keepalived高可用
目录
keepalived实现nginx负载均衡机高可用
环境说明
| 主机名 | ip地址 | 系统信息 |
|---|---|---|
| master | 192.168.26.10 | centos8 |
| backup | 192.168.26.11 | centos8 |
| RS1 | 192.168.26.12 | centos8 |
| RS2 | 192.168.26.13 | centos8 |
配置web网站首页
RS1
//配置yum源
[root@RS1 ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo
[root@RS1 ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
[root@RS1 ~]# dnf clean all
//关闭防火墙和selinux
[root@RS1 ~]# setenforce 0
[root@RS1 ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
[root@RS1 ~]# systemctl disable --now firewalld
//安装httpd服务,主页内容为RS1
[root@RS1 ~]# dnf -y install httpd
[root@RS1 ~]# echo "RS1" > /var/www/html/index.html
[root@RS1 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
[root@RS1 ~]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
[root@RS1 ~]# curl 192.168.26.12
RS1
RS2
//配置yum源
[root@RS2 ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo
[root@RS2 ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
[root@RS2 ~]# dnf clean all
18 files removed
//关闭防火墙和selinux
[root@RS2 ~]# setenforce 0
[root@RS2 ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
[root@RS2 ~]# systemctl disable --now firewalld.service
//安装nginx服务,主页内容为RS2
[root@RS2 ~]# dnf -y install nginx
[root@RS2 ~]# echo "RS2" > /usr/share/nginx/html/index.html
[root@RS2 ~]# systemctl enable --now nginx
[root@RS2 ~]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:80 [::]:*
LISTEN 0 128 [::]:22 [::]:*
[root@RS2 ~]# curl 192.168.26.13
RS2
master端
//配置yum源
[root@master ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo
[root@master ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
[root@master ~]# dnf clean all
18 files removed
//关闭防火墙和selinux
[root@master ~]# setenforce 0
[root@master ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
[root@master ~]# systemctl disable --now firewalld.service
//安装nginx
[root@master ~]# dnf -y install nginx
//修改nginx配置文件,开启负载均衡
[root@master ~]# vim /etc/nginx/nginx.conf
http {
......
upstream web {
server 192.168.26.12 ;
server 192.168.26.13 ;
}
server {
.......
location / {
proxy_pass http://web ;
root html ;
}
}
}
//重启服务测试访问
[root@master ~]# curl 192.168.26.10
RS2
[root@master ~]# curl 192.168.26.10
RS1
[root@master ~]# curl 192.168.26.10
RS2
[root@master ~]# curl 192.168.26.10
RS1
backup
//配置yum源
[root@backup ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo
[root@backup ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
[root@backup ~]# dnf clean all
//关闭防火墙和selinux
[root@backup ~]# setenforce 0
[root@backup ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
[root@backup ~]# systemctl disable --now firewalld.service
//安装nginx
[root@backup ~]# dnf -y install nginx
//修改nginx配置文件,开启负载均衡
[root@backup ~]# vim /etc/nginx/nginx.conf
http {
......
upstream web {
server 192.168.26.12 ;
server 192.168.26.13 ;
}
server {
.......
location / {
proxy_pass http://web ;
root html ;
}
}
}
//重启服务测试访问
[root@backup ~]# systemctl restart nginx
[root@backup ~]# curl 192.168.26.11
RS1
[root@backup ~]# curl 192.168.26.11
RS2
[root@backup ~]# curl 192.168.26.11
RS1
[root@backup ~]# curl 192.168.26.11
RS2
部署keepalived高可用
master
//安装keepalived
[root@master ~]# yum -y install keepalived
[root@master ~]# vim /etc/keepalived/keepalived.conf
[root@master ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_instance VI_1 {
state MASTER
interface ens160
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass zhangdezhi
}
virtual_ipaddress {
192.168.26.250
}
}
virtual_server 192.168.26.250 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.26.10 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.26.11 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@master ~]# systemctl start keepalived
[root@master ~]# systemctl enable keepalived
[root@master ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:2b:1b:38 brd ff:ff:ff:ff:ff:ff
inet 192.168.26.10/24 brd 192.168.26.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet 192.168.26.250/32 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe2b:1b38/64 scope link
valid_lft forever preferred_lft forever
//通过虚拟ip访问
一定要把backup端的nginx服务关掉才能访问
[root@backup ~]# systemctl stop nginx
[root@backup ~]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
[root@master ~]# curl 192.168.26.250
RS2
[root@master ~]# curl 192.168.26.250
RS1
backup
//安装keepalived
[root@backup ~]# yum -y install keepalived
[root@backup ~]# vim /etc/keepalived/keepalived.conf
[root@backup ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
interface ens160
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass zhangdezhi
}
virtual_ipaddress {
192.168.26.250
}
}
virtual_server 192.168.26.250 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.26.10 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.26.11 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@backup ~]# systemctl start keepalived
[root@backup ~]# systemctl enable keepalived
让keepalived监控nginx负载均衡机
keepalived通过脚本来监控nginx负载均衡机的状态
在master上编写脚本
[root@master ~]# mkdir /scripts
[root@master ~]# cd /scripts/
[root@master scripts]# vim check_nginx.sh
#!/bin/bash
nginx_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bnginx\b'|wc -l)
if [ $nginx_status -lt 1 ];then
systemctl stop keepalived
fi
[root@master scripts]# chmod +x check_nginx.sh
[root@master scripts]# vim notify.sh
#!/bin/bash
VIP=$2
case "$1" in
master)
nginx_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bnginx\b'|wc -l)
if [ $nginx_status -lt 1 ];then
systemctl start nginx
fi
sendmail
;;
backup)
nginx_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bnginx\b'|wc -l)
if [ $nginx_status -gt 0 ];then
systemctl stop nginx
fi
;;
*)
echo "Usage:$0 master|backup VIP"
;;
esac
[root@master scripts]# chmod +x notify.sh
[root@master scripts]# ll
total 8
-rwxr-xr-x. 1 root root 142 Oct 8 11:55 check_nginx.sh
-rwxr-xr-x. 1 root root 451 Oct 8 11:56 notify.sh
在backup上编写脚本
[root@backup ~]# mkdir /scripts
[root@backup ~]# cd /scripts/
[root@backup scripts]# scp root@192.168.26.10:/scripts/notify.sh .
[root@backup scripts]# ll
total 4
-rwxr-xr-x. 1 root root 451 Oct 8 11:56 notify.sh
配置keepalived加入监控脚本的配置
master端
[root@master scripts]# vim /etc/keepalived/keepalived.conf
[root@master scripts]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_script nginx_check { //增加这一块
script "/scripts/check_nginx.sh"
interval 1
weight -20
}
vrrp_instance VI_1 {
state MASTER
interface ens160
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass zhangdezhi
}
virtual_ipaddress {
192.168.26.250
}
track_script {
nginx_check //增加这一块
}
notify_master "/scripts/notify.sh master 192.168.26.250"
}
virtual_server 192.168.26.250 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.26.10 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.26.11 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@master ~]# systemctl restart keepalived
backup端
backup无需检测nginx是否正常,当升级为MASTER时启动nginx,当降级为BACKUP时关闭
[root@backup scripts]# vim /etc/keepalived/keepalived.conf
[root@backup scripts]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
interface ens160
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass zhangdezhi
}
virtual_ipaddress {
192.168.26.250
}
notify_master "/scripts/notify.sh master 192.168.26.250" //增加这里
notify_backup "/scripts/notify.sh backup 192.168.26.250"
}
virtual_server 192.168.26.250 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.26.10 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.26.11 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@backup ~]# systemctl restart keepalived
测试
//master端,nginx服务出现异常
[root@master ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:2b:1b:38 brd ff:ff:ff:ff:ff:ff
inet 192.168.26.10/24 brd 192.168.26.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet 192.168.26.250/32 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe2b:1b38/64 scope link
valid_lft forever preferred_lft forever
[root@master ~]# curl 192.168.26.250
RS2
[root@master ~]# curl 192.168.26.250
RS1
[root@master ~]# systemctl stop nginx
[root@master ~]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vend>
Active: inactive (dead) since Sun 2022-10-09 08:40:45 EDT; 4s ago
Process: 2129 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exi>
Main PID: 2130 (code=exited, status=0/SUCCESS)
//backup成功转接vip
[root@backup ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:54:aa:ad brd ff:ff:ff:ff:ff:ff
inet 192.168.26.11/24 brd 192.168.26.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet 192.168.26.250/32 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe54:aaad/64 scope link
valid_lft forever preferred_lft forever
[root@backup ~]# curl 192.168.26.11
RS1
[root@backup ~]# curl 192.168.26.11
RS2
zabbix监控脑裂和主备切换
| 主机名 | ip地址 | 服务 | 系统信息 |
|---|---|---|---|
| zabbix | 192.168.26.131 | httpd mysql php zabbix | centos8 |
| master | 192.168.26.10 | nginx keepalived | centos8 |
| backup | 192.168.26.11 | nginx keepalived zabbix_agentd | centos8 |
| RS1 | 192.168.26.12 | httpd | centos8 |
| RS2 | 192.168.26.13 | nginx | centos8 |
部署zabbix
再部署好上面的高可用
在backup端安装zabbix_agentd监控项
//创建zabbix用户
[root@backup ~]# useradd -rMs /sbin/nologin zabbix
//安装依赖包
[root@backup ~]# dnf -y install make gcc gcc-c++ pcre-devel openssl openssl-devel wget
//下载zabbix软件包
[root@backup ~]# wget https://cdn.zabbix.com/zabbix/sources/stable/6.2/zabbix-6.2.2.tar.gz
//解压并进行安装
[root@backup ~]# tar -xf zabbix-6.2.2.tar.gz
[root@backup ~]# cd zabbix-6.2.2/
[root@backup zabbix-6.2.2]# ./configure --enable-agent
......
[root@backup zabbix-6.2.2]# make install
//修改配置文件
[root@backup ~]# cd /usr/local/etc/
[root@backup etc]# ls
zabbix_agentd.conf zabbix_agentd.conf.d
[root@backup etc]# vim zabbix_agentd.conf
………
Server=192.168.26.131
…………
ServerActive=192.168.26.131
…………
Hostname=backup
//启动zabbix_agentd服务
[root@backup ~]# zabbix_agentd
[root@backup ~]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 0.0.0.0:10050 0.0.0.0:*
LISTEN 0 128 [::]:80 [::]:*
LISTEN 0 128 [::]:22 [::]:*
在zabbix服务端这边,添加监控项,和报警
添加监控主机
写监控脚本
[root@backup ~]# cd /scripts/
[root@backup scripts]# vim check_keepalived.sh
[root@backup scripts]# cat check_keepalived.sh
#!/bin/bash
if [ `ip a show ens160 |grep 192.168.26.250|wc -l` -ne 0 ];then
echo "1"
else
echo "0"
fi
[root@backup scripts]# chmod +x check_keepalived.sh
//修改配置文件
[root@backup scripts]# vim /usr/local/etc/zabbix_agentd.conf
UnsafeUserParameters=1
UserParameter=check_keepalived,/bin/bash /scripts/check_keepalived.sh
//重启服务
[root@backup scripts]# pkill zbbix
[root@backup scripts]# zabbix_agentd
[root@backup scripts]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 0.0.0.0:10050 0.0.0.0:*
LISTEN 0 128 [::]:80 [::]:*
LISTEN 0 128 [::]:22 [::]:*
添加监控项
再来添加触发器
模拟主备切换
RS1
[root@master ~]# curl 192.168.26.250
RS2
[root@master ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:2b:1b:38 brd ff:ff:ff:ff:ff:ff
inet 192.168.26.10/24 brd 192.168.26.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet 192.168.26.250/32 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe2b:1b38/64 scope link
valid_lft forever preferred_lft forever
[root@master ~]# systemctl stop nginx.service
[root@master ~]# systemctl status keepalived.service
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vend>
Active: inactive (dead) since Sun 2022-10-09 18:37:40 EDT; 3s ago
Process: 2773 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exi>
Main PID: 2774 (code=exited, status=0/SUCCESS)
[root@backup ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:54:aa:ad brd ff:ff:ff:ff:ff:ff
inet 192.168.26.11/24 brd 192.168.26.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet 192.168.26.250/32 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe54:aaad/64 scope link
valid_lft forever preferred_lft forever
[root@backup ~]# curl 192.168.26.250
RS1
[root@backup ~]# curl 192.168.26.250
RS2
报警触发
keepalived实现haproxy负载均衡机高可用
环境说明
| 主机名 | ip地址 | 服务 | 系统信息 |
|---|---|---|---|
| master | 192.168.26.10 | haproxy keepalived | centos8 |
| backup | 192.168.26.11 | haproxy keepalived | centos8 |
| RS1 | 192.168.26.12 | httpd | centos8 |
| RS2 | 192.168.26.13 | nginx | centos8 |
首先部署好web界面
RS1
//配置yum源
[root@RS1 ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo
[root@RS1 ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
//关闭防火墙和selinux
[root@RS1 ~]# setenforce 0
[root@RS1 ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
[root@RS1 ~]# systemctl disable --now firewalld.service
//安装httpd服务,主页内容为RS1
[root@RS1 ~]# dnf -y install httpd
[root@RS1 ~]# echo "RS1" > /var/www/html/index.html
[root@RS1 ~]# systemctl enable --now httpd.service
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
[root@RS1 ~]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
[root@RS1 ~]# curl 192.168.26.12
RS1
RS2
//配置yum源
[root@RS2 ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo
[root@RS2 ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
//关闭防火墙和selinux
[root@RS2 ~]# setenforce 0
[root@RS2 ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
[root@RS2 ~]# systemctl disable --now firewalld.service
//安装nginx服务,主页内容为RS2
[root@RS2 ~]# dnf -y install nginx
[root@RS2 ~]# echo "RS2" > /usr/share/nginx/html/index.html
[root@RS2 ~]# systemctl enable --now nginx.service
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.
[root@RS2 ~]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:80 [::]:*
LISTEN 0 128 [::]:22 [::]:*
[root@RS2 ~]# curl 192.168.26.13
RS2
部署,haproxy负载均衡
master端
//关闭防火墙和selinux
[root@master ~]# setenforce 0
[root@master ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
[root@master ~]# systemctl disable --now firewalld.service
//创建用户
[root@master ~]# useradd -rMs /sbin/nologin haproxy
//下载依赖包
[root@master ~]# dnf -y install make gcc pcre-devel bzip2-devel openssl-devel systemd-devel wget vim
//下载haproxy压缩包
[root@master ~]# wget https://src.fedoraproject.org/repo/pkgs/haproxy/haproxy-2.6.0.tar.gz/sha512/7bb70bfb5606bbdac61d712bc510c5e8d5a5126ed8827d699b14a2f4562b3bd57f8f21344d955041cee0812c661350cca8082078afe2f277ff1399e461ddb7bb/haproxy-2.6.0.tar.gz
//解压并安装
[root@master haproxy-2.6.0]# make -j $(grep 'processor' /proc/cpuinfo |wc -l) \
> TARGET=linux-glibc \
> USE_OPENSSL=1 \
> USE_ZLIB=1 \
> USE_PCRE=1 \
> USE_SYSTEMD=1
[root@master haproxy-2.6.0]# make install PREFIX=/usr/local/haproxy
//复制命令到/usr/sbin目录下
[root@master haproxy-2.6.0]# cp haproxy /usr/sbin/
//修改内核参数
[root@master ~]# vim /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
[root@master ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
//修改配置文件
[root@master ~]# mkdir /etc/haproxy
[root@master ~]# vim /etc/haproxy/haproxy.cfg
[root@master ~]# cat /etc/haproxy/haproxy.cfg
global
daemon
maxconn 256
defaults
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
frontend http-in
bind *:80
default_backend servers
backend servers
server web01 192.168.26.12:80
server web02 192.168.26.13:80
//编写service文件,并启动服务
[root@master ~]# vim /usr/lib/systemd/system/haproxy.service
[root@master ~]# cat /usr/lib/systemd/system/haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target
[Service]
ExecStartPre=/usr/local/haproxy/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
ExecStart=/usr/local/haproxy/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
[Install]
WantedBy=multi-user.target
[root@master ~]# systemctl daemon-reload
[root@master ~]# systemctl start haproxy.service
[root@master ~]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
//查看负载均衡效果
[root@master ~]# curl 192.168.26.10
RS1
[root@master ~]# curl 192.168.26.10
RS2
[root@master ~]# curl 192.168.26.10
RS1
[root@master ~]# curl 192.168.26.10
RS2
backup端
//关闭防火墙和selinux
[root@backup ~]# setenforce 0
[root@backup ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
[root@backup ~]# systemctl disable --now firewalld.service
//创建用户
[root@backup ~]# useradd -rMs /sbin/nologin haproxy
//下载依赖包
[root@backup ~]# dnf -y install make gcc pcre-devel bzip2-devel openssl-devel systemd-devel wget vim
//下载haproxy压缩包
[root@backup ~]# wget https://src.fedoraproject.org/repo/pkgs/haproxy/haproxy-2.6.0.tar.gz/sha512/7bb70bfb5606bbdac61d712bc510c5e8d5a5126ed8827d699b14a2f4562b3bd57f8f21344d955041cee0812c661350cca8082078afe2f277ff1399e461ddb7bb/haproxy-2.6.0.tar.gz
//解压并安装
[root@backup haproxy-2.6.0]# make -j $(grep 'processor' /proc/cpuinfo |wc -l) \
> TARGET=linux-glibc \
> USE_OPENSSL=1 \
> USE_ZLIB=1 \
> USE_PCRE=1 \
> USE_SYSTEMD=1
[root@backup haproxy-2.6.0]# make install PREFIX=/usr/local/haproxy
//复制命令到/usr/sbin目录下
[root@backup haproxy-2.6.0]# cp haproxy /usr/sbin/
//修改内核参数
[root@backup ~]# vim /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
[root@backup haproxy-2.6.0]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
//修改配置文件
[root@backup ~]# mkdir /etc/haproxy
[root@backup ~]# vim /etc/haproxy/haproxy.cfg
[root@backup ~]# cat /etc/haproxy/haproxy.cfg
global
daemon
maxconn 256
defaults
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
frontend http-in
bind *:80
default_backend servers
backend servers
server web01 192.168.26.12:80
server web02 192.168.26.13:80
//编写service文件,并启动服务
[root@backup ~]# vim /usr/lib/systemd/system/haproxy.service
[root@backup ~]# cat /usr/lib/systemd/system/haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target
[Service]
ExecStartPre=/usr/local/haproxy/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
ExecStart=/usr/local/haproxy/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
[Install]
WantedBy=multi-user.target
[root@backup ~]# systemctl daemon-reload
[root@backup ~]# systemctl start haproxy.service
[root@backup ~]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
//查看负载均衡效果
[root@backup ~]# curl 192.168.26.11
RS1
[root@backup ~]# curl 192.168.26.11
RS2
[root@backup ~]# curl 192.168.26.11
RS1
[root@backup ~]# curl 192.168.26.11
RS2
//backup端的负载均衡器最好关掉
[root@backup ~]# systemctl stop haproxy.service
开始部署keepalived高可用
master 端配置
//首先安装keepalived
[root@master ~]# dnf -y install keepalived
//编辑配置文件,并启动服务
[root@master ~]# vim /etc/keepalived/keepalived.conf
[root@master ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_instance VI_1 {
state MASTER
interface ens160
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.26.250
}
}
virtual_server 192.168.26.250 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.26.10 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.26.11 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@master ~]# systemctl enable --now keepalived.service
Created symlink /etc/systemd/system/multi-user.target.wants/keepalived.service → /usr/lib/systemd/system/keepalived.service.
//通过虚拟ip访问
[root@master ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:2b:1b:38 brd ff:ff:ff:ff:ff:ff
inet 192.168.26.10/24 brd 192.168.26.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet 192.168.26.250/32 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe2b:1b38/64 scope link
valid_lft forever preferred_lft forever
[root@master ~]# curl 192.168.26.250
RS1
[root@master ~]# curl 192.168.26.250
RS2
[root@master ~]# curl 192.168.26.250
RS1
[root@master ~]# curl 192.168.26.250
RS2
backup端
//首先安装keepalived
[root@backup ~]# dnf -y install keepalived
//编辑配置文件,并启动服务
[root@backup ~]# vim /etc/keepalived/keepalived.conf
[root@backup ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
interface ens160
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.26.250
}
}
virtual_server 192.168.26.250 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.26.10 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.26.11 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@backup ~]# systemctl enable --now keepalived.service
Created symlink /etc/systemd/system/multi-user.target.wants/keepalived.service → /usr/lib/systemd/system/keepalived.service.
编写脚本
master端
[root@master ~]# mkdir /scripts
[root@master ~]# cd /scripts/
[root@master scripts]# vim check_haproxy.sh
[root@master scripts]# cat check_haproxy.sh
#!/bin/bash
haproxy_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bhaproxy\b'|wc -l)
if [ $haproxy_status -lt 1 ];then
systemctl stop keepalived
fi
[root@master scripts]# vim notify.sh
[root@master scripts]# cat notify.sh
#!/bin/bash
VIP=$2
case "$1" in
master)
haproxy_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bhaproxy\b'|wc -l)
if [ $haproxy_status -lt 1 ];then
systemctl start haproxy
fi
;;
backup)
haproxy_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bhaproxy\b'|wc -l)
if [ $haproxy_status -gt 0 ];then
systemctl stop haproxy
[root@master scripts]# chmod +x check_haproxy.sh notify.sh
[root@master scripts]# ll
total 8
-rwxr-xr-x. 1 root root 148 Oct 9 20:48 check_haproxy.sh
-rwxr-xr-x. 1 root root 377 Oct 9 20:48 notify.sh
backup端
[root@backup ~]# mkdir /scripts
[root@backup ~]# cd /scripts/
[root@backup scripts]# scp root@192.168.26.10:/scripts/notify.sh .
The authenticity of host '192.168.26.10 (192.168.26.10)' can't be established.
ECDSA key fingerprint is SHA256:byoKSQZ3ZjLOFT0RGTkPB20XCMYYI7KBlKRDQSfIY5s.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.26.10' (ECDSA) to the list of known hosts.
root@192.168.26.10's password:
notify.sh 100% 377 393.6KB/s 00:00
[root@backup scripts]# ll
total 4
-rwxr-xr-x. 1 root root 377 Oct 10 16:50 notify.sh
配置keepalived加入监控脚本的配置
master端
[root@master ~]# vim /etc/keepalived/keepalived.conf
[root@master ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_script haproxy_check {
script "/scripts/check_haproxy.sh"
interval 1
weight -20
}
vrrp_instance VI_1 {
state MASTER
interface ens160
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.26.250
}
track_script {
haproxy_check
}
notify_master "/scripts/notify.sh master 192.168.26.250"
}
virtual_server 192.168.26.250 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.26.10 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.26.11 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@master ~]# systemctl restart keepalived.service
backup端
backup无需检测nginx是否正常,当升级为MASTER时启动nginx,当降级为BACKUP时关闭
[root@backup scripts]# vim /etc/keepalived/keepalived.conf
[root@backup scripts]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
interface ens160
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.26.250
}
notify_master "/scripts/notify.sh master 192.168.26.250"
notify_backup "/scripts/notify.sh backup 192.168.26.250"
}
virtual_server 192.168.26.250 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.26.10 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.26.11 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@backup scripts]# systemctl restart keepalived.service
测试,模拟haproxy服务故障
//master端
[root@master ~]# curl 192.168.26.250
RS1
[root@master ~]# curl 192.168.26.250
RS2
[root@master ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:2b:1b:38 brd ff:ff:ff:ff:ff:ff
inet 192.168.26.10/24 brd 192.168.26.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet 192.168.26.250/32 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe2b:1b38/64 scope link
valid_lft forever preferred_lft forever
[root@master ~]# systemctl stop haproxy
[root@master ~]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
[root@master ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:2b:1b:38 brd ff:ff:ff:ff:ff:ff
inet 192.168.26.10/24 brd 192.168.26.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe2b:1b38/64 scope link
valid_lft forever preferred_lft forever
//backup端
[root@backup ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:54:aa:ad brd ff:ff:ff:ff:ff:ff
inet 192.168.26.11/24 brd 192.168.26.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet 192.168.26.250/32 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe54:aaad/64 scope link
valid_lft forever preferred_lft forever
[root@backup ~]# curl 192.168.26.250
RS1
[root@backup ~]# curl 192.168.26.250
RS2
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!
· 没有Manus邀请码?试试免邀请码的MGX或者开源的OpenManus吧
· 【自荐】一款简洁、开源的在线白板工具 Drawnix
· 园子的第一款AI主题卫衣上架——"HELLO! HOW CAN I ASSIST YOU TODAY
· Docker 太简单,K8s 太复杂?w7panel 让容器管理更轻松!