Rocky Linux 8 系统部署 HAProxy+Keepalived

一、基础配置

1. 内核配置

cat >> /etc/sysctl.conf <<EOF 
net.ipv4.ip_nonlocal_bind = 1
EOF
sysctl -p

2. 网卡配置

  1. 编辑 /etc/default/grub 配置文件,在GRUB_CMDLINE_LINUX后追加 net.ifnames、biosdevname
GRUB_CMDLINE_LINUX="... net.ifnames=0 biosdevname=0"
  1. 生成grub2引导文件
 sudo grub2-mkconfig -o /etc/grub2.cfg 
  1. 配置网卡
mv /etc/sysconfig/network-scripts/ifcfg-ens160 /etc/sysconfig/network-scripts/ifcfg-eth0

更新 /etc/sysconfig/network-scripts/ifcfg-eth0中的NAME=eth0DEVICE=eth0

二、安装 keepalived、haproxy

sudo yum install keepalived haproxy -y
sudo systemctl enable keepalived haproxy

三、主服务器配置

1. haproxy配置

cat > /etc/haproxy/haproxy.cfg <<EOF
global
    log         127.0.0.1 local2
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon
    stats socket /var/lib/haproxy/stats
    ssl-default-bind-ciphers PROFILE=SYSTEM
    ssl-default-server-ciphers PROFILE=SYSTEM

defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

listen stats
    mode http
    bind 0.0.0.0:8888
    stats enable
    log global
    stats uri /status
    stats auth admin:123456

listen  kubernetes-api-6443
    bind 10.0.0.100:6443
    mode tcp
    server master1 10.0.0.101:6443 check inter 3s fall 3 rise 3
    server master2 10.0.0.102:6443 check inter 3s fall 3 rise 3
    server master3 10.0.0.103:6443 check inter 3s fall 3 rise 3
EOF

2. keepalived 配置

2.1 keepalived 服务检测脚本

cat > /etc/keepalived/check_haproxy.sh <<EOF
#!/bin/bash
/usr/bin/killall -0 haproxy  || systemctl restart haproxy
EOF
sudo chmod +x /etc/keepalived/check_haproxy.sh

2.2 keepalived 主配置文件

cat > /etc/keepalived/keepalived.conf <<EOF
global_defs {
   router_id ha-1.wupeize.com
}

vrrp_script check_haproxy {
    script "/etc/keepalived/check_haproxy.sh"
    interval 1
    weight -30
    fall 3
    rise 2
    timeout 2
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    garp_master_delay 10
    smtp_alert
    virtual_router_id 66
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        10.0.0.100/24 dev eth0 label eth0:1
    }
    track_script {
        check_haproxy
    }
}
EOF

四、备服务器配置

1. haproxy 配置

cat > /etc/haproxy/haproxy.cfg <<EOF
global
    log         127.0.0.1 local2
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

    # utilize system-wide crypto-policies
    ssl-default-bind-ciphers PROFILE=SYSTEM
    ssl-default-server-ciphers PROFILE=SYSTEM
    
defaults
    mode                  http
    log                     global
    option                 httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

listen stats
    mode http
    bind 0.0.0.0:8888
    stats enable
    log global
    stats uri /status
    stats auth admin:123456

listen  kubernetes-api-6443
    bind 10.0.0.100:6443
    mode tcp
    server master1 10.0.0.101:6443 check inter 3s fall 3 rise 3
    server master2 10.0.0.102:6443 check inter 3s fall 3 rise 3
    server master3 10.0.0.103:6443 check inter 3s fall 3 rise 3
EOF

2. keepalived 配置

2.1 keepalived 服务检测脚本

cat > /etc/keepalived/check_haproxy.sh <<EOF
#!/bin/bash
/usr/bin/killall -0 haproxy  || systemctl restart haproxy
EOF
sudo chmod +x /etc/keepalived/check_haproxy.sh

2.2 keepalived 备配置文件

cat > /etc/keepalived/keepalived.conf <<EOF
global_defs {
   router_id ha-2.wupeize.com
}

vrrp_script check_haproxy {
    script "/etc/keepalived/check_haproxy.sh"
    interval 1
    weight -30
    fall 3
    rise 2
    timeout 2
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    garp_master_delay 10
    smtp_alert
    virtual_router_id 66
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        10.0.0.100/24 dev eth0 label eth0:1
    }
    track_script {
        check_haproxy
    }
}
EOF

3. 启动验证服务

sudo systemctl start haproxy keepalived