在Ubuntu 20.04上使用Keepalived配置高可用性HAProxy
在本指南中,我们将学习如何在Ubuntu 20.04上使用Keepalived配置高可用性HAProxy。如果特定路由不可用,Keepalived可以与HAProxy一起为备份路由提供故障转移服务。这确保了更健壮和可扩展的高可用性环境。
虽然Keepalived使用 Linux virtual server (LVS)在主动和被动路由器上执行负载平衡和故障转移任务,HAProxy为TCP和HTTP应用程序执行负载平衡和高可用性服务。
Keepalived利用虚拟路由器冗余协议在主节点(active)和备份(passive)LVS路由器(在本例中为HAProxy服务器,因为它们正在负载均衡Web应用程序)以确定彼此的状态。如果主服务器无法在预定的时间内通告自己,则Keepalived会启动故障转移,备用服务器将成为主服务器。
所有虚拟服务器都分配有一个 Virtual IP也称为 floating IP。这是一个可公开路由的IP /地址。在任何给定时间将其动态分配给活动服务器。
在Ubuntu 20.04上使用Keepalived配置高可用性HAProxy
此设置要求您已经具有HAProxy服务器设置并正在运行。我们在先前的指南中已经介绍了HAProxy负载均衡器在各种系统上的安装和设置。
在Ubuntu 20.04上安装和设置HAProxy
在CentOS 8上安装和设置HAProxy
在Fedora 30 / Fedora 29上设置HAProxy负载均衡器
在Ubuntu 18.04 / Debian 10/9上使用SSL配置HAProxy负载均衡器
在本教程中,我们将使用两台具有Keepalived的HAProxy服务器以实现高可用性。以下是我们的部署架构。
假设您已经设置了HAProxy,请继续在Ubuntu 20.04上安装和配置Keepalived。
在Ubuntu 20.04上安装和配置Keepalived
在HAProxy服务器上安装Keepalived
在演示环境中,我们在Ubuntu 20.04上运行HAProxy服务器。因此,假设您的系统包缓存是最新的,请在Ubuntu 20.04上运行install Keepalived下面的命令
[email protected]:~# apt install keepalived
同样,在第二台HAProxy服务器上安装Keepalived。
[email protected]:~# apt install keepalived
配置IP转发和非本地绑定
要启用Keepalived服务将网络数据包转发到后端服务器,需要启用IP转发。在两个HAProxy服务器上运行此命令;
sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
同样,您需要启用HAProxy和Keepalived绑定到非本地IP地址,即绑定到故障转移IP地址(浮动IP)。
echo "net.ipv4.ip_nonlocal_bind = 1" >> /etc/sysctl.conf
重新加载系统设置;
sysctl -p
配置Keepalived
Keepalived的默认配置文件应为 /etc/keepalived/keepalived.conf。但是,默认情况下不会创建此配置。使用以下内容创建配置;
vim /etc/keepalived/keepalived.conf
主节点的Keepalived配置(lb01)
# Global Settings for notifications
global_defs {
notification_email {
[email protected] # Email address for notifications
}
notification_email_from [email protected] # The from address for the notifications
smtp_server 127.0.0.1 # SMTP server address
smtp_connect_timeout 15
}
# Define the script used to check if haproxy is still working
vrrp_script chk_haproxy {
script "/usr/bin/killall -0 haproxy"
interval 2
weight 2
}
# Configuration for Virtual Interface
vrrp_instance LB_VIP {
interface enp0s8
state MASTER # set to BACKUP on the peer machine
priority 101 # set to 99 on the peer machine
virtual_router_id 51
smtp_alert # Enable Notifications Via Email
authentication {
auth_type AH
auth_pass [email protected] # Password for accessing vrrpd. Same on all devices
}
unicast_src_ip 192.168.57.7 # Private IP address of master
unicast_peer {
192.168.58.4 # Private IP address of the backup haproxy
}
# The virtual ip address shared between the two loadbalancers
virtual_ipaddress {
192.168.100.200
}
# Use the Defined Script to Check whether to initiate a fail over
track_script {
chk_haproxy
}
}备份节点的保持活动配置(lb02)
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 15
}
vrrp_script chk_haproxy {
script "/usr/bin/killall -0 haproxy"
interval 2
weight 2
}
vrrp_instance LB_VIP {
interface enp0s8
state BACKUP
priority 100
virtual_router_id 51
smtp_alert
authentication {
auth_type AH
auth_pass [email protected]
}
unicast_src_ip 192.168.58.4 # Private IP address of the backup haproxy
unicast_peer {
192.168.57.7 # Private IP address of the master haproxy
}
virtual_ipaddress {
192.168.100.200
}
track_script {
chk_haproxy
}
}请注意,通知部分是可选的。但是,您可以按照下面的链接安装和配置Postfix,以将Gmail SMTP用作中继。
将Postfix配置为在Ubuntu 20.04上使用Gmail SMTP
阅读更多关于上面使用的配置参数的信息 Keepalived手册页 和 Keepalived配置简介。
在Ubuntu 20.04上运行Keepalived
现在,您可以启动并启用Keepalived在所有节点上的系统引导上运行;
systemctl enable --now keepalived
检查主节点上的状态;
systemctl status keepalived
● keepalived.service - Keepalive Daemon (LVS and VRRP)
Loaded: loaded (/lib/systemd/system/keepalived.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2020-06-06 18:24:20 UTC; 6s ago
Main PID: 7097 (keepalived)
Tasks: 2 (limit: 2282)
Memory: 2.1M
CGroup: /system.slice/keepalived.service
├─7097 /usr/sbin/keepalived --dont-fork
└─7107 /usr/sbin/keepalived --dont-fork
Jun 06 18:24:20 lb01.kifarunix-demo.com Keepalived_vrrp[7107]: (LB_VIP) Initial state master is incompatible with AH authentication - clearing
Jun 06 18:24:20 lb01.kifarunix-demo.com Keepalived_vrrp[7107]: Registering gratuitous ARP shared channel
Jun 06 18:24:20 lb01.kifarunix-demo.com Keepalived_vrrp[7107]: (LB_VIP) Entering BACKUP STATE (init)
Jun 06 18:24:20 lb01.kifarunix-demo.com Keepalived_vrrp[7107]: Remote SMTP server [127.0.0.1]:25 connected.
Jun 06 18:24:20 lb01.kifarunix-demo.com Keepalived_vrrp[7107]: VRRP_Script(chk_haproxy) succeeded
Jun 06 18:24:20 lb01.kifarunix-demo.com Keepalived_vrrp[7107]: (LB_VIP) Changing effective priority from 100 to 102
Jun 06 18:24:20 lb01.kifarunix-demo.com Keepalived_vrrp[7107]: SMTP alert successfully sent.
Jun 06 18:24:23 lb01.kifarunix-demo.com Keepalived_vrrp[7107]: (LB_VIP) Entering MASTER STATE
Jun 06 18:24:23 lb01.kifarunix-demo.com Keepalived_vrrp[7107]: Remote SMTP server [127.0.0.1]:25 connected.
Jun 06 18:24:23 lb01.kifarunix-demo.com Keepalived_vrrp[7107]: SMTP alert successfully sent您还可以检查从节点上的状态。
检查IP地址分配;
在主节点上;
ip --brief add
lo UNKNOWN 127.0.0.1/8 ::1/128 enp0s3 UP 10.0.2.15/24 fe80::a00:27ff:fe9d:888e/64 enp0s8 UP 192.168.100.81/24 192.168.100.200/32 fe80::a00:27ff:feba:9e8c/64 enp0s9 UP 192.168.57.7/24 fe80::a00:27ff:fe31:b7db/64
看到突出显示的行,它被分配了一个浮动IP, 192.168.100.200/32。
在奴隶上;
lo UNKNOWN 127.0.0.1/8 ::1/128 enp0s3 UP 10.0.2.15/24 fe80::a00:27ff:fefe:fc06/64 enp0s8 UP 192.168.100.80/24 fe80::a00:27ff:fe75:9eae/64 enp0s9 UP 192.168.58.4/24 fe80::a00:27ff:fef4:41/64
现在,让我们在主节点上删除接口enp0s8。 在关闭界面之前,请确保从控制台登录。
ip link set enp0s8 down
在备份节点上检查Keepalived状态;
systemctl status keepalived
● keepalived.service - Keepalive Daemon (LVS and VRRP)
Loaded: loaded (/lib/systemd/system/keepalived.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2020-06-06 19:24:27 UTC; 26min ago
Main PID: 9948 (keepalived)
Tasks: 2 (limit: 2282)
Memory: 2.3M
CGroup: /system.slice/keepalived.service
├─9948 /usr/sbin/keepalived --dont-fork
└─9949 /usr/sbin/keepalived --dont-fork
Jun 06 19:24:27 lb02.kifarunix-demo.com Keepalived_vrrp[9949]: SECURITY VIOLATION - scripts are being executed but script_security not enabled.
Jun 06 19:24:27 lb02.kifarunix-demo.com Keepalived_vrrp[9949]: Registering gratuitous ARP shared channel
Jun 06 19:24:27 lb02.kifarunix-demo.com Keepalived_vrrp[9949]: (LB_VIP) Entering BACKUP STATE (init)
Jun 06 19:24:27 lb02.kifarunix-demo.com Keepalived_vrrp[9949]: Remote SMTP server [127.0.0.1]:25 connected.
Jun 06 19:24:27 lb02.kifarunix-demo.com Keepalived_vrrp[9949]: VRRP_Script(chk_haproxy) succeeded
Jun 06 19:24:27 lb02.kifarunix-demo.com Keepalived_vrrp[9949]: (LB_VIP) Changing effective priority from 99 to 101
Jun 06 19:24:27 lb02.kifarunix-demo.com Keepalived_vrrp[9949]: SMTP alert successfully sent.
Jun 06 19:50:39 lb02.kifarunix-demo.com Keepalived_vrrp[9949]: (LB_VIP) Entering MASTER STATE
Jun 06 19:50:39 lb02.kifarunix-demo.com Keepalived_vrrp[9949]: Remote SMTP server [127.0.0.1]:25 connected.
Jun 06 19:50:40 lb02.kifarunix-demo.com Keepalived_vrrp[9949]: SMTP alert successfully sent.使用Keepalived虚拟IP配置HAProxy
我们将对HAProxy配置文件进行的唯一更改是将前端绑定IP和统计IP地址调整为VIP或浮动IP,在我们的示例中为192.168.100.200
vim /etc/haproxy/haproxy.cfg
...
frontend kifarunixlb
bind 192.168.100.200:443 ssl crt /etc/ssl/certs/haproxy.pem
default_backend webapps
option forwardfor
...
listen stats
bind 192.168.100.200:8443 ssl crt /etc/ssl/certs/haproxy.pem
stats enable
...保存并退出配置文件。
重新启动HAProxy。
systemctl restart haproxy
现在,即使其中一台HAProxy服务器通过浮动IP发生故障,您也应该能够访问您的Web应用程序。下面是我们设置的示例屏幕截图;
这标志着我们指南的结尾,有关如何在Ubuntu 20.04上使用Keepalived配置高可用性HAProxy
进一步阅读
其他教程
如何在Ubuntu 16.04上将Pound安装和配置为Apache HTTP负载均衡器
。