keepalived+haproxy实现高可用

 keepalived 配置文件

安装依赖

yum install -y openssl openssl-devel libnl libnl-devel libnl3-devel

二进制安装keepalived

wget  https://www.keepalived.org/software/keepalived-2.0.17.tar.gz
tar -xvf keepalived-2.0.17.tar.gz
cd keepalived-2.0.17
./configure --prefix=/usr/local/keepalived
make && make install
mkdir /etc/keepalived/
cd  /usr/local/keepalived/etc/
cp keepalived/keepalived.conf  /etc/keepalived/
cp sysconfig/keepalived  /etc/sysconfig/
cp /usr/lib/systemd/system/keepalived.service /etc/systemd/system/
cp ../sbin/keepalived  /usr/sbin/
cp /opt/haproxy/keepalived-2.0.17/keepalived/etc/init.d/keepalived /etc/init.d/
chmod 755 /etc/init.d/keepalived
systemctl daemon-reload
systemctl enable keepalived.service
systemctl start keepalived.service
systemctl status keepalived.service

MASTER

! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   router_id haproxy-1   # 服务器名称，每个节点都不一样
}

vrrp_script chk_haproxy {
    script_user root
    script "/etc/keepalived/check_haproxy.sh"   # 监控脚本路径
    interval 2   # 检测时间间隔
    weight -30   # script中的指令执行失败（或返回值不等于0），那么相应的vrrp_instance的优先级会减少30个点。
}

vrrp_instance VI_1 {
    state MASTER   # 主从，身份参数
    interface ens32  # 绑定VIP的网卡名称
    virtual_router_id 51   #  0-255，虚拟路由的ID号，区分不同的虚拟路由器实例，同一个组的id一定要一样，组内节点通过 VRRP 心跳消息互相通信
    priority 120    # 优先级,这个数值越高,该节点成为主节点的概率就越大，默认范围是 0~255，值越高优先级越高。
    nopreempt       # 禁止抢占，当优先级高的挂了，VIP漂移到backup，然后当master启动，禁止抢占。
    advert_int 1    # 组播信息发送间隔，就是两个虚拟路由节点之间会通过组播检测对方是否正常，如果一个有问题，另一个会抢占vip，这里间隔1秒，时间太长可能会出现系统中断
    authentication {
        auth_type PASS
        auth_pass 1111  # 密码，同一个组密码必须一致
    }
    virtual_ipaddress {
        192.168.64.200  # VIP
    }
    track_script {
        chk_haproxy  # 检查HAProxy服务是否存活
    }

}

BACKUP

! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   router_id haproxy-2
}

vrrp_script chk_haproxy {
    script_user root
    script "/etc/keepalived/check_haproxy.sh"
    interval 2
    weight -30
}


vrrp_instance VI_1 {
    state BACKUP
    interface ens32
    virtual_router_id 51
    priority 100
    nopreempt
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.64.200
    }

    track_script {
        chk_haproxy
    }

}

监控脚本

#!/bin/sh

if [ $(ps -C haproxy --no-header | wc -l) -eq 0 ]; then
     systemctl start haproxy
fi

sleep 2

if [ $(ps -C haproxy --no-header | wc -l) -eq 0 ]; then
  killall keepalived
fi

COUNT=`ps -C haproxy --no-header | wc -l`
echo $COUNT

if [ $COUNT -gt 0 ]; then
   exit 0
else
   exit 1
fi

修改内核参数，允许服务器监听到不存在的IP地址

net.ipv4.ip_nonlocal_bind =1

keepalived会定时执行脚本并对脚本执行的结果进行分析，动态调整vrrp_instance的优先级。
如果脚本执行结果为0，并且weight配置的值大于0，则优先级相应的增加。
如果脚本执行结果非0，并且weight配置的值小于0，则优先级相应的减少。
其他情况，维持原本配置的优先级，即配置文件中priority对应的值。

查看VIP

[root@master-1 keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:09:cf:d7 brd ff:ff:ff:ff:ff:ff
    inet 192.168.64.110/24 brd 192.168.64.255 scope global noprefixroute ens32
       valid_lft forever preferred_lft forever
    inet 192.168.64.200/32 scope global ens32
       valid_lft forever preferred_lft forever

访问

 

 故障：

配置好VIP去访问的时候发现一直超时，宿主机也ping不通，然后在虚机测试也是ping不通，就去跟度娘云雨了一番，索性得到了答案：https://www.dandelioncloud.cn/article/details/1504995588356796418

大致意思是keepalived.conf中vip配置好后，通过ip addr可以看到vip已经顺利挂载，但是无法ping通，并且防火墙都已关闭，原因是keepalived.conf配置中默认vrrp_strict打开了，需要把它注释掉。重启keepalived即可ping通。