haproxy+keepalived负载均衡与高可用

  部署两台haproxy+keepalived节点服务

  192.168.119.20 为master

  192.168.119.21 为backup

 

  配置软件仓库

root@haproxyB:~# cat /etc/apt/sources.list
# 默认注释了源码镜像以提高 apt update 速度,如有需要可自行取消注释
deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal main restricted universe multiverse
# deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal main restricted universe multiverse
deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-updates main restricted universe multiverse
# deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-updates main restricted universe multiverse
deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-backports main restricted universe multiverse
# deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-backports main restricted universe multiverse
deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-security main restricted universe multiverse
# deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-security main restricted universe multiverse

# 预发布软件源,不建议启用
# deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-proposed main restricted universe multiverse
# deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-proposed main restricted universe multiverse

  

  部署keepalived和haproxy

root@haproxyA:~# apt install keepalived haproxy -y

 

  配置keepalived

  复制模板文件到服务配置文件目录

root@haproxyA:~# cp /usr/share/doc/keepalived/samples/keepalived.conf.vrrp /etc/keepalived/

root@haproxyA:~# cd /etc/keepalived/
root@haproxyA:/etc/keepalived# ll
total 16
drwxr-xr-x   2 root root   34 Jul 20 22:46 ./
drwxr-xr-x 104 root root 8192 Jul 20 22:41 ../
-rw-r--r--   1 root root 1445 Jul 20 22:46 keepalived.conf.vrrp
root@haproxyA:/etc/keepalived# cp keepalived.conf.vrrp keepalived.conf
root@haproxyA:/etc/keepalived# vim keepalived.conf

  

  修改生成新的配置文件

   master主节点配置

root@haproxyA:/etc/keepalived# cat keepalived.conf
! Configuration File for keepalived

global_defs {        #全局配置
   notification_email {
     acassen
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1        #邮件服务器
   smtp_connect_timeout 30
   router_id LVS_20        #MASTER的id与BACKUP不同
}

vrrp_instance VI_1 {        #单实例,名称为VI_1
    state MASTER            #主配置为MASTER
    interface eth0            #设定绑定VIP的网络接口
    garp_master_delay 10
    smtp_alert
    virtual_router_id 51    #主和备的id单实例下必须一致,路由器唯一表示
    priority 100            #主的优先级大于备,范围是在50以内
    advert_int 1            #vrrp的消息发送间隔1秒
    authentication {
        auth_type PASS        #vrrp之间的验证采用明文
        auth_pass 1111        #密码
    }
    virtual_ipaddress {
        192.168.119.188 dev eth0 label eth0:1   #设置RS的VIP地址,如果没有后跟接口,则默认选择单实例下的interface eth0
        192.168.119.189 dev eth0 label eth0:2   #↑
        192.168.119.190 dev eth0 label eth0:3   #↑
        192.168.119.191 dev eth0 label eth0:4   #↑
        192.168.119.192 dev eth0 label eth0:5   #同上
    }
}

#启动master keeplalived
root@haproxyA:/etc/keepalived# systemctl enable keepalived --now

  

  

  

  backup节点配置

root@haproxyB:/etc/keepalived# cat keepalived.conf 
! Configuration File for keepalived

global_defs {
   notification_email {
     acassen
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_21
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    garp_master_delay 10
    smtp_alert
    virtual_router_id 51
    priority 50
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.119.188 dev eth0 label eth0:1
        192.168.119.189 dev eth0 label eth0:2
        192.168.119.190 dev eth0 label eth0:3
        192.168.119.191 dev eth0 label eth0:4
        192.168.119.192 dev eth0 label eth0:5
    }
}

#启动keepalived
root@haproxyB:/etc/keepalived# systemctl enable keepalived --now

 

  VIP切换测试

  停掉master keeaplived,停止master节点keepavlived服务同时,vip地址已经全部切换到了backup节点上的keepalived实例。icmp测试无感

  

 

  配置haproxy

   两台haproxy配置相同的文件

root@haproxyA:~# cat /etc/haproxy/haproxy.cfg
global
	log /dev/log	local0
	log /dev/log	local1 notice
	chroot /var/lib/haproxy
	stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
	stats timeout 30s
	user haproxy
	group haproxy
	daemon

	# Default SSL material locations
	ca-base /etc/ssl/certs
	crt-base /etc/ssl/private

	# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
        ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets

defaults
	log	global
	mode	http
	option	httplog
	option	dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
	errorfile 400 /etc/haproxy/errors/400.http
	errorfile 403 /etc/haproxy/errors/403.http
	errorfile 408 /etc/haproxy/errors/408.http
	errorfile 500 /etc/haproxy/errors/500.http
	errorfile 502 /etc/haproxy/errors/502.http
	errorfile 503 /etc/haproxy/errors/503.http
	errorfile 504 /etc/haproxy/errors/504.http

listen harbor-80
  bind 192.168.119.189:80
  mode tcp
  server server1 192.168.119.10:80 check inter 3s fall 3 rise 3


listen harbor-443
  bind 192.168.119.189:443
  mode tcp
  server server1 192.168.119.10:443 check inter 3s fall 3 rise 3

 

  

  测试访问:

 

 

 

 

posted @ 2022-07-20 23:19  PunchLinux  阅读(120)  评论(0编辑  收藏  举报