keepalived实现haporxy负载均衡机高可用

  • keepalived实现haporxy负载均衡机高可用已关闭评论
  • 17 次浏览
  • A+
所属分类:linux技术
摘要

环境说明RS1配置RS2配置master端backup端master端backup端master端backup端master端backup端


keepalived实现haporxy负载均衡机高可用

环境说明

系统信息 主机名 IP 服务
centos8 master 192.168.111.141 haproxy
keepalived
centos8 backup 192.168.111.142 haproxy
keepalived
centos8 RS1 192.168.111.143 httpd
centos8 RS2 192.168.111.144 nginx

1.首先部署好web界面

RS1配置

//修改名字 [root@localhost ~]# hostnamectl set-hostname RS1 [root@localhost ~]# bash [root@RS1 ~]#   //关闭防火墙和selinux [root@RS1 ~]# setenforce 0 [root@RS1 ~]# sed -ri 's/^(SELINUX=).*/1disabled/g' /etc/selinux/config [root@RS1 ~]# systemctl disable --now firewalld [root@RS1 ~]# reboot  //配置yum源 [root@RS1 ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo [root@RS1 ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo  //安装httpd服务,主页内容为web1 [root@RS1 ~]# dnf -y install httpd [root@RS1 ~]# echo "web1" > /var/www/html/index.html [root@RS1 ~]# systemctl enable --now httpd.service  [root@RS1 ~]# ss -anlt State   Recv-Q  Send-Q   Local Address:Port   Peer Address:Port  Process   LISTEN  0       128            0.0.0.0:22          0.0.0.0:*                         LISTEN  0       128                  *:80                *:*               LISTEN  0       128               [::]:22             [::]:*                      [root@RS1 ~]# curl 192.168.111.143 web1 

RS2配置

//修改名字 [root@RS1 ~]# hostnamectl set-hostname RS2 [root@RS1 ~]# bash [root@RS2 ~]#   //关闭防火墙和selinux [root@RS2 ~]# setenforce 0 [root@RS2 ~]# sed -ri 's/^(SELINUX=).*/1disabled/g' /etc/selinux/config [root@RS2 ~]# systemctl disable --now firewalld [root@RS2 ~]# reboot  //配置yum源 [root@RS2 ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo [root@RS2 ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo    //安装nginx服务,主页内容为web2 [root@RS2 ~]# dnf -y install nginx [root@RS2 ~]# echo "web2" > /usr/share/nginx/html/index.html  [root@RS2 ~]# systemctl enable --now nginx.service  [root@RS2 ~]# ss -anlt State   Recv-Q  Send-Q   Local Address:Port   Peer Address:Port  Process   LISTEN  0       128            0.0.0.0:80          0.0.0.0:*               LISTEN  0       128            0.0.0.0:22          0.0.0.0:*               LISTEN  0       128               [::]:80             [::]:*               LISTEN  0       128               [::]:22             [::]:*  [root@RS2 ~]# curl 192.168.111.144 web2 

2.在部署haproxy负载均衡

master端

//修改名字 [root@localhost ~]# hostnamectl set-hostname master [root@localhost ~]# bash [root@master ~]#   //关闭防火墙和selinux [root@master ~]# setenforce 0 [root@master ~]# sed -ri 's/^(SELINUX=).*/1disabled/g' /etc/selinux/config [root@master ~]# systemctl disable --now firewalld [root@master ~]# reboot  //配置yum源 [root@master ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo [root@master ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo  //创建用户 [root@master ~]# useradd -rMs /sbin/nologin haproxy  //安装依赖包 [root@master ~]# dnf -y install make gcc pcre-devel bzip2-devel openssl-devel systemd-devel wget vim  //下载haproxy压缩包 [root@master ~]# wget https://src.fedoraproject.org/repo/pkgs/haproxy/haproxy-2.6.0.tar.gz/sha512/7bb70bfb5606bbdac61d712bc510c5e8d5a5126ed8827d699b14a2f4562b3bd57f8f21344d955041cee0812c661350cca8082078afe2f277ff1399e461ddb7bb/haproxy-2.6.0.tar.gz  //解压并安装 [root@master ~]# tar -xf haproxy-2.6.0.tar.gz [root@master ~]# cd haproxy-2.6.0 [root@master haproxy-2.6.0]#  make -j $(grep 'processor' /proc/cpuinfo |wc -l)   > TARGET=linux-glibc   > USE_OPENSSL=1   > USE_ZLIB=1   > USE_PCRE=1   > USE_SYSTEMD=1 [root@master haproxy-2.6.0]#  make install PREFIX=/usr/local/haproxy  //复制命令到/usr/sbin目录下 [root@master haproxy-2.6.0]# cp haproxy /usr/sbin/ [root@master haproxy-2.6.0]# cd  //修改内核参数 [root@master ~]# vim /etc/sysctl.conf net.ipv4.ip_nonlocal_bind = 1 net.ipv4.ip_forward = 1  [root@master ~]# sysctl -p net.ipv4.ip_nonlocal_bind = 1 net.ipv4.ip_forward = 1  //修改配置文件 [root@master ~]# mkdir /etc/haproxy [root@master ~]# vim /etc/haproxy/haproxy.cfg global     daemon     maxconn 256   defaults     mode http     timeout connect 5000ms     timeout client 50000ms     timeout server 50000ms   frontend http-in     bind *:80     default_backend servers   backend servers     server web01 192.168.111.143:80     server web02 192.168.111.144:80  //编写service文件,并启动服务 [root@master ~]# vim /usr/lib/systemd/system/haproxy.service [Unit] Description=HAProxy Load Balancer After=syslog.target network.target   [Service] ExecStartPre=/usr/local/haproxy/sbin/haproxy -f /etc/haproxy/haproxy.cfg   -c -q ExecStart=/usr/local/haproxy/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg  -p /var/run/haproxy.pid ExecReload=/bin/kill -USR2 $MAINPID   [Install] WantedBy=multi-user.target  [root@master ~]# systemctl daemon-reload [root@master ~]# systemctl start haproxy [root@master ~]# ss -anlt State        Recv-Q       Send-Q               Local Address:Port               Peer Address:Port       Process        LISTEN       0            128                        0.0.0.0:80                      0.0.0.0:*                         LISTEN       0            128                        0.0.0.0:22                      0.0.0.0:*                         LISTEN       0            128                           [::]:22                         [::]:*                      //查看负载均衡效果 [root@master ~]# curl 192.168.111.141 web1 [root@master ~]# curl 192.168.111.141 web2 [root@master ~]# curl 192.168.111.141 web1 [root@master ~]# curl 192.168.111.141 web2 

backup端

//修改名字 [root@localhost ~]# hostnamectl set-hostname backup [root@localhost ~]# bash [root@backup ~]#   //关闭防火墙和selinux [root@backup ~]# setenforce 0 [root@backup ~]# sed -ri 's/^(SELINUX=).*/1disabled/g' /etc/selinux/config [root@backup ~]# systemctl disable --now firewalld [root@backup ~]# reboot  //配置yum源 [root@backup ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo [root@backup ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo  //创建用户 [root@backup ~]# useradd -rMs /sbin/nologin haproxy   //下载依赖包 [root@backup ~]# dnf -y install make gcc pcre-devel bzip2-devel openssl-devel systemd-devel wget vim   //下载haproxy压缩包 [root@backup ~]# wget https://src.fedoraproject.org/repo/pkgs/haproxy/haproxy-2.6.0.tar.gz/sha512/7bb70bfb5606bbdac61d712bc510c5e8d5a5126ed8827d699b14a2f4562b3bd57f8f21344d955041cee0812c661350cca8082078afe2f277ff1399e461ddb7bb/haproxy-2.6.0.tar.gz   //解压并安装 [root@backup ~]# tar -xf haproxy-2.6.0.tar.gz [root@backup ~]# cd haproxy-2.6.0 [root@backup haproxy-2.6.0]# make -j $(grep 'processor' /proc/cpuinfo |wc -l)   > TARGET=linux-glibc   > USE_OPENSSL=1   > USE_ZLIB=1   > USE_PCRE=1   > USE_SYSTEMD=1 [root@backup haproxy-2.6.0]# make install PREFIX=/usr/local/haproxy  //复制命令到/usr/sbin目录下 [root@backup haproxy-2.6.0]# cp haproxy /usr/sbin/ [root@backup haproxy-2.6.0]# cd  //修改内核参数 [root@backup ~]# vim /etc/sysctl.conf net.ipv4.ip_nonlocal_bind = 1 net.ipv4.ip_forward = 1   [root@backup ~]# sysctl -p net.ipv4.ip_nonlocal_bind = 1 net.ipv4.ip_forward = 1  //修改配置文件 [root@backup ~]# mkdir /etc/haproxy [root@backup ~]# vim /etc/haproxy/haproxy.cfg global     daemon     maxconn 256   defaults     mode http     timeout connect 5000ms     timeout client 50000ms     timeout server 50000ms   frontend http-in     bind *:80     default_backend servers   backend servers     server web01 192.168.111.143:80     server web02 192.168.111.144:80  //编写service文件,并启动服务 [root@backup ~]# vim /usr/lib/systemd/system/haproxy.service [Unit] Description=HAProxy Load Balancer After=syslog.target network.target   [Service] ExecStartPre=/usr/local/haproxy/sbin/haproxy -f /etc/haproxy/haproxy.cfg   -c -q ExecStart=/usr/local/haproxy/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg  -p /var/run/haproxy.pid ExecReload=/bin/kill -USR2 $MAINPID   [Install] WantedBy=multi-user.target   [root@backup ~]# systemctl daemon-reload  [root@backup ~]# systemctl start haproxy.service  [root@backup ~]# ss -anlt State        Recv-Q       Send-Q               Local Address:Port               Peer Address:Port       Process        LISTEN       0            128                        0.0.0.0:80                      0.0.0.0:*                         LISTEN       0            128                        0.0.0.0:22                      0.0.0.0:*                         LISTEN       0            128                           [::]:22                         [::]:*                          //查看负载均衡效果 [root@backup ~]# curl 192.168.111.142 web1 [root@backup ~]# curl 192.168.111.142 web2 [root@backup ~]# curl 192.168.111.142 web1 [root@backup ~]# curl 192.168.111.142 web2  //backup端的负载均衡器最好关掉 [root@backup ~]# systemctl stop haproxy 

3.开始部署keepalived高可用

master端

//首先安装keepalived [root@master ~]# dnf -y install keepalived   //编辑配置文件,并启动服务 [root@master ~]# mv /etc/keepalived/keepalived.conf{,.bak} [root@master ~]# vim /etc/keepalived/keepalived.conf  ! Configuration File for keepalived   global_defs {    router_id lb01 }   vrrp_instance VI_1 {     state MASTER     interface ens33     virtual_router_id 51     priority 100     advert_int 1     authentication {         auth_type PASS         auth_pass 123456     }     virtual_ipaddress {         192.168.111.250     } }   virtual_server 192.168.111.250 80 {     delay_loop 6     lb_algo rr     lb_kind DR     persistence_timeout 50     protocol TCP       real_server 192.168.111.141 80 {         weight 1         TCP_CHECK {             connect_port 80             connect_timeout 3             nb_get_retry 3             delay_before_retry 3         }     }       real_server 192.168.111.142 80 {         weight 1         TCP_CHECK {             connect_port 80             connect_timeout 3             nb_get_retry 3             delay_before_retry 3         }     } } [root@master ~]# systemctl enable --now keepalived  //通过虚拟IP访问 [root@master ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00     inet 127.0.0.1/8 scope host lo        valid_lft forever preferred_lft forever     inet6 ::1/128 scope host         valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000     link/ether 00:0c:29:50:34:72 brd ff:ff:ff:ff:ff:ff     inet 192.168.111.141/24 brd 192.168.111.255 scope global dynamic noprefixroute ens33        valid_lft 1500sec preferred_lft 1500sec     inet 192.168.111.250/32 scope global ens33        valid_lft forever preferred_lft forever     inet6 fe80::20c:29ff:fe50:3472/64 scope link noprefixroute         valid_lft forever preferred_lft forever [root@master ~]# curl 192.168.111.250 web1 [root@master ~]# curl 192.168.111.250 web2 [root@master ~]# curl 192.168.111.250 web1 [root@master ~]# curl 192.168.111.250 web2 

backup端

//首先安装keepalived [root@backup ~]# dnf -y install keepalived   //编辑配置文件,并启动服务 [root@backup ~]# mv /etc/keepalived/keepalived.conf{,.back} [root@backup ~]# vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived   global_defs {    router_id lb02 }   vrrp_instance VI_1 {     state BACKUP     interface ens33     virtual_router_id 51     priority 90     advert_int 1     authentication {         auth_type PASS         auth_pass 123456     }     virtual_ipaddress {         192.168.111.250     } }   virtual_server 192.168.111.250 80 {     delay_loop 6     lb_algo rr     lb_kind DR     persistence_timeout 50     protocol TCP       real_server 192.168.111.141 80 {         weight 1         TCP_CHECK {             connect_port 80             connect_timeout 3             nb_get_retry 3             delay_before_retry 3         }     }       real_server 192.168.111.142 80 {         weight 1         TCP_CHECK {             connect_port 80             connect_timeout 3             nb_get_retry 3             delay_before_retry 3         }     } } [root@backup ~]# systemctl enable --now keepalived 

4.编写脚本

master端

[root@master ~]# mkdir /scripts [root@master ~]# cd /scripts/ [root@master scripts]# vim check_haproxy.sh #!/bin/bash haproxy_status=$(ps -ef|grep -Ev "grep|$0"|grep 'bhaproxyb'|wc -l) if [ $haproxy_status -lt 1 ];then     systemctl stop keepalived fi  [root@master scripts]# vim notify.sh #!/bin/bash VIP=$2 case "$1" in   master)         haproxy_status=$(ps -ef|grep -Ev "grep|$0"|grep 'bhaproxyb'|wc -l)         if [ $haproxy_status -lt 1 ];then             systemctl start haproxy         fi   ;;   backup)         haproxy_status=$(ps -ef|grep -Ev "grep|$0"|grep 'bhaproxyb'|wc -l)         if [ $haproxy_status -gt 0 ];then             systemctl stop haproxy  [root@master scripts]# chmod +x check_haproxy.sh notify.sh  [root@master scripts]# ll total 8 -rwxr-xr-x 1 root root 148 Oct 10 00:00 check_haproxy.sh -rwxr-xr-x 1 root root 377 Oct 10 00:01 notify.sh 

backup端

[root@backup ~]# mkdir /scripts [root@backup ~]# cd /scripts/ [root@backup scripts]# scp root@192.168.111.141:/scripts/notify.sh . [root@backup scripts]# ll total 4 -rwxr-xr-x 1 root root 377 Oct 10 00:02 notify.sh 

5.配置keepalived加入监控脚本的配置

master端

[root@master ~]# vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived   global_defs {    router_id lb01 }   vrrp_script haproxy_check {				//添加     script "/scripts/check_haproxy.sh"     interval 1     weight -20 }  vrrp_instance VI_1 {     state MASTER     interface ens33     virtual_router_id 51     priority 100     advert_int 1     authentication {         auth_type PASS         auth_pass 123456     }     virtual_ipaddress {         192.168.111.250     }     track_script {			//添加         haproxy_check     }     notify_master "/scripts/notify.sh master 192.168.111.250" }   virtual_server 192.168.111.250 80 {     delay_loop 6     lb_algo rr     lb_kind DR     persistence_timeout 50     protocol TCP       real_server 192.168.111.141 80 {         weight 1         TCP_CHECK {             connect_port 80             connect_timeout 3             nb_get_retry 3             delay_before_retry 3         }     }       real_server 192.168.111.142 80 {         weight 1         TCP_CHECK {             connect_port 80             connect_timeout 3             nb_get_retry 3             delay_before_retry 3         }     } } [root@master scripts]# systemctl restart keepalived 

backup端

[root@backup ~]# vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived   global_defs {    router_id lb02 }   vrrp_instance VI_1 {     state BACKUP     interface ens33     virtual_router_id 51     priority 90     advert_int 1     authentication {         auth_type PASS         auth_pass 123456     }     virtual_ipaddress {         192.168.111.250     }     notify_master "/scripts/notify.sh master 192.168.111.250"		//添加     notify_backup "/scripts/notify.sh backup 192.168.111.250" }   virtual_server 192.168.111.250 80 {     delay_loop 6     lb_algo rr     lb_kind DR     persistence_timeout 50     protocol TCP       real_server 192.168.111.141 80 {         weight 1         TCP_CHECK {             connect_port 80             connect_timeout 3             nb_get_retry 3             delay_before_retry 3         }     }       real_server 192.168.111.142 80 {         weight 1         TCP_CHECK {             connect_port 80             connect_timeout 3             nb_get_retry 3             delay_before_retry 3         }     } } [root@backup ~]# systemctl restart keepalived 

测试

模拟haproxy服务故障

//master端 [root@master ~]# curl 192.168.111.250 web1 [root@master ~]# curl 192.168.111.250 web2 [root@master ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00     inet 127.0.0.1/8 scope host lo        valid_lft forever preferred_lft forever     inet6 ::1/128 scope host         valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000     link/ether 00:0c:29:50:34:72 brd ff:ff:ff:ff:ff:ff     inet 192.168.111.141/24 brd 192.168.111.255 scope global dynamic noprefixroute ens33        valid_lft 1601sec preferred_lft 1601sec     inet 192.168.111.250/32 scope global ens33        valid_lft forever preferred_lft forever     inet6 fe80::20c:29ff:fe50:3472/64 scope link noprefixroute         valid_lft forever preferred_lft forever [root@master ~]# systemctl stop haproxy [root@master ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00     inet 127.0.0.1/8 scope host lo        valid_lft forever preferred_lft forever     inet6 ::1/128 scope host         valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000     link/ether 00:0c:29:50:34:72 brd ff:ff:ff:ff:ff:ff     inet 192.168.111.141/24 brd 192.168.111.255 scope global dynamic noprefixroute ens33        valid_lft 1591sec preferred_lft 1591sec     inet6 fe80::20c:29ff:fe50:3472/64 scope link noprefixroute         valid_lft forever preferred_lft forever  //backup端 [root@backup ~]# systemctl start haproxy    //前面把服务关了这里启动一下 [root@backup ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00     inet 127.0.0.1/8 scope host lo        valid_lft forever preferred_lft forever     inet6 ::1/128 scope host         valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000     link/ether 00:0c:29:07:42:65 brd ff:ff:ff:ff:ff:ff     inet 192.168.111.142/24 brd 192.168.111.255 scope global dynamic noprefixroute ens33        valid_lft 947sec preferred_lft 947sec     inet 192.168.111.250/32 scope global ens33        valid_lft forever preferred_lft forever     inet6 fe80::20c:29ff:fe07:4265/64 scope link noprefixroute         valid_lft forever preferred_lft forever [root@backup ~]# curl 192.168.111.250 web1 [root@backup ~]# curl 192.168.111.250 web2 [root@backup ~]# curl 192.168.111.250 web1 [root@backup ~]# curl 192.168.111.250 web2 

启动master端的haproxy服务

//master端 [root@master scripts]# systemctl start haproxy [root@master scripts]# systemctl restart keepalived [root@master ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00     inet 127.0.0.1/8 scope host lo        valid_lft forever preferred_lft forever     inet6 ::1/128 scope host         valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000     link/ether 00:0c:29:50:34:72 brd ff:ff:ff:ff:ff:ff     inet 192.168.111.141/24 brd 192.168.111.255 scope global dynamic noprefixroute ens33        valid_lft 1223sec preferred_lft 1223sec     inet 192.168.111.250/32 scope global ens33        valid_lft forever preferred_lft forever     inet6 fe80::20c:29ff:fe50:3472/64 scope link noprefixroute         valid_lft forever preferred_lft forever  //backup端 [root@backup ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00     inet 127.0.0.1/8 scope host lo        valid_lft forever preferred_lft forever     inet6 ::1/128 scope host         valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000     link/ether 00:0c:29:07:42:65 brd ff:ff:ff:ff:ff:ff     inet 192.168.111.142/24 brd 192.168.111.255 scope global dynamic noprefixroute ens33        valid_lft 1632sec preferred_lft 1632sec     inet6 fe80::20c:29ff:fe07:4265/64 scope link noprefixroute         valid_lft forever preferred_lft forever