负载均衡+高可用(Haproxy + keepalived )安装配置

最新推荐文章于 2024-09-26 13:44:28 发布

weixin_34346099

最新推荐文章于 2024-09-26 13:44:28 发布

阅读量129

点赞数

文章标签：开发工具 json python

原文链接：https://my.oschina.net/AnnaWu/blog/1609842

版权

为什么80%的码农都做不了架构师？>>>

准备两台服务器：
payment-balancers-01
payment-balancers-02

角色：

Master：payment-balancers-01
Slave：payment-balancers-02

1.1 Master 和 Slave 安装Haproxy

[root@payment-balancers-01 ~]#  yum install -y haproxy

[root@payment-balancers-02 ~]#  yum install -y haproxy

1.2 使用自己的配置的文件

说明：把haproxy.cfg 自带的配置文件清空，或者back 一份

#Master

[root@payment-balancers-01 ~]# vim /etc/haproxy/haproxy.cfg

global
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
        maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

defaults
    mode                    http
    log                     global
    option                  httplog
    log                     127.0.0.1 local3
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

frontend ha_server
        bind 0.0.0.0:80
        mode http
        log global
        option  httpclose
        option  forwardfor
        default_backend rel_server

backend rel_server
        mode http
        option httpchk GET /
        balance roundrobin
        server  web2 10.130.69.44:80 cookie 1 weight 5 check inter 2000 rise 2 fall 3
        server  web3 10.130.0.70:80 cookie 1 weight 5 check inter 2000 rise 2 fall 3
        server  web4 10.130.25.104:80 cookie 1 weight 5 check inter 2000 rise 2 fall 3
        server  web5 10.130.54.165:80 cookie 1 weight 5 check inter 2000 rise 2 fall 3
        server  web6 10.130.54.165:80 cookie 1 weight 5 check inter 2000 rise 2 fall 3



#Slave

[root@payment-balancers-01 ~]# vim /etc/haproxy/haproxy.cfg

global
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
        maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

defaults
    mode                    http
    log                     global
    option                  httplog
    log                     127.0.0.1 local3
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

frontend ha_server
        bind 0.0.0.0:80
        mode http
        log global
        option  httpclose
        option  forwardfor
        default_backend rel_server

backend rel_server
        mode http
        option httpchk GET /
        balance roundrobin
        server  web2 10.130.69.44:80 cookie 1 weight 5 check inter 2000 rise 2 fall 3
        server  web3 10.130.0.70:80 cookie 1 weight 5 check inter 2000 rise 2 fall 3
        server  web4 10.130.25.104:80 cookie 1 weight 5 check inter 2000 rise 2 fall 3
        server  web5 10.130.54.165:80 cookie 1 weight 5 check inter 2000 rise 2 fall 3
        server  web6 10.130.54.165:80 cookie 1 weight 5 check inter 2000 rise 2 fall 3

1.3 配置日志

#Master

[root@payment-balancers-01 ~]# vim /etc/rsyslog.conf

$ModLoad imudp      //把#去掉
$UDPServerRun 514   //把#去掉

加入：
local2.*  /var/log/haproxy.log


[root@payment-balancers-01 ~]# vim /etc/sysconfig/rsyslog 

..........................
..........................
..........................
加入：
SYSLOGD_OPTIONS=""-r -m 0""


#Slave

[root@payment-balancers-02 ~]# vim /etc/rsyslog.conf

$ModLoad imudp      //把#去掉
$UDPServerRun 514   //把#去掉

加入：
local2.*  /var/log/haproxy.log


[root@payment-balancers-02 ~]# vim /etc/sysconfig/rsyslog 

..........................
..........................
..........................
加入：
SYSLOGD_OPTIONS=""-r -m 0""

1.4 重启rsyslog服务器

[root@payment-balancers-01 ~]# systemctl restart rsyslog.service 
[root@payment-balancers-02 ~]# systemctl restart haproxy.service

2.1 Master 和 Slave 安装Keeplived

[root@payment-balancers-01 ~]# yum install -y keepalived

[root@payment-balancers-02 ~]# yum install -y keepalived

2.2 配置keeplived.conf

Master#
[root@payment-balancers-01 ~]# cd /etc/keepalived/

[root@payment-balancers-01 keepalived]# mv keepalived.conf keepalived.conf.bak


#Slave
[root@payment-balancers-02 ~]# cd /etc/keepalived/

[root@payment-balancers-02 keepalived]# mv keepalived.conf keepalived.conf.bak

2.2.1 配置keeplived.conf -- Master

#Master 

[root@payment-balancers-01 keepalived]# vim keepalived.conf

vrrp_script check_ha {
    script "/etc/keepalived/check_haproxy.sh"
    interval 2
    weight -150
}

vrrp_instance VI_1 {
    interface eth1
    state MASTER
    priority 200

    virtual_router_id 33
    unicast_src_ip 10.130.6.128   //master 内网IP
    unicast_peer {
       10.130.33.23              //slave 内网IP
    }

    authentication {
        auth_type PASS
        auth_pass password
    }

    track_script {
        check_ha
    }
    notify_master /etc/keepalived/master.sh
}

2.2.2配置keeplived.conf -- Slave

#Slave

[root@payment-balancers-02 keepalived]# vim keepalived.conf

vrrp_script check_ha {
    script "/etc/keepalived/check_haproxy.sh"
    interval 2
}

vrrp_instance VI_1 {
    interface eth1
    state BACKUP
    priority 100

    virtual_router_id 33
     unicast_src_ip 10.130.6.128
    unicast_peer {
       10.130.33.23
}

    authentication {
        auth_type PASS
        auth_pass password
    }

    track_script {
        check_ha
    }

    notify_master /etc/keepalived/master.sh
}

2.3 检测脚本

#Master

[root@payment-balancers-01 keepalived]# vim check_haproxy.sh


#!/bin/bash
port=`netstat -ln|grep -c '0.0.0.0:80'`
process=`ps aux|grep -c haproxy-systemd-wrapper`

if (($port<1||$process<2));then
#       /usr/bin/systemctl stop keepalived.service
        exit 1
fi


#Slave

[root@payment-balancers-02 keepalived]#  vim check_haproxy.sh

#!/bin/bash
port=`netstat -ln|grep -c '0.0.0.0:80'`
process=`ps aux|grep -c haproxy-systemd-wrapper`

if (($port<1||$process<2));then
#       /usr/bin/systemctl stop keepalived.service
        exit 1
fi

2.4 切换VIP 的脚本

#Master

[root@payment-balancers-01 keepalived]# vim master.sh

#!/bin/bash
export DO_TOKEN='bc947d4c6b7be40fb72c6ba95610b362e7930a1e6f4863ae2ad83eef22a23ab7'  //这个需要在Digitalocean API生成一个key
IP='159.89.211.127'
ID=$(curl -s http://169.254.169.254/metadata/v1/id)
HAS_FLOATING_IP=$(curl -s http://169.254.169.254/metadata/v1/floating_ip/ipv4/active)

if [ $HAS_FLOATING_IP = "false" ]; then
    n=0
    while [ $n -lt 10 ]
    do
        python /usr/local/bin/assign-ip $IP $ID && break
        n=$((n+1))
        sleep 3
    done
fi


#Slave

[root@payment-balancers-02 keepalived]# vim master.sh


#!/bin/bash
export DO_TOKEN='bc947d4c6b7be40fb72c6ba95610b362e7930a1e6f4863ae2ad83eef22a23ab7'  //这个需要在Digitalocean API生成一个key
IP='159.89.211.127'
ID=$(curl -s http://169.254.169.254/metadata/v1/id)
HAS_FLOATING_IP=$(curl -s http://169.254.169.254/metadata/v1/floating_ip/ipv4/active)

if [ $HAS_FLOATING_IP = "false" ]; then
    n=0
    while [ $n -lt 10 ]
    do
        python /usr/local/bin/assign-ip $IP $ID && break
        n=$((n+1))
        sleep 3
    done
fi

3.Haproxy状态监控配置

[root@payment-balancers-01 ~] vim /etc/haproxy/haproxy.cfg

listen admin_stats
        stats   enable
        bind    *:8080
        mode    http
        option  httplog
        log     global
        maxconn 10
        stats   refresh 30s
        stats   uri /admin
        stats   realm haproxy
        stats   auth sasha:1cgy1cj
        stats   hide-version
        stats   admin if TRUE


[root@payment-balancers-02 ~] vim /etc/haproxy/haproxy.cfg

listen admin_stats
        stats   enable
        bind    *:8080
        mode    http
        option  httplog
        log     global
        maxconn 10
        stats   refresh 30s
        stats   uri /admin
        stats   realm haproxy
        stats   auth sasha:1cgy1cj          //验证登录 user:sasha Password：1cgy1cj
        stats   hide-version
        stats   admin if TRUE

[root@gadmobe-balances-01 ~]# cat /usr/local/bin/assign-ip 
#!/usr/bin/python

import os
import sys
import requests
import json

api_base = 'https://api.digitalocean.com/v2'


def usage():
    print('{0} [Floating IP] [Droplet ID]'.format(sys.argv[0]))
    print('\nYour DigitialOcean API token must be in the "DO_TOKEN"'
          ' environmental variable.')


def main(floating_ip, droplet_id):
    payload = {'type': 'assign', 'droplet_id': droplet_id}
    headers = {'Authorization': 'Bearer {0}'.format(os.environ['DO_TOKEN']),
               'Content-type': 'application/json'}
    url = api_base + "/floating_ips/{0}/actions".format(floating_ip)
    r = requests.post(url, headers=headers,  data=json.dumps(payload))

    resp = r.json()
    if 'message' in resp:
        print('{0}: {1}'.format(resp['id'], resp['message']))
        sys.exit(1)
    else:
        print('Moving IP address: {0}'.format(resp['action']['status']))

if __name__ == "__main__":
    if 'DO_TOKEN' not in os.environ or not len(sys.argv) > 2:
        usage()
        sys.exit()
    main(sys.argv[1], sys.argv[2])

转载于:https://my.oschina.net/AnnaWu/blog/1609842