一、 理论部分:
keepalived通过虚拟路由器、主路由器、虚拟IP、虚拟MAC的方式来完成一个虚拟路由器的管理;在vrrp当中有很多术语,这些术语描述了一个vrrp的工作过程;在vrrp的工作模式当中常见的有:
主/备 主/主(主/备,备/主),
(1) vrrp_script:能够自定义一个资源监控脚本;这个脚本可以作为vrrp实例当中去追踪作为其优先级高低判断或计算的一个基本标准;
通过vrrp实例或进程能根据脚本状态返回值来判定这个服务是成功的还是失败的基本依据;并且能够在脚本执行成功时,使得相应的节点的优先级提升,或者,在失败时使得相应的节点的优先级通过计算以后降低;降低到什么程度?
比如对于一个主节点来讲我可以运行两个资源,第一,是定义在网卡上的IP地址,第二,是我们所监控的一个nginx服务,我们不断的通过一个脚本去探测nginx所监听的80端口,或者是nginx中的某个资源是否能够正常访问,如果能够正常访问的话,那就一切不动,如果发现nginx服务访问不了的时候,它就会尝试着借助于在vrrp实例当中有一个track_script(追踪脚本),根据track_script中的定义,是的我们当前节点的优先级减去一个数值;减得以后的结果会低于BACKUP节点,因此这样子,他在向外通告时,通告的优先级就低于BACKUP节点,所以这时候BACKUP节点就会取而代之;
公共定义,可被多个实例调用,因此,vrrp_script定义在vrrp实例之外;
(2)track_script:跟踪脚本;调用vrrp_script定义的脚本去监控资源;还能够在监控的过程当中,一旦发现脚本成功了,能够使得优先级升高,失败了,就能够使得优先级降低,从而完成向外通告时,通告一个较高的优先级,或较低的优先级,完成所谓的节点角色转换。
track_script定义在实例之内,调用事先定义好的vrrp_script;
使用实例1:要在实例之外定义chk_down,在实例之内调用chk_down;
vrrp_script chk_dowm{
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0" ##判断/etc/keepalived/目录下是否由down文件,如果有就退出;
interval 2 ##每隔多久检测一次;
weight -5 ##检测失败时把权重降低5,检测成功,权重不变;
}
track_script {
chk_down
}
使用实例2:如果监控服务具体的进程;
vrrp_script chk_httpd {
script "killall -0 httpd"
interval 2
weight -5
}
track_script { ##如果有多个脚本一同使用的话在track_script添加多个脚本的调用即可;
chk_httpd
}
二、keepalived构建 LVS-DR的主主模型
拓扑:
环境:
Name |
ip address |
主/备 |
VIP:172.18.200.6 |
备/主 |
VIP:172.18.100.5 |
Real Server1 |
VIP(1):172.18.200.6/32 VIP(2):172.18.200.5/32 RIP:172.18.100.100/16 |
Real Server2 |
VIP(1):172.18.200.6/32 VIP(2):172.18.200.5/32 RIP:172.18.100.110/16 |
操作步骤:
(1)各节点时间同步;
##yum -y install keepalived #前端两台主机都要安装;
##ntpdate 172.18.0.1 #同步时间; 两个节点都要同步;
##crontab -e #创建计划任务,每5分钟同步一次时间; 两个节点都要同步;
*/5 * * * * /usr/sbin/ntpdate 172.18.0.1 &> /dev/null
(2)确保iptables及selinux不会阻碍;
(3)定义俩节点配置,并启动之;
在主备节点上面修改配置文件:
#vim /etv/keepalived/keepalived.conf
! Configuration File for keepalived global_defs { notification_email { root@localhost } notification_email_from [email protected] smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id node1 vrrp_mcast_group4 224.0.100.18 } vrrp_script chk_down { script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0" interval 2 weight 5 } vrrp_script chk_httpd { script "killall -0 httpd" interval 2 weight -5 } vrrp_instance VI_1 { state MASTER interface eno16777736 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass pBkfC1ax } virtual_ipaddress { 172.18.200.6 dev eno16777736 label eno16777736:0 } track_script { chk_down } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" } vrrp_instance VI_2 { state BACKUP interface eno16777736 virtual_router_id 60 priority 98 advert_int 1 authentication { auth_type PASS auth_pass pBkfC1ab } virtual_ipaddress { 172.18.200.5 dev eno16777736 label eno16777736:1 } track_script { chk_down } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" } virtual_server 172.18.200.6 80 { delay_loop 6 lb_algo wlc lb_kind DR protocol TCP sorry_server 127.0.0.1 80 real_server 172.18.200.100 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 172.18.200.110 80 { weight 2 HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } virtual_server 172.18.200.5 80 { delay_loop 6 lb_algo wlc lb_kind DR protocol TCP sorry_server 127.0.0.1 80 real_server 172.18.200.100 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 172.18.200.110 80 { weight 2 HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } }
在备主节点上面修改配置文件:
#vim /etv/keepalived/keepalived.conf
! Configuration File for keepalived global_defs { notification_email { root@localhost } notification_email_from [email protected] smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id node1 vrrp_mcast_group4 224.0.100.18 } vrrp_script chk_down { script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0" interval 2 weight 5 } vrrp_script chk_httpd { script "killall -0 httpd" interval 2 weight -5 } vrrp_instance VI_1 { state BACKUP interface eno16777736 virtual_router_id 51 priority 98 advert_int 1 authentication { auth_type PASS auth_pass pBkfC1ax } virtual_ipaddress { 172.18.200.6 dev eno16777736 label eno16777736:0 } track_script { chk_down } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" } vrrp_instance VI_2 { state MASTER interface eno16777736 virtual_router_id 60 priority 100 advert_int 1 authentication { auth_type PASS auth_pass pBkfC1ab } virtual_ipaddress { 172.18.200.5 dev eno16777736 label eno16777736:1 } track_script { chk_down } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" } virtual_server 172.18.200.6 80 { delay_loop 6 lb_algo wlc lb_kind DR protocol TCP sorry_server 127.0.0.1 80 real_server 172.18.200.100 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 172.18.200.110 80 { weight 2 HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } virtual_server 172.18.200.5 80 { delay_loop 6 lb_algo wlc lb_kind DR protocol TCP sorry_server 127.0.0.1 80 real_server 172.18.200.100 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 172.18.200.110 80 { weight 2 HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } }
##systemctl start keepalived.servcie
测试一下:
主备节点:
备主节点:
(4)在Real Server上配置:
在各real server节点上添加VIP:
#ifconfig lo:0 172.18.200.6 netmask 255.255.255.255 broadcast 172.18.200.6
#ifconfig lo:1 172.18.200.5 netmask 255.255.255.255 broadcast 172.18.200.5
# route add -host 172.18.200.6 dev lo:0
# route add -host 172.18.200.5 dev lo:1
限制响应级别和通告级别:
#echo 1> /proc/sys/net/ipv4/conf/all/arp_ignore
#echo 1> /proc/sys/net/ipv4/conf/lo/arp_ignore
#echo 2> /proc/sys/net/ipv4/conf/all/arp_announce
#echo 2> /proc/sys/net/ipv4/conf/lo/arp_announce
(5)测试
写的不好之处请各路大神多多指点,互相交流学习!
下一遍聊聊运维自动化工具之一:Ansible (待续......)