Keepalived 提供 VRPP 实现,并允许您配置 Linux 机器使负载均衡,预防单点故障。HAProxy 提供可靠、高性能的负载均衡,能与 Keepalived 完美配合
yum install keepalived haproxy psmisc -y
配置HAProxy
vi /etc/haproxy/haproxy.cfg
global
log /dev/log local0 warning
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats
defaults
log global
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
frontend kube-apiserver
bind *:6443
mode tcp
option tcplog
default_backend kube-apiserver
backend kube-apiserver
mode tcp
option tcplog
option tcp-check
balance roundrobin
default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
server 后端服务器1的主机名 172.16.0.4:6443 check
server 后端服务器2的主机名 172.16.0.5:6443 check
server 后端服务器13的主机名 172.16.0.6:6443 check
systemctl restart haproxy
systemctl enable haproxy
为什么KeepAlived会在多台主机之间漂移?没看过VRRP协议,但是猜测:
1. keepalived进程都是守护进程,彼此之间肯定是互相通信的,就好像打仗,拿着红旗冲锋,大家都知道红旗在谁手上,一旦某人挂了,其他的某个人会继续把红旗捡起来,往前冲
2. Keepalived肯定调用了某个Linux的命令或者API,给某个网卡再分配一个IP地址,这个我来查一下,也就是说一个网卡上其实是可以有多个IP地址的
vi /etc/keepalived/keepalived.conf
global_defs {
notification_email {
}
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 2
weight 2
}
vrrp_instance haproxy-vip {
state BACKUP
priority 100
interface eth0 # 每台安装了Keepalived的主机的网卡名称,一般是eth0
virtual_router_id 60
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
unicast_src_ip 172.16.0.2 # 主机IP地址
unicast_peer {
172.16.0.3 # 组成Keepalived集群的另外一个主机的IP地址
}
virtual_ipaddress {
172.16.0.10/24 # 这个是虚拟IP地址,会在多个Keepalived主机之间漂移
}
track_script {
chk_haproxy
}
}
看看172.16.0.2上面是否还有一个虚拟IP地址? 确实有,如下图,此时如果把0.2机器关掉,看看0.3上面是否有这个虚拟IP,也就是说VIP会漂移
[root@lb1 ~]# ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 52:54:9e:27:38:c8 brd ff:ff:ff:ff:ff:ff
inet 172.16.0.2/24 brd 172.16.0.255 scope global noprefixroute dynamic eth0
valid_lft 73334sec preferred_lft 73334sec
inet 172.16.0.10/24 scope global secondary eth0 # The VIP address
valid_lft forever preferred_lft forever
inet6 fe80::510e:f96:98b2:af40/64 scope link noprefixroute
valid_lft forever preferred_lft forever
可以看到0.2上面的VIP已经没有了
[root@lb1 ~]# ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 52:54:9e:27:38:c8 brd ff:ff:ff:ff:ff:ff
inet 172.16.0.2/24 brd 172.16.0.255 scope global noprefixroute dynamic eth0
valid_lft 72802sec preferred_lft 72802sec
inet6 fe80::510e:f96:98b2:af40/64 scope link noprefixroute
valid_lft forever preferred_lft forever
现在172.16.0.10/24已经跑到0.3这台机器上了
[root@lb2 ~]# ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 52:54:9e:3f:51:ba brd ff:ff:ff:ff:ff:ff
inet 172.16.0.3/24 brd 172.16.0.255 scope global noprefixroute dynamic eth0
valid_lft 72690sec preferred_lft 72690sec
inet 172.16.0.10/24 scope global secondary eth0 # The VIP address
valid_lft forever preferred_lft forever
inet6 fe80::f67c:bd4f:d6d5:1d9b/64 scope link noprefixroute
valid_lft forever preferred_lft forever
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.2.70 netmask 255.255.255.255 broadcast 192.168.2.70
inet6 fe80::20c:29ff:fe80:1c9d prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:80:1c:9d txqueuelen 1000 (Ethernet)
RX packets 908297 bytes 752709326 (717.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 260326 bytes 122095022 (116.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
实际上Linux是可以通过给网卡添加子网卡的方式来添加一个IP地址的,这就是Linux的辅助IP(secondary ip address),辅助IP则是由linux系统的ip命令创建和维护的,ip addr add创建的辅助IP用ifconfig是无法看到的,keepalived就是是用的辅助IP提供服务。