keepalived 自生存活监测

vrrp script

keepalived调用外部的辅助脚本进行资源监控,并根据监控的结果状态能实现优先动态调整。也就是keepalived监测自身,当自身挂了之后主动让出VIP。
需要对
vrrp_script:自定义资源监控脚本,vrrp实例根据脚本返回值进行下一步操作,脚本可被多个实例调用。
track_script:调用vrrp_script定义的脚本去监控资源,定义在实例之内,调用事先定义的vrrp_script


vrrp_script

vrrp_script  {         #定义 名称
    script | #定义脚本所在的位置
    interval               #间隔多久执行一次脚本
    timeout                #多久么有返回值就失败
    weight       #权重-254到254,如果监测失败则当前优先权减去次权重,如果
    rise                   #服务器下线了开始监测多少测成功则上线             
    fall                   #服务器连续检测多少测都失败,则标记为失败
    user USERNAME [GROUPNAME]       #一般为root
    init_fail                       #在未进行监测时,默认为失败。
}

keepalived+lvs实现自生存活监测

由于lvs没有进程,所以只能使用脚本去访问第三方的设备来探测自己是否存活,比如本机的端口,或者网关。

配置方法1

1.创建出一个ping脚本

[root@s1 ~]# vim /etc/keepalived/ping.sh
#!/bin/bash
ping -c 2 172.20.0.1 &> /dev/null
if [ $? -eq 0 ];then
    exit 0
else
    exit 2
fi

2.修改keepalived配置文件

vrrp_script check {                     #定义脚本
        script /etc/keepalived/ping.sh
        interval 2
        weight -50
        fall 3
        rise 5
        timeout 2
}

vrrp_instance VI_1 {
    state Master
    interface ens33
    virtual_router_id 27
    priority 100
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    unicast_src_ip 172.20.27.10
    unicast_peer {
    172.20.27.11
    }
    virtual_ipaddress {
        172.20.27.100 dev ens33 label ens33:0
    }
    track_script {              #调用脚本
        check
    }
}
#在另一台主机上也执行相同的配置

3.重启服务后查看vip

[root@s1 ~]# ifconfig
ens33: flags=4163  mtu 1500
        inet 172.20.27.10  netmask 255.255.0.0  broadcast 172.20.255.255
        inet6 fe80::20c:29ff:fec5:123c  prefixlen 64  scopeid 0x20
        ether 00:0c:29:c5:12:3c  txqueuelen 1000  (Ethernet)
        RX packets 540749  bytes 43766835 (41.7 MiB)
        RX errors 0  dropped 12  overruns 0  frame 0
        TX packets 78080  bytes 11718371 (11.1 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens33:0: flags=4163  mtu 1500
        inet 172.20.27.100  netmask 255.255.255.255  broadcast 0.0.0.0
        ether 00:0c:29:c5:12:3c  txqueuelen 1000  (Ethernet)
#vip在当前的主机上

4.测试
更改ping.sh脚本中的地址到一个不存在的地址,并对keepalived日志进行跟踪

[root@s1 ~]# tail -f /var/log/messages 
Jun  8 15:48:37 s1 Keepalived_healthcheckers[10792]: SMTP alert successfully sent.
Jun  8 15:50:05 s1 Keepalived_vrrp[10793]: /etc/keepalived/ping.sh exited due to signal 15          #脚本监测失败
Jun  8 15:50:07 s1 Keepalived_vrrp[10793]: /etc/keepalived/ping.sh exited due to signal 15          #脚本监测失败
Jun  8 15:50:09 s1 Keepalived_vrrp[10793]: VRRP_Script(check) timed out                             #连续三次次超时
Jun  8 15:50:09 s1 Keepalived_vrrp[10793]: VRRP_Instance(VI_1) Changing effective priority from 100 to 50       #优先级从100降低到50
Jun  8 15:50:09 s1 Keepalived_vrrp[10793]: /etc/keepalived/ping.sh exited due to signal 15          #脚本监测失败
Jun  8 15:50:11 s1 Keepalived_vrrp[10793]: VRRP_Instance(VI_1) Received advert with higher priority 80, ours 50     #发现备节点的优先级比本机高,主动让出vip

查看vip是否在s2节点上

[root@s2 ~]# ifconfig
ens33: flags=4163  mtu 1500
        inet 172.20.27.11  netmask 255.255.0.0  broadcast 172.20.255.255
        inet6 fe80::20c:29ff:fe4d:1ce3  prefixlen 64  scopeid 0x20
        ether 00:0c:29:4d:1c:e3  txqueuelen 1000  (Ethernet)
        RX packets 535679  bytes 43641678 (41.6 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 36428  bytes 3457323 (3.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens33:0: flags=4163  mtu 1500
        inet 172.20.27.100  netmask 255.255.255.255  broadcast 0.0.0.0
        ether 00:0c:29:4d:1c:e3  txqueuelen 1000  (Ethernet)
#VIP在备节点上

配置方法2

在脚本中判断lvs后端的服务器是否存在,如果存不存在,则创建一个文件
在vrrp_script中判断文件是否存在如果文件存在,则表示自己挂了,将自己的优先级减低让出vip

script "/bin/bash -c '[[ -f /etc/keepalived/down ]]' && exit 7 || exit 0"

HAProxy+keepalived的检测机制

HAProxy+keepalived的检测方式可以使用curl HAProxy的状态页面,或者使用killall -0对HAProxy发送一个信号,如果进程存在则返回值为0,如果进程不存在则返回值为非0

配置方法1

1.创建检测脚本

[root@s1 ~]# vim /etc/keepalived/curl.sh
#!/bin/bash
curl -I http://172.20.27.10:9000/haproxy-status &> /dev/null
if [ $? -eq 0 ];then
    exit 0
else
    exit 2
fi

2.修改keepalived配置文件定义vrrp_script和调用

root@s1 ~]# cat /etc/keepalived/keepalived.conf 
! Configuration File for keepalived

global_defs {
   notification_email {
    [email protected]
   }
   notification_email_from [email protected]
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id s1.mylinuxops.com
   vrrp_skip_check_adv_addr
   #vrrp_strict
   vrrp_iptables
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_script check {                         #定义脚本名
    script /etc/keepalived/curl.sh          #定义脚本路径
    interval 2
    weight -50
    fall 3
    rise 5
    timeout 2
}

vrrp_instance VI_1 {
    state Master
    interface ens33
    virtual_router_id 27
    priority 100
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    unicast_src_ip 172.20.27.10
    unicast_peer {
    172.20.27.11
    }
    virtual_ipaddress {
    172.20.27.100 dev ens33 label ens33:0
    }
    track_script {
    check                               #调用脚本
    }
}
#另一台服务器也执行相同的操作

3.重启服务后查看vip是否存在

[root@s1 ~]# ifconfig
ens33: flags=4163  mtu 1500
        inet 172.20.27.10  netmask 255.255.0.0  broadcast 172.20.255.255
        inet6 fe80::20c:29ff:fec5:123c  prefixlen 64  scopeid 0x20
        ether 00:0c:29:c5:12:3c  txqueuelen 1000  (Ethernet)
        RX packets 639634  bytes 52435377 (50.0 MiB)
        RX errors 0  dropped 12  overruns 0  frame 0
        TX packets 103375  bytes 13944325 (13.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens33:0: flags=4163  mtu 1500
        inet 172.20.27.100  netmask 255.255.255.255  broadcast 0.0.0.0
        ether 00:0c:29:c5:12:3c  txqueuelen 1000  (Ethernet)

lo: flags=73  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 4511  bytes 317479 (310.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4511  bytes 317479 (310.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

4.停止haproxy并追踪日志

[root@s1 ~]# tail -f /var/log/messages 
Jun  8 17:15:16 s1 Keepalived_vrrp[16954]: /etc/keepalived/curl.sh exited with status 2
Jun  8 17:15:18 s1 Keepalived_vrrp[16954]: /etc/keepalived/curl.sh exited with status 2
Jun  8 17:15:20 s1 Keepalived_vrrp[16954]: /etc/keepalived/curl.sh exited with status 2     #连续3次无法curl到页面
Jun  8 17:15:20 s1 Keepalived_vrrp[16954]: VRRP_Script(check) failed
Jun  8 17:15:20 s1 Keepalived_vrrp[16954]: VRRP_Instance(VI_1) Changing effective priority from 100 to 50       #自动将优先级降低50
Jun  8 17:15:22 s1 Keepalived_vrrp[16954]: VRRP_Instance(VI_1) Received advert with higher priority 80, ours 50     #发现备的优先级比自己高
Jun  8 17:15:22 s1 Keepalived_vrrp[16954]: VRRP_Instance(VI_1) Entering BACKUP STATE        #自己转为备
Jun  8 17:15:22 s1 Keepalived_vrrp[16954]: VRRP_Instance(VI_1) removing protocol VIPs.
Jun  8 17:15:22 s1 Keepalived_vrrp[16954]: /etc/keepalived/curl.sh exited with status 2
Jun  8 17:15:24 s1 Keepalived_vrrp[16954]: /etc/keepalived/curl.sh exited with status 2

配置方法2

使用killall -0 haproxy对进程发起信号
1.安装killall

[root@s1 ~]# yum install psmisc -y

2.修改配置文件

[root@s1 ~]# vim /etc/keepalived/keepalived.conf 

! Configuration File for keepalived

global_defs {
   notification_email {
        [email protected]
   }
   notification_email_from [email protected]
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id s1.mylinuxops.com
   vrrp_skip_check_adv_addr
   #vrrp_strict
   vrrp_iptables
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_script check {                         #定义脚本名称
        script "killall -0 haproxy"         #由于脚本中只有一条命令,直接写在这里就行,无需再写脚本
        interval 2
        weight -50
        fall 3
        rise 5
        timeout 2
}

vrrp_instance VI_1 {
    state Master
    interface ens33
    virtual_router_id 27
    priority 100
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    unicast_src_ip 172.20.27.10
    unicast_peer {
    172.20.27.11
    }
    virtual_ipaddress {
        172.20.27.100 dev ens33 label ens33:0
    }
    track_script {
        check                               #调用脚本
    }
}

3.重启服务后查看vip是否存在

[root@s1 ~]# ifconfig
ens33: flags=4163  mtu 1500
        inet 172.20.27.10  netmask 255.255.0.0  broadcast 172.20.255.255
        inet6 fe80::20c:29ff:fec5:123c  prefixlen 64  scopeid 0x20
        ether 00:0c:29:c5:12:3c  txqueuelen 1000  (Ethernet)
        RX packets 639634  bytes 52435377 (50.0 MiB)
        RX errors 0  dropped 12  overruns 0  frame 0
        TX packets 103375  bytes 13944325 (13.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens33:0: flags=4163  mtu 1500
        inet 172.20.27.100  netmask 255.255.255.255  broadcast 0.0.0.0
        ether 00:0c:29:c5:12:3c  txqueuelen 1000  (Ethernet)

lo: flags=73  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 4511  bytes 317479 (310.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4511  bytes 317479 (310.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

4.停止haproxy并追踪日志

[root@s1 ~]# tail -f /var/log/messages 
Jun  8 17:30:53 s1 Keepalived_vrrp[18639]: /usr/bin/killall -0 haproxy exited with status 1
Jun  8 17:30:55 s1 Keepalived_vrrp[18639]: /usr/bin/killall -0 haproxy exited with status 1
Jun  8 17:30:57 s1 Keepalived_vrrp[18639]: /usr/bin/killall -0 haproxy exited with status 1
Jun  8 17:30:57 s1 Keepalived_vrrp[18639]: VRRP_Script(check) failed                            #连续监测3次失败
Jun  8 17:30:57 s1 Keepalived_vrrp[18639]: VRRP_Instance(VI_1) Changing effective priority from 100 to 50           #优先级降低为50
Jun  8 17:30:59 s1 Keepalived_vrrp[18639]: VRRP_Instance(VI_1) Received advert with higher priority 80, ours 50     #发现有优先级比当前高的主机
Jun  8 17:30:59 s1 Keepalived_vrrp[18639]: VRRP_Instance(VI_1) Entering BACKUP STATE                                #自动将为备
Jun  8 17:30:59 s1 Keepalived_vrrp[18639]: VRRP_Instance(VI_1) removing protocol VIPs.                              #移除vip
Jun  8 17:30:59 s1 Keepalived_vrrp[18639]: /usr/bin/killall -0 haproxy exited with status 1
Jun  8 17:31:01 s1 Keepalived_vrrp[18639]: /usr/bin/killall -0 haproxy exited with status 1
Jun  8 17:31:03 s1 Keepalived_vrrp[18639]: /usr/bin/killall -0 haproxy exited with status 1