web集群(haproxy负载均衡+keepalived高可用)

主机名	主机	IP地址
lvs1	haproxy+keepalived	192.168.88.38
proxy	haproxy+keepalived	192.168.88.66
web1	nginx	192.168.88.10
web2	nginx	192.168.88.20

配置lvs1，proxy

安装haproxy

[root@lvs1 ~]# yum -y install haproxy
[root@lvs1 ~]# vim /etc/haproxy/haproxy.cfg 
[root@lvs1 ~]# cat /etc/haproxy/haproxy.cfg 
global#log         127.0.0.1 local2log /dev/log local0 infolog /dev/log local0 notice#chroot      /var/lib/haproxypidfile     /var/run/haproxy.pidmaxconn     4000user        haproxygroup       haproxydaemonnbproc 1# turn on stats unix socketstats socket /var/lib/haproxy/statsdefaultsmode                    httplog                     globaloption                  httplogoption                  dontlognulloption http-server-closeoption forwardfor       except 127.0.0.0/8option                  redispatchretries                 3timeout http-request    10stimeout queue           1mtimeout connect         10stimeout client          1mtimeout server          1mtimeout http-keep-alive 10stimeout check           10smaxconn                 3000
listen statsbind    *:9000mode    httpstats   enablestats   hide-versionstats   uri       /statsstats   refresh   30sstats   realm     Haproxy\ Statisticsstats   auth      admin:admin
listen web 0.0.0.0:80 balance roundrobin  balance roundrobin    #负载均衡调度算法server web1 192.168.88.10:80 check inter 2000 fall 3
check inter 2000  fall 3     #表示启用对此后端服务器执行健康检查，设置健康状态检查的时间间隔，单位为毫秒连续三次检测不到心跳频率则认为该节点失效server web2 192.168.88.20:80 check inter 2000 fall 3
[root@lvs1 ~]# systemctl start haproxy.service 
proxy主机步骤如上

安装keepalived

#主节点
[root@lvs1 ~]# yum -y install keepalived
[root@lvs1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalivedglobal_defs {# 通知邮件服务器的配置notification_email {# 当master失去VIP或则VIP的时候，会发一封通知邮件到your-email@qq.comyour-email@qq.com}# 发件人信息notification_email_from keepalived@qq.com# 邮件服务器地址smtp_server 127.0.0.1# 邮件服务器超时时间smtp_connect_timeout 30# 邮件TITLErouter_id lvs1
}
vrrp_script check_nginx {  #检查haproxy宕机，关闭keepalived服务script "/etc/keepalived/check_haproxy.sh"interval 3
}
vrrp_instance VI_1 {# 主机: MASTER# 备机: BACKUPstate MASTER# 实例绑定的网卡, 用ip a命令查看网卡编号interface ens37# 虚拟路由标识，这个标识是一个数字(1-255)，在一个VRRP实例中主备服务器ID必须一样virtual_router_id 88# 优先级，数字越大优先级越高，在一个实例中主服务器优先级要高于备服务器priority 90# 主备之间同步检查的时间间隔单位秒advert_int 1# 验证类型和密码authentication {# 验证类型有两种 PASS和HAauth_type PASS# 验证密码，在一个实例中主备密码保持一样auth_pass 11111111}# 虚拟IP地址,可以有多个，每行一个virtual_ipaddress {192.168.88.88/24}track_script {check_nginx }
}
[root@lvs1 ~]# systemctl start keepalived
#从节点
[root@proxy ~]# yum -y install keepalived
[root@proxy ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalivedglobal_defs {# 通知邮件服务器的配置notification_email {# 当master失去VIP或则VIP的时候，会发一封通知邮件到your-email@qq.comyour-email@qq.com}# 发件人信息notification_email_from keepalived@qq.com# 邮件服务器地址smtp_server 127.0.0.1# 邮件服务器超时时间smtp_connect_timeout 30# 邮件TITLErouter_id proxy
}
vrrp_script check_nginx {script "/etc/keepalived/check_nginx.sh"interval 3
}
vrrp_instance VI_1 {# 主机: MASTER# 备机: BACKUPstate BACKUP# 实例绑定的网卡, 用ip a命令查看网卡编号interface ens37# 虚拟路由标识，这个标识是一个数字(1-255)，在一个VRRP实例中主备服务器ID必须一样virtual_router_id 88# 优先级，数字越大优先级越高，在一个实例中主服务器优先级要高于备服务器priority 80# 主备之间同步检查的时间间隔单位秒advert_int 1# 验证类型和密码authentication {# 验证类型有两种 PASS和HAauth_type PASS# 验证密码，在一个实例中主备密码保持一样auth_pass 11111111}# 虚拟IP地址,可以有多个，每行一个virtual_ipaddress {192.168.88.88/24}track_script {check_nginx }
}
[root@proxy ~]# systemctl start keepalived

验证

此时使用ip a查看，vip地址在主节点上
[root@lvs1 ~]# ip a
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:48:b3:7b brd ff:ff:ff:ff:ff:ffinet 192.168.88.38/24 brd 192.168.88.255 scope global noprefixroute ens37valid_lft forever preferred_lft foreverinet 192.168.88.88/24 scope global secondary ens37valid_lft forever preferred_lft foreverinet6 fe80::dbb5:b534:a44a:a21/64 scope link noprefixroute valid_lft forever preferred_lft forever
[root@lvs1 ~]# curl 192.168.88.88
test2
[root@lvs1 ~]# curl 192.168.88.88
test1
[root@lvs1 ~]# curl 192.168.88.88
test1
[root@lvs1 ~]# curl 192.168.88.88
test2
假如把主节点的haproxy服务关闭，查看keepalived是否会自动关闭，并且把vip地址漂浮到从节点
[root@lvs1 ~]# systemctl status keepalived.service 
● keepalived.service - LVS and VRRP High Availability MonitorLoaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)Active: active (running) since 日 2024-03-17 23:35:28 CST; 24min ago
[root@lvs1 ~]# systemctl stop haproxy.service 
[root@lvs1 ~]# systemctl status keepalived.service 
● keepalived.service - LVS and VRRP High Availability MonitorLoaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
[root@lvs1 ~]# ip a
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:48:b3:7b brd ff:ff:ff:ff:ff:ffinet 192.168.88.38/24 brd 192.168.88.255 scope global noprefixroute ens37valid_lft forever preferred_lft foreverinet6 fe80::dbb5:b534:a44a:a21/64 scope link noprefixroute valid_lft forever preferred_lft forever
[root@proxy ~]# ip a
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:e4:cd:ac brd ff:ff:ff:ff:ff:ffinet 192.168.88.66/24 brd 192.168.88.255 scope global noprefixroute ens37valid_lft forever preferred_lft foreverinet 192.168.88.88/24 scope global secondary ens37valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fee4:cdac/64 scope link valid_lft forever preferred_lft forever       
发现配置的检查haproxy脚本生效，vip地址也漂浮到了proxy从节点上
[root@ceph01 ~]# curl 192.168.88.88
test2
[root@ceph01 ~]# curl 192.168.88.88
test1
[root@ceph01 ~]# curl 192.168.88.88
test1
[root@ceph01 ~]# curl 192.168.88.88
test2