- A+
所属分类:linux技术
keepalived实现haporxy负载均衡机高可用
目录
环境说明
| 系统信息 | 主机名 | IP | 服务 |
|---|---|---|---|
| centos8 | master | 192.168.111.141 | haproxy keepalived |
| centos8 | backup | 192.168.111.142 | haproxy keepalived |
| centos8 | RS1 | 192.168.111.143 | httpd |
| centos8 | RS2 | 192.168.111.144 | nginx |
1.首先部署好web界面
RS1配置
//修改名字 [root@localhost ~]# hostnamectl set-hostname RS1 [root@localhost ~]# bash [root@RS1 ~]# //关闭防火墙和selinux [root@RS1 ~]# setenforce 0 [root@RS1 ~]# sed -ri 's/^(SELINUX=).*/1disabled/g' /etc/selinux/config [root@RS1 ~]# systemctl disable --now firewalld [root@RS1 ~]# reboot //配置yum源 [root@RS1 ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo [root@RS1 ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo //安装httpd服务,主页内容为web1 [root@RS1 ~]# dnf -y install httpd [root@RS1 ~]# echo "web1" > /var/www/html/index.html [root@RS1 ~]# systemctl enable --now httpd.service [root@RS1 ~]# ss -anlt State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 128 *:80 *:* LISTEN 0 128 [::]:22 [::]:* [root@RS1 ~]# curl 192.168.111.143 web1 RS2配置
//修改名字 [root@RS1 ~]# hostnamectl set-hostname RS2 [root@RS1 ~]# bash [root@RS2 ~]# //关闭防火墙和selinux [root@RS2 ~]# setenforce 0 [root@RS2 ~]# sed -ri 's/^(SELINUX=).*/1disabled/g' /etc/selinux/config [root@RS2 ~]# systemctl disable --now firewalld [root@RS2 ~]# reboot //配置yum源 [root@RS2 ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo [root@RS2 ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo //安装nginx服务,主页内容为web2 [root@RS2 ~]# dnf -y install nginx [root@RS2 ~]# echo "web2" > /usr/share/nginx/html/index.html [root@RS2 ~]# systemctl enable --now nginx.service [root@RS2 ~]# ss -anlt State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 128 0.0.0.0:80 0.0.0.0:* LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 128 [::]:80 [::]:* LISTEN 0 128 [::]:22 [::]:* [root@RS2 ~]# curl 192.168.111.144 web2 2.在部署haproxy负载均衡
master端
//修改名字 [root@localhost ~]# hostnamectl set-hostname master [root@localhost ~]# bash [root@master ~]# //关闭防火墙和selinux [root@master ~]# setenforce 0 [root@master ~]# sed -ri 's/^(SELINUX=).*/1disabled/g' /etc/selinux/config [root@master ~]# systemctl disable --now firewalld [root@master ~]# reboot //配置yum源 [root@master ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo [root@master ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo //创建用户 [root@master ~]# useradd -rMs /sbin/nologin haproxy //安装依赖包 [root@master ~]# dnf -y install make gcc pcre-devel bzip2-devel openssl-devel systemd-devel wget vim //下载haproxy压缩包 [root@master ~]# wget https://src.fedoraproject.org/repo/pkgs/haproxy/haproxy-2.6.0.tar.gz/sha512/7bb70bfb5606bbdac61d712bc510c5e8d5a5126ed8827d699b14a2f4562b3bd57f8f21344d955041cee0812c661350cca8082078afe2f277ff1399e461ddb7bb/haproxy-2.6.0.tar.gz //解压并安装 [root@master ~]# tar -xf haproxy-2.6.0.tar.gz [root@master ~]# cd haproxy-2.6.0 [root@master haproxy-2.6.0]# make -j $(grep 'processor' /proc/cpuinfo |wc -l) > TARGET=linux-glibc > USE_OPENSSL=1 > USE_ZLIB=1 > USE_PCRE=1 > USE_SYSTEMD=1 [root@master haproxy-2.6.0]# make install PREFIX=/usr/local/haproxy //复制命令到/usr/sbin目录下 [root@master haproxy-2.6.0]# cp haproxy /usr/sbin/ [root@master haproxy-2.6.0]# cd //修改内核参数 [root@master ~]# vim /etc/sysctl.conf net.ipv4.ip_nonlocal_bind = 1 net.ipv4.ip_forward = 1 [root@master ~]# sysctl -p net.ipv4.ip_nonlocal_bind = 1 net.ipv4.ip_forward = 1 //修改配置文件 [root@master ~]# mkdir /etc/haproxy [root@master ~]# vim /etc/haproxy/haproxy.cfg global daemon maxconn 256 defaults mode http timeout connect 5000ms timeout client 50000ms timeout server 50000ms frontend http-in bind *:80 default_backend servers backend servers server web01 192.168.111.143:80 server web02 192.168.111.144:80 //编写service文件,并启动服务 [root@master ~]# vim /usr/lib/systemd/system/haproxy.service [Unit] Description=HAProxy Load Balancer After=syslog.target network.target [Service] ExecStartPre=/usr/local/haproxy/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q ExecStart=/usr/local/haproxy/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid ExecReload=/bin/kill -USR2 $MAINPID [Install] WantedBy=multi-user.target [root@master ~]# systemctl daemon-reload [root@master ~]# systemctl start haproxy [root@master ~]# ss -anlt State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 128 0.0.0.0:80 0.0.0.0:* LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 128 [::]:22 [::]:* //查看负载均衡效果 [root@master ~]# curl 192.168.111.141 web1 [root@master ~]# curl 192.168.111.141 web2 [root@master ~]# curl 192.168.111.141 web1 [root@master ~]# curl 192.168.111.141 web2 backup端
//修改名字 [root@localhost ~]# hostnamectl set-hostname backup [root@localhost ~]# bash [root@backup ~]# //关闭防火墙和selinux [root@backup ~]# setenforce 0 [root@backup ~]# sed -ri 's/^(SELINUX=).*/1disabled/g' /etc/selinux/config [root@backup ~]# systemctl disable --now firewalld [root@backup ~]# reboot //配置yum源 [root@backup ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo [root@backup ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo //创建用户 [root@backup ~]# useradd -rMs /sbin/nologin haproxy //下载依赖包 [root@backup ~]# dnf -y install make gcc pcre-devel bzip2-devel openssl-devel systemd-devel wget vim //下载haproxy压缩包 [root@backup ~]# wget https://src.fedoraproject.org/repo/pkgs/haproxy/haproxy-2.6.0.tar.gz/sha512/7bb70bfb5606bbdac61d712bc510c5e8d5a5126ed8827d699b14a2f4562b3bd57f8f21344d955041cee0812c661350cca8082078afe2f277ff1399e461ddb7bb/haproxy-2.6.0.tar.gz //解压并安装 [root@backup ~]# tar -xf haproxy-2.6.0.tar.gz [root@backup ~]# cd haproxy-2.6.0 [root@backup haproxy-2.6.0]# make -j $(grep 'processor' /proc/cpuinfo |wc -l) > TARGET=linux-glibc > USE_OPENSSL=1 > USE_ZLIB=1 > USE_PCRE=1 > USE_SYSTEMD=1 [root@backup haproxy-2.6.0]# make install PREFIX=/usr/local/haproxy //复制命令到/usr/sbin目录下 [root@backup haproxy-2.6.0]# cp haproxy /usr/sbin/ [root@backup haproxy-2.6.0]# cd //修改内核参数 [root@backup ~]# vim /etc/sysctl.conf net.ipv4.ip_nonlocal_bind = 1 net.ipv4.ip_forward = 1 [root@backup ~]# sysctl -p net.ipv4.ip_nonlocal_bind = 1 net.ipv4.ip_forward = 1 //修改配置文件 [root@backup ~]# mkdir /etc/haproxy [root@backup ~]# vim /etc/haproxy/haproxy.cfg global daemon maxconn 256 defaults mode http timeout connect 5000ms timeout client 50000ms timeout server 50000ms frontend http-in bind *:80 default_backend servers backend servers server web01 192.168.111.143:80 server web02 192.168.111.144:80 //编写service文件,并启动服务 [root@backup ~]# vim /usr/lib/systemd/system/haproxy.service [Unit] Description=HAProxy Load Balancer After=syslog.target network.target [Service] ExecStartPre=/usr/local/haproxy/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q ExecStart=/usr/local/haproxy/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid ExecReload=/bin/kill -USR2 $MAINPID [Install] WantedBy=multi-user.target [root@backup ~]# systemctl daemon-reload [root@backup ~]# systemctl start haproxy.service [root@backup ~]# ss -anlt State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 128 0.0.0.0:80 0.0.0.0:* LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 128 [::]:22 [::]:* //查看负载均衡效果 [root@backup ~]# curl 192.168.111.142 web1 [root@backup ~]# curl 192.168.111.142 web2 [root@backup ~]# curl 192.168.111.142 web1 [root@backup ~]# curl 192.168.111.142 web2 //backup端的负载均衡器最好关掉 [root@backup ~]# systemctl stop haproxy 3.开始部署keepalived高可用
master端
//首先安装keepalived [root@master ~]# dnf -y install keepalived //编辑配置文件,并启动服务 [root@master ~]# mv /etc/keepalived/keepalived.conf{,.bak} [root@master ~]# vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { router_id lb01 } vrrp_instance VI_1 { state MASTER interface ens33 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 192.168.111.250 } } virtual_server 192.168.111.250 80 { delay_loop 6 lb_algo rr lb_kind DR persistence_timeout 50 protocol TCP real_server 192.168.111.141 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.111.142 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } [root@master ~]# systemctl enable --now keepalived //通过虚拟IP访问 [root@master ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:0c:29:50:34:72 brd ff:ff:ff:ff:ff:ff inet 192.168.111.141/24 brd 192.168.111.255 scope global dynamic noprefixroute ens33 valid_lft 1500sec preferred_lft 1500sec inet 192.168.111.250/32 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe50:3472/64 scope link noprefixroute valid_lft forever preferred_lft forever [root@master ~]# curl 192.168.111.250 web1 [root@master ~]# curl 192.168.111.250 web2 [root@master ~]# curl 192.168.111.250 web1 [root@master ~]# curl 192.168.111.250 web2 backup端
//首先安装keepalived [root@backup ~]# dnf -y install keepalived //编辑配置文件,并启动服务 [root@backup ~]# mv /etc/keepalived/keepalived.conf{,.back} [root@backup ~]# vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { router_id lb02 } vrrp_instance VI_1 { state BACKUP interface ens33 virtual_router_id 51 priority 90 advert_int 1 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 192.168.111.250 } } virtual_server 192.168.111.250 80 { delay_loop 6 lb_algo rr lb_kind DR persistence_timeout 50 protocol TCP real_server 192.168.111.141 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.111.142 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } [root@backup ~]# systemctl enable --now keepalived 4.编写脚本
master端
[root@master ~]# mkdir /scripts [root@master ~]# cd /scripts/ [root@master scripts]# vim check_haproxy.sh #!/bin/bash haproxy_status=$(ps -ef|grep -Ev "grep|$0"|grep 'bhaproxyb'|wc -l) if [ $haproxy_status -lt 1 ];then systemctl stop keepalived fi [root@master scripts]# vim notify.sh #!/bin/bash VIP=$2 case "$1" in master) haproxy_status=$(ps -ef|grep -Ev "grep|$0"|grep 'bhaproxyb'|wc -l) if [ $haproxy_status -lt 1 ];then systemctl start haproxy fi ;; backup) haproxy_status=$(ps -ef|grep -Ev "grep|$0"|grep 'bhaproxyb'|wc -l) if [ $haproxy_status -gt 0 ];then systemctl stop haproxy [root@master scripts]# chmod +x check_haproxy.sh notify.sh [root@master scripts]# ll total 8 -rwxr-xr-x 1 root root 148 Oct 10 00:00 check_haproxy.sh -rwxr-xr-x 1 root root 377 Oct 10 00:01 notify.sh backup端
[root@backup ~]# mkdir /scripts [root@backup ~]# cd /scripts/ [root@backup scripts]# scp root@192.168.111.141:/scripts/notify.sh . [root@backup scripts]# ll total 4 -rwxr-xr-x 1 root root 377 Oct 10 00:02 notify.sh 5.配置keepalived加入监控脚本的配置
master端
[root@master ~]# vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { router_id lb01 } vrrp_script haproxy_check { //添加 script "/scripts/check_haproxy.sh" interval 1 weight -20 } vrrp_instance VI_1 { state MASTER interface ens33 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 192.168.111.250 } track_script { //添加 haproxy_check } notify_master "/scripts/notify.sh master 192.168.111.250" } virtual_server 192.168.111.250 80 { delay_loop 6 lb_algo rr lb_kind DR persistence_timeout 50 protocol TCP real_server 192.168.111.141 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.111.142 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } [root@master scripts]# systemctl restart keepalived backup端
[root@backup ~]# vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { router_id lb02 } vrrp_instance VI_1 { state BACKUP interface ens33 virtual_router_id 51 priority 90 advert_int 1 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 192.168.111.250 } notify_master "/scripts/notify.sh master 192.168.111.250" //添加 notify_backup "/scripts/notify.sh backup 192.168.111.250" } virtual_server 192.168.111.250 80 { delay_loop 6 lb_algo rr lb_kind DR persistence_timeout 50 protocol TCP real_server 192.168.111.141 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.111.142 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } [root@backup ~]# systemctl restart keepalived 测试
模拟haproxy服务故障
//master端 [root@master ~]# curl 192.168.111.250 web1 [root@master ~]# curl 192.168.111.250 web2 [root@master ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:0c:29:50:34:72 brd ff:ff:ff:ff:ff:ff inet 192.168.111.141/24 brd 192.168.111.255 scope global dynamic noprefixroute ens33 valid_lft 1601sec preferred_lft 1601sec inet 192.168.111.250/32 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe50:3472/64 scope link noprefixroute valid_lft forever preferred_lft forever [root@master ~]# systemctl stop haproxy [root@master ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:0c:29:50:34:72 brd ff:ff:ff:ff:ff:ff inet 192.168.111.141/24 brd 192.168.111.255 scope global dynamic noprefixroute ens33 valid_lft 1591sec preferred_lft 1591sec inet6 fe80::20c:29ff:fe50:3472/64 scope link noprefixroute valid_lft forever preferred_lft forever //backup端 [root@backup ~]# systemctl start haproxy //前面把服务关了这里启动一下 [root@backup ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:0c:29:07:42:65 brd ff:ff:ff:ff:ff:ff inet 192.168.111.142/24 brd 192.168.111.255 scope global dynamic noprefixroute ens33 valid_lft 947sec preferred_lft 947sec inet 192.168.111.250/32 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe07:4265/64 scope link noprefixroute valid_lft forever preferred_lft forever [root@backup ~]# curl 192.168.111.250 web1 [root@backup ~]# curl 192.168.111.250 web2 [root@backup ~]# curl 192.168.111.250 web1 [root@backup ~]# curl 192.168.111.250 web2 启动master端的haproxy服务
//master端 [root@master scripts]# systemctl start haproxy [root@master scripts]# systemctl restart keepalived [root@master ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:0c:29:50:34:72 brd ff:ff:ff:ff:ff:ff inet 192.168.111.141/24 brd 192.168.111.255 scope global dynamic noprefixroute ens33 valid_lft 1223sec preferred_lft 1223sec inet 192.168.111.250/32 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe50:3472/64 scope link noprefixroute valid_lft forever preferred_lft forever //backup端 [root@backup ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:0c:29:07:42:65 brd ff:ff:ff:ff:ff:ff inet 192.168.111.142/24 brd 192.168.111.255 scope global dynamic noprefixroute ens33 valid_lft 1632sec preferred_lft 1632sec inet6 fe80::20c:29ff:fe07:4265/64 scope link noprefixroute valid_lft forever preferred_lft forever 
