下载keepalived

• keepalived安装：yum install keepalived

配置文件

master配置文件

! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id lb01
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    state MASTER
    interface enp0s3
    virtual_router_id 55
    priority 150
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        10.254.0.10/24 dev enp0s3 label enp0s3:1
    }
}

BACKUP配置文件

! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id lb02
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    state BACKUP
    interface enp0s3
    virtual_router_id 55
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        10.254.0.10 dev enp0s3 label enp0s3:1
    }
}

配置文件说明

• router_id 是路由标识，在一个局域网里面应该是唯一的；
• vrrp_instance VI_1{...}这是一个VRRP实例，里面定义了keepalived的主备状态、接口、优先级、认证和IP信息；
  • state 定义了VRRP的角色
  • interface定义使用的接口，这里我的服务器用的网卡都是enp0s3,根据实际来填写
  • virtual_router_id是虚拟路由ID标识，一组的keepalived配置中主备都是设置一致
  • priority是优先级，数字越大，优先级越大
  • auth_type是认证方式
  • auth_pass是认证的密码。
  • virtual_ipaddress ｛...｝定义虚拟IP地址，可以配置多个IP地址，这里我定义为10.254.0.10，绑定了enp0s3的网络接口，虚拟接口enp0s3:1

验证

• 在两个节点上分别启动nginx,修改index.html内容，标识不同节点

docker run -d --name nginx -p 80:80 registry.cn-beijing.aliyuncs.com/kevin-public/nginx:1.0.0

• 在两个安装keepalived的节点上curl 10.254.0.10:80,访问的为各自的nginx
• 在其它节点上curl 10.254.0.10:80访问的为master的节点
• 停掉master上的keepalived，在keepalived master节点及其它节点上curl 10.254.0.10:80,访问的为backup的节点
• 启动master上的keepalived，在其它节点上curl 10.254.0.10:80，请求重新落到master节点上

当master故障后，首次请求到backup节点时，耗时较长，大约30s，未知原因

nginx高可用

修改keepalived配置文件内容

• 新增监控nginx进程脚本 check_nginx.sh,并确保有执行权限

#!/bin/bash

while true
do
#if [ `ps -ef |grep nginx |grep -v grep |wc -l` -lt 2 ]
if [ `docker ps |grep nginx |grep -v grep |wc -l` -lt 1 ]
then
   systemctl stop keepalived
   echo "退出keepalived"
   exit
else
   echo "nginx 正在运行"
   sleep 2 # 休眠2秒
fi
done

• 修改keepalived配置文件

! Configuration File for keepalived

global_defs {
   router_id lb01
}

vrrp_script check {     #定义脚本
   script "/server/scripts/check_web.sh"  --- 表示将一个脚本信息赋值给变量check_web
   interval 2    --- 执行监控脚本的间隔时间
   weight 2  ---利用权重值和优先级进行运算，从而降低主服务优先级使之变为备服务器（建议先忽略）
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 150
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        10.0.0.3/24 dev eth0 label eth0:1
    }
    track_script {     #调用脚本
       check
    }
}

问题

check脚本不执行~default user 'keepalived_script' for script execution does not exist

• 查看keepalived日志 tail -f -n 100 /var/log/messages
• 发现日志中提示WARNING - default user 'keepalived_script' for script execution does not exist - please create.
• 在keepalived.conf文件在global_defs中添加 script_user root或在vrrp_script中添加执行用户或

vrrp_script chk_http_port {
   script "/server/scripts/check_web.sh"
   interval 2
   user root
}

check脚本不执行~SECURITY VIOLATION - scripts are being executed but script_security not enabled.

• 在global_defs中添加 enable_script_security

配置均正常，script无法执行

• 不要通过systemctl启动keepalived，手动启动，否则执行脚本可能会出现问题
  参考
• 参考 systemctl中的启动方式手动启动keepalived/usr/sbin/keepalived -D
• 由于不是systemctl启动keepalived所以不能通过systemctl命令stop keepalived，参考以下命令

ps -ef|grep keepalived|grep -v grep |awk '{print $2}'|xargs kill

• 调整后的 check_nginx.sh

#!/bin/bash

if [ `docker ps |grep nginx |grep -v grep |wc -l` -lt 1 ]
then
   ps -ef|grep keepalived|grep -v grep |awk '{print $2}'|xargs kill
else
   echo "nginx 正在运行" > /keepalived.log
fi

故障通知

• notify_master:当当前节点成为master时，通知脚本执行任务(一般用于启动某服务，比如nginx,haproxy等)
• notify_backup:当当前节点成为backup时，通知脚本执行任务(一般用于关闭某服务，比如nginx,haproxy等)
• notify_fault：当当前节点出现故障，执行的任务;

例：当成为master时启动haproxy,当成为backup时关闭haproxy
notify_master "/etc/keepalived/start_haproxy.sh start"
notify_backup "/etc/keepalived/start_haproxy.sh stop"