搭建高可用負(fù)載均衡器: haproxy+keepalived

企業(yè)業(yè)務(wù)量比較小的時(shí)候,單臺(tái)服務(wù)器就可以滿足業(yè)務(wù)需要了。但是隨著業(yè)務(wù)發(fā)展,單服務(wù)器的問題就凸顯出來了:

  • 當(dāng)服務(wù)器掛掉時(shí),業(yè)務(wù)就會(huì)中斷
  • 當(dāng)業(yè)務(wù)量增加,單臺(tái)服務(wù)器性能變差,如何透明的擴(kuò)展服務(wù)器和帶寬,增加服務(wù)器吞吐量

負(fù)載均衡器可以解決以上問題

1 負(fù)載均衡器拓?fù)鋱D

loadbalancer.png

本文會(huì)根據(jù)拓?fù)鋱D,用haproxy和keepalived搭建一個(gè)負(fù)載均衡器

2 準(zhǔn)備

2.1 準(zhǔn)備環(huán)境

準(zhǔn)備5臺(tái)CentOS7.3主機(jī)和一個(gè)VIP地址:

  • 準(zhǔn)備一個(gè)可用IP用作虛擬IP(VIP):
    • VIP: 192.168.1.100
  • 負(fù)載均衡器會(huì)用到2臺(tái)主機(jī),一主一備的架構(gòu)
    • lb1(默認(rèn)為主): 192.168.1.101
    • lb2(默認(rèn)為備): 192.168.1.102
  • 后端服務(wù)器集群中主機(jī)的IP地址
    • s1: 192.168.1.2
    • s2: 192.168.1.3
    • s3: 192.168.1.4

2.2 主機(jī)配置

2.2.1 所有主機(jī)上關(guān)閉防火墻

systemctl stop firewalld
systemctl disable firewalld

2.2.2 所有主機(jī)關(guān)閉selinux

setenforce 0
vi /etc/selinux/config
SELINUX=disabled

2.3 安裝haproxy和keepalived

lb1和lb2上安裝haproxy和keepalived

yum install haproxy keepalived -y

2.4 安裝nginx(可略過)

s1 s2 s3上安裝nginx,目的是把nginx作為后端,如果有其他后端程序,這一步可以省略

yum install epel-release -y
yum install nginx -y

2.5 配置keepalived

Keepalived是基于VRRP(Virtual Router Redundancy Protocol,虛擬路由冗余協(xié)議)實(shí)現(xiàn)的一個(gè)高可用方案,通過VIP(虛擬IP)和心跳檢測(cè)來實(shí)現(xiàn)高可用

Keepalived有兩個(gè)角色,Master和Backup。一般會(huì)是1個(gè)Master,多個(gè)Backup。

Master會(huì)綁定VIP到自己網(wǎng)卡上,對(duì)外提供服務(wù)。Master和Backup會(huì)定時(shí)確定對(duì)方狀態(tài),當(dāng)Master不可用的時(shí)候,Backup會(huì)通知網(wǎng)關(guān),并把VIP綁定到自己的網(wǎng)卡上,實(shí)現(xiàn)服務(wù)不中斷,高可用

2.5.1 配置Master

編輯lb1(192.168.1.101)上的/etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {
   # 通知郵件服務(wù)器的配置
   notification_email {
     # 當(dāng)master失去VIP或則VIP的時(shí)候,會(huì)發(fā)一封通知郵件到y(tǒng)our-email@qq.com
     your-email@qq.com
   }
   # 發(fā)件人信息
   notification_email_from keepalived@qq.com
   # 郵件服務(wù)器地址
   smtp_server 127.0.0.1
   # 郵件服務(wù)器超時(shí)時(shí)間
   smtp_connect_timeout 30
   # 郵件TITLE
   router_id LVS_DEVEL
}

vrrp_instance VI_1 {
    # 主機(jī): MASTER
    # 備機(jī): BACKUP
    state MASTER
    # 實(shí)例綁定的網(wǎng)卡, 用ip a命令查看網(wǎng)卡編號(hào)
    interface eno16777984
    # 虛擬路由標(biāo)識(shí),這個(gè)標(biāo)識(shí)是一個(gè)數(shù)字(1-255),在一個(gè)VRRP實(shí)例中主備服務(wù)器ID必須一樣
    virtual_router_id 88
    # 優(yōu)先級(jí),數(shù)字越大優(yōu)先級(jí)越高,在一個(gè)實(shí)例中主服務(wù)器優(yōu)先級(jí)要高于備服務(wù)器
    priority 100
    # 主備之間同步檢查的時(shí)間間隔單位秒
    advert_int 1
    # 驗(yàn)證類型和密碼
    authentication {
        # 驗(yàn)證類型有兩種 PASS和HA
        auth_type PASS
        # 驗(yàn)證密碼,在一個(gè)實(shí)例中主備密碼保持一樣
        auth_pass 11111111
    }
    # 虛擬IP地址,可以有多個(gè),每行一個(gè)
    virtual_ipaddress {
        192.168.1.100
    }
}

virtual_server 192.168.1.100 443 {
    # 健康檢查時(shí)間間隔
    delay_loop 6
    # 調(diào)度算法
    # Doc: http://www.keepalived.org/doc/scheduling_algorithms.html
    # Round Robin (rr)
    # Weighted Round Robin (wrr)
    # Least Connection (lc)
    # Weighted Least Connection (wlc)
    # Locality-Based Least Connection (lblc)
    # Locality-Based Least Connection with Replication (lblcr)
    # Destination Hashing (dh)
    # Source Hashing (sh)
    # Shortest Expected Delay (seq)
    # Never Queue (nq)
    # Overflow-Connection (ovf)
    lb_algo rr
    lb_kind NAT
    persistence_timeout 50
    protocol TCP
    # 通過調(diào)度算法把Master切換到真實(shí)的負(fù)載均衡服務(wù)器上
    # 真實(shí)的主機(jī)會(huì)定期確定進(jìn)行健康檢查,如果MASTER不可用,則切換到備機(jī)上
    real_server 192.168.1.101 443 {
        weight 1
        TCP_CHECK {
            # 連接超端口
            connect_port 443
            # 連接超時(shí)時(shí)間
            connect_timeout 3
        }
    }
    real_server 192.168.1.102 443 {
        weight 1
        TCP_CHECK {
            connect_port 443
            connect_timeout 3
        }
    }
}

2.5.2 配置BACKUP

編輯lb2(192.168.1.102)上的/etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {
   # 通知郵件服務(wù)器的配置
   notification_email {
     # 當(dāng)master失去VIP或則VIP的時(shí)候,會(huì)發(fā)一封通知郵件到y(tǒng)our-email@qq.com
     your-email@qq.com
   }
   # 發(fā)件人信息
   notification_email_from keepalived@qq.com
   # 郵件服務(wù)器地址
   smtp_server 127.0.0.1
   # 郵件服務(wù)器超時(shí)時(shí)間
   smtp_connect_timeout 30
   # 郵件TITLE
   router_id LVS_DEVEL
}

vrrp_instance VI_1 {
    # 主機(jī): MASTER
    # 備機(jī): BACKUP
    state BACKUP
    # 實(shí)例綁定的網(wǎng)卡, 用ip a命令查看網(wǎng)卡編號(hào)
    interface eno16777984
    # 虛擬路由標(biāo)識(shí),這個(gè)標(biāo)識(shí)是一個(gè)數(shù)字(1-255),在一個(gè)VRRP實(shí)例中主備服務(wù)器ID必須一樣
    virtual_router_id 88
    # 優(yōu)先級(jí),數(shù)字越大優(yōu)先級(jí)越高,在一個(gè)實(shí)例中主服務(wù)器優(yōu)先級(jí)要高于備服務(wù)器
    priority 99
    # 主備之間同步檢查的時(shí)間間隔單位秒
    advert_int 1
    # 驗(yàn)證類型和密碼
    authentication {
        # 驗(yàn)證類型有兩種 PASS和HA
        auth_type PASS
        # 驗(yàn)證密碼,在一個(gè)實(shí)例中主備密碼保持一樣
        auth_pass 11111111
    }
    # 虛擬IP地址,可以有多個(gè),每行一個(gè)
    virtual_ipaddress {
        192.168.1.100
    }
}

virtual_server 192.168.1.100 443 {
    # 健康檢查時(shí)間間隔
    delay_loop 6
    # 調(diào)度算法
    # Doc: http://www.keepalived.org/doc/scheduling_algorithms.html
    # Round Robin (rr)
    # Weighted Round Robin (wrr)
    # Least Connection (lc)
    # Weighted Least Connection (wlc)
    # Locality-Based Least Connection (lblc)
    # Locality-Based Least Connection with Replication (lblcr)
    # Destination Hashing (dh)
    # Source Hashing (sh)
    # Shortest Expected Delay (seq)
    # Never Queue (nq)
    # Overflow-Connection (ovf)
    lb_algo rr
    lb_kind NAT
    persistence_timeout 50
    protocol TCP
    # 通過調(diào)度算法把Master切換到真實(shí)的負(fù)載均衡服務(wù)器上
    # 真實(shí)的主機(jī)會(huì)定期確定進(jìn)行健康檢查,如果MASTER不可用,則切換到備機(jī)上
    real_server 192.168.1.101 443 {
        weight 1
        TCP_CHECK {
            # 連接超端口
            connect_port 443
            # 連接超時(shí)時(shí)間
            connect_timeout 3
        }
    }
    real_server 192.168.1.102 443 {
        weight 1
        TCP_CHECK {
            connect_port 443
            connect_timeout 3
        }
    }
}

2.6 配置haproxy

編輯lb1(192.168.1.101)和lb2(192.168.1.102)上的/etc/haproxy/haproxy.cfg
把后端服務(wù)器IP(192.168.1.2, 192.168.1.3, 192.168.1.4)加到backend里

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4096
    user        haproxy
    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

listen stats
    bind    *:9000
    mode    http
    stats   enable
    stats   hide-version
    stats   uri       /stats
    stats   refresh   30s
    stats   realm     Haproxy\ Statistics
    stats   auth      admin:admin


frontend  k8s-api
    bind *:443
    mode tcp
    option tcplog
    tcp-request inspect-delay 5s
    tcp-request content accept if { req_ssl_hello_type 1 }
    default_backend k8s-api-backend

backend k8s-api-backend
    mode tcp
    option tcplog
    option tcp-check
    balance roundrobin
    server master1 192.167.1.2:80 maxconn 1024 weight 5 check
    server master2 192.167.1.3:80 maxconn 1024 weight 5 check
    server master3 192.167.1.4:80 maxconn 1024 weight 5 check

2.7 配置nginx

給nginx添加SSL證書,配置過程略

vi /usr/share/nginx/html/index.html

把index.html里面字符串Welcome to nginx改成Welcome to nginx HA

3 啟動(dòng)服務(wù)

3.1 啟動(dòng)nginx

sudo systemctl start nginx
sudo systemctl enable nginx

3.2 啟動(dòng)haproxy

sudo systemctl start haproxy
sudo systemctl enable haproxy

3.3 啟動(dòng)keepalived

sudo systemctl start keepalived
sudo systemctl enable keepalived

在MASTER上運(yùn)行ip a

 eno16777984: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:xx:xx:xx:3d:0c brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.101/24 brd 192.168.1.255 scope global eno16777984
       valid_lft forever preferred_lft forever
    inet 192.168.1.100/32 scope global eno16777984
       valid_lft forever preferred_lft forever
    inet6 eeee:eeee:1c9d:2009:250:56ff:fe9c:3d0c/64 scope global noprefixroute dynamic
       valid_lft 7171sec preferred_lft 7171sec
    inet6 eeee::250:56ff:eeee:3d0c/64 scope link
       valid_lft forever preferred_lft forever

會(huì)發(fā)現(xiàn)VIP(192.168.1.100)已經(jīng)綁定好了

inet 192.168.1.100/32 scope global eno16777984
       valid_lft forever preferred_lft forever

如果發(fā)現(xiàn)VIP無法綁定

vi /etc/sysctl.conf

添加兩行

net.ipv4.ip_forward = 1
net.ipv4.ip_nonlocal_bind = 1

讓新配置生效

sysctl -p

4 驗(yàn)證

4.1 查看狀態(tài)

1. 在瀏覽器輸入 http://192.168.1.100:9000/stats 查看haproxy狀態(tài)
2. 在瀏覽器輸入 https://192.168.1.100 查看服務(wù)狀態(tài)
   是否成功顯示為nginx歡迎頁面

4.2 主備切換

1. 在瀏覽器輸入 https://192.168.1.100 查看是否成功顯示nginx歡迎頁面
2. lb1(192.168.1.101)關(guān)機(jī),查看是否還可以訪問https://192.168.1.100, 如果成功,則說明VIP成功切換到備機(jī)
3. 在lb2(192.168.1.102)上執(zhí)行ip a,查看網(wǎng)卡是否綁定VIP(192.168.1.100)
3. 啟動(dòng)lb1(192.168.1.101)
   目的是為了驗(yàn)證VIP是否切回MASTER主機(jī)(因?yàn)镸ASTER端的配置文件中priority為100,而BACKUP為99,health check會(huì)自動(dòng)把VIP綁定到priority高的主機(jī)上)
最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

  • https://www.cnblogs.com/liuyisai/p/5990645.html lvs+keepa...
    SkTj閱讀 1,407評(píng)論 0 0
  • 當(dāng)使用ThreadLocal對(duì)象維護(hù)一個(gè)變量時(shí),ThreadLocal對(duì)象為每個(gè)使用該變量的線程提供獨(dú)立的副本,所...
    伊凡的一天閱讀 575評(píng)論 0 1
  • 霞色層鋪,彩染香屋。檀微熏,綠蟻紅爐。燭光搖曳,斜倚書讀。品恨中愛,苦中樂,有中無。 萬千感慨,皆藏肺腑。卷輕合,...
    靜鈴音閱讀 702評(píng)論 36 50
  • 半座、城池 當(dāng)樹葉枯黃,已無力依戀大樹的時(shí)候,微風(fēng)讀懂了它的哀傷,把它輕輕的送向了遠(yuǎn)方…… 當(dāng)...
    佐戲佑豫閱讀 321評(píng)論 4 3

友情鏈接更多精彩內(nèi)容