实现haproxy+keepalived,lvsDR模式+keepalived集群

一.haproxy+keepalived
本文实现架构如下图，主要是记录haproxy+keepalived,和lvs+keepalived这些核心配置，安装和基础配置请自行学习
需要4台虚拟机
ip规划
keepalived vip192.168.0.248
haproxy1 192.168.0.11
haproxy2 192.168.0.12
nginx1 192.168.0.105
nginx2 192.168.0.109

1.两台haproxy的核心配置
listen WEB_PORT_80
bind 192.168.0.248:80 #这块要监听keepalived的VIP
mode tcp
balance roundrobin
server web1 192.168.0.109:80 weight 1 check inter 3000 fall 3 rise 5
server web2 192.168.0.105:80 weight 1 check inter 3000 fall 3 rise 5

2. 主keepalived配置，192.168.0.11
   keepalived调用辅助脚本监控本机haproxy进程脚本，方法很多，在这用发信号的方法，有进程返回0，没进程返回1

vi /etc/keepalived/chk_haproxy.sh
#!/bin/bash
/usr/bin/killall -0 haproxy

vi /etc/keepalived/keepalived.conf
vrrp_instance VIP1 { #虚拟IP
state MASTER #主
interface ens33 #网络接口，不要写错啊，有的是eth0
virtual_router_id 51 #和备的id号要一样，不要和其它keepalived集群一样
priority 100 #优先级，要比备的高，高一些就行
advert_int 2 #探测时间，vrrp通告时间,互相确认,vip在自己这

unicast_src_ip 192.168.0.11 #改成单播,把global配置里的vrrp_strict注释,目的是为了避免都向组播地址发送报文，占用带宽
unicast_peer {
192.168.0.12
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.0.248 dev ens33 label ens33:1
}
vrrp_script chk_haproxy {
script "/etc/keepalived/chk_haproxy.sh"
interval 1
weight -80
fall 3
rise 5
timeout 2
}
track_script {
chk_haproxy
}

3.备keepalived配置，192.168.0.12

监控本机haproxy进程脚本
vi /etc/keepalived/chk_haproxy.sh
#!/bin/bash
/usr/bin/killall -0 haproxy

vi /etc/keepalived/keepalived.conf
vrrp_instance VIP1 {
state BACKUP #备
interface ens33
virtual_router_id 51
priority 80 #优先级低于MASTER
advert_int 2

unicast_src_ip 192.168.0.12
unicast_peer {
192.168.0.11
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.0.248 dev ens33 label ens33:1
}
vrrp_script chk_haproxy {
script "/etc/keepalived/chk_haproxy.sh"
interval 1
weight -80
fall 3
rise 5
timeout 2
}
track_script {
chk_haproxy
}

4.测试haproxy监控，keepalived的漂移
当关闭主keepalived的haproxy服务时,vip就漂移到了备keepalived主机上

二.lvsDR模式+keepalived

1.架构如图，一般我们都是用lvs的dr模式，首先两台web服务器先绑定上vip,lvs脚本如下，再安装ipvsadm工具，方便测试
#!/bin/bash
vip=192.168.0.249

mask='255.255.255.255'

case $1 in
start)
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
sysctl -p > /dev/null 2>&1
ifconfig lo:0 $vip netmask $mask broadcast $vip up
route add -host $vip dev lo:0
;;

stop)
ifconfig lo:0 down
route del $vip >/dev/null 2>$1
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce

;;
*)
echo "Usage $(basename $0) start|stop"
exit 1
;;
esac

2.主keepalived配置，基本和keepalived+haproxy一样，但是lvs的监控脚本不一样，我用的最简单的ping网关方法
vi /etc/keepalived/chk_lvs.sh
#!/bin/bash
ping -c 2 192.168.0.1 &>/dev/null
if [ $? -eq 0 ];then
exit 0
else
exit 2
fi

vrrp_script chk_lvs {
script "/etc/keepalived/chk_lvs.sh"
interval 1
weight -80
fall 3
rise 5
timeout 2
}

vrrp_instance VIP1 {
state MASTER
interface ens33
virtual_router_id 52
priority 100
advert_int 2 #探测时间

unicast_src_ip 192.168.0.13
unicast_peer {
192.168.0.14
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.0.249 dev ens33 label ens33:0
}

track_script {
chk_lvs
}
vrrp_script chk_lvs {
script "/etc/keepalived/chk_lvs.sh"
interval 1
weight -80
fall 3
rise 5
timeout 2
}

3.备keepalived配置

vrrp_instance VIP1 {
state MASTER
interface ens33
virtual_router_id 52
priority 100
advert_int 2 #探测时间

unicast_src_ip 192.168.0.13
unicast_peer {
192.168.0.14
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.0.249 dev ens33 label ens33:0
}

track_script {
chk_lvs
}

4.两台keepalived的增加下面的lvs相关配置，后端检查可以使用http，也可以使用tcp

virtual_server 192.168.0.249 80 { #定义虚拟主机IP地址及其端口
delay_loop 6 #检查后端服务器的时间间隔
lb_algo wrr #调度算法
lb_kind DR #集群模式
protocol TCP

real_server 192.168.0.109 80 {
weight 1
HTTP_GET { #HTTP监测,为了防止端口还在的假死状态
url {
path /monitor/index.html #自己定义好
status_code 200 #判断上述检测机制为健康状态的响应码
}
connect_timeout 5
nb_get_retry 3
delay_before_retry 3
}
#TCP_CHECK { #TCP监测后端服务器
#connect_timeout 5 # #超时时长
#nb_get_retry 3 #重试次数
#delay_before_retry 3 #重试之前等多久
#connect_port 80 #向哪个端口监测
#}

}

real_server 192.168.0.105 80 {
weight 1
HTTP_GET {
url {
path /monitor/index.html
status_code 200
}
connect_timeout 5
nb_get_retry 3
delay_before_retry 3
}
#TCP_CHECK {
#connect_timeout 5
#nb_get_retry 3
#delay_before_retry 3
#connect_port 80
#}
}
}

5.测试
vip漂移效果和haproxy的一样，就不多说了，记录一些ipvsadm工具的效果