安装
Centos7.4
yum install keepalived
配置
Master服务器配置
[root@wsjy-proxy01 keepalived]# cat keepalived.conf
global_defs {
router_id lb-master
enable_script_security
}
vrrp_script check-haproxy {
script "/usr/bin/killall -0 nginx"
interval 5
weight -30
}
vrrp_instance kube-master {
state MASTER
priority 120
dont_track_primary
interface ens160
virtual_router_id 88
advert_int 1
track_script {
check-haproxy
}
authentication {
auth_type PASS
auth_pass 17908123
}
virtual_ipaddress {
10.101.133.107
}
}
Backup服务器配置
[root@wsjy-proxy2 keepalived]# cat keepalived.conf
global_defs {
router_id lb-backup
enable_script_security
}
vrrp_script check-haproxy {
script "/usr/bin/killall -0 nginx"
interval 5
weight -30
}
vrrp_instance kube-master {
state BACKUP
priority 110
dont_track_primary
interface ens160
virtual_router_id 88
advert_int 1
track_script {
check-haproxy
}
authentication {
auth_type PASS
auth_pass 17908123
}
virtual_ipaddress {
10.101.133.107
}
}
测试切换
Master 服务器上执行:
killall nginx
May 19 15:37:23 wsjy-proxy01 Keepalived_vrrp[2163]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]
May 19 15:37:24 wsjy-proxy01 Keepalived_vrrp[2163]: VRRP_Instance(kube-master) Transition to MASTER STATE
May 19 15:38:13 wsjy-proxy01 Keepalived_vrrp[2163]: /usr/bin/killall -0 nginx exited with status 1
May 19 15:38:13 wsjy-proxy01 Keepalived_vrrp[2163]: VRRP_Script(check-haproxy) failed
May 19 15:38:13 wsjy-proxy01 Keepalived_vrrp[2163]: VRRP_Instance(kube-master) Changing effective priority from 120 to 90
May 19 15:38:14 wsjy-proxy01 Keepalived_vrrp[2163]: VRRP_Instance(kube-master) Received advert with higher priority 110, ours 90
May 19 15:38:14 wsjy-proxy01 Keepalived_vrrp[2163]: VRRP_Instance(kube-master) Entering BACKUP STATE
May 19 15:38:14 wsjy-proxy01 Keepalived_vrrp[2163]: VRRP_Instance(kube-master) removing protocol VIPs.
查看到MASTER切换为 BACKUP状态。
问题排查
- Keepalived_vrrp[1019]: Cannot find script killall in path
killall 需要配置完整路径
--安装 killall 软件
yum install psmisc -y
如果未安装 psmisc,不存在 killall 命令。
- SECURITY VIOLATION - scripts are being executed but script_security not enabled
在global_defs配置中添加: enable_script_security
global_defs {
router_id lb-master
enable_script_security
}