### 准备工作
```bash
HAProxy/Keepalived
192.168.50.250 (Master)
192.168.50.253 (Backup)
web服务器
192.168.50.251
192.168.50.252
VIP地址
192.168.50.240
```
### HAProxy(Master)
#### 安装HAProxy
```bash
yum install haproxy -y
```
 
#### 开启IP转发
```bash
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
echo "net.ipv4.ip_nonlocal_bind = 1" >> /etc/sysctl.conf
sysctl -p
```
```
net.ipv4.ip_forward = 1
net.ipv4.ip_nonlocal_bind = 1
```
 
#### 配置HAProxy
```bash
cat /etc/haproxy/haproxy.cfg
```
```ini
global
log 127.0.0.1 local2 #日志输出配置,所有日志都记录在本机,通过local0输出
chroot /var/lib/haproxy #改变工作目录
pidfile /var/run/haproxy.pid
maxconn 80000 #限制单个进程的最大连接数
user haproxy #所属运行用户
group haproxy #所属运行用户组
daemon #后台运行
nbproc 1 #指定作为守护进程运行时的进程数
stats socket /var/lib/haproxy/stats
defaults
mode http #mode {http|tcp|health},http是七层模式,tcp是四层模式,health是健康检测返回OK
log global
option httplog #http 日志格式
option dontlognull #不记录空连接
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch #在连接失败或断开的情况下,允许当前会话被重新分发
retries 3 #设置在一个服务器上链接失败后的重连次数
timeout http-request 10s
timeout queue 1m
timeout connect 10s #连接超时
timeout client 1m #客户端超时
timeout server 1m #服务器超时
timeout http-keep-alive 10s
timeout check 10s #心跳检测超时
maxconn 80000 #限制单个进程的最大连接数
#前端代理web
frontend web
bind *:5555
#acl www hdr(host) -i www.ynotes.cn #acl规则,-i是访问的域名,如果访问的是www.ynotes.cn,分发到后端www
#acl image hdr(host) -i files.ynotes.cn
#use_backend www if www
#use_backend image if image
default_backend web
#backend www
# mode http
# balance roundrobin
# server web2 192.168.50.252:5555 check
#backend image
# mode http
# balance roundrobin
# server web1 192.168.50.251:5555 check
backend web
balance roundrobin
server web1 192.168.50.251:5555 check inter 2000 fall 3
server web2 192.168.50.252:5555 check inter 2000 fall 3
listen status #启动统计页面
bind *:7777
mode http
stats enable
stats refresh 10s
stats uri /haproxy
stats realm Haproxy\ Statistics
stats auth admin:admin
stats hide-version
```
#### 开启HAProxy日志
修改rsyslog配置文件
```bash
vim /etc/rsyslog.conf
```
```ini
#启用在udp 514端口接收日志消息
$ModLoad imudp
$UDPServerRun 514
#在rules(规则)节中添加如下信息
local2.* /var/log/haproxy.log
#表示将发往facility local2的消息写入haproxy.log文件中,"local2.* "前面的local2表示facility,预定义的。*表示所有等级的消息
```
重启rsyslog
```bash
systemctl restart rsyslog
```
 
#### 配置两台nginx
192.168.50.251/192.168.50.252
```bash
cat /etc/nginx.conf
```
```ini
...
server {
listen 5555;
location / {
root /var/www/haproxy/node;
}
}
...
```
192.168.50.251
```bash
echo 192.168.50.251 >/var/www/haproxy/node/index.html
```
192.168.50.252
```bash
echo 192.168.50.252 >/var/www/haproxy/node/index.html
```
 
#### HAProxy启动关闭与开机启动
启动/关闭
```bash
systemctl start haproxy
systemctl stop haproxy
```
开机启动/禁用
```bash
systemctl enable haproxy
systemctl disable haproxy
```
 
#### 防火墙开启访问HAProxy代理的服务
iptable
```bash
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 5555 -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 7777 -j ACCEPT
```
firewalld
```bash
firewall-cmd --zone=<zone> --add-port=5555/tcp --permanent#zone指定网卡接口应用的区域,可通过firewall-cmd --get-zone-of-interface=<interface> 查看网卡所在区域,添加网卡到指定区域firewall-cmd --permanent --zone=<zone> --change-interface=<interface>
firewall-cmd --zone=<zone> --add-port=7777/tcp --permanent
firewall-cmd --reload
```
 
#### 测试访问HAProxy代理
```bash
while true; do curl http://192.168.50.253:5555; sleep 1; done
```
```
192.168.50.252
192.168.50.251
192.168.50.252
192.168.50.251
192.168.50.252
^C
```
 
#### 访问统计页面
http://192.168.50.253:7777/haproxy
 
#### 配置HAProxy会话粘滞
开启会话粘滞,使用cookie参数SERVER的值做匹配
```bash
cat /etc/haproxy/haproxy.cfg
```
```ini
#balance roundrobin #注释改行
cookie SERVER insert
server web1 192.168.50.251:5555 cookie 1 check
server web2 192.168.50.252:5555 cookie 2 check
```
测试
```bash
while true; do curl http://192.168.50.253:5555 --cookie "SERVER=1"; sleep 1; done
```
```
192.168.50.251
192.168.50.251
192.168.50.251
^C
```
```bash
while true; do curl http://192.168.50.253:5555 --cookie "SERVER=2"; sleep 1; done
```
```
192.168.50.252
192.168.50.252
192.168.50.252
^C
```
开启会话粘滞,使用cookie参数前缀名做匹配,使用"\~"做分隔符,以SESSIONID为例,格式如:set-Cookie: SESSIONID=N\~Session_ID;
```bash
cat /etc/haproxy/haproxy.cfg
```
```ini
#balance roundrobin #注释改行
cookie SESSIONID prefix
server web1 192.168.50.251:5555 cookie 1 check
server web2 192.168.50.252:5555 cookie 2 check
```
测试
```bash
while true; do curl http://192.168.50.253:5555 --cookie "SESSIONID=1~AAA"; sleep 1; done
```
```
192.168.50.251
192.168.50.251
192.168.50.251
^C
```
```bash
while true; do curl http://192.168.50.253:5555 --cookie "SESSIONID=2~AAA"; sleep 1; done
```
```
192.168.50.252
192.168.50.252
192.168.50.252
^C
```
 
### HAProxy(Backup)
`同Master`
 
### keepalived(Master)
#### 安装keepalived
```bash
yum install keepalived -y
```
#### 配置Keepalived
```bash
vim /etc/keepalived/keepalived.conf
```
```bash
global_defs {
notification_email {
test01@ynotes.cn
}
notification_email_from haproxy1@ynotes.cn
smtp_server localhost
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_script chk_haproxy {
script "/etc/keepalived/check_haproxy.sh"
interval 5
weight -4
}
vrrp_instance VI_1 {
state MASTER
interface enp0s3
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.50.240
}
track_script {
chk_haproxy
}
}
```
```bash
cat /etc/keepalived/check_haproxy.sh
```
```bash
#!/bin/bash
if [ $(ps -C haproxy --no-header | wc -l) -eq 0 ]; then
systemctl start haproxy
sleep 2 #睡眠时间少于vrrp_script 中的interval 5参数值
if [ $(ps -C haproxy --no-header | wc -l) -eq 0 ]; then
systemctl stop keepalived
fi
fi
```
#### 开启路由转发(前面已开启,如果单独配置keepalived需开启)
```bash
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
```
```
net.ipv4.ip_forward = 1
```
#### Keepalived启动关闭与开机启动
启动/关闭
```bash
systemctl start keepalived
systemctl stop keepalived
```
开机启动/禁用
```bash
systemctl enable keepalived
systemctl disable keepalived
```
 
### keepalived(Backup)
#### 安装keepalived
```bash
yum install keepalived -y
```
#### 配置Keepalived
```bash
vim /etc/keepalived/keepalived.conf
```
```bash
global_defs {
notification_email {
test01@ynotes.cn
}
notification_email_from haproxy1@ynotes.cn
smtp_server localhost
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_script chk_haproxy {
script "/etc/keepalived/check_haproxy.sh"
interval 5
weight -4
}
vrrp_instance VI_1 {
state BACKUP
interface enp0s3
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.50.240
}
track_script {
chk_haproxy
}
}
```
`其他同Master`
 
#### 测试
停止192.168.50.253的keeaplived
```bash
systemctl stop keepalived
```
查看192.168.50.253的vip
```bash
ip a|grep 192.168.50.240 #执行无输出
```
查看192.168.50.250的vip
```bash
ip a|grep 192.168.50.240 #输出VIP
```
```bash
inet 192.168.50.240/32 scope global enp0s3
```
访问192.168.50.240:5555
```bash
curl http://192.168.50.240:5555 #看到192.168.50.250成功接管VIP,并且能访问页面
```
```
192.168.50.252
```
