keepalived部署

文章目录

  • install keepalived
      • master
      • backup
      • nginx+keepalived

利用 Keepalived 部署备用服务器,实现故障转移。

Keepalived 内置了 VRRP(Virtual Router Redundancv Protocol,虚拟路由冗余协议)功能, VRRP 用于解决静态路由出现的单点故障问题,它通过 IP 多播的方式通信,当发现主路由故障时,通过选举策略将备用路由更换为主路由,从而继续提供服务 。

Keepalived 利用 VRRP 实现了将提供对外访问的 IP 地址( Virtual IP)自动在主服务器(Master)和备用服务器(Backup)之间切换,正常情况下 Master使用 Virtual IP提供对外访问,当 Master 故障时,其他正在监控 Master 的 Backup 会通过优先级( priority)机制竞争接管 Virtual IP 继续对外提供服务,其他落选的 Backup 会继续监控当前使用的 Virtual IP 服务器 。

高可用服务器

角色 RIP(real ip) VIP (virtual ip) 说明
master 192.168.1.11 192.168.1.10 nginx+keepalived
backup 192.168.1.12 192.168.1.10 nginx+keepalived
- 192.168.1.13 - 后端服务器1
- 192.168.1.4 - 后端服务器2

install keepalived

wget https://www.keepalived.org/software/keepalived-1.2.24.tar.gz
./configure --prefix=/usr/local/keepalived
确保以下信息正确
Use VRRP Framework       : Yes
Use VRRP VMAC            : Yes
Use VRRP authentication  : Yes

注册服务
cp etc/rc.d/init.d/keepalived /etc/init.d/
chmod +x /etc/init.d/keepalived
chkconfig --add keepalived
chkconfig keepalived on
ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/keepalived
ln -s /usr/local/keepalived/sbin/keepalived /usr/sbin/keepalived

master

cp etc/keepalived/samples/keepalived.conf.vrrp /etc/keepalived/keepalived.conf

vi /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {			#配置一个虚拟路由,名称为 VI_1
    state MASTER				#指定 Keepalived的角色,MASTERBACKUP
    interface eth0				#指定监测的网卡
#    garp_master_delay 10
#    smtp_alert
#    virtual_router_id 51
    virtual_router_id 128		#虚拟路由的标识,同一个 VRRPMASTERBACKUP 应一致
mcast_src_ip 172.16.135.128		#设置 Real IP (可省略,默认将自动使用网卡的主ip
    priority 100				#优先级、权重{权重.高的主机将接管 Virtual IP)范围 0~254
    advert_int 1				#MASTERBACKUP之间同步检查的时间间隔,单位秒
    authentication {			#设置验证类型和密码
        auth_type PASS			#验证类型 ,PASS 表示使用密码验证
        auth_pass 1111			#设置密码,用于 MASTERBACKUP 之间使用相同密码通信
    }
    virtual_ipaddress {			#设置 Virtual IP地址池,每行一个
#        192.168.200.16
#        192.168.200.17
#        192.168.200.18
172.16.135.130					#为 MASTERBACKUP 设置相同的 Virtual IP
        # optional label. should be of the form "realdev:sometext" for
        # compatibility with ifconfig.
#       192.168.200.18 label eth0:1
    }
}

service keepalived restart

backup

vi /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
    state BACKUP			#修改身份为 BACKUP
    priority 90				#修改优先级为 90(低于MASTER即可}
}

service keepalived restart

Master 和 Backup 服务器中的 Keepalived 通过 VRRP 的 112 端口通信,若端口无法访问则会同时抢占 Virtual IP 地 址。接下来为两台服务器配置防火墙规则,开放 112 端口。

nginx+keepalived

在master backup 中编写如下内容

vrrp_script chk_nginx {		#配置用于检测 Nginx 运行状态的脚本
	script "/chk_nginx.sh"	#用于检测的脚本文件路径
	interval 2				#每 2 秒执行一次脚本
	weight -20				#当检测失败时 ,权理发生的变化
}
vrrp_instance VI_I {		#为 VI_l 添加监控脚本
	track_script	{
		chk_nginx
	}
}

vi /chk_nginx.sh
#!/bin/sh
if [ `ps -C nginx --no-header|wc -l` -eq 0 ];then
	service keepalived start
	sleep 2
	if [ `ps -C nginx --no-header|wc -l` -eq 0 ];then
		service keepalived stop
	fi
fi
### 默认配置
vi etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.200.16
        192.168.200.17
        192.168.200.18
    }
}

virtual_server 192.168.200.100 443 {
    delay_loop 6
    lb_algo rr
    lb_kind NAT
    persistence_timeout 50
    protocol TCP

    real_server 192.168.201.100 443 {
        weight 1
        SSL_GET {
            url {
              path /
              digest ff20ad2481f97b1754ef3e12ecd3a9cc
            }
            url {
              path /mrtg/
              digest 9b3a0c85a887a256d6939da88aabd8cd
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}

virtual_server 10.10.10.2 1358 {
    delay_loop 6
    lb_algo rr
    lb_kind NAT
    persistence_timeout 50
    protocol TCP

    sorry_server 192.168.200.200 1358

    real_server 192.168.200.2 1358 {
        weight 1
        HTTP_GET {
            url {
              path /testurl/test.jsp
              digest 640205b7b0fc66c1ea91c463fac6334d
            }
            url {
              path /testurl2/test.jsp
              digest 640205b7b0fc66c1ea91c463fac6334d
            }
            url {
              path /testurl3/test.jsp
              digest 640205b7b0fc66c1ea91c463fac6334d
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }

    real_server 192.168.200.3 1358 {
        weight 1
        HTTP_GET {
            url {
              path /testurl/test.jsp
              digest 640205b7b0fc66c1ea91c463fac6334c
            }
            url {
              path /testurl2/test.jsp
              digest 640205b7b0fc66c1ea91c463fac6334c
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}

virtual_server 10.10.10.3 1358 {
    delay_loop 3
    lb_algo rr
    lb_kind NAT
    persistence_timeout 50
    protocol TCP

    real_server 192.168.200.4 1358 {
        weight 1
        HTTP_GET {
            url {
              path /testurl/test.jsp
              digest 640205b7b0fc66c1ea91c463fac6334d
            }
            url {
              path /testurl2/test.jsp
              digest 640205b7b0fc66c1ea91c463fac6334d
            }
            url {
              path /testurl3/test.jsp
              digest 640205b7b0fc66c1ea91c463fac6334d
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }

    real_server 192.168.200.5 1358 {
        weight 1
        HTTP_GET {
            url {
              path /testurl/test.jsp
              digest 640205b7b0fc66c1ea91c463fac6334d
            }
            url {
              path /testurl2/test.jsp
              digest 640205b7b0fc66c1ea91c463fac6334d
            }
            url {
              path /testurl3/test.jsp
              digest 640205b7b0fc66c1ea91c463fac6334d
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}

你可能感兴趣的:(svc)