keepalived最高可用+负载均衡
haproxy做端口映射
keepalived的配置文件参考
slave节点的配置文件
# cat keepalived.conf! Configuration File for keepalived global_defs { notification_email { root@localhost } notification_email_from keepalived@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id keepalived-haproxy2 }vrrp_instance VI_1 { state BACKUP interface ens192 virtual_router_id 6 priority 80 advert_int 1 authentication { auth_type PASS auth_pass 571f97b2 } unicast_src_ip 192.168.253.119 unicast_peer { 192.168.253.19 } virtual_ipaddress { 192.168.253.222 }}vrrp_instance VI_2 { state BACKUP interface ens160 virtual_router_id 28 priority 80 advert_int 1 authentication { auth_type PASS auth_pass 571f97b2 } unicast_src_ip 192.168.252.119 unicast_peer { 192.168.252.19 } virtual_ipaddress { 192.168.252.222 }}
# cat haproxy.cfgglobal log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin stats timeout 30s user haproxy group haproxy daemon # Default SSL material locations ca-base /etc/ssl/certs crt-base /etc/ssl/private # Default ciphers to use on SSL-enabled listening sockets. # For more information, see ciphers(1SSL). This list is from: # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS ssl-default-bind-options no-sslv3defaults log global mode http option tcplog #option httplog option redispatch option dontlognull timeout connect 5000 timeout client 50000 timeout server 50000 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http retries 3 maxconn 5000 timeout http-keep-alive 1800s #定义保持连接的超时时长listen mysql bind 0.0.0.0:3306 mode tcp option tcpka balance roundrobin server mysql-master-253-17 192.168.253.17:3306 weight 1 inter 3s rise 5 fall 1 #server mysql-master-253-117 192.168.253.117:3306 weight 1 inter 3s rise 5 fall 1listen redis bind 0.0.0.0:6379 mode tcp option tcpka balance roundrobin server redis-admin-stats-weixin1-253-13 192.168.253.13:6379 weight 1 inter 3s rise 5 fall 1 #server redis-admin-stats-weixin2-253-113 192.168.253.113:6379 weight 1 inter 3s rise 5 fall 1listen frontdfs bind 0.0.0.0:22222 mode tcp option tcpka balance roundrobin server front-1 192.168.2.87:22222 weight 1 inter 1s rise 5 fall 1 server front-2 192.168.2.88:22222 weight 1 inter 1s rise 5 fall 1listen cloud-dfs bind 0.0.0.0:8000 mode tcp option tcpka balance roundrobin server dfs-253-15 192.168.253.15:8000 weight 1 inter 3s rise 5 fall 1 server dfs-253-115 192.168.253.115:8000 weight 1 inter 3s rise 5 fall 1listen kong bind 0.0.0.0:80 mode tcp option tcpka balance roundrobin server kong1-253-11 192.168.253.11:80 weight 1 inter 1s rise 5 fall 1 server kong1-253-111 192.168.253.111:80 weight 1 inter 1s rise 5 fall 1listen kong-admin bind 0.0.0.0:8080 mode tcp option tcpka balance roundrobin server kong1-253-11 192.168.253.11:8080 weight 1 inter 1s rise 5 fall 1 server kong1-253-111 192.168.253.111:8080 weight 1 inter 1s rise 5 fall 1listen cloud-film-es bind 0.0.0.0:9292 mode tcp option tcpka balance roundrobin server zk1-mongo1-253-16 192.168.253.16:9292 weight 1 inter 1s rise 5 fall 1 server zk1-mongo1-253-116 192.168.253.116:9292 weight 1 inter 1s rise 5 fall 1 server zk1-mongo1-253-122 192.168.253.122:9292 weight 1 inter 1s rise 5 fall 1listen zabbix bind 0.0.0.0:9999 mode tcp option tcpka balance roundrobin server zabbix 192.168.253.20:80 weight 1 inter 1s rise 5 fall 1listen elk bind 0.0.0.0:5601 mode tcp option tcpka balance roundrobin server eLk3 192.168.253.121:5601 weight 1 inter 1s rise 5 fall 1listen konga bind 0.0.0.0:1337 mode tcp option tcpka balance roundrobin server kong1-253-11 192.168.253.11:1337 weight 1 inter 1s rise 5 fall 1 #server kong1-253-111 192.168.253.111:1337 weight 1 inter 1s rise 5 fall 1
master节点的配置文件
keepalived的配置文件
# cat keepalived.conf! Configuration File for keepalived global_defs { notification_email { root@localhost } notification_email_from keepalived@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id keepalived-haproxy1 }vrrp_instance VI_1 { state MASTER interface ens192 virtual_router_id 6 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 571f97b2 } unicast_src_ip 192.168.253.19 unicast_peer { 192.168.253.119 } virtual_ipaddress { 192.168.253.222 }}vrrp_instance VI_2 { state MASTER interface ens160 virtual_router_id 15 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 571f97b2 } unicast_src_ip 192.168.252.19 unicast_peer { 192.168.252.119 } virtual_ipaddress { 192.168.252.222 }}
haproxy的配置文件
# cat haproxy.cfgglobal log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin stats timeout 30s user haproxy group haproxy daemon # Default SSL material locations ca-base /etc/ssl/certs crt-base /etc/ssl/private # Default ciphers to use on SSL-enabled listening sockets. # For more information, see ciphers(1SSL). This list is from: # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS ssl-default-bind-options no-sslv3defaults log global mode http option tcplog #option httplog option redispatch option dontlognull timeout connect 5000 timeout client 50000 timeout server 50000 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http retries 3 maxconn 5000 timeout http-keep-alive 1800s #定义保持连接的超时时长listen mysql bind 0.0.0.0:3306 mode tcp option tcpka balance roundrobin server mysql-master-253-17 192.168.253.17:3306 weight 1 inter 3s rise 5 fall 1 #server mysql-master-253-117 192.168.253.117:3306 weight 1 inter 3s rise 5 fall 1listen redis bind 0.0.0.0:6379 mode tcp option tcpka balance roundrobin server redis-admin-stats-weixin1-253-13 192.168.253.13:6379 weight 1 inter 3s rise 5 fall 1 #server redis-admin-stats-weixin2-253-113 192.168.253.113:6379 weight 1 inter 3s rise 5 fall 1listen frontdfs bind 0.0.0.0:22222 mode tcp option tcpka balance roundrobin server front-1 192.168.2.87:22222 weight 1 inter 1s rise 5 fall 1 server front-2 192.168.2.88:22222 weight 1 inter 1s rise 5 fall 1listen cloud-dfs bind 0.0.0.0:8000 mode tcp option tcpka balance roundrobin server dfs-253-15 192.168.253.15:8000 weight 1 inter 3s rise 5 fall 1 server dfs-253-115 192.168.253.115:8000 weight 1 inter 3s rise 5 fall 1listen kong bind 0.0.0.0:80 mode tcp option tcpka balance roundrobin server kong1-253-11 192.168.253.11:80 weight 1 inter 1s rise 5 fall 1 server kong1-253-111 192.168.253.111:80 weight 1 inter 1s rise 5 fall 1listen kong-admin bind 0.0.0.0:8080 mode tcp option tcpka balance roundrobin server kong1-253-11 192.168.253.11:8080 weight 1 inter 1s rise 5 fall 1 server kong1-253-111 192.168.253.111:8080 weight 1 inter 1s rise 5 fall 1listen cloud-film-es bind 0.0.0.0:9292 mode tcp option tcpka balance roundrobin server zk1-mongo1-253-16 192.168.253.16:9292 weight 1 inter 1s rise 5 fall 1 server zk1-mongo1-253-116 192.168.253.116:9292 weight 1 inter 1s rise 5 fall 1 server zk1-mongo1-253-122 192.168.253.122:9292 weight 1 inter 1s rise 5 fall 1listen zabbix bind 0.0.0.0:9999 mode tcp option tcpka balance roundrobin server zabbix 192.168.253.20:80 weight 1 inter 1s rise 5 fall 1listen elk bind 0.0.0.0:5601 mode tcp option tcpka balance roundrobin server eLk3 192.168.253.121:5601 weight 1 inter 1s rise 5 fall 1listen konga bind 0.0.0.0:1337 mode tcp option tcpka balance roundrobin server kong1-253-11 192.168.253.11:1337 weight 1 inter 1s rise 5 fall 1 #server kong1-253-111 192.168.253.111:1337 weight 1 inter 1s rise 5 fall 1