企業業務量比較小的時候,單台伺服器就可以滿足業務需要了。但是随着業務發展,單伺服器的問題就凸顯出來了:
- 當伺服器挂掉時,業務就會中斷
- 當業務量增加,單台伺服器性能變差,如何透明的擴充伺服器和帶寬,增加伺服器吞吐量
負載均衡器可以解決以上問題
1 負載均衡器拓撲圖
本文會根據拓撲圖,用haproxy和keepalived搭建一個負載均衡器
2 準備
2.1 準備環境
準備5台CentOS7.3主機和一個VIP位址:
- 準備一個可用IP用作虛拟IP(VIP):
- VIP: 192.168.1.100
- 負載均衡器會用到2台主機,一主一備的架構
- lb1(預設為主): 192.168.1.101
- lb2(預設為備): 192.168.1.102
- 後端伺服器叢集中主機的IP位址
- s1: 192.168.1.2
- s2: 192.168.1.3
- s3: 192.168.1.4
2.2 主機配置
2.2.1 所有主機上關閉防火牆
systemctl stop firewalld
systemctl disable firewalld 2.2.2 所有主機關閉selinux
setenforce 0
vi /etc/selinux/config
SELINUX=disabled 2.3 安裝haproxy和keepalived
lb1和lb2上安裝haproxy和keepalived
yum install haproxy keepalived -y 2.4 安裝nginx(有其他後端測程式,可省略此步)
s1 s2 s3上安裝nginx,目的是把nginx作為後端,如果有其他後端程式,這一步可以省略
yum install epel-release -y
yum install nginx -y 2.3 配置keepalived
KeepAlived是基于VRRP(Virtual Router Redundancy Protocol,虛拟路由備援協定)實作的一個高可用方案,通過VIP(虛拟IP)和心跳檢測來實作高可用
Keepalived有兩個角色,Master和Backup。一般會是1個Master,多個Backup。
Master會綁定VIP到自己網卡上,對外提供服務。Master和Backup會定時确定對方狀态,當Master不可用的時候,Backup會通知網關,并把VIP綁定到自己的網卡上,實作服務不中斷,高可用
2.3.1 配置Master
編輯lb1(192.168.1.101)上的/etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
# 通知郵件伺服器的配置
notification_email {
# 當master失去VIP或則VIP的時候,會發一封通知郵件到[email protected]
[email protected]
}
# 發件人資訊
notification_email_from [email protected]
# 郵件伺服器位址
smtp_server 127.0.0.1
# 郵件伺服器逾時時間
smtp_connect_timeout 30
# 郵件TITLE
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
# 主機: MASTER
# 備機: BACKUP
state MASTER
# 執行個體綁定的網卡, 用ip a指令檢視網卡編号
interface eno16777984
# 虛拟路由辨別,這個辨別是一個數字(1-255),在一個VRRP執行個體中主備伺服器ID必須一樣
virtual_router_id 88
# 優先級,數字越大優先級越高,在一個執行個體中主伺服器優先級要高于備伺服器
priority 100
# 主備之間同步檢查的時間間隔機關秒
advert_int 1
# 驗證類型和密碼
authentication {
# 驗證類型有兩種 PASS和HA
auth_type PASS
# 驗證密碼,在一個執行個體中主備密碼保持一樣
auth_pass 11111111
}
# 虛拟IP位址,可以有多個,每行一個
virtual_ipaddress {
192.168.1.100
}
}
virtual_server 192.168.1.100 443 {
# 健康檢查時間間隔
delay_loop 6
# 排程算法
# Doc: http://www.keepalived.org/doc/scheduling_algorithms.html
# Round Robin (rr)
# Weighted Round Robin (wrr)
# Least Connection (lc)
# Weighted Least Connection (wlc)
# Locality-Based Least Connection (lblc)
# Locality-Based Least Connection with Replication (lblcr)
# Destination Hashing (dh)
# Source Hashing (sh)
# Shortest Expected Delay (seq)
# Never Queue (nq)
# Overflow-Connection (ovf)
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
# 通過排程算法把Master切換到真實的負載均衡伺服器上
# 真實的主機會定期确定進行健康檢查,如果MASTER不可用,則切換到備機上
real_server 192.168.1.101 443 {
weight 1
TCP_CHECK {
# 連接配接超端口
connect_port 443
# 連接配接逾時時間
connect_timeout 3
}
}
real_server 192.168.1.102 443 {
weight 1
TCP_CHECK {
connect_port 443
connect_timeout 3
}
}
} 2.3.2 配置BACKUP
編輯lb2(192.168.1.102)上的/etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
# 通知郵件伺服器的配置
notification_email {
# 當master失去VIP或則VIP的時候,會發一封通知郵件到[email protected]
[email protected]
}
# 發件人資訊
notification_email_from [email protected]
# 郵件伺服器位址
smtp_server 127.0.0.1
# 郵件伺服器逾時時間
smtp_connect_timeout 30
# 郵件TITLE
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
# 主機: MASTER
# 備機: BACKUP
state BACKUP
# 執行個體綁定的網卡, 用ip a指令檢視網卡編号
interface eno16777984
# 虛拟路由辨別,這個辨別是一個數字(1-255),在一個VRRP執行個體中主備伺服器ID必須一樣
virtual_router_id 88
# 優先級,數字越大優先級越高,在一個執行個體中主伺服器優先級要高于備伺服器
priority 99
# 主備之間同步檢查的時間間隔機關秒
advert_int 1
# 驗證類型和密碼
authentication {
# 驗證類型有兩種 PASS和HA
auth_type PASS
# 驗證密碼,在一個執行個體中主備密碼保持一樣
auth_pass 11111111
}
# 虛拟IP位址,可以有多個,每行一個
virtual_ipaddress {
192.168.1.100
}
}
virtual_server 192.168.1.100 443 {
# 健康檢查時間間隔
delay_loop 6
# 排程算法
# Doc: http://www.keepalived.org/doc/scheduling_algorithms.html
# Round Robin (rr)
# Weighted Round Robin (wrr)
# Least Connection (lc)
# Weighted Least Connection (wlc)
# Locality-Based Least Connection (lblc)
# Locality-Based Least Connection with Replication (lblcr)
# Destination Hashing (dh)
# Source Hashing (sh)
# Shortest Expected Delay (seq)
# Never Queue (nq)
# Overflow-Connection (ovf)
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
# 通過排程算法把Master切換到真實的負載均衡伺服器上
# 真實的主機會定期确定進行健康檢查,如果MASTER不可用,則切換到備機上
real_server 192.168.1.101 443 {
weight 1
TCP_CHECK {
# 連接配接超端口
connect_port 443
# 連接配接逾時時間
connect_timeout 3
}
}
real_server 192.168.1.102 443 {
weight 1
TCP_CHECK {
connect_port 443
connect_timeout 3
}
}
} 2.4 配置haproxy
編輯lb1(192.168.1.101)和lb2(192.168.1.102)上的/etc/haproxy/haproxy.cfg
把後端伺服器IP(192.168.1.2, 192.168.1.3, 192.168.1.4)加到backend裡
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4096
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
listen stats
bind *:9000
mode http
stats enable
stats hide-version
stats uri /stats
stats refresh 30s
stats realm Haproxy\ Statistics
stats auth admin:admin
frontend k8s-api
bind *:443
mode tcp
option tcplog
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
default_backend k8s-api-backend
backend k8s-api-backend
mode tcp
option tcplog
option tcp-check
balance roundrobin
server master1 192.167.1.2:80 maxconn 1024 weight 5 check
server master2 192.167.1.3:80 maxconn 1024 weight 5 check
server master3 192.167.1.4:80 maxconn 1024 weight 5 check 2.5 配置nginx
給nginx添加SSL證書,配置過程略
vi /usr/share/nginx/html/index.html 把index.html裡面字元串Welcome to nginx改成Welcome to nginx HA
3 啟動服務
3.1 啟動nginx
sudo systemctl start nginx
sudo systemctl enable nginx 3.2 啟動haproxy
sudo systemctl start haproxy
sudo systemctl enable haproxy 3.3 啟動keepalived
sudo systemctl start keepalived
sudo systemctl enable keepalived 在MASTER上運作ip a
eno16777984: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:xx:xx:xx:3d:0c brd ff:ff:ff:ff:ff:ff
inet 192.168.1.101/24 brd 192.168.1.255 scope global eno16777984
valid_lft forever preferred_lft forever
inet 192.168.1.100/32 scope global eno16777984
valid_lft forever preferred_lft forever
inet6 eeee:eeee:1c9d:2009:250:56ff:fe9c:3d0c/64 scope global noprefixroute dynamic
valid_lft 7171sec preferred_lft 7171sec
inet6 eeee::250:56ff:eeee:3d0c/64 scope link
valid_lft forever preferred_lft forever 會發現VIP(192.168.1.100)已經綁定好了
inet 192.168.1.100/32 scope global eno16777984
valid_lft forever preferred_lft forever 如果發現VIP無法綁定
vi /etc/sysctl.conf 添加兩行
net.ipv4.ip_forward = 1
net.ipv4.ip_nonlocal_bind = 1 讓新配置生效
sysctl -p 4 驗證
4.1 檢視狀态
1. 在浏覽器輸入 http://192.168.1.100:9000/stats 檢視haproxy狀态
2. 在浏覽器輸入 https://192.168.1.100 檢視服務狀态
是否成功顯示為nginx歡迎頁面 4.2 主備切換
1. 在浏覽器輸入 https://192.168.1.100 檢視是否成功顯示nginx歡迎頁面
2. lb1(192.168.1.101)關機,檢視是否還可以通路https://192.168.1.100, 如果成功,則說明VIP成功切換到備機
3. 在lb2(192.168.1.102)上執行ip a,檢視網卡是否綁定VIP(192.168.1.100)
3. 啟動lb1(192.168.1.101)
目的是為了驗證VIP是否切回MASTER主機(因為MASTER端的配置檔案中priority為100,而BACKUP為99,health check會自動把VIP綁定到priority高的主機上) ![Shell程式設計——sort排序、uniq忽略重複、tr替換壓縮删除、cut指定删除字段、正規表達式元字元sort 指令uniq 指令tr 指令cut 指令正規表達式[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)