KeepAlived+Haproxy实现负载均衡(SLB) - 指南

背景

公司一个项目中客户现场没有云平台,应用的高可用需要使用KeepAlived+Haroxy来实现,记录一下步骤。

资源配置

服务器 2台: 172.18.7.13、172.18.8.14
操作系统: OpenEuler 24.03 LTS
VIP1: 172.18.7.81 (结构化服务入口)
VIP2: 172.18.7.21 (非结构化服务入口)

部署架构图

在这里插入图片描述

部署步骤

  1. 两台服务器上都安装keepalived 和haproxy
yum install -y keepalived haproxy
  1. 修改两台服务器的系统配置,允许tcp监听未知的IP地址
echo 'net.ipv4.ip_nonlocal_bind=1' >> /etc/sysctl.conf
sysctl -p
  1. 配置keepalived并启动服务
vi /etc/keepalived/keepalived.conf

文件内容

vrrp_script chk_nginx {
script "/etc/keepalived/check_nginx.sh"
interval 1
weight -20
fall 2
rise 2
}
vrrp_instance VI_1 {
state BACKUP #另外一个服务配置为Master
interface  bond1
virtual_router_id 51
priority 90 #另外一个服务器配置优先级为100
advert_int 1
authentication {
auth_type PASS
auth_pass keepalived
}
virtual_ipaddress {
172.18.7.81
}
track_script {
chk_nginx
}
}
vrrp_instance VI_2 {
state MASTER #另外一个服务器为BACKUP
interface  bond1
virtual_router_id 61
priority 100 #另外一个服务器为90
advert_int 1
authentication {
auth_type PASS
auth_pass keepalived
}
virtual_ipaddress {
172.18.7.21
}
}
systemctl enable keepalvied && systemctl start keepalived
  1. 配置haproxy并启动服务
vi /etc/haproxy/haproxy.cfg

文件内容

global
log         127.0.0.1 local2
chroot      /var/lib/haproxy
pidfile     /var/run/haproxy.pid
user        haproxy
group       haproxy
daemon
maxconn     40000
defaults
mode                    http
log                     global
option                  httplog
option                  dontlognull
retries                 3
timeout http-request    50s
timeout queue           1m
timeout connect         50s
timeout client          1m
timeout server          1m
timeout http-keep-alive 50s
timeout check           50s
maxconn                 30000
frontend http
bind 172.18.7.81:80
default_backend         http_back
backend http_back
balance     roundrobin
server  node1 172.18.7.1:30080 check
server  node2 172.18.7.2:30080 check
server  node3 172.18.7.3:30080 check
server  node4 172.18.7.4:30080 check
server  node5 172.18.7.5:30080 check
frontend https
bind 172.18.7.81:443
default_backend         https_back
backend https_back
balance     roundrobin
server  node1 172.18.7.1:30443 check
server  node2 172.18.7.2:30443 check
server  node3 172.18.7.3:30443 check
server  node4 172.18.7.4:30443 check
server  node5 172.18.7.5:30443 check
frontend obs
bind 172.18.7.21:80
default_backend         obs_back
backend obs_back
balance     roundrobin
server  node1 172.18.7.17:80 check
server  node2 172.18.7.18:80 check
server  node3 172.18.7.19:80 check
server  node4 172.18.7.20:80 check
systemctl enable haproxy && systemctl start haproxy
  1. 验证VIP与服务端口
#登录任何一台服务器
netstat -tulpn|grep -E "80|443"

示例输出
在这里插入图片描述

posted @ 2025-08-26 10:47  yjbjingcha  阅读(21)  评论(0)    收藏  举报