keepalived的配置文件中不光可以设置虚拟路由器(vrrp_instance),用于高可用代理服务器
还可以配置虚拟主机(virtual_server),用来设置调度方式,以及后端健康检查
配置参数:
virtual_server IP port | virtual_server fwmark int { ... real_server { ... } real_server { ... } ... ... } 常用参数: delay_loop <INT>:服务轮询的时间间隔; lb_algo rr|wrr|lc|wlc|lblc|sh|dh:定义调度方法; lb_kind NAT|DR|TUN:集群的类型; persistence_timeout <INT>:持久连接时长; protocol TCP:服务协议,仅支持TCP; sorry_server <IPADDR> <PORT>:备用服务器地址; real_server <IPADDR> <PORT> #后端某台rs服务器配置 { weight <INT> notify_up <STRING>|<QUOTED-STRING> #该rs服务器恢复后执行的脚本 notify_down <STRING>|<QUOTED-STRING> #rs宕机后的执行的脚本 HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|MISC_CHECK { ... }:定义当前主机的健康状态检测方法; } HTTP_GET|SSL_GET { url { path <URL_PATH>:定义要监控的URL; status_code <INT>:判断上述检测机制为健康状态的响应码; digest <STRING>:判断上述检测机制为健康状态的响应的内容的校验码; } nb_get_retry <INT>:重试次数; delay_before_retry <INT>:重试之前的延迟时长,两次重试间隔; connect_ip <IP ADDRESS>:向当前RS的哪个IP地址发起健康状态检测请求 connect_port <PORT>:向当前RS的哪个PORT发起健康状态检测请求 bindto <IP ADDRESS>:发出健康状态检测请求时使用的源地址; bind_port <PORT>:发出健康状态检测请求时使用的源端口; connect_timeout <INTEGER>:连接请求的超时时长; } TCP_CHECK { connect_ip <IP ADDRESS>:向当前RS的哪个IP地址发起健康状态检测请求 connect_port <PORT>:向当前RS的哪个PORT发起健康状态检测请求 bindto <IP ADDRESS>:发出健康状态检测请求时使用的源地址; bind_port <PORT>:发出健康状态检测请求时使用的源端口; connect_timeout <INTEGER>:连接请求的超时时长; }
测算开始,根据原理框图
下面是配置lvs_dr模式的高可用模式,nat方式和这个不同
首先配置后端服务器,因为有lvs相关的博文,这里直接操作,不懂的看前面的,这里只将整个过程列出来
主机rs-13配置,和lvs博文中配置是一样的
注意这里的vip改为漂移的那个vip
[root@localhost ~]#cat lvs_dr_slave.sh #!/bin/bash # vip=192.168.200.40 mask='255.255.255.255' gw_ip="192.168.175.15" case $1 in start) echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce ifconfig lo:0 $vip netmask $mask broadcast $vip up route add -host $vip dev lo:0 #vip必须从lo网卡进来,从lo网卡出去 route del default route add default gw $gw_ip ;; stop) ifconfig lo:0 down echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce ;; *) echo "Usage $(basename $0) start|stop" exit 1 ;; esac [root@localhost ~]#bash lvs_dr_slave.sh start [root@localhost ~]#ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet 192.168.200.40/32 brd 192.168.200.10 scope global lo:0 3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:50:56:2a:10:83 brd ff:ff:ff:ff:ff:ff inet 192.168.175.13/24 brd 192.168.175.255 scope global eth0 [root@localhost ~]#route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.200.40 0.0.0.0 255.255.255.255 UH 0 0 0 lo 192.168.175.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0 0.0.0.0 192.168.175.15 0.0.0.0 UG 0 0 0 eth0 [root@localhost ~]#curl 192.168.200.40 host 13 index.html
主机rs-14配置,和lvs博文中的配置是一样的
[root@localhost ~]#cat lvs_dr_slave.sh #!/bin/bash # vip=192.168.200.40 mask='255.255.255.255' gw_ip="192.168.175.15" case $1 in start) echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce ifconfig lo:0 $vip netmask $mask broadcast $vip up route add -host $vip dev lo:0 #vip必须从lo网卡进来,从lo网卡出去 route del default route add default gw $gw_ip ;; stop) ifconfig lo:0 down echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce ;; *) echo "Usage $(basename $0) start|stop" exit 1 ;; esac [root@localhost ~]#bash lvs_dr_slave.sh start [root@localhost ~]#ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet 192.168.200.40/32 brd 192.168.200.10 scope global lo:0 3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:50:56:34:80:1b brd ff:ff:ff:ff:ff:ff inet 192.168.175.14/24 brd 192.168.175.255 scope global eth0 [root@localhost ~]#route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.200.40 0.0.0.0 255.255.255.255 UH 0 0 0 lo 192.168.175.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0 0.0.0.0 192.168.175.15 0.0.0.0 UG 0 0 0 eth0 [root@localhost ~]#curl 192.168.200.40 host 14 index.html #并且在vs主机:192.168.175.10上面可以请求到报文 [root@localhost ~]#curl 192.168.175.13 host 13 index.html [root@localhost ~]#curl 192.168.175.14 host 14 index.html
—-当当当,到这里rs配置就完成了,后面的操作都不会再修改rs主机配置了—
下面设置路由15设置,和lvs博文中配置是一样的
[root@localhost ~]#ifconfig eth0 Link encap:Ethernet HWaddr 00:50:56:3F:AC:4D inet addr:192.168.175.15 Bcast:192.168.175.255 Mask:255.255.255.0 eth1 Link encap:Ethernet HWaddr 00:0C:29:E9:AD:3D inet addr:192.168.200.15 Bcast:192.168.200.255 Mask:255.255.255.0 [root@localhost ~]#echo 1 > /proc/sys/net/ipv4/ip_forward #开启转发功能 [root@localhost ~]#cat /proc/sys/net/ipv4/ip_forward 1 [root@localhost ~]#ll /proc/sys/net/ipv4/conf/ total 0 dr-xr-xr-x 0 root root 0 Jul 24 18:58 all dr-xr-xr-x 0 root root 0 Jul 24 18:52 default dr-xr-xr-x 0 root root 0 Jul 24 18:58 eth0 dr-xr-xr-x 0 root root 0 Jul 24 18:58 eth1 dr-xr-xr-x 0 root root 0 Jul 24 18:58 lo [root@localhost ~]#echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter [root@localhost ~]#echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter [root@localhost ~]#echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter [root@localhost ~]#echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter [root@localhost ~]#echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
下面配置代理服务器的错误页面
[root@master ~]#yi nginx [root@localhost /usr/share/nginx/html]#cat index.html sorry page, 192.168.175.10 [root@localhost /usr/share/nginx/html]#cd [root@master ~]#service nginx restart Stopping nginx: [FAILED] Starting nginx: [ OK ]
下面配置备用服务器的错误页面
[root@master ~]#yi nginx [root@localhost /usr/share/nginx/html]#cat index.html sorry page, 192.168.175.20 [root@localhost /usr/share/nginx/html]#cd [root@master ~]#service nginx restart Stopping nginx: [FAILED] Starting nginx: [ OK ] 测试都可以正常访问 [root@master ~]#curl 192.168.175.10 sorry page, 192.168.175.10 [root@master ~]#curl 192.168.175.20 sorry page, 192.168.175.20
========下面是重点,敲黑板=========
代理服务器配置
[root@localhost /etc/keepalived]#cat keepalived.conf ! Configuration File for keepalived global_defs { notification_email { root@localhost } notification_email_from keepalived@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id lvs-node1 vrrp_mcast_group4 224.0.100.0 } vrrp_instance a.abc.com { state MASTER interface eth0 virtual_router_id 20 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 2345 } virtual_ipaddress { 192.168.200.40/24 dev eth1 } notify_master "/etc/keepalived/notify.sh master 192.168.200.10 192.168.200.40" notify_backup "/etc/keepalived/notify.sh backup 192.168.200.10 192.168.200.40" notify_fault "/etc/keepalived/notify.sh fault 192.168.200.10 192.168.200.40" } virtual_server 192.168.200.40 80 { delay_loop 3 lb_algo rr lb_kind DR protocol TCP sorry_server 127.0.0.1 80 real_server 192.168.175.13 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 1 nb_get_retry 3 delay_before_retry 1 } } real_server 192.168.175.14 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 1 nb_get_retry 3 delay_before_retry 1 } } }
备用服务器配置
[root@master /etc/keepalived]#cat keepalived.conf ! Configuration File for keepalived global_defs { notification_email { root@localhost } notification_email_from keepalived@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id lvs-node2 vrrp_mcast_group4 224.0.100.0 } vrrp_instance a.abc.com { state BACKUP interface eth0 virtual_router_id 20 priority 80 advert_int 1 authentication { auth_type PASS auth_pass 2345 } virtual_ipaddress { 192.168.200.40/24 dev eth1 } notify_master "/etc/keepalived/notify.sh master 192.168.200.10 192.168.200.40" notify_backup "/etc/keepalived/notify.sh backup 192.168.200.10 192.168.200.40" notify_fault "/etc/keepalived/notify.sh fault 192.168.200.10 192.168.200.40" } virtual_server 192.168.200.40 80 { delay_loop 3 lb_algo rr lb_kind DR protocol TCP sorry_server 127.0.0.1 80 real_server 192.168.175.13 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 1 nb_get_retry 3 delay_before_retry 1 } } real_server 192.168.175.14 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 1 nb_get_retry 3 delay_before_retry 1 } } }
最后的执行结果:当后面两台rs服务器正常的时候,显示轮询后端服务器每台机器的网页
当后端某台服务器宕机,则只显示另外一台服务器网页
当后端两台服务器都宕机,显示代理服务器的sorry网页
当代理服务器宕机的时候,显示备份服务器的sorry网页
当此时后端服务器恢复后,显示后端服务器的网页
注意:经过测试,ipvsadm安装包可以不安装,服务可以正常使用,这里为了查看lvs的配置,安装上,可以不启动应用就可以查看配置。上面的keepalived会自动执行ipvsadm相同的功能,不需要ipvsadm命令就可以正常工作
上面的虚拟路由器是确保vip的可靠运行的
上面的虚拟主机是确保后端服务器可靠运行的,从而达到高可用的目的
测试nginx的steam模块和upstream模块的tcp报文流向
测试框图
nginx的代理和lvs不同,这里将后端主机rs-13和rs-14上面的lvs配置都去除,只保留http功能能够正常访问,并且两台后端服务器都不设置默认网关
rs-13和rs-14主机,没有默认网关 [root@localhost ~]#route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.175.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0 在nat2上面可以正常请求到网页 [root@localhost ~]#curl 192.168.175.13 host 13 index.html [root@localhost ~]#curl 192.168.175.14 host 14 index.html
将代理服务器上面的有关lvs的服务和keepalived服务都停止,这里用不到
配置代理服务器上面的nginx配置
http { ... ... upstream websrvs{ server 192.168.175.13; server 192.168.175.14; } server { listen 192.168.200.10:80; #这里监听net4上面的ip地址,表示外网ip地址 server_name localhost; ... ... location / { root /usr/share/nginx/html; proxy_pass http://websrvs; #将所有的请求报文都发送到后端进行处理 } 重载规则,启动nginx服务 没有开启报文转发功能 [root@localhost ~]#cat /proc/sys/net/ipv4/ip_forward 0
然后用客户机进行请求操作,可以看到正常工作
[root@localhost ~]#curl 192.168.200.10 host 13 index.html [root@localhost ~]#curl 192.168.200.10 host 14 index.html
在代理服务器上面进行抓包
在eth1上面进行抓包,数据正常,都是代理服务器和客户端进行通信 17:09:43.483928 IP 192.168.200.30.53518 > 192.168.200.10.http: Flags [.], ack 1, win 229, options [nop,nop,TS val 64933139 ecr 19168902], length 0 17:09:43.484082 IP 192.168.200.30.53518 > 192.168.200.10.http: Flags [P.], seq 1:79, ack 1, win 229, options [nop,nop,TS val 64933139 ecr 19168902], length 78 17:09:43.484097 IP 192.168.200.10.http > 192.168.200.30.53518: Flags [.], ack 79, win 227, options [nop,nop,TS val 19168902 ecr 64933139], length 0 在eth0上面进行抓包 [root@localhost ~]#tcpdump -i eth0 port 80 17:15:19.030633 IP 192.168.175.10.60689 > 192.168.175.14.http: Flags [S], seq 3721887685, win 14600, options [mss 1460,sackOK,TS val 19504449 ecr 0,nop,wscale 6], length 0 17:15:19.031203 IP 192.168.175.14.http > 192.168.175.10.60689: Flags [S.], seq 2335036640, ack 3721887686, win 14480, options [mss 1460,sackOK,TS val 96770341 ecr 19504449,nop,wscale 6], length 0 17:15:19.812155 IP 192.168.175.10.49255 > 192.168.175.13.http: Flags [S], seq 1820086727, win 14600, options [mss 1460,sackOK,TS val 19505230 ecr 0,nop,wscale 6], length 0 17:15:19.812463 IP 192.168.175.13.http > 192.168.175.10.49255: Flags [S.], seq 3310106566, ack 1820086728, win 14480, options [mss 1460,sackOK,TS val 96808410 ecr 19505230,nop,wscale 6], length 0
可以看到是代理服务器作为客户端去后端服务器请求数据,然后返回给客户端的,后端主机不用设置网关指向代理服务器
测试nginx的steam模块tcp报文流向
依然是上的配置接着测试
修改代理服务器的配置文件,表示当请求代理服务器的22022端口的时候,经请求转发到后端主机的22号端口上面
在主配置文件中添加 stream { upstream sshsrvs { server 192.168.175.13:22; server 192.168.175.14:22; } server { listen 192.168.200.10:22022; proxy_pass sshsrvs; } } 重启nginx服务 [root@localhost ~]#ss -tnl #端口监听正常 State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 192.168.200.10:22022 *:*
在客户端进行请求
[root@localhost ~]#ssh -p 22022 192.168.200.10 The authenticity of host '[192.168.200.10]:22022 ([192.168.200.10]:22022)' can't be established. RSA key fingerprint is ae:9c:1b:2b:fc:80:04:21:e4:7b:44:14:6c:2c:c9:cc.
然后抓取代理服务器的eth1上面的包,发现请求正常
[root@localhost ~]#tcpdump -i eth1 port 22022 17:32:55.752187 IP 192.168.200.30.48083 > 192.168.200.10.22022: Flags [S], seq 1597203175, win 29200, options [mss 1460,sackOK,TS val 66325400 ecr 0,nop,wscale 7], length 0 17:32:55.752253 IP 192.168.200.10.22022 > 192.168.200.30.48083: Flags [S.], seq 3339649244, ack 1597203176, win 14480, options [mss 1460,sackOK,TS val 20561170 ecr 66325400,nop,wscale 6], length 0
在后端主机13上面进行抓包
[root@localhost ~]#tcpdump -i eth0 port 22 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 17:39:34.221232 IP 192.168.175.10.44783 > 192.168.175.14.ssh: Flags [S], seq 585126111, win 14600, options [mss 1460,sackOK,TS val 20965642 ecr 0,nop,wscale 6], length 0 17:39:34.221557 IP 192.168.175.14.ssh > 192.168.175.10.44783: Flags [S.], seq 133139943, ack 585126112, win 14480, options [mss 1460,sackOK,TS val 98231527 ecr 20965642,nop,wscale 6], length 0 17:39:34.221562 IP 192.168.175.10.44783 > 192.168.175.14.ssh: Flags [.], ack 1, win 229, options [nop,nop,TS val 20965642 ecr 98231527], length 0
到这里就可以看到,整个过程是用户请求代理服务器,然后代理服务器作为客户端,请求后端的服务器,然后返回给客户端,这个和upsteam模块是一样的,整个过程没有开启ip_forward转发,也没有给后端主机设置默认网关。这样后端服务器无法设置防火墙规则,只能在代理服务器上设置防火墙规则来进行防。
keepalived高可用nginx
后端服务器设置:依旧只保留http服务器,没有其他设置,也没有默认网关
设置代理服务器,这里只有keepalived程序,没有lvs的任何服务
首先配置代理服务器和备用服务器的nginx配置文件,将其可以正常代理请求到后端主机,两边同时进行下面的操作
http { ... upstream websrvs{ server 192.168.175.13; server 192.168.175.14; } } server { listen 80; #这里要设置为监听全部地址,如果写飘的vip,因为vip现在还没配置,会报错 server_name _; root /usr/share/nginx/html; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; location / { proxy_pass http://websrvs; } }
在客户端30上面进行请求操作,发现两台代理服务器都可以正常将请求代理到后端服务器上
[root@localhost ~]#curl 192.168.200.10 host 13 index.html [root@localhost ~]#curl 192.168.200.10 host 14 index.html [root@localhost ~]#curl 192.168.200.20 host 13 index.html [root@localhost ~]#curl 192.168.200.20 host 14 index.html
这里再说几个配置字段
keepalived调用外部的辅助脚本进行资源监控,并根据监控的结果状态能实现优先动态调整; 分两步:(1) 先定义一个脚本;(2) 调用此脚本; vrrp_script <SCRIPT_NAME> { script "" interval INT weight -INT } track_script { #可以定义多个脚本文件,这里都可以调用 SCRIPT_NAME_1 SCRIPT_NAME_2 ... } vrrp_script 告诉 keepalived 在什么情况下切换,所以尤为重要。可以有多个 vrrp_script script : 自己写的检测脚本。也可以是一行命令如killall -0 nginx interval 2 : 每2s检测一次 weight -20 : 检测失败(脚本返回非0)则优先级 -20 fall 2 : 检测连续 2 次失败才算确定是真失败。会用weight减少优先级(1-255之间) rise 1 : 检测 1 次成功就算成功。但不修改优先级 这里要提示一下script一般有2种写法: 通过脚本执行的返回结果,改变优先级,keepalived继续发送通告消息,backup比较优先级再决定 脚本里面检测到异常,直接关闭keepalived进程,backup机器接收不到advertisement会抢占IP 在默认的keepalive.conf里面还有 virtual_server,real_server 这样的配置,我们这用不到,它是为lvs准备的。 如果有多个ip同时进行漂移,可以设置多个,不同网卡都可以,进行同步漂移
这里的keepalived作用是对前端调度服务进行检查的,当检查到调度服务不正常的时候,进行vip进行漂移
后端的http服务器的健康状况这里要使用nginx的upstream模块自带后端检查模块检查
lvs自带的virtual_server只能用再lvs中,可以做到检测后端健康状况,这里不可以
这里的nginx服务可以是任意要调度的服务资源,任何需要高可用的服务都可以使用keepalived进行检查,比如redis,mysql,
当检查到redis进程有问题的时候,自动将redis上面的vip飘到其他机器上面,做到redis高可用,还可以在脚本中添加自定义的功能
当要前端调度器进入维护模式可以在:/etc/keepalived目录下面touch dowm文件,vip就会漂移
当要后端的rs服务器进入维护模式的时候,可以在nginx的upstream模块里面将后端主机标为down,然后操作后端主机
当有服务需要代理服务器的内网ip和外网ip同时进行漂移的时候,可以将多个要漂移的ip写到virtual_ipaddress中,比如下面,内网和外网同时飘
virtual_ipaddress { 192.168.200.40/24 dev eth1 192.168.175.40/24 dev eth0 }
原理非常重要,当理解了tcp的报文传输流程,哪里要用什么调度,什么服务才能实现,需要设置什么就很明确了
配置代理服务器
[root@localhost /etc/keepalived]#cat keepalived.conf ! Configuration File for keepalived global_defs { notification_email { root@localhost } notification_email_from keepalived@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id localhost vrrp_mcast_group4 224.0.100.45 } vrrp_script chk_down { script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0" #down文件在,返回1。不在返回0 interval 1 #1秒钟调用一次,当上面的脚本执行返回1的时候会执行下面的操作 weight -20 #当down文件存在,这个vs的节点的优先级-20,如果这个节点的优先级低于其他的vs主机, #这个主机就会处于维护模式,ip被其他优先级高的主机夺走。 } vrrp_script chk_nginx { script "killall -0 nginx && exit 0 || exit 1" #进程在,返回0,不执行下面的操作。否则1,执行下面的操作 interval 1 weight -20 #当nginx进程不存在了,表示这个节点处错了,将这个节点的优先级调低,让另外的节点来负责工作。 } vrrp_instance a.abc.com { state MASTER interface eth0 virtual_router_id 20 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 2345 } virtual_ipaddress { 192.168.200.40/24 dev eth1 } track_script { chk_down chk_nginx } #后端可以加更改的邮件通知的脚本等 notify_master "/etc/keepalived/notify.sh master 192.168.200.10 192.168.200.40" notify_backup "/etc/keepalived/notify.sh backup 192.168.200.10 192.168.200.40" notify_fault "/etc/keepalived/notify.sh fault 192.168.200.10 192.168.200.40" }
配置备用服务器
[root@master /etc/keepalived]#cat keepalived.conf ! Configuration File for keepalived global_defs { notification_email { root@localhost } notification_email_from keepalived@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id localhost vrrp_mcast_group4 224.0.100.45 } vrrp_script chk_down { script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0" #down文件在,返回1。不在返回0 interval 1 #1秒钟调用一次,当上面的脚本执行返回1的时候会执行下面的操作 weight -20 #当down文件存在,这个vs的节点的优先级-20,如果这个节点的优先级低于其他的vs主机, #这个主机就会处于维护模式,ip被其他优先级高的主机夺走。 } vrrp_script chk_nginx { script "killall -0 nginx && exit 0 || exit 1" #进程在,返回0,不执行下面的操作。否则1,执行下面的操作 interval 1 weight -20 #当nginx进程不存在了,表示这个节点处错了,将这个节点的优先级调低,让另外的节点来负责工作。 } vrrp_instance a.abc.com { state BACKUP interface eth0 virtual_router_id 20 priority 90 advert_int 1 authentication { auth_type PASS auth_pass 2345 } virtual_ipaddress { 192.168.200.40/24 dev eth1 } track_script { chk_down chk_nginx } #后端可以加更改的邮件通知的脚本等 notify_master "/etc/keepalived/notify.sh master 192.168.200.10 192.168.200.40" notify_backup "/etc/keepalived/notify.sh backup 192.168.200.10 192.168.200.40" notify_fault "/etc/keepalived/notify.sh fault 192.168.200.10 192.168.200.40" }
下面是原理框图
centos7配置上面高可用nginx会显示有问题,好像不能在直接写命令,只能调用脚本,修改为如下
vrrp_script chk_down { script "/etc/keepalived/check_down.sh" interval 10 } vrrp_script chk_nginx { script "/etc/keepalived/check_nginx.sh" interval 10 }
具体的脚本文件如下
[root@db2_rabbit_2_5_134 keepalived]# ll 总用量 12 -rwxr-xr-x 1 root root 97 8月 30 09:56 check_down.sh -rwxr-xr-x 1 root root 122 8月 30 09:56 check_nginx.sh -rw-r--r-- 1 root root 774 8月 30 09:56 keepalived.conf [root@db2_rabbit_2_5_134 keepalived]# cat check_down.sh #!/bin/bash if [[ -f /etc/keepalived/down ]] ;then weight -20 #exit 1 || exit 0 fi [root@db2_rabbit_2_5_134 keepalived]# cat check_nginx.sh #!/bin/bash /usr/bin/killall -0 nginx &> /dev/null if [[ $? -ne 0 ]] ;then weight -20 #exit 1 || exit 0 fi
叭叭叭
参考脚本
正确返回0 错误杀进程 [root@a /etc/keepalived]#cat chk_mysql.sh #!/bin/bash mysql_port=$(nmap -n 192.168.10.10 -p 3306 | grep -c 'open') if [[ $mysql_port -eq 0 ]]; then kill $(pidof keepalived) exit 1 fi exit 0
–
–
–
评论前必须登录!
注册