部署haproxy+keepalived高可用负载均衡器

精选原创

lxycneo 2022-10-25 18:02:12 博主文章分类：云原生 ©著作权

文章标签 linux sed ipad 文章分类 kubernetes 云计算 阅读数163

尽管HAProxy非常稳定，但仍然无法规避操作系统故障、主机硬件故障、网络故障甚至断电带来的风险。所以必须对HAProxy实施高可用方案。

下面将介绍利用Keepalived实现的HAProxy热备方案。即两台主机上的两个HAProxy实例同时在线，其中权重较高的实例为MASTER，MASTER出现问题时，另一台实例自动接管所有流量。

1、地址规划

haproxy+keepalive1
192.168.28.101
haproxy+keepalive2
192.168.28.102
VIP
192.168.28.110
harbor
192.168.28.202

1、使用yum安装软件（如果服务器不能联网，可以选择源码安装，这里为了简单，直接使用yum）

# yum install keepalived haproxy -y

2、关闭防火墙和selinux

关闭防火墙
iptables -F && iptables -X && iptables -Z
systemctl stop firewalld.service && systemctl disable firewalld.service

关闭Selinux
setenforce 0
echo 'sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/sysconfig/selinux
sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
sed -i "s/^SELINUX=permissive/SELINUX=disabled/g" /etc/sysconfig/selinux
sed -i "s/^SELINUX=permissive/SELINUX=disabled/g" /etc/selinux/config'| sh

3、配置时间同步

yum install chronyd -y

cat > /etc/chrony.conf <<EOF
server ntp.aliyun.com iburst
stratumweight 0
driftfile /var/lib/chrony/drift
rtcsync
makestep 10 3
bindcmdaddress 127.0.0.1
bindcmdaddress ::1
keyfile /etc/chrony.keys
commandkey 1
generatecommandkey
logchange 0.5
logdir /var/log/chrony
EOF

systemctl enable chronyd && systemctl start chronyd

3、配置kepalived

复制VRRP模板

cp /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp /etc/keepalived/keepalived.conf

master节点配置

修改配置如下

! Configuration File for keepalived

global_defs {
notification_email {
acassen
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL1
}

vrrp_instance VI_1 {
state MASTER
interface ens33
garp_master_delay 10
smtp_alert
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.28.110
}
}

backup节点配置

! Configuration File for keepalived

global_defs {
notification_email {
acassen
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL2
}

vrrp_instance VI_1 {
state BACKUP
interface ens33
garp_master_delay 10
smtp_alert
virtual_router_id 51
priority 50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.28.110
}
}

systemctl enable keepalived && systemctl start keepalived && systemctl status keepalived

4、配置haproxy

hapeoxy配置如下：

主备机配置一样

scp /etc/haproxy/haproxy.cfg 192.168.28.101:/etc/haproxy/haproxy.cfg

#--------------全局配置----------------
global
log 127.0.0.1 local0 info
#log loghost local0 info
maxconn 20480
#chroot /usr/local/haproxy
pidfile /var/run/haproxy.pid
#maxconn 4000
user haproxy
group haproxy
daemon
#---------------------------------------------------------------------
#common defaults that all the 'listen' and 'backend' sections will
#use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option dontlognull
option httpclose
option httplog
#option forwardfor
option redispatch
balance roundrobin
timeout connect 10s
timeout client 10s
timeout server 10s
timeout check 10s
maxconn 60000
retries 3
#--------------统计页面配置------------------
listen admin_stats
bind 0.0.0.0:8189
stats enable
mode http
log global
stats uri /haproxy_stats
stats realm Haproxy\ Statistics
stats auth admin:admin
#stats hide-version
stats admin if TRUE
stats refresh 30s
#---------------web设置-----------------------
listen harbor-80
bind *:80
mode tcp
server server1 192.168.28.201:80 check inter 3s fall 3 rise 3

listen harbor-443
bind *:443
mode tcp
server server1 192.168.28.201:443 check inter 3s fall 3 rise 3

启动服务：

systemctl start haproxy && systemctl enable haproxy && systemctl status haproxy