首先装虚拟机 具体参考
零基础安装优化linux虚拟机 最全保姆级教程全程粘贴复制即可,操作完即可正常使用_zz-zjx的博客-CSDN博客
类型/主机名 | 服务器IP | VIP | 系统 |
master1 | 172.31.7.101 | 172.31.7.188 | centos7.9 |
master2 | 172.31.7.102 | 172.31.7.188 | centos7.9 |
master3 | 172.31.7.103 | 172.31.7.188 | centos7.9 |
harbor1 | 172.31.7.104 | centos7.9 | |
harbor2 | 172.31.7.105 | centos7.9 | |
etcd1 | 172.31.7.106 | centos7.9 | |
etcd2 | 172.31.7.107 | centos7.9 | |
etcd3 | 172.31.7.108 | centos7.9 | |
haproxy1 | 172.31.7.109 | centos7.9 | |
haproxy2 | 172.31.7.110 | centos7.9 | |
node1 | 172.31.7.111 | centos7.9 | |
node2 | 172.31.7.112 | centos7.9 | |
node3 | 172.31.7.113 | centos7.9 |
初始化环境
1.关闭防火墙
systemctl stop firewalld #停止防火墙
systemctl disable firewalld #关闭开机自启动
2.关闭 selinux
setenforce 0 # 临时关闭
sed -i 's/enforcing/disabled/' /etc/selinux/config # 永久关闭
3.关闭swap
swapoff -a # 临时关闭
sed -ri 's/.*swap.*/#&/' /etc/fstab # 永久关闭
hosts添加
cat > /etc/hosts << EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.31.7.101 master1
172.31.7.102 master2
172.31.7.103 master3
172.31.7.104 harbor1
172.31.7.105 harbor2
172.31.7.106 etcd1
172.31.7.107 etcd2
172.31.7.108 etcd3
172.31.7.109 haproxy1
172.31.7.110 haproxy2
172.31.7.111 node1
172.31.7.112 node2
172.31.7.113 node3
EOF
harbor配置keepalived高可用负载均衡 用keeplived 虚拟出vip(virtua ip)既虚拟ip,网上keeplived很多教程 不展开说明 实在不懂 可参考
keepalived配置VIP(虚拟IP)_IChen.的博客-CSDN博客_keepalived vip
uname -r #查看系统内核
3.10.0-1160.el7.x86_64
cat /etc/redhat-release #查看系统版本
CentOS Linux release 7.9.2009 (Core)
注意docker 以及k8s都要在内核3.10以上才能正常运行。
在主机
haproxy1 | 172.31.7.109 |
1.安装keeplived
yum -y install keepalived.x86_64
以下配置为虚拟出vip 配置 只用改 以下3行,其他原文件都有,下面改了之后,后面的 可以 删除
cat > /etc/keepalived/keepalived.conf << EOF
! Configuration File for keepalived
global_defs {
notification_email {
acassen
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER
interface eth0
garp_master_delay 10
smtp_alert
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.31.7.188 dev eth0 label eth0:0
172.31.7.189 dev eth0 label eth0:1
172.31.7.190 dev eth0 label eth0:2
}
}
EOF
172.31.7.188 dev eth0 lable eth0:0
172.31.7.189 dev eth0 lable eth0:1
172.31.7.190 dev eth0 lable eth0:2
重启keepalved ,并设置开机自启动
systemctl restart keepalived.service
systemctl enable keepalived.service
查看vip是否配置成功
ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.31.7.104 netmask 255.255.255.0 broadcast 172.31.7.255
inet6 fe80::9eeb:c6ce:b491:9d99 prefixlen 64 scopeid 0x20<link>
inet6 fe80::b16e:53ae:4f6c:290c prefixlen 64 scopeid 0x20<link>
inet6 fe80::3112:612:14c7:b92b prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:ae:f2:5c txqueuelen 1000 (Ethernet)
RX packets 19035 bytes 4746015 (4.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 16975 bytes 12044074 (11.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.31.7.188 netmask 255.255.255.255 broadcast 0.0.0.0
ether 00:0c:29:ae:f2:5c txqueuelen 1000 (Ethernet)
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.31.7.189 netmask 255.255.255.255 broadcast 0.0.0.0
ether 00:0c:29:ae:f2:5c txqueuelen 1000 (Ethernet)
eth0:2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.31.7.190 netmask 255.255.255.255 broadcast 0.0.0.0
ether 00:0c:29:ae:f2:5c txqueuelen 1000 (Ethernet)
有以上字段显示既配置成功 不放心的可以 用master 去ping 172.31.7.188
另外一台机器安装keepalived
haproxy2 | 172.31.7.110 |
yum -y install keepalived.x86_64
修改配置文件 注意此服务器是从服务器 参数有变
修改 状态为:state BACKUP #这只是显示而已不影响实际使用,嫌麻烦可以不改,但是建议修改 毕竟你是专业的运维嘛~
修改优先级为 : priority 80 #只要小于100的主服务器即可,中间留点备用。这是控制主备的关键参数 必须修改。
cat > /etc/keepalived/keepalived.conf << EOF
! Configuration File for keepalived
global_defs {
notification_email {
acassen
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
garp_master_delay 10
smtp_alert
virtual_router_id 51
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.31.7.188 dev eth0 label eth0:0
172.31.7.189 dev eth0 label eth0:1
172.31.7.190 dev eth0 label eth0:2
}
}
EOF
重启keepalved ,并设置开机自启动
systemctl restart keepalived.service
systemctl enable keepalived.service
验证keepalived 从服务器是否开启
master01 | 172.31.7.101 |
master01 节点ping 172.31.7.188
ping 172.31.7.188
在
haproxy1 | 172.31.7.109 |
该主机上
停止keepalived,如果继续通的话 那么从服务器就配置好了。
systemctl stop keepalived.service
然后在启用,keepalived会自动切换回主服务器
systemctl start keepalived.service
2.安装haproxy
以下2个主机安装
haproxy1 | 172.31.7.109 |
haproxy2 | 172.31.7.110 |
yum -y install haproxy
参数调试
cat > /etc/haproxy/haproxy.cfg << EOF
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main *:5000
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js
use_backend static if url_static
default_backend app
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend static
balance roundrobin
server static 127.0.0.1:4331 check
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
balance roundrobin
server app1 127.0.0.1:5001 check
server app2 127.0.0.1:5002 check
server app3 127.0.0.1:5003 check
server app4 127.0.0.1:5004 check
listen k8s-api-6443
bind 172.31.7.188:6443 #监听vip的6443端口
mode tcp #模式一定是tcp,包头会被http替换掉
server master1 172.31.7.101:6443 check inter 3s fall 3 rise 1 #3秒检查一次失败3次就t除 只要1次成功就恢复
server master2 172.31.7.102:6443 check inter 3s fall 3 rise 1 #3秒检查一次失败3次就t除 只要1次成功就恢复
server master3 172.31.7.103:6443 check inter 3s fall 3 rise 1
EOF
注: 如果服务启动失败 则需要内核参数调优
echo 'net.ipv4.ip_nonlocal_bind = 1' >> /etc/sysctl.conf
sysctl -p
systemctl enable haproxy --now #打开并 设置开机自启