三.Keepalived 企业应用范例
3.1 实现master/slave的 Keepalived 单主架构
3.1.1 MASTER配置
global_defs {
notification_email {
2803408609@qq.com
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 172.0.0.1
smtp_connect_timeout 30
router_id ka1.timinglee.org
vrrp_skip_check_adv_addr
#vrrp_strict #添加此选项无法访问vip
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
vrrp_iptables
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
3.1.2BACKUP配置
! Configuration File for keepalived
global_defs {
notification_email {
2803408609@qq.com
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 172.0.0.1
smtp_connect_timeout 30
router_id ka1.timinglee.org
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
#vrrp_iptables
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100 # 相同id管理同一个虚拟路由
priority 80 # 优先级较低
advert_int 1
#preempt_detay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
抓包查看
[root@ka1 ~]# tcpdump -i eth0 -nn host 224.0.0.18
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
20:48:08.241677 IP 172.25.254.10 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
20:48:09.242109 IP 172.25.254.10 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 203.2 抢占模式和非抢占模式
3.2.1 非抢占模式 nopreempt
默认为抢占模式preempt,即当高优先级的主机恢复在线后,会抢占低先级的主机的master角色,
这样会使vip在KA主机中来回漂移,造成网络抖动,
建议设置为非抢占模式 nopreempt ,即高优先级主机恢复后,并不会抢占低优先级主机的master角色
非抢占模块下,如果原主机down机, VIP迁移至的新主机, 后续也发生down时,仍会将VIP迁移回原主机
NOTE
注意:要关闭 VIP抢占,必须将各 keepalived 服务器state配置为BACKU
# KA1主机配置
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 100 # 优先级高
nopreempt # 非抢占式
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
[root@ka1 ~]# systemctl restart keepalived.service
#KA2主机配置
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80 # 优先级低
nopreempt # 非抢占式模式
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
[root@ka2 ~]# systemctl restart keepalived.service
# 将KA2down 掉,VIP消失
[root@ka2 ~]# systemctl stop keepalived.service
# 查看KA1
[root@ka1 ~]# ifconfig
3.2.2 抢占延迟模式 preempt_delay
抢占延迟模式,即优先级高的主机恢复后,不会立即抢回VIP,而是延迟一段时间(默认300s)再抢回
VIP
preempt_delay #指定抢占延迟时间为#s,默认延迟300s注意:需要各keepalived服务器state为BACKUP,并且不要启用 vrrp_strict
范例:
# KA1主机配置
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 100 # 优先级高
advert_int 1
preempt_delay 5s # 抢占延时5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
[root@ka1 ~]# systemctl restart keepalived.service
# KA2主机配置
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80 # 优先级低
advert_int 1
preempt_delay 5s # 抢占延时5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
[root@ka2 ~]# systemctl start keepalived.service
查看KA1,起初没有,5s后出现
down掉KA1,5s后vip到ka2
3.3vip单播配置
默认keepalived主机之间利用多播相互通告消息,会造成网络拥塞,可以替换成单播,减少网络流量
注意:启用 vrrp_strict 时,不能启用单播(与vip单播模式冲突)
KA1与KA2同时注释,下图为例
#在所有节点vrrp_instance语句块中设置对方主机的IP,建议设置为专用于对应心跳线网络的地址,而非使
用业务网络
unicast_src_ip <IPADDR> #指定发送单播的源IP
unicast_peer {
<IPADDR>
#指定接收单播的对方目标主机IP
......
}
#启用 vrrp_strict 时,不能启用单播,否则服务无法启动范例:
# MASTER主机配置
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.10 # 本机IP
unicast_peer {
172.25.254.20 # 指向对方主机IP,
#如果有多个keepalived,再加其它节点的IP
}
}
[root@ka1 ~]# systemctl restart keepalived.service
# 在slave主机中
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
#preempt_detay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.20 # 本机ip
unicast_peer {
172.25.254.10 # 对端主机ip
}
}
[root@ka1 ~]# systemctl restart keepalived.service
抓包查看效果
# 停止KA1
[root@ka1 ~]# systemctl stop keepalived.service
[root@ka1 ~]# systemctl restart keepalived.service
# 重新开启KA1抓包查看,ka2访问停止
ka1开始
3.4 Keepalived 通知脚本配置
当keepalived的状态变化时,可以自动触发脚本的执行,比如:发邮件通知用户 默认以用户keepalived_script身份执行脚本 如果此用户不存在,以root执行脚本可以用下面指令指定脚本执行用户的身份
global_defs {
......
script_user <USER>
......
}3.4.1 通知脚本类型
当前节点成为主节点时触发的脚本
notify_master <STRING>|<QUOTED-STRING>当前节点转为备节点时触发的脚本
notify_backup <STRING>|<QUOTED-STRING>当前节点转为“失败”状态时触发的脚本
notify_fault <STRING>|<QUOTED-STRING>通用格式的通知触发机制,一个脚本可完成以上三种状态的转换时的通知
notify <STRING>|<QUOTED-STRING>当停止VRRP时触发的脚本
notify_stop <STRING>|<QUOTED-STRING>
3.4.2 脚本的调用方法
在 vrrp_instance VI_1 语句块的末尾加下面行
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"3.4.3 创建通知脚本
[root@KA1 ~]# vim /etc/keepalived/mail.sh
#!/bin/bash
mail_dest='qq@qq.com'
mail_send()
{
mail_subj="$HOSTNAME to be $1 vip 转移"
mail_mess="`date +%F\ %T`: vrrp 转移,$HOSTNAME 变为 $1"
echo "$mail_mess" | mail -s "$mail_subj" $mail_dest
}
case $1 in
master)
mail_send master
;;
backup)
mail_send backup
;;
fault)
mail_send fault
;;
*)
exit 1
;;
esac3.4.4 邮件配置
安装邮件发送工具
安装邮件发送工具
[root@ka1 ~]# yum install mailx -yQQ邮箱配置
注意:配置中我所有的“qq”代指我的qq号
[root@KA1 ~]# vim /etc/mail.rc
#######mail set##########
set from=594233887@qq.com
set smtp=smtp.qq.com
set smtp-auth-user=qq@qq.com
set smtp-auth-password=授权码
set smtp-auth=login
set ssl-verify=ignoreqq邮箱获取授权码
发送测试邮件
[root@ka1 ~]# vim /etc/mail.rc
# For Linux and BSD, this should be set.
set bsdcompat
set from=qq@qq.com
set smtp=smtp.qq.com
set smtp-auth-user=qq@qq.com
set smtp-auth-password=ycjknnroibtzdgei
set smtp-auth=login
set ssl-verify=ignore
[root@ka1 ~]# echo hello world | mail -s test qq@qq.com
[root@ka2 ~]# vim /etc/mail.rc
# For Linux and BSD, this should be set.
set bsdcompat
set from=qq@qq.com
set smtp=smtp.qq.com
set smtp-auth-user=qq@qq.com
set smtp-auth-password=ycjknnroibtzdgei
set smtp-auth=login
set ssl-verify=ignore
[root@ka2 ~]# echo test | mail -s test qq@qq.com 
3.4.5 案例:实现 Keepalived 状态切换的通知脚本
# KA1配置
[root@ka1 ~]# vim /etc/keepalived/mail.sh
#!/bin/bash
mail_dst=" qq@qq.com"
send_message()
{
mail_sub="$HOSTNAME to be $1 vip move"
mail_msg="`date +%F\ %T`:vrrp move $HOSTNAME change $1"
echo $mail_msg | mail -s "$mail_sub" $mail_dst
}
case $1 in
master)
send_message master
;;
backup)
send_message backup
;;
fault)
send_message fault
;;
*)
;;
esac
~
[root@ka1 ~]# chmod +x /etc/keepalived/mail.sh
# KA2配置
[root@ka1 ~]# vim /etc/keepalived/mail.sh
#!/bin/bash
mail_dst="qq@qq.com"
send_message()
{
mail_sub="$HOSTNAME to be $1 vip move"
mail_msg="`date +%F\ %T`:vrrp move $HOSTNAME change $1"
echo $mail_msg | mail -s "$mail_sub" $mail_dst
}
case $1 in
master)
send_message master
;;
backup)
send_message backup
;;
fault)
send_message fault
;;
*)
;;
esac
~
[root@ka2 ~]# chmod +x /etc/keepalived/mail.sh
# 编辑主配置文件
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
...省略...
}
notify_master "/etc/keepalived/mail.sh master"
notify_backup "/etc/keepalived/mail.sh backup"
notify_fault "/etc/keepalived/mail.sh fault"
}
[root@ka1 ~]# /etc/keepalived/mail.sh fault模拟master故障 【KA1-->down】
# 编辑主配置文件
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
...省略...
}
notify_master "/etc/keepalived/mail.sh master"
notify_backup "/etc/keepalived/mail.sh backup"
notify_fault "/etc/keepalived/mail.sh fault"
}
# 重新启动,收到邮件ka2变为backup
[root@ka2 ~]# systemctl restart keepalived.service
[root@ka1 ~]# systemctl restart keepalived.service
# 重启ka1,重启过程中ka2变成master,重启完成ka2变为backup
收到三封邮件,ka2先变成master后变成backup,ka1变成master
#down掉ka1,vip到ka2上
[root@ka1 ~]# systemctl stop keepalived.service
# ka2上检测
[root@ka2 ~]# ifconfig
【ka1-->down掉,ka2变成了master】
3.5 实现 master/master 的 Keepalived 双主架构
master/slave的单主架构,同一时间只有一个Keepalived对外提供服务,此主机繁忙,而另一台主机却 很空闲,利用率低下,可以使用master/master的双主架构,解决此问题。
master/master 的双主架构:
即将两个或以上VIP分别运行在不同的keepalived服务器,以实现服务器并行提供web访问的目的,提高 服务器资源利用率
# KA1配置
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
# preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 200
priority 80
advert_int 1
# preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:2
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
}
[root@ka1 ~]# systemctl restart keepalived.service
# KA2配置
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 80
advert_int 1
#preempt_detay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
}
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 200
priority 100
advert_int 1
#preempt_detay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:2
}
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
}
}
[root@ka2 ~]# systemctl restart keepalived.service
查看KA2vip
查看KA2vip
3.6 IPVS的高可用性
范例:实现单主的 LVS-DR 模式
[root@realserver1 ~]# ip a a 172.25.254.100/32 dev lo
[root@realserver1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-lo
DEVICE=lo
IPADDR0=127.0.0.1
NETMASK0=255.0.0.0
IPADDR1=172.25.254.100
NETMASK1=255.255.255.255
NETWORK=127.0.0.0
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
BROADCAST=127.255.255.255
ONBOOT=yes
NAME=loopback
[root@realserver1 network-scripts]# ls
ifcfg-172.25.254.100 ifdown-ippp ifdown-TeamPort ifup-ipv6 ifup-Team
ifcfg-ens160 ifdown-ipv6 ifdown-tunnel ifup-isdn ifup-TeamPort
ifcfg-eth0 ifdown-isdn ifup ifup-plip ifup-tunnel
ifcfg-lo ifdown-post ifup-aliases ifup-plusb ifup-wireless
ifdown ifdown-ppp ifup-bnep ifup-post init.ipv6-glob
ifdown-bnep ifdown-routes ifup-eth ifup-ppp network-functi
ifdown-eth ifdown-sit ifup-ib ifup-routes network-functi
ifdown-ib ifdown-Team ifup-ippp ifup-sit
rm -rf ifcfg-172.25.254.100 ifcfg-ens160
[root@realserver1 network-scripts]# systemctl restart network
[root@realserver2 ~]# ip a a 172.25.254.100/32 dev lo
[root@realserver2 ~]# vim /etc/sysctl.d/arp.conf
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.lo.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2
[root@realserver2 ~]# sysctl --system
[root@realserver2 ~]# scp /etc/sysctl.d/arp.conf root@172.25.254.110:/etc/sysctl.d/arp.conf
[root@realserver1 ~]# sysctl --system
[root@realserver2 ~]# sysctl -p 生效[root@ka1 ~]# yum install ipvsadm -y
[root@ka2 ~]# yum install ipvsadm -y
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
virtual_server 192.168.200.100 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
#persistence_timeout 50
protocol TCP
real_server 172.25.254.110 80 {
weight 1
SSL_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 2
delay_before_retry 2
}
}
real_server 172.25.254.120 80 {
weight 1
SSL_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 2
delay_before_retry 2
}
}
}
KA2
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
virtual_server 172.25.254.100 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
protocol TCP
real_server 172.25.254.110 80 {
weight 1
SSL_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 2
delay_before_retry 2
}
}
real_server 172.25.254.120 80 {
weight 1
SSL_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 2
delay_before_retry 2
}
}
}
[root@ka1 ~]# systemctl restart keepalived.service
[root@ka1 ~]# ipvsadm -C
[root@ka1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
[root@ka1 ~]# systemctl restart keepalived.service
[root@ka1 ~]# ipvsadm -Ln
#ka1故障,自动切换至ka2
[root@ka1 ~]# systemctl stop keepalived.service
[root@ka1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.200.100:80 wrr
-> 172.25.254.110:80 Route 1 0 0
-> 172.25.254.120:80 Route 1 0 03.7其它应用的高可用性 VRRP Script
keepalived利用 VRRP Script 技术,可以调用外部的辅助脚本进行资源监控,并根据监控的结果实现优先 动态调整,从而实现其它应用的高可用性功能
参考配置文件:/usr/share/doc/keepalived/keepalived.conf.vrrp.localcheck
分两步实现:
-
定义脚本
vrrp_script <SCRIPT_NAME> {
script <STRING>|<QUOTED-STRING> #此脚本返回值为非0时,会触发下面OPTIONS执行
OPTIONS
}
vrrp_script:自定义资源监控脚本,vrrp实例根据脚本返回值,公共定义,可被多个实例调用,定 义在vrrp实例之外的独立配置块,一般放在global_defs设置块之后。
通常此脚本用于监控指定应用的状态。一旦发现应用的状态异常,则触发对MASTER节点的权重减至 低于SLAVE节点,从而实现 VIP 切换到 SLAVE 节点
-
调用脚本
track_script {
SCRIPT_NAME_1
SCRIPT_NAME_2
}
track_script:调用vrrp_script定义的脚本去监控资源,定义在VRRP实例之内,调用事先定义的 vrrp_script
3.7.1.1 定义 VRRP script
vrrp_script <SCRIPT_NAME> { #定义一个检测脚本,在global_defs 之外配置
script <STRING>|<QUOTED-STRING> #shell命令或脚本路径
interval <INTEGER> #间隔时间,单位为秒,默认1秒
timeout <INTEGER> #超时时间
weight <INTEGER:-254..254> #默认为0,如果设置此值为负数,
#当上面脚本返回值为非0时
#会将此值与本节点权重相加可以降低本节点权重,
#即表示fall.
#如果是正数,当脚本返回值为0,
#会将此值与本节点权重相加可以提高本节点权重
#即表示 rise.通常使用负值
fall <INTEGER> #执行脚本连续几次都失败,则转换为失败,建议设为2以上
rise <INTEGER> #执行脚本连续几次都成功,把服务器从失败标记为成功
user USERNAME [GROUPNAME] #执行监测脚本的用户或组
init_fail #设置默认标记为失败状态,监测成功之后再转换为成功状态
}
3.7.1.2 调用 VRRP script
vrrp_instance test {
... ...
track_script {
check_down
}
}3.7.2 范例
利用脚本实现主从角色切换
[root@ka1 ~]# vim /etc/keepalived/test.sh
#!/bin/bash
[ ! -f /mnt/lee ]
echo $?
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_script check_file {
script "/etc/keepalived/test.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
# preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
track_script {
check_file
}
}
[root@ka1 ~]# touch /mnt/lee
# viP到ka2上
[root@ka1 ~]# rm -rf /mnt/lee
[root@ka1 ~]# systemctl restart keepalived.service
[root@ka1 ~]# ifconfig
# vip 回到ka1
3.7.3 范例
实现HAProxy高可用
KA1,KA2同时安装haproxy
[root@ka1 ~]# yum install haproxy -y
[root@ka1 ~]# vim /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind=1
[root@ka2 ~]# vim /etc/sysctl.conf
# 生效
[root@ka1 ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
[root@ka2 ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
[root@ka1 ~]# vim /etc/haproxy/haproxy.cfg
...此处省略...
listen webcluster
bind 172.25.254.100:80
mode http
balance roundrobin
server web1 172.25.254.110:80 check inter 3 fall 2 rise 5
server web2 172.25.254.120:80 check inter 3 fall 2 rise 5
查看端口是否打开
[root@ka1 ~]# netstat -antlupe | grep haproxy
[root@realserver1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-lo修改前
修改后
[root@realserver1 ~]# systemctl restart network
realserver2
[root@realserver2 ~]# cd /etc/sysconfig/network-scripts/
[root@realserver2 network-scripts]# ls[root@realserver2 network-scripts]# rm -rf ifcfg-ens160
[root@realserver2 network-scripts]# rm -rf ifcfg-172.25.254.100
[root@realserver2 network-scripts]# cd
[root@realserver2 ~]# systemctl restart network[root@realserver1 ~]# vim /etc/sysctl.d/arp.conf
net.ipv4.conf.all.arp_ignore=0
net.ipv4.conf.all.arp_announce=0
net.ipv4.conf.lo.arp_ignore=0
net.ipv4.conf.lo.arp_announce=0
[root@realserver1 ~]# sysctl --system
[root@realserver2 ~]# vim /etc/sysctl.d/arp.conf
net.ipv4.conf.all.arp_ignore=0
net.ipv4.conf.all.arp_announce=0
net.ipv4.conf.lo.arp_ignore=0
net.ipv4.conf.lo.arp_announce=0
[root@realserver2 ~]# sysctl --system# KA2配置haproxy
[root@ka2 ~]# vim /etc/haproxy/haproxy.cfg
...省略...
listen webcluster
bind 172.25.254.100:80
mode http
balance roundrobin
server web1 172.25.254.110:80 check inter 3 fall 2 rise 5
server web2 172.25.254.120:80 check inter 3 fall 2 rise 5
[root@ka2 ~]# systemctl enable --now haproxy
注意:KA1,KA2都注释,
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
注释前面lvs
[root@ka1 ~]# systemctl restart keepalived.service
[root@ka1 ~]# systemctl restart haproxy.service
[root@ka2 ~]# systemctl restart keepalived.service
[root@ka2 ~]# systemctl restart haproxy.service
# 终端访问成功 
模拟KA1挂掉
[root@ka1 ~]# systemctl stop haproxy.service
# 访问不到,解决这个问题
# 检测haproxy问题 [ killall -0 haproxy ]
[root@ka1 ~]# vim /etc/keepalived/test.sh
#!/bin/bash
killall -0 haproxy
[root@ka2 ~]# vim /etc/keepalived/test.sh
#!/bin/bash
killall -0 haproxy
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_script check_haproxy {
script "/etc/keepalived/test.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
# preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
# unicast_src_ip 172.25.254.10
# unicast_peer {
# 172.25.254.20
}
track_script {
check_haproxy
}
}
[root@ka1 ~]# systemctl restart keepalived.service
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 200
priority 100
advert_int 1
#preempt_detay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:2
}
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
}
track_script {
check_haproxy
}
}
[root@ka2 ~]# systemctl restart keepalived.service
[root@ka1 ~]# systemctl start haproxy.service 
# 不管haproxy开启关闭,不影响访问,关闭KA1haproxy,KA1的eth:0的vip会飘到KA2上
[root@ka1 ~]# systemctl stop haproxy.service
[root@ka1 ~]# ifconfig
访问成功
原理:控制vip的飘移,用脚本去检测,并且检测结果会使用weight更改当先的虚拟路由的优先级
221
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
