adding v 0.1 of LB script
This commit is contained in:
Sander van Vugt
parent
ca8462aa12
commit
39d19e9e19
146
setup-lb.sh
Normal file
146
setup-lb.sh
Normal file
@ -0,0 +1,146 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# echo script to set up load balancing on cluster nodes
|
||||
# for use in CKA courses by Sander van Vugt
|
||||
# version 0.1 - may be buggy!
|
||||
# currently only supporting CentOS 7.x
|
||||
# run this AFTER running setup-docker.sh and setup-kubetools.sh
|
||||
# read and try to udnerstand before running this!
|
||||
|
||||
# install required software
|
||||
yum install haproxy keepalived -y
|
||||
|
||||
# create keepalived config
|
||||
# change IP address to anything that works in your environment!
|
||||
cat << EOF >> /etc/keepalived/check_apiserver.sh
|
||||
APISERVER_VIP=192.168.4.100
|
||||
APISERVER_DEST_PORT=6443
|
||||
|
||||
errorExit() {
|
||||
echo "* * * $*" 1>&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
curl --silent --max-time 2 --insecure https://localhost:${APISERVER_DEST_PORT}/ -o /dev/null || errorExit "Error GET https://localhost:${APISERVER_DEST_PORT}/"
|
||||
if ip addr | grep -q ${APISERVER_VIP}; then
|
||||
curl --silent --max-time 2 --insecure https://${APISERVER_VIP}:${APISERVER_DEST_PORT}/ -o /dev/null || errorExit "Error GET https://${APISERVER_VIP}:${APISERVER_DEST_PORT}/"
|
||||
EOF
|
||||
|
||||
#### creating second script, make sure to change IP addresses!
|
||||
|
||||
cat << EOF >> /etc/keepalived/keepalived.conf
|
||||
! /etc/keepalived/keepalived.conf
|
||||
! Configuration File for keepalived
|
||||
global_defs {
|
||||
router_id LVS_DEVEL
|
||||
}
|
||||
vrrp_script check_apiserver {
|
||||
script "/etc/keepalived/check_apiserver.sh"
|
||||
interval 3
|
||||
weight -2
|
||||
fall 10
|
||||
rise 2
|
||||
}
|
||||
|
||||
vrrp_instance VI_1 {
|
||||
state MASTER
|
||||
interface ens33
|
||||
virtual_router_id 151
|
||||
priority 255
|
||||
authentication {
|
||||
auth_type PASS
|
||||
auth_pass Password
|
||||
}
|
||||
virtual_ipaddress {
|
||||
192.168.4.100/24
|
||||
}
|
||||
track_script {
|
||||
check_apiserver
|
||||
}
|
||||
}
|
||||
EOF
|
||||
|
||||
chmod +x /etc/keepalived/check_apiserver.sh
|
||||
|
||||
### setting up haproxy
|
||||
echo > /etc/haproxy/haproxy.cfg
|
||||
cat << EOF >> /etc/haproxy/haproxy.cfg
|
||||
|
||||
# /etc/sysconfig/syslog
|
||||
#
|
||||
# local2.* /var/log/haproxy.log
|
||||
#
|
||||
log 127.0.0.1 local2
|
||||
|
||||
chroot /var/lib/haproxy
|
||||
pidfile /var/run/haproxy.pid
|
||||
maxconn 4000
|
||||
user haproxy
|
||||
group haproxy
|
||||
daemon
|
||||
|
||||
# turn on stats unix socket
|
||||
stats socket /var/lib/haproxy/stats
|
||||
|
||||
#---------------------------------------------------------------------
|
||||
# common defaults that all the 'listen' and 'backend' sections will
|
||||
# use if not designated in their block
|
||||
#---------------------------------------------------------------------
|
||||
defaults
|
||||
mode http
|
||||
log global
|
||||
option httplog
|
||||
option dontlognull
|
||||
option http-server-close
|
||||
option forwardfor except 127.0.0.0/8
|
||||
option redispatch
|
||||
retries 3
|
||||
timeout http-request 10s
|
||||
timeout queue 1m
|
||||
timeout connect 10s
|
||||
timeout client 1m
|
||||
timeout server 1m
|
||||
timeout http-keep-alive 10s
|
||||
timeout check 10s
|
||||
maxconn 3000
|
||||
|
||||
#---------------------------------------------------------------------
|
||||
# main frontend which proxys to the backends
|
||||
#---------------------------------------------------------------------
|
||||
#---------------------------------------------------------------------
|
||||
# apiserver frontend which proxys to the masters
|
||||
#---------------------------------------------------------------------
|
||||
frontend apiserver
|
||||
bind *:8443
|
||||
mode tcp
|
||||
option tcplog
|
||||
default_backend apiserver
|
||||
#---------------------------------------------------------------------
|
||||
# round robin balancing for apiserver
|
||||
#---------------------------------------------------------------------
|
||||
backend apiserver
|
||||
option httpchk GET /healthz
|
||||
http-check expect status 200
|
||||
mode tcp
|
||||
option ssl-hello-chk
|
||||
balance roundrobin
|
||||
server control1 192.168.4.87:6443 check
|
||||
server control2 192.168.4.88:6443 check
|
||||
server control3 192.168.4.89:6443 check
|
||||
EOF
|
||||
|
||||
echo enter IP address of second HA node
|
||||
read SECONDNODE
|
||||
|
||||
echo enter IP address of third HA node
|
||||
read THIRDNODE
|
||||
|
||||
systemctl enable keepalived --now
|
||||
systemctl enable haproxy --now
|
||||
|
||||
echo now edit the keepalived.conf file on $SECONDNODE and $THIRDNODE
|
||||
echo change "state MASTER" to "state SLAVE"
|
||||
echo set priority to 254 on $SECONDNODE and 253 on $THIRDNODE
|
||||
echo and use systemctl to enable --now keepalived and haproxy services
|
||||
echo I will automate this in a later version of this script
|
||||
for i in $SECONDNODE $THIRDNODE; do scp /etc/keepalived/check_apiserver.sh /etc/keepalived/keepalived.conf root@$i:/etc/keepalived; scp /etc/haproxy/haproxy.cfg root@$i:/etc/haproxy; done
|
||||
Loading…
Reference in New Issue
Block a user