centos7源码安装keepalive+haproxy

主机名IP
keepalive-haproxy-110.6.126.132
keepalive-haproxy-210.6.126.142
keepalive-haproxy-310.6.126.152
vip10.6.126.150

前置工作

1. 关闭firewalld

systemctl stop firewalld
systemctl disable firewalld

image.png

2. 关闭selinux

setenforce 0

编辑/etc/selinux/config修改如图配置
image.png

源码安装haproxy

1. 下载https://src.fedoraproject.org/repo/pkgs/haproxy/,解压并安装,这里使用版本1.8.25(2.0以上版本需要配置lua)

# 安装依赖包
yum install gcc openssl-devel readline-devel systemd-devel make pcre-devel psmisc -y
mkdir -p /opt/{softwares,installers}
cd /opt/softwares/
wget https://src.fedoraproject.org/repo/pkgs/haproxy/haproxy-1.8.25.tar.gz/sha512/655eb4056989a3fee321ea9278a2085b0a999e522293f1f6229ebb8d17f3d33cb78abb4fd55a06d0218082e632b2d42de105575d0acd0c1b49996d4b45aa78e8/haproxy-1.8.25.tar.gz
tar xzf haproxy-1.8.25.tar.gz 
cd haproxy-1.8.25
#将haproxy安装到/opt/installers/haproxy-1.8.25目录,注意:TARGET=Linux31 是通过uname -a来查看Linux内核版本的
make TARGET=linux-glibc USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1  USE_CPU_AFFINITY=1 PREFIX=/opt/installers/haproxy-1.8.25
make install PREFIX=/opt/installers/haproxy-1.8.25
cp /opt/installers/haproxy-1.8.25/sbin/haproxy /usr/sbin/
#安装完成之后,默认安装目录是没有配置文件的,需要创建配置文件目录同时将源码包的配置文件拷贝到配置文件目录
mkdir /opt/installers/haproxy-1.8.25/conf

image.png

2. 配置HAProxy的systemd守护进程服务启动文件

tee /etc/systemd/system/haproxy.service <<EOF
[Unit]
Description=HAProxy
After=syslog.target network.target

[Service]
ExecStart=/opt/installers/haproxy-1.8.25/sbin/haproxy -f /opt/installers/haproxy-1.8.25/conf/haproxy.cfg -p /opt/installers/haproxy-1.8.25/haproxy.pid -Ws
ExecReload=/bin/kill -USR2 \$MAINPID
ExecStop=/bin/kill -USR1 \$MAINPID

[Install]
WantedBy=multi-user.target
EOF

# 重新加载systemd配置文件
systemctl daemon-reload

配置配置文件

# 创建一个不可登录系统,且没有家目录的用户
useradd -s /sbin/nologin -M haproxy
cat /opt/installers/haproxy-1.8.25/conf/haproxy.cfg
global
	maxconn     4000
	user        haproxy
	group       haproxy
	daemon

defaults
	log global
	option  httplog
	option  dontlognull
	timeout connect 5000
	timeout client 50000
	timeout server 50000

frontend kube-apiserver
	bind *:6443
	mode tcp
	option tcplog
	default_backend kube-apiserver

backend kube-apiserver
	mode tcp
	option tcplog	
	option tcp-check
	balance roundrobin
	default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
	server k8s-master-1 10.6.126.133:6443 check 
	server k8s-master-2 10.6.126.143:6443 check
	server k8s-master-3 10.6.126.153:6443 check

启动haproxy

systemctl start haproxy
systemctl enable haproxy
systemctl status haproxy

image.png

源码安装keepalive

1. 官网下载最新版本https://www.keepalived.org/download.html,解压并安装

mkdir -p /opt/{softwares,installers}
cd /opt/softwares/
wget https://www.keepalived.org/software/keepalived-2.2.2.tar.gz
tar xf keepalived-2.2.2.tar.gz
cd /opt/softwares/keepalived-2.2.2
./configure --prefix=/opt/installers/keepalived-2.2.2
make && make install

image.png

2. 初始化

cp /opt/installers/keepalived-2.2.2/etc/sysconfig/keepalived  /etc/sysconfig/keepalived
cp /opt/installers/keepalived-2.2.2/sbin/keepalived /usr/sbin/keepalived
# 此文件在源码目录中
cp /opt/softwares/keepalived-2.2.2/keepalived/etc/init.d/keepalived  /etc/init.d/keepalived

3. 配置文件

mkdir -p /etc/keepalived/
vim /etc/keepalived/keepalived.conf

keepalive-haproxy-1

global_defs {
   notification_email {
   }
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

# haproxy验证
vrrp_script chk_haproxy {
  script "killall -0 haproxy"
  interval 2
  weight 5
}

vrrp_instance haproxy-vip {
    state MASTER	
    interface eth0	# 网卡
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    unicast_src_ip 10.6.126.132	#本机IP
    unicast_peer {
        #10.6.126.142	# 其它节点IP
        #10.6.126.152
    }
    virtual_ipaddress {
        10.6.126.150	# vip地址池
    }
    track_script {
        chk_haproxy
    }
}

keepalive-haproxy-2

global_defs {
   notification_email {
   }
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

# haproxy验证
vrrp_script chk_haproxy {
  script "killall -0 haproxy"
  interval 2
  weight 5
}

vrrp_instance haproxy-vip {
    state BACKUP
    interface eth0	# 网卡
    virtual_router_id 51
    priority 99
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    unicast_src_ip 10.6.126.142	#本机IP
    unicast_peer {
        #10.6.126.132	# 其它节点IP
        #10.6.126.152
    }
    virtual_ipaddress {
        10.6.126.150	# vip地址池
    }
    track_script {
        chk_haproxy
    }
}

keepalive-haproxy-3

global_defs {
   notification_email {
   }
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

# haproxy验证
vrrp_script chk_haproxy {
  script "killall -0 haproxy"
  interval 2
  weight 5
}

vrrp_instance haproxy-vip {
    state BACKUP
    interface eth0	# 网卡
    virtual_router_id 51
    priority 98
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    unicast_src_ip 10.6.126.152	#本机IP
    unicast_peer {
        #10.6.126.132	# 其它节点IP
        #10.6.126.142
    }
    virtual_ipaddress {
        10.6.126.150	# vip地址池
    }
    track_script {
        chk_haproxy
    }
}

image.png

4. 启动keepalive

systemctl start keepalived
systemctl enable keepalived
systemctl status keepalived

image.png