Shulou(Shulou.com)05/31 Report--

This article introduces how to build a high-availability load balancer in haproxy+keepalived. The content is very detailed. Interested friends can use it for reference. I hope it will be helpful to you.

When the business volume of the enterprise is relatively small, a single server can meet the business needs. But as the business grows, the problem of a single server becomes prominent:

When the server hangs up, the business will be interrupted

When the volume of business increases and the performance of a single server becomes worse, how to transparently expand the server and bandwidth to increase server throughput

Load balancer can solve the above problems.

1 load balancer topology diagram

Cdn.com/74801c3b3c7fe37bd77df14292d9998b4561473b.png ">

According to the topology diagram, build a load balancer with haproxy and keepalived

2 prepare 2.1 prepare the environment

Prepare 5 CentOS7.3 hosts and one VIP address:

Prepare an available IP to use as a virtual IP (VIP):

VIP: 192.168.1.100

The load balancer will use two hosts, one master and one standby architecture.

Lb1 (default is primary): 192.168.1.101

Lb2 (default is standby): 192.168.1.102

IP address of the host in the backend server cluster

S1: 192.168.1.2

S2: 192.168.1.3

S3: 192.168.1.4

2.2 Host configuration 2.2.1 turn off firewall systemctl stop firewalldsystemctl disable firewalld2.2.2 on all hosts close selinuxsetenforce 0vi / etc/selinux/configSELINUX=disabled2.3 install haproxy and keepalived on all hosts

Install haproxy and keepalived on lb1 and lb2

Yum install haproxy keepalived-y2.4 install nginx (there are other back-end testing programs, you can omit this step)

Install nginx on S1 S2 S3 to use nginx as the backend. If there are other backend programs, this step can be omitted.

Yum install epel-release-yyum install nginx-y2.3 configure keepalived

KeepAlived is a high availability scheme based on VRRP (Virtual Router Redundancy Protocol, virtual routing redundancy protocol), which is achieved by VIP (virtual IP) and heartbeat detection.

Keepalived has two roles, Master and Backup. It will usually be 1 Master and multiple Backup.

Master binds VIP to its own network card to provide services. Master and Backup will regularly determine each other's status. When Master is not available, Backup will notify the gateway and bind the VIP to its own network card to achieve uninterrupted service and high availability.

2.3.1 configure Master

Edit / etc/keepalived/keepalived.conf on lb1 (192.168.1.101)

! Configuration File for keepalivedglobal_defs {# notify the configuration of the mail server notification_email {# when master loses VIP or VIP A notification email will be sent to your-email@qq.com your-email@qq.com} # Sender Information notification_email_from keepalived@qq.com # Mail server address smtp_server 127.0.0.1 # Mail server timeout smtp_connect_timeout 30 # email TITLE router_id LVS_DEVEL} vrrp_instance VI_1 {# host: MASTER # Slave: the Nic bound to the BACKUP state MASTER # instance Use the ip a command to view the network card number interface eno16777984 # virtual routing ID This ID is a number (1-255i). In a VRRP instance, the ID of the primary and secondary servers must have the same priority of virtual_router_id 88 #. The higher the number, the higher the priority. In an instance, the priority of the primary server is higher than that of the standby server priority 100 # the time interval between advert_int 1 # authentication type and password authentication {# authentication type there are two types of PASS and HA auth_type PASS # authentication passwords In an instance, the master and slave passwords remain the same as the auth_pass 11111111} # virtual IP address, which can have multiple passwords. Virtual_ipaddress {192.168.1.100}} virtual_server 192.168.1.100 443 {# Health check interval delay_loop 6 # scheduling algorithm # Doc: http://www.keepalived.org/doc/scheduling_algorithms.html # Round Robin (rr) # Weighted Round Robin (wrr) # Least Connection (lc) # Weighted Least Connection (wlc) # Locality-Based Least Connection (lblc) # Locality-Based Least Connection with Replication (lblcr) # Destination Hashing (dh) # Source Hashing (sh) # Shortest Expected Delay (seq) # Never Queue (nq) # Overflow-Connection (ovf) lb_algo rr lb_kind NAT persistence_timeout 50 protocol TCP # switch Master to a real load balancer server through scheduling algorithm # real hosts periodically determine for health check If MASTER is not available Then switch to real_server 192.168.1.101 443 {weight 1 TCP_CHECK {# connection timeout connect_port 443 # connection timeout connect_timeout 3} real_server 192.168.1.102 443 {weight 1 TCP_CHECK { Connect_port 443 connect_timeout 3}} 2.3.2 configure BACKUP

Edit / etc/keepalived/keepalived.conf on lb2 (192.168.1.102)

! Configuration File for keepalivedglobal_defs {# notify the configuration of the mail server notification_email {# when master loses VIP or VIP A notification email will be sent to your-email@qq.com your-email@qq.com} # Sender Information notification_email_from keepalived@qq.com # Mail server address smtp_server 127.0.0.1 # Mail server timeout smtp_connect_timeout 30 # email TITLE router_id LVS_DEVEL} vrrp_instance VI_1 {# host: MASTER # Slave: the Nic bound to the BACKUP state BACKUP # instance Use the ip a command to view the network card number interface eno16777984 # virtual routing ID This ID is a number (1-255i). In a VRRP instance, the ID of the primary and secondary servers must have the same priority of virtual_router_id 88 #. The higher the number, the higher the priority. In an instance, the priority of the primary server is higher than that of the standby server priority 99 # the interval between advert_int 1 # authentication type and password authentication {# authentication type there are two types of PASS and HA auth_type PASS # authentication passwords In an instance, the master and slave passwords remain the same as the auth_pass 11111111} # virtual IP address, which can have multiple passwords. Virtual_ipaddress {192.168.1.100}} virtual_server 192.168.1.100 443 {# Health check interval delay_loop 6 # scheduling algorithm # Doc: http://www.keepalived.org/doc/scheduling_algorithms.html # Round Robin (rr) # Weighted Round Robin (wrr) # Least Connection (lc) # Weighted Least Connection (wlc) # Locality-Based Least Connection (lblc) # Locality-Based Least Connection with Replication (lblcr) # Destination Hashing (dh) # Source Hashing (sh) # Shortest Expected Delay (seq) # Never Queue (nq) # Overflow-Connection (ovf) lb_algo rr lb_kind NAT persistence_timeout 50 protocol TCP # switch Master to a real load balancer server through scheduling algorithm # real hosts periodically determine for health check If MASTER is not available Then switch to real_server 192.168.1.101 443 {weight 1 TCP_CHECK {# connection timeout connect_port 443 # connection timeout connect_timeout 3} real_server 192.168.1.102 443 {weight 1 TCP_CHECK { Connect_port 443 connect_timeout 3} 2.4 configure haproxy

Edit / etc/haproxy/haproxy.cfg on lb1 (192.168.1.101) and lb2 (192.168.1.102)

Add the back-end server IP (192.168.1.2, 192.168.1.3, 192.168.1.4) to backend

#-# Global settings#- -global log 127.0.0.1 local2 chroot / var/lib/haproxy pidfile / var/run/haproxy.pid maxconn 4096 user haproxy group haproxy daemon # turn on stats unix socket stats socket / var/lib/haproxy/statslisten stats bind *: 9000 mode http stats enable stats hide- Version stats uri / stats stats refresh 30s stats realm Haproxy\ Statistics stats auth admin:adminfrontend k8s-api bind *: 443 mode tcp option tcplog tcp-request inspect-delay 5s tcp-request content accept if {req_ssl_hello_type 1} default_backend k8s-api-backendbackend k8s-api-backend mode tcp option tcplog option tcp-check balance roundrobin server master1 192.167.1.2 stats realm Haproxy 80 maxconn 1024 weight 5 check Server master2 192.167.1.3 weight 80 maxconn 1024 weight 5 check server master3 192.167.1.4 maxconn 1024 weight 5 check2.5 configuration nginx

Add a SSL certificate to nginx, with a brief configuration process

Vi / usr/share/nginx/html/index.html

Change the string Welcome to nginx in index.html to Welcome to nginx HA

3 Startup Service 3.1 start nginxsudo systemctl start nginxsudo systemctl enable nginx3.2 start haproxysudo systemctl start haproxysudo systemctl enable haproxy3.3 start keepalivedsudo systemctl start keepalivedsudo systemctl enable keepalived

Run ip an on MASTER

Eno16777984: mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:xx:xx:xx:3d:0c brd ff:ff:ff:ff:ff:ff inet 192.168.1.101/24 brd 192.168.1.255 scope global eno16777984 valid_lft forever preferred_lft forever inet 192.168.1.100/32 scope global eno16777984 valid_lft forever preferred_lft forever inet6 eeee:eeee:1c9d:2009:250:56ff:fe9c:3d0c/64 scope global noprefixroute dynamic Valid_lft 7171sec preferred_lft 7171sec inet6 eeee::250:56ff:eeee:3d0c/64 scope link valid_lft forever preferred_lft forever

You will find that VIP (192.168.1.100) has been bound.

Inet 192.168.1.100/32 scope global eno16777984 valid_lft forever preferred_lft forever

If you find that VIP cannot be bound

Vi / etc/sysctl.conf

Add two lines

Net.ipv4.ip_forward = 1net.ipv4.ip_nonlocal_bind = 1

Let the new configuration take effect

Sysctl-p4 validate 4.1 View status 1. Enter http://192.168.1.100:9000/stats in the browser to view haproxy status 2. Enter https://192.168.1.100 in the browser to see if the service status is successfully displayed as nginx Welcome Page 4.2 switch between master and standby. Enter https://192.168.1.100 in the browser to check whether the nginx welcome page is displayed successfully. Lb1 (192.168.1.101) shuts down to see if you can still access https://192.168.1.100. If successful, it means that VIP has successfully switched to standby 3. Execute ip an on lb2 (192.168.1.102) to see if the network card is bound to VIP (192.168.1.100) 3. The purpose of starting lb1 (192.168.1.101) is to verify whether the VIP is switched back to the MASTER host (because the priority in the configuration file of master is 100, and BACKUP is 99recover. that's all for haproxy+keepalived on how to build a highly available load balancer. I hope the above can be helpful and learn more. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.