keepalived-学习目录
1、Nginx与keepalived之间是什么关系?
没关系。为什么?( Nginx仅仅是借助了keepalived的VIP地址漂移技术,从而实现的高可用。)
2、keepalived如果实现nginx高可用
如果Nginx宕机,会导致用户请求失败, 但Keepalived并不会进行切换, 所以需要编写一个脚本检测Nginx的存活状态,如果不存活则 kill nginx和keepalived
3、keepalived+nginx配置
3.1、准务nginx健康检查shell脚本
mkdir /usr/local/keepalived/scripts
cat << 'CAT_END' > /usr/local/keepalived/scripts/check_web.sh
#!/bin/sh
nginxpid=$(pidof nginx | wc -l)
#1、判断Nginx是否存活,如果不存活则尝试启动Nginx
if [ $nginxpid -eq 0 ];then
systemctl start nginx
sleep 2
# 2、等待2秒后再次获取一次Nginx状态
nginxpid=$(pidof nginx | wc -l)
# 3、再次进行判断, 如Nginx还不存活则停止Keepalived,让地址进行漂移,并退出脚
if [ $nginxpid -eq 0 ];then
systemctl stop keepalived
pkill keepalived
fi
fi
CAT_END
chmod +x /usr/local/keepalived/scripts/check_web.sh
3.2、keepalived配置【非抢占式】
3.2.1、keepalived-01配置
cat << 'CAT_END' >/usr/local/keepalived/etc/keepalived/keepalived.conf
global_defs {
router_id kp01
}
vrrp_script check_web {
script "/usr/local/keepalived/scripts/check_web.sh"
interval 5
}
vrrp_instance VI_1 {
state BACKUP
nopreempt
interface ens33
virtual_router_id 50
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.10.200
}
track_script {
check_web
}
}
CAT_END
3.2.2、keepalived-02配置
cat << 'CAT_END' >/usr/local/keepalived/etc/keepalived/keepalived.conf
global_defs {
router_id kp02
}
vrrp_script check_web {
script "/usr/local/keepalived/scripts/check_web.sh"
interval 5
}
vrrp_instance VI_1 {
state BACKUP
nopreempt
interface ens33
virtual_router_id 50
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.10.200
}
track_script {
check_web
}
}
CAT_END
3.3.3、重启keepalived并且测试
systemctl restart keepalived
# 此时VIP在keepalived-01中
]# curl 192.168.10.200
keepalived-01
3.3.4、关闭keepalived-01的nginx,检查vip是否漂移
# 准备测试页面
keepalived-01 ~]# echo "keepalived-01" >/usr/share/nginx/html/index.html
keepalived-02 ~]# echo "keepalived-02" >/usr/share/nginx/html/index.html
# 当前vip在192.168.10.200
~]# curl 192.168.10.200
keepalived-01
# 故意让nginx启动不起来,然后关闭nginx服务
echo "test">>/etc/nginx/nginx.conf
systemctl stop nginx
# 发现vip切至keepalived-02
~]# curl 192.168.10.200
keepalived-02
3.3、keepalived配置【抢占式】
3.3.1、keepalived-01配置
cat << 'CAT_END' >/usr/local/keepalived/etc/keepalived/keepalived.conf
global_defs {
router_id kp01
}
vrrp_script check_web {
script "/usr/local/keepalived/scripts/check_web.sh"
interval 5
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 50
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.10.200
}
track_script {
check_web
}
}
CAT_END
3.3.2、keepalived-02配置
cat << 'CAT_END' >/usr/local/keepalived/etc/keepalived/keepalived.conf
global_defs {
router_id kp02
}
vrrp_script check_web {
script "/usr/local/keepalived/scripts/check_web.sh"
interval 5
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 50
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.10.200
}
track_script {
check_web
}
}
CAT_END
3.3.3、验证测试
请参考章节:3.3.4、关闭keepalived-01的nginx,检查vip是否漂移
4、vrrp_script、track_script属性解析
4.1、vrrp_script属性解析
4.1.1、属性解析
vrrp_script <SCRIPT_NAME> {
script <STRING>|<QUOTED-STRING> # 设定执行脚本的路径,也可以是命令行的检测命令
interval <INTEGER> # 设定脚本执行的间隔时间,默认1s
timeout <INTEGER> # 设定脚本失败的超时时间
weight <INTEGER:-254..254> # 设定脚本的权重,默认是0
rise <INTEGER> # 执行多少次,表示成功OK
fall <INTEGER> # 执行多少次,表示失败KO
user USERNAME [GROUPNAME] # 设定脚本的用户/组属性信息
init_fail # 假设脚本最初处于失败状态
}
注意:
我们一般使用前面的两条属性
检测命令的<SCRIPT_NAME>是VRRP专用的,一定要保证在VRRP场景下是唯一的
script 属性要求尽量使用脚本格式,不包含特殊字符和表达式的简单命令也可以,如果命令里包含特殊字符 就不能执行,比如"[[ ]]"符号
4.1.2、vrrp_script-weight 重要性解析
配置示例:
vrrp_script chk_keepalived {
script "/bin/bash/path/to/script.file"
interval 1
weight -10
}
注意:
此处的weight很重要,它与vrrp_instance的priority属性共同决定了集群中MASTER和BACKUP角色切换动作,这个值一般有正数和负数之分,最终功能都是一样的,我们一般用负数。
weight为负(-n):脚本执行失败,主节点的"priority-weight值",若差值小于BACKUP节点的priority,则切换备为主,否则不切换角色状态
4.2、track_script属性解析
4.2.1、作用
vrrp_script使用前的检测,确认script已经提前定义好
4.2.2、示例解析
我们可以在vrrp_instance配置段中,基于track_script属性来执行已设定好的vrrp_script。
track_script {
<SCRIPT_NAME>
<SCRIPT_NAME> weight <-254..254>
}
注意:
我们一般使用第一条配置样式即可。
必须保证<SCRIPT_NAME>在上面的vrrp_script中定义好了。
配置示例
track_script {
chk_keepalived
}
4.3、实践-示例
4.3.1、编写检测服务脚本
# 创建专用脚本目录
mkdir /data/scripts/ -p
# 创建脚本
]# vim /data/scripts/keepalived_check.sh
#!/bin/bash
if [ -f /tmp/keepalived.fail ];then
weight -2
fi
注意:
脚本中的 "weight -2" 表示,当我们存在keepalived的fail文件的时候,表明该软件已经故障,
需要降低本主机的优先级,便于BACKUP主机提升为主角色 -2 的值,需要根据MASTER和BACKUP的优先级进行规划,保证 "MASTER优先级-2 < BACKUP优先级"
4.3.2、keepalived配置文件使用脚本
# 修改后的keepalived配置文件内容如下
global_defs {
router_id kpmaster
}
vrrp_script chk_keepalived {
script "/bin/bash /data/scripts/keepalived_check.sh"
interval 1
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
virtual_ipaddress {
192.168.8.100
}
track_script {
chk_keepalived
}
}
注意:
track_script 中使用的名称,一定要在 vrrp_script 中定义
vrrp_script中script属性的脚本使用,应该使用标准的"/bin/bash"格式
避免因为权限问题导致脚本无法执行,从而影响keepalived的正常使用两台keepalived主机必须做同样的配置修改
4.3.3、模拟故障测试
# master主机创建fail文件
touch /tmp/keepalived.fail
4.3.4、模拟故障修复
# master主机移除fail文件
rm -f /tmp/keepalived.fail
