尽管HAProxy非常稳定,但仍然无法规避操作系统故障、主机硬件故障、网络故障甚至断电带来的风险。所以必须对HAProxy实施高可用方案。
下面将介绍利用Keepalived实现的HAProxy热备方案。即两台主机上的两个HAProxy实例同时在线,其中权重较高的实例为MASTER,MASTER出现问题时,另一台实例自动接管所有流量。
1、地址规划
haproxy+keepalive1
192.168.28.101
haproxy+keepalive2
192.168.28.102
VIP
192.168.28.110
harbor
192.168.28.202
1、使用yum安装软件(如果服务器不能联网,可以选择源码安装,这里为了简单,直接使用yum)
# yum install keepalived haproxy -y
2、关闭防火墙和selinux
关闭防火墙
iptables -F && iptables -X && iptables -Z
systemctl stop firewalld.service && systemctl disable firewalld.service
关闭Selinux
setenforce 0
echo 'sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/sysconfig/selinux
sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
sed -i "s/^SELINUX=permissive/SELINUX=disabled/g" /etc/sysconfig/selinux
sed -i "s/^SELINUX=permissive/SELINUX=disabled/g" /etc/selinux/config'| sh
3、配置时间同步
yum install chronyd -y
cat > /etc/chrony.conf <<EOF
server ntp.aliyun.com iburst
stratumweight 0
driftfile /var/lib/chrony/drift
rtcsync
makestep 10 3
bindcmdaddress 127.0.0.1
bindcmdaddress ::1
keyfile /etc/chrony.keys
commandkey 1
generatecommandkey
logchange 0.5
logdir /var/log/chrony
EOF
systemctl enable chronyd && systemctl start chronyd
3、配置kepalived
复制VRRP模板
cp /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp /etc/keepalived/keepalived.conf
master节点配置
修改配置如下
! Configuration File for keepalived
global_defs {
notification_email {
acassen
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL1
}
vrrp_instance VI_1 {
state MASTER
interface ens33
garp_master_delay 10
smtp_alert
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.28.110
}
}
backup节点配置
! Configuration File for keepalived
global_defs {
notification_email {
acassen
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL2
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
garp_master_delay 10
smtp_alert
virtual_router_id 51
priority 50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.28.110
}
}
启动服务
systemctl enable keepalived && systemctl start keepalived && systemctl status keepalived
主机:
备机:
4、配置haproxy
hapeoxy配置如下:
主备机配置一样
scp /etc/haproxy/haproxy.cfg 192.168.28.101:/etc/haproxy/haproxy.cfg
#--------------全局配置----------------
global
log 127.0.0.1 local0 info
#log loghost local0 info
maxconn 20480
#chroot /usr/local/haproxy
pidfile /var/run/haproxy.pid
#maxconn 4000
user haproxy
group haproxy
daemon
#---------------------------------------------------------------------
#common defaults that all the 'listen' and 'backend' sections will
#use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option dontlognull
option httpclose
option httplog
#option forwardfor
option redispatch
balance roundrobin
timeout connect 10s
timeout client 10s
timeout server 10s
timeout check 10s
maxconn 60000
retries 3
#--------------统计页面配置------------------
listen admin_stats
bind 0.0.0.0:8189
stats enable
mode http
log global
stats uri /haproxy_stats
stats realm Haproxy\ Statistics
stats auth admin:admin
#stats hide-version
stats admin if TRUE
stats refresh 30s
#---------------web设置-----------------------
listen harbor-80
bind *:80
mode tcp
server server1 192.168.28.201:80 check inter 3s fall 3 rise 3
listen harbor-443
bind *:443
mode tcp
server server1 192.168.28.201:443 check inter 3s fall 3 rise 3
启动服务:
systemctl start haproxy && systemctl enable haproxy && systemctl status haproxy
5、测试效果
正常效果
打开https://192.168.28.110/查看负载后的地址
master:
keepalived状态:
backup:
keepalived状态:
关闭master
backup:
keepalived状态:
网页访问:
haproxy页面:
切换为backup PID
启动master
backup:
keepalived状态:
master:
keepalived状态:
访问网页正常:
haproxy页面:
切换为master PID
由此可见,高可用负载均衡器正常使用。