环境
| 作用 | IP | 角色 |
|---|---|---|
| lb01 | 10.0.0.5 | Master |
| lb02 | 10.0.0.6 | Backup |
| VIP | 10.0.0.3(随时被抢占) |
安装keepalived
[root@lb01 ~]# yum install -y keepalived
[root@lb02 ~]# yum install -y keepalived
[root@lb01 ~]# systemctl start keepalived.service
[root@lb02 ~]# systemctl start keepalived.service
[root@lb01 ~]# systemctl enable keepalived.service
[root@lb02 ~]# systemctl enable keepalived.service
#keepalived不能使用restart管理(???)
关闭iptables和selinux
sed -i '/^SELINUX=/c SELINUX=disabled' /etc/selinux/config
systemctl enable firewalld
#实际上开着防火墙也可以,不过要开启某些端口(80 443)
配置keepalived抢占式
master
[root@lb01 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
router_id lb01
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 50
priority 150
advert_int 2
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
}
[root@lb01 ~]# systemctl restart keepalived.service
backup
[root@lb02 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 50
priority 100
advert_int 2
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
}
[root@lb01 ~]# systemctl restart keepalived.service
[root@lb01 ~]# ip a
[root@lb02 ~]# ip a
[root@lb01 ~]# systemctl stop keepalived.service
[root@lb01 ~]# ip a
[root@lb02 ~]# ip a
配置keepalived非抢占式
master
[root@lb01 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
router_id lb01
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 50
priority 150
advert_int 1
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
}
[root@lb01 ~]# systemctl restart keepalived.service
backup
[root@lb02 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 50
priority 100
advert_int 1
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
}
[root@lb02 ~]# systemctl restart keepalived.service
通过windows的arp去验证,是否会切换MAC地址
通过脚本绑定nginx和keepalived的状态
[root@lb01 ~]# vim /tmp/check.sh
#!/bin/bash
nginx=$(ps -C nginx --no-header|wc -l)
#1.判断Nginx是否存活,如果不存活则尝试启动Nginx
if [ $nginx -eq 0 ];then
systemctl start nginx
sleep 3
#2.等待3秒后再次获取一次Nginx状态
nginx=$(ps -C nginx --no-header|wc -l)
#3.再次进行判断, 如Nginx还不存活则停止Keepalived,让地址进行漂移,并退出脚本
if [ $nginx -eq 0 ];then
systemctl stop keepalived
echo nginx停止服务
fi
fi
#给脚本增加执行权限(一定要做)
[root@lb01 ~]# chmod +x /tmp/check.sh
非抢占式nginx和keepalived关联模板
lb01和lb02配置完全相同
lb01
1.配置绑定脚本
[root@lb01 ~]# vim /tmp/check.sh
2.把绑定脚本加入到keepalived配置文件
[root@lb01 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
router_id lb01
}
#脚本执行内容不能超过5秒,否则会中断再次重新执行脚本
vrrp_script check {
script "/tmp/check.sh"
interval 5
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 50
priority 150
advert_int 1
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
#调用并运行脚本
track_script {
check
}
}
[root@lb01 ~]# systemctl restart keepalived.service
lb02
1.配置绑定脚本
[root@lb01 ~]# vim /tmp/check.sh
2.把绑定脚本加入到keepalived配置文件
[root@lb01 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
router_id lb01
}
#脚本执行内容不能超过5秒,否则会中断再次重新执行脚本
vrrp_script check {
script "/tmp/check.sh"
interval 5
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 50
priority 150
advert_int 1
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
#调用并运行脚本
track_script {
check
}
}
[root@lb02 ~]# systemctl restart keepalived.service
抢占式nginx和keepalived关联模板
lb01
1.配置绑定脚本
[root@lb01 ~]# vim /tmp/check.sh
2.把绑定脚本加入到keepalived配置文件
[root@lb01 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
router_id lb01
}
#脚本执行内容不能超过5秒,否则会中断再次重新执行脚本
vrrp_script check {
script "/tmp/check.sh"
interval 5
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 50
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
#调用并运行脚本
track_script {
check
}
}
[root@lb01 ~]# systemctl restart keepalived.service
lb02
[root@lb01 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
router_id lb01
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 50
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
}
[root@lb02 ~]# systemctl restart keepalived.service
高可用keepalived故障闹裂 解决脚本
闹裂现象:同一路由id的不同节点的服务器在某种状态下无法检测到不同节点的别的服务器的状态,而发生vip的抢占的现象。无论是抢占式还是非抢占式都可能发生闹裂现象
抢占式脚本要部署在backup,非抢占式脚本部署在'backup'(优先级低的)
#lb02部署脚本如下
[root@lb02 ~]# vim /tmp/check.sh
#!/bin/sh
vip=10.0.0.3
lb_ip=10.0.0.5
while true;do
ping -c 2 $lb01_ip &>/dev/null
if [ $? -eq 0 -a `ip add|grep "$vip"|wc -l` -eq 1 ];then
pkill keepalived
echo "存在脑裂现象,并且已经将该服务器keepalived杀死"
else
echo "没有脑裂现象"
fi
sleep 5
done
实时监测网站状态
[root@db01 ~]# vim a.sh
#!/bin/bash
while true ;do
code_status=$(curl -I -m 10 -o /dev/null -s -w %{http_code} http://cs.wp.com)
if [ $code_status -eq 200 -o 301 -o 302 ];then
echo $(date +%F-%T)_网站正常 >> /tmp/check
else
echo $(date +%F-%T)_网站挂了 >> /tmp/check
fi
sleep 1
done &
企业实况
企业中同一路由id,不同节点的服务器会有多个,‘主从配置’略有不同
具体情况具体分析