## 아래와 같이 node 1,2 를 프록시로 사용 하고 node 0 을 원서버로 http 에 대한 vrrp 구성을 진행 한다.
## vip 는 192.168.229.140 아이피를 사용 하며 node0 에는 기본적으로 http 가 리스닝 되어 있다.
## haproxy와 keepalived를 설치 한다.(만약 haproxy가 1.4 버전 이하 일 경우 ssl을 지원 하지 않으므로 ssl사용시, 1.5 버전으로 설치 해야 함)
## NODE1,2 동일하게 진행
[root@NODE1 ~]# yum -y install haproxy keepalived
Loaded plugins: fastestmirror
Setting up Install Process
Loading mirror speeds from cached hostfile
* base: ftp.kaist.ac.kr
* elrepo: ftp.ne.jp
* epel: ftp.riken.jp
* extras: ftp.kaist.ac.kr
* updates: ftp.kaist.ac.kr
Resolving Dependencies
--> Running transaction check
---> Package haproxy.x86_64 0:1.5.4-2.el6_7.1 will be installed
---> Package keepalived.x86_64 0:1.2.13-5.el6_6 will be installed
--> Processing Dependency: libnl.so.1()(64bit) for package: keepalived-1.2.13-5.el6_6.x86_64
--> Running transaction check
---> Package libnl.x86_64 0:1.1.4-2.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===================================================================================================================
Package Arch Version Repository Size
===================================================================================================================
Installing:
haproxy x86_64 1.5.4-2.el6_7.1 updates 792 k
keepalived x86_64 1.2.13-5.el6_6 base 214 k
Installing for dependencies:
libnl x86_64 1.1.4-2.el6 base 121 k
Transaction Summary
===================================================================================================================
Install 3 Package(s)
Total download size: 1.1 M
Installed size: 3.4 M
Is this ok [y/N]: y
Downloading Packages:
(1/3): haproxy-1.5.4-2.el6_7.1.x86_64.rpm | 792 kB 00:01
(2/3): keepalived-1.2.13-5.el6_6.x86_64.rpm | 214 kB 00:00
(3/3): libnl-1.1.4-2.el6.x86_64.rpm | 121 kB 00:00
-------------------------------------------------------------------------------------------------------------------
Total 253 kB/s | 1.1 MB 00:04
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
Installing : libnl-1.1.4-2.el6.x86_64 1/3
Installing : keepalived-1.2.13-5.el6_6.x86_64 2/3
Installing : haproxy-1.5.4-2.el6_7.1.x86_64 3/3
Verifying : keepalived-1.2.13-5.el6_6.x86_64 1/3
Verifying : haproxy-1.5.4-2.el6_7.1.x86_64 2/3
Verifying : libnl-1.1.4-2.el6.x86_64 3/3
Installed:
haproxy.x86_64 0:1.5.4-2.el6_7.1 keepalived.x86_64 0:1.2.13-5.el6_6
Dependency Installed:
libnl.x86_64 0:1.1.4-2.el6
## chkconfig 설정 진행 (NODE1,2 동일하게 진행)
[root@NODE1 ~]# chkconfig haproxy on && chkconfig keepalived on && chkconfig | egrep 'haproxy|keepalived'
haproxy 0:off 1:off 2:on 3:on 4:on 5:on 6:off
keepalived 0:off 1:off 2:on 3:on 4:on 5:on 6:off
## Make binding to non-local Virtual IPs on all nodes(NODE1,2 동일하게 진행)
[root@NODE1 ~]# echo "net.ipv4.ip_nonlocal_bind = 1" >> /etc/sysctl.conf && sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key
error: "net.bridge.bridge-nf-call-iptables" is an unknown key
error: "net.bridge.bridge-nf-call-arptables" is an unknown key
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.ip_nonlocal_bind = 1
## keepalived 설정을위해 기존 keepalived 설정을 복사 한뒤 세팅 한다.(NODE1,2 동일하게 진행)
[root@NODE1 ~]# cd /etc/keepalived
[root@NODE1 keepalived]# mv keepalived.conf keepalived.conf.org
## NODE 1에서는 아래와 같이 진행 한다.
## priority(우선순위)를 101로 하여 기본 master로 구성 하며, priority는 높을수로 master 가 된다.
[root@NODE1 ~]# vi /etc/keepalived/keepalived.conf
global_defs {
notification_email {
test@test .com
test2 @test .com
}
notification_email_from lb1@test .com
smtp_server localhost
smtp_connect_timeout 30
}
vrrp_instance VI_1 {
state MASTER
interface eth1 // 사용할 인터페이스 설정
virtual_router_id 11 // 우선순위가 동일 할 경우 라우터 아이디가 높은 장비가 master 우선순위 설정으로 동일해도 상관 없음
priority 101 // 우선순위 설정
advert_int 1
authentication {
auth_type PASS // 평문 인증 설정
auth_pass 1111 // 인증을 위한 키
}
virtual_ipaddress {
192.168.229.140 // VIP 설정
}
}
## NODE 2 에서는 priority와 라우터 아이디만 틀리게 하여 설정 한다.
[root@NODE2 ~]# vi /etc/keepalived/keepalived.conf
global_defs {
notification_email {
test@test .com
test2 @test .com
}
notification_email_from lb1@test .com
smtp_server localhost
smtp_connect_timeout 30
}
vrrp_instance VI_1 {
state MASTER
interface eth1
virtual_router_id 51
priority 100 //우선순위를 조절 한다.
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.229.140
}
}
## keepalived 를 실행 한다.
[root@NODE1 ~]# /etc/init.d/keepalived start
[root@NODE2 ~]# /etc/init.d/keepalived start
## 우선순위가 높은 node 1 에서는 아래와 같이 해당 인터페이스에 대한 아이피가 추가 된것을 확인 할 수 있다.
[root@NODE1 ~]# ip addr show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:c4:76:05 brd ff:ff:ff:ff:ff:ff
inet 192.168.229.135/24 brd 192.168.229.255 scope global eth1
inet 192.168.229.140/32 scope global eth1
inet6 fe80::20c:29ff:fec4:7605/64 scope link
valid_lft forever preferred_lft forever
[root@NODE2 ~]# ip addr show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:bf:fb:82 brd ff:ff:ff:ff:ff:ff
inet 192.168.229.136/24 brd 192.168.229.255 scope global eth1
inet6 fe80::20c:29ff:febf:fb82/64 scope link
valid_lft forever preferred_lft forever
## node0 원서버에서 vip 와 프록시 서버들로 ping test후 arp cahce를 확인 하면 아래와 같이
## VIP 에대하여 135아이피를 사용하는 node 1과 동일한 mac주소를 cahce 하고 있는것을 확인 할 수 있다/
[root@NODE0 html]# arp -a
? (192.168.229.2) at 00:50:56:fd:6b:11 [ether] on eth1
? (192.168.229.1) at 00:50:56:c0:00:08 [ether] on eth1
? (192.168.229.140) at 00:0c:29:c4:76:05 [ether] on eth1 <-------------VIP
? (192.168.229.135) at 00:0c:29:c4:76:05 [ether] on eth1 <---------------node 1 ip
? (192.168.229.136) at 00:0c:29:bf:fb:82 [ether] on eth1
## 해당구간의 패킷을 확인 하면 224.0.0.18 멀티캐스트로 위 설정된 vrrp heelo 패킷을 보내서
## 서로 master 를 경합 한다.(master 만 보내며, 못받으면, 자신이 해당 패킷을 보내고 마스터가 됨)
## proxy 설정을 위해 기존 기본 설정을 백업 한뒤 새로 haproxy 파일을 생성 한다.
## 이때 Listening address 를 VRRP VIP 로 구성 해야 한다.(NODE1,2 동일하게 진행)
[root@NODE1 ~]#mv /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.org
[root@NODE1 ~]# vi /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
maxconn 4096
uid 99
gid 99
daemon
#debug
#quiet
defaults
log global
mode http
option httplog
option dontlognull
retries 3
option redispatch
maxconn 2000
contimeout 5000
clitimeout 50000
srvtimeout 50000
listen port1 192.168.229.140:80
balance leastconn
server inst1 192.168.229.138:80
## node1,2 에서 설정된 haproxy를 실행 한다.(NODE1,2 동일하게 진행))
[root@NODE1 ~]# /etc/init.d/haproxy restart
Stopping haproxy: [ OK ]
Starting haproxy: [ OK ]
## 외부에서 VIP 접속을 확인 해본다.
## 정상적으로 proxy 되어진다.
[root@NODE1 ~]# netstat -atunp | grep 140:80
tcp 0 0 192.168.229.140:80 0.0.0.0:* LISTEN 1297/haproxy
tcp 0 0 192.168.229.140:80 192.168.229.1:7176 TIME_WAIT -
tcp 0 0 192.168.229.140:80 192.168.229.1:7192 ESTABLISHED 1297/haproxy
## 테스트를 위해 node 1을 reboot 후 node2 의 로그를 확인 한다.
[root@NODE1 ~]# reboot
## node2 가 마스터가 즉시되었으며, gratuitous ARP를보내 node2가 vip 의mac 이라고 브로드 캐스트 한다.
[root@NODE2 ~]# tail -f /var/log/messages
Mar 6 01:29:29 NODE2 Keepalived_vrrp[1207]: VRRP_Instance(VI_1) Received higher prio advert
Mar 6 01:29:29 NODE2 Keepalived_vrrp[1207]: VRRP_Instance(VI_1) Entering BACKUP STATE
Mar 6 01:29:29 NODE2 Keepalived_vrrp[1207]: VRRP_Instance(VI_1) removing protocol VIPs.
Mar 6 01:29:29 NODE2 Keepalived_healthcheckers[1206]: Netlink reflector reports IP 192.168.229.140 removed
Mar 6 01:37:11 NODE2 Keepalived_vrrp[1207]: VRRP_Instance(VI_1) Transition to MASTER STATE
Mar 6 01:37:12 NODE2 Keepalived_vrrp[1207]: VRRP_Instance(VI_1) Entering MASTER STATE
Mar 6 01:37:12 NODE2 Keepalived_vrrp[1207]: VRRP_Instance(VI_1) setting protocol VIPs.
Mar 6 01:37:12 NODE2 Keepalived_vrrp[1207]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 192.168.229.140
Mar 6 01:37:12 NODE2 Keepalived_healthcheckers[1206]: Netlink reflector reports IP 192.168.229.140 added
Mar 6 01:37:17 NODE2 Keepalived_vrrp[1207]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 192.168.229.140
Mar 6 01:38:04 NODE2 Keepalived_vrrp[1207]: VRRP_Instance(VI_1) Received higher prio advert
Mar 6 01:38:04 NODE2 Keepalived_vrrp[1207]: VRRP_Instance(VI_1) Entering BACKUP STATE
Mar 6 01:38:04 NODE2 Keepalived_vrrp[1207]: VRRP_Instance(VI_1) removing protocol VIPs.
Mar 6 01:38:04 NODE2 Keepalived_healthcheckers[1206]: Netlink reflector reports IP 192.168.229.140 removed
##패킷에서 node2의 mac주소를 확인 할 수 있다.
## 변경된 arp cahce
[root@NODE0 html]# arp -a
? (192.168.229.2) at 00:50:56:fd:6b:11 [ether] on eth1
? (192.168.229.1) at 00:50:56:c0:00:08 [ether] on eth1
? (192.168.229.140) at 00:0c:29:bf:fb:82 [ether] on eth1
? (192.168.229.254) at 00:50:56:e8:f3:19 [ether] on eth1
? (192.168.229.135) at 00:0c:29:c4:76:05 [ether] on eth1
? (192.168.229.136) at 00:0c:29:bf:fb:82 [ether] on eth1
반응형
'System > Haproxy' 카테고리의 다른 글
| nbproc 파라미터를 통한 haproxy데몬 추가 (0) | 2016.03.11 |
|---|---|
| haproxy balance 설정 (0) | 2016.03.11 |
| Haproxy 기본 설치 및 설정 방법 (0) | 2016.03.11 |
| HAProxy의 설정을 변경 한 후에 reload (0) | 2016.02.10 |
| haproxy 웹ui 인터페이스 설정 (0) | 2016.02.10 |
