keepalived 自生存活监测
vrrp script
keepalived调用外部的辅助脚本进行资源监控,并根据监控的结果状态能实现优先动态调整。也就是keepalived监测自身,当自身挂了之后主动让出VIP。
需要对
vrrp_script:自定义资源监控脚本,vrrp实例根据脚本返回值进行下一步操作,脚本可被多个实例调用。
track_script:调用vrrp_script定义的脚本去监控资源,定义在实例之内,调用事先定义的vrrp_script
vrrp_script
vrrp_script { #定义 名称
script | #定义脚本所在的位置
interval #间隔多久执行一次脚本
timeout #多久么有返回值就失败
weight #权重-254到254,如果监测失败则当前优先权减去次权重,如果
rise #服务器下线了开始监测多少测成功则上线
fall #服务器连续检测多少测都失败,则标记为失败
user USERNAME [GROUPNAME] #一般为root
init_fail #在未进行监测时,默认为失败。
} keepalived+lvs实现自生存活监测
由于lvs没有进程,所以只能使用脚本去访问第三方的设备来探测自己是否存活,比如本机的端口,或者网关。
配置方法1
1.创建出一个ping脚本
[root@s1 ~]# vim /etc/keepalived/ping.sh
#!/bin/bash
ping -c 2 172.20.0.1 &> /dev/null
if [ $? -eq 0 ];then
exit 0
else
exit 2
fi2.修改keepalived配置文件
vrrp_script check { #定义脚本
script /etc/keepalived/ping.sh
interval 2
weight -50
fall 3
rise 5
timeout 2
}
vrrp_instance VI_1 {
state Master
interface ens33
virtual_router_id 27
priority 100
advert_int 2
authentication {
auth_type PASS
auth_pass 1111
}
unicast_src_ip 172.20.27.10
unicast_peer {
172.20.27.11
}
virtual_ipaddress {
172.20.27.100 dev ens33 label ens33:0
}
track_script { #调用脚本
check
}
}
#在另一台主机上也执行相同的配置3.重启服务后查看vip
[root@s1 ~]# ifconfig
ens33: flags=4163 mtu 1500
inet 172.20.27.10 netmask 255.255.0.0 broadcast 172.20.255.255
inet6 fe80::20c:29ff:fec5:123c prefixlen 64 scopeid 0x20
ether 00:0c:29:c5:12:3c txqueuelen 1000 (Ethernet)
RX packets 540749 bytes 43766835 (41.7 MiB)
RX errors 0 dropped 12 overruns 0 frame 0
TX packets 78080 bytes 11718371 (11.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33:0: flags=4163 mtu 1500
inet 172.20.27.100 netmask 255.255.255.255 broadcast 0.0.0.0
ether 00:0c:29:c5:12:3c txqueuelen 1000 (Ethernet)
#vip在当前的主机上 4.测试
更改ping.sh脚本中的地址到一个不存在的地址,并对keepalived日志进行跟踪
[root@s1 ~]# tail -f /var/log/messages
Jun 8 15:48:37 s1 Keepalived_healthcheckers[10792]: SMTP alert successfully sent.
Jun 8 15:50:05 s1 Keepalived_vrrp[10793]: /etc/keepalived/ping.sh exited due to signal 15 #脚本监测失败
Jun 8 15:50:07 s1 Keepalived_vrrp[10793]: /etc/keepalived/ping.sh exited due to signal 15 #脚本监测失败
Jun 8 15:50:09 s1 Keepalived_vrrp[10793]: VRRP_Script(check) timed out #连续三次次超时
Jun 8 15:50:09 s1 Keepalived_vrrp[10793]: VRRP_Instance(VI_1) Changing effective priority from 100 to 50 #优先级从100降低到50
Jun 8 15:50:09 s1 Keepalived_vrrp[10793]: /etc/keepalived/ping.sh exited due to signal 15 #脚本监测失败
Jun 8 15:50:11 s1 Keepalived_vrrp[10793]: VRRP_Instance(VI_1) Received advert with higher priority 80, ours 50 #发现备节点的优先级比本机高,主动让出vip查看vip是否在s2节点上
[root@s2 ~]# ifconfig
ens33: flags=4163 mtu 1500
inet 172.20.27.11 netmask 255.255.0.0 broadcast 172.20.255.255
inet6 fe80::20c:29ff:fe4d:1ce3 prefixlen 64 scopeid 0x20
ether 00:0c:29:4d:1c:e3 txqueuelen 1000 (Ethernet)
RX packets 535679 bytes 43641678 (41.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 36428 bytes 3457323 (3.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33:0: flags=4163 mtu 1500
inet 172.20.27.100 netmask 255.255.255.255 broadcast 0.0.0.0
ether 00:0c:29:4d:1c:e3 txqueuelen 1000 (Ethernet)
#VIP在备节点上 配置方法2
在脚本中判断lvs后端的服务器是否存在,如果存不存在,则创建一个文件
在vrrp_script中判断文件是否存在如果文件存在,则表示自己挂了,将自己的优先级减低让出vip
script "/bin/bash -c '[[ -f /etc/keepalived/down ]]' && exit 7 || exit 0"HAProxy+keepalived的检测机制
HAProxy+keepalived的检测方式可以使用curl HAProxy的状态页面,或者使用killall -0对HAProxy发送一个信号,如果进程存在则返回值为0,如果进程不存在则返回值为非0
配置方法1
1.创建检测脚本
[root@s1 ~]# vim /etc/keepalived/curl.sh
#!/bin/bash
curl -I http://172.20.27.10:9000/haproxy-status &> /dev/null
if [ $? -eq 0 ];then
exit 0
else
exit 2
fi2.修改keepalived配置文件定义vrrp_script和调用
root@s1 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id s1.mylinuxops.com
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_script check { #定义脚本名
script /etc/keepalived/curl.sh #定义脚本路径
interval 2
weight -50
fall 3
rise 5
timeout 2
}
vrrp_instance VI_1 {
state Master
interface ens33
virtual_router_id 27
priority 100
advert_int 2
authentication {
auth_type PASS
auth_pass 1111
}
unicast_src_ip 172.20.27.10
unicast_peer {
172.20.27.11
}
virtual_ipaddress {
172.20.27.100 dev ens33 label ens33:0
}
track_script {
check #调用脚本
}
}
#另一台服务器也执行相同的操作3.重启服务后查看vip是否存在
[root@s1 ~]# ifconfig
ens33: flags=4163 mtu 1500
inet 172.20.27.10 netmask 255.255.0.0 broadcast 172.20.255.255
inet6 fe80::20c:29ff:fec5:123c prefixlen 64 scopeid 0x20
ether 00:0c:29:c5:12:3c txqueuelen 1000 (Ethernet)
RX packets 639634 bytes 52435377 (50.0 MiB)
RX errors 0 dropped 12 overruns 0 frame 0
TX packets 103375 bytes 13944325 (13.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33:0: flags=4163 mtu 1500
inet 172.20.27.100 netmask 255.255.255.255 broadcast 0.0.0.0
ether 00:0c:29:c5:12:3c txqueuelen 1000 (Ethernet)
lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback)
RX packets 4511 bytes 317479 (310.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4511 bytes 317479 (310.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 4.停止haproxy并追踪日志
[root@s1 ~]# tail -f /var/log/messages
Jun 8 17:15:16 s1 Keepalived_vrrp[16954]: /etc/keepalived/curl.sh exited with status 2
Jun 8 17:15:18 s1 Keepalived_vrrp[16954]: /etc/keepalived/curl.sh exited with status 2
Jun 8 17:15:20 s1 Keepalived_vrrp[16954]: /etc/keepalived/curl.sh exited with status 2 #连续3次无法curl到页面
Jun 8 17:15:20 s1 Keepalived_vrrp[16954]: VRRP_Script(check) failed
Jun 8 17:15:20 s1 Keepalived_vrrp[16954]: VRRP_Instance(VI_1) Changing effective priority from 100 to 50 #自动将优先级降低50
Jun 8 17:15:22 s1 Keepalived_vrrp[16954]: VRRP_Instance(VI_1) Received advert with higher priority 80, ours 50 #发现备的优先级比自己高
Jun 8 17:15:22 s1 Keepalived_vrrp[16954]: VRRP_Instance(VI_1) Entering BACKUP STATE #自己转为备
Jun 8 17:15:22 s1 Keepalived_vrrp[16954]: VRRP_Instance(VI_1) removing protocol VIPs.
Jun 8 17:15:22 s1 Keepalived_vrrp[16954]: /etc/keepalived/curl.sh exited with status 2
Jun 8 17:15:24 s1 Keepalived_vrrp[16954]: /etc/keepalived/curl.sh exited with status 2配置方法2
使用killall -0 haproxy对进程发起信号
1.安装killall
[root@s1 ~]# yum install psmisc -y2.修改配置文件
[root@s1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id s1.mylinuxops.com
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_script check { #定义脚本名称
script "killall -0 haproxy" #由于脚本中只有一条命令,直接写在这里就行,无需再写脚本
interval 2
weight -50
fall 3
rise 5
timeout 2
}
vrrp_instance VI_1 {
state Master
interface ens33
virtual_router_id 27
priority 100
advert_int 2
authentication {
auth_type PASS
auth_pass 1111
}
unicast_src_ip 172.20.27.10
unicast_peer {
172.20.27.11
}
virtual_ipaddress {
172.20.27.100 dev ens33 label ens33:0
}
track_script {
check #调用脚本
}
}3.重启服务后查看vip是否存在
[root@s1 ~]# ifconfig
ens33: flags=4163 mtu 1500
inet 172.20.27.10 netmask 255.255.0.0 broadcast 172.20.255.255
inet6 fe80::20c:29ff:fec5:123c prefixlen 64 scopeid 0x20
ether 00:0c:29:c5:12:3c txqueuelen 1000 (Ethernet)
RX packets 639634 bytes 52435377 (50.0 MiB)
RX errors 0 dropped 12 overruns 0 frame 0
TX packets 103375 bytes 13944325 (13.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33:0: flags=4163 mtu 1500
inet 172.20.27.100 netmask 255.255.255.255 broadcast 0.0.0.0
ether 00:0c:29:c5:12:3c txqueuelen 1000 (Ethernet)
lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback)
RX packets 4511 bytes 317479 (310.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4511 bytes 317479 (310.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 4.停止haproxy并追踪日志
[root@s1 ~]# tail -f /var/log/messages
Jun 8 17:30:53 s1 Keepalived_vrrp[18639]: /usr/bin/killall -0 haproxy exited with status 1
Jun 8 17:30:55 s1 Keepalived_vrrp[18639]: /usr/bin/killall -0 haproxy exited with status 1
Jun 8 17:30:57 s1 Keepalived_vrrp[18639]: /usr/bin/killall -0 haproxy exited with status 1
Jun 8 17:30:57 s1 Keepalived_vrrp[18639]: VRRP_Script(check) failed #连续监测3次失败
Jun 8 17:30:57 s1 Keepalived_vrrp[18639]: VRRP_Instance(VI_1) Changing effective priority from 100 to 50 #优先级降低为50
Jun 8 17:30:59 s1 Keepalived_vrrp[18639]: VRRP_Instance(VI_1) Received advert with higher priority 80, ours 50 #发现有优先级比当前高的主机
Jun 8 17:30:59 s1 Keepalived_vrrp[18639]: VRRP_Instance(VI_1) Entering BACKUP STATE #自动将为备
Jun 8 17:30:59 s1 Keepalived_vrrp[18639]: VRRP_Instance(VI_1) removing protocol VIPs. #移除vip
Jun 8 17:30:59 s1 Keepalived_vrrp[18639]: /usr/bin/killall -0 haproxy exited with status 1
Jun 8 17:31:01 s1 Keepalived_vrrp[18639]: /usr/bin/killall -0 haproxy exited with status 1
Jun 8 17:31:03 s1 Keepalived_vrrp[18639]: /usr/bin/killall -0 haproxy exited with status 1