keepalived 用于高可用,haproxy 用于负载均衡。

负载均衡器 (LB)
172.16.0.61 ec-n1
172.16.0.63 ec-n3

负责均衡器间的高可用的虚拟ip (VIP)
172.16.0.200

服务节点 (RGW)
172.16.0.62 ec-n2
172.16.0.31 ec-n4

环境配置及安装

环境
## 负载均衡器 (LB)节点,开启linux ip转发功能
#  
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
## 负载均衡器 (LB)节点,允许绑定到非本地ip
#  
echo "net.ipv4.ip_nonlocal_bind = 1" >> /etc/sysctl.conf
sysctl -p
## check:
#  值为0,说明禁止进行IP转发;为1,则说明IP转发功能已经打开。
/usr/sbin/sysctl net.ipv4.ip_nonlocal_bind
/usr/sbin/sysctl net.ipv4.ip_forward
cat /proc/sys/net/ipv4/ip_forward  
安装
## 负载均衡器 (LB)节点
#
[root@ec-n1 ~]# yum install keepalived haproxy 

[root@ec-n3 ~]# yum install keepalived haproxy 
Loaded plugins: fastestmirror
Determining fastest mirrors
 * base: mirrors.aliyun.com
 * extras: mirrors.163.com
 * updates: mirrors.cn99.com
.....

Transaction Summary
===============================================================================================
Install  2 Packages (+3 Dependent packages)

Total download size: 2.6 M
Installed size: 8.6 M
Is this ok [y/d/N]: y
Downloading packages:
(1/5): haproxy-1.5.18-7.el7.x86_64.rpm                                        | 834 kB  00:00:01     
(2/5): lm_sensors-libs-3.4.0-4.20160601gitf9185e5.el7.x86_64.rpm              |  41 kB  00:00:00     
(3/5): keepalived-1.3.5-6.el7.x86_64.rpm                                      | 329 kB  00:00:01     
(4/5): net-snmp-libs-5.7.2-33.el7_5.2.x86_64.rpm                              | 749 kB  00:00:00     
(5/5): net-snmp-agent-libs-5.7.2-33.el7_5.2.x86_64.rpm                        | 705 kB  00:00:00     
-----------------------------------------------------------------------------------------------
Total                                                                1.1 MB/s | 2.6 MB  00:00:02     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : 1:net-snmp-libs-5.7.2-33.el7_5.2.x86_64                 1/5 
  Installing : lm_sensors-libs-3.4.0-4.20160601gitf9185e5.el7.x86_64   2/5 
  Installing : 1:net-snmp-agent-libs-5.7.2-33.el7_5.2.x86_64           3/5 
  Installing : keepalived-1.3.5-6.el7.x86_64                           4/5 
  Installing : haproxy-1.5.18-7.el7.x86_64                             5/5 
  Verifying  : 1:net-snmp-agent-libs-5.7.2-33.el7_5.2.x86_64           1/5 
  Verifying  : haproxy-1.5.18-7.el7.x86_64                             2/5 
  Verifying  : lm_sensors-libs-3.4.0-4.20160601gitf9185e5.el7.x86_64   3/5 
  Verifying  : keepalived-1.3.5-6.el7.x86_64                           4/5 
  Verifying  : 1:net-snmp-libs-5.7.2-33.el7_5.2.x86_64                 5/5 

Installed:
  haproxy.x86_64 0:1.5.18-7.el7              keepalived.x86_64 0:1.3.5-6.el7                   

Dependency Installed:
  lm_sensors-libs.x86_64 0:3.4.0-4.20160601gitf9185e5.el7                                            
  net-snmp-agent-libs.x86_64 1:5.7.2-33.el7_5.2                                                      
  net-snmp-libs.x86_64 1:5.7.2-33.el7_5.2                                                            

Complete!
配置文件
/etc/keepalived/keepalived.conf
## 负载均衡器 (LB)节点,/etc/keepalived/keepalived.conf
#
! Configuration File for keepalived

global_defs {
    # 存在于同一个网段中,一组keepalived的各个节点都有不同的名字
    # 在全局设置中,我们还可以设置管理员的email信息等。
    router_id LVS_V1  # 虚拟路由名称,主备节点不同
}

# haproxy检查脚本,可自定义文件中脚本(注意文件权限)
vrrp_script chk_haproxy {
    script "killall -0 haproxy"  # 使用killall -0检查haproxy实例是否存在,性能高于ps命令
    interval 2  # 脚本运行周期
    weight 2    # 每次检查的加权权重值
}

vrrp_instance VI_1 {
    # 一个keepalived组中,最多只有一个MASTER节点,当然也可以没有
    # 全部节点采用backup,为了减少VIP来回切换
    state BACKUP          
    interface enp0s8    # 绑定的网卡设备,ip addr 查看
    virtual_router_id 51      # id号局域网唯一,同一集群的keepalived的主、备机的virtual_router_id 必须相同,取值0-255
    priority 100     # 节点优先级,BACKUP的优先级一定要比MASTER的优先级低
    advert_int 1     # 争抢虚地址的周期,秒。组播信息发送间隔,两个节点设置必须一样
    # 验证信息,只有验证信息相同,才能被加入到一个组中。
    authentication {
        auth_type PASS
        auth_pass 1111
    }

    #虚拟地址和绑定的端口,如果有多个,就绑定多个
    virtual_ipaddress {
        172.16.0.200        # 虚地址IP,主备机保持一致。客户端连接该ip即可高可用
        # 172.16.0.200 dev enp0s8    # dev 是指定浮动IP要绑定的网卡设备号
    }

    # 设置的检查脚本
    # 关联上方的“vrrp_script chk_haproxy”
    track_script {
        chk_haproxy   #对应的健康检查配置
    }
}

/etc/haproxy/haproxy.cfg
## 负载均衡器 (LB)节点,/etc/haproxy/haproxy.cfg
#
#---------------------------------------------------------------------
# Example configuration for a possible web application.  See the
# full configuration options online.
#
#   http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy      # chroot运行的路径 
    pidfile     /var/run/haproxy.pid  # haproxy的pid存放路径,启动进程的用户必须有权限访问此文件
    maxconn     4000    # 默认最大连接数
    user        haproxy # 此处要修改成对应的用户,建议用root
    group       haproxy
    daemon              #以后台形式运行haproxy

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http         # 所处理的类别 (#7层 http;4层tcp  )
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000
    stats refresh           30s     #统计页面刷新间隔
    stats uri /stats #统计页面url
    stats realm baison-test-Haproxy #统计页面密码框上提示文本
    stats auth admin:admin123 #统计页面用户名和密码设置
    stats hide-version #隐藏统计页面上HAProxy的版本信息

#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend rgw *:7480     # 监听端口,即haproxy提供web服务的端口,和lvs的vip端口类似
    mode http
    default_backend    rgw

#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend rgw
    mode http
    balance    roundrobin     # 均衡模式,当前为轮循
    # 后端服务器的健康检测
    server rgw1 172.16.0.62:7480 check   # 填写真实网关IP和端口
    server rgw2 172.16.0.31:7480 check
[Note] HAProxy的算法有如下8种:
1. roundrobin,表示简单的轮询
2. static-rr,表示根据权重 
3. leastconn,表示最少连接者先处理 
4. source,表示根据请求源IP,
5. uri,表示根据请求的URI
6. url_param,表示根据请求的URl参数'balance url_param' requires an URL parameter name
7. hdr(name),表示根据HTTP请求头来锁定每一次HTTP请求
8. rdp-cookie(name),表示根据据cookie(name)来锁定并哈希每一次TCP请求

启动服务

## 负载均衡器 (LB)节点
#

systemctl start keepalived
systemctl enable keepalived

systemctl start haproxy
systemctl enable haproxy
## 最后记得防火墙允许相应端口,测试环境可以直接关闭防火墙,关闭selinux。
#
## 负载均衡器 (LB)节点,查看状态
#
systemctl status keepalived
systemctl status haproxy
keepalived
haproxy