在Ubuntu 20.04上使用Keepalived配置高可用性HAProxy

在本指南中,我们将学习如何在Ubuntu 20.04上使用Keepalived配置高可用性HAProxy。如果特定路由不可用,Keepalived可以与HAProxy一起为备份路由提供故障转移服务。这确保了更健壮和可扩展的高可用性环境。

虽然Keepalived使用 Linux virtual server (LVS)在主动和被动路由器上执行负载平衡和故障转移任务,HAProxy为TCP和HTTP应用程序执行负载平衡和高可用性服务。

Keepalived利用虚拟路由器冗余协议在主节点(active)和备份(passive)LVS路由器(在本例中为HAPr​​oxy服务器,因为它们正在负载均衡Web应用程序)以确定彼此的状态。如果主服务器无法在预定的时间内通告自己,则Keepalived会启动故障转移,备用服务器将成为主服务器。

所有虚拟服务器都分配有一个 Virtual IP也称为 floating IP。这是一个可公开路由的IP /地址。在任何给定时间将其动态分配给活动服务器。

在Ubuntu 20.04上使用Keepalived配置高可用性HAProxy

此设置要求您已经具有HAProxy服务器设置并正在运行。我们在先前的指南中已经介绍了HAProxy负载均衡器在各种系统上的安装和设置。

在Ubuntu 20.04上安装和设置HAProxy

在CentOS 8上安装和设置HAProxy

在Fedora 30 / Fedora 29上设置HAProxy负载均衡器

在Ubuntu 18.04 / Debian 10/9上使用SSL配置HAProxy负载均衡器

在本教程中,我们将使用两台具有Keepalived的HAProxy服务器以实现高可用性。以下是我们的部署架构。

假设您已经设置了HAProxy,请继续在Ubuntu 20.04上安装和配置Keepalived。

在Ubuntu 20.04上安装和配置Keepalived

在HAProxy服务器上安装Keepalived

在演示环境中,我们在Ubuntu 20.04上运行HAProxy服务器。因此,假设您的系统包缓存是最新的,请在Ubuntu 20.04上运行install Keepalived下面的命令

[email protected]:~# apt install keepalived

同样,在第二台HAProxy服务器上安装Keepalived。

[email protected]:~# apt install keepalived

配置IP转发和非本地绑定

要启用Keepalived服务将网络数据包转发到后端服务器,需要启用IP转发。在两个HAProxy服务器上运行此命令;

sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf

同样,您需要启用HAProxy和Keepalived绑定到非本地IP地址,即绑定到故障转移IP地址(浮动IP)。

echo "net.ipv4.ip_nonlocal_bind = 1" >> /etc/sysctl.conf

重新加载系统设置;

sysctl -p

配置Keepalived

Keepalived的默认配置文件应为 /etc/keepalived/keepalived.conf。但是,默认情况下不会创建此配置。使用以下内容创建配置;

vim /etc/keepalived/keepalived.conf

主节点的Keepalived配置(lb01)

# Global Settings for notifications
global_defs {
    notification_email {
        [email protected]     # Email address for notifications 
    }
    notification_email_from [email protected]	# The from address for the notifications
    smtp_server 127.0.0.1     			# SMTP server address
    smtp_connect_timeout 15
}
  
# Define the script used to check if haproxy is still working
vrrp_script chk_haproxy { 
    script "/usr/bin/killall -0 haproxy"
    interval 2 
    weight 2 
}
  
# Configuration for Virtual Interface
vrrp_instance LB_VIP {
    interface enp0s8
    state MASTER        # set to BACKUP on the peer machine
    priority 101        # set to  99 on the peer machine
    virtual_router_id 51
  
    smtp_alert          # Enable Notifications Via Email
  
    authentication {
        auth_type AH
        auth_pass [email protected]	# Password for accessing vrrpd. Same on all devices
    }
    unicast_src_ip 192.168.57.7 # Private IP address of master
    unicast_peer {
        192.168.58.4		# Private IP address of the backup haproxy
   }
  
    # The virtual ip address shared between the two loadbalancers
    virtual_ipaddress {
        192.168.100.200
    }
     
    # Use the Defined Script to Check whether to initiate a fail over
    track_script {
        chk_haproxy
    }
}

备份节点的保持活动配置(lb02)

global_defs {
    notification_email {
        [email protected]
    }
    notification_email_from [email protected]
    smtp_server 127.0.0.1
    smtp_connect_timeout 15
}
  
vrrp_script chk_haproxy { 
    script "/usr/bin/killall -0 haproxy"
    interval 2 
    weight 2 
}
  
vrrp_instance LB_VIP {
    interface enp0s8
    state BACKUP
    priority 100
    virtual_router_id 51
  
    smtp_alert
  
    authentication {
        auth_type AH
        auth_pass [email protected]
    }
    unicast_src_ip 192.168.58.4 # Private IP address of the backup haproxy
    unicast_peer {
        192.168.57.7	# Private IP address of the master haproxy
   }
  
    virtual_ipaddress {
        192.168.100.200
    }
     
    track_script {
        chk_haproxy
    }
}

请注意,通知部分是可选的。但是,您可以按照下面的链接安装和配置Postfix,以将Gmail SMTP用作中继。

将Postfix配置为在Ubuntu 20.04上使用Gmail SMTP

阅读更多关于上面使用的配置参数的信息 Keepalived手册页Keepalived配置简介

在Ubuntu 20.04上运行Keepalived

现在,您可以启动并启用Keepalived在所有节点上的系统引导上运行;

systemctl enable --now keepalived

检查主节点上的状态;

systemctl status keepalived
● keepalived.service - Keepalive Daemon (LVS and VRRP)
     Loaded: loaded (/lib/systemd/system/keepalived.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2020-06-06 18:24:20 UTC; 6s ago
   Main PID: 7097 (keepalived)
      Tasks: 2 (limit: 2282)
     Memory: 2.1M
     CGroup: /system.slice/keepalived.service
             ├─7097 /usr/sbin/keepalived --dont-fork
             └─7107 /usr/sbin/keepalived --dont-fork

Jun 06 18:24:20 lb01.kifarunix-demo.com Keepalived_vrrp[7107]: (LB_VIP) Initial state master is incompatible with AH authentication - clearing
Jun 06 18:24:20 lb01.kifarunix-demo.com Keepalived_vrrp[7107]: Registering gratuitous ARP shared channel
Jun 06 18:24:20 lb01.kifarunix-demo.com Keepalived_vrrp[7107]: (LB_VIP) Entering BACKUP STATE (init)
Jun 06 18:24:20 lb01.kifarunix-demo.com Keepalived_vrrp[7107]: Remote SMTP server [127.0.0.1]:25 connected.
Jun 06 18:24:20 lb01.kifarunix-demo.com Keepalived_vrrp[7107]: VRRP_Script(chk_haproxy) succeeded
Jun 06 18:24:20 lb01.kifarunix-demo.com Keepalived_vrrp[7107]: (LB_VIP) Changing effective priority from 100 to 102
Jun 06 18:24:20 lb01.kifarunix-demo.com Keepalived_vrrp[7107]: SMTP alert successfully sent.
Jun 06 18:24:23 lb01.kifarunix-demo.com Keepalived_vrrp[7107]: (LB_VIP) Entering MASTER STATE
Jun 06 18:24:23 lb01.kifarunix-demo.com Keepalived_vrrp[7107]: Remote SMTP server [127.0.0.1]:25 connected.
Jun 06 18:24:23 lb01.kifarunix-demo.com Keepalived_vrrp[7107]: SMTP alert successfully sent

您还可以检查从节点上的状态。

检查IP地址分配;

在主节点上;

ip --brief add
lo               UNKNOWN        127.0.0.1/8 ::1/128 
enp0s3           UP             10.0.2.15/24 fe80::a00:27ff:fe9d:888e/64 
enp0s8           UP             192.168.100.81/24 192.168.100.200/32 fe80::a00:27ff:feba:9e8c/64 
enp0s9           UP             192.168.57.7/24 fe80::a00:27ff:fe31:b7db/64

看到突出显示的行,它被分配了一个浮动IP, 192.168.100.200/32

在奴隶上;

lo               UNKNOWN        127.0.0.1/8 ::1/128 
enp0s3           UP             10.0.2.15/24 fe80::a00:27ff:fefe:fc06/64 
enp0s8           UP             192.168.100.80/24 fe80::a00:27ff:fe75:9eae/64 
enp0s9           UP             192.168.58.4/24 fe80::a00:27ff:fef4:41/64

现在,让我们在主节点上删除接口enp0s8。 在关闭界面之前,请确保从控制台登录

ip link set enp0s8 down

在备份节点上检查Keepalived状态;

systemctl status keepalived
● keepalived.service - Keepalive Daemon (LVS and VRRP)
     Loaded: loaded (/lib/systemd/system/keepalived.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2020-06-06 19:24:27 UTC; 26min ago
   Main PID: 9948 (keepalived)
      Tasks: 2 (limit: 2282)
     Memory: 2.3M
     CGroup: /system.slice/keepalived.service
             ├─9948 /usr/sbin/keepalived --dont-fork
             └─9949 /usr/sbin/keepalived --dont-fork

Jun 06 19:24:27 lb02.kifarunix-demo.com Keepalived_vrrp[9949]: SECURITY VIOLATION - scripts are being executed but script_security not enabled.
Jun 06 19:24:27 lb02.kifarunix-demo.com Keepalived_vrrp[9949]: Registering gratuitous ARP shared channel
Jun 06 19:24:27 lb02.kifarunix-demo.com Keepalived_vrrp[9949]: (LB_VIP) Entering BACKUP STATE (init)
Jun 06 19:24:27 lb02.kifarunix-demo.com Keepalived_vrrp[9949]: Remote SMTP server [127.0.0.1]:25 connected.
Jun 06 19:24:27 lb02.kifarunix-demo.com Keepalived_vrrp[9949]: VRRP_Script(chk_haproxy) succeeded
Jun 06 19:24:27 lb02.kifarunix-demo.com Keepalived_vrrp[9949]: (LB_VIP) Changing effective priority from 99 to 101
Jun 06 19:24:27 lb02.kifarunix-demo.com Keepalived_vrrp[9949]: SMTP alert successfully sent.
Jun 06 19:50:39 lb02.kifarunix-demo.com Keepalived_vrrp[9949]: (LB_VIP) Entering MASTER STATE
Jun 06 19:50:39 lb02.kifarunix-demo.com Keepalived_vrrp[9949]: Remote SMTP server [127.0.0.1]:25 connected.
Jun 06 19:50:40 lb02.kifarunix-demo.com Keepalived_vrrp[9949]: SMTP alert successfully sent.

使用Keepalived虚拟IP配置HAProxy

我们将对HAProxy配置文件进行的唯一更改是将前端绑定IP和统计IP地址调整为VIP或浮动IP,在我们的示例中为192.168.100.200

vim /etc/haproxy/haproxy.cfg
...
frontend kifarunixlb
        bind 192.168.100.200:443 ssl crt /etc/ssl/certs/haproxy.pem
        default_backend webapps
        option forwardfor
...
listen stats
        bind 192.168.100.200:8443 ssl crt /etc/ssl/certs/haproxy.pem
        stats enable
...

保存并退出配置文件。

重新启动HAProxy。

systemctl restart haproxy

现在,即使其中一台HAProxy服务器通过浮动IP发生故障,您也应该能够访问您的Web应用程序。下面是我们设置的示例屏幕截图;

在Ubuntu 20.04上使用Keepalived配置高可用性HAProxy

这标志着我们指南的结尾,有关如何在Ubuntu 20.04上使用Keepalived配置高可用性HAProxy

进一步阅读

Keepalived文档

Keepalived用户指南

其他教程

如何在Ubuntu 16.04上将Pound安装和配置为Apache HTTP负载均衡器

Sidebar