目录
2.4.5、实战案例:实现 Keepalived 状态切换的通知脚本
2.6.1.2、virtual server (虚拟服务器)的定义格式
2.6.1.4、应用层监测:HTTP_GET|SSL_GET
2.7、通过脚本实现其它应用的高可用性 VRRP Script
1、部署keepalived
1.1、keepalived简介
vrrp 协议的软件实现,原生设计目的为了高可用 ipvs 服务官网: http://keepalived.org/功能:
基于 vrrp 协议完成地址流动 为 vip 地址所在的节点生成 ipvs 规则 ( 在配置文件中预先定义 ) 为 ipvs 集群的各 RS 做健康状态检测 基于脚本调用接口完成脚本中定义的功能,进而影响集群事务,以此支持 nginx 、 haproxy 等服务
1.2、keepalived架构
- 用户空间核心组件:
vrrp stack:VIP消息通告
checkers:监测real server
system call:实现 vrrp 协议状态转换时调用脚本的功能
SMTP:邮件组件
IPVS wrapper:生成IPVS规则
Netlink Reflector:网络接口
WatchDog:监控进程- 控制组件:提供keepalived.conf 的解析器,完成Keepalived配置
- IO复用器:针对网络目的而优化的自己的线程抽象
- 内存管理组件:为某些通用的内存管理功能(例如分配,重新分配,发布等)提供访问权限
2.3keepalived环境准备
- 各节点时间必须同步:ntp, chrony
关闭防火墙及SELinux 各节点之间可通过主机名互相通信:非必须 建议使用 /etc/hosts 文件实现:非必须 各节点之间的 root 用户可以基于密钥认证的 ssh 服务完成互相通信:非必须
2.4keepalived相关文件
- 软件包名:keepalived
- 主程序文件:/usr/sbin/keepalived
- 主配置文件:/etc/keepalived/keepalived.conf
- 配置文件示例:/usr/share/doc/keepalived/
- Unit File:/lib/systemd/system/keepalived.service
- Unit File的环境配置文件:/etc/sysconfig/keepalived
2.5keepalived安装以及配置说明
配置文件组成
- GLOBAL CONFIGURATION
Global definitions: 定义邮件配置,route_id,vrrp配置,多播地址等- VRRP CONFIGURATION
VRRP instance(s): 定义每个vrrp虚拟路由器- LVS CONFIGURATION
Virtual server group(s)
Virtual server(s): LVS集群的VS和RS
全局参数
#keepalived下载
yum install keepalived -y
#配置全局参数
vim /etc/keepalived/keepalived.conf
global_defs {
notification_email { #发送邮件的目的地
3066284972@qq.com
}
notification_email_from keepalived@KA1.com #发送邮件的邮箱
smtp_server 127.0.0.1 #发送邮件的主机
smtp_connect_timeout 30 #发送邮件的超时时间
router_id LVS_DEVEL #每个keepalived主机的唯一标识
vrrp_skip_check_adv_addr #如收到的报文通告和上一个报文来自路由器一致,则不检查,默认全检查
vrrp_strict #严格遵守vrrp协议,不建议开启
vrrp_garp_interval 0 #报文发送延迟 0无延迟
vrrp_gna_interval 0 #消息发送延迟 0无延迟
vrrp_mcast_group4 224.0.0.18 #指定组播IP地址范围
}
虚拟路由器,高可用配置点
#vrrp参数
vrrp_instance VI_1 {
state MASTER #设定该服务器默认为主服务器
interface eth0 #设定使用的接口是eth0
virtual_router_id 100 #设置vrrp组唯一标识 0~255
priority 100 #设定该服务器的优先级,越大越优先 1~254
advert_int 1 #vrrp通告的时间间隔,默认为1s
authentication { #认证机制
auth_type PASS #AH为IPSEC认证(不推荐),PASS为简单密码(建议使用)
auth_pass 1111 #预共享密钥,仅前8位有效,一个虚拟路由器的多个keepalived节点必须一样
}
virtual_ipaddress { # #虚拟IP,即VIP
#配置格式
# <IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPE> label <LABEL>
192.168.220.100/24 dev eth0 label eth0:1
}
}
后端Real server ,负载均衡配置点
virtual_server 192.168.220.100 80 { #VS
delay_loop 6 #检查后端服务器的时间间隔
lb_algo wrr #使用的调度算法:rr|wrr|lc|wlc|lblc|sh|dh
lb_kind DR #使用的模式:NAT|DR|tUN
protocol TCP #使用的协议:TCP|UDP|SCTP
persistence_timeout 0 #持久连接时长
real_server 192.168.220.210 80 { #RS
weight 1 #权重
HTTP_GET { #检测方法:HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|MISC_CHECK
url {
path /
status_code 200 #检测url页面返回状态码
}
connect_timeout 2 #连接超时时间
nb_get_retry 2 #连接重试次数
delay_before_retry 1 #连接重试前等待多长时间
}
}
real_server 192.168.220.220 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 2
nb_get_retry 2
delay_before_retry 1
}
}
}
2.5.1、启用keepalived日志功能
vim /etc/sysconfig/keepalived
#修改配置后保存退出
KEEPALIVED_OPTIONS="-D -S 5"
vim /etc/rsyslog.conf
#增加一行配置
local5.* /var/log/keepalived.log
两个5要对应上
#配置完成后重启rsyslog和keepalived
systemctl restart rsyslog.service
systemctl restart keepalived.service
验证
2.5.2、实现独立子配置文件
#创建子配置文件目录
mkdir /etc/keepalived/conf.d
#修改主配置文件
#vrrp_instance VI_1 {
# state BACKUP
# interface eth0
# virtual_router_id 100
# priority 80
# advert_int 1
# authentication {
# auth_type PASS
# auth_pass 1111
# }
# virtual_ipaddress {
# 192.168.220.100/24 dev eth0 label eth0:1
# }
#}
include /etc/keepalived/conf.d/*.conf
#将对应虚拟路由写至子配置文件
vim /etc/keepalived/conf.d/192.168.220.100.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.220.100/24 dev eth0 label eth0:1
}
}
#最后重启keepalived服务
systemctl restart keepalived.service
2、企业应用示例
keepalived常见高可用架构
active/passive(主/备):可以一主多从
active/active(主/主):多个主可以互为主备
总体环境说明
主机名 | IP | 作用 |
KA1 | 192.168.220.10/24 | 主keepalived |
KA2 | 192.168.220.20/24 | 备keepalived |
server1 | 192.168.220.210/24 | RS1 |
server2 | 192.168.220.220/24 | RS2 |
test | 192.168.220.50/24 | 测试机 |
2.1实现一主一从的高可用架构
#设置主备需要在虚拟路由器部分配置,即vrrp_instance
#KA1 192.168.220.10
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.220.100/24 dev eth0 label eth0:1
}
}
#KA2 192.168.220.20
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.220.100/24 dev eth0 label eth0:1
}
}
2.2抢占模式和延迟抢占模式
默认为抢占模式 preempt ,即当高优先级的主机恢复在线后,会抢占低先级的主机的 master 角色,这样会使vip 在 KA 主机中来回漂移,造成网络抖动建议设置为非抢占模式 nopreempt ,即高优先级主机恢复后,并不会抢占低优先级主机的 master 角色 ,非抢占模式下, 如果原主机 down 机 , VIP 迁移至没有down机的新主机 , 后续新主机也发生 down 时 , 仍会将VIP迁移回重新up的原主机
#非抢占模式,和延迟抢占模式需配置在虚拟路由器模块下,即vrrp_instance
#非抢占模式
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
nopreempt #非抢占模式
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.220.100/24 dev eth0 label eth0:1
}
}
#延迟抢占模式
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
preempt_delay 10 #延迟抢占模式
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.220.100/24 dev eth0 label eth0:1
}
}
验证非抢占模式:在KA2上systemctl restart keepalived,vip也不会漂移回来,一直保持在KA1上
验证延迟抢占模式
2.3VIP单播
默认keepalived 主机之间利用多播相互通告消息,会造成网络拥塞,可以替换成单播,减少网络流量注:启用 vrrp_strict 时,不能启用单播
#单播在VS模块中配置,即virtual_server模块
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.220.100/24 dev eth0 label eth0:1
}
unicast_src_ip 192.168.220.10 #单播的源地址,通常是本机的IP
unicast_peer { #单播的同伴,即单播要发给谁
192.168.220.20
}
}
抓包验证
2.4keepalived通知脚本配置
当 keepalived 的状态变化时,可以自动触发脚本的执行,比如:发邮件通知用户默认以用户 keepalived_script 身份执行脚本如果此用户不存在,以 root 执行脚本可以用下面指令指定脚本执行用户的身份global_defs {......script_user <USER>......}
2.4.1、通知脚本的类型
当前节点成为主节点时触发的脚本
notify_master <STRING>|<QUOTED-STRING>
当前节点转为备节点时触发的脚本
notify_backup <STRING>|<QUOTED-STRING>
当前节点转为“失败”状态时触发的脚本
notify_fault <STRING>|<QUOTED-STRING>
通用格式的通知触发机制,一个脚本可完成以上三种状态的转换时的通知notify <STRING>|<QUOTED-STRING>
当停止VRRP时触发的脚本
notify_stop <STRING>|<QUOTED-STRING>
2.4.2、脚本的调用示例
notify_master "/usr/local/bin/mail.sh master"notify_backup "/usr/local/bin/mail.sh backup"notify_fault "/usr/local/bin/mail.sh fault"
2.4.3 创建通知脚本
vim /usr/local/bin/mail.sh
#!/bin/bash
mail_dest='3066284972@qq.com'
mail_send()
{
mail_subj="$HOSTNAME to be $1 vip 转移"
mail_mess="`date +%F\ %T`: vrrp 转移,$HOSTNAME 变为 $1"
echo "$mail_mess" | mail -s "$mail_subj" $mail_dest
}
case $1 in
master)
mail_send master
;;
backup)
mail_send backup
;;
fault)
mail_send fault
;;
*)
exit 1
;;
esac
2.4.4、邮件配置
#安装邮件
yum install mailx -y
#配置
cat >> /etc/mail.rc << EOF
set from=3066284972@qq.com #从哪一个邮箱发地址
set smtp=smtp.qq.com #使用qq邮箱
set smtp-auth-user=3066284972@qq.com #认证用户的邮箱
set smtp-auth-password= #使用邮箱的授权码
set smtp-auth=login
set ssl-verify=ignore
EOF
2.4.5、实战案例:实现 Keepalived 状态切换的通知脚本
#实战前需要先确认邮箱mail可以发送邮件
#写通知脚本
vim /usr/local/bin/mail.sh
#!/bin/bash
mail_dest='3066284972@qq.com'
mail_send()
{
mail_subj="$HOSTNAME to be $1 vip 转移"
mail_mess="`date +%F\ %T`: vrrp 转移,$HOSTNAME 变为 $1"
echo "$mail_mess" | mail -s "$mail_subj" $mail_dest
}
case $1 in
master)
mail_send master
;;
backup)
mail_send backup
;;
fault)
mail_send fault
;;
*)
exit 1
;;
esac
#给该脚本授执行权限
chmod +x /usr/local/bin/mail.sh
#配置keepalived配置文件,通知脚本写在虚拟路由器,即vrrp_instance
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.220.100/24 dev eth0 label eth0:1
}
unicast_src_ip 192.168.220.10
unicast_peer {
192.168.220.20
}
notify_master "/usr/local/bin/mail.sh master"
notify_backup "/usr/local/bin/mail.sh backup"
notify_fault "/usr/local/bin/mail.sh fault"
}
#验证,停止主keepalived,看是否收到邮件
systemctl stop keepalived
2.5、实现双主互为主备的高可用架构
#该架构全部内容都在虚拟路由器配置,即vrrp_instance
#KA1上配置
vrrp_instance VI_1 {
state MASTER #主 VIP是192.168.220.100/24
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.220.100/24 dev eth0 label eth0:1
}
unicast_src_ip 192.168.220.10
unicast_peer {
192.168.220.20
}
}
vrrp_instance VI_2 {
state BACKUP #备 VIP是192.168.220.110/24
interface eth0
virtual_router_id 110
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.220.110/24 dev eth0 label eth0:2
}
unicast_src_ip 192.168.220.10
unicast_peer {
192.168.220.20
}
}
#KA2
vrrp_instance VI_1 {
state BACKUP #备 VIP 192.168.220.100/24
interface eth0
virtual_router_id 100
priority 80
advert_int 1
preempt_delay 10
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.220.100/24 dev eth0 label eth0:1
}
unicast_src_ip 192.168.220.20
unicast_peer {
192.168.220.10
}
}
vrrp_instance VI_2 {
state MASTER #主 VIP 192.168.220.110/24
interface eth0
virtual_router_id 110
priority 100
advert_int 1
preempt_delay 10
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.220.110/24 dev eth0 label eth0:2
}
unicast_src_ip 192.168.220.20
unicast_peer {
192.168.220.10
}
}
2.6、实现IPVS的高可用性(负载均衡)
2.6.1、IPVS相关配置
2.6.1.1、虚拟服务器配置结构
virtual_server IP port {...real_server {...}real_server {...}…}
2.6.1.2、virtual server (虚拟服务器)的定义格式
- virtual_server IP port #定义虚拟主机IP地址及其端口
- virtual_server fwmark int #ipvs的防火墙打标,实现基于防火墙的负载均衡集群
- virtual_server group string #使用虚拟服务器组
2.6.1.3、虚拟服务器配置
- virtual_server IP port { #VIP和PORT
- delay_loop <INT> #检查后端服务器的时间间隔
- lb_algo rr|wrr|lc|wlc|lblc|sh|dh #定义调度方法
- lb_kind NAT|DR|TUN #集群的类型,注意要大写
- persistence_timeout <INT> #持久连接时长
- protocol TCP|UDP|SCTP #指定服务协议,一般为TCP
- sorry_server <IPADDR> <PORT> #所有RS故障时,备用服务器地址
- real_server <IPADDR> <PORT> { #RS的IP和PORT
- weight <INT> #RS权重
- notify_up <STRING>|<QUOTED-STRING> #RS上线通知脚本
- notify_down <STRING>|<QUOTED-STRING> #RS下线通知脚本
- HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|MISC_CHECK { ... } #定义当前主机健康状 态检测方法
- }
- }
注:括号必须分行写,两个括号写在同一行,如: }} 会出错
2.6.1.4、应用层监测:HTTP_GET|SSL_GET
HTTP_GET|SSL_GET {url {path <URL_PATH> #定义要监控的URLstatus_code <INT> #判断上述检测机制为健康状态的响应码,一般为 200}connect_timeout <INTEGER> #客户端请求的超时时长 ,nb_get_retry <INT> #重试次数delay_before_retry <INT> #重试之前的延迟时长connect_ip <IP ADDRESS> #向当前 RS 哪个 IP 地址发起健康状态检测请求connect_port <PORT> #向当前 RS 的哪个 PORT 发起健康状态检测请求bindto <IP ADDRESS> #向当前 RS 发出健康状态检测请求时使用的源地址bind_port <PORT> #向当前 RS 发出健康状态检测请求时使用的源端口}
2.6.1.5、TCP监测:TCP_CHECK
TCP_CHECK {connect_ip <IP ADDRESS> #向当前 RS 的哪个 IP 地址发起健康状态检测请求connect_port <PORT> #向当前 RS 的哪个 PORT 发起健康状态检测请求bindto <IP ADDRESS> #发出健康状态检测请求时使用的源地址bind_port <PORT> #发出健康状态检测请求时使用的源端口connect_timeout <INTEGER> #客户端请求的超时时长#等于haproxy的timeout server}
2.6.2、实战案例
2.6.2.1、实现单主的 LVS-DR 模式
#server1
ip addr add 192.168.220.100/32 dev lo
cat >> /etc/sysctl.conf << EOF
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.lo.arp_ignore=1
EOF
sysctl -p
yum install httpd -y
echo "this is server1" > /var/www/html/index.html
systemctl enable --now httpd
#server2
ip addr add 192.168.220.100/32 dev lo
cat >> /etc/sysctl.conf << EOF
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.lo.arp_ignore=1
EOF
sysctl -p
yum install httpd -y
echo "this is server2" > /var/www/html/index.html
systemctl enable --now httpd
#KA1上的配置
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id 100123123
vrrp_skip_check_adv_addr
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.220.100/24 dev eth0 label eth0:1
}
unicast_src_ip 192.168.220.10
unicast_peer {
192.168.220.20
}
}
virtual_server 192.168.220.100 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
protocol TCP
persistence_timeout 0
real_server 192.168.220.210 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 2
nb_get_retry 2
delay_before_retry 1
}
}
real_server 192.168.220.220 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 2
nb_get_retry 2
delay_before_retry 1
}
}
}
systemctl enable --now keepalived
#KA2上的配置
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id 100123123
vrrp_skip_check_adv_addr
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
preempt_delay 10
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.220.100/24 dev eth0 label eth0:1
}
unicast_src_ip 192.168.220.20
unicast_peer {
192.168.220.10
}
}
virtual_server 192.168.220.100 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
persistence_timeout 50
protocol TCP
persistence_timeout 1
real_server 192.168.220.210 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 2
nb_get_retry 2
delay_before_retry 1
}
}
real_server 192.168.220.220 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 2
nb_get_retry 2
delay_before_retry 1
}
}
}
systemctl enable --now keepalived
测试
2.6.2.2、实现双主的LVS-DR模式
在单主模式下做一定的添加
#server1
#添加VIP
ip addr add 192.168.220.200/32 dev lo
#安装Mariadb
yum install mariadb-server.x86_64 -y
#给该数据库打上标记以区分,在mysqld下添加一行记录
vim /etc/my.cnf
server-id=1
#启动Mysql
mysql
#创建库,用户和授权
create database remote_db;
create user remote@'%' identified by "Mysql@123";
grant all on remote_db.* to remote@'%';
#server2
#添加VIP
ip addr add 192.168.220.200/32 dev lo
#安装Mariadb
yum install mariadb-server.x86_64 -y
#给该数据库打上标记以区分,在mysqld下添加一行记录
vim /etc/my.cnf
server-id=2
#启动Mysql
mysql
#创建库,用户和授权
create database remote_db;
create user remote@'%' identified by "Mysql@123";
grant all on remote_db.* to remote@'%';
#KA1的配置文件
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id 100123123
vrrp_skip_check_adv_addr
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.220.100/24 dev eth0 label eth0:1
}
unicast_src_ip 192.168.220.10
unicast_peer {
192.168.220.20
}
}
vrrp_instance VI_2 {
state BAUKUP
interface eth0
virtual_router_id 200
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.220.200/24 dev eth0 label eth0:2
}
unicast_src_ip 192.168.220.10
unicast_peer {
192.168.220.20
}
}
virtual_server 192.168.220.100 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
protocol TCP
persistence_timeout 0
real_server 192.168.220.210 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 2
nb_get_retry 2
delay_before_retry 1
}
}
real_server 192.168.220.220 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 2
nb_get_retry 2
delay_before_retry 1
}
}
}
virtual_server 192.168.220.200 3306 {
delay_loop 6
lb_algo rr
lb_kind DR
protocol TCP
persistence_timeout 0
real_server 192.168.220.210 3306 {
weight 1
TCP_CHECK {
connect_timeout 2
nb_get_retry 2
delay_before_retry 1
connect_port 3306
}
}
real_server 192.168.220.220 3306 {
weight 1
TCP_CHECK {
connect_timeout 2
nb_get_retry 2
delay_before_retry 1
connect_port 3306
}
}
}
#重启
systemctl restart keepalived
#KA2的配置文件
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id 100123123
vrrp_skip_check_adv_addr
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.220.100/24 dev eth0 label eth0:1
}
unicast_src_ip 192.168.220.10
unicast_peer {
192.168.220.20
}
}
vrrp_instance VI_2 {
state BAUKUP
interface eth0
virtual_router_id 200
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.220.200/24 dev eth0 label eth0:2
}
unicast_src_ip 192.168.220.10
unicast_peer {
192.168.220.20
}
}
virtual_server 192.168.220.100 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
protocol TCP
persistence_timeout 0
real_server 192.168.220.210 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 2
nb_get_retry 2
delay_before_retry 1
}
}
real_server 192.168.220.220 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 2
nb_get_retry 2
delay_before_retry 1
}
}
}
virtual_server 192.168.220.200 3306 {
delay_loop 6
lb_algo rr
lb_kind DR
protocol TCP
persistence_timeout 0
real_server 192.168.220.210 3306 {
weight 1
TCP_CHECK {
connect_timeout 2
nb_get_retry 2
delay_before_retry 1
connect_port 3306
}
}
real_server 192.168.220.220 3306 {
weight 1
TCP_CHECK {
connect_timeout 2
nb_get_retry 2
delay_before_retry 1
connect_port 3306
}
}
}
#重启
systemctl restart keepalived
2.7、通过脚本实现其它应用的高可用性 VRRP Script
2.7.1、VRRP Script 配置
vrrp_script:自定义资源监控脚本, vrrp 实例根据脚本返回值,公共定义,可被多个实例调用,定义在vrrp 实例之外的独立配置块,一般放在 global_defs 设置块之后。 通常此脚本用于监控指定应用的状态。一旦发现应用的状态异常,则触发对MASTER 节点的权重减至 低于SLAVE 节点,从而实现 VIP 切换到 SLAVE 节点track_script:调用 vrrp_script 定义的脚本去监控资源,定义在 VRRP 实例之内,调用事先定义的vrrp_script
- 定义脚本
vrrp_script <SCRIPT_NAME> {script <STRING>|<QUOTED-STRING> #此脚本返回值为非 0 时#会触发下面OPTIONS执行OPTIONS}
调用脚本track_script {SCRIPT_NAME_1SCRIPT_NAME_2}
2.7.1.1 定义 VRRP script
vrrp_script <SCRIPT_NAME> { # 定义一个检测脚本,在 global_defs 之外配置script <STRING>|<QUOTED-STRING> #shell命令或脚本路径interval <INTEGER> #间隔时间,单位为秒,默认 1 秒timeout <INTEGER> #超时时间weight <INTEGER:-254..254>fall <INTEGER> #执行脚本连续几次都失败 , 则转换为失败,建议设为 2 以上rise <INTEGER> #执行脚本连续几次都成功,把服务器从失败标记为成功user USERNAME [GROUPNAME] #执行监测脚本的用户或组init_fail #设置默认标记为失败状态,监测成功之后再转换为成功状态}
2.7.1.2 调用 VRRP script
vrrp_instance test {... ...track_script {check_down}}
2.7.2 实战案例:实现HAProxy高可用
#KA1
yum install psmisc -y
yum install haproxy -y
#在haproxy配置文件中添加以下内容
listen webserver
bind 192.168.220.100:80
server web1 192.168.220.210:80 check inter 2 fall 2 rise 5
server web2 192.168.220.220:80 check inter 2 fall 2 rise 5
#修改内核参数
echo "net.ipv4.ip_nonlocal_bind = 1" >> /etc/sysctl.conf
sysctl -p
#写脚本文件并给予执行权限
vim /usr/local/bin/haproxy.sh
#!/bin/bash
/usr/bin/killall -0 haproxy
chmod +x /usr/local/bin/haproxy.sh
#修改keepalived配置文件/etc/keepalived/keepalived.conf
vrrp_script check_haproxy { #检查script内容
script "/usr/local/bin/haproxy.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}
vrrp_instance web {
state MASTER
interface eth0
virtual_router_id 50
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.220.100 dev eth0 label eth0:1
}
track_script { #调用script
check_haproxy
}
}
#启动haproxy和重启keepalived
systemctl enable --now haproxy
systemctl restart keepalived
#KA2
yum install psmisc -y
yum install haproxy -y
#在haproxy配置文件中添加以下内容
listen webserver
bind 192.168.220.100:80
server web1 192.168.220.210:80 check inter 2 fall 2 rise 5
server web2 192.168.220.220:80 check inter 2 fall 2 rise 5
#修改内核参数
echo "net.ipv4.ip_nonlocal_bind = 1" >> /etc/sysctl.conf
sysctl -p
#写脚本文件并给予执行权限
vim /usr/local/bin/haproxy.sh
#!/bin/bash
/usr/bin/killall -0 haproxy
chmod +x /usr/local/bin/haproxy.sh
#修改keepalived配置文件
vrrp_script check_haproxy { #script检查配置
script "/usr/local/bin/haproxy.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}
vrrp_instance web {
state BACKUP
interface eth0
virtual_router_id 50
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.220.100 dev eth0 label eth0:1
}
track_script { #调用script
check_haproxy
}
}
#启动haproxy和重启keepalived
systemctl enable --now haproxy
systemctl restart keepalived
测试:
在KA1将haproxy关掉之后eth0:1VIP漂移到KA2上