haproxy+keepalived负载均衡与高可用
部署两台haproxy+keepalived节点服务
192.168.119.20 为master
192.168.119.21 为backup
配置软件仓库
root@haproxyB:~# cat /etc/apt/sources.list
# 默认注释了源码镜像以提高 apt update 速度,如有需要可自行取消注释
deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal main restricted universe multiverse
# deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal main restricted universe multiverse
deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-updates main restricted universe multiverse
# deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-updates main restricted universe multiverse
deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-backports main restricted universe multiverse
# deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-backports main restricted universe multiverse
deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-security main restricted universe multiverse
# deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-security main restricted universe multiverse
# 预发布软件源,不建议启用
# deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-proposed main restricted universe multiverse
# deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-proposed main restricted universe multiverse
部署keepalived和haproxy
root@haproxyA:~# apt install keepalived haproxy -y
配置keepalived
复制模板文件到服务配置文件目录
root@haproxyA:~# cp /usr/share/doc/keepalived/samples/keepalived.conf.vrrp /etc/keepalived/
root@haproxyA:~# cd /etc/keepalived/
root@haproxyA:/etc/keepalived# ll
total 16
drwxr-xr-x 2 root root 34 Jul 20 22:46 ./
drwxr-xr-x 104 root root 8192 Jul 20 22:41 ../
-rw-r--r-- 1 root root 1445 Jul 20 22:46 keepalived.conf.vrrp
root@haproxyA:/etc/keepalived# cp keepalived.conf.vrrp keepalived.conf
root@haproxyA:/etc/keepalived# vim keepalived.conf
修改生成新的配置文件
master主节点配置
root@haproxyA:/etc/keepalived# cat keepalived.conf
! Configuration File for keepalived
global_defs { #全局配置
notification_email {
acassen
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1 #邮件服务器
smtp_connect_timeout 30
router_id LVS_20 #MASTER的id与BACKUP不同
}
vrrp_instance VI_1 { #单实例,名称为VI_1
state MASTER #主配置为MASTER
interface eth0 #设定绑定VIP的网络接口
garp_master_delay 10
smtp_alert
virtual_router_id 51 #主和备的id单实例下必须一致,路由器唯一表示
priority 100 #主的优先级大于备,范围是在50以内
advert_int 1 #vrrp的消息发送间隔1秒
authentication {
auth_type PASS #vrrp之间的验证采用明文
auth_pass 1111 #密码
}
virtual_ipaddress {
192.168.119.188 dev eth0 label eth0:1 #设置RS的VIP地址,如果没有后跟接口,则默认选择单实例下的interface eth0
192.168.119.189 dev eth0 label eth0:2 #↑
192.168.119.190 dev eth0 label eth0:3 #↑
192.168.119.191 dev eth0 label eth0:4 #↑
192.168.119.192 dev eth0 label eth0:5 #同上
}
}
#启动master keeplalived
root@haproxyA:/etc/keepalived# systemctl enable keepalived --now
backup节点配置
root@haproxyB:/etc/keepalived# cat keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_21
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
garp_master_delay 10
smtp_alert
virtual_router_id 51
priority 50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.119.188 dev eth0 label eth0:1
192.168.119.189 dev eth0 label eth0:2
192.168.119.190 dev eth0 label eth0:3
192.168.119.191 dev eth0 label eth0:4
192.168.119.192 dev eth0 label eth0:5
}
}
#启动keepalived
root@haproxyB:/etc/keepalived# systemctl enable keepalived --now
VIP切换测试
停掉master keeaplived,停止master节点keepavlived服务同时,vip地址已经全部切换到了backup节点上的keepalived实例。icmp测试无感
配置haproxy
两台haproxy配置相同的文件
root@haproxyA:~# cat /etc/haproxy/haproxy.cfg
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
listen harbor-80
bind 192.168.119.189:80
mode tcp
server server1 192.168.119.10:80 check inter 3s fall 3 rise 3
listen harbor-443
bind 192.168.119.189:443
mode tcp
server server1 192.168.119.10:443 check inter 3s fall 3 rise 3
测试访问:
本文来自博客园,作者:PunchLinux,转载请注明原文链接:https://www.cnblogs.com/punchlinux/p/16500268.html