Keepalived + Haproxy 实现高可用负载均衡架构
实验环境:
| Host | IP |
|---|---|
| Web1 | 192.168.116.103 |
| Web2 | 192.168.116.104 |
| Haproxy-Master | 192.168.116.105 |
| Haproxy-Backup | 192.168.116.106 |
| VIP | 192.168.116.110 |
实验步骤:
1. 部署 Web 服务器
-
安装 Nginx、Apache 都可以
-
这里我们安装Nginx,参考https://blog.csdn.net/RunzIyy/article/details/104822655
-
Web1 编写验证文件、启动服务、验证
echo 'This is a Web1-Master ' > /usr/local/nginx/html/index.htmlnginxcurl 192.168.116.103
This is a Web1-Master
- Web2 编写验证文件、启动服务、验证
echo 'This is a Web2-Backup ' > /usr/local/nginx/html/index.htmlnginxcurl 192.168.116.103
This is a Web2-Backup
2. 部署 Haproxy
1) 安装Haproxy
- 解决依赖关系
[root@localhost ~]# yum -y install pcre-devel bzip2-devel
- 源码安装
- 安装时需要制定内核版本号
[root@localhost ~]# tar -zxf haproxy-1.4.24.tar.gz -C /usr/src/
[root@localhost ~]# cd /usr/src/haproxy-1.4.24/
[root@localhost haproxy-1.4.24]# uname -r
3.10.0-862.el7.x86_64
[root@localhost haproxy-1.4.24]# make TARGET=linux3.10 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
2) 优化路径
- 优化sbin下的脚本
[root@localhost ~]# ln -s /usr/local/haproxy/sbin/* /usr/sbin
- 创建 Haproxy 配置文件目录
[root@localhost ~]# mkdir /etc/haproxy
- copy haproxy 配置文件模板
[root@localhost ~]# cp /usr/src/haproxy-1.4.24/examples/haproxy.cfg /etc/haproxy/
- copy haproxy 启动脚本
[root@localhost ~]# cp /usr/src/haproxy-1.4.24/examples/haproxy.init /etc/init.d/haproxy # 赋予执行权限且将haproxy加入 系统管理工具中
[root@localhost ~]# chmod +x /etc/init.d/haproxy
[root@localhost ~]# chkconfig --add haproxy3) 修改 Haproxy 配置文件
- Haproxy-Master
[root@localhost ~]# vim /etc/haproxy/haproxy.cfg # this config needs haproxy-1.1.28 or haproxy-1.2.1globallog 127.0.0.1 local0log 127.0.0.1 local1 notice#log loghost local0 infomaxconn 4096chroot /usr/local/haproxy # 指定Haproxy 家目录uid 99 # 运行用户 UIDgid 99daemon#debug#quietdefaultslog globalmode httpoption httplogoption dontlognullretries 3redispatchmaxconn 2000contimeout 5000clitimeout 50000srvtimeout 50000
# 26之后全部删除,手动编写
listen webserver 192.168.116.110:80 # haproxy监听的地址与端口balance roundrobin # 指定轮询方式option httpchk GET /index.html # 后端服务器,健康检查server web_one 192.168.116.103:80 check inter 2000 rise 3 fall 3server web_two 192.168.116.104:80 check inntr 2000 rise 3 fall 3# 监听的节点信息# web_one 节点name,IP:port #check 开启节点健康检查 #inter 2000 每隔 2000毫秒进行一个jiance# rise 3 fall 后端建立成功的次数,和失败的次数, 如果三次健康检查都失败的话则将该 web 服务区踢出负载群集# 还可以添加 weight(权重) maxconn(最大连接) backup(使当前节点为备份节点)- haproxy-Backup
[root@localhost ~]# vim /etc/haproxy/haproxy.cfg # this config needs haproxy-1.1.28 or haproxy-1.2.1globallog 127.0.0.1 local0log 127.0.0.1 local1 notice#log loghost local0 infomaxconn 4096chroot /usr/local/haproxy # 指定Haproxy 家目录uid 99 # 运行用户 UIDgid 99daemon#debug#quietdefaultslog globalmode httpoption httplogoption dontlognullretries 3redispatchmaxconn 2000contimeout 5000clitimeout 50000srvtimeout 50000
# 26之后全部删除,手动编写
listen webserver 192.168.116.110:80 # haproxy监听的地址与端口balance roundrobin # 指定轮询方式option httpchk GET /index.html # 后端服务器,健康检查server web_one 192.168.116.103:80 check inter 2000 rise 3 fall 3server web_two 192.168.116.104:80 check inter 2000 rise 3 fall 3# 监听的节点信息3. 部署 Keepalived
1) 安装 Keepalived
- 解决依赖关系
[root@localhost ~]# yum -y install popt-devel kernel-devel openssl-devel
- 源码安装
[root@localhost ~]# tar -zxf keepalived-1.2.13.tar.gz -C /usr/src/
[root@localhost ~]# cd /usr/src/keepalived-1.2.13/
[root@localhost keepalived-1.2.13]# ./configure --prefix=/ --with-kernel-dir=/usr/src/kernel && make && make install
2) 修改配置文件
- Haproxy 本身会检查各节点的信息,所以不需要配置节点信息
- Haproxy-Master
! Configuration File for keepalivedglobal_defs {
notification_email {
acassen@firewall.locfailover@firewall.locsysadmin@firewall.loc}notification_email_from Alexandre.Cassen@firewall.locsmtp_server 192.168.200.1smtp_connect_timeout 30router_id LVS_DEVEL-R1
}vrrp_instance VI_1 {
state MASTERinterface ens33virtual_router_id 51priority 100advert_int 1authentication {
auth_type PASSauth_pass 1111}virtual_ipaddress {
192.168.116.110}
}- Haproxy-Backup
global_defs {
notification_email {
acassen@firewall.locfailover@firewall.locsysadmin@firewall.loc}notification_email_from Alexandre.Cassen@firewall.locsmtp_server 192.168.200.1smtp_connect_timeout 30router_id LVS_DEVEL-R2 # 修改
}vrrp_instance VI_1 {
state BACKUP # 修改interface ens33virtual_router_id 51priority 100advert_int 1authentication {
auth_type PASSauth_pass 1111}virtual_ipaddress {
192.168.116.110}
}4. 启动服务
-
由于Haproxy 监听的是虚拟地址, 不存在的,只有当 Keepalived 先启动,生成虚拟IP地址,Haproxy 才可以正常启动
-
Haproxy-Master
[root@localhost ~]# service keepalived start
Starting keepalived (via systemctl): [ 确定 ][root@localhost ~]# systemctl start haproxy
-
Haproxy-Backup Keepalived 不生成虚拟IP地址,haproxy 则无法启动,那该怎么办呢
-
这里呢我们需要手写一个脚本文件
-
编写监控192.168.116.110 VIP 是否生成
- haproxy 两台都需要添加哦
[root@localhost ~]# vim haproxy_run.sh#! /bin/baship add | grep 192.168.116.110 > /dev/nullif [ `echo $?` -eq 0 ];thensystemctl start haproxy
elsesystemctl stop haproxy
fi- 赋予执行权限
[root@localhost ~]# chmod +x /root/haproxy_run.sh
- Keepalived 添加脚本并进行监控
vrrp_script chk_haproxy_run {
script "/root/haproxy_run.sh"interval 2weight
} vrrp_instance VI_1 {
state MASTERinterface ens33virtual_router_id 51priority 100advert_int 1authentication {
auth_type PASSauth_pass 1111} track_script {
chk_haproxy_run} virtual_ipaddress {
192.168.116.110}
}
- Haproxy-Backup
[root@localhost ~]# vim haproxy_run.sh#! /bin/baship add | grep 192.168.116.110 > /dev/nullif [ `echo $?` -eq 0 ];thensystemctl start haproxy
elsesystemctl stop haproxy
fi[root@localhost ~]# chmod +x /root/haproxy_run.sh
- 添加 Keepalived
vrrp_script chk_haproxy_run {
script "/root/haproxy_run.sh"interval 2 weight 2
}
vrrp_instance VI_1 {
state BACKUPinterface ens33virtual_router_id 51priority 100advert_int 1authentication {
auth_type PASSauth_pass 1111} track_script {
chk_haproxy_run} virtual_ipaddress {
192.168.116.110}
} - 重启 Keepalived 服务
[root@localhost ~]# service keepalived restart
Restarting keepalived (via systemctl): [ OK ]- 可以关闭 主 Keepalived 测试
[root@localhost ~]# curl 192.168.116.110
This is a Web1-Master
[root@localhost ~]# curl 192.168.116.110
This is a Web2-Backup