linux-keepalived-haproxy-高可用配置

使用keepalived保证haproxy双活(一台haproxy挂了自动切换到另外一台haproxy上), 使用haproxy保证后端各服务器流量均衡

环境

虚拟IP: 172.23.6.2
服务器A: 172.23.6.200 部署有keepalived、haproxy
服务器B: 172.23.6.201 部署有keepalived、haproxy
服务器C: 172.23.6.203 部署有nginx(使用nginx作为后端web服务测试)
服务器D: 172.23.6.204 部署有nginx(使用nginx作为后端web服务测试)
另外，各服务器的防火墙和selinux都关闭

安装

服务器C/D

# 服务器C上执行
yum install nginx
echo -e "172.23.6.203 server-master" > /usr/share/nginx/html/index.html
systemctl start nginx  

# 服务器D上执行
yum install nginx
echo -e "172.23.6.204 server-backup" > /usr/share/nginx/html/index.html
systemctl start nginx

然后通过web访问：172.23.6.203(确保显示:172.23.6.203 server-master) 和 172.23.6.204(确保显示:172.23.6.204 server-backup)

服务器A/B

yum install keepalived haproxy

配置

haproxy配置

服务器A

cat /etc/haproxy/haproxy.cfg

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    log         127.0.0.1 local2
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon
    stats socket /var/lib/haproxy/stats

defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

frontend  main *:8001
    default_backend             webapp

backend webapp
balance roundrobin
server server-master 172.23.6.203:80 check inter 2000 fall 3 weight 1
server server-backup 172.23.6.204:80 check inter 2000 fall 3 weight 1

然后启动haproxy服务

systemctl start haproxy

这时候访问：172.23.6.200 ,页面会在: 172.23.6.203 server-master 和 172.23.6.204 server-backup 来回切换

服务器B

与服务器A的haproxy配置一致，直接拷贝过来即可.
然后启动haproxy服务

systemctl start haproxy

这时候访问：172.23.6.201 ,页面会在: 172.23.6.203 server-master 和 172.23.6.204 server-backup 来回切换

备注

如果不配置keepalived，这时候172.23.6.200挂了，流量就没法自动切换到172.23.6.201上

keepalived配置

服务器A

cat /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {
   router_id LVS_DEVEL
}

vrrp_script chk_haproxy { # 定义检测脚本
        script "/etc/keepalived/haproxy_check.sh"
        interval 1 ## 检测时间间隔
        weight -5 ## 如果条件成立，权重-5
        fall 3
        rise 5
}

vrrp_instance VI_1 {
    state MASTER  # 备节点为BACKUP
    interface eth0  # 绑定的实际网口
    virtual_router_id 88 # 与备节点一致
    priority 100  # 权重，比备节点大
    advert_int 1
    authentication { # 认证信息，与备节点一致
        auth_type PASS
        auth_pass vip_test
    }
    virtual_ipaddress { # 虚IP, 可配置多个，每行一个
        172.23.6.2
    }
    track_script {
        chk_haproxy # 使用前面定义的检测haproxy的脚本
    }
}

virtual_server 172.23.6.2 80 {  # 虚IP及其使用的端口，对外提供服务的
    delay_loop 6
    lb_algo rr
    lb_kind NAT
    persistence_timeout 50
    protocol TCP

    real_server 172.23.6.200 8001 {  # 真实服务ip及其使用的端口，在haproxy里frontend配置的端口
        weight 1
        #TCP_CHECK {
        #    connect_timeout 3
        #    nb_get_retry 3
        #    delay_before_retry 3
        #    connect_port 80
        #}
    }
}

添加haproxy服务进程判断脚本，如果进行不存在，则关闭keepalived服务，虚IP就会自动飘移到别的keepalived机器上
cat /etc/keepalived/haproxy_check.sh

#!/bin/bash
counter=$(ps -C haproxy --no-heading|wc -l)
if [ $counter -eq 0 ]; then
    #systemctl start haproxy
    #sleep 2
    #counter=$(ps -C haproxy --no-heading|wc -l)
    #if [ $counter -eq 0 ]; then
        systemctl stop keepalived
    #fi
fi

添加脚本执行权限

chmod +x /etc/keepalived/haproxy_check.sh

启动keepalived服务

systemctl start keepalived

通过：ip a, 命令可以看到在eth0 网口生成了虚IP地址: 172.23.6.2
web浏览器访问：172.23.6.2 ，页面会在: 172.23.6.203 server-master 和 172.23.6.204 server-backup 来回切换

服务器B

cat /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {
   router_id LVS_DEVEL
}

vrrp_script chk_haproxy {
        script "/etc/keepalived/haproxy_check.sh"
        interval 1 ## 检测时间间隔
        weight -5 ## 如果条件成立，权重-5
        fall 3
        rise 5
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 88
    priority 50
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass vip_test
    }
    virtual_ipaddress {
        172.23.6.2
    }
    track_script {
        #check_nginx_alive
        chk_haproxy
    }
}

virtual_server 172.23.6.2 80 {
    delay_loop 6
    lb_algo rr
    lb_kind NAT
    persistence_timeout 50
    protocol TCP

    real_server 172.23.6.201 8001 {
        weight 1
        #TCP_CHECK {
        #    connect_timeout 3
        #    nb_get_retry 3
        #    delay_before_retry 3
        #    connect_port 80
        #}
    }
}

添加haproxy服务进程判断脚本
cat /etc/keepalived/haproxy_check.sh

#!/bin/bash
counter=$(ps -C haproxy --no-heading|wc -l)
if [ $counter -eq 0 ]; then
    systemctl start haproxy
    sleep 2
    counter=$(ps -C haproxy --no-heading|wc -l)
    if [ $counter -eq 0 ]; then
        systemctl stop keepalived
    fi
fi

添加脚本执行权限

chmod +x /etc/keepalived/haproxy_check.sh

启动keepalived服务

systemctl start keepalived

高可用验证

• 把服务器C上的nginx服务关闭

  systemctl stop nginx

页面访问: 172.23.6.2，会一直显示: 172.23.6.204 nginx-backup
再把服务器C上的nginx服务开启

systemctl start nginx

这时候访问：172.23.6.200 ,页面又会在: 172.23.6.203 server-master 和 172.23.6.204 server-backup 来回切换

• 把服务器A上面的haproxy服务关闭

  systemctl stop haproxy

在服务器A上执行

ip a

会发现在eth0 网口的虚IP(172.23.6.2)已经消失
我们到服务器B上执行

ip a

会发现在eth0上有虚IP(172.23.6.2)，虚IP自动飘移到服务器B上了
如果把服务器A上的haproxy和keepalived分别启动

systemctl start haproxy
systemctl start keepalived

必须先启动haproxy，因我们在keepalived里做健康检查，如果先启动keepalived，发现haproxy服务不存在，又给把keepalived给关闭
在服务器A执行:

ip a

发现在eth0上有虚IP(172.23.6.2)，虚IP又自动飘移回到服务器A上了