Linux教程FG507-Linux综合实战案例十三

内容简介：本文风哥教程参考Linux官方文档、Red Hat Enterprise Linux官方文档、Ansible Automation Platform官方文档、Docker官方文档、Kubernetes官方文档和Podman官方文档等内容，详细介绍了相关技术的配置和使用方法。

风哥提示：

本文档介绍企业级负载均衡部署综合实战案例。

Part01-HAProxy负载均衡

1.1 HAProxy安装配置

# 安装HAProxy
[root@fgedu-lb1 ~]# yum install -y haproxy

# 配置HAProxy
[root@fgedu-lb1 ~]# cat > /etc/haproxy/haproxy.cfg << 'EOF' global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin stats timeout 30s user haproxy group haproxy daemon maxconn 4000 defaults log global mode http option httplog option dontlognull timeout connect 5000 timeout client 50000 timeout server 50000 retries 3 option redispatch # 统计页面 listen stats bind *:8404 stats enable stats uri /stats stats refresh 10s stats auth admin:Admin@123 # HTTP前端 frontend http_front bind *:80 acl is_web hdr(host) -i www.fgedu.net.cn acl is_api hdr(host) -i api.fgedu.net.cn use_backend web_servers if is_web use_backend api_servers if is_api default_backend web_servers # Web服务器后端 backend web_servers balance roundrobin option httpchk GET /health http-check expect status 200 server web1 192.168.1.20:80 check inter 2s fall 3 rise 2 weight 5 server web2 192.168.1.21:80 check inter 2s fall 3 rise 2 weight 5 server web3 192.168.1.22:80 check inter 2s fall 3 rise 2 weight 5 backup # API服务器后端 backend api_servers balance leastconn option httpchk GET /api/health http-check expect status 200 server api1 192.168.1.30:8080 check inter 2s fall 3 rise 2 server api2 192.168.1.31:8080 check inter 2s fall 3 rise 2 server api3 192.168.1.32:8080 check inter 2s fall 3 rise 2 # HTTPS前端 frontend https_front bind *:443 ssl crt /etc/haproxy/ssl/fgedu.pem redirect scheme https if !{ ssl_fc } default_backend web_servers EOF # 启动HAProxy [root@fgedu-lb1 ~]# systemctl enable haproxy --now # 查看状态 [root@fgedu-lb1 ~]# curl -s http://localhost:8404/stats | head -20
Statistics Report for HAProxy

Part02-Keepalived高可用

2.1 Keepalived配置

# 安装Keepalived
[root@fgedu-lb1 ~]# yum install -y keepalived

# 配置Keepalived主节点
[root@fgedu-lb1 ~]# cat > /etc/keepalived/keepalived.conf << 'EOF' global_defs { router_id FGEDU_LB1 script_user root enable_script_security } vrrp_script check_haproxy { script "/usr/local/bin/check_haproxy.sh" interval 2 weight -20 fall 2 rise 1 } vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass fgedu123 } virtual_ipaddress { 192.168.1.100/24 } track_script { check_haproxy } notify_master "/usr/local/bin/notify_master.sh" notify_backup "/usr/local/bin/notify_backup.sh" } EOF # 创建检查脚本 [root@fgedu-lb1 ~]# cat > /usr/local/bin/check_haproxy.sh << 'EOF' #!/bin/bash # check_haproxy.sh # from:www.itpux.com.qq113257174.wx:itpux-com # web: http://www.更多视频教程www.fgedu.net.cnfgedu.net.cn if [ $(pgrep haproxy | wc -l) -eq 0 ]; then exit 1 fi exit 0 EOF [root@fgedu-lb1 ~]# chmod +x /usr/local/bin/check_haproxy.sh # 配置从节点 [root@fgedu-lb2 ~]# cat > /etc/keepalived/keepalived.conf << 'EOF' global_defs { router_id FGEDU_LB2 } vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 51 priority 90 advert_int 1 authentication { auth_type PASS auth_pass fgedu123 } virtual_ipaddress { 192.168.1.100/24 } } EOF # 启动Keepalived [root@fgedu-lb1 ~]# systemctl enable keepalived --now # 验证VIP [root@fgedu-lb1 ~]# ip addr show eth0 | grep 192.168.1.100 inet 192.168.1.100/24 scope global secondary eth0

Part03-四层负载均衡

3.1 TCP负载均衡配置

# 配置TCP负载均衡
[root@fgedu-lb1 ~]# cat >> /etc/haproxy/haproxy.cfg << 'EOF' # MySQL负载均衡 listen mysql bind *:3306 mode tcp option tcplog balance source option mysql-check user haproxy_check server mysql1 192.168.1.40:3306 check inter 2s fall 3 rise 2 server mysql2 192.168.1.41:3306 check inter 2s fall 3 rise 2 backup # Redis负载均衡 listen redis bind *:6379 mode tcp balance roundrobin option tcp-check tcp-check send PING\r\n tcp-check expect string +PONG server redis1 192.168.1.50:6379 check inter 2s fall 3 rise 2 server redis2 192.168.1.51:6379 check inter 2s fall 3 rise 2 server redis3 192.168.1.52:6379 check inter 2s fall 3 rise 2 # SSH负载均衡 listen ssh bind *:2222 mode tcp balance leastconn server ssh1 192.168.1.10:22 check 学习交流加群风哥微信: itpux-com server ssh2 192.168.1.11:22 check server ssh3 192.168.1.12:22 check EOF # 重启HAProxy [root@fgedu-lb1 ~]# systemctl restart haproxy # 测试MySQL连接 [root@fgedu-client ~]# mysql from PG视频:www.itpux.com-h 192.168.1.100 -P 3306 -u test -p Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 123 Server version: 8.0.32 MySQL Community Server mysql> SELECT @@hostname;
+————+
| @@hostname |
+————+
| fgedu-db1 |
+————+
1 row in set (0.00 sec)

Part04-负载均衡监控

4.1 监控配置

# 配置HAProxy Exporter
[root@fgedu-lb1 ~]# docker run -d –name haproxy-exporter \
-p 9101:9101 \
–restart always \
prom/haproxy-exporter:v0.14.0 \
–haproxy.scrape-uri=http://localhost:8404/stats;csv

# 配置Prometheus
[root@fgedu-prometheus ~]# cat >> /etc/prometheus/prometheus.yml << 'EOF' - job_name: 'haproxy' static_configs: - targets: ['192.168.1.10:9101', '192.168.1.11:9101'] EOF # 创建告警规则 [root@fgedu-prometheus ~]# cat > /etc/prometheus/rules/haproxy.yml << 'EOF' groups: - name: haproxy_alerts rules: - alert: HAProxyDown expr: haproxy_up == 0 for: 1m labels: severity: critical annotations: summary: "HAProxy实例宕机" description: "HAProxy {{ $labels.instance }} 已宕机" - alert: HAProxyBackendDown expr: haproxy_backend_active_servers == 0 for: 1m labels: severity: critical annotations: summary: "HAProxy后端无可用服务器" description: "后端 {{ $labels.backend }} 无可用服务器" - alert: HAProxyHighConnectionRate expr: rate(haproxy_frontend_connections_total[5m]) > 1000
for: 5m
labels:
severity: warning
annotations:
summary: “HAProxy连接速率过高”
description: “前端 {{ $labels.frontend }} 连接速率超过1000/s”

– alert: HAProxyBackendHighLatency
expr: haproxy_backend_response_time_average_seconds > 1
for: 5m
labels:
severity: warning
annotations:
summary: “HAProxy后端延迟过高”
description: “后端 {{ $labels.backend }} 平均响应时间超过1秒”
EOF

# 创建健康检查脚本
[root@fgedu-lb1 ~]# cat > /usr/local/bin/lb-health-check.sh << 'EOF' #!/bin/bash # lb-health-check.sh # from:www.itpux.com.qq113257174.wx:itpux-com # web: http://www.fgedu.net.cn echo "=== 负载均衡健康检查 ===" echo "检查时间: $(date)" echo "" echo "1. VIP状态" ip addr show eth0 | grep -q "192.168.1.100" if [ $? -eq 0 ]; then echo "VIP在本节点" else echo "VIP不在本节点" fi echo "" echo "2. HAProxy状态" systemctl is-active haproxy echo "" echo "3. 后端服务器状态" echo "Web服务器:" curl -s http://localhost:8404/stats\;csv | grep web_servers | awk -F',' '{print $2": "$18}' echo "" echo "API服务器:" curl -s http://localhost:8404/stats\;csv | grep api_servers | awk -F',' '{print $2": "$18}' echo "" echo "4. 连接统计" echo "当前连接: $(curl -s http://localhost:8404/stats\;csv | head -2 | tail -1 | awk -F',' '{print $5}')" echo "" echo "=== 检查完成 ===" EOF [root@fgedu-lb1 ~]# chmod +x /usr/local/bin/lb-health-check.sh

风哥针对负载均衡建议：

配置高可用负载均衡
实施健康检查机制
配置会话保持策略
监控后端服务器状态
建立故障切换流程

本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html