@web1 redis-5.3.7]$ cd #修改php上传限制配置 [root@web1 ~]$ vi /etc/php.ini post_max_size = 200M #修改为200M upload_max_filesize = 200M #改为200M,实现大文件上传 #修改配置文件 [root@web1 ~]$ vi /etc/php-fpm.d/www.conf user = nginx #修改为nginx group = nginx #修改为nginx ;listen = /run/php-fpm/www.sock #注释此行 listen = 127.0.0.1:9000 #添加此行,监控本机的9000端口 pm.status_path = /fpm_status #取消此行的注释,并改为fpm_status,防止与nginx服务的status冲突 ping.path = /ping #取消此行的注释 ping.response = pong #取消此行的注释 ##启动服务 [root@web1 ~]$ systemctl enable --now php-fpm # 3.配置nginx虚拟主机配置文件 ##为了方便管理不同的业务,nginx支持子配置文件 ##创建子配置文件目录 [root@web1 ~]$ mkdir /apps/nginx/conf/conf.d [root@web1 ~]$ vi /apps/nginx/conf/nginx.conf include /apps/nginx/conf/conf.d/*.conf; #在http语句块最后一行添加上这一行 ##创建业务配置文件 [root@web1 ~]$ cat /apps/nginx/conf/conf.d/www.yanlinux.org.conf server { listen 80; server_name www.yanlinux.org; client_max_body_size 100M; server_tokens off; location / { root /data/kodbox/; index index.php index.html index.htm; } location ~ \.php$ { root /data/kodbox/; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; fastcgi_hide_header X-Powered-By; } location ~ ^/(ping|fpm_status)$ { fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } } # 4.重启服务 [root@web1 ~]$ systemctl restart nginx.service php-fpm.service查看状态php状态页,测试服务搭建成功
往可道云上上传文件MyHotkeyScript.ahk,测试NFS主备服务是否都可以得到数据 #查看web1服务器上是否上传了数据 [root@web1 ~]$ ll /data/kodbox/data/files/202303/09_079920df/ total 4 -rwxrwxrwx 1 666 666 1491 Mar 9 22:51 MyHotkeyScript.ahk #在NFS主服务器上查看 [root@NFS ~]$ ll /data/www/202303/09_079920df/ total 4 -rwxrwxrwx 1 www www 1491 Mar 9 22:51 MyHotkeyScript.ahk #在NFS备份服务器上查看 [root@NFS-bak ~]$ ll /data/backup/202303/09_079920df/ total 4 -rwxrwxrwx 1 www www 1491 Mar 9 22:51 MyHotkeyScript.ahk 7 部署www.yanlinux.edu web2业务(JPress) 7.1 在10.0.0.38主机上搭建tomcat #利用脚本一键安装jdk以及tomcat [root@web2 ~]$ cat install_tomcat_jdk.sh #!/bin/bash DIR=`pwd` read -p "$(echo -e '\033[1;32m请输入JDK版本号:\033[0m')" JDK_VERSION read -p "$(echo -e '\033[1;32m请输入Tomcat版本号:\033[0m')" TOMCAT_VERSION JDK_FILE="jdk-${JDK_VERSION}-linux-x64.tar.gz" TOMCAT_FILE="apache-tomcat-${TOMCAT_VERSION}.tar.gz" INSTALL_DIR="/usr/local" color () { RES_COL=60 MOVE_TO_COL="echo -en \\033[${RES_COL}G" SETCOLOR_SUCCESS="echo -en \\033[1;32m" SETCOLOR_FAILURE="echo -en \\033[1;31m" SETCOLOR_WARNING="echo -en \\033[1;33m" SETCOLOR_NORMAL="echo -en \E[0m" echo -n "$2" && $MOVE_TO_COL echo -n "[" if [ $1 = "success" -o $1 = "0" ] ;then ${SETCOLOR_SUCCESS} echo -n $" OK " elif [ $1 = "failure" -o $1 = "1" ] ;then ${SETCOLOR_FAILURE} echo -n $"FAILED" else ${SETCOLOR_WARNING} echo -n $"WARNING" fi ${SETCOLOR_NORMAL} echo -n "]" echo } install_jdk(){ if ! [ -f "${DIR}/${JDK_FILE}" ];then color 1 "${JDK_FILE}不存在,请去官网下载" exit; elif [ -f ${INSTALL_DIR}/jdk ];then color 1 "JDK已经安装" exit; else [ -d "${INSTALL_DIR}" ] || mkdir -pv ${INSTALL_DIR} fi tar xf ${DIR}/${JDK_FILE} -C ${INSTALL_DIR} cd ${INSTALL_DIR} && ln -s jdk* jdk cat > /etc/profile.d/jdk.sh /dev/null || useradd -r -s /sbin/nologin tomcat cat > ${INSTALL_DIR}/tomcat/conf/tomcat.conf #在这一行之后添加下面几行信息 #以上信息就是虚拟主机的配置信息 #准备虚拟主机的数据目录,tomcat默认会在ROOT目录中找,所以需要将应用数据布置到这里面就可以避免在URL中添加应用目录来访问了。 [root@web2 ~]$ mkdir /data/webapps/ROOT -p [root@web2 ~]$ chown -R tomcat.tomcat /data/webapps [root@web2 ~]$ systemctl restart tomcat.service 7.2 部署nginx #利用6.1中的安装nginx脚本来安装 [root@web2 ~]$ sh install_nginx.sh #创建子配置目录 [root@web2 ~]$ mkdir /apps/nginx/conf/conf.d [root@web2 ~]$ vi /apps/nginx/conf/nginx.conf #在主配置文件中引入子配置目录 [root@web2 ~]$ tail -n2 /apps/nginx/conf/nginx.conf include /apps/nginx/conf/conf.d/*.conf; } #创建业务2配置文件 [root@web2 ~]$ cat /apps/nginx/conf/conf.d/www.yanlinux.edu.conf server { listen 80; server_name www.yanlinux.edu; location / { proxy_pass http://127.0.0.1:8080; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } [root@web2 ~]$ nginx -t nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok nginx: configuration file /apps/nginx/conf/nginx.conf test is successful [root@web2 ~]$ nginx -s reload 7.3 部署JPress应用 #上官网http://www.jpress.io/下载war包,上传到服务器 [root@web2 ~]$ cp jpress-v4.0.7.war /usr/local/tomcat/webapps/jpress.war [root@web2 ~]$ cd /usr/local/tomcat/webapps/ #war包传到tomcat目录下就会自动解包, [root@web2 webapps]$ ls docs examples host-manager jpress jpress.war manager ROOT #然后将jpress/目录下的内容拷贝到6.7.1创建tomcat虚拟主机www.yanlinux.edu的数据目录中 [root@web2 ~]$ cp -a /usr/local/tomcat/webapps/jpress/* /data/webapps/ROOT/ #数据库账号已经在6.4中创建直接连接就可以浏览器访问
分别在10.0.0.8和10.0.0.18两台rocky主机上编译安装keepalived和HAProxy两个服务,实现高可用。 编译安装keepalived #ka1节点编译安装 # 1.安装依赖 ##centos和rocky [root@ka1 ~]$ yum -y install gcc curl openssl-devel libnl3-devel net-snmp-devel ##ubuntu所需要的依赖下面两种: ##ubuntu18.04 [root@ubuntu1804 ~]$ apt -y install gcc curl openssl libssl-dev libpopt-dev daemon build-essential ##ubuntu20.04 [root@ubuntu2004 ~]$ apt -y install make gcc ipvsadm build-essential pkg-config automake autoconf libipset-dev libnl-3-dev libnl-genl-3-dev libssl-dev libxtables-dev libip4tc-dev libip6tc-dev libipset-dev libmagic-dev libsnmp-dev libglib2.0-dev libpcre2-dev libnftnl-dev libmnl-dev libsystemd-dev # 2.下载源码包 [root@ka1 ~]$ wget https://keepalived.org/software/keepalived-2.2.7.tar.gz ##解压 [root@ka1 ~]$ tar xf keepalived-2.2.7.tar.gz # 3.编译安装 [root@ka1 ~]$ cd keepalived-2.2.7/ #选项--disable-fwmark 可用于禁用iptables规则,可访止VIP无法访问,无此选项默认会启用iptables规则 [root@ka1 keepalived-2.2.7]$ ./configure --prefix=/usr/local/keepalived --disable-fwmark [root@ka1 keepalived-2.2.7]$ make -j 2 && make install ##验证版本信息 [root@ka1 keepalived-2.2.7]$ /usr/local/keepalived/sbin/keepalived -v Keepalived v2.2.7 (01/16,2022) Copyright(C) 2001-2022 Alexandre Cassen, Built with kernel headers for Linux 4.18.0 Running on Linux 4.18.0-348.el8.0.2.x86_64 #1 SMP Sun Nov 14 00:51:12 UTC 2021 Distro: Rocky Linux 8.5 (Green Obsidian) configure options: --prefix=/usr/local/keepalived --disable-fwmark Config options: LVS VRRP VRRP_AUTH VRRP_VMAC OLD_CHKSUM_COMPAT INIT=systemd System options: VSYSLOG MEMFD_CREATE IPV4_DEVCONF LIBNL3 RTA_ENCAP RTA_EXPIRES RTA_NEWDST RTA_PREF FRA_SUPPRESS_PREFIXLEN FRA_SUPPRESS_IFGROUP FRA_TUN_ID RTAX_CC_ALGO RTAX_QUICKACK RTEXT_FILTER_SKIP_STATS FRA_L3MDEV FRA_UID_RANGE RTAX_FASTOPEN_NO_COOKIE RTA_VIA FRA_PROTOCOL FRA_IP_PROTO FRA_SPORT_RANGE FRA_DPORT_RANGE RTA_TTL_PROPAGATE IFA_FLAGS LWTUNNEL_ENCAP_MPLS LWTUNNEL_ENCAP_ILA NET_LINUX_IF_H_COLLISION LIBIPTC_LINUX_NET_IF_H_COLLISION LIBIPVS_NETLINK IPVS_DEST_ATTR_ADDR_FAMILY IPVS_SYNCD_ATTRIBUTES IPVS_64BIT_STATS VRRP_IPVLAN IFLA_LINK_NETNSID GLOB_BRACE GLOB_ALTDIRFUNC INET6_ADDR_GEN_MODE VRF # 4.创建service文件 ##默认源码包中会有unit文件,只需要将提供的service文件拷贝到/lib/systemd/system/目录下即可 [root@ka1 keepalived-2.2.7]$ cp ./keepalived/keepalived.service /lib/systemd/system/ [root@ka1 keepalived-2.2.7]$ cat /lib/systemd/system/keepalived.service [Unit] Description=LVS and VRRP High Availability Monitor After=network-online.target syslog.target Wants=network-online.target Documentation=man:keepalived(8) Documentation=man:keepalived.conf(5) Documentation=man:genhash(1) Documentation=https://keepalived.org [Service] Type=forking PIDFile=/run/keepalived.pid KillMode=process EnvironmentFile=-/usr/local/keepalived/etc/sysconfig/keepalived ExecStart=/usr/local/keepalived/sbin/keepalived $KEEPALIVED_OPTIONS ExecReload=/bin/kill -HUP $MAINPID [Install] WantedBy=multi-user.target # 5.创建配置文件 ##编译目录下会自动生成示例配置文件,需要在/etc目录下建一个keepalived目录存放配置文件。然后将其中配置VRRP以及real-server的示例信息删除,只留下global_defs配置语块即可。 [root@ka1 keepalived-2.2.7]$ mkdir /etc/keepalived [root@ka1 keepalived-2.2.7]$ cp /usr/local/keepalived/etc/keepalived/keepalived.conf.sample /etc/keepalived/keepalived.conf ##按自己需求修改示例配置文件 [root@ka1 keepalived-2.2.7]$ vi /etc/keepalived/keepalived.conf global_defs { notification_email { [email protected] [email protected] [email protected] } notification_email_from [email protected] smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id ka1 #每个keepalived主机唯一标识,建议使用当前主机名,如果多节点重名可能会影响切换脚本执行。在另一台keepalived主机ka2上,应该改为ka2 vrrp_skip_check_adv_addr vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0 vrrp_mcast_group4 230.1.1.1 } include /etc/keepalived/conf.d/*.conf #当生产环境复杂时, /etc/keepalived/keepalived.conf 文件中内容过多,不易管理,可以将不同集群的配置,比如:不同集群的VIP配置放在独立的子配置文件中。利用include指令可以实现包含子配置文件 ##创建子配置文件目录 [root@ka1 keepalived-2.2.7]$ mkdir /etc/keepalived/conf.d/ # 6.启动服务 [root@ka1 keepalived-2.2.7]$ systemctl daemon-reload [root@ka1 keepalived-2.2.7]$ systemctl enable --now keepalived.service [root@ka1 keepalived-2.2.7]$ systemctl is-active keepalived active # 7.在ka2节点上按照ka1节点操作进行编译安装 [root@ka2 ~]$ systemctl is-active keepalived.service active [root@ka2 ~]$ /usr/local/keepalived/sbin/keepalived -v Keepalived v2.2.7 (01/16,2022) Copyright(C) 2001-2022 Alexandre Cassen, Built with kernel headers for Linux 4.18.0 Running on Linux 4.18.0-348.el8.0.2.x86_64 #1 SMP Sun Nov 14 00:51:12 UTC 2021 Distro: Rocky Linux 8.5 (Green Obsidian) configure options: --prefix=/usr/local/keepalived --disable-fwmark Config options: LVS VRRP VRRP_AUTH VRRP_VMAC OLD_CHKSUM_COMPAT INIT=systemd System options: VSYSLOG MEMFD_CREATE IPV4_DEVCONF LIBNL3 RTA_ENCAP RTA_EXPIRES RTA_NEWDST RTA_PREF FRA_SUPPRESS_PREFIXLEN FRA_SUPPRESS_IFGROUP FRA_TUN_ID RTAX_CC_ALGO RTAX_QUICKACK RTEXT_FILTER_SKIP_STATS FRA_L3MDEV FRA_UID_RANGE RTAX_FASTOPEN_NO_COOKIE RTA_VIA FRA_PROTOCOL FRA_IP_PROTO FRA_SPORT_RANGE FRA_DPORT_RANGE RTA_TTL_PROPAGATE IFA_FLAGS LWTUNNEL_ENCAP_MPLS LWTUNNEL_ENCAP_ILA NET_LINUX_IF_H_COLLISION LIBIPTC_LINUX_NET_IF_H_COLLISION LIBIPVS_NETLINK IPVS_DEST_ATTR_ADDR_FAMILY IPVS_SYNCD_ATTRIBUTES IPVS_64BIT_STATS VRRP_IPVLAN IFLA_LINK_NETNSID GLOB_BRACE GLOB_ALTDIRFUNC INET6_ADDR_GEN_MODE VRF编译安装HAProxy服务 编译安装HAProxy 2.6 LTS版本,更多源码包下载地址:http://www.haproxy.org/download/ 依赖lua环境,由于CentOS7 之前版本自带的lua版本比较低并不符合HAProxy要求的lua最低版本(5.3)的要求,因此需要编译安装较新版本的lua环境,然后才能编译安装HAProxy。 #ka1节点安装HAProxy # 1.安装依赖环境 ##centos或rocky [root@ka1 ~]$ yum -y install gcc make gcc-c++ glibc glibc-devel pcre pcre-devel openssl openssl-devel systemd-devel libtermcap-devel ncurses-devel libevent-devel readline-devel ##ubuntu apt -y install gcc make openssl libssl-dev libpcre3 libpcre3-dev zlib1g-dev libreadline-dev libsystemd-dev # 2.编译安装lua环境 ##下载源码:参考链接http://www.lua.org/start.html [root@ka1 ~]$ curl -R -O http://www.lua.org/ftp/lua-5.4.4.tar.gz [root@ka1 ~]$ tar xvf lua-5.3.5.tar.gz -C /usr/local/src [root@ka1 ~]$ cd /usr/local/src/lua-5.3.5 [root@ka1 lua-5.3.5]$ make all test [root@ka1 lua-5.3.5]$ pwd /usr/local/src/lua-5.3.5 [root@ka1 lua-5.3.5]$ ./src/lua -v Lua 5.3.5 Copyright (C) 1994-2018 Lua.org, PUC-Rio # 3.编译安装haproxy ##下载源码:官网链接:www.haproxy.org [root@ka1 ~]$ https://www.haproxy.org/download/2.6/src/haproxy-2.6.9.tar.gz [root@ka1 ~]$ tar xvf haproxy-2.6.9.tar.gz -C /usr/local/src [root@ka1 ~]$ cd /usr/local/src/haproxy-2.6.9 ##编译安装 [root@ka1 haproxy-2.6.9]$ make ARCH=x86_64 TARGET=linux-glibc USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_CPU_AFFINITY=1 USE_LUA=1 LUA_INC=/usr/local/src/lua-5.3.5/src/ LUA_LIB=/usr/local/src/lua-5.3.5/src/ PREFIX=/apps/haproxy [root@ka1 haproxy-2.6.9]$ make install PREFIX=/apps/haproxy ##解决环境变量 [root@ka1 haproxy-2.6.9]$ ln -s /apps/haproxy/sbin/haproxy /usr/sbin/ ##验证haproxy版本 [root@ka1 haproxy-2.6.9]$ which haproxy /usr/sbin/haproxy [root@ka1 haproxy-2.6.9]$ haproxy -v HAProxy version 2.6.9-3a3700a 2023/02/14 - https://haproxy.org/ Status: long-term supported branch - will stop receiving fixes around Q2 2027. Known bugs: http://www.haproxy.org/bugs/bugs-2.6.9.html Running on: Linux 4.18.0-348.el8.0.2.x86_64 #1 SMP Sun Nov 14 00:51:12 UTC 2021 x86_64 # 4.创建HAProxy配置文件 [root@ka1 haproxy-2.6.9]$ cd ##准备配置文件目录 [root@ka1 ~]$ mkdir /etc/haproxy [root@ka1 ~]$ cat > /etc/haproxy/haproxy.cfg |
【本文地址】