3.7实现其它应用的高可用性 VRRP Script
keepalived利用 VRRP Script 技术,可以调用外部的辅助脚本进行资源监控,并根据监控的结果实现优先动态调整,从而实现其它应用的高可用性功能
参考配置文件:
/usr/share/doc/keepalived/keepalived.conf.vrrp.localcheck
3.7.1 VRRP Script 配置
分两步实现:
- 定义脚本
vrrp_script:自定义资源监控脚本,vrrp实例根据脚本返回值,公共定义,可被多个实例调用,定义在vrrp实例之外的独立配置块,一般放在global_defs设置块之后。
通常此脚本用于监控指定应用的状态。一旦发现应用的状态异常,则触发对MASTER节点的权重减至低于SLAVE节点,从而实现 VIP 切换到 SLAVE 节点vrrp_script <SCRIPT_NAME> { script <STRING>|<QUOTED-STRING> #此脚本返回值为非0时,会触发下面OPTIONS执行 OPTIONS } - 调用脚本
track_script:调用vrrp_script定义的脚本去监控资源,定义在VRRP实例之内,调用事先定义的vrrp_scripttrack_script { SCRIPT_NAME_1 SCRIPT_NAME_2 }
3.7.1.1 定义 VRRP script
vrrp_script <SCRIPT_NAME> { #定义一个检测脚本,在global_defs 之外配置
script <STRING>|<QUOTED-STRING> #shell命令或脚本路径
interval <INTEGER> #间隔时间,单位为秒,默认1秒
timeout <INTEGER> #超时时间
weight <INTEGER:-254..254> #默认为0,如果设置此值为负数,当上面脚本返回值为非0时,会将此值与本节点权重相加可以降低本节点权重,即表示fall. 如果是正数,当脚本返回值为0,会将此值与本节点权重相加可以提高本节点权重,即表示 rise.通常使用负值
fall <INTEGER> #脚本几次失败转换为失败,建议设为2以上
rise <INTEGER> #脚本连续监测成功后,把服务器从失败标记为成功的次数
user USERNAME [GROUPNAME] #执行监测脚本的用户或组
init_fail #设置默认标记为失败状态,监测成功之后再转换为成功状态
}
3.7.1.2 调用 VRRP script
vrrp_instance VI_1 {
…
track_script {
chk_down
}
}
3.7.2 实战案例:利用脚本实现主从角色切换
#修改keepalived主配置文件
[root@ka1 ~]#cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
448803503@qq.com
}
notification_email_from 448803503@qq.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
#这一部分可以写在子配置文件中,但是可能出现先运行了vrrp的子配置文件而不知道其中调用的脚本是什么的报错,所以建议直接写在主配置文件中
vrrp_script down {
script "[ ! -f /etc/keepalived/down ]" #/etc/keepalived/down存在时返回非0,触发权重-30
interval 1
weight -30
fall 3
rise 2
timeout 2
}
include /etc/keepalived/conf.d/*.conf
#修改vrrp配置文件
[root@ka1 ~]#cat /etc/keepalived/conf.d/master.conf
vrrp_instance test1 {
state MASTER
interface ens33
virtual_router_id 55
priority 100
advert_int 1
preempt_delay 5
authentication {
auth_type PASS
auth_pass sunxiang
}
virtual_ipaddress {
10.0.0.15 dev ens33 laber ens33:0
}
track_script { #调用脚本
down
}
}
#重启服务
[root@ka1 ~]#systemctl restart keepalived.service
#监控日志
[root@ka1 ~]#tail -f /var/log/messages
Dec 30 08:39:09 ka1 Keepalived_vrrp[2474]: Sending gratuitous ARP on ens33 for 10.0.0.15
Dec 30 08:39:09 ka1 Keepalived_vrrp[2474]: Sending gratuitous ARP on ens33 for 10.0.0.15
Dec 30 08:39:09 ka1 Keepalived_vrrp[2474]: Sending gratuitous ARP on ens33 for 10.0.0.15
Dec 30 08:39:09 ka1 avahi-daemon[909]: Registering new address record for 10.0.0.15 on ens33.IPv4.
Dec 30 08:39:14 ka1 Keepalived_vrrp[2474]: (test1) Sending/queueing gratuitous ARPs on ens33 for 10.0.0.15
Dec 30 08:39:14 ka1 Keepalived_vrrp[2474]: Sending gratuitous ARP on ens33 for 10.0.0.15
Dec 30 08:39:14 ka1 Keepalived_vrrp[2474]: Sending gratuitous ARP on ens33 for 10.0.0.15
Dec 30 08:39:14 ka1 Keepalived_vrrp[2474]: Sending gratuitous ARP on ens33 for 10.0.0.15
Dec 30 08:39:14 ka1 Keepalived_vrrp[2474]: Sending gratuitous ARP on ens33 for 10.0.0.15
Dec 30 08:39:14 ka1 Keepalived_vrrp[2474]: Sending gratuitous ARP on ens33 for 10.0.0.15
#创建/etc/keepalived/down文件
[root@ka1 ~]#touch /etc/keepalived/down
#查看日志
Dec 30 08:39:23 ka1 systemd[1]: Started Session 4 of user root.
Dec 30 08:39:23 ka1 systemd-logind[1019]: New session 4 of user root.
Dec 30 08:39:39 ka1 Keepalived_vrrp[2474]: Script `down` now returning 1
Dec 30 08:39:41 ka1 Keepalived_vrrp[2474]: VRRP_Script(down) failed (exited with status 1)
Dec 30 08:39:41 ka1 Keepalived_vrrp[2474]: (test1) Changing effective priority from 100 to 70
Dec 30 08:39:44 ka1 Keepalived_vrrp[2474]: (test1) Master received advert from 10.0.0.21 with higher priority 80, ours 70
Dec 30 08:39:44 ka1 Keepalived_vrrp[2474]: (test1) Entering BACKUP STATE
Dec 30 08:39:44 ka1 Keepalived_vrrp[2474]: (test1) removing VIPs.
Dec 30 08:39:44 ka1 avahi-daemon[909]: Withdrawing address record for 10.0.0.15 on ens33.
Dec 30 08:40:26 ka1 Keepalived_vrrp[2474]: Script `down` now returning 0
Dec 30 08:40:27 ka1 Keepalived_vrrp[2474]: VRRP_Script(down) succeeded
#在ka2上查看ip信息
[root@ka2 ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:ff:33:b2 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.21/24 brd 10.0.0.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 10.0.0.25/32 scope global ens33
valid_lft forever preferred_lft forever
inet 10.0.0.15/32 scope global ens33 #成功获取虚拟ip
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feff:33b2/64 scope link noprefixroute
valid_lft forever preferred_lft forever
#删除/etc/keepalived/down文件
[root@ka1 ~]#rm -f /etc/keepalived/down
#查看日志
ec 30 08:40:27 ka1 Keepalived_vrrp[2474]: (test1) Changing effective priority from 70 to 100
Dec 30 08:40:27 ka1 Keepalived_vrrp[2474]: (test1) received lower priority (80) advert from 10.0.0.21 - discarding
Dec 30 08:40:28 ka1 Keepalived_vrrp[2474]: (test1) received lower priority (80) advert from 10.0.0.21 - discarding
Dec 30 08:40:29 ka1 Keepalived_vrrp[2474]: (test1) received lower priority (80) advert from 10.0.0.21 - discarding
Dec 30 08:40:30 ka1 Keepalived_vrrp[2474]: (test1) Receive advertisement timeout
Dec 30 08:40:30 ka1 Keepalived_vrrp[2474]: (test1) Entering MASTER STATE
Dec 30 08:40:30 ka1 Keepalived_vrrp[2474]: (test1) setting VIPs.
Dec 30 08:40:30 ka1 Keepalived_vrrp[2474]: (test1) Sending/queueing gratuitous ARPs on ens33 for 10.0.0.15
Dec 30 08:40:30 ka1 Keepalived_vrrp[2474]: Sending gratuitous ARP on ens33 for 10.0.0.15
Dec 30 08:40:30 ka1 Keepalived_vrrp[2474]: Sending gratuitous ARP on ens33 for 10.0.0.15
Dec 30 08:40:30 ka1 Keepalived_vrrp[2474]: Sending gratuitous ARP on ens33 for 10.0.0.15
Dec 30 08:40:30 ka1 Keepalived_vrrp[2474]: Sending gratuitous ARP on ens33 for 10.0.0.15
Dec 30 08:40:30 ka1 Keepalived_vrrp[2474]: Sending gratuitous ARP on ens33 for 10.0.0.15
Dec 30 08:40:30 ka1 avahi-daemon[909]: Registering new address record for 10.0.0.15 on ens33.IPv4.
Dec 30 08:40:35 ka1 Keepalived_vrrp[2474]: (test1) Sending/queueing gratuitous ARPs on ens33 for 10.0.0.15
Dec 30 08:40:35 ka1 Keepalived_vrrp[2474]: Sending gratuitous ARP on ens33 for 10.0.0.15
Dec 30 08:40:35 ka1 Keepalived_vrrp[2474]: Sending gratuitous ARP on ens33 for 10.0.0.15
Dec 30 08:40:35 ka1 Keepalived_vrrp[2474]: Sending gratuitous ARP on ens33 for 10.0.0.15
Dec 30 08:40:35 ka1 Keepalived_vrrp[2474]: Sending gratuitous ARP on ens33 for 10.0.0.15
Dec 30 08:40:35 ka1 Keepalived_vrrp[2474]: Sending gratuitous ARP on ens33 for 10.0.0.15
#在ka1上查看ip信息
[root@ka1 ~]#ip addr show ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:95:b7:a2 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.11/24 brd 10.0.0.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 10.0.0.15/32 scope global ens33 #vip成功切回
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe95:b7a2/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3.7.3 实战案例:实现单主模式的Nginx反向代理的高可用
#两台keepalived服务器安装nginx
[root@ka1 ~]#yum install -y nginx
[root@ka2 ~]#yum install -y nginx
#修nginx改配置文件,配置反向代理(注意:需要将nginx主配置文件中的server部分注释掉)
[root@ka1 ~]#cat /etc/nginx/conf.d/test.conf
upstream websrvs {
server 10.0.0.20:80 weight=1;
server 10.0.0.30:80 weight=1;
}
server {
listen 80;
location / {
proxy_pass http://websrvs;
}
}
[root@ka2 ~]#cat /etc/nginx/conf.d/test.conf
upstream websrvs {
server 10.0.0.20:80 weight=1;
server 10.0.0.30:80 weight=1;
}
server {
listen 80;
location / {
proxy_pass http://websrvs;
}
}
#启动nginx服务
[root@ka1 ~]#systemctl enable --now nginx.service
[root@ka2 ~]#systemctl enable --now nginx.service
#修改keepalived主配置文件创建监脚本
[root@ka1 ~]#cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
448803503@qq.com
}
notification_email_from 448803503@qq.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_script nginx {
script " /usr/bin/killall -0 nginx"
#script "/etc/keepalived/check_nginx.sh" 支持此写法,一般较复杂的都会用脚本此处写脚本路径即可
#script "/usr/bin/killall -0 nginx &>/dev/null" 不支持&>此写法
interval 1
weight -30
fall 3
rise 2
timeout 2
}
include /etc/keepalived/conf.d/*.conf
#修改vrrp配置文件调用脚本
[root@ka1 ~]#cat /etc/keepalived/conf.d/master.conf
vrrp_instance test1 {
state MASTER
interface ens33
virtual_router_id 55
priority 100
advert_int 1
preempt_delay 5
authentication {
auth_type PASS
auth_pass sunxiang
}
virtual_ipaddress {
10.0.0.15 dev ens33 laber ens33:0
}
track_script {
nginx
}
}
#ka2上与ka1上基本相同就改一下优先级、router_id、主备模式即可
#重启服务
[root@ka1 ~]#systemctl restart keepalived.service
[root@ka2 ~]#systemctl restart keepalived.service
#查看日志
[root@ka1 ~]#tail -f /var/log/messages
Dec 30 09:15:59 ka1 Keepalived_vrrp[5469]: Sending gratuitous ARP on ens33 for 10.0.0.15
Dec 30 09:15:59 ka1 Keepalived_vrrp[5469]: Sending gratuitous ARP on ens33 for 10.0.0.15
Dec 30 09:15:59 ka1 Keepalived_vrrp[5469]: Sending gratuitous ARP on ens33 for 10.0.0.15
Dec 30 09:15:59 ka1 avahi-daemon[909]: Registering new address record for 10.0.0.15 on ens33.IPv4.
Dec 30 09:16:04 ka1 Keepalived_vrrp[5469]: (test1) Sending/queueing gratuitous ARPs on ens33 for 10.0.0.15
Dec 30 09:16:04 ka1 Keepalived_vrrp[5469]: Sending gratuitous ARP on ens33 for 10.0.0.15
Dec 30 09:16:04 ka1 Keepalived_vrrp[5469]: Sending gratuitous ARP on ens33 for 10.0.0.15
Dec 30 09:16:04 ka1 Keepalived_vrrp[5469]: Sending gratuitous ARP on ens33 for 10.0.0.15
Dec 30 09:16:04 ka1 Keepalived_vrrp[5469]: Sending gratuitous ARP on ens33 for 10.0.0.15
Dec 30 09:16:04 ka1 Keepalived_vrrp[5469]: Sending gratuitous ARP on ens33 for 10.0.0.15
#在ka1上停nginx服务
[root@ka1 ~]#systemctl stop nginx.service
#查看日志
Dec 30 09:16:36 ka1 systemd[1]: Stopping The nginx HTTP and reverse proxy server...
Dec 30 09:16:36 ka1 systemd[1]: nginx.service: Succeeded.
Dec 30 09:16:36 ka1 systemd[1]: Stopped The nginx HTTP and reverse proxy server.
Dec 30 09:16:37 ka1 Keepalived_vrrp[5469]: Script `nginx` now returning 1
Dec 30 09:16:39 ka1 Keepalived_vrrp[5469]: VRRP_Script(nginx) failed (exited with status 1)
Dec 30 09:16:39 ka1 Keepalived_vrrp[5469]: (test1) Changing effective priority from 100 to 70
Dec 30 09:16:42 ka1 Keepalived_vrrp[5469]: (test1) Master received advert from 10.0.0.21 with higher priority 80, ours 70
Dec 30 09:16:42 ka1 Keepalived_vrrp[5469]: (test1) Entering BACKUP STATE
Dec 30 09:16:42 ka1 Keepalived_vrrp[5469]: (test1) removing VIPs.
Dec 30 09:16:42 ka1 avahi-daemon[909]: Withdrawing address record for 10.0.0.15 on ens33.
#启动nginx服务
[root@ka1 ~]#systemctl restart nginx.service
#查看日志
Dec 30 09:17:12 ka1 systemd[1]: Starting The nginx HTTP and reverse proxy server...
Dec 30 09:17:12 ka1 nginx[5605]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Dec 30 09:17:12 ka1 nginx[5605]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Dec 30 09:17:12 ka1 systemd[1]: Started The nginx HTTP and reverse proxy server.
Dec 30 09:17:13 ka1 Keepalived_vrrp[5469]: Script `nginx` now returning 0
Dec 30 09:17:14 ka1 Keepalived_vrrp[5469]: VRRP_Script(nginx) succeeded
Dec 30 09:17:14 ka1 Keepalived_vrrp[5469]: (test1) Changing effective priority from 70 to 100
Dec 30 09:17:14 ka1 Keepalived_vrrp[5469]: (test1) received lower priority (80) advert from 10.0.0.21 - discarding
Dec 30 09:17:15 ka1 Keepalived_vrrp[5469]: (test1) received lower priority (80) advert from 10.0.0.21 - discarding
Dec 30 09:17:16 ka1 Keepalived_vrrp[5469]: (test1) received lower priority (80) advert from 10.0.0.21 - discarding
Dec 30 09:17:17 ka1 Keepalived_vrrp[5469]: (test1) Receive advertisement timeout
Dec 30 09:17:17 ka1 Keepalived_vrrp[5469]: (test1) Entering MASTER STATE
Dec 30 09:17:17 ka1 Keepalived_vrrp[5469]: (test1) setting VIPs.
Dec 30 09:17:17 ka1 Keepalived_vrrp[5469]: (test1) Sending/queueing gratuitous ARPs on ens33 for 10.0.0.15
Dec 30 09:17:17 ka1 Keepalived_vrrp[5469]: Sending gratuitous ARP on ens33 for 10.0.0.15
Dec 30 09:17:17 ka1 Keepalived_vrrp[5469]: Sending gratuitous ARP on ens33 for 10.0.0.15
Dec 30 09:17:17 ka1 Keepalived_vrrp[5469]: Sending gratuitous ARP on ens33 for 10.0.0.15
Dec 30 09:17:17 ka1 Keepalived_vrrp[5469]: Sending gratuitous ARP on ens33 for 10.0.0.15
Dec 30 09:17:17 ka1 Keepalived_vrrp[5469]: Sending gratuitous ARP on ens33 for 10.0.0.15
Dec 30 09:17:17 ka1 avahi-daemon[909]: Registering new address record for 10.0.0.15 on ens33.IPv4.
Dec 30 09:17:22 ka1 Keepalived_vrrp[5469]: (test1) Sending/queueing gratuitous ARPs on ens33 for 10.0.0.15
Dec 30 09:17:22 ka1 Keepalived_vrrp[5469]: Sending gratuitous ARP on ens33 for 10.0.0.15
Dec 30 09:17:22 ka1 Keepalived_vrrp[5469]: Sending gratuitous ARP on ens33 for 10.0.0.15
Dec 30 09:17:22 ka1 Keepalived_vrrp[5469]: Sending gratuitous ARP on ens33 for 10.0.0.15
Dec 30 09:17:22 ka1 Keepalived_vrrp[5469]: Sending gratuitous ARP on ens33 for 10.0.0.15
Dec 30 09:17:22 ka1 Keepalived_vrrp[5469]: Sending gratuitous ARP on ens33 for 10.0.0.15
Dec 30 09:20:24 ka1 sssd[kcm][5181]: Shutting down (status = 0)
Dec 30 09:20:24 ka1 systemd[1]: sssd-kcm.service: Succeeded.
#连接测试
root@ubuntu1804:~# curl 10.0.0.15
10.0.0.20
root@ubuntu1804:~# curl 10.0.0.15
10.0.0.30
root@ubuntu1804:~# curl 10.0.0.15
10.0.0.20
root@ubuntu1804:~# curl 10.0.0.15
10.0.0.30
root@ubuntu1804:~# curl 10.0.0.11
10.0.0.20
root@ubuntu1804:~# curl 10.0.0.11
10.0.0.30
root@ubuntu1804:~# curl 10.0.0.11
10.0.0.20
root@ubuntu1804:~# curl 10.0.0.11
10.0.0.30
注意:这里是没有关于nginx的virtual_server的配置文件而是单纯的一看nginx的反向代理功能实现的
3.7.4 实战案例:实现双主模式Nginx反向代理的高可用
#在两个节点都配置nginx反向代理
[root@ka1-centos8 ~]vim /etc/nginx/nginx.conf
http {
upstream websrvs {
server 10.0.0.7:80 weight=1;
server 10.0.0.17:80 weight-1;
}
upstream websrvs2 {
server 10.0.0.27:80 weight=1;
server 10.0.0.37:80 weight-1;
}
server {
listen 80;
server_name www.a.com;
location /{
proxy_pass http://webservs/;
}
}
server {
listen 80;
server_name www.b.com;
location /{
proxy_pass http://webservs2/;
}
}
}
#在两个节点都配置实现双主模式的nginx反向代理高可用
[root@ka1-centos8 ~]#cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from kaadmin@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1 #在另一个节点为ka2
vrrp_mcast_group4 224.100.100.100
}
vrrp_script check_nginx {
script "/etc/keepalived/check_nginx.sh"
#script "/usr/bin/killall -0 nginx"
interval 1
weight -30
fall 3
rise 5
timeout 2
}
vrrp_instance VI_1 {
state MASTER #在另一个节点为BACKUP
interface eth0
virtual_router_id 66
priority 100 #在另一个节点为80
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
10.0.0.10/24 dev eth0 label eth0:1
}
track_interface {
eth0
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
track_script {
check_nginx
}
}
vrrp_instance VI_2 {
state BACKUP #在另一个节点为MASTER
interface eth0
virtual_router_id 88
priority 80 #在另一个节点为100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
10.0.0.20/24 dev eth0 label eth0:2
}
track_interface {
eth0
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
track_script {
check_nginx
}
}
[root@ka1-centos8 ~]# yum install psmisc -y
[root@ka1-centos8 ~]# cat /etc/keepalived/check_nginx.sh
#!/bin/bash
/usr/bin/killall -0 nginx
[root@ka1-centos8 ~]# chmod a+x /etc/keepalived/check_nginx.sh
3.7.5 实战案例:实现HAProxy高可用
#在两个ka1和ka2先实现haproxy的配置
[root@ka1 ~]#cat /etc/haproxy/haproxy.cfg
listen magedu_http
bind 10.0.0.10:80
server web1 10.0.0.7:80 check
server web2 10.0.0.17:80 check
listen stats
mode http
bind 10.0.0.8:9999
stats enable
log global
stats uri /haproxy-status
stats auth haadmin:123456
#在两个ka1和ka2两个节点启用内核参数
[root@ka1,2 ~]#vim /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind = 1
[root@ka1,2 ~]#sysctl -p
[root@ka1-centos8 ~]#cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from kaadmin@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1 #在另一个节点为ka2
vrrp_mcast_group4 224.0.100.100
}
vrrp_script check_haproxy { #定义脚本
script "/etc/keepalived/check_haproxy.sh"
interval 1
weight -30
fall 3
rise 2
timeout 2
}
vrrp_instance VI_1 {
state MASTER #在另一个节点为BACKUP
interface eth0
virtual_router_id 66
priority 100 #在另一个节点为80
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
10.0.0.10/24 dev eth0 label eth0:1
}
track_interface {
eth0
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
track_script {
check_haproxy #调用上面定义的脚本
}
}
[root@ka1-centos8 ~]# yum install psmisc -y
[root@ka1-centos8 ~]# cat /etc/keepalived/check_haproxy.sh
#!/bin/bash
/usr/bin/killall -0 haproxy || systemctl restart haproxy
[root@ka1-centos8 ~]# chmod a+x /etc/keepalived/check_haproxy.sh
3.7.6 实战案例:实现MySQL双主模式的高可用
#先实现MySQL的双主架构
[root@ka1-centos8 ~]#vim /etc/my.cnf.d/mariadb-server.cnf
[mysqld]
server-id=8
log-bin
auto_increment_offset=1 #开始点
auto_increment_increment=2 #增长幅度
#在ka2第二个节点创建连接MySQL查看同步状态的授权用户
[root@ka2-centos8 ~]#mysql -uroot -p123456
MariaDB [(none)]> grant replication slave on *.* to repluser@'10.0.0.%' identified by '123456';
#实现MySQL的健康性检测脚本1
[root@ka1-centos8 ~]#vi /etc/keepalived/check_mysql.sh
#!/bin/bash
slave_is=( $(mysql -uroot -p123456 -h10.0.0.18 -e "show slave status\G" | grep "Slave_.*_Running:" | awk '{print $2}') )
if [ "${slave_is[0]}" = "Yes" -a "${slave_is[1]}" = "Yes" ];then
exit 0
else
exit 1
fi
#实现MySQL的健康性检测脚本2
[root@ka1-centos8 ~]#vi /etc/keepalived/check_mysql.sh
mysqladmin -uroot -p123456 ping &> /dev/null
#实现MySQL的健康性检测脚本3
[root@ka1-centos8 ~]#vi /etc/keepalived/check_mysql.sh
mysql -uroot -p123456 -e 'status' &> /dev/null
#实现MySQL的健康性检测脚本4
[root@ka1-centos8 ~]#vi /etc/keepalived/check_mysql.sh
systemctl is-active mariadb &> /dev/null
#配置keepalived调用上面脚本
[root@ka1-centos8 ~]#cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from kaadmin@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1 #在另一个节点为ka2
vrrp_mcast_group4 224.0.100.100
}
vrrp_script check_mysql { #只需在第一个节点上实现脚本
script "/etc/keepalived/check_mysql.sh"
interval 1
weight -30
fall 3
rise 2
timeout 2
}
vrrp_instance VI_1 {
state MASTER #在另一个节点为BACKUP
interface eth0
virtual_router_id 66
priority 100 #在另一个节点为80
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
10.0.0.10/24 dev eth0 label eth0:1
}
track_interface {
eth0
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
track_script {
check_mysql #只需在第一个节点上实现脚本
}
}
3.8 同步组
LVS NAT 模型VIP和DIP需要同步,需要同步组,如图
当vip正常时候在ka1上,出现故障进行切换后在ka2上,如果此时dip还是在ka1上那么就会出现无法访问的情况,所以需要将vip与dip进行捆绑,一个切换另一个也跟着切换,这样可以保证报文的正常转发
vrrp_sync_group VG_1 {
group {
VI_1 # name of vrrp_instance (below)
VI_2 # One for each moveable IP
}
}
vrrp_instance VI_1 {
eth0
vip
}
vrrp_instance VI_2 {
eth1
dip
}
3.9 Keepalived通知脚本配置
当keepalived的状态变化时,可以自动触发脚本的执行,比如:发邮件通知用户
默认以用户keepalived_script身份执行脚本,如果此用户不存在,以root执行脚本
可以用下面指令指定脚本执行用户的身份
global_defs {
......
script_user <USER>
......
}
3.9.1 通知脚本类型
- 当前节点成为主节点时触发的脚本
notify_master <STRING>|<QUOTED-STRING>
- 当前节点转为备节点时触发的脚本
notify_backup <STRING>|<QUOTED-STRING>
- 当前节点转为“失败”状态时触发的脚本
notify_fault <STRING>|<QUOTED-STRING>
- 通用格式的通知触发机制,一个脚本可完成以上三种状态的转换时的通知
notify <STRING>|<QUOTED-STRING>
- 当停止VRRP时触发的脚本
notify_stop <STRING>|<QUOTED-STRING>
3.9.2创建通知脚本
[root@ka1 ~]#cat /etc/keepalived/notify.sh
#!/bin/bash
#
#########################################################################
#File Name: /etc/keepalived/notify.sh
#Author: sx
#QQ: 448803503
#Created Time: 2021-12-30 10:32:33
#role: The test script
#########################################################################
contact='448803503@qq.com'
notify() {
mailsubject="$(hostname) to be $1, vip floating"
mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"
echo "$mailbody" | mail -s "$mailsubject" $contact
}
case $1 in
master)
notify master
;;
backup)
notify backup
;;
fault)
notify fault
;;
*)
echo "Usage: $(basename $0) {master|backup|fault}"
exit 1
;;
esac
3.9.3脚本调用
在vrrp语句块的最末尾加上以下内容
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
3.9.4实战案例
3.9.4.1创建通知脚本
3.9.4.2调用脚本(ka1和ka2都要调用)
[root@ka1 ~]#cat /etc/keepalived/conf.d/master.conf
vrrp_instance test1 {
state MASTER
interface ens33
virtual_router_id 55
priority 100
advert_int 1
preempt_delay 5
authentication {
auth_type PASS
auth_pass sunxiang
}
virtual_ipaddress {
10.0.0.15 dev ens33 laber ens33:0
}
track_script {
nginx
}
notify_master "/etc/keepalived/notify.sh master" #切换为主
notify_backup "/etc/keepalived/notify.sh backup" #切换为备
notify_fault "/etc/keepalived/notify.sh fault" #切换失败
}
3.9.4.3配置邮件服务(ka1和ka2都要配置)
[root@ka1 ~]#vim /etc/mail.rc
#在配置文件的最后加上下面这几行内容
set from=448803503@qq.com
set smtp=smtp.qq.com
set smtp-auth-user=448803503@qq.com
set smtp-auth-password=***************(授权码)
3.9.4.3重启服务
[root@ka1 ~]#systemctl restart keepalived.service
[root@ka2 ~]#systemctl restart keepalived.service
3.9.4.4模拟故障
#在ka1上停服务,再启动服务
