目录
一、集群
1.1 集群类型
1.高可用集群( High Availability Cluster) HAC
- 数据库、Redis
- 常见的就是2个节点做成的HA集群,有很多通俗的不科学的名称,比如”双机热备”, “双机互备”, “双机”。
- 高可用集群解决的是保障用户的应用程序持续对外提供服务的能力。 (请注意高可用集群既不是用来保护业务数据的,保护的是用户的业务程序对外不间断提供服务,把因软件/硬件/人为造成的故障对业务的影响降低到最小程度)。
2.负载均衡集群(Load Balance Cluster) LB
- LVS/HAProxy/nginx(http/upstream, stream/upstream)
- 负载均衡系统:集群中所有的节点都处于活动状态,它们分摊系统的工作负载。一般Web服务器集群、数据库集群和应用服务器集群都属于这种类型。
- 负载均衡集群一般用于相应网络请求的网页服务器,数据库服务器。这种集群可以在接到请求时,检查接受请求较少,不繁忙的服务器,并把请求转到这些服务器上。从检查其他服务器状态这一点上看,负载均衡和容错集群很接近,不同之处是数量上更多。
3.科学计算集群(High Performance Computing Cluster) HPC
- SPoF: Single Point of Failure,解决单点故障
- 高性能计算(High Perfermance Computing)集群,简称HPC集群。这类集群致力于提供单个计算机所不能提供的强大的计算能力。
1.2 负载均衡
负载均衡(Load Balance,简称 LB)是高并发、高可用系统必不可少的关键组件,目标是 尽力将网络流量平均分发到多个服务器上,以提高系统整体的响应速度和可用性。
1.3 负载均衡作用
- 高并发:负载均衡通过算法调整负载,尽力均匀的分配应用集群中各节点的工作量,以此提高应用集群的并发处理能力(吞吐量)。
- 伸缩性:添加或减少服务器数量,然后由负载均衡进行分发控制。这使得应用集群具备伸缩性。
- 高可用:负载均衡器可以监控候选服务器,当服务器不可用时,自动跳过,将请求分发给可用的服务器。这使得应用集群具备高可用的特性。
- 安全防护:有些负载均衡软件或硬件提供了安全性功能,如:黑白名单处理、防火墙,防 DDos 攻击等。
1.4 实现高可用
提升系统高用性的解决方案:降低MTTR- Mean Time To Repair(平均故障时间)
解决方案:建立冗余机制
1.5 VRRP
虚拟路由冗余协议VRRP(Virtual Router Redundancy Protocol)。虚拟路由冗余协议,解决静态网关单点风险 。通过把几台路由设备联合组成一台虚拟的路由设备,将虚拟路由设备的IP地址作为用户的默认网关实现与外部网络通信。当网关设备发生故障时,VRRP机制能够选举新的网关设备承担数据流量,从而保障网络的可靠通信。
1.5.1 VRRP作用
出口网关的备份,保证出口网关的高可用性。
1.5.2 VRRP优势
1. 主路由器失效后,备份路由器立即顶替主路由器的工作,保证数据的不丢失。
2.两个不同的路由器成为不同组的主路由器,相互备份。
3.跟踪上行链路接口状态,当上行链路接口失效时,自动将备份路由份提升为主路由器,保证数据的不丢失。
1.5.3 VRRP相关术语
- 虚拟路由器:Virtual Router
- 虚拟路由器标识:VRID(0-255),唯一标识虚拟路由器
- VIP:Virtual IP
- VMAC:Virutal MAC (00-00-5e-00-01-VRID)
- 物理路由器:
master:主设备
backup:备用设备
priority:优先级
1.4.4 VRRP相关技术
- 通告:心跳,优先级等;周期性
- 工作方式:抢占式,非抢占式
- 安全认证:
无认证
简单字符认证:预共享密钥
MD5
- 工作模式:
主/备:单虚拟路由器
主/主:主/备(虚拟路由器1),备/主(虚拟路由器2)
二、Keepalived
2.1 Keepalived概念
Keepalived是Linux下一个轻量级别的高可用解决方案,可以实现服务或者网络的高可用
Keepalived主要是通过虚拟路由冗余来实现高可用,虽然它没有HeartBeat那么强大,但Keepalived的部署和使用非常简单,所有配置只需要一个配置文件即可完成
Keepalived起初是为LVS设计的,专门用来监控集群系统中各个服务节点的状态,如果某个服务器节点出现故障,Keepalived将检测到后自动将节点从集群系统中剔除,而在故障节点恢复正常后,Keepalived又可以自动将此节点重新加入集群中,这些工作自动完成,不需要人工干预,需要人工完成的只是修复出现故障的节点
后来又加入了VRRP的功能,VRRP(VritrualRouterRedundancyProtocol,虚拟路由冗余协议)出现的目的是解决静态路由出现的单点故障问题,通过VRRP可以实现网络不间断稳定运行,因此Keepalvied一方面具有服务器状态检测和故障隔离功能,另外一方面也有高可用集群功能
2.2 功能
- 基于vrrp协议完成地址流动
- 为vip地址所在的节点生成ipvs规则(在配置文件中预先定义)
- 为ipvs集群的各RS做健康状态检测
- 基于脚本调用接口完成脚本中定义的功能,进而影响集群事务,以此支持nginx、haproxy等服务
2.3 配置虚拟路由器
ka1
1.下载keepalived
yum install -y keepalived
2.启动keepalived服务
systemctl restart keepalived
3.打开keepalived主配置文件
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
4. 根据示例,编辑内容
5.重启服务
[root@ka1 ~]# systemctl restart keepalived.service
ka2
1.下载keepalived
yum install -y keepalived
2.启动keepalived服务
systemctl restart keepalived
3.打开keepalived主配置文件
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
4. 根据示例,编辑内容
5.重启服务
[root@ka2 ~]# systemctl restart keepalived.service
测试
抓包查看
只要VIP在那台keepalived上
2.4 启用日志
ka1
1.编辑keeplived文件
2.编辑rsyslog.conf文件,定义日志级别和日志文件
3.重启keepalived和rsyslog服务,并查看日志是否存在
ka2同上
2.5 子配置文件
当生产环境复杂时, /etc/keepalived/keepalived.conf 文件中内容过多,不易管理。
将不同集群的配置,比如:不同集群的VIP配置放在独立的子配置文件中利用include 指令可以实现包含子配置文件。
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
将虚拟路由器配置都注释掉,再复制到子配置文件中
创建文件夹,编写子配置文件
[root@ka1 ~]# vim /etc/keepalived/conf.d/172.25.254.100.conf
重启服务
[root@ka1 ~]# systemctl restart keepalived.service
ka2同上,操作相同
测试
2.6 抢占和非抢占模式
默认为抢占模式preempt,即当高优先级的主机恢复在线后,会抢占低优先级的主机的master角色,这样会使vip在KA主机中来回漂移,造成网络抖动,建议设置为非抢占模式nopreempt,即高优先级恢复后,并不会抢占低优先级的master角色,非抢占模式下,如果源主机down,vip将迁移至新的主机,后续页发生down时,会将VIP迁回原主机
注:关闭抢占式,必须将keepalived主配置文件中的state配置为BACKUP
2.6.1 默认抢占模式
测试:
1. ka1,ka2的keepalived服务都开启
任意一台主机上测试
[root@node1 ~]# tcpdump -i eth0 -nn host 224.0.0.10
2.关闭ka1
3.开启ka1
2.6.2 非抢占模式
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
[root@ka2 ~]# systemctl restart keepalived.service
ka1,ka2服务正常时
关闭ka1服务时,再开启,不会VIP再回到ka1
2.6.3 延迟抢占
ka1
ka2
ka1停止
ka1优先级为100,优先级高
ka1重启之后,5s后VIP重新回到ka1上
2.7 单播
默认keepalived主机之间利用多播相互通告消息,会造成网络拥塞,可以替换成单播,减少网络流量。
注:不支持vrrp_strict
2.7.1 ka1配置
设置为专用于对应心跳线网络的地址
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
[root@ka1 ~]# systemctl restart keepalived.service
2.7.2 ka2
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
[root@ka2 ~]# systemctl restart keepalived.service
2.7.3 抓包查看单播效果
tcpdump -i eth0 -nn src host 172.25.254.10 and dst 172.25.254.20
2.8 邮件
当keepalived的状态变化时,可以自动触发脚本的执行,比如:发邮件通知用户
1.在keepalived主配置文件中编辑
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
2.安装邮件发送工具
[root@ka1 ~]# yum install -y mailx
3.配置邮箱
[root@ka1 ~]# vim /etc/mail.rc
在最后添加
qqhao:为你的QQ邮箱号
smtp-auth-password获取:
(1)登录QQ邮箱
(2)点击“账号与安全”
(3)点击“安全设置”
(4)生成授权码
(5)复制授权码,粘贴到“smtp-auth-password=”
4.编辑通知脚本
[root@ka1 ~]# vim /etc/keepalived/mail.sh
#!/bin/bash
mail_dst=3041609716@qq.com
send_message()
{
mail_sub="$HOME to be $1 vip move"
mail_msg="`date +%F\ %T`:vrrp move $HOSTNAME change $1"
echo $mail_msg | mail -s "$mail_sub" $mail_dst
}
case $1 in
master)
send_message master
;;
backup)
send_message backup
;;
fault)
send_message fault
;;
*)
;;
esac
#赋予脚本可执行权限
[root@ka1 ~]# chmod +x /etc/keepalived/mail.sh
5.重启服务
[root@ka1 ~]# systemctl restart keepalived.service
5.测试
(1)简单测试
[root@ka1 ~]# echo hello | mail -s test 3041609716@qq.com
结果:QQ邮箱会收到邮件
(2)调用脚本
[root@ka1 ~]# /etc/keepalived/mail.sh master
[root@ka1 ~]# /etc/keepalived/mail.sh default
[root@ka1 ~]# /etc/keepalived/mail.sh backup
(3)当VIP跳转时就会自动发送邮件
2.9 实现双主master/master
# 只修改以下部分
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
123456789@qq.com
}
notification_email_from keepalived@lm.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1.lm.org
vrrp_skip_check_adv_addr
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 200
priority 80
advert_int 1
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:2
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
}
[root@ka1 ~]# systemctl restart keepalived
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
123456789@qq.com
}
notification_email_from keepalived@lm.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka2.lm.org
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
}
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 200
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:2
}
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
}
}
[root@ka2 ~]# systemctl restart keepalived
三、实现Keepalived-DR
准备两台后端realserver
realserver1
1.修改IP
[root@realserver1 ~]# nmcli connection modify eth0 ipv4.address 172.25.254.110/24
[root@realserver1 ~]# nmcli connection up eth0
2.下载http服务
[root@realserver1 ~]# yum install -y httpd
# 启动服务
[root@realserver1 ~]# systemctl restart httpd
3.重定向web服务内容
[root@realserver1 ~]# echo realserver1 -172.25.254.110 > /var/www/html/index.html
# 重动服务
[root@realserver1 ~]# systemctl restart httpd
4.将VIP设置为lo网卡
# 临时添加lo
[root@realserver1 ~]# ip a a 172.25.254.100/32 dev lo
# 永久修改lo
[root@realserver1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-lo
# 添加,修改以下语句
DEVICE=lo
IPADDR0=127.0.0.1
NETMASK0=255.0.0.0
IPADDR1=172.25.254.100
NETMASK1=255.255.255.255
NETWORK=127.0.0.0
# 重启网络
[root@realserver1 ~]# systemctl restart network
[root@realserver1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 172.25.254.100/32 brd 172.25.254.100 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
5.设置后端服务器不响应
[root@realserver1 ~]# sysctl -a | grep arp
[root@realserver1 ~]# vim /etc/sysctl.d/arp.conf
net.ipv4.conf.all.arp_announce=1
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.lo.arp_ignore=2
~
[root@realserver1 ~]# sysctl --system
realserver2
1.修改IP
[root@realserver2 ~]# nmcli connection modify eth0 ipv4.address 172.25.254.120/24
[root@realserver2 ~]# nmcli connection up eth0
2.下载http服务
[root@realserver1 ~]# yum install -y httpd
# 启动服务
[root@realserver1 ~]# systemctl restart httpd
3.重定向web服务内容
[root@realserver2 ~]# echo realserver2 -172.25.254.120 > /var/www/html/index.html
# 重动服务
[root@realserver2 ~]# systemctl restart httpd
4.将VIP设置为lo网卡
# 临时添加lo
[root@realserver2 ~]# ip a a 172.25.254.100/32 dev lo
# 永久修改lo
[root@realserver2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-lo
# 添加,修改以下语句
DEVICE=lo
IPADDR0=127.0.0.1
NETMASK0=255.0.0.0
IPADDR1=172.25.254.100
NETMASK1=255.255.255.255
NETWORK=127.0.0.0
# 重启网络
[root@realserver1 ~]# systemctl restart network
[root@realserver1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 172.25.254.100/32 brd 172.25.254.100 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
5.设置后端服务器不响应
[root@realserver2 ~]# vim /etc/sysctl.d/arp.conf
net.ipv4.conf.all.arp_announce=1
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.lo.arp_ignore=2
[root@realserver2 ~]# sysctl --system
ka1
1.下载Keepalived
[root@ka1 ~]# yum install -y keepalived
# 启动keepalived
[root@ka1 ~]# systemctl restart keepalived.service
2.修改Keepalived主配置文件
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
track_script {
check_haproxy
}
}
virtual_server 172.25.254.100 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
protocol TCP
real_server 172.25.254.110 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 2
delay_before_retry 2
}
}
real_server 172.25.254.120 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 2
delay_before_retry 2
}
}
}
[root@ka1 ~]# systemctl restart keepalived
3.下载ipvsadm
[root@ka1 ~]# yum install -y ipvsadm
4.查看规则
ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.254.100:80 wrr
-> 172.25.254.110:80 Route 1 0 0
-> 172.25.254.120:80 Route 1 0 0
TCP 192.168.200.100:443 rr persistent 50
-> 192.168.201.100:443 Masq 1 0 0
TCP 10.10.10.2:1358 rr persistent 50
-> 192.168.200.2:1358 Masq 1 0 0
-> 192.168.200.3:1358 Masq 1 0 0
TCP 10.10.10.3:1358 rr persistent 50
-> 192.168.200.4:1358 Masq 1 0 0
-> 192.168.200.5:1358 Masq 1 0 0
ka2
1.下载Keepalived
[root@ka2 ~]# yum install -y keepalived
# 启动keepalived
[root@ka2 ~]# systemctl restart keepalived.service
2.修改Keepalived主配置文件
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
}
track_script {
check_haproxy
}
}
virtual_server 172.25.254.100 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
protocol TCP
real_server 172.25.254.110 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 2
delay_before_retry 2
}
}
real_server 172.25.254.120 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 2
delay_before_retry 2
}
}
}
[root@ka2 ~]# systemctl restart keepalived
3.查看规则
[root@ka2 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.254.100:80 wrr
-> 172.25.254.120:80 Route 1 0 0
TCP 192.168.200.100:443 rr persistent 50
-> 192.168.201.100:443 Masq 1 0 0
TCP 10.10.10.2:1358 rr persistent 50
-> 192.168.200.2:1358 Masq 1 0 0
-> 192.168.200.3:1358 Masq 1 0 0
TCP 10.10.10.3:1358 rr persistent 50
测试
任意一台主机测试
[root@realserver2 ~]# curl 172.25.254.100
realserver1 - 172.25.24.110
[root@realserver2 ~]# curl 172.25.254.100
realserver2 - 172.25.254.120
[root@realserver2 ~]# curl 172.25.254.100
realserver1 - 172.25.24.110
[root@realserver2 ~]# curl 172.25.254.100
realserver2 - 172.25.254.120
[root@realserver2 ~]# curl 172.25.254.100
realserver1 - 172.25.24.110
四、实现Keepalived-HAProxy
准备两个纯净的后端realserver
realserver1
IP:172.25.254.110
1.修改IP
[root@realserver1 ~]# nmcli connection modify eth0 ipv4.address 172.25.254.110/24
[root@realserver1 ~]# nmcli connection up eth0
2.下载http服务
[root@realserver1 ~]# yum install -y httpd
# 启动服务
[root@realserver1 ~]# systemctl restart httpd
3.重定向web服务内容
[root@realserver1 ~]# echo realserver1 -172.25.254.110 > /var/www/html/index.html
# 重动服务
[root@realserver1 ~]# systemctl restart httpd
realserver2
IP:172.25.254.120
1.修改IP
[root@realserver2 ~]# nmcli connection modify eth0 ipv4.address 172.25.254.120/24
[root@realserver2 ~]# nmcli connection up eth0
2.下载http服务
[root@realserver1 ~]# yum install -y httpd
# 启动服务
[root@realserver1 ~]# systemctl restart httpd
3.重定向web服务内容
[root@realserver2 ~]# echo realserver2 -172.25.254.120 > /var/www/html/index.html
# 重动服务
[root@realserver2 ~]# systemctl restart httpd
ka1
IP:172.25.254.10
1.下载Keepalived
[root@ka1 ~]# yum install -y keepalived
# 启动keepalived
[root@ka1 ~]# systemctl restart keepalived.service
2. 修改配置
# 必须要添加这个,不然后面haproxy启动不了
[root@ka1 ~]# vim /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind=1
[root@ka1 ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
3.编写创建判断haproxy的脚本
[root@ka1 ~]# vim /etc/keepalived/test.sh
#!/bin/bash
killall -0 haproxy
# 赋予可执行权限
[root@ka1 ~]# chmod +x /etc/keepalived/test.sh
4.修改Keepalived主配置文件
[root@ka1 ~]# vim /etc/keepalived/test.sh
global_defs {
notification_email {
123456789@qq.com
}
notification_email_from keepalived@lm.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1.lm.org
vrrp_skip_check_adv_addr
#vrrp_strict # 一定不能要!!!!
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_script check_haproxy {
script "/etc/keepalived/test.sh"
inerval 1
weight -30
fall 2
rise 2
timout 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
####此处要注意
track_script {
check_haproxy
}
}
[root@ka1 ~]# systemctl restart keepalived
5.下载haproxy
[root@ka1 ~]# yum install -y haproxy
[root@ka1 ~]# systemctl restart haproxy
6.配置haproxy主配置文件
# 添加
[root@ka1 ~]# vim /etc/haproxy/haproxy.cfg
listen webcluster
bind 172.25.254.100:80
mode http
balance roundrobin
server web1 172.25.254.110:80 check inter 2 fall 3 rise 5
server web1 172.25.254.120:80 check inter 2 fall 3 rise 5
[root@ka1 ~]# systemctl restart haproxy
ka2
IP:172.25.254.20
1.下载Keepalived
[root@ka2 ~]# yum install -y keepalived
# 启动keepalived
[root@ka2 ~]# systemctl restart keepalived.service
2. 修改配置
# 必须要添加这个,不然后面haproxy启动不了
[root@ka2 ~]# vim /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind=1
[root@ka2 ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
3.编写创建判断haproxy的脚本
[root@ka2 ~]# vim /etc/keepalived/test.sh
#!/bin/bash
killall -0 haproxy
# 赋予可执行权限
[root@ka2 ~]# chmod +x /etc/keepalived/test.sh
4.修改Keepalived主配置文件
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
3041609716@qq.com
}
notification_email_from keepalived@lm.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka2.lm.org
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_script check_haproxy {
script "/etc/keepalived/test.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
}
####此处要注意
track_script {
check_haproxy
}
}
[root@ka2 ~]# systemctl restart keepalived.service
5.下载haproxy
[root@ka2 ~]# yum install -y haproxy
[root@ka2 ~]# systemctl restart haproxy
6.配置haproxy主配置文件
# 添加
[root@ka2 ~]# vim /etc/haproxy/haproxy.cfg
listen webcluster
bind 172.25.254.100:80
mode http
balance roundrobin
server web1 172.25.254.110:80 check inter 2 fall 3 rise 5
server web1 172.25.254.120:80 check inter 2 fall 3 rise 5
[root@ka2 ~]# systemctl restart haproxy
测试
在ka1上,停止haproxy服务,查看ka1,ka2的ifconfig,查看VIP是否飘动
然后再开启ka1上的haproxy服务,再查看ifconfig