haproxy+keepalive高可用负载均衡部署

一、环境准备

# cat /etc/redhat-release
CentOS Linux release 8.5.2111
# uname -r
4.18.0-348.7.1.el8_5.x86_64

192.168.247.101 keepalive-haproxy-01
192.168.247.102 keepalive-haproxy-02
192.168.247.103 keepalive-haproxy-03
192.168.247.100 keepalive-haproxy-vip

二、基础环境配置

关闭防火墙
iptables -F && iptables -X && iptables -Z
systemctl stop firewalld.service && systemctl disable firewalld.service

关闭Selinux
setenforce 0
echo 'sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/sysconfig/selinux
sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
sed -i "s/^SELINUX=permissive/SELINUX=disabled/g" /etc/sysconfig/selinux
sed -i "s/^SELINUX=permissive/SELINUX=disabled/g" /etc/selinux/config'| sh

配置时间同步

dnf install chronyd -y

cat > /etc/chrony.conf <<EOF
server ntp.aliyun.com iburst
stratumweight 0
driftfile /var/lib/chrony/drift
rtcsync
makestep 10 3
bindcmdaddress 127.0.0.1
bindcmdaddress ::1
keyfile /etc/chrony.keys
commandkey 1
generatecommandkey
logchange 0.5
logdir /var/log/chrony
EOF

systemctl enable chronyd && systemctl start chronyd

三、安装服务

dnf install keepalived haproxy httpd -y

配置httpd服务
cp /etc/httpd/conf/httpd.conf{,.bak}
sed -i 's#^Listen 80#Listen 8080#' /etc/httpd/conf/httpd.conf
echo "ServerName `hostname`:8080">>/etc/httpd/conf/httpd.conf
tail -1 /etc/httpd/conf/httpd.conf
systemctl start httpd.service && systemctl enable httpd.service
netstat -antp|grep httpd

四、配置keepalive高可用

1master+2slave

注意ip、priority权重比

[root@keepalive-haproxy-01 ~]# cat /etc/keepalived/keepalived.conf
global_defs {
router_id LVS_DEVEL
script_user root
enable_script_security
}
vrrp_script chk_apiserver {
# script "/etc/keepalived/check_apiserver.sh"
interval 5
weight -5
fall 2
rise 1
}
vrrp_instance VI_1 {
state MASTER
interface ens160
mcast_src_ip 192.168.247.101
virtual_router_id 51
priority 101
advert_int 2
authentication {
auth_type PASS
auth_pass K8SHA_KA_AUTH
}
virtual_ipaddress {
192.168.247.100
}
## 注意健康检查是关闭的，集群建立完成后再开启
# track_script {
# chk_apiserver
# }
}
[root@keepalive-haproxy-01 ~]#

[root@keepalive-haproxy-02 ~]# cat /etc/keepalived/keepalived.conf 
global_defs {
    router_id LVS_DEVEL
script_user root
    enable_script_security
}
vrrp_script chk_apiserver {
#    script "/etc/keepalived/check_apiserver.sh"
    interval 5
    weight -5
    fall 2  
rise 1
}
vrrp_instance VI_1 {
    state BACKUP
    interface ens160
    mcast_src_ip 192.168.247.102
    virtual_router_id 51
    priority 100
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass K8SHA_KA_AUTH
    }
    virtual_ipaddress {
        192.168.247.100
    }   
## 注意健康检查是关闭的，集群建立完成后再开启
#    track_script {
#       chk_apiserver
#    }
}
[root@keepalive-haproxy-02 ~]# 

[root@keepalive-haproxy-03 ~]# cat /etc/keepalived/keepalived.conf 
global_defs {
    router_id LVS_DEVEL
script_user root
    enable_script_security
}
vrrp_script chk_apiserver {
#    script "/etc/keepalived/check_apiserver.sh"
    interval 5
    weight -5
    fall 2  
rise 1
}
vrrp_instance VI_1 {
    state BACKUP
    interface ens160
    mcast_src_ip 192.168.247.103
    virtual_router_id 51
    priority 99
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass K8SHA_KA_AUTH
    }
    virtual_ipaddress {
        192.168.247.100
    }   
## 注意健康检查是关闭的，集群建立完成后再开启
#    track_script {
#       chk_apiserver
#    }
}
[root@keepalive-haproxy-03 ~]# 

启动keepalived服务

systemctl enable keepalived  && systemctl start keepalived && systemctl status keepalived

 查看VIP

五、配置haproxy

分别在01、02、03配置如下信息

[root@keepalive-haproxy-01 ~]# cat /etc/haproxy/haproxy.cfg
###########全局配置#########
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
daemon
nbproc 1
maxconn 4096
user haproxy
group haproxy
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
########默认配置############
defaults
log global
mode http
option httplog
option dontlognull
retries 2
# option forwardfor
option httpclose
option abortonclose
maxconn 4096
timeout connect 5m
timeout client 1m
timeout server 31m
timeout check 10s
balance roundrobin
########统计页面配置########
listen stats
bind 0.0.0.0:1080
mode http
option httplog
log 127.0.0.1 local0 err
maxconn 10
stats refresh 30s
stats uri /admin
stats realm Haproxy\ Statistics
stats auth admin:admin
stats hide-version
stats admin if TRUE
########WEB############
listen dashboard_cluster
bind keepalive-haproxy-vip:80
balance roundrobin
option tcpka
option httpchk
option tcplog
server keepliave-haproxy-01 192.168.247.101:8080 check port 8080 inter 2000 rise 2 fall 5
server keepliave-haproxy-02 192.168.247.102:8080 check port 8080 inter 2000 rise 2 fall 5
server keepliave-haproxy-03 192.168.247.103:8080 check port 8080 inter 2000 rise 2 fall 5

systemctl enable haproxy && systemctl restart haproxy && systemctl status haproxy

验证：http://192.168.247.100:1080/admin  admin admin