Keepalived + HAproxy实现HA

Keepalived + HAproxy实现HA

 Keepalived 提供 VRPP 实现,并允许您配置 Linux 机器使负载均衡,预防单点故障。HAProxy 提供可靠、高性能的负载均衡,能与 Keepalived 完美配合

yum install keepalived haproxy psmisc -y

配置HAProxy

vi /etc/haproxy/haproxy.cfg

global
    log /dev/log  local0 warning
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon
   
   stats socket /var/lib/haproxy/stats
   
defaults
  log global
  option  httplog
  option  dontlognull
        timeout connect 5000
        timeout client 50000
        timeout server 50000
   
frontend kube-apiserver
  bind *:6443
  mode tcp
  option tcplog
  default_backend kube-apiserver
   
backend kube-apiserver
    mode tcp
    option tcplog
    option tcp-check
    balance roundrobin
    default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
    server 后端服务器1的主机名 172.16.0.4:6443 check
    server 后端服务器2的主机名 172.16.0.5:6443 check
    server 后端服务器13的主机名 172.16.0.6:6443 check
systemctl restart haproxy
systemctl enable haproxy

为什么KeepAlived会在多台主机之间漂移?没看过VRRP协议,但是猜测:

1. keepalived进程都是守护进程,彼此之间肯定是互相通信的,就好像打仗,拿着红旗冲锋,大家都知道红旗在谁手上,一旦某人挂了,其他的某个人会继续把红旗捡起来,往前冲

2. Keepalived肯定调用了某个Linux的命令或者API,给某个网卡再分配一个IP地址,这个我来查一下,也就是说一个网卡上其实是可以有多个IP地址的

vi /etc/keepalived/keepalived.conf

global_defs {
  notification_email {
  }
  router_id LVS_DEVEL
  vrrp_skip_check_adv_addr
  vrrp_garp_interval 0
  vrrp_gna_interval 0
}
   
vrrp_script chk_haproxy {
  script "killall -0 haproxy"
  interval 2
  weight 2
}
   
vrrp_instance haproxy-vip {
  state BACKUP
  priority 100
  interface eth0                       # 每台安装了Keepalived的主机的网卡名称,一般是eth0
  virtual_router_id 60
  advert_int 1
  authentication {
    auth_type PASS
    auth_pass 1111
  }
  unicast_src_ip 172.16.0.2      # 主机IP地址
  unicast_peer {
    172.16.0.3        # 组成Keepalived集群的另外一个主机的IP地址
  }
   
  virtual_ipaddress {
    172.16.0.10/24    # 这个是虚拟IP地址,会在多个Keepalived主机之间漂移
  }
   
  track_script {
    chk_haproxy
  }
}

看看172.16.0.2上面是否还有一个虚拟IP地址? 确实有,如下图,此时如果把0.2机器关掉,看看0.3上面是否有这个虚拟IP,也就是说VIP会漂移

[root@lb1 ~]# ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 52:54:9e:27:38:c8 brd ff:ff:ff:ff:ff:ff
    inet 172.16.0.2/24 brd 172.16.0.255 scope global noprefixroute dynamic eth0
       valid_lft 73334sec preferred_lft 73334sec
    inet 172.16.0.10/24 scope global secondary eth0 # The VIP address
       valid_lft forever preferred_lft forever
    inet6 fe80::510e:f96:98b2:af40/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
可以看到0.2上面的VIP已经没有了

[root@lb1 ~]# ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 52:54:9e:27:38:c8 brd ff:ff:ff:ff:ff:ff
    inet 172.16.0.2/24 brd 172.16.0.255 scope global noprefixroute dynamic eth0
       valid_lft 72802sec preferred_lft 72802sec
    inet6 fe80::510e:f96:98b2:af40/64 scope link noprefixroute
       valid_lft forever preferred_lft forever


现在172.16.0.10/24已经跑到0.3这台机器上了

[root@lb2 ~]# ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 52:54:9e:3f:51:ba brd ff:ff:ff:ff:ff:ff
    inet 172.16.0.3/24 brd 172.16.0.255 scope global noprefixroute dynamic eth0
       valid_lft 72690sec preferred_lft 72690sec
    inet 172.16.0.10/24 scope global secondary eth0   # The VIP address
       valid_lft forever preferred_lft forever
    inet6 fe80::f67c:bd4f:d6d5:1d9b/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.2.70  netmask 255.255.255.255  broadcast 192.168.2.70
        inet6 fe80::20c:29ff:fe80:1c9d  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:80:1c:9d  txqueuelen 1000  (Ethernet)
        RX packets 908297  bytes 752709326 (717.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 260326  bytes 122095022 (116.4 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

实际上Linux是可以通过给网卡添加子网卡的方式来添加一个IP地址的,这就是Linux的辅助IP(secondary ip address),辅助IP则是由linux系统的ip命令创建和维护的,ip addr add创建的辅助IP用ifconfig是无法看到的,keepalived就是是用的辅助IP提供服务。

 

 

上一篇:CentOS7.9 Haproxy 2.2版本 L7安装及使用


下一篇:LVS的DR模式和NAT模式配置http