Keepalived高可用配置
Keepalived简介
Keepalived基于VRRP协议在服务器之间建立了主备关系,通常称之为高可用对。VRRP中文叫虚拟路由冗余协议,目的是解决静态路由的单点故障问题。高可用对之间通过IP多播的方式进行通信,通过竞争机制确定主备关系,优先级高的为主服务器,主服务优先获得资源提供服务,备服务器处于等待状态,主节点不断向备节点发送VRRP数据包,当主服务器宕机时,备节点接收不到数据包,于是接管所有资源(VIP),对外提供服务。VRRP实现了主备关系建立和高可用对之间的故障切换,VIP实现了IP地址的热迁移,无需重启网卡,从而使得切换更加迅速。
安装Keepalived
yum install keepalived -y rpm -qa keepalived
单实例VIP自动漂移
===lb01=== vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { asdftttt@163.com } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id lb01 } vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 55 priority 150 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.12/24 dev eth0 label eth0:1 } } /etc/init.d/keepalived start ip addr | grep 10.0.0.12 ===lb02=== vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { asdftttt@163.com } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id lb02 } vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 55 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.12/24 dev eth0 label eth0:1 } } /etc/init.d/keepalived start ip addr | grep 10.0.0.12
备份服务器创建裂脑检测脚本
裂脑指的是主备服务器上同时存在相同的VIP,原因通常是线路或防火墙导致的无法通信,备份服务器收不到主服务器发送的VRRP数据包即心跳信息,于是接管了服务。 vim /server/scripts/check_split_brain.sh #!/bin/bash #原理:Ping主节点,如果Master没有宕机而Slave出现了VIP,发送裂脑警告。 #收到警告后第一时间查看Master中Keepalived服务是否正常。 #有可能只是keepalived服务宕掉了 lb01_vip=10.0.0.12 lb01_ip=172.16.1.5 while true do ping -c 2 -W 3 $lb01_ip &> /dev/null if [ $? -eq 0 -a `ip addr | grep "$lb01_vip" | wc -l` -eq 1 ];then echo "ha is split brain.warning" else echo "ha is ok" fi sleep 5 done 这个脚本的局限在于当线路问题导致裂脑时,该脚本无法判断,最好在监控服务器上也进行监控
配置Keepalived和服务相关联
vim /server/scripts/chk_nginx_proxy.sh #!/bin/bash #keepalived通常只针对服务器,不针对服务,该脚本解决此问题 #当nginx proxy停止,keepalived也停止 if [ `netstat -nutlp | grep nginx | wc -l` -ne 1 ];then /etc/init.d/keepalived stop fi chmod u+x /server/scripts/chk_nginx_proxy.sh vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { asdftttt@163.com } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id lb01 } vrrp_script chk_nginx_proxy { script "/server/scripts/chk_nginx_proxy.sh" interval 2 weight 2 } vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 55 priority 150 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.12/24 dev eth0 label eth0:1 } track_script { chk_nginx_proxy } } /etc/init.d/keepalived reload /application/nginx/sbin/nginx -s stop /etc/init.d/keepalived status
配置多播地址
同一网段有多个高可用对,需要配置不同的多播地址 vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { asdftttt@163.com } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id lb01 vrrp_mcast_group4 224.0.0.19 }
配置指定文件记录日志
vim /etc/sysconfig/keepalived KEEPALIVED_OPTIONS="-D -d -S 0" #-D 详细日志 -d 导出备份 -S 0 指定syslog设备为local0 vim /etc/rsyslog.conf 42 *.info;mail.none;authpriv.none;cron.none;local0.none /var/log/messages 81 local0.* /var/log/keepalived.log /etc/init.d/rsyslog restart