keepalived

by 凯文

下载keepalived

  • keepalived安装:yum install keepalived

配置文件

master配置文件

! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id lb01
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    state MASTER
    interface enp0s3
    virtual_router_id 55
    priority 150
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        10.254.0.10/24 dev enp0s3 label enp0s3:1
    }
}

BACKUP配置文件

! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id lb02
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    state BACKUP
    interface enp0s3
    virtual_router_id 55
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        10.254.0.10 dev enp0s3 label enp0s3:1
    }
}

配置文件说明

  • router_id 是路由标识,在一个局域网里面应该是唯一的;
  • vrrp_instance VI_1{...}这是一个VRRP实例,里面定义了keepalived的主备状态、接口、优先级、认证和IP信息;
    • state 定义了VRRP的角色
    • interface定义使用的接口,这里我的服务器用的网卡都是enp0s3,根据实际来填写
    • virtual_router_id是虚拟路由ID标识,一组的keepalived配置中主备都是设置一致
    • priority是优先级,数字越大,优先级越大
    • auth_type是认证方式
    • auth_pass是认证的密码。
    • virtual_ipaddress {...}定义虚拟IP地址,可以配置多个IP地址,这里我定义为10.254.0.10,绑定了enp0s3的网络接口,虚拟接口enp0s3:1

验证

  • 在两个节点上分别启动nginx,修改index.html内容,标识不同节点
docker run -d --name nginx -p 80:80 registry.cn-beijing.aliyuncs.com/kevin-public/nginx:1.0.0
  • 在两个安装keepalived的节点上curl 10.254.0.10:80,访问的为各自的nginx
  • 在其它节点上curl 10.254.0.10:80访问的为master的节点
  • 停掉master上的keepalived,在keepalived master节点及其它节点上curl 10.254.0.10:80,访问的为backup的节点
  • 启动master上的keepalived,在其它节点上curl 10.254.0.10:80,请求重新落到master节点上

当master故障后,首次请求到backup节点时,耗时较长,大约30s,未知原因

nginx高可用

修改keepalived配置文件内容

  • 新增监控nginx进程脚本 check_nginx.sh,并确保有执行权限
#!/bin/bash

while true
do
#if [ `ps -ef |grep nginx |grep -v grep |wc -l` -lt 2 ]
if [ `docker ps |grep nginx |grep -v grep |wc -l` -lt 1 ]
then
   systemctl stop keepalived
   echo "退出keepalived"
   exit
else
   echo "nginx 正在运行"
   sleep 2 # 休眠2秒
fi
done
  • 修改keepalived配置文件
! Configuration File for keepalived

global_defs {
   router_id lb01
}

vrrp_script check {     #定义脚本
   script "/server/scripts/check_web.sh"  --- 表示将一个脚本信息赋值给变量check_web
   interval 2    --- 执行监控脚本的间隔时间
   weight 2  ---利用权重值和优先级进行运算,从而降低主服务优先级使之变为备服务器(建议先忽略)
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 150
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        10.0.0.3/24 dev eth0 label eth0:1
    }
    track_script {     #调用脚本
       check
    }
}

问题

check脚本不执行~default user 'keepalived_script' for script execution does not exist

  • 查看keepalived日志 tail -f -n 100 /var/log/messages
  • 发现日志中提示WARNING - default user 'keepalived_script' for script execution does not exist - please create.
  • 在keepalived.conf文件在global_defs中添加 script_user root或在vrrp_script中添加执行用户或
vrrp_script chk_http_port {
   script "/server/scripts/check_web.sh"
   interval 2
   user root
}

check脚本不执行~SECURITY VIOLATION - scripts are being executed but script_security not enabled.

  • 在global_defs中添加 enable_script_security

配置均正常,script无法执行

  • 不要通过systemctl启动keepalived,手动启动,否则执行脚本可能会出现问题
    参考
  • 参考 systemctl中的启动方式手动启动keepalived/usr/sbin/keepalived -D
  • 由于不是systemctl启动keepalived所以不能通过systemctl命令stop keepalived,参考以下命令
ps -ef|grep keepalived|grep -v grep |awk '{print $2}'|xargs kill
  • 调整后的 check_nginx.sh
#!/bin/bash

if [ `docker ps |grep nginx |grep -v grep |wc -l` -lt 1 ]
then
   ps -ef|grep keepalived|grep -v grep |awk '{print $2}'|xargs kill
else
   echo "nginx 正在运行" > /keepalived.log
fi

故障通知

  • notify_master:当当前节点成为master时,通知脚本执行任务(一般用于启动某服务,比如nginx,haproxy等)
  • notify_backup:当当前节点成为backup时,通知脚本执行任务(一般用于关闭某服务,比如nginx,haproxy等)
  • notify_fault:当当前节点出现故障,执行的任务;

例:当成为master时启动haproxy,当成为backup时关闭haproxy
notify_master "/etc/keepalived/start_haproxy.sh start"
notify_backup "/etc/keepalived/start_haproxy.sh stop"