#!/bin/bash set -euo pipefail # 初始化变量 ACTION="" BACKENDS="" VIP="" HAPROXY_PORT=6443 HAPROXY_CONF="/etc/haproxy/haproxy.cfg" HAPROXY_LOG_CONF="/etc/rsyslog.d/haproxy.conf" HAPROXY_LOG="/var/log/haproxy.log" # 打印帮助信息 usage() { echo "用法: $0 [操作] [选项]" echo "操作:" echo " --install 安装并配置haproxy" echo " --uninstall 卸载haproxy并清理配置" echo "安装选项:" echo " --backend <节点列表> 必选，后端节点（格式:IP:端口,IP:端口...）" echo " --vip 必选，虚拟IP（格式:192.168.1.100）" echo " --port <端口> 可选，监听端口（默认6443）" echo "示例:" echo " 安装: $0 --install --backend 192.168.1.10:6443,192.168.1.11:6443 --vip 192.168.1.100" echo " 卸载: $0 --uninstall" exit 1 } # 解析参数 while [[ $# -gt 0 ]]; do case "$1" in --install|--uninstall) ACTION="$1" shift ;; --backend) BACKENDS="$2" shift 2 ;; --vip) VIP="$2" shift 2 ;; --port) HAPROXY_PORT="$2" shift 2 ;; *) echo "错误：未知参数 $1" usage ;; esac done # 校验操作参数 if [[ -z "$ACTION" ]]; then echo "错误：必须指定 --install 或 --uninstall" usage fi # 检查root权限 if [[ $EUID -ne 0 ]]; then echo "错误：脚本必须以root权限运行（使用sudo）" exit 1 fi # 安装haproxy install_haproxy() { # 校验安装参数 if [[ -z "$BACKENDS" || -z "$VIP" ]]; then echo "错误：安装必须指定 --backend 和 --vip" usage fi # 校验后端节点格式 IFS=',' read -ra BACKEND_LIST <<< "$BACKENDS" for node in "${BACKEND_LIST[@]}"; do if ! [[ "$node" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:[0-9]+$ ]]; then echo "错误：后端节点格式无效（正确格式：IP:端口）" exit 1 fi done # 安装软件 echo "===== 开始安装haproxy =====" apt update >/dev/null apt install -y haproxy >/dev/null || { echo "haproxy安装失败"; exit 1; } # 备份原有配置（若存在） if [[ -f "$HAPROXY_CONF" ]]; then mv "$HAPROXY_CONF" "${HAPROXY_CONF}.bak.$(date +%F_%H%M%S)" echo "已备份原有配置文件" fi # 生成配置文件 echo "生成haproxy配置..." cat > "$HAPROXY_CONF" << EOF global log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 10000 user haproxy group haproxy daemon defaults mode tcp log global option tcplog option dontlognull option redispatch retries 3 timeout connect 10s timeout client 1m timeout server 1m maxconn 8000 frontend k8s-api-frontend bind $VIP:$HAPROXY_PORT mode tcp default_backend k8s-api-backend backend k8s-api-backend mode tcp balance roundrobin EOF # 添加后端节点 for idx in "${!BACKEND_LIST[@]}"; do node="${BACKEND_LIST[$idx]}" echo " server master-$idx $node check fall 3 rise 2 weight 10" >> "$HAPROXY_CONF" done # 配置日志 echo "配置日志..." echo 'local2.* /var/log/haproxy.log' > "$HAPROXY_LOG_CONF" systemctl restart rsyslog >/dev/null # 启动服务 systemctl enable --now haproxy if systemctl is-active --quiet haproxy; then echo "===== haproxy安装完成 =====" echo "监听：$VIP:$HAPROXY_PORT" echo "后端：$BACKENDS" else echo "错误：haproxy启动失败，请查看日志 $HAPROXY_LOG" exit 1 fi } # 卸载haproxy uninstall_haproxy() { echo "===== 开始卸载haproxy =====" # 停止服务 if systemctl is-active --quiet haproxy; then systemctl stop haproxy echo "已停止haproxy服务" fi # 卸载软件 if dpkg -l haproxy &>/dev/null; then apt purge -y haproxy >/dev/null apt autoremove -y >/dev/null echo "已卸载haproxy软件包" else echo "haproxy未安装，跳过卸载" fi # 清理配置文件（保留备份提示） if [[ -d /etc/haproxy/ ]]; then mv /etc/haproxy/ "/etc/haproxy.bak.$(date +%F_%H%M%S)" echo "配置文件已备份至 /etc/haproxy.bak.xxx" fi # 清理日志配置 if [[ -f "$HAPROXY_LOG_CONF" ]]; then rm -f "$HAPROXY_LOG_CONF" systemctl restart rsyslog >/dev/null echo "已清理日志配置" fi # 清理日志文件 if [[ -f "$HAPROXY_LOG" ]]; then rm -f "$HAPROXY_LOG" echo "已删除日志文件" fi echo "===== haproxy卸载完成 =====" } # 执行操作 case "$ACTION" in --install) install_haproxy ;; --uninstall) uninstall_haproxy ;; *) usage ;; esac