一、 理論部分:
keepalived通過虛擬路由器、主路由器、虛擬IP、虛擬MAC的方式來完成一個虛擬路由器的管理;在vrrp當中有很多術語,這些術語描述了一個vrrp的工作過程;在vrrp的工作模式當中常見的有:
主/備 主/主(主/備,備/主),
(1) vrrp_script:能夠自定義一個資源監控腳本;這個腳本可以作爲vrrp實例當中去追蹤作爲其優先級高低判斷或計算的一個基本標準;
通過vrrp實例或進程能根據腳本狀態返回值來判定這個服務是成功的還是失敗的基本依據;並且能夠在腳本執行成功時,使得相應的節點的優先級提升,或者,在失敗時使得相應的節點的優先級通過計算以後降低;降低到什麼程度?
比如對於一個主節點來講我可以運行兩個資源,第一,是定義在網卡上的IP地址,第二,是我們所監控的一個nginx服務,我們不斷的通過一個腳本去探測nginx所監聽的80端口,或者是nginx中的某個資源是否能夠正常訪問,如果能夠正常訪問的話,那就一切不動,如果發現nginx服務訪問不了的時候,它就會嘗試着藉助於在vrrp實例當中有一個track_script(追蹤腳本),根據track_script中的定義,是的我們當前節點的優先級減去一個數值;減得以後的結果會低於BACKUP節點,因此這樣子,他在向外通告時,通告的優先級就低於BACKUP節點,所以這時候BACKUP節點就會取而代之;
公共定義,可被多個實例調用,因此,vrrp_script定義在vrrp實例之外;
(2)track_script:跟蹤腳本;調用vrrp_script定義的腳本去監控資源;還能夠在監控的過程當中,一旦發現腳本成功了,能夠使得優先級升高,失敗了,就能夠使得優先級降低,從而完成向外通告時,通告一個較高的優先級,或較低的優先級,完成所謂的節點角色轉換。
track_script定義在實例之內,調用事先定義好的vrrp_script;
使用實例1:要在實例之外定義chk_down,在實例之內調用chk_down;
vrrp_script chk_dowm{
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0" ##判斷/etc/keepalived/目錄下是否由down文件,如果有就退出;
interval 2 ##每隔多久檢測一次;
weight -5 ##檢測失敗時把權重降低5,檢測成功,權重不變;
}
track_script {
chk_down
}
使用實例2:如果監控服務具體的進程;
vrrp_script chk_httpd {
script "killall -0 httpd"
interval 2
weight -5
}
track_script { ##如果有多個腳本一同使用的話在track_script添加多個腳本的調用即可;
chk_httpd
}
二、keepalived構建 LVS-DR的主主模型
拓撲:
環境:
| Name | ip address |
| 主/備 | VIP:172.18.200.6 |
| 備/主 | VIP:172.18.100.5 |
| Real Server1 | VIP(1):172.18.200.6/32 VIP(2):172.18.200.5/32 RIP:172.18.100.100/16 |
| Real Server2 | VIP(1):172.18.200.6/32 VIP(2):172.18.200.5/32 RIP:172.18.100.110/16 |
操作步驟:
(1)各節點時間同步;
##yum -y install keepalived #前端兩臺主機都要安裝;
##ntpdate 172.18.0.1 #同步時間; 兩個節點都要同步;
##crontab -e #創建計劃任務,每5分鐘同步一次時間; 兩個節點都要同步;
*/5 * * * * /usr/sbin/ntpdate 172.18.0.1 &> /dev/null
(2)確保iptables及selinux不會阻礙;
(3)定義倆節點配置,並啓動之;
在主備節點上面修改配置文件:
#vim /etv/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.0.100.18
}
vrrp_script chk_down {
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
interval 2
weight 5
}
vrrp_script chk_httpd {
script "killall -0 httpd"
interval 2
weight -5
}
vrrp_instance VI_1 {
state MASTER
interface eno16777736
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass pBkfC1ax
}
virtual_ipaddress {
172.18.200.6 dev eno16777736 label eno16777736:0
}
track_script {
chk_down
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance VI_2 {
state BACKUP
interface eno16777736
virtual_router_id 60
priority 98
advert_int 1
authentication {
auth_type PASS
auth_pass pBkfC1ab
}
virtual_ipaddress {
172.18.200.5 dev eno16777736 label eno16777736:1
}
track_script {
chk_down
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
virtual_server 172.18.200.6 80 {
delay_loop 6
lb_algo wlc
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 172.18.200.100 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.18.200.110 80 {
weight 2
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 172.18.200.5 80 {
delay_loop 6
lb_algo wlc
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 172.18.200.100 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.18.200.110 80 {
weight 2
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}在備主節點上面修改配置文件:
#vim /etv/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.0.100.18
}
vrrp_script chk_down {
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
interval 2
weight 5
}
vrrp_script chk_httpd {
script "killall -0 httpd"
interval 2
weight -5
}
vrrp_instance VI_1 {
state BACKUP
interface eno16777736
virtual_router_id 51
priority 98
advert_int 1
authentication {
auth_type PASS
auth_pass pBkfC1ax
}
virtual_ipaddress {
172.18.200.6 dev eno16777736 label eno16777736:0
}
track_script {
chk_down
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance VI_2 {
state MASTER
interface eno16777736
virtual_router_id 60
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass pBkfC1ab
}
virtual_ipaddress {
172.18.200.5 dev eno16777736 label eno16777736:1
}
track_script {
chk_down
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
virtual_server 172.18.200.6 80 {
delay_loop 6
lb_algo wlc
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 172.18.200.100 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.18.200.110 80 {
weight 2
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 172.18.200.5 80 {
delay_loop 6
lb_algo wlc
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 172.18.200.100 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.18.200.110 80 {
weight 2
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}##systemctl start keepalived.servcie
測試一下:
主備節點:
備主節點:
(4)在Real Server上配置:
在各real server節點上添加VIP:
#ifconfig lo:0 172.18.200.6 netmask 255.255.255.255 broadcast 172.18.200.6
#ifconfig lo:1 172.18.200.5 netmask 255.255.255.255 broadcast 172.18.200.5
# route add -host 172.18.200.6 dev lo:0
# route add -host 172.18.200.5 dev lo:1
限制響應級別和通告級別:
#echo 1> /proc/sys/net/ipv4/conf/all/arp_ignore
#echo 1> /proc/sys/net/ipv4/conf/lo/arp_ignore
#echo 2> /proc/sys/net/ipv4/conf/all/arp_announce
#echo 2> /proc/sys/net/ipv4/conf/lo/arp_announce
(5)測試
寫的不好之處請各路大神多多指點,互相交流學習!
下一遍聊聊運維自動化工具之一:Ansible (待續......)