Skip to content

Latest commit

 

History

History
166 lines (157 loc) · 4.11 KB

03.keepalived+haproxy负载.md

File metadata and controls

166 lines (157 loc) · 4.11 KB
Raw

安装Haproxy Keepalived 高可用组件

一、安装Keepalived

keepalived 是一主(master)多备(backup)运行模式,故有两种类型的配置文件。master 配置文件只有一份,backup 配置文件视节点数目而定,对于本文档而言,规划如下:

  • master: 192.168.133.128
  • backup:192.168.133.129、192.168.133.130

1.1 安装haproxykeepalived

$ export NODE_IPS=(192.168.133.128 192.168.133.129 192.168.133.130)
$ for node_ip in ${NODE_IPS[@]}
  do
    echo ">>> ${node_ip}"
    ssh root@${node_ip} "yum install -y keepalived haproxy"
  done

1.2 master配置文件

$ export VIP_IF=ens33
$ export MASTER_VIP=192.168.133.200

$ cat  > /tmp/keepalived-master.conf <<EOF
global_defs {
    router_id lb-master-105
}

vrrp_script check-haproxy {
    script "killall -0 haproxy"
    interval 5
    weight -30
}

vrrp_instance VI-kube-master {
    state MASTER
    priority 120
    dont_track_primary
    interface ${VIP_IF}
    virtual_router_id 68
    advert_int 3
    track_script {
        check-haproxy
    }
    virtual_ipaddress {
        ${MASTER_VIP}
    }
}
EOF
  • VIP_IF 表示虚拟IP(VIP)绑定网卡名称;
  • MASTER_VIP 指定虚拟IP(VIP)地址;

1.2 backup配置文件

$ cat  > /tmp/keepalived-backup.conf <<EOF
global_defs {
    router_id lb-backup-105
}

vrrp_script check-haproxy {
    script "killall -0 haproxy"
    interval 5
    weight -30
}

vrrp_instance VI-kube-master {
    state BACKUP
    priority 110
    dont_track_primary
    interface ${VIP_IF}
    virtual_router_id 68
    advert_int 3
    track_script {
        check-haproxy
    }
    virtual_ipaddress {
        ${MASTER_VIP}
    }
}
EOF

1.3 分发master配置文件

$ scp /tmp/keepalived-master.conf [email protected]:/etc/keepalived/keepalived.conf

1.4 分发backup配置文件

$ scp /tmp/keepalived-backup.conf [email protected]:/etc/keepalived/keepalived.conf
$ scp /tmp/keepalived-backup.conf [email protected]:/etc/keepalived/keepalived.conf

提示:
由于是2台backup,请自行修改 priority ;

1.5 启动keepalived服务

$ export NODE_IPS=(192.168.133.128 192.168.133.129 192.168.133.130)
$ for node_ip in ${NODE_IPS[@]}
  do
    echo ">>> ${node_ip}"
    ssh root@${node_ip} "systemctl restart keepalived && systemctl enable keepalived"
  done

二、安装HAPROXY

2.1 生成haproxy配置文件

$ cat > /tmp/haproxy.cfg <<EOF
global
    daemon
    nbproc 8
    user haproxy
    group haproxy
    maxconn 20000
    spread-checks 3
    log 127.0.0.1 local0 warning
    chroot /var/lib/haproxy
    pidfile /var/lib/haproxy/haproxy.pid

defaults
    mode http
    retries 3
    log global
    maxconn  30000
    option httplog
    option dontlognull
    option http-server-close
    option redispatch
    timeout queue 1m
    timeout check 10s
    timeout connect 5000ms
    timeout client 50000ms
    timeout server 50000ms
    timeout http-request 10s
    timeout http-keep-alive 10s
    option forwardfor except 127.0.0.0/8

listen admin_stats
    mode http
    bind 0.0.0.0:1080
    log 127.0.0.1 local0 err
    stats enable
    stats hide-version
    stats uri /status
    stats realm Haproxy\ Statistics
    stats auth admin:admin
    stats admin if TRUE

listen kube-master
    bind 0.0.0.0:8443
    mode tcp
    option tcplog
    balance source
    server 192.168.133.128 192.168.133.128:6443 check inter 2000 fall 2 rise 2 weight 1
    server 192.168.133.129 192.168.133.129:6443 check inter 2000 fall 2 rise 2 weight 1
    server 192.168.133.130 192.168.133.130:6443 check inter 2000 fall 2 rise 2 weight 1
EOF

2.2 分发配置并重启服务

$ export NODE_IPS=(192.168.133.128 192.168.133.129 192.168.133.130)
$ for node_ip in ${NODE_IPS[@]}
  do
    echo ">>> ${node_ip}"
    scp /tmp/haproxy.cfg root@${node_ip}:/etc/haproxy
    ssh root@${node_ip} "systemctl daemon-reload && systemctl enable haproxy && systemctl restart haproxy"
  done

提示:
建议通过火狐、IE浏览器打开haproxy状态页面,不要使用谷歌浏览器,在测试发现谷歌浏览器弹不出基础认证窗口。