防火墻配置

firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --in-interface ens33 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
firewall-cmd --zone=public --add-port=8080/tcp --permanent
firewall-cmd --zone=public --add-port=18010/tcp --permanent
firewall-cmd --reload

或

systemctl disable firewalld 
systemctl stop firewalld 

關(guān)閉selinux

vi /etc/sysconfig/selinux
SELINUX=disabled
setenforce 0
getenforce

啟動測試WEB服務

yum install nc

vi index.html

<!doctype html>
<html>
    <head>
      <meta charset="utf-8">
      <title>Test Page</title>
    </head>
    <body>
      <h1>It Works!</h1>
    </body>
</html>

while true;do { printf '%b\r\n' 'HTTP/1.1 200 OK' '%b\r\n';cat index.html; }|nc -l 8080;done

安裝haproxy

yum install -y haproxy

配置haproxy

vi /etc/haproxy/haproxy.cfg 

global
        user haproxy
        group haproxy
        daemon
        maxconn 4096
defaults
        mode    tcp
        balance roundrobin #leastconn
        timeout client      30000ms
        timeout server      30000ms
        timeout connect      3000ms
        retries 3
frontend fr_server1
        bind 0.0.0.0:18010
        default_backend bk_server1
backend bk_server1
    server  srv1 10.211.55.11:8080
    server  srv2 10.211.55.12:8080
listen stats
    mode http
    bind *:9090
    stats enable
    stats refresh 3s
    stats uri     /
    stats auth    admin:123456
    stats admin if TRUE

啟動haproxy

systemctl enable haproxy
systemctl start haproxy

安裝keepalived

yum install keepalived ipset-libs libnl3-devel psmisc

配置keepalived

vi /etc/keepalived/keepalived.conf

vrrp_script chk_proc {
  script "killall -0 haproxy" # check the haproxy process
  interval 2 # every 2 seconds
  weight 2 # add 2 points if OK
}

vrrp_instance VI_1 {
  interface eth0 # interface to monitor
  state MASTER # MASTER on haproxy1, BACKUP on haproxy2
  virtual_router_id 51
  priority 101 # 101 on haproxy1, 100 on haproxy2
  virtual_ipaddress {
    10.211.55.100/24 # virtual ip address 
  }
  track_script {
    chk_proc
  }
}

啟動keepalived

systemctl enable keepalived
systemctl start keepalived

查看日志

tail -f /var/log/messages

參考文檔

• http://www.keepalived.org/manpage.html
• http://seanlook.com/2015/05/18/nginx-keepalived-ha/
• https://qizhanming.com/blog/2018/05/17/how-to-config-keepalived-on-centos-7
• https://www.certdepot.net/rhel7-configure-high-available-load-balancer/
• https://stackoverflow.com/questions/39016291/haproxy-loadbalancing-tcp-traffic
• http://www.itdecent.cn/p/c9f6d55288c0