侧边栏壁纸
博主头像
liveJQ博主等级

沒有乐趣,何来开始

  • 累计撰写 171 篇文章
  • 累计创建 67 个标签
  • 累计收到 2 条评论

Keepalived 实现 HAProxy 高可用

liveJQ
2024-07-17 / 0 评论 / 0 点赞 / 125 阅读 / 2,377 字

紧接上篇,使用 HAProxy 实现了 Kube-apiserver 的高可用,只不过还存在 HAProxy 是单节点的问题。虽然这有点套娃,但还是给 HAProxy 也搞成了多节点。

如果说多个节点需要手动切换使用,那即使有再多节点也不算是高可用吧。Keepalived 可以解决这个问题(也避免了再次套娃😆),若当前 HAProxy 节点故障,通过 VRRP 协议,自动将服务IP(VIP)切换到下一个可用节点,从而保证 HAProxy 的高可用性。

20240808_keepalive_haproxy_high_availability.png

安装

环境:Debian 11

在每个 HAProxy 上部署 Keepalived,这里直接通过软件仓库安装的 2.1.5 版本,建议安装次版本号的最后一个版本。

apt install -y keepalived

配置

主节点

cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
  router_id LVS_1
  script_user haproxy
  enable_script_security
}

vrrp_script haproxy_check {
  script  "/etc/keepalived/haproxy_check.sh"
  interval 5
}

vrrp_instance VI_1 {
  state MASTER
  interface ens32
  virtual_router_id 51
  priority 120
  advert_int 1
  authentication {
      auth_type PASS
      auth_pass livejq 
  }
  track_script {
    haproxy_check
  }

  virtual_ipaddress {
    192.168.2.100/24
  }
}

从节点

cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
  router_id LVS_1
  script_user haproxy
  enable_script_security
}

vrrp_script haproxy_check {
  script  "/etc/keepalived/haproxy_check.sh"
  interval 5
}

vrrp_instance VI_1 {
  state BACKUP
  interface ens32
  virtual_router_id 51
  priority 100
  advert_int 1
  authentication {
      auth_type PASS
      auth_pass livejq 
  }
  track_script {
    haproxy_check
  }

  virtual_ipaddress {
    192.168.2.100/24
  }
}

监测脚本

需要注意确保系统已经安装了curl工具

cat /etc/keepalived/haproxy_check.sh
#!/bin/bash
curl -I http://localhost:9443 &>/dev/null

if [ $? -eq 0 ];then
  exit 0
else
  exit 1
fi

授权脚本通过 haproxy 用户执行,然后启动服务。

chmod 774 /etc/keepalived/haproxy_check.sh
chown haproxy:haproxy /etc/keepalived/haproxy_check.sh
systemctl start keepalived

验证

在主节点能正常看到生成的 VIP 地址,并且通过 VIP 访问,例如:https://192.168.2.100:9443返回如下结果则表示成功实现 HAProxy 高可用。

{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {
    
  },
  "status": "Failure",
  "message": "Unauthorized",
  "reason": "Unauthorized",
  "code": 401
}

模拟宕机过程,在主节点上停止运行 haproxy。

systemctl stop haproxy

监测脚本5秒间隔后查看日志,检查发现 haproxy 不在线了,主动将优先级降到最低,将 VIP 切换到正常节点。

ha-node1 Keepalived_vrrp[4608]: Script `haproxy_check` now returning 1
ha-node1 Keepalived_vrrp[4608]: VRRP_Script(haproxy_check) failed (exited with status 1)
ha-node1 Keepalived_vrrp[4608]: (VI_1) Entering FAULT STATE
ha-node1 Keepalived_vrrp[4608]: (VI_1) sent 0 priority

在从节点查看,发现一开始的主节点优先级突然降到了最低,然后发现自己的优先级最高,自动切换到 MASTER 状态。

ha-node2 Keepalived_vrrp[3191]: (VI_1) Backup received priority 0 advertisement
ha-node2 Keepalived_vrrp[3191]: (VI_1) Backup received priority 0 advertisement
ha-node2 Keepalived_vrrp[3191]: (VI_1) Entering MASTER STATE

相关资料

  1. Keepalived for Linux Download
0

评论区