本章内容
◆ 高可用集群
◆ KeepAlived 组成
◆ keepAlived 配置
集群Cluster
集群类型:
LB lvs/nginx(http/upstream, stream/upstream)
HA 高可用性
SPoF: Single Point of Failure
HPC系统可用性的公式:A=MTBF/(MTBF+MTTR)
(0,1), 95%
几个9(指标): 99%, ..., 99.999%,99.9999%系统故障:
硬件故障:设计缺陷、 wear out(损耗)、自然灾害……
软件故障:设计缺陷提升系统高用性的解决方案之降低MTTR
手段:冗余redundant
active/passive 主备
active/active 双主
active --> HEARTBEAT --> passive
active <--> HEARTBEAT <--> active高可用的是“服务”
HA nginx service:
vip/nginx process[/shared storage]
资源:组成一个高可用服务的“组件”
(1) passive node的数量
(2) 资源切换shared storage:
NAS:文件共享服务器;
SAN:存储区域网络,块级别的共享Network partition:网络分区
● quorum:法定人数
with quorum: > total/2
without quorum: <= total/2
● 隔离设备: fence
node:STONITH = Shooting The Other Node In The Head
断电重启
资源:断开存储的连接TWO nodes Cluster
辅助设备:ping node, quorum diskFailover:故障切换,即某资源的主节点故障时,将资源转移至其它节点的操作
Failback:故障移回,即某资源的主节点故障后重新修改上线后,将之前已转移至其它节点的资源重新切回的过程
HA Cluster实现方案:
● AIS:应用接口规范 完备复杂的HA集群
RHCS:Red Hat Cluster Suite红帽集群套件
heartbeat
corosync
● vrrp协议实现:虚拟路由冗余协议
keepalived
KeepAlived
keepalived:
vrrp协议:Virtual Router Redundancy Protocol术语:
虚拟路由器:Virtual Router
虚拟路由器标识:VRID(0-255),唯一标识虚拟路由器
物理路由器:
master:主设备
backup:备用设备
priority:优先级
VIP:Virtual IP
VMAC:Virutal MAC (00-00-5e-00-01-VRID)通告:心跳,优先级等;周期性
工作方式:抢占式,非抢占式
安全工作:
认证:
无认证
简单字符认证:预共享密钥
MD5工作模式:
主/备:单虚拟路径器
主/主:主/备(虚拟路由器1),备/主(虚拟路由器2)keepalived:
vrrp协议的软件实现,原生设计目的为了高可用ipvs服务功能:
● vrrp协议完成地址流动
● 为vip地址所在的节点生成ipvs规则(在配置文件中预先定义)
● 为ipvs集群的各RS做健康状态检测
● 基于脚本调用接口通过执行脚本完成脚本中定义的功能,进而影响集群事务,以此支持nginx、 haproxy等服务组件:
● 核心组件:
vrrp stack
ipvs wrapper
checkers
● 控制组件:配置文件分析器
● IO复用器
● 内存管理组件
KeepAlived组成
KeepAlived实现
HA Cluster 配置准备:
(1) 各节点时间必须同步
ntp, chrony
(2) 确保iptables及selinux不会成为阻碍
(3) 各节点之间可通过主机名互相通信(对KA并非必须),建议使用/etc/hosts文件实现
(4) 各节点之间的root用户可以基于密钥认证的ssh服务完成互相通信(对KA并非必须)Keepalived安装:
keepalived包,CentOS 6.4+ Base源程序环境:
● 主配置文件:/etc/keepalived/keepalived.conf
● 主程序文件:/usr/sbin/keepalived
● Unit File:/usr/lib/systemd/system/keepalived.service
● Unit File的环境配置文件:/etc/sysconfig/keepalived
KeepAlived配置
配置文件组件部分:
TOP HIERACHY
● GLOBAL CONFIGURATION
Global definitions
Static routes/addresses
● VRRPD CONFIGURATION
VRRP synchronization group(s):vrrp同步组
VRRP instance(s):即一个vrrp虚拟路由器
● LVS CONFIGURATION
Virtual server group(s)
Virtual server(s):ipvs集群的vs和rs配置语法:
配置虚拟路由器:
vrrp_instance{
....
}专用参数:
● state MASTER|BACKUP:当前节点在此虚拟路由器上的初始状态;只能 有一个是MASTER,余下的都应该为BACKUP
● interface IFACE_NAME:绑定为当前虚拟路由器使用的物理接口
● virtual_router_id VRID:当前虚拟路由器惟一标识,范围是0-255
● priority 100:当前物理节点在此虚拟路由器中的优先级;范围1-254
● advert_int 1:vrrp通告的时间间隔,默认1s
authentication { #认证机制
auth_type AH|PASS
auth_pass 仅前8位有效
}
virtual_ipaddress { #虚拟IP
/ brd dev scope label
- nopreempt:定义工作模式为非抢占模式
- preempt_delay 300:抢占式模式,节点上线后触发新选举操作的延迟时长,默认模式
- 定义通知脚本:
notify_master| :
当前节点成为主节点时触发的脚本
notify_backup| :
当前节点转为备节点时触发的脚本
notify_fault| :
当前节点转为“失败”状态时触发的脚本
notify| :
通用格式的通知触发机制,一个脚本可完成以上三种状态的转换时的通知
小笔记:搭建keepalived
#环境:6台机器,Client:172.16.0.6 Router:172.16.0.7、192.168.37.7 RS1:192.168.37.17 RS2:192.168.37.27 ka1:192.168.37.37、192.168.37.100 ka2:192.168.37.47、192.168.37.100
#router2块网卡,桥接与nat模式
#ka1
yum install keepalived
cd /etc/keepalived
cp keepalived.conf{,.bak}
ssh-keygen
ssh-copy-id 192.168.37.47
echo "192.168.37.37 ka1" >> /etc/hosts
echo "192.168.37.47 ka2" >> /etc/hosts
vim keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost #发给本机root邮件
}
notification_email_from keepalived@localhost #以什么身份发邮件
smtp_server 127.0.0.1 #发邮件的地址
smtp_connect_timeout 30
router_id ka1 #主机名
vrrp_mcast_group4 224.100.100.100 #D类地址,多播
}
vrrp_instance VI_1 { #虚拟路由器
state MASTER #在另一个结点上为BACKUP
interface eth0 #网卡接口
virtual_router_id 66 #多个节点必须相同
priority 100 #优先级,在另一个结点上要小于这个值
advert_int 1 #通告间隔1s
authentication {
auth_type PASS #预共享密钥认证
auth_pass 123456 #密码
}
virtual_ipaddress {
192.168.37.100/24 dev eth0 label eth0:1
}
}
systemctl start keepalived
#ka2
yum install keepalived
cd /etc/keepalived
cp keepalived.conf{,.bak}
ssh-keygen
ssh-copy-id 192.168.37.37
echo "192.168.37.37 ka1" >> /etc/hosts
echo "192.168.37.47 ka2" >> /etc/hosts
vim keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost #发给本机root邮件
}
notification_email_from keepalived@localhost #以什么身份发邮件
smtp_server 127.0.0.1 #发邮件的地址
smtp_connect_timeout 30
router_id ka2 #主机名
vrrp_mcast_group4 224.100.100.100 #D类地址,多播
}
vrrp_instance VI_1 { #虚拟路由器
state BACKUP
interface eth0 #网卡接口
virtual_router_id 66 #多个节点必须相同
priority 80 #优先级
advert_int 1 #通告间隔1s
authentication {
auth_type PASS #预共享密钥认证
auth_pass 123456 #密码
}
virtual_ipaddress {
192.168.37.100/24 dev eth0 label eth0:1
}
}
systemctl start keepalived
#RS1、RS2
yum install httpd -y
echo `hostname` > /var/www/html/index.html
systemctl start httpd
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ip address add 192.168.37.100/32 dev lo label lo:1
#抓包查看
tcpdump -i eth0 -nn host 224.100.100.100
KeepAlived单主配置示例
单主配置示例:
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1 #主机名,在另一结点为node2
vrrp_mcast_group4 224.0.100.100
}
vrrp_instance VI_1 {
state MASTER #在另一个结点上为BACKUP
interface eth0
virtual_router_id 6 #多个节点必须相同
priority 100 #在另一个结点上为90
advert_int 1 #通告间隔1s
authentication {
auth_type PASS #预共享密钥认证
auth_pass 571f97b2
}
virtual_ipaddress {
172.18.100.66/16 dev eth0 label eth0:0
}
track_interface {
eth0
}
}
KeepAlived双主配置
脚本的调用方法:
在vrrp_instance VI_1 语句块最后面加下面行
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
示例通知脚本
#!/bin/bash
contact='root@localhost'
notify() {
mailsubject="$(hostname) to be $1, vip floating"
mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"
echo "$mailbody" | mail -s "$mailsubject" $contact
}
case $1 in
master)
notify master
;;
backup)
notify backup
;;
fault)
notify fault
;;
*)
echo "Usage: $(basename $0) {master|backup|fault}"
exit 1
;;
esac
邮件设置
配置发送邮件的邮箱设置:
vim ~/.mailrc 或 /etc/mail.rc
set [email protected]
set smtp=smtp.qq.com
set [email protected]
set smtp-auth-password=lzhdjmtznbftbiai
set smtp-auth=login
set ssl-verify=ignore测试:echo test mail | mail –s test [email protected]
KeepAlived双主配置
#双主模型示例:
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.0.100.100
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 6
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 571f97b2
}
virtual_ipaddress {
172.16.0.10/16 dev eth0
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 8
priority 98
advert_int 1
authentication {
auth_type PASS
auth_pass 578f07b2
}
virtual_ipaddress {
172.16.0.11/16 dev eth0
}
}
小笔记:双主配置
#ka1
vim /etc/keepalived/notify.sh
#!/bin/bash
contact='root@localhost'
notify() {
mailsubject="$(hostname) to be $1, vip floating"
mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"
echo "$mailbody" | mail -s "$mailsubject" $contact
}
case $1 in
master)
notify master
;;
backup)
notify backup
;;
fault)
notify fault
;;
*)
echo "Usage: $(basename $0) {master|backup|fault}"
exit 1
;;
esac
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost #发给本机root邮件
}
notification_email_from keepalived@localhost #以什么身份发邮件
smtp_server 127.0.0.1 #发邮件的地址
smtp_connect_timeout 30
router_id ka1 #主机名
vrrp_mcast_group4 224.100.100.100 #D类地址,多播
}
vrrp_instance VI_1 { #虚拟路由器
state MASTER #在另一个结点上为BACKUP
interface eth0 #网卡接口
virtual_router_id 66 #多个节点必须相同
priority 100 #优先级,在另一个结点上要小于这个值
advert_int 1 #通告间隔1s
authentication {
auth_type PASS #预共享密钥认证
auth_pass 123456 #密码
}
virtual_ipaddress {
192.168.37.100/24 dev eth0 label eth0:1
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
chmod +x /etc/keepalived/notify.sh
systemctl restart keepalived
#ka2
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost #发给本机root邮件
}
notification_email_from keepalived@localhost #以什么身份发邮件
smtp_server 127.0.0.1 #发邮件的地址
smtp_connect_timeout 30
router_id ka2 #主机名
vrrp_mcast_group4 224.100.100.100 #D类地址,多播
}
vrrp_instance VI_1 { #虚拟路由器
state BACKUP
interface eth0 #网卡接口
virtual_router_id 66 #多个节点必须相同
priority 80 #优先级
advert_int 1 #通告间隔1s
authentication {
auth_type PASS #预共享密钥认证
auth_pass 123456 #密码
}
virtual_ipaddress {
192.168.37.100/24 dev eth0 label eth0:1
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
chmod +x /etc/keepalived/notify.sh
systemctl restart keepalived
小笔记:keepalived日志
vim /etc/sysconfig/keepalived
KEEPALIVED_OPTIONS="-D -S 6"
vim /etc/rsyslog.conf
local6.* /var/log/keepalived.log
systemctl restart rsyslog keepalived
小笔记:设置e-mail
vim ~/.mailrc
set [email protected]
set smtp=smtp.qq.com
set [email protected]
set smtp-auth-password=lzhdjmtznbftbiai
set smtp-auth=login
set ssl-verify=ignore
echo test | mail -s linux [email protected]
小笔记:keepalived 双主双从
#ka1
vim /etc/keepalived/keepalived.conf
vrrp_instance VI_2 { #虚拟路由器
state BACKUP #在另一个结点上为BACKUP
interface eth0 #网卡接口
virtual_router_id 88 #多个节点必须相同
priority 80 #优先级,在另一个结点上要小于这个值
advert_int 1 #通告间隔1s
authentication {
auth_type PASS #预共享密钥认证
auth_pass 654321 #密码
}
virtual_ipaddress {
192.168.37.200/24 dev eth0 label eth0:2
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
systemctl restart keepalived
#ka2
vim /etc/keepalived/keepalived.conf
vrrp_instance VI_2 { #虚拟路由器
state MASTER
interface eth0 #网卡接口
virtual_router_id 88 #多个节点必须相同
priority 100 #优先级
advert_int 1 #通告间隔1s
authentication {
auth_type PASS #预共享密钥认证
auth_pass 654321 #密码
}
virtual_ipaddress {
192.168.37.200/24 dev eth0 label eth0:2
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
systemctl restart keepalived
#抓包查看
tcpdump -i eth0 -nn
KeepAlived支持IPVS
虚拟服务器:
配置参数:
virtual_server IP port | virtual_server fwmark int
{
...
real_server {
...
}
...
}
常用参数
delay_loop
:检查后端服务器的时间间隔 lb_algo rr|wrr|lc|wlc|lblc|sh|dh:定义调度方法
lb_kind NAT|DR|TUN:集群的类型
persistence_timeout
:持久连接时长 protocol TCP:服务协议,仅支持TCP
sorry_server
:所有RS故障时,备用服务器地址 real_server
{
weight RS权重
notify_up | RS上线通知脚本
notify_down | RS下线通知脚本
HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|MISC_CHEC K { ... }:定义当前主机的健康状态检测方法
}
KeepAlived配置检测
HTTP_GET|SSL_GET:应用层检测
HTTP_GET|SSL_GET {
url {
path :定义要监控的URL
status_code :判断上述检测机制为健康状态的响应码
digest :判断为健康状态的响应的内容的校验码
}
connect_timeout :连接请求的超时时长
nb_get_retry :重试次数
delay_before_retry :重试之前的延迟时长
connect_ip :向当前RS哪个IP地址发起健康状态检测请求
connect_port :向当前RS的哪个PORT发起健康状态检测请求
bindto :发出健康状态检测请求时使用的源地址
bind_port :发出健康状态检测请求时使用的源端口
}
传输层检测 TCP_CHECK
TCP_CHECK {
connect_ip :向当前RS的哪个IP地址发起健康状态检测请求
connect_port :向当前RS的哪个PORT发起健康状态检测请求
bindto :发出健康状态检测请求时使用的源地址
bind_port :发出健康状态检测请求时使用的源端口
connect_timeout :连接请求的超时时长
}
单主模型IPVS示例
#高可用的ipvs集群示例:
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.0.100.10
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 6
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 571f97b2
}
virtual_ipaddress {
172.16.0.10/16 dev eth0
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
virtual_server 172.16.0.10 80 {
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 172.16.0.11 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
}
real_server 172.16.0.12 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
小笔记:配置单主IPVS
#ka1、ka2
vim /etc/keepalived/keepalived.conf #把vrrp_instance VI_2的内容全部删除,追加以下
virtual_server 192.168.37.100 80 { #LVS调度器
delay_loop 6 #检查后端服务器的时间间隔
lb_algo rr #调度方法rr|wrr|sh|dh|lc|wlc|sed|nq|lblc|lblcr
lb_kind DR #集群的类型NAT|DR|TUN
#persistence_timeout 50 #持久连接
protocol TCP
sorry_server 127.0.0.1 80
real_server 192.168.37.17 80 {
weight 1
HTTP_GET {
url {
path / #定义要监控的URL
status_code 200 #定义健康状态码
}
connect_timeout 1 #连接请求的超时时长
nb_get_retry 3 #重试次数
delay_before_retry 3 #重试之前的延迟时长
}
}
real_server 192.168.37.27 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 3
}
}
}
systemctl restart keepalived
#RS1、RS2
yum install httpd -y
echo `hostname` > /var/www/html/index.html
systemctl start httpd
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ip address add 192.168.37.100/32 dev lo label lo:1
#client
while true;do curl 192.168.37.100;sleep 0.5;done
双主模式的lvs集群示例
#双主模式的lvs集群,拓扑、实现过程;
#配置示例(一个节点):
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from kaadmin@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.0.100.100
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 6
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass f1bf7fde
}
virtual_ipaddress {
172.16.0.80/16 dev eth0 label eth0:0
}
track_interface {
eth0
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 8
priority 98
advert_int 1
authentication {
auth_type PASS
auth_pass f2bf7ade
}
virtual_ipaddress {
172.16.0.90/16 dev eth0 label eth0:1
}
track_interface {
eth0
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
virtual_server fwmark 3 {
delay_loop 2
lb_algo rr
lb_kind DR
nat_mask 255.255.0.0
protocol TCP
sorry_server 127.0.0.1 80
real_server 172.16.0.11 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 2
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.16.0.12 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 2
nb_get_retry 3
delay_before_retry 3
}
}
}
小笔记:双主配置
#ka1
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1
vrrp_mcast_group4 224.0.0.100
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 10
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.37.100/24 dev eth0 label eth0:1
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 20
priority 60
advert_int 1
authentication {
auth_type PASS
auth_pass 654321
}
virtual_ipaddress {
192.168.37.100/24 dev eth0 label eth0:2
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
virtual_server 192.168.37.100 80 {
delay_loop 5
lb_algo rr
lb_kind DR
!persistence_timeout 50
protocol TCP
sorry_server 127.0.0.1 80
real_server 192.168.37.17 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.37.27 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 3
}
}
}
systemctl restart keepalived.service
#ka2
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1
vrrp_mcast_group4 224.0.0.100
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 10
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.37.100/24 dev eth0 label eth0:1
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 20
priority 70
advert_int 1
authentication {
auth_type PASS
auth_pass 654321
}
virtual_ipaddress {
192.168.37.100/24 dev eth0 label eth0:2
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
virtual_server 192.168.37.100 80 {
delay_loop 5
lb_algo rr
lb_kind DR
!persistence_timeout 50
protocol TCP
sorry_server 127.0.0.1 80
real_server 192.168.37.17 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.37.27 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 3
}
}
}
systemctl restart keepalived.service
#client
while true;do curl 192.168.37.100;sleep 0.5;done
keepalived调用脚本进行资源监控
- keepalived调用外部的辅助脚本进行资源监控,并根据监控的结果状态能实现优先动态调整
- vrrp_script:自定义资源监控脚本,vrrp实例根据脚本返回值,公共定义,可被多个实例调用,
定义在vrrp实例之外 - track_script:调用vrrp_script定义的脚本去监控资源,定义在实例之内,调用事先定义的
vrrp_script - 分两步:(1) 先定义一个脚本;(2) 调用此脚本
vrrp_script {
script ""
interval INT
weight -INT
}
track_script {
SCRIPT_NAME_1
SCRIPT_NAME_2
}
示例:高可用nginx服务
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.0.100.100
}
vrrp_script chk_down {
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
interval 1
weight -20
}
vrrp_script chk_nginx {
script “/usr/bin/killall -0 nginx "
interval 1
weight -20
fall 2 #2次检测失败为失败
rise 1 #1次检测成功为成功
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 14
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 571f97b2
}
virtual_ipaddress {
172.18.0.93/16 dev eth0
}
track_script {
chk_down
chk_nginx
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
同步组
LVS NAT模型VIP和DIP需要同步,需要同步组
vrrp_sync_group VG_1 {
group {
VI_1 # name of vrrp_instance (below)
VI_2 # One for each moveable IP
}
}
vrrp_instance VI_1 {
eth0
vip
}
vrrp_instance VI_2 {
eth1
dip
}