web集群(haproxy负载均衡+keepalived高可用)
| 主机名 | 主机 | IP地址 |
|---|---|---|
| lvs1 | haproxy+keepalived | 192.168.88.38 |
| proxy | haproxy+keepalived | 192.168.88.66 |
| web1 | nginx | 192.168.88.10 |
| web2 | nginx | 192.168.88.20 |
配置lvs1,proxy
安装haproxy
shell
[root@lvs1 ~]# yum -y install haproxy
[root@lvs1 ~]# vim /etc/haproxy/haproxy.cfg
[root@lvs1 ~]# cat /etc/haproxy/haproxy.cfg
global
#log 127.0.0.1 local2
log /dev/log local0 info
log /dev/log local0 notice
#chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
nbproc 1
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
listen stats
bind *:9000
mode http
stats enable
stats hide-version
stats uri /stats
stats refresh 30s
stats realm Haproxy\ Statistics
stats auth admin:admin
listen web 0.0.0.0:80
balance roundrobin balance roundrobin #负载均衡调度算法
server web1 192.168.88.10:80 check inter 2000 fall 3
check inter 2000 fall 3 #表示启用对此后端服务器执行健康检查,设置健康状态检查的时间间隔,单位为毫秒连续三次检测不到心跳频率则认为该节点失效
server web2 192.168.88.20:80 check inter 2000 fall 3
[root@lvs1 ~]# systemctl start haproxy.service
proxy主机步骤如上安装keepalived
shell
#主节点
[root@lvs1 ~]# yum -y install keepalived
[root@lvs1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
# 通知邮件服务器的配置
notification_email {
# 当master失去VIP或则VIP的时候,会发一封通知邮件到your-email@qq.com
your-email@qq.com
}
# 发件人信息
notification_email_from keepalived@qq.com
# 邮件服务器地址
smtp_server 127.0.0.1
# 邮件服务器超时时间
smtp_connect_timeout 30
# 邮件TITLE
router_id lvs1
}
vrrp_script check_nginx {
#检查haproxy宕机,关闭keepalived服务
script "/etc/keepalived/check_haproxy.sh"
interval 3
}
vrrp_instance VI_1 {
# 主机: MASTER
# 备机: BACKUP
state MASTER
# 实例绑定的网卡, 用ip a命令查看网卡编号
interface ens37
# 虚拟路由标识,这个标识是一个数字(1-255),在一个VRRP实例中主备服务器ID必须一样
virtual_router_id 88
# 优先级,数字越大优先级越高,在一个实例中主服务器优先级要高于备服务器
priority 90
# 主备之间同步检查的时间间隔单位秒
advert_int 1
# 验证类型和密码
authentication {
# 验证类型有两种 PASS和HA
auth_type PASS
# 验证密码,在一个实例中主备密码保持一样
auth_pass 11111111
}
# 虚拟IP地址,可以有多个,每行一个
virtual_ipaddress {
192.168.88.88/24
}
track_script {
check_nginx
}
}
[root@lvs1 ~]# systemctl start keepalived
#从节点
[root@proxy ~]# yum -y install keepalived
[root@proxy ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
# 通知邮件服务器的配置
notification_email {
# 当master失去VIP或则VIP的时候,会发一封通知邮件到your-email@qq.com
your-email@qq.com
}
# 发件人信息
notification_email_from keepalived@qq.com
# 邮件服务器地址
smtp_server 127.0.0.1
# 邮件服务器超时时间
smtp_connect_timeout 30
# 邮件TITLE
router_id proxy
}
vrrp_script check_nginx {
script "/etc/keepalived/check_nginx.sh"
interval 3
}
vrrp_instance VI_1 {
# 主机: MASTER
# 备机: BACKUP
state BACKUP
# 实例绑定的网卡, 用ip a命令查看网卡编号
interface ens37
# 虚拟路由标识,这个标识是一个数字(1-255),在一个VRRP实例中主备服务器ID必须一样
virtual_router_id 88
# 优先级,数字越大优先级越高,在一个实例中主服务器优先级要高于备服务器
priority 80
# 主备之间同步检查的时间间隔单位秒
advert_int 1
# 验证类型和密码
authentication {
# 验证类型有两种 PASS和HA
auth_type PASS
# 验证密码,在一个实例中主备密码保持一样
auth_pass 11111111
}
# 虚拟IP地址,可以有多个,每行一个
virtual_ipaddress {
192.168.88.88/24
}
track_script {
check_nginx
}
}
[root@proxy ~]# systemctl start keepalived验证
shell
此时使用ip a查看,vip地址在主节点上
[root@lvs1 ~]# ip a
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:48:b3:7b brd ff:ff:ff:ff:ff:ff
inet 192.168.88.38/24 brd 192.168.88.255 scope global noprefixroute ens37
valid_lft forever preferred_lft forever
inet 192.168.88.88/24 scope global secondary ens37
valid_lft forever preferred_lft forever
inet6 fe80::dbb5:b534:a44a:a21/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@lvs1 ~]# curl 192.168.88.88
test2
[root@lvs1 ~]# curl 192.168.88.88
test1
[root@lvs1 ~]# curl 192.168.88.88
test1
[root@lvs1 ~]# curl 192.168.88.88
test2
假如把主节点的haproxy服务关闭,查看keepalived是否会自动关闭,并且把vip地址漂浮到从节点
[root@lvs1 ~]# systemctl status keepalived.service
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Active: active (running) since 日 2024-03-17 23:35:28 CST; 24min ago
[root@lvs1 ~]# systemctl stop haproxy.service
[root@lvs1 ~]# systemctl status keepalived.service
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
[root@lvs1 ~]# ip a
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:48:b3:7b brd ff:ff:ff:ff:ff:ff
inet 192.168.88.38/24 brd 192.168.88.255 scope global noprefixroute ens37
valid_lft forever preferred_lft forever
inet6 fe80::dbb5:b534:a44a:a21/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@proxy ~]# ip a
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:e4:cd:ac brd ff:ff:ff:ff:ff:ff
inet 192.168.88.66/24 brd 192.168.88.255 scope global noprefixroute ens37
valid_lft forever preferred_lft forever
inet 192.168.88.88/24 scope global secondary ens37
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fee4:cdac/64 scope link
valid_lft forever preferred_lft forever
发现配置的检查haproxy脚本生效,vip地址也漂浮到了proxy从节点上
[root@ceph01 ~]# curl 192.168.88.88
test2
[root@ceph01 ~]# curl 192.168.88.88
test1
[root@ceph01 ~]# curl 192.168.88.88
test1
[root@ceph01 ~]# curl 192.168.88.88
test2总结
通过以上验证,实现了使用haproxy来达到负载均衡的效果,keepalived来达到HA的效果。保证的web集群正常访问