keeplived高可用實踐

lvs-DR+keepalived高可用負載均衡

基於web輪詢
設置後端vip和rs規則

cat vip.sh
#!/bin/bash
vip=192.168.146.233
mask='255.255.255.255'
dev=lo:1

case $1 in
start)
/usr/bin/echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
/usr/bin/echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
/usr/bin/echo 2 >/proc/sys/net/ipv4/conf/all/arp_announce
/usr/bin/echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig $dev $vip netmask $mask
;;
stop)
ifconfig $dev down
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
;;
*)
echo "Usage: $(basename $0) start|stop"
exit 1
esac
echo $1

分別給後端主機安裝好web服務器
檢測意見啓動的vip地址

LISTEN     0      128                               *:80  

[root@t2 ~]#ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.146.117  netmask 255.255.255.0  broadcast 192.168.146.255
        inet6 fe80::30bb:f79d:94ce:c295  prefixlen 64  scopeid 0x20<link>
        inet6 fe80::6ad0:30dc:fdfe:acab  prefixlen 64  scopeid 0x20<link>
        inet6 fe80::74ed:9546:e005:274c  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:49:e6:30  txqueuelen 1000  (Ethernet)
        RX packets 203771  bytes 20203621 (19.2 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 307945  bytes 27268747 (26.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo:1: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536   #vip地址
        inet 192.168.146.233  netmask 255.255.255.255
        loop  txqueuelen 1000  (Local Loopback)

keepalived主機配置

global_defs {
   notification_email {
     root@localhost
   }
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   #vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
   vrrp_iptables  #關閉生成的iptalbes規則

}
vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 80
    priority 100
    advert_int 1
    unicast_src_ip 192.168.146.97 #設置單播訪問
    unicast_peer {
    192.168.146.107
    }
    authentication {
        auth_type PASS
        auth_pass 1111qwer
    }

   virtual_ipaddress {   #vip keepalived浮動的ip地址
     192.168.146.233 dev eth0 label eth0:1
    }

}
    virtual_server 192.168.146.233 80 {  #後端vip和keepalived相同
      delay_loop 3
      lb_algo rr #調度算法 實現簡單輪詢
      lb_kind DR #lvs-DR模式
      protocol TCP
      #persistence_timeout

    sorry_server 192.168.146.107 80  #道歉服務器
    real_server 192.168.146.126 80 { #後端真是webIP主機
       weight 1
       TCP_CHECK {
       connect_timeout 5
       nb_get_retry 3
       delay_beefore_retry 3
       connect_port 80  #基於tcp端口檢測
       }
     }
    real_server 192.168.146.117 80 {
       weight 1
       TCP_CHECK {
       connect_timeout 5
       nb_get_retry 3
       delay_beefore_retry 3
       connect_port 80
       }

     }
}

訪問測試

ipvsadm -Ln 
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.146.233:80 rr
  -> 192.168.146.117:80           Route   1      0          0         
  -> 192.168.146.126:80           Route   1      0          0         
[root@t1 ~]#ipvsadm -Ln  --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port               Conns   InPkts  OutPkts  InBytes OutBytes
  -> RemoteAddress:Port
TCP  192.168.146.233:80                  8       48        0     3192        0
  -> 192.168.146.117:80                  4       24        0     1596        0
  -> 192.168.146.126:80                  4       24        0     1596        0


[root@t1 ~]#while true;do curl http://192.168.146.233;sleep 0.5;done
77777777777777777777777777777
6666666666666666
77777777777777777777777777777
6666666666666666
77777777777777777777777777777
6666666666666666
77777777777777777777777777777
6666666666666666

基於http狀態檢測
keepalived代碼

    virtual_server 192.168.146.233 80 {
      delay_loop 3
      lb_algo rr
      lb_kind DR
      protocol TCP
      #persistence_timeout

    sorry_server 192.168.146.107 80
    real_server 192.168.146.126 80 {
       weight 1
       HTTP_GET {
       url {
         path /index.html
         status_code 200
         }
       }
       connect_timeout 5
       nb_get_retry 3
       delay_beefore_retry 3
       }

    real_server 192.168.146.117 80 {
       weight 1
       HTTP_GET {
       url {
         path /index.html  #檢測後端web服務器/index.html是否訪問正常爲200,否則不予調度
         status_code 200
         }
       }
       connect_timeout 5
       nb_get_retry 3
       delay_beefore_retry 3
       }
}

實例測試

#while true;do curl   http://192.168.146.233/index.html;sleep 0.5;done 
77777777777777777777777777777
6666666666666666
77777777777777777777777777777
6666666666666666
77777777777777777 #此時訪問正常
6666666666666666
            <div class="logos">
                <a href="http://nginx.net/"><img
                    src="/nginx-logo.png"
                    alt="[ Powered by nginx ]"
                    width="121" height="32" /></a>

                <a href="http://fedoraproject.org/"><img 
                    src="/poweredby.png"
                    alt="[ Powered by Fedora ]" 
                    width="88" height="31" /></a>
            </div>
        </div>
    </body>
</html>  #異常

6666666666666666
6666666666666666
6666666666666666 #異常後直接不再調度到該7777地址
6666666666666666
6666666666666666
6666666666666666
6666666666666666
6666666666666666
6666666666666666
6666666666666666
77777777777777777777777777777  #恢復後
6666666666666666
77777777777777777777777777777
6666666666666666

[root@t2 /usr/share/nginx/html]#ss -tnl
State      Recv-Q Send-Q                Local Address:Port                               Peer Address:Port              
LISTEN     0      128                               *:80   #80端口一直是開啓的表示服務沒有宕機                                         *:*                  
LISTEN     0      128                               *:22                                            *:*                  
LISTEN     0      100                       127.0.0.1:25                                            *:*                  
LISTEN     0      128                              :::80                                           :::*                  
LISTEN     0      128                              :::22                                           :::*                  
LISTEN     0      100                             ::1:25                                           :::*                  
[root@t2 /usr/share/nginx/html]#ls
404.html  50x.html  en-US  error  icons  img  index.html1  nginx-logo.png  poweredby.png
[root@t2 /usr/share/nginx/html]#mv index.html{,1}  #錯誤原因，我們更改了檢測的uri地址
[root@t2 /usr/share/nginx/html]#mv index.html1 index.html #恢復後訪問正常

基於第三方仲裁判斷檢測master或slave上的文件或文件夾是否存在完成vip自動切換

   vrrp_script chk_file {  #在global_dafs之外設置
   script "/bin/bash -c '[[ -f /etc/keepalived/file.txt ]]' && exit 7 || exit 0"  #腳本路徑或shell命令
     interval 1 #間隔時間默認1s
     weight -80 #權重，檢測失敗後會權重相加，權重可以爲負數即相加後降低本機權重
     fall 3 #腳本幾次失敗後轉換爲失敗
     rise 5 #檢測成功後，幾次標記爲成功
     timeout 2
   }

vrrp_instance VI_1 {  
    state MASTER
    interface eth0
    virtual_router_id 80
    priority 100
    advert_int 1
    unicast_src_ip 192.168.146.97
    unicast_peer {
    192.168.146.107
    }
    authentication {
        auth_type PASS
        auth_pass 1111qwer
    }

   virtual_ipaddress {  
     192.168.146.233 dev eth0 label eth0:1
    }



   track_script {  #引用定義好的腳本
     chk_file
   }

日誌檢測

Jan 19 22:09:42 t0 Keepalived_vrrp[10413]: Script `chk_file` now returning 1  #文件不存在
Jan 19 22:09:44 t0 Keepalived_vrrp[10413]: VRRP_Script(chk_file) failed (exited with status 1)
Jan 19 22:09:44 t0 Keepalived_vrrp[10413]: (VI_1) Changing effective priority from 100 to 20
Jan 19 22:09:47 t0 Keepalived_vrrp[10413]: (VI_1) Master received advert from 192.168.146.107 with higher priority 80, ours 20
Jan 19 22:09:47 t0 Keepalived_vrrp[10413]: (VI_1) Entering BACKUP STATE
Jan 19 22:09:47 t0 Keepalived_vrrp[10413]: (VI_1) removing VIPs.



Jan 19 22:10:06 t0 Keepalived_vrrp[10413]: Script `chk_file` now returning 0  #文件存在
Jan 19 22:10:10 t0 Keepalived_vrrp[10413]: VRRP_Script(chk_file) succeeded
Jan 19 22:10:10 t0 Keepalived_vrrp[10413]: (VI_1) Changing effective priority from 20 to 100
Jan 19 22:10:10 t0 Keepalived_vrrp[10413]: (VI_1) received lower priority (80) advert from 192.168.146.107 - discarding
Jan 19 22:10:11 t0 Keepalived_vrrp[10413]: (VI_1) received lower priority (80) advert from 192.168.146.107 - discarding
Jan 19 22:10:12 t0 Keepalived_vrrp[10413]: (VI_1) received lower priority (80) advert from 192.168.146.107 - discarding
Jan 19 22:10:13 t0 Keepalived_vrrp[10413]: (VI_1) Receive advertisement timeout
Jan 19 22:10:13 t0 Keepalived_vrrp[10413]: (VI_1) Entering MASTER STATE
Jan 19 22:10:13 t0 Keepalived_vrrp[10413]: (VI_1) setting VIPs.

基於腳本檢測haproxy是否存活

vrrp_script chk_haproxy {
   script "/etc/keepalived/chk_haproxy.sh"
     interval 1
     weight -80
     fall 3
     rise 5
     timeout 2
   }

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 80
    priority 100
    advert_int 1
    unicast_src_ip 192.168.146.97
    unicast_peer {
    192.168.146.107
    }
    authentication {
        auth_type PASS
        auth_pass 1111qwer
    }

   virtual_ipaddress {
     192.168.146.233 dev eth0 label eth0:1
    }



track_script {
     chk_haproxy
   }


}

chmod a+x /etc/keepalived/chk_haproxy.sh

[root@t0 /etc/keepalived]#cat /etc/keepalived/chk_haproxy.sh 
#!/bin/bash
/usr/bin/killall -0 haproxy

keepalived故障自動腳本實例

[root@t0 /etc/keepalived]#cat chk_keepalived.sh 
#!/bin/bash
ps aux |grep -v grep  | grep -v chk_keepalived.sh  |grep keepalived
if [  $? -eq 0 ];then
   echo keepalived is running
else
   systemctl restart keepalived
fi

* * * * * /usr/bin/bash /etc/keepalived/chk_keepalived.sh

goo flush. org

發佈了56 篇原創文章 · 獲贊 11 · 訪問量 3033

私信關注

keeplived高可用實踐

keeplived高可用實踐

https://yachay.unat.edu.pe/blog/index.php?comment_area=format_blog&comment_component=blog&comment_co

linux以太網驅動總結