ansible-devops/scripts/haproxy.sh

#!/bin/bash
set -euo pipefail

# 初始化变量
ACTION=""
BACKENDS=""
HAPROXY_PORT=6443
HAPROXY_CONF="/etc/haproxy/haproxy.cfg"
HAPROXY_LOG_CONF="/etc/rsyslog.d/haproxy.conf"
HAPROXY_LOG="/var/log/haproxy.log"

# 打印帮助信息
usage() {
    echo "用法: $0 [操作] [选项]"
    echo "操作:"
    echo "  --install   安装并配置haproxy"
    echo "  --uninstall 卸载haproxy并清理配置"
    echo "安装选项:"
    echo "  --backend <节点列表>  必选，后端节点（格式:IP:端口,IP:端口...）"
    echo "  --port <端口>        可选，监听端口（默认6443）"
    echo "示例:"
    echo "  安装: $0 --install --backend 192.168.1.10:6443,192.168.1.11:6443 --port 8443"
    echo "  卸载: $0 --uninstall"
    exit 1
}

# 解析参数
while [[ $# -gt 0 ]]; do
    case "$1" in
        --install|--uninstall)
            ACTION="$1"
            shift
            ;;
        --backend)
            BACKENDS="$2"
            shift 2
            ;;
        --port)
            HAPROXY_PORT="$2"
            shift 2
            ;;
        *)
            echo "错误：未知参数 $1"
            usage
            ;;
    esac
done

# 校验操作参数
if [[ -z "$ACTION" ]]; then
    echo "错误：必须指定 --install 或 --uninstall"
    usage
fi

# 检查root权限
if [[ $EUID -ne 0 ]]; then
    echo "错误：脚本必须以root权限运行（使用sudo）"
    exit 1
fi

# 安装haproxy
install_haproxy() {
    # 校验安装参数
    if [[ -z "$BACKENDS" || -z "$HAPROXY_PORT" ]]; then
        echo "错误：安装必须指定 --backend 和 --port"
        usage
    fi

    # 校验后端节点格式
    IFS=',' read -ra BACKEND_LIST <<< "$BACKENDS"
    for node in "${BACKEND_LIST[@]}"; do
        if ! [[ "$node" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:[0-9]+$ ]]; then
            echo "错误：后端节点格式无效（正确格式：IP:端口）"
            exit 1
        fi
    done

    # 安装软件
    echo "===== 开始安装haproxy ====="
    apt update >/dev/null
    apt install -y haproxy >/dev/null || { echo "haproxy安装失败"; exit 1; }

    # 备份原有配置（若存在）
    if [[ -f "$HAPROXY_CONF" ]]; then
        mv "$HAPROXY_CONF" "${HAPROXY_CONF}.bak.$(date +%F_%H%M%S)"
        echo "已备份原有配置文件"
    fi

    # 生成配置文件
    echo "生成haproxy配置..."
    cat > "$HAPROXY_CONF" << EOF
global
    log         127.0.0.1 local2
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     10000
    user        haproxy
    group       haproxy
    daemon

listen haproxy-stats
    bind 0.0.0.0:9090
    mode http
    stats enable
    stats uri /stats
    stats auth admin:Admin@123
    stats refresh 30s
    stats show-node
    stats show-legends

defaults
    mode                    tcp
    log                     global
    option                  tcplog
    option                  dontlognull
    option                  redispatch
    retries                 3
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    maxconn                 8000

frontend k8s-api-frontend
    bind *:$HAPROXY_PORT
    mode tcp
    default_backend k8s-api-backend

backend k8s-api-backend
    mode tcp
    balance roundrobin
EOF

    # 添加后端节点
    for idx in "${!BACKEND_LIST[@]}"; do
        node="${BACKEND_LIST[$idx]}"
        echo "    server master-$idx $node check fall 3 rise 2 weight 10" >> "$HAPROXY_CONF"
    done

    # 配置日志
    echo "配置日志..."
    echo 'local2.* /var/log/haproxy.log' > "$HAPROXY_LOG_CONF"
    systemctl restart rsyslog >/dev/null

    # 启动服务
    systemctl enable  haproxy
    systemctl start  haproxy
    if systemctl is-active --quiet haproxy; then
        echo "===== haproxy安装完成 ====="
        echo "监听：*:$HAPROXY_PORT"
        echo "后端：$BACKENDS"
    else
        echo "错误：haproxy启动失败，请查看日志 $HAPROXY_LOG"
        exit 1
    fi
}

# 卸载haproxy
uninstall_haproxy() {
    echo "===== 开始卸载haproxy ====="

    # 停止服务
    if systemctl is-active --quiet haproxy; then
        systemctl stop haproxy
        echo "已停止haproxy服务"
    fi

    # 卸载软件
    if dpkg -l haproxy &>/dev/null; then
        apt purge -y haproxy >/dev/null
        apt autoremove -y >/dev/null
        echo "已卸载haproxy软件包"
    else
        echo "haproxy未安装，跳过卸载"
    fi

    # 清理配置文件（保留备份提示）
    if [[ -d /etc/haproxy/ ]]; then
        mv /etc/haproxy/ "/etc/haproxy.bak.$(date +%F_%H%M%S)"
        echo "配置文件已备份至 /etc/haproxy.bak.xxx"
    fi

    # 清理日志配置
    if [[ -f "$HAPROXY_LOG_CONF" ]]; then
        rm -f "$HAPROXY_LOG_CONF"
        systemctl restart rsyslog >/dev/null
        echo "已清理日志配置"
    fi

    # 清理日志文件
    if [[ -f "$HAPROXY_LOG" ]]; then
        rm -f "$HAPROXY_LOG"
        echo "已删除日志文件"
    fi

    echo "===== haproxy卸载完成 ====="
}

# 执行操作
case "$ACTION" in
    --install)
        install_haproxy
        ;;
    --uninstall)
        uninstall_haproxy
        ;;
    *)
        usage
        ;;
esac