Keepalive高可用部署
准备环境:两台机器,机器上提前装好nginx。
- 第一种方法
-
安装keepalive,如无特殊要求,直接yum安装即可。
# ct1 [root@ct1 ~]# yum install -y keepalived # ct2 [root@ct2 ~]# yum install -y keepalived
-
配置文件
# ct1 master 配置文件 ! Configuration File for keepalived global_defs { router_id LVS_DEVEL } vrrp_script check_nginx { script "/etc/keepalived/check_nginx.sh" interval 3 } vrrp_instance VI_1 { state MASTER interface ens33 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.174.100 } track_script { check_nginx } } # ct2 backup配置文件 ! Configuration File for keepalived global_defs { router_id LVS_DEVEL } vrrp_script check_nginx { script "/etc/keepalived/check_nginx.sh" interval 3 } vrrp_instance VI_1 { state BACKUP interface ens33 virtual_router_id 51 priority 50 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.174.100 } track_script { check_nginx } }
检测脚本:
# check_nginx.sh 赋予执行权限 #! /bin/bash num=`ps -ef |grep "nginx: master process" | grep -v "grep" | wc -l` if [ $num -lt 1 ];then systemctl stop keepalived fi
-
启动keepalive
systemctl start keepalived
-
查看虚IP
# ct1 [root@ct1 keepalived]# ip a ... 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:96:93:a5 brd ff:ff:ff:ff:ff:ff inet 192.168.174.7/24 brd 192.168.174.255 scope global noprefixroute dynamic ens33 valid_lft 80398sec preferred_lft 80398sec inet 192.168.174.100/32 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::35f1:e90f:4400:48e3/64 scope link noprefixroute valid_lft forever preferred_lft forever # ct2 [root@ct2 keepalived]# ip a ... 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:cc:c1:4a brd ff:ff:ff:ff:ff:ff inet 192.168.174.8/24 brd 192.168.174.255 scope global noprefixroute dynamic ens33 valid_lft 80394sec preferred_lft 80394sec inet6 fe80::35f1:e90f:4400:48e3/64 scope link tentative noprefixroute dadfailed valid_lft forever preferred_lft forever inet6 fe80::8174:b896:90e9:17a3/64 scope link noprefixroute valid_lft forever preferred_lft forever
-
关闭ct1的nginx,测试虚IP切换,可以看到虚IP切换到了ct2上了。
# ct1 [root@ct1 keepalived]# ip a ... 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:96:93:a5 brd ff:ff:ff:ff:ff:ff inet 192.168.174.7/24 brd 192.168.174.255 scope global noprefixroute dynamic ens33 valid_lft 79911sec preferred_lft 79911sec inet6 fe80::35f1:e90f:4400:48e3/64 scope link noprefixroute valid_lft forever preferred_lft forever # ct2 [root@ct2 keepalived]# ip a ... 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:cc:c1:4a brd ff:ff:ff:ff:ff:ff inet 192.168.174.8/24 brd 192.168.174.255 scope global noprefixroute dynamic ens33 valid_lft 79909sec preferred_lft 79909sec inet 192.168.174.100/32 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::35f1:e90f:4400:48e3/64 scope link tentative noprefixroute dadfailed valid_lft forever preferred_lft forever inet6 fe80::8174:b896:90e9:17a3/64 scope link noprefixroute valid_lft forever preferred_lft forever
-
恢复ct1服务,可以看到ct1恢复后,由于优先级高,虚IP又切换回来了
# ct1 [root@ct1 keepalived]# ip a ... 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:96:93:a5 brd ff:ff:ff:ff:ff:ff inet 192.168.174.7/24 brd 192.168.174.255 scope global noprefixroute dynamic ens33 valid_lft 79787sec preferred_lft 79787sec inet 192.168.174.100/32 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::35f1:e90f:4400:48e3/64 scope link noprefixroute valid_lft forever preferred_lft forever # ct2 [root@ct2 keepalived]# ip a ... 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:cc:c1:4a brd ff:ff:ff:ff:ff:ff inet 192.168.174.8/24 brd 192.168.174.255 scope global noprefixroute dynamic ens33 valid_lft 79784sec preferred_lft 79784sec inet6 fe80::35f1:e90f:4400:48e3/64 scope link tentative noprefixroute dadfailed valid_lft forever preferred_lft forever inet6 fe80::8174:b896:90e9:17a3/64 scope link noprefixroute valid_lft forever preferred_lft forever
- 第二种方法
# ct1 配置文件
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.174.100
}
}
virtual_server 192.168.174.100 80 { # 虚拟IP 端口
delay_loop 2
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
real_server 192.168.174.8 80 { # 机器真实IP 端口
weight 3
notify_down /etc/keepalived/kill.sh
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
# ct2 配置文件
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.174.100
}
}
virtual_server 192.168.174.100 80 {
delay_loop 2
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
real_server 192.168.174.8 80 {
weight 3
notify_down /etc/keepalived/kill.sh
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
/etc/keepalived/kill.sh文件内容:
# 注意赋予执行权限
#! /bin/bash
systemctl stop keepalived
验证,查看虚IP:
[root@ct1 keepalived]# ip a
...
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:96:93:a5 brd ff:ff:ff:ff:ff:ff
inet 192.168.174.7/24 brd 192.168.174.255 scope global noprefixroute dynamic ens33
valid_lft 69302sec preferred_lft 69302sec
inet 192.168.174.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::35f1:e90f:4400:48e3/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@ct2 keepalived]# ip a
...
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:cc:c1:4a brd ff:ff:ff:ff:ff:ff
inet 192.168.174.8/24 brd 192.168.174.255 scope global noprefixroute dynamic ens33
valid_lft 69301sec preferred_lft 69301sec
inet6 fe80::35f1:e90f:4400:48e3/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::8174:b896:90e9:17a3/64 scope link noprefixroute
valid_lft forever preferred_lft forever
关闭ct1 的nginx服务,查看虚IP是否切换:
[root@ct1 keepalived]# ip a
...
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:96:93:a5 brd ff:ff:ff:ff:ff:ff
inet 192.168.174.7/24 brd 192.168.174.255 scope global noprefixroute dynamic ens33
valid_lft 69081sec preferred_lft 69081sec
inet6 fe80::35f1:e90f:4400:48e3/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@ct2 keepalived]# ip a
...
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:cc:c1:4a brd ff:ff:ff:ff:ff:ff
inet 192.168.174.8/24 brd 192.168.174.255 scope global noprefixroute dynamic ens33
valid_lft 69077sec preferred_lft 69077sec
inet 192.168.174.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::35f1:e90f:4400:48e3/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::8174:b896:90e9:17a3/64 scope link noprefixroute
valid_lft forever preferred_lft forever
重新启动ct1的服务,看是否恢复。
[root@ct1 keepalived]# ip a
...
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:96:93:a5 brd ff:ff:ff:ff:ff:ff
inet 192.168.174.7/24 brd 192.168.174.255 scope global noprefixroute dynamic ens33
valid_lft 68970sec preferred_lft 68970sec
inet 192.168.174.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::35f1:e90f:4400:48e3/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@ct2 keepalived]# ip a
...
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:cc:c1:4a brd ff:ff:ff:ff:ff:ff
inet 192.168.174.8/24 brd 192.168.174.255 scope global noprefixroute dynamic ens33
valid_lft 68968sec preferred_lft 68968sec
inet6 fe80::35f1:e90f:4400:48e3/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::8174:b896:90e9:17a3/64 scope link noprefixroute
valid_lft forever preferred_lft forever
上面的结果来看,部署成功。