#!/bin/bash
nginx1:192.168.97.101
nginx2:192.168.97.102
vip: 192.168.97.241
#安装软件
yum install nginx wget
echo -e "192.168.97.101 nginx-master " > /usr/share/nginx/html/index.html
echo -e "192.168.97.102 nginx-backup " > /usr/share/nginx/html/index.html
yum install keepalived -y
##配置检查脚本,两台节点都配置
cat <<END> /etc/nginx/check_nginx_alive.sh
#!/bin/sh
A=`ps -C nginx --no-header |wc -l`
if [ $A -eq 0 ]
then echo 'nginx server is died'
systemctl stop keepalived
fi
END
chmod a+x /etc/nginx/check_nginx_alive.sh
##配置keepalived.conf
###主节点配置
cp /etc/keepalived/keepalived.conf{,.bk}
egrep -v '#|^$' /etc/keepalived/keepalived.conf
! Configuration File for keepalived
vrrp_script check_nginx_alive {
script "/etc/nginx/check_nginx_alive.sh"
interval 3
weight -10
}
global_defs {
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.97.241
}
track_script {
check_nginx_alive
}
}
virtual_server 192.168.97.241 80 {
delay_loop 6
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
real_server 192.168.97.101 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
###备节点配置
egrep -v '#|^$' /etc/keepalived/keepalived.conf
! Configuration File for keepalived
vrrp_script check_nginx_alive {
script "/etc/nginx/check_nginx_alive.sh"
interval 3
weight -10
}
global_defs {
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.97.241
}
track_script {
check_nginx_alive
}
}
virtual_server 192.168.97.241 80 {
delay_loop 6
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
real_server 192.168.97.102 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
##启动服务
systemctl start keepalived && systemctl enable keepalived
##修改openstack中实例端口属性
在OpenStack中默认由于安全组策略限制,云主机只响应自己的iP地址请求,如果需要做HA,可以用以下两种方式实现
这里使用的是第一种,第二种忽略
1、 增加allow_address_pairs属性
neutron port-list |grep 192.168.97.101
neutron port-update 958ea025-d13c-4c8b-af8a-207339fe5299 --allowed_address_pairs list=true type=dict ip_address=192.168.97.241
neutron port-list |grep 192.168.97.102
neutron port-update 184cee31-9eee-4282-9da9-dce542c1056a --allowed_address_pairs list=true type=dict ip_address=192.168.97.241
2、 关闭neutron port的安全组特性 ,这种方法忽略
neutron port-update --no-security-groups $port_id
neutron port-update $port_id --port-security-enabled=False
##测试
web 输入 192.168.97.241 显示ok,
手动关闭主节点keepalived ,备节点显示ok