haproxy+keepalived配置示例

在非云环境中,要实现服务的高可用和负载功能一般会使用haproxy+keepalived方案,通过使用vrrp管理vip地址的的自动漂移,以及通过haproxy实现服务的负载功能。除了vrrp协议,还需要确保我们的主机网络中支持无偿arp,以保证我们的路由器或其他主机能够正确的将vip地址解析到正确的mac地址。在下图中,采用两个服务器安装keepalived+haproxy进行主备部署,后面有三台独立的RS服务器,当然keepalived本身也可以和RS服务部署在同一台服务器上。

下面是针对haproxy的配置,我们要配置haproxy直接绑定的虚拟vip地址的话,需要开启ip_nonlocal_bind这个配置项,如果监听的是0.0.0.0地址的话就无所谓:

[root@master3 ~]# echo net.ipv4.ip_nonlocal_bind=1 >> /etc/sysctl.d/haproxy-keepalived.conf
[root@master3 ~]# sysctl -p /etc/sysctl.d/haproxy-keepalived.conf
[root@master3 ~]# cat /etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# Example configuration for a possible web application.  See the
# full configuration options online.
#
#   http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

frontend myserver-api
  # 配置vip的监听地址和端口
  bind 10.0.0.4:6443
  bind 127.0.0.1:6443
  mode tcp
  option tcplog
  default_backend myserver-api

backend myserver-api
  mode tcp
  option tcplog
  option tcp-check
  balance roundrobin
  default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
  # 配置真实RS服务器地址
  server k8s-api-1 10.0.0.5:443 check
  server k8s-api-2 10.0.0.6:443 check
  server k8s-api-3 10.0.0.7:443 check

下面是针对keepalived的示例配置:

[root@master3 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}


vrrp_script haproxy-check {
    script "killall -0 haproxy"
    interval 2
    weight 20
}

vrrp_instance haproxy-vip {
    state BACKUP
    priority 101
    interface eth0
    virtual_router_id 47
    advert_int 3

    # 本地keepalived的ip地址和对方keepalived的ip地址
    unicast_src_ip 10.0.0.2
    unicast_peer {
        10.0.0.3
    }

    # 虚拟服务器的vip地址,需要是保留的地址
    virtual_ipaddress {
        10.0.0.4
    }

    track_script {
        haproxy-check weight 20
    }
}

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注