haproxy+keepalived负载均衡与高可用

部署两台haproxy+keepalived节点服务

192.168.119.20 为master

192.168.119.21 为backup

配置软件仓库

 root@haproxyB:~# cat /etc/apt/sources.list
# 默认注释了源码镜像以提高 apt update 速度，如有需要可自行取消注释
deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal main restricted universe multiverse
# deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal main restricted universe multiverse
deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-updates main restricted universe multiverse
# deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-updates main restricted universe multiverse
deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-backports main restricted universe multiverse
# deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-backports main restricted universe multiverse
deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-security main restricted universe multiverse
# deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-security main restricted universe multiverse
 
# 预发布软件源，不建议启用
# deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-proposed main restricted universe multiverse
# deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-proposed main restricted universe multiverse

部署keepalived和haproxy

 root@haproxyA:~# apt install keepalived haproxy -y

配置keepalived

复制模板文件到服务配置文件目录

 root@haproxyA:~# cp /usr/share/doc/keepalived/samples/keepalived.conf.vrrp /etc/keepalived/
 
root@haproxyA:~# cd /etc/keepalived/
root@haproxyA:/etc/keepalived# ll
total 16
drwxr-xr-x   2 root root   34 Jul 20 22:46 ./
drwxr-xr-x 104 root root 8192 Jul 20 22:41 ../
-rw-r--r--   1 root root 1445 Jul 20 22:46 keepalived.conf.vrrp
root@haproxyA:/etc/keepalived# cp keepalived.conf.vrrp keepalived.conf
root@haproxyA:/etc/keepalived# vim keepalived.conf

修改生成新的配置文件

master主节点配置

 root@haproxyA:/etc/keepalived# cat keepalived.conf
! Configuration File for keepalived
 
global_defs {        #全局配置
   notification_email {
     acassen
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1        #邮件服务器
   smtp_connect_timeout 30
   router_id LVS_20        #MASTER的id与BACKUP不同
}
 
vrrp_instance VI_1 {        #单实例，名称为VI_1
    state MASTER            #主配置为MASTER
    interface eth0            #设定绑定VIP的网络接口
    garp_master_delay 10
    smtp_alert
    virtual_router_id 51    #主和备的id单实例下必须一致，路由器唯一表示
    priority 100            #主的优先级大于备，范围是在50以内
    advert_int 1            #vrrp的消息发送间隔1秒
    authentication {
        auth_type PASS        #vrrp之间的验证采用明文
        auth_pass 1111        #密码
    }
    virtual_ipaddress {
        192.168.119.188 dev eth0 label eth0:1   #设置RS的VIP地址，如果没有后跟接口，则默认选择单实例下的interface eth0
        192.168.119.189 dev eth0 label eth0:2   #↑
        192.168.119.190 dev eth0 label eth0:3   #↑
        192.168.119.191 dev eth0 label eth0:4   #↑
        192.168.119.192 dev eth0 label eth0:5   #同上
    }
}
 
#启动master keeplalived
root@haproxyA:/etc/keepalived# systemctl enable keepalived --now

backup节点配置

 root@haproxyB:/etc/keepalived# cat keepalived.conf 
! Configuration File for keepalived
 
global_defs {
   notification_email {
     acassen
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_21
}
 
vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    garp_master_delay 10
    smtp_alert
    virtual_router_id 51
    priority 50
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.119.188 dev eth0 label eth0:1
        192.168.119.189 dev eth0 label eth0:2
        192.168.119.190 dev eth0 label eth0:3
        192.168.119.191 dev eth0 label eth0:4
        192.168.119.192 dev eth0 label eth0:5
    }
}
 
#启动keepalived
root@haproxyB:/etc/keepalived# systemctl enable keepalived --now

VIP切换测试

停掉master keeaplived，停止master节点keepavlived服务同时，vip地址已经全部切换到了backup节点上的keepalived实例。icmp测试无感

配置haproxy

两台haproxy配置相同的文件

 root@haproxyA:~# cat /etc/haproxy/haproxy.cfg
global
	log /dev/log	local0
	log /dev/log	local1 notice
	chroot /var/lib/haproxy
	stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
	stats timeout 30s
	user haproxy
	group haproxy
	daemon
 
	# Default SSL material locations
	ca-base /etc/ssl/certs
	crt-base /etc/ssl/private
 
	# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
        ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
 
defaults
	log	global
	mode	http
	option	httplog
	option	dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
	errorfile 400 /etc/haproxy/errors/400.http
	errorfile 403 /etc/haproxy/errors/403.http
	errorfile 408 /etc/haproxy/errors/408.http
	errorfile 500 /etc/haproxy/errors/500.http
	errorfile 502 /etc/haproxy/errors/502.http
	errorfile 503 /etc/haproxy/errors/503.http
	errorfile 504 /etc/haproxy/errors/504.http
 
listen harbor-80
  bind 192.168.119.189:80
  mode tcp
  server server1 192.168.119.10:80 check inter 3s fall 3 rise 3
 
 
listen harbor-443
  bind 192.168.119.189:443
  mode tcp
  server server1 192.168.119.10:443 check inter 3s fall 3 rise 3

测试访问：

posted @ 2022-07-20 23:19 PunchLinux 阅读(126) 评论(0) 编辑收藏举报

刷新页面返回顶部

登录后才能查看或发表评论，立即登录或者逛逛博客园首页

相关博文：

· 基于ceph-deploy部署ceph 16.2.x 单节点mon和mgr环境

· 部署harbor并实现https(SAN签发证书)

· haproxy+keepalived

· Haproxy详解以及基于Haproxy的高可用实战

· |NO.Z.00029|——————————|^^ 部署 ^^|——|KuberNetes&二进制部署.V07|5台Server|——|Keepalived|haproxy|

公告

昵称： PunchLinux
园龄： 4年9个月
粉丝： 21
关注： 0

+加关注

2025年3月

日

一

二

三

四

五

六

puchlinux

haproxy+keepalived负载均衡与高可用

公告

搜索

常用链接

最新随笔

我的标签

随笔分类

随笔档案

阅读排行榜

评论排行榜

推荐排行榜

最新评论

	root@haproxyB:~# cat /etc/apt/sources.list
	# 默认注释了源码镜像以提高 apt update 速度，如有需要可自行取消注释
	deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal main restricted universe multiverse
	# deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal main restricted universe multiverse
	deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-updates main restricted universe multiverse
	# deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-updates main restricted universe multiverse
	deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-backports main restricted universe multiverse
	# deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-backports main restricted universe multiverse
	deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-security main restricted universe multiverse
	# deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-security main restricted universe multiverse

	# 预发布软件源，不建议启用
	# deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-proposed main restricted universe multiverse
	# deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-proposed main restricted universe multiverse

	root@haproxyA:~# cp /usr/share/doc/keepalived/samples/keepalived.conf.vrrp /etc/keepalived/

	root@haproxyA:~# cd /etc/keepalived/
	root@haproxyA:/etc/keepalived# ll
	total 16
	drwxr-xr-x 2 root root 34 Jul 20 22:46 ./
	drwxr-xr-x 104 root root 8192 Jul 20 22:41 ../
	-rw-r--r-- 1 root root 1445 Jul 20 22:46 keepalived.conf.vrrp
	root@haproxyA:/etc/keepalived# cp keepalived.conf.vrrp keepalived.conf
	root@haproxyA:/etc/keepalived# vim keepalived.conf

	root@haproxyA:/etc/keepalived# cat keepalived.conf
	! Configuration File for keepalived

	global_defs { #全局配置
	notification_email {
	acassen
	}
	notification_email_from Alexandre.Cassen@firewall.loc
	smtp_server 192.168.200.1 #邮件服务器
	smtp_connect_timeout 30
	router_id LVS_20 #MASTER的id与BACKUP不同
	}

	vrrp_instance VI_1 { #单实例，名称为VI_1
	state MASTER #主配置为MASTER
	interface eth0 #设定绑定VIP的网络接口
	garp_master_delay 10
	smtp_alert
	virtual_router_id 51 #主和备的id单实例下必须一致，路由器唯一表示
	priority 100 #主的优先级大于备，范围是在50以内
	advert_int 1 #vrrp的消息发送间隔1秒
	authentication {
	auth_type PASS #vrrp之间的验证采用明文
	auth_pass 1111 #密码
	}
	virtual_ipaddress {
	192.168.119.188 dev eth0 label eth0:1 #设置RS的VIP地址，如果没有后跟接口，则默认选择单实例下的interface eth0
	192.168.119.189 dev eth0 label eth0:2 #↑
	192.168.119.190 dev eth0 label eth0:3 #↑
	192.168.119.191 dev eth0 label eth0:4 #↑
	192.168.119.192 dev eth0 label eth0:5 #同上
	}
	}

	#启动master keeplalived
	root@haproxyA:/etc/keepalived# systemctl enable keepalived --now

	root@haproxyB:/etc/keepalived# cat keepalived.conf
	! Configuration File for keepalived

	global_defs {
	notification_email {
	acassen
	}
	notification_email_from Alexandre.Cassen@firewall.loc
	smtp_server 192.168.200.1
	smtp_connect_timeout 30
	router_id LVS_21
	}

	vrrp_instance VI_1 {
	state BACKUP
	interface eth0
	garp_master_delay 10
	smtp_alert
	virtual_router_id 51
	priority 50
	advert_int 1
	authentication {
	auth_type PASS
	auth_pass 1111
	}
	virtual_ipaddress {
	192.168.119.188 dev eth0 label eth0:1
	192.168.119.189 dev eth0 label eth0:2
	192.168.119.190 dev eth0 label eth0:3
	192.168.119.191 dev eth0 label eth0:4
	192.168.119.192 dev eth0 label eth0:5
	}
	}

	#启动keepalived
	root@haproxyB:/etc/keepalived# systemctl enable keepalived --now

	root@haproxyA:~# cat /etc/haproxy/haproxy.cfg
	global
	log /dev/log local0
	log /dev/log local1 notice
	chroot /var/lib/haproxy
	stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
	stats timeout 30s
	user haproxy
	group haproxy
	daemon

	# Default SSL material locations
	ca-base /etc/ssl/certs
	crt-base /etc/ssl/private

	# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
	ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
	ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
	ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets

	defaults
	log global
	mode http
	option httplog
	option dontlognull
	timeout connect 5000
	timeout client 50000
	timeout server 50000
	errorfile 400 /etc/haproxy/errors/400.http
	errorfile 403 /etc/haproxy/errors/403.http
	errorfile 408 /etc/haproxy/errors/408.http
	errorfile 500 /etc/haproxy/errors/500.http
	errorfile 502 /etc/haproxy/errors/502.http
	errorfile 503 /etc/haproxy/errors/503.http
	errorfile 504 /etc/haproxy/errors/504.http

	listen harbor-80
	bind 192.168.119.189:80
	mode tcp
	server server1 192.168.119.10:80 check inter 3s fall 3 rise 3


	listen harbor-443
	bind 192.168.119.189:443
	mode tcp
	server server1 192.168.119.10:443 check inter 3s fall 3 rise 3