KeepAlived的实现示例
KeepAlived的实现
HA Cluster配置准备:
各节点时间必须同步
ntp(6), chrony(7)
1》在centos6上
ntpdate 172.18.0.1
vim /etc/ntp.conf
server ip地址 iburst #与谁的服务址进行同步
service ntpd start
chkconfig ntpd on
2》在centos7上
ntpdate 172.18.0.1
vim /etc/chrony.conf
server ip地址 iburst
systemctl start chronyd
systemctl enable chronyd
3》为什么要先同步时间再去修改配置文件?
因为如果时间相差的太多是不会同步的,所以必须用ntpdate命令将时间先同步后再去修改配置文件。
ntpdate命令是暴力同步命令,而服务ntpd和chronyd是弱同步,会进行不断的更新。
确保iptables 及selinux 不会成为阻碍
各节点之间可通过主机名互相通信(对KeepAlived 并非必须)建议使用/etc/hosts 文件实现
1》在centos6上
vim /etc/sysconfig/network
HOSTNAME=
vim /etc/hosts
ip地址 HOSTNAME
退出重新登录
2》在centos7上
hostnamectl set-hostname HOSTNAME
vim /etc/hosts
ip地址 HOSTNAME
退出重新登录
3》测试,ping HOSTNAME
各节点之间的root 用户可以基于密钥认证的ssh服务完成互相通信(对KA并非必须)
1》在centos6和centos7上
生成密钥对
ssh-keygen
将公钥拷贝给对方
ssh-copy-id -i id_rsa.pub HOSTNAME(ip地址)
2》测试,直接使用ssh 登录
keepalived 安装配置:
CentOS 6.4+ Base源
程序环境:
主配置文件:/etc/keepalived/keepalived.conf
主程序文件:/usr/sbin/keepalived
Unit File :/usr/lib/systemd/system/keepalived.service
Unit File 的环境配置文件:/etc/sysconfig/keepalived
高可用的ipvs 集群示例
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.0.100.10
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 6
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 571f97b2
}
virtual_ipaddress {
172.16.0.10/16 dev eth0
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
virtual_server 172.16.0.10 80 {
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 172.16.0.11 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
real_server 172.16.0.12 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
}
双主模式的lvs集群,拓扑、实现过程
其中一个节点:
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from kaadmin@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.0.100.100
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 6
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass f1bf7fde
}
virtual_ipaddress {
172.16.0.80/16 dev eth0 label eth0:0
}
track_interface {
eth0
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 8
priority 98
advert_int 1
authentication {
auth_type PASS
auth_pass f2bf7ade
}
virtual_ipaddress {
172.16.0.90/16 dev eth0 label eth0:1
}
track_interface {
eth0
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
virtual_server fwmark 3 {
delay_loop 2
lb_algo rr
lb_kind DR
nat_mask 255.255.0.0
protocol TCP
sorry_server 127.0.0.1 80
real_server 172.16.0.11 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 2
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.16.0.12 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 2
nb_get_retry 3
delay_before_retry 3
}
}
}
keepalived 调用脚本进行资源监控
keepalived 调用外部的辅助脚本进行资源监控,并根据监控的结果状态能实现优先动态调整。
vrrp_script:
自定义一个资源监控脚本或服务监控脚本,脚本可以返回成功或失败的值,vrrp实例脚本根据脚本返回的状态修改调度。
公共定义,可被多个实例调用,定义在vrrp 实例之外。
track_script:
调用vrrp_script 定义的脚本去监控资源,定义在实例之内,调用事先定义的vrrp_script。
调用跟踪脚本,使当前调度器减去一定的数值,使其优化级低于master配置。
分两步:(1) 先定义一个脚本;(2)调用此脚本
vrrp_script <SCRIPT_NAME> {
script ""
interval INT
weight -INT
}
track_script {
SCRIPT_NAME_1
SCRIPT_NAME_2
}
高可用的nginx
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.0.100.100
}
vrrp_script chk_down {
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
interval 1
weight -20
}
vrrp_script chk_nginx {
script "killall -0 nginx && exit 0 || exit 1"
interval 1
weight -20
fall 2 #2 次检测失败为失败
rise 1 #1 次检测成功为成功
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 14
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 571f97b2
}
virtual_ipaddress {
172.18.0.93/16 dev eth0
}
track_script {
chk_down
chk_nginx
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
同步组
LVS NAT模型VIP 和DIP需要同步,需要同步组
vrrp_sync_group VG_1 {
group {
VI_1 # name of vrrp_instance (below)
VI_2 # One for each moveable IP.
}
}
vrrp_instance VI_1 {
eth0
vip
}
vrrp_instance VI_2 {
eth1
dip
}
