lvs-DR+keepalived高可用負載均衡
基於web輪詢
設置後端vip和rs規則
cat vip.sh
#!/bin/bash
vip=192.168.146.233
mask='255.255.255.255'
dev=lo:1
case $1 in
start)
/usr/bin/echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
/usr/bin/echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
/usr/bin/echo 2 >/proc/sys/net/ipv4/conf/all/arp_announce
/usr/bin/echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig $dev $vip netmask $mask
;;
stop)
ifconfig $dev down
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
;;
*)
echo "Usage: $(basename $0) start|stop"
exit 1
esac
echo $1
分別給後端主機安裝好web服務器
檢測意見啓動的vip地址
LISTEN 0 128 *:80
[root@t2 ~]#ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.146.117 netmask 255.255.255.0 broadcast 192.168.146.255
inet6 fe80::30bb:f79d:94ce:c295 prefixlen 64 scopeid 0x20<link>
inet6 fe80::6ad0:30dc:fdfe:acab prefixlen 64 scopeid 0x20<link>
inet6 fe80::74ed:9546:e005:274c prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:49:e6:30 txqueuelen 1000 (Ethernet)
RX packets 203771 bytes 20203621 (19.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 307945 bytes 27268747 (26.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo:1: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 #vip地址
inet 192.168.146.233 netmask 255.255.255.255
loop txqueuelen 1000 (Local Loopback)
keepalived主機配置
global_defs {
notification_email {
root@localhost
}
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_iptables #關閉生成的iptalbes規則
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 80
priority 100
advert_int 1
unicast_src_ip 192.168.146.97 #設置單播訪問
unicast_peer {
192.168.146.107
}
authentication {
auth_type PASS
auth_pass 1111qwer
}
virtual_ipaddress { #vip keepalived浮動的ip地址
192.168.146.233 dev eth0 label eth0:1
}
}
virtual_server 192.168.146.233 80 { #後端vip和keepalived相同
delay_loop 3
lb_algo rr #調度算法 實現簡單輪詢
lb_kind DR #lvs-DR模式
protocol TCP
#persistence_timeout
sorry_server 192.168.146.107 80 #道歉服務器
real_server 192.168.146.126 80 { #後端真是webIP主機
weight 1
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_beefore_retry 3
connect_port 80 #基於tcp端口檢測
}
}
real_server 192.168.146.117 80 {
weight 1
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_beefore_retry 3
connect_port 80
}
}
}
訪問測試
ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.146.233:80 rr
-> 192.168.146.117:80 Route 1 0 0
-> 192.168.146.126:80 Route 1 0 0
[root@t1 ~]#ipvsadm -Ln --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes
-> RemoteAddress:Port
TCP 192.168.146.233:80 8 48 0 3192 0
-> 192.168.146.117:80 4 24 0 1596 0
-> 192.168.146.126:80 4 24 0 1596 0
[root@t1 ~]#while true;do curl http://192.168.146.233;sleep 0.5;done
77777777777777777777777777777
6666666666666666
77777777777777777777777777777
6666666666666666
77777777777777777777777777777
6666666666666666
77777777777777777777777777777
6666666666666666
基於http狀態檢測
keepalived代碼
virtual_server 192.168.146.233 80 {
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
#persistence_timeout
sorry_server 192.168.146.107 80
real_server 192.168.146.126 80 {
weight 1
HTTP_GET {
url {
path /index.html
status_code 200
}
}
connect_timeout 5
nb_get_retry 3
delay_beefore_retry 3
}
real_server 192.168.146.117 80 {
weight 1
HTTP_GET {
url {
path /index.html #檢測後端web服務器/index.html是否訪問正常爲200,否則不予調度
status_code 200
}
}
connect_timeout 5
nb_get_retry 3
delay_beefore_retry 3
}
}
實例測試
#while true;do curl http://192.168.146.233/index.html;sleep 0.5;done
77777777777777777777777777777
6666666666666666
77777777777777777777777777777
6666666666666666
77777777777777777 #此時訪問正常
6666666666666666
<div class="logos">
<a href="http://nginx.net/"><img
src="/nginx-logo.png"
alt="[ Powered by nginx ]"
width="121" height="32" /></a>
<a href="http://fedoraproject.org/"><img
src="/poweredby.png"
alt="[ Powered by Fedora ]"
width="88" height="31" /></a>
</div>
</div>
</body>
</html> #異常
6666666666666666
6666666666666666
6666666666666666 #異常後直接不再調度到該7777地址
6666666666666666
6666666666666666
6666666666666666
6666666666666666
6666666666666666
6666666666666666
6666666666666666
77777777777777777777777777777 #恢復後
6666666666666666
77777777777777777777777777777
6666666666666666
[root@t2 /usr/share/nginx/html]#ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:80 #80端口一直是開啓的表示服務沒有宕機 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@t2 /usr/share/nginx/html]#ls
404.html 50x.html en-US error icons img index.html1 nginx-logo.png poweredby.png
[root@t2 /usr/share/nginx/html]#mv index.html{,1} #錯誤原因,我們更改了檢測的uri地址
[root@t2 /usr/share/nginx/html]#mv index.html1 index.html #恢復後訪問正常
基於第三方仲裁判斷檢測master或slave上的文件或文件夾是否存在完成vip自動切換
vrrp_script chk_file { #在global_dafs之外設置
script "/bin/bash -c '[[ -f /etc/keepalived/file.txt ]]' && exit 7 || exit 0" #腳本路徑或shell命令
interval 1 #間隔時間默認1s
weight -80 #權重,檢測失敗後會權重相加,權重可以爲負數即相加後降低本機權重
fall 3 #腳本幾次失敗後轉換爲失敗
rise 5 #檢測成功後,幾次標記爲成功
timeout 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 80
priority 100
advert_int 1
unicast_src_ip 192.168.146.97
unicast_peer {
192.168.146.107
}
authentication {
auth_type PASS
auth_pass 1111qwer
}
virtual_ipaddress {
192.168.146.233 dev eth0 label eth0:1
}
track_script { #引用定義好的腳本
chk_file
}
日誌檢測
Jan 19 22:09:42 t0 Keepalived_vrrp[10413]: Script `chk_file` now returning 1 #文件不存在
Jan 19 22:09:44 t0 Keepalived_vrrp[10413]: VRRP_Script(chk_file) failed (exited with status 1)
Jan 19 22:09:44 t0 Keepalived_vrrp[10413]: (VI_1) Changing effective priority from 100 to 20
Jan 19 22:09:47 t0 Keepalived_vrrp[10413]: (VI_1) Master received advert from 192.168.146.107 with higher priority 80, ours 20
Jan 19 22:09:47 t0 Keepalived_vrrp[10413]: (VI_1) Entering BACKUP STATE
Jan 19 22:09:47 t0 Keepalived_vrrp[10413]: (VI_1) removing VIPs.
Jan 19 22:10:06 t0 Keepalived_vrrp[10413]: Script `chk_file` now returning 0 #文件存在
Jan 19 22:10:10 t0 Keepalived_vrrp[10413]: VRRP_Script(chk_file) succeeded
Jan 19 22:10:10 t0 Keepalived_vrrp[10413]: (VI_1) Changing effective priority from 20 to 100
Jan 19 22:10:10 t0 Keepalived_vrrp[10413]: (VI_1) received lower priority (80) advert from 192.168.146.107 - discarding
Jan 19 22:10:11 t0 Keepalived_vrrp[10413]: (VI_1) received lower priority (80) advert from 192.168.146.107 - discarding
Jan 19 22:10:12 t0 Keepalived_vrrp[10413]: (VI_1) received lower priority (80) advert from 192.168.146.107 - discarding
Jan 19 22:10:13 t0 Keepalived_vrrp[10413]: (VI_1) Receive advertisement timeout
Jan 19 22:10:13 t0 Keepalived_vrrp[10413]: (VI_1) Entering MASTER STATE
Jan 19 22:10:13 t0 Keepalived_vrrp[10413]: (VI_1) setting VIPs.
基於腳本檢測haproxy是否存活
vrrp_script chk_haproxy {
script "/etc/keepalived/chk_haproxy.sh"
interval 1
weight -80
fall 3
rise 5
timeout 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 80
priority 100
advert_int 1
unicast_src_ip 192.168.146.97
unicast_peer {
192.168.146.107
}
authentication {
auth_type PASS
auth_pass 1111qwer
}
virtual_ipaddress {
192.168.146.233 dev eth0 label eth0:1
}
track_script {
chk_haproxy
}
}
chmod a+x /etc/keepalived/chk_haproxy.sh
[root@t0 /etc/keepalived]#cat /etc/keepalived/chk_haproxy.sh
#!/bin/bash
/usr/bin/killall -0 haproxy
keepalived故障自動腳本實例
[root@t0 /etc/keepalived]#cat chk_keepalived.sh
#!/bin/bash
ps aux |grep -v grep | grep -v chk_keepalived.sh |grep keepalived
if [ $? -eq 0 ];then
echo keepalived is running
else
systemctl restart keepalived
fi
* * * * * /usr/bin/bash /etc/keepalived/chk_keepalived.sh