2台虚拟机
[root@linux-node1 ~]# rpm -ivh http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
[root@linux-node1 ~]# yum install -y net-tools vim lrzsz tree screen lsof tcpdump nc mtr nmap gcc glibc gcc-c++ make haproxy keepalived nginx psmisc
vim /etc/haproxy/haproxy.cfg
global
maxconn 100000
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
nbproc 1
pidfile /usr/local/haproxy/logs/haproxy.pid
log 127.0.0.1 local3 info
defaults
option http-keep-alive
maxconn 100000
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
listen stats
mode http
bind 0.0.0.0:8888
stats enable
stats uri /haproxy-status
stats auth haproxy:saltstack
frontend frontend_www_example_com
bind 10.240.17.100:80
mode http
option httplog
log global
default_backend backend_www_example_com
backend backend_www_example_com
option forwardfor header X-REAL-IP
option httpchk HEAD / HTTP/1.0
balance source
server web-node1 10.240.17.100:8080 check inter 2000 rise 30 fall 15
server web-node2 10.240.17.103:8080 check inter 2000 rise 30 fall 15
[root@node1 www]# systemctl restart haproxy
[root@node1 www]# mkdir /data/www/www -p
[root@node1 www]# echo "node1" /data/www/www/index.html
[root@node1 www]# vim /data//ops/app/tengine-2.1.0/conf/vhost.default.conf
server {
listen 8080;
location / {
root /data/www/www;
index index.html index.htm;
}
error_log logs/error_www.abc.com.log error;
access_log logs/access_www.abc.com.log main;
}
[root@node2 www]# systemctl restart haproxy
[root@node2 www]# mkdir /data/www/www -p
[root@node2 www]# echo "node2" /data/www/www/index.html
[root@node2 www]# vim /data//ops/app/tengine-2.1.0/conf/vhost.default.conf
server {
listen 8080;
location / {
root /data/www/www;
index index.html index.htm;
}
error_log logs/error_www.abc.com.log error;
access_log logs/access_www.abc.com.log main;
}
网友访问发现一直是访问node2因为haproxy配置文件定义了 balance source 根据源IP算法来访问的,如果想轮训改成 roundrobin
yum install keepalived
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
saltstack@example.com
}
notification_email_from keepalived@example.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id haproxy_node1
}
vrrp_instance haproxy_ha {
state MASTER
interface em1
virtual_router_id 36
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.240.17.222
}
}
[root@node1 ~]# echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind
[root@node1 ~]# vim /etc/haproxy/haproxy.cfg
bind 10.240.17.222:80
[root@node1 ~]# systemctl start keepalived
[root@node1 ~]# systemctl reload haparoxy
###
[root@node2 ~]# yum install keepalived -y
! Configuration File for keepalived
global_defs {
notification_email {
saltstack@example.com
}
notification_email_from keepalived@example.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id haproxy_node2
}
vrrp_instance haproxy_ha {
state BACKUP
interface em1
virtual_router_id 36
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.240.17.222
}
}
[root@node2 ~]# vim /etc/haproxy/haproxy.cfg
bind 10.240.17.222:80
[root@node2 ~]# echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind
[root@node2 ~]# /etc/init.d/haproxy restart
[root@node2 ~]# /etc/init.d/keepalived restart
然后用网页访问VIP,发现node1 keepalived停了虚IP飘逸到node2了,如果实现切换就写检查脚本
###
灾难恢复 根据信息系统灾难恢复规范来定义级别。
1.核心业务,非核心业务
2.从重要数据到非重要数据
3.从下往上
4.灾备演练
5.徘徊在冷备和双活之间