部署haproxy+keepalived高可用负载均衡器

精选原创

lxycneo 2022-10-25 18:02:12 博主文章分类：云原生 ©著作权

©著作权归作者所有：来自51CTO博客作者lxycneo的原创作品，请联系作者获取转载授权，否则将追究法律责任

尽管HAProxy非常稳定，但仍然无法规避操作系统故障、主机硬件故障、网络故障甚至断电带来的风险。所以必须对HAProxy实施高可用方案。

下面将介绍利用Keepalived实现的HAProxy热备方案。即两台主机上的两个HAProxy实例同时在线，其中权重较高的实例为MASTER，MASTER出现问题时，另一台实例自动接管所有流量。

1、地址规划

部署haproxy+keepalived高可用负载均衡器_linux

haproxy+keepalive1
192.168.28.101
haproxy+keepalive2
192.168.28.102
VIP
192.168.28.110
harbor
192.168.28.202

1、使用yum安装软件（如果服务器不能联网，可以选择源码安装，这里为了简单，直接使用yum）

# yum install keepalived haproxy -y

部署haproxy+keepalived高可用负载均衡器_sed_02

2、关闭防火墙和selinux

关闭防火墙
iptables -F && iptables -X && iptables -Z
systemctl stop firewalld.service && systemctl disable firewalld.service

关闭Selinux
setenforce 0
echo 'sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/sysconfig/selinux
sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
sed -i "s/^SELINUX=permissive/SELINUX=disabled/g" /etc/sysconfig/selinux
sed -i "s/^SELINUX=permissive/SELINUX=disabled/g" /etc/selinux/config'| sh

3、配置时间同步

yum install chronyd -y

cat > /etc/chrony.conf <<EOF
server ntp.aliyun.com iburst
stratumweight 0
driftfile /var/lib/chrony/drift
rtcsync
makestep 10 3
bindcmdaddress 127.0.0.1
bindcmdaddress ::1
keyfile /etc/chrony.keys
commandkey 1
generatecommandkey
logchange 0.5
logdir /var/log/chrony
EOF

systemctl enable chronyd && systemctl start chronyd

3、配置kepalived

复制VRRP模板

cp /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp /etc/keepalived/keepalived.conf

master节点配置

修改配置如下

部署haproxy+keepalived高可用负载均衡器_sed_03

! Configuration File for keepalived

global_defs {
   notification_email {
     acassen
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL1
}


vrrp_instance VI_1 {
    state MASTER
    interface ens33
    garp_master_delay 10
    smtp_alert
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.28.110 
    }
}

backup节点配置

部署haproxy+keepalived高可用负载均衡器_sed_04

! Configuration File for keepalived

global_defs {
   notification_email {
     acassen
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL2
}


vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    garp_master_delay 10
    smtp_alert
    virtual_router_id 51
    priority 50
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.28.110
    }
}

启动服务

systemctl enable keepalived  && systemctl start keepalived && systemctl status keepalived

主机：

部署haproxy+keepalived高可用负载均衡器_linux_05

备机：

部署haproxy+keepalived高可用负载均衡器_ipad_06

4、配置haproxy

hapeoxy配置如下：

主备机配置一样

scp /etc/haproxy/haproxy.cfg 192.168.28.101:/etc/haproxy/haproxy.cfg

#--------------全局配置----------------
global
    log 127.0.0.1 local0  info
    #log loghost local0 info
    maxconn 20480
#chroot /usr/local/haproxy
    pidfile /var/run/haproxy.pid
    #maxconn 4000
    user haproxy
    group haproxy
    daemon
#---------------------------------------------------------------------
#common defaults that all the 'listen' and 'backend' sections will
#use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode http
    log global
    option dontlognull
    option httpclose
    option httplog
    #option forwardfor
    option redispatch
    balance roundrobin
    timeout connect 10s
    timeout client 10s
    timeout server 10s
    timeout check 10s
    maxconn 60000
    retries 3
#--------------统计页面配置------------------
listen admin_stats
    bind 0.0.0.0:8189
    stats enable
    mode http
    log global
    stats uri /haproxy_stats
    stats realm Haproxy\ Statistics
    stats auth admin:admin
    #stats hide-version
    stats admin if TRUE
    stats refresh 30s
#---------------web设置-----------------------
listen harbor-80
  bind *:80
  mode tcp
  server server1 192.168.28.201:80 check inter 3s fall 3 rise 3


listen harbor-443
  bind *:443
  mode tcp
  server server1 192.168.28.201:443 check inter 3s fall 3 rise 3

启动服务：

systemctl start haproxy && systemctl enable haproxy && systemctl status haproxy

部署haproxy+keepalived高可用负载均衡器_sed_07

5、测试效果

正常效果

打开https://192.168.28.110/查看负载后的地址

部署haproxy+keepalived高可用负载均衡器_linux_08

master：

keepalived状态:

部署haproxy+keepalived高可用负载均衡器_linux_09

backup：

keepalived状态:

部署haproxy+keepalived高可用负载均衡器_sed_10

关闭master

backup:

keepalived状态：

部署haproxy+keepalived高可用负载均衡器_sed_11

网页访问：

部署haproxy+keepalived高可用负载均衡器_sed_12

haproxy页面：

切换为backup PID

部署haproxy+keepalived高可用负载均衡器_linux_13

启动master

backup:

keepalived状态：

部署haproxy+keepalived高可用负载均衡器_ipad_14

master:

keepalived状态：

部署haproxy+keepalived高可用负载均衡器_ipad_15

访问网页正常：

部署haproxy+keepalived高可用负载均衡器_ipad_16

haproxy页面：

切换为master PID

部署haproxy+keepalived高可用负载均衡器_linux_17

由此可见，高可用负载均衡器正常使用。

上一篇：部署harbor并实现https(SAN签发证书)

下一篇：使用sshpass批量传递密钥实现ssh免密登录

提问和评论都可以，用心的回复会被更多人看到评论

发布评论

相关文章

官方博客	全部文章	热门标签	班级博客
了解我们	网站地图	意见反馈

鸿蒙开发者社区	51CTO学堂
51CTO	软考资讯