HOME
BLOG
TIME
FRIENDS
SAY TO ME
MOOD
TRAVELING
KeepAlived基础介绍
2020/08/16 4.2k 21 分钟 点击

高可用集群

集群Cluster

  • 集群类型:
    • LB lvs/nginx(http/upstream, stream/upstream)
    • HA 高可用性
      • SPoF: Single Point of Failure
    • HPC
  • 系统可用性的公式:A=MTBF/(MTBF+MTTR)
    • (0,1), 95%
    • 几个9(指标): 99%, …, 99.999%,99.9999%;
  • 系统故障:
    • 硬件故障:设计缺陷、wear out(损耗)、自然灾害……
    • 软件故障:设计缺陷
  • 提升系统高用性的解决方案之降低MTTR:
    • 手段:冗余redundant
    • active/passive 主备
    • active/active 双主
    • active –> HEARTBEAT –> passive
    • active <–> HEARTBEAT <–> active
  • 高可用的是“服务”:
    • HA nginx service:
      • vip/nginx process[/shared storage]
    • 资源:组成一个高可用服务的“组件”
    • (1) passive node的数量
    • (2) 资源切换
  • shared storage:
    • NAS:文件共享服务器;
    • SAN:存储区域网络,块级别的共享
  • Network partition:网络分区
    • quorum:法定人数
      • with quorum: > total/2
      • without quorum: <= total/2
    • 隔离设备: fence
      • node:STONITH = Shooting The Other Node In The Head,断电重启
      • 资源:断开存储的连接
  • TWO nodes Cluster
    • 辅助设备:ping node, quorum disk
  • Failover:故障切换,即某资源的主节点故障时,将资源转移 至其它节点的操作
  • Failback:故障移回,即某资源的主节点故障后重新修改上线 后,将之前已转移至其它节点的资源重新切回的过程
  • HA Cluster实现方案:
    • ais:应用接口规范 完备复杂的HA集群
      • RHCS:Red Hat Cluster Suite红帽集群套件
      • heartbeat
      • corosync
    • vrrp协议实现:虚拟路由冗余协议 keepalived

KeepAlived

  • keepalived:
    • vrrp协议:Virtual Router Redundancy Protocol
  • 术语:
    • 虚拟路由器:Virtual Router 虚拟路由器标识:VRID(0-255),唯一标识虚拟路由器
    • 物理路由器:
      • master:主设备
      • backup:备用设备
      • priority:优先级
    • VIP:Virtual IP
    • VMAC:Virutal MAC (00-00-5e-00-01-VRID)
  • 通告:心跳,优先级等;周期性
  • 工作方式:抢占式,非抢占式
  • 安全工作:
    • 认证:
      • 无认证
      • 简单字符认证:预共享密钥
      • MD5
  • 工作模式:
    • 主/备:单虚拟路径器
    • 主/主:主/备(虚拟路径器1),备/主(虚拟路径器2)
  • keepalived: vrrp协议的软件实现,原生设计目的为了高可用ipvs服务
  • 功能:
    • vrrp协议完成地址流动
    • 为vip地址所在的节点生成ipvs规则(在配置文件中预先定义)
    • 为ipvs集群的各RS做健康状态检测
    • 基于脚本调用接口通过执行脚本完成脚本中定义的功能, 进而影响集群事务,以此支持nginx、haproxy等服务
  • 组件:
    • 核心组件:
      • vrrp stack
      • ipvs wrapper
      • checkers
    • 控制组件:配置文件分析器
    • IO复用器
    • 内存管理组件

KeepAlived 组成

KeepAlived组成

KeepAlived实现

  • HA Cluster 配置准备:
    • (1) 各节点时间必须同步
      • ntp, chrony
    • (2) 确保iptables及selinux不会成为阻碍
    • (3) 各节点之间可通过主机名互相通信(对KA并非必须)
      • 建议使用/etc/hosts文件实现
    • (4) 各节点之间的root用户可以基于密钥认证的ssh服务完成互相通信(对KA并非必须)
  • keepalived安装配置: CentOS 6.4+ Base源
  • 程序环境:
    • 主配置文件:/etc/keepalived/keepalived.conf
    • 主程序文件:/usr/sbin/keepalived
    • Unit File:/usr/lib/systemd/system/keepalived.service
    • Unit File的环境配置文件:/etc/sysconfig/keepalived
  • 配置文件组件部分:
  • TOP HIERACHY
    • GLOBAL CONFIGURATION
      • Global definitions
      • Static routes/addresses
    • VRRPD CONFIGURATION
      • VRRP synchronization group(s):vrrp同步组
      • VRRP instance(s):即一个vrrp虚拟路由器
    • LVS CONFIGURATION
      • Virtual server group(s)
      • Virtual server(s):ipvs集群的vs和rs

两台主机,主,从实验

1 selinux ,iptables ,time

2
在proxy1上

#vim keepalived.conf

! Configuration File for keepalived

global_defs {
   notification_email {
     root@localhost
   }
   notification_email_from keepalived@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id proxy1
   vrrp_mcast_group4 224.1.1.1
}

vrrp_instance VI_1 {
    state MASTER
    interface eth1
    virtual_router_id 66
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        172.18.0.200/16
    }
}

3
在proxy2上

#vim keepalived.conf

! Configuration File for keepalived

global_defs {
   notification_email {
     root@localhost
   }
   notification_email_from keepalived@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id proxy2  ######
   vrrp_mcast_group4 224.1.1.1
}

vrrp_instance VI_1 {
    state BACKUP  #####
    interface eth1
    virtual_router_id 66
    priority 80  #####
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        172.18.0.200/16
    }
}

实验:启用ka的日志

vim /etc/sysconfig/keepalived

KEEPALIVED_OPTIONS="-D -S 3" 

vim /etc/rsyslog.conf

local3.*   /var/log/keepalived.log

重启两个服务
systemctl restart rsyslog.service
systemctl restart keepalived.service

实验:keepalived 实现主主IP

proxy1

vim keepalived.conf

global_defs {
   notification_email {
     root@localhost
   }
   notification_email_from keepalived@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id proxy1
   vrrp_mcast_group4 224.1.1.1
}

vrrp_instance VI_1 {
    state MASTER
    interface eth1
    virtual_router_id 66
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        172.18.0.200/16
    }
}
vrrp_instance VI_2 {
    state BACKUP
    interface eth1
    virtual_router_id 88
    priority 80
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 654321
    }
    virtual_ipaddress {
        172.18.0.201/16
    }
}

proxy2

cat keepalived.conf

! Configuration File for keepalived

global_defs {
   notification_email {
     root@localhost
   }
   notification_email_from keepalived@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id proxy2
   vrrp_mcast_group4 224.1.1.1
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth1
    virtual_router_id 66
    priority 80
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        172.18.0.200/16
    }
}
vrrp_instance VI_2 {
    state MASTER
    interface eth1
    virtual_router_id 88
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 654321
    }
    virtual_ipaddress {
        172.18.0.201/16
    }
}

keepAlived 配置

KeepAlived配置

  • 配置语法:
  • 配置虚拟路由器:
      vrrp_instance <STRING> { 
      .... 
      } 
  • 专用参数:
    • state MASTER|BACKUP:当前节点在此虚拟路由器上的初始状态;
    • 只能有一个是MASTER,余下的都应该为BACKUP
    • interface IFACE_NAME:绑定为当前虚拟路由器使用的物理接口
    • virtual_router_id VRID:当前虚拟路由器惟一标识,范围是0-255
    • priority 100:当前物理节点在此虚拟路由器中的优先级;范围1-254
    • advert_int 1:vrrp通告的时间间隔,默认1s
authentication { #认证机制 
    auth_type AH|PASS 
    auth_pass <PASSWORD> 仅前8位有效 
} 
virtual_ipaddress { #虚拟IP
    <IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPE> label <LABEL>
    192.168.200.17/24 dev eth1 
    192.168.200.18/24 dev eth2 label eth2:1 
} 
track_interface { #配置监控网络接口,一旦出现故障,则转为FAULT状态 实现地址转移 
    eth0 
    eth1
     ... 
} 
  • nopreempt:定义工作模式为非抢占模式
  • preempt_delay 300:抢占式模式,节点上线后触发新选举操作的延迟时长,默认模式
  • 定义通知脚本:
    • notify_master |: 当前节点成为主节点时触发的脚本
    • notify_backup |: 当前节点转为备节点时触发的脚本
    • notify_fault |: 当前节点转为“失败”状态时触发的脚本
    • notify |: 通用格式的通知触发机制,一个脚本可完成以上三种状态的转换时的通知

KeepAlived单主配置示例

  • 单主配置示例:
    ! Configuration File for keepalived 
    global_defs { 
      notification_email { 
          root@localhost 
      }
      notification_email_from keepalived@localhost 
      smtp_server 127.0.0.1
      smtp_connect_timeout 30
      router_id node1 #主机名,在另一结点为node2 
      vrrp_mcast_group4 224.0.100.100 
    } 
    vrrp_instance VI_1 { 
      state MASTER             #在另一个结点上为BACKUP
      interface eth0 
      virtual_router_id 6             #多个节点必须相同
      priority 100                 #在另一个结点上为90 
      advert_int 1                 #通告间隔1s
      authentication { 
          auth_type PASS#预共享密钥认证 
          auth_pass 571f97b2 
      } 
      virtual_ipaddress {
          172.18.100.66/16 dev eth0 label eth0:0 
      }
      track_interface { 
          eth0 
      } 
    } 

KeepAlived双主配置

  • 脚本的调用方法:

  • 在vrrp_instance VI_1 语句块最后面加下面行

    • notify_master “/etc/keepalived/notify.sh master”
    • notify_backup “/etc/keepalived/notify.sh backup”
    • notify_fault “/etc/keepalived/notify.sh fault”
  • 示例通知脚本
    ```shell
    #!/bin/bash

    contact=’root@localhost’
    notify() {
    mailsubject=”$(hostname) to be $1, vip floating”
    mailbody=”$(date +’%F %T’): vrrp transition, $(hostname) changed to be $1”
    echo “$mailbody” | mail -s “$mailsubject” $contact
    }
    case $1 in
    master)
    notify master
    ;;
    backup)
    notify backup
    ;;
    fault)
    notify fault
    ;;

  • )
    echo “Usage: $(basename $0) {master|backup|fault}”
    exit 1
    ;;
    esac

  • KeepAlived双主配置
    双主模型示例:

    ! Configuration File for keepalived 
      global_defs { 
      notification_email { 
          root@localhost 
      }
      notification_email_from keepalived@localhost 
      smtp_server 127.0.0.1 
      smtp_connect_timeout 30
      router_id node1
      vrrp_mcast_group4 224.0.100.100 
    } 
    vrrp_instance VI_1 { 
      state MASTER 
      interface eth0 
      virtual_router_id 6 
      priority 100 
      advert_int 1 
      authentication { 
          auth_type PASS 
          auth_pass 571f97b2 
      } 
      virtual_ipaddress { 
          172.16.0.10/16 dev eth0 
      }
    } 
    
      vrrp_instance VI_2 { 
          state BACKUP 
          interface eth0 
          virtual_router_id 8 
          priority 98 
          advert_int 1 
          authentication { 
              auth_type PASS 
              auth_pass 578f07b2 
          } 
          virtual_ipaddress { 
              172.16.0.11/16 dev eth0 
          } 
    } 

    实验:实现状态切换时脚本执行

cat keepalived.conf

! Configuration File for keepalived

global_defs {
   notification_email {
     root@localhost
   }
   notification_email_from keepalived@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id proxy1
   vrrp_mcast_group4 224.1.1.1
}

vrrp_instance VI_1 {
    state MASTER
    interface eth1
    virtual_router_id 66
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        172.18.0.200/16
    }
    notify_master "/etc/keepalived/notify.sh master"
    notify_backup "/etc/keepalived/notify.sh backup"
    notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance VI_2 {
    state BACKUP
    interface eth1
    virtual_router_id 88
    priority 80
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 654321
    }
    virtual_ipaddress {
        172.18.0.201/16
    }
     notify_master "/etc/keepalived/notify.sh master"
     notify_backup "/etc/keepalived/notify.sh backup"
     notify_fault "/etc/keepalived/notify.sh fault"
}

KeepAlived支持IPVS

  • 虚拟服务器:
    • 配置参数:
      virtual_server IP port | virtual_server fwmark int { 
        ... 
        real_server { 
            ...
        }
            ... 
      } 

      常用参数

      常用参数
  • delay_loop <INT>:检查后端服务器的时间间隔
  • lb_algo rr|wrr|lc|wlc|lblc|sh|dh:定义调度方法
  • lb_kind NAT|DR|TUN:集群的类型
  • persistence_timeout <INT>:持久连接时长
  • protocol TCP:服务协议,仅支持TCP
  • sorry_server <IPADDR> <PORT>:所有RS故障时,备用服务器地址
  • real_server <IPADDR> <PORT>
    {
      weight \<INT> RS权重 
      notify_up \<STRING>|\<QUOTED-STRING> RS上线通知脚本 
      notify_down \<STRING>|\<QUOTED-STRING> RS下线通知脚本 
      HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|MISC_CHEC K { ... }:定义当前主机的健康状态检测方法 
    }

KeepAlived配置检测

  • HTTP_GET|SSL_GET:应用层检测
      HTTP_GET|SSL_GET { 
          url {
              path <URL_PATH>:定义要监控的URL
              status_code <INT>:判断上述检测机制为健康状态的响应码 
              digest <STRING>:判断为健康状态的响应的内容的校验码 
          }
      connect_timeout <INTEGER>:连接请求的超时时长
      nb_get_retry <INT>:重试次数
      delay_before_retry <INT>:重试之前的延迟时长
      connect_ip <IP ADDRESS>:向当前RS哪个IP地址发起健康状态检测请求 
      connect_port <PORT>:向当前RS的哪个PORT发起健康状态检测请求 
      bindto <IP ADDRESS>:发出健康状态检测请求时使用的源地址 
      bind_port <PORT>:发出健康状态检测请求时使用的源端口
      } 
  • 传输层检测 TCP_CHECK
      TCP_CHECK { 
          connect_ip <IP ADDRESS>:向当前RS的哪个IP地址发起健康状态检测请求 
          connect_port <PORT>:向当前RS的哪个PORT发起健 康状态检测请求 
          bindto <IP ADDRESS>:发出健康状态检测请求时使用 的源地址 
          bind_port <PORT>:发出健康状态检测请求时使用的源 端口 
          connect_timeout <INTEGER>:连接请求的超时时长 
      } 

单主模型IPVS示例

  • 高可用的ipvs集群示例:
    ! Configuration File for keepalived 
    global_defs { 
      notification_email { 
      root@localhost 
      }
      notification_email_from keepalived@localhost 
      smtp_server 127.0.0.1 
      smtp_connect_timeout 30
      router_id node1
      vrrp_mcast_group4 224.0.100.10 
    } 
    vrrp_instance VI_1 { 
      state MASTER 
      interface eth0 
      virtual_router_id 6 
      priority 100 
      advert_int 1 
      authentication { 
          auth_type PASS 
          auth_pass 571f97b2 
      } 
      virtual_ipaddress { 
          172.16.0.10/16 dev eth0 
      }
      notify_master "/etc/keepalived/notify.sh master" 
      notify_backup "/etc/keepalived/notify.sh backup" 
      notify_fault "/etc/keepalived/notify.sh fault" 
    }
    virtual_server 172.16.0.10 80 { 
      delay_loop 3 
      lb_algo rr
      lb_kind DR
      protocol TCP
      sorry_server 127.0.0.1 80 
      real_server 172.16.0.11 80 { 
          weight 1 
          HTTP_GET { 
              url {
                  path / 
                  status_code 200 
              } 
          connect_timeout 1 
          nb_get_retry 3 
          delay_before_retry 1 
          } 
      real_server 172.16.0.12 80 { 
          weight 1 
          HTTP_GET { 
              url { 
                  path / 
                  status_code 200 
              } 
          connect_timeout 1
          nb_get_retry 3 
          delay_before_retry 1 
          } 
    } 
    

## 双主模式的lvs集群 
双主模式的lvs集群,拓扑、实现过程; 
配置示例(一个节点): 
```shell
! Configuration File for keepalived 
global_defs {
    notification_email { 
        root@localhost 
    }
    notification_email_from kaadmin@localhost 
    smtp_server 127.0.0.1 
    smtp_connect_timeout 30
    router_id node1
    vrrp_mcast_group4 224.0.100.100
    }
} 
vrrp_instance VI_1 { 
    state MASTER interface eth0 
    virtual_router_id 6 
    priority 100 
    advert_int 1 
    authentication { 
        auth_type PASS 
        auth_pass f1bf7fde 
    } 
    virtual_ipaddress {
        172.16.0.80/16 dev eth0 label eth0:0 
    } 
    track_interface { 
        eth0 
    }
    notify_master "/etc/keepalived/notify.sh master" 
    notify_backup "/etc/keepalived/notify.sh backup" 
    notify_fault "/etc/keepalived/notify.sh fault"
} 

vrrp_instance VI_2 { 
    state BACKUP 
    interface eth0 
    virtual_router_id 8 
    priority 98 
    advert_int 1 
    authentication { 
        auth_type PASS 
        auth_pass f2bf7ade 
    } 
virtual_ipaddress {
    172.16.0.90/16 dev eth0 label eth0:1 
}
track_interface { 
    eth0 
} 
    notify_master "/etc/keepalived/notify.sh master" 
    notify_backup "/etc/keepalived/notify.sh backup" 
    notify_fault "/etc/keepalived/notify.sh fault"
} 


virtual_server fwmark 3 { 
    delay_loop 2
    lb_algo rr
    lb_kind DR 
    nat_mask 255.255.0.0 protocol TCP
    sorry_server 127.0.0.1 80 
    real_server 172.16.0.11 80 { 
        weight 1 
        HTTP_GET {
            url { 
                path / 
                status_code 200 
            }
            connect_timeout 2 
            nb_get_retry 3 
            delay_before_retry 3 
        } 

} 

real_server 172.16.0.12 80 { 
    weight 1 
    HTTP_GET { 
        url { 
            path / 
            status_code 200 
        } 
        connect_timeout 2 
        nb_get_retry 3 
        delay_before_retry 3 
        } 
    }
 } 

实验:主主模型实现LVS的DR模型

1 proxy1

cat keepalived.conf

! Configuration File for keepalived

global_defs {
   notification_email {
     root@localhost
   }
   notification_email_from keepalived@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id proxy1
   vrrp_mcast_group4 224.1.1.1
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 66
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        192.168.27.100/24
    }
    notify_master "/etc/keepalived/notify.sh master"
    notify_backup "/etc/keepalived/notify.sh backup"
    notify_fault "/etc/keepalived/notify.sh fault"
}
virtual_server 192.168.27.100 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    #persistence_timeout 50
    protocol TCP
    sorry_server 127.0.0.1 80
    real_server 192.168.27.27 80 {
        weight 1
        HTTP_GET {
            url {
              path /
              status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
    real_server 192.168.27.37 80 {
        weight 1
        HTTP_GET {
            url {
              path /
              status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}
vrrp_instance VI_2{
    state BACKUP
    interface eth0
    virtual_router_id 88
    priority 80
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        192.168.27.200/24
    }
    notify_master "/etc/keepalived/notify.sh master"
    notify_backup "/etc/keepalived/notify.sh backup"
    notify_fault "/etc/keepalived/notify.sh fault"
}
virtual_server 192.168.27.200 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    #persistence_timeout 50
    protocol TCP
    sorry_server 127.0.0.1 80
    real_server 192.168.27.28 80 {
        weight 1
        HTTP_GET {
            url {
              path /
              status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
    real_server 192.168.27.38 80 {
        weight 1
        HTTP_GET {
            url {
              path /
              status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}

2 proxy2

cat keepalived.conf

! Configuration File for keepalived

global_defs {
   notification_email {
     root@localhost
   }
   notification_email_from keepalived@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id proxy2
   vrrp_mcast_group4 224.1.1.1
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 66
    priority 80
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        192.168.27.100/24
    }
    notify_master "/etc/keepalived/notify.sh master"
    notify_backup "/etc/keepalived/notify.sh backup"
    notify_fault "/etc/keepalived/notify.sh fault"
}
virtual_server 192.168.27.100 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    #persistence_timeout 50
    protocol TCP
    sorry_server 127.0.0.1 80
    real_server 192.168.27.27 80 {
        weight 1
        HTTP_GET {
            url {
              path /
              status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
    real_server 192.168.27.37 80 {
        weight 1
        HTTP_GET {
            url {
              path /
              status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}
vrrp_instance VI_2 {
    state MASTER
    interface eth0
    virtual_router_id 88
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        192.168.27.200/24
    }
    notify_master "/etc/keepalived/notify.sh master"
    notify_backup "/etc/keepalived/notify.sh backup"
    notify_fault "/etc/keepalived/notify.sh fault"
}
virtual_server 192.168.27.200 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    #persistence_timeout 50
    protocol TCP
    sorry_server 127.0.0.1 80
    real_server 192.168.27.28 80 {
        weight 1
        HTTP_GET {
            url {
              path /
              status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
    real_server 192.168.27.38 80 {
        weight 1
        HTTP_GET {
            url {
              path /
              status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}

3 rs1和rs2 脚本

cat /root/lvs_dr_rs.sh

#!/bin/bash
#Author:wangxiaochun
#Date:2017-08-13
vip=192.168.27.100
vip2=192.168.27.200
mask='255.255.255.255'
dev=lo:1
dev2=lo:2

case $1 in
start)
    echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
    echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
    ifconfig $dev $vip netmask $mask #broadcast $vip up
    ifconfig $dev2 $vip2 netmask $mask #broadcast $vip up
    #route add -host $vip dev $dev
    echo "The RS Server is Ready!"
    ;;
stop)
    ifconfig $dev down
    ifconfig $dev2 down
    echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
    echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
    echo "The RS Server is Canceled!"
    ;;
*) 
    echo "Usage: $(basename $0) start|stop"
    exit 1
    ;;
esac

4 rs1和rs2
cat /etc/httpd/conf.d/vhosts.conf

<virtualhost 192.168.27.100:80>
documentroot /data/web1
<directory /data/web1>
require all granted
</directory>
</virtualhost>

<virtualhost 192.168.27.200:80>
documentroot /data/web2
<directory /data/web2>
require all granted
</directory>
</virtualhost>

5 rs1和rs2
tree /data
/data
├── web1
│?? └── index.html
└── web2
└── index.html

rs1
echo 192.168.27.100 RS1 > /data/web1/index.html
echo 192.168.27.200 RS1 > /data/web1/index.html

rs2
echo 192.168.27.100 RS2 > /data/web1/index.html
echo 192.168.27.200 RS2 > /data/web1/index.html

keepalived调用脚本进行资源监控

  • keepalived调用外部的辅助脚本进行资源监控,并根据监控的结果状态能 实现优先动态调整
  • vrrp_script:自定义资源监控脚本,vrrp实例根据脚本返回值,公共定义 ,可被多个实例调用,定义在vrrp实例之外
  • track_script:调用vrrp_script定义的脚本去监控资源,定义在实例之内 ,调用事先定义的vrrp_script
  • 分两步:(1) 先定义一个脚本;(2) 调用此脚本
    vrrp_script <SCRIPT_NAME> { 
      script "" 
      interval INT 
      weight -INT 
    } 
    track_script { 
      SCRIPT_NAME_1 
      SCRIPT_NAME_2 
    } 

示例:高可用nginx服务

! Configuration File for keepalived 
    global_defs { 
    notification_email { 
        root@localhost 
    }
    notification_email_from keepalived@localhost 
    smtp_server 127.0.0.1 
    smtp_connect_timeout 30
    router_id node1
    vrrp_mcast_group4 224.0.100.100 
} 
vrrp_script chk_down { 
    script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0" 
    interval 1 
    weight -20 
    } 
vrrp_script chk_nginx {
    script "killall -0 nginx && exit 0 || exit 1" interval 1
    weight -20
    fall 2 #2次检测失败为失败
    rise 1 #1次检测成功为成功 
    } 
vrrp_instance VI_1 { 
    state MASTER 
    interface eth0 
    virtual_router_id 14 
    priority 100 
    advert_int 1 
    authentication { 
        auth_type PASS 
        auth_pass 571f97b2 
    }
    virtual_ipaddress { 
        172.18.0.93/16 dev eth0 
    }
    track_script { 
        chk_down 
        chk_nginx 
    } 
    notify_master "/etc/keepalived/notify.sh master" 
    notify_backup "/etc/keepalived/notify.sh backup" 
    notify_fault "/etc/keepalived/notify.sh fault" 
}

同步组

  • LVS NAT模型VIP和DIP需要同步,需要同步组
    vrrp_sync_group VG_1 { 
      group { 
          VI_1  # name of vrrp_instance (below) 
          VI_2  # One for each moveable IP. 
      }
    } 
    vrrp_instance VI_1 { 
      eth0 
      vip 
    } 
    vrrp_instance VI_2 { 
      eth1 
      dip 
    } 

    实验:ka实现nginx高可用性

1 proxy1

cat keepalived.conf

! Configuration File for keepalived

global_defs {
   notification_email {
     root@localhost
   }
   notification_email_from keepalived@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id proxy1
   vrrp_mcast_group4 224.1.1.1
}
vrrp_script chk_down {
        script '[ -f "/etc/keepalived/down" ] && exit 1 || exit 0'
        interval 1
        weight -30
}
vrrp_script chk_nginx {
script "killall -0 nginx && exit 0 || exit 1"
interval 1
weight -30
fall 2 
rise 2 
}
vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 66
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        192.168.27.100/24
    }
    track_script {
        chk_down
        chk_nginx
    }
    notify_master "/etc/keepalived/notify.sh master"
    notify_backup "/etc/keepalived/notify.sh backup"
    notify_fault "/etc/keepalived/notify.sh fault"
}

2 proxy2
cat keepalived.conf

! Configuration File for keepalived

global_defs {
   notification_email {
     root@localhost
   }
   notification_email_from keepalived@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id proxy2
   vrrp_mcast_group4 224.1.1.1
}
vrrp_script chk_down {
        script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
        interval 1
        weight -30
}
vrrp_script chk_nginx {
script "killall -0 nginx && exit 0 || exit 1"
interval 1
weight -30
fall 2 
rise 1 
}
vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 66
    priority 80
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        192.168.27.100/24
    }
    track_script {
        chk_down
        chk_nginx
 }
    notify_master "/etc/keepalived/notify.sh master"
    notify_backup "/etc/keepalived/notify.sh backup"
    notify_fault "/etc/keepalived/notify.sh fault"
}
高可用