Keepalived
Keepalived
Keepalived
vrrp协议在Linux主机上以守护进程方式的实现:
能够根据配置文件自动生成ipvs规则:
对各RS做健康状态检测:
yum install -y keepalived
rpm -ql keepalived
配置文件组成部分
GLOBAL CONFIGURATION
VRRPD CONF IGURATION
- vrrp instance
- vrrp synchonization group
LVS CONFIGURATION
HA Cluster配置前提
1、本机的主机名,要与hostname(uname-n)获得的名称保持一致:
CentOS 6:/etc/sysconfig/network CentOS 7:hostnamectl set-hostname HOSTNAME各节点要能互相解析主机名:一般建议通过hosts文件进行解析:
cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.2.99 node1
192.168.2.100 node2
192.168.2.101 node3 web1
192.168.2.253 node4 web2
2、各节点时间同步:
ntpdate $ntpserverip
3、确保iptables及selipux不会成为服务阻碍
systemctl stop iptable
setenforce 0
sed '/SELINUX/s/=enforcing/permissive/' /etc/selinux/config -i
示例1:keepalived
![keepalived keepalived](./images/1542849518353.png)
keepalived
kepalived1 v1 master
配置文件
cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost #设置报警收件人邮箱
}
notification_email_from keepalived1@localhost #配置发件人
smtp_server 127.0.0.1 #配置邮件服务器
smtp_connect_timeout 30
router_id node1 //设置路由ID号,一般设置主机名
}
vrrp_script chk_down { #定义脚本检测
script "[[-f /etc/keepalived/down]] && exit 1 || exit 0" #检测文件是否存在,存在返回 1,不存在 0
interval 1 #1 秒检测一次
weight -2 #失败后权重 - 2
# fall 2 #失败判断 2 次
# rise 1 #成功判断 1 次
}
vrrp_instance VI_1 {
state MASTER #配置模式 主master备bakcup
interface eno16777728 #vip 绑定接口
virtual_router_id 10 #在V1_1里面,主辅VRID号必须一致
priority 100 #配置优先级 值越大优先级就越高
advert_int 1
authentication {
auth_type PASS #认证
auth_pass 1000 #认证密码 主辅服务器密码必须一致
}
virtual_ipaddress {
192.168.2.2 #配置虚拟 IP 地址
}
track_script { #配置执行上面定义的脚本
chk_down #上面定义的脚本
}
notify_master "/etc/keepalived/notify.sh master" #当切换主节点执行 通常用于发邮件通知管理员
notify_backup "/etc/keepalived/notify.sh backup" #当切换备节点执行
notify_fault "/etc/keepalived/notify.sh fault" #当切无法连接执行
}
virtual_server 192.168.2.2 80 { #lvs 配置部分,设置 IP 端口
delay_loop 6
lb_algo wrr #设置权重模型
lb_kind DR #DR 模型
#persistence_timeout 50 #长连接超时
nat_mask 255.255.255.0
protocol TCP
sorry_server 127.0.0.1 80 #增加一行sorry_server,当所有节点挂掉就启用临时页面
real_server 192.168.2.101 80 { #配置 rs
weight 1
# HTTP_GET { #监控配置 ,通过 HTTP 监控,还有 #ssl,tcp,smtp
# url {
# path / #监控网址
# status_code 200 #检测状态码 200
# }
connect_timeout 2 #检测时长
nb_get_retry 3
delay_before_retry 1
}
TCP_CHECK {
connect_timeout 2 #检测时长
}
}
real_server 192.168.2.253 80 {
weight 2
TCP_CHECK {
connect_timeout 2
}
}
脚本
cat notify.sh
#!/bin/bash
vip=192.168.2.2
contact='root@localhost'
notify() {
mailsubject="`hostname` to be $1: $vip floating"
mailbody="`date'+%F %H:%M:%S'`: vrrp transition, `hostname` changed to be $1"
echo $mailbody | mail -s "$mailsubject" $contact
}
case "$1" in
master)
notify master
# /etc/rc.d/init.d/haproxy start
exit 0
;;
backup)
notify backup
# /etc/rc.d/init.d/haproxy stop
exit 0
;;
fault)
notify fault
# /etc/rc.d/init.d/haproxy stop
exit 0
;;
*)
echo 'Usage: `basename $0` {master|backup|fault}'
exit 1
;;
esac
启动服务
systemctl start keepalived
systemctl enable keepalived
启用SORRYSERVER
echo sorry> /var/www/html/index.html
systemctl start httpd
systemctl enable httpd
可生成随机密码num*2
openssl rand -hex 4
keepalived2 v1 backup
配置文件
cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived2@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node2
}
vrrp_script chk_down {
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
interval 1
weight -2
}
vrrp_instance VI_1 {
state BACKUP
interface eno16777728
virtual_router_id 51
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1000
}
virtual_ipaddress {
192.168.2.2
}
track_script {
chk_down
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
virtual_server 192.168.2.253 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
nat_mask 255.255.255.0
protocol TCP
sorry_server 127.0.0.1 80
real_server 192.168.2.101 80 {
weight 1
TCP_CHECK {
connect_timeout 2
}
}
real_server 192.168.2.253 80 {
weight 2
TCP_CHECK {
connect_timeout 2
}
}
脚本和keepalived1一样
启动服务
systemctl start keepalived
systemctl enable keepalived
启用SORRYSERVER
echo sorry> /var/www/html/index.html
systemctl start httpd
web1 web2
systemctl start httpd
cat lo.sh
#!/bin/bash
VIP=192.168.2.2
#GATEWAY=192.168.3.254
case $1 in
on)
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig lo:0 ${VIP}/32 broadcast ${VIP} up
# route add default gw ${GATEWAY}
;;
off)
ifconfig lo:0 down
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
;;
esac
测试
在keepalived查看VIP
ip add
在keeaplived查看ipvsadm规则
ipvsadm -Ln
客户端打开浏览器访问
curl http://192.168.2.2/
示例2:keepalived+nginx反向代理
![keepalived+nginx_proxy keepalived+nginx_proxy](./images/1542850553338.png)
keepalived+nginx_proxy
keepalived1 v1 master
配置文件
cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node2
}
vrrp_script chk_down {
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
interval 1
weight -2
}
vrrp_script chk_nginx {
script "killall -0 nginx &> /dev/null"
interval 1
weight -10
}
vrrp_instance VI_1 {
state MASTER
interface eno16777728
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1000
}
virtual_ipaddress {
192.168.2.2
}
track_script {
chk_down
chk_nginx
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
nginx配置文件
events {
use epoll;
worker_connections 51200;
}
http {
server_tokens off;
include mime.types;
default_type application/octet-stream;
log_format main '$server_addr $remote_addr [$time_local] $msec+$connection'
'"$request" $status $connection $request_time $body_bytes_sent "$http_referer"'
'"$http_user_agent" "$http_x_forwarded_for"';
open_log_file_cache max=1000 inactive=20s min_uses=1 valid=1m;
access_log /var/log/nginx/access_log main;
log_not_found on;
sendfile on;
tcp_nopush on;
gzip on;
gzip_comp_level 6;
keepalive_timeout 35;
upstream webs {
server 192.168.2.101 weight=1;
server 192.168.2.253 weight=2;
}
server{
location / {
proxy_pass http://webs/;
}
}
}
keepalived2 v1 bakcup
cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node2
}
vrrp_script chk_down {
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
interval 1
weight -2
}
vrrp_script chk_nginx {
script "killall -0 nginx &> /dev/null"
interval 1
weight -10
}
vrrp_instance VI_1 {
state BACKUP
interface eno16777728
virtual_router_id 51
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1000
}
virtual_ipaddress {
192.168.2.2
}
track_script {
chk_down
chk_nginx
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
nginx配置文件与keepalived2一样
web1 web2
bash lo.sh off
systemctl restart httpd
测试
客户端curl http://192.168.2.2/
curl -I 192.168.2.2|grep nginx
curl -I 192.168.2.253|grep Apache
示例3:双主模型
![keepalived2 keepalived2](./images/1542850758269.png)
keepalived2
keepalived1 v1 master v2 bakcup
主配置文件
cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node2
}
vrrp_script chk_down {
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
interval 1
weight -2
}
vrrp_script chk_nginx {
script "killall -0 nginx &> /dev/null" #判断NGINX服务是否正在运行
interval 1
weight -10
}
vrrp_instance VI_1 {
state MASTER
interface eno16777728
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1000
}
virtual_ipaddress {
192.168.2.2
}
track_script {
chk_down
chk_nginx
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance VI_2 {
state BACKUP
interface eno16777728
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 10001
}
virtual_ipaddress {
192.168.2.3
}
track_script {
chk_down
chk_nginx
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
keepalived2 v1 bakcup v1 master
主配置文件
cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node2
}
vrrp_script chk_down {
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
interval 1
weight -2
}
vrrp_script chk_nginx {
script "killall -0 nginx &> /dev/null"
interval 1
weight -10
}
vrrp_instance VI_1 {
state BACKUP
interface eno16777728
virtual_router_id 51
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1000
}
virtual_ipaddress {
192.168.2.2
}
track_script {
chk_down
chk_nginx
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance VI_2{
state MASTER
interface eno16777728
virtual_router_id 52
priority 101
advert_int 1
authentication {
auth_type PASS
auth_pass 10001
}
virtual_ipaddress {
192.168.2.3
}
track_script {
chk_down
chk_nginx
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
测试
keepalived1和2使用 ip addr 查看下VIP
客户端测试
curl http://192.168.2.2
curl http://192.168.2.3