Keepalived 简介
设计目的为了高可用ipvs服务,
基于vrrp协议完成地址流动,vip的高可用,网关高可用,当网网关挂机,将会让keepalived接管
为vip地址所在的节点生成ipvs规则(在配置文件中预先定义)为ipvs集群的各RS做健康状态检测
基于脚本调用接口通过执行脚本完成脚本中定义的功能,进而影响集群事务,以此支持nginx、haproxy等服务
虚拟路由器:Virtual Router
角色:
master: ip地址的绑定的权限,以及通告的能力
backup: 备用设备
priority: 优先级
虚拟路由器标识:VRID(O-255),唯一标识虚拟路由器物理路由器:
vip: Virtual IP =vip
VMAC: Virutal MAC
工作模式:
主/备:单虚拟路由器1
主/主:主/备(虚拟路由器1)),备/主(虚拟路由器2)
keepalibved配置简介及单个虚拟机路由器实现
实现keepalived主备
centos7.8-7.101-master
--------------------------
yum安装keepalived
# yum install -y keepalived
# apt install -y keepalived
# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51 #此码不能有冲突
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.31.7.188/24 dev eth0 label eth0:0 #添加虚拟地址
172.31.7.189/24 dev eth0 label eth0:1
}
}
重启keepalived服务
# systemctl restart keepalived
172.31.7.102-backup
--------------------
yum install -y keepalived
# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP #master改位backup节点
interface eth0
virtual_router_id 51 #此值要与主节点一致
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111 #密码也要和101主节点相同,一般都可以不变,也可以自己设置八位密码
}
virtual_ipaddress { #下面绑定的地址不变
172.31.7.188/24 dev eth0 label eth0:0
172.31.7.189/24 dev eth0 label eth0:1
}
}
# systemctl start keepalived
keepalived编译安装
centos7.8-7-103 编译安装keepalived
-----------------------------------
# wget https://keepalived.org/software/keepalived-2.0.20.tar.gz
# yum install libnfnetlink-devel libnfnetlink ipvsadm libnl libnl-devel libnl3 libnl3-devel lm_sensors-libs net-snmp-agent-libs net-snmp-libs openssh-server openssh-clients openssl openssl-devel automake iproute
# tar xf keepalived-2.0.20.tar.gz
# cd keepalived-2.0.20
# ./configure --prefix=/apps/keepalived --disable-fwmark #指定编译参数的指定目录,把防火墙标记关闭,防止防火墙禁止vip访问本机的服务器
# make && make install
编译安装的配置文件路径
# vim /apps/keepalived/etc/keepalived/keepalived.conf
把keepalived.conf文件放在新建的/etc/keepalived目录下
# mkdir /etc/keepalived
# cp /apps/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
# systemctl restart keepalived
# systemctl status keepalived
keepalived
主配置文件: /etc/keepalived/keepalived.conf
主程序文件: /usr/sbin/keepalived
service: /usr/lib/systemd/system/keepalived.service
模板文件: /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp #具体说明再keepalived文件怎样修改,怎么修改vip与虚拟服务
虚拟服务参考文档: /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.virtualhost
centos7.8-7.101-master
--------------------------
yum安装keepalived
# yum install -y keepalived
# apt install -y keepalived
# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_iptables
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51 #此码不能有冲突
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.31.7.188/24 dev eth0 label eth0:0 #添加虚拟地址
172.31.7.189/24 dev eth0 label eth0:1
}
}
重启keepalived服务
# systemctl restart keepalived
172.31.7.102-backup
--------------------
yum install -y keepalived
# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP #master改位backup节点
interface eth0
virtual_router_id 51 #此值要与主节点一致
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111 #密码也要和101主节点相同,一般都可以不变,也可以自己设置八位密码
}
virtual_ipaddress { #下面绑定的地址不变
172.31.7.188/24 dev eth0 label eth0:0
172.31.7.189/24 dev eth0 label eth0:1
}
}
# systemctl start keepalived
测试开启172.31.7.101:
BACKUP节点收到mater信息
# tcpdump -i eth0 -nn host 172.31.7.101 or 172.31.7.102
检测mater101节点发出来的信息
# tcpdump -i eth0 -nn src 172.31.7.101
测试关闭172.31.7.101:
172.31.7.101:
# systemctl stop keepalived
#备用节点102自动代替101作为主节点
172.31.7.102
# tcpdump -i eth0 -nn host 224.0.0.18
测试再次开启
172.31.7.101:
101节点抢占102作为master节点继续运行
# systemctl start keepalived
# tail -f /var/log/messages
centos7.8-7-103 编译安装keepalived
-----------------------------------
编译安装
主配置文件: /apps/keepalived/etc/keepalived/keepalived.conf #生成模板文件
解压包里配置文件位置: /usr/local/src/keepalived-2.0.20/keepalived/etc/keepalived/keepalived.conf
service文件: /usr/local/src/keepalived-2.0.20/keepalived/keepalived.service
cd /usr/local/src
# wget https://keepalived.org/software/keepalived-2.0.20.tar.gz
# yum install libnfnetlink-devel libnfnetlink ipvsadm libnl libnl-devel libnl3 libnl3-devel lm_sensors-libs net-snmp-agent-libs net-snmp-libs openssh-server openssh-clients openssl openssl-devel automake iproute
# tar xf keepalived-2.0.20.tar.gz
# cd keepalived-2.0.20
# ./configure --prefix=/apps/keepalived --disable-fwmark #指定编译参数的指定目录,把防火墙标记关闭,防止防火墙禁止vip访问本机的服务器
# make && make install
# vim /apps/keepalived/etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email { #邮件通知功能,当keepalived角色发生改变时,通知那些邮箱,当前的虚拟路由器发生角色切换
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1 #配置smtp服务器的地址
smtp_connect_timeout 30 #smtp连接时间,连接地址连不上就报错
router_id LVS_DEVEL #给本机配置单独的字符串,可以不配置
vrrp_skip_check_adv_addr #主要用来节省cpu开销,所有报文都检查比较消耗性能,此配置为如果收到的报文和上一个报文是同一个路由器则跳过楂查报文中的源地址
vrrp_iptables #添加此参数,禁止外界请求到keepalived服务内部,不论服务本身是nginx或者haproxy,都不会从其通过,而是直接路由给后端服务器,修改请求的目的地址,直接转给后端服务器,保护haproxy或者是nginx服务器安全,就不会生成iptable规则,使其ping不通
#vrrp_strict #注释掉此行,可以从备用设备172.31.7.102ping通,master节点,严格遵守VRRP协议,默认是组播,不允许状况:1,没有VIP地址,2.需要配置了单播邻居,3.在VRRP版本2中有IPv6地址,不支持ipv6地址,有ipv6地址使服务起不来
vrrp_garp_interval 0 #ARP报文发送延迟
vrrp_gna_interval 0 #消息发送延迟
#vrrp_mcast_group4 224.0.0.18 #默认组播IP地址,224.0.0.0到239.255.255.255,可以自己修改
}
vrrp_instance VI_1 {
state MASTER #当前节点在此虚拟路由器上的初始状态,状态为只有两种状态,MASTER或者BACKUP,这里的master可以随便写,最终是比较谁的优先级,优先级高位master
interface eth0 #绑定为当前虚拟路由器使用的物理接口ens32,eth0,bond0,bro
virtual_router_id 43 #此码不能有冲突,当前虚拟路由器惟一标识,其范围是0-255
priority 100 #当前物理节点在此虚拟路由器中的优先级;范围1-254
advert_int 1 #vrrp通告的时间间隔,默认1s
authentication { #认证机制
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.31.7.10 #修改虚拟ip的地址,改为172.31.7.10,启动keepalived后测试 ip a,则出现此虚拟ip地址
172.31.7.11/24 dev eth0 label eth0:1 #设置标签
}
}
#注释掉从这开始的下面所有的行,或者删除
virtual_server 192.168.200.100 443 {
delay_loop 6
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
real_server 192.168.201.100 443 {
weight 1
SSL_GET {
url {
path /
digest ff20ad2481f97b1754ef3e12ecd3a9cc
}
url {
path /mrtg/
digest 9b3a0c85a887a256d6939da88aabd8cd
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
virtual_server 10.10.10.2 1358 {
delay_loop 6
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
sorry_server 192.168.200.200 1358
real_server 192.168.200.2 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 192.168.200.3 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334c
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334c
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
virtual_server 10.10.10.3 1358 {
delay_loop 3
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
real_server 192.168.200.4 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 192.168.200.5 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
# mkdir /etc/keepalived #把keepalived.conf文件放在新建的/etc/keepalived目录下
# cp /apps/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
# systemctl restart keepalived
# systemctl status keepalived
查看文件说明
# man keepalived.conf
keepalived非抢占、抢战延迟、多主机高可用
keepalived 抢占式多主机高可用
172.31.7.101-master1
---------------------
172.31.7.101-master1
---------------------
# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100 此处mater的优先级为100
advert_int 1
unicast_src_ip 172.31.7.101 #指定单播源的IP地址,keepalived101机器与102机器互为主备
unicast_peer { #指定单播的对方IP地址,在keepalive02机器上地址正好相反
172.31.7.102
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.31.7.188/24 dev eth0 label eth0:0
172.31.7.189/24 dev eth0 label eth0:1
}
}
virtual_server 172.31.7.188 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
#persistence_timeout 120
protocol TCP
#sorry_server 192.168.200.200 1358
real_server 172.31.7.113 80 {
weight 1
HTTP_GET {
url {
path /web/moniter/moniter.html
status_code 200
}
connect_timeout 60
nb_get_retry 3
delay_before_retry 1
connect_port 80
}
}
real_server 172.31.7.114 80 {
weight 1
HTTP_GET {
url {
path /web/moniter/moniter.html
status_code 200
}
connect_timeout 30
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
# systemctl start keepalived
# ipvsadm -Ln
172.31.7.102-backup2
--------------------
# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 80 #此备份机的优先级为80
advert_int 1
unicast_src_ip 172.31.7.102
unicast_peer {
172.31.7.101
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.31.7.188/24 dev eth0 label eth0:0
172.31.7.189/24 dev eth0 label eth0:1
}
}
virtual_server 172.31.7.188 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
#persistence_timeout 120
protocol TCP
#sorry_server 192.168.200.200 1358
real_server 172.31.7.113 80 {
weight 1
HTTP_GET {
url {
path /web/moniter/moniter.html
status_code 200
}
connect_timeout 60
nb_get_retry 3
delay_before_retry 1
connect_port 80
}
}
real_server 172.31.7.114 80 {
weight 1
HTTP_GET {
url {
path /web/moniter/moniter.html
status_code 200
}
connect_timeout 30
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
# systemctl restart keepalived
keepalived与LVS
172.31.7.101-master1
---------------------
# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
unicast_src_ip 172.31.7.101 #指定单播源的IP地址,keepalived101机器与102机器互为主备
unicast_peer { #指定单播的对方IP地址,在keepalive02机器上地址正好相反
172.31.7.102
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.31.7.188/24 dev eth0 label eth0:0
172.31.7.189/24 dev eth0 label eth0:1
}
}
virtual_server 172.31.7.188 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
#persistence_timeout 120
protocol TCP
#sorry_server 192.168.200.200 1358
real_server 172.31.7.113 80 {
weight 1 #权重默认为1
HTTP_GET {
url {
path /web/moniter/moniter.html
status_code 200
}
connect_timeout 60 #连接服务端超时时间
nb_get_retry 3 #重试次数
delay_before_retry 1 #重试之前的延迟时长
connect_port 80
}
}
real_server 172.31.7.114 80 {
weight 1
HTTP_GET {
url {
path /web/moniter/moniter.html
status_code 200
}
connect_timeout 30
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
# systemctl start keepalived
# ipvsadm -Ln
172.31.7.113-web1与172.31.7.114-web2
-----------------------------------
# yum install -y httpd
# systemctl start httpd
# echo `hostname -I` > /var/www/html/index.html
绑定虚拟IP
# vim ipvs-dr.sh
#!/bin/sh
#Lvs DR模式初始化脚本
#Zhu zikang:2017-08-18
LVS_VIP=172.31.7.188
source /etc/rc.d/init.d/functions
case "$1" in
start)
/sbin/ifconfig lo:0 $LVS_VIP netmask 255.255.255.255 broadcast $LVS_VIP
/sbin/route add -host $LVS_VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
/sbin/ifconfig lo:0 down
/sbin/route del $LVS_VIP >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0
172.31.7.101-master1
172.31.7.102-backup2
172.31.7.113-web1
172.31.7.114-web2
在后端web服务器上配置绑定VIP,实现用keepalived,规定的轮询调度
172.31.7.101-master1
---------------------
添加两个web的地址到keepalived,配置文件中,添加轮询规则
# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
unicast_src_ip 172.31.7.101 #指定单播源的IP地址,keepalived101机器与102机器互为主备
unicast_peer { #指定单播的对方IP地址,在keepalive02机器上地址正好相反
172.31.7.102
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.31.7.188/24 dev eth0 label eth0:0
172.31.7.189/24 dev eth0 label eth0:1
}
}
#测试一 、使用TCP检测
virtual_server 172.31.7.188 80 { #轮询的vip地址为188
delay_loop 6
lb_algo wrr #加权轮询
lb_kind DR
#persistence_timeout 120 #会话保持时间
protocol TCP
#sorry_server 192.168.200.200 1358 #开启web服务器
real_server 172.31.7.113 80 {
weight 1 #权重默认为1
TCP_CHECK {
connect_timeout 60 #连接服务端超时时间
nb_get_retry 3 #重试次数
delay_before_retry 1 #重试之前的延迟时长
connect_port 80
}
}
real_server 172.31.7.114 80 {
weight 1
TCP_CHECK {
connect_timeout 30
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
#测试二、使用HTTP检测,其检测效果更好
virtual_server 172.31.7.188 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
#persistence_timeout 120
protocol TCP
#sorry_server 192.168.200.200 1358
real_server 172.31.7.113 80 {
weight 1 #权重默认为1
HTTP_GET {
url {
path /web/moniter/moniter.html
status_code 200
}
connect_timeout 60 #连接服务端超时时间
nb_get_retry 3 #重试次数
delay_before_retry 1 #重试之前的延迟时长
connect_port 80
}
}
real_server 172.31.7.114 80 {
weight 1
HTTP_GET {
url {
path /web/moniter/moniter.html
status_code 200
}
connect_timeout 30
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
查看keepalived添加轮询规则是否添加成功
# yum install -y ipvsadm
# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InAct
TCP 172.31.7.188:80 wrr
-> 172.31.7.113:80 Route 1 0 0
-> 172.31.7.114:80 Route 1 0 0
172.31.7.102-backup2
--------------------
# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 80
advert_int 1
unicast_src_ip 172.31.7.102
unicast_peer {
172.31.7.101
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.31.7.188/24 dev eth0 label eth0:0
172.31.7.189/24 dev eth0 label eth0:1
}
}
# systemctl restart keepalived
172.31.7.113与172.31.7.114
--------------------------
让113与114机器绑定keepalived机器上的虚拟ip地址
同时执行
yum install -y httpd
echo `hostname -I` > /var/www/html/index.html
访问:
http://172.31.7.113/
http://172.31.7.114/
绑定虚拟IP
# vim ipvs-dr.sh
#!/bin/sh
#Lvs DR模式初始化脚本
#Zhu zikang:2017-08-18
LVS_VIP=172.31.7.188
source /etc/rc.d/init.d/functions
case "$1" in
start)
/sbin/ifconfig lo:0 $LVS_VIP netmask 255.255.255.255 broadcast $LVS_VIP
/sbin/route add -host $LVS_VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
/sbin/ifconfig lo:0 down
/sbin/route del $LVS_VIP >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0
上传叫脚本到113与114机器上
两台主机同时执行
# bash ipvs-dr.sh start
测试:
http://172.31.7.188/ #实现轮询
172.31.7.113
172.31.7.114
keepalived结合haproxy与Nginx实现高可用
脚本一键安装haproxy
172.31.7.101-master
------------------
D:\和彩云同步文件夹\scripte file\Haproxy一键安装脚本\haproxy-2.0.15-onekeyinstall.tar.gz
D:\和彩云同步文件夹\scripte file\Haproxy一键安装脚本\Haproxy_install.sh
# cd /usr/local/src
# tar xfv haproxy-2.0.15-onekeyinstall.tar.gz
# bash Haproxy_install.sh
服务监听8899与9999,已经在脚本里设置
修改haproxy的配置文件
vim /etc/haproxy/haproxy.cfg
listen web_port
bind 172.31.7.188:80
mode http
log global
server web1 172.31.7.113:80 check inter 3000 fall 2 rise 5
server web1 172.31.7.114:80 check inter 3000 fall 2 rise 5
重启服务生效文件
# systemctl restart haproxy
# sysctl -a |grep forward
# vim /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 0
生效配置文件
# sysctl -p
# systemctl restart haproxy
开启9999端口
防止haproxy宕机了访问172.31.7.188端口出现404,我们需要写个脚本判断进程是否存在,如果进程宕机,我就使进程发生迁移
第一:声明脚本检测,如果有个主进程,判断陈功,如过没有判断失败
# yum install -y psmisc
# killall -0 happroxy
# echo $?
0
# killall -0 haproxy123
haproxy123: no process found
第二: 创建脚本
# vim /etc/keepalived/chk_haproxy.sh
/usr/bin/killall -0 haproxy
脚本添加执行权限
# chmod a+x /etc/keepalived/chk_haproxy.sh
修改keepalived配置文件
# vim /etc/keepalived/keepalived.conf
vrrp_script chk_haproxy {
script "/etc/keepalived/chk_haproxy.sh"
interval 1 #时间每间隔一秒执行一次
weight -30 #与主配置文件中的权重相加后小于,backup文件中的权重
fall 3 #连续检测三次失败后进行降级
rise 5 #连续五次都成功了都恢复
timeout 2 #单次吵够两秒代表其超时,超时即失败
}
# systemctl restart keepalived
测试:
# systemctl stop haproxy
# ip a
使用nginx实现keepalived下的vip下的虚拟路由
# wget http://nginx.org/download/nginx-1.18.0.tar.gz
# tar xvf nginx-1.18.0.tar.gz
# cd nginx-1.18.0/
# ./configure --prefix=/apps/nginx
make && make install
systemctl stop haproxy.service
vim /apps/nginx/conf/nginx.conf
#gzip on;
upstream jackie {
server 172.31.7.113:80;
server 172.31.7.114:80;
}
location / {
root html;
index index.html index.htm;
proxy_pass http://jackie;
}
/apps/nginx/sbin/nginx
systemctl restart keepalived.service
cd /etc/keepalived/
cp chk_haproxy.sh chk_nginx.sh
vim chk_nginx.sh
/usr/bin/killall -0 nginx
脚本添加执行权限
chmod a+x /etc/keepalived/chk_nginx.sh
vim /etc/keepalived/keepalived.conf
vrrp_script chk_nginx {
script "/etc/keepalived/chk_nginx.sh"
interval 1
weight -30
fall 3
rise 5
timeout 2
}
virtual_ipaddress {
172.31.7.188/24 dev eth0 label eth0:0
172.31.7.189/24 dev eth0 label eth0:1
}
track_script {
chk_nginx
}
systemctl restart keepalived.service
停止nginx实现资源迁移
/apps/nginx/sbin/nginx -s stop
172.31.7.102-backup
-------------------
D:\和彩云同步文件夹\scripte file\Haproxy一键安装脚本\haproxy-2.0.15-onekeyinstall.tar.gz
D:\和彩云同步文件夹\scripte file\Haproxy一键安装脚本\Haproxy_install.sh
# cd /usr/local/src
# tar xfv haproxy-2.0.15-onekeyinstall.tar.gz
# bash Haproxy_install.sh
修改haproxy的配置文件
vi /etc/haproxy/haproxy.cfg
listen web_port
bind 172.31.7.188:80 #修改端口为80
mode http
log global
server web1 172.31.7.113:80 check inter 3000 fall 2 rise 5 #把服务器地址添加到haproxy中
server web2 172.31.7.114:80 check inter 3000 fall 2 rise 5
# systemctl restart haproxy
虚拟vip只能在一台haproxy服务器上,第二台启动haproxy端口不会发生改变,添加内核参数使其172.31.7.101backup能够启动,让内核允许帮定在service,的vip参数上
添加内核参数:
# sysctl -a | grep local
# vim /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
生效配置文件
# sysctl -p
# systemctl restart haproxy
开启9999端口
# systemctl start keepalived
测试成功;
发生地址漂移
# ip a
使用nginx
# wget http://nginx.org/download/nginx-1.18.0.tar.gz
# tar xvf nginx-1.18.0.tar.gz
# cd nginx-1.18.0/
# ./configure --prefix=/apps/nginx
make && make install
systemctl stop haproxy.service
vim /apps/nginx/conf/nginx.conf
#gzip on;
upstream jackie {
server 172.31.7.113:80;
server 172.31.7.114:80;
}
location / {
root html;
index index.html index.htm;
proxy_pass http://jackie;
}
/apps/nginx/sbin/nginx
systemctl restart keepalived.service
浙公网安备 33010602011771号