7.3 KiB
7.3 KiB
本文作者:丁辉
Keepalived部署使用
介绍:当前配置完全可以在大规模生产集群中使用
| 节点 | 网关IP | VIP |
|---|---|---|
| 主网关一 | 192.168.1.11 | |
| 从网关二 | 192.168.1.12 | |
| 192.168.1.10 |
开始部署
-
安装 keepalived
yum install -y keepalived -
主节点 和 从节点 备份 Keepalived 配置文件
mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak -
主节点 编辑配置文件
vi /etc/keepalived/keepalived.conf内容如下
! Configuration File for keepalived global_defs { router_id LVS_DEVEL # 路由器标识,区分不同keepalived实例 script_user root # 执行脚本的用户 enable_script_security # 启用脚本安全限制 } vrrp_script chk_haproxy { # 定义健康检查脚本 script "/usr/bin/killall -0 haproxy" # 检查haproxy进程是否存在 interval 2 # 检查间隔(秒) weight -20 # 检查失败时优先级减20 fall 2 # 连续2次失败认为节点故障 rise 2 # 连续2次成功认为节点恢复 } # vrrp_script check_health { # 检测脚本 # script "/etc/keepalived/check_health_status.sh" # 执行间隔时间 # interval 5 # } vrrp_instance VI_1 { # VRRP实例定义 # track_script { # 开启检测脚本 # check_health # } # 备用状态(当 MASTER 宕机之后根据优先级提升 BACKUP 为 MASTER) state BACKUP # 网卡设备名 interface eth0 # 虚拟路由器ID(1-255),集群内唯一 virtual_router_id 50 # 优先级(1-254),越高越优先 priority 100 # VRRP通告间隔(秒) advert_int 1 # 非抢占模式 nopreempt # 本机源IP(单播模式) unicast_src_ip 192.168.1.11 # 对端IP列表(单播模式) unicast_peer { 192.168.1.12 } authentication { # 认证配置 # 认证类型:PASS/AH auth_type PASS # 认证密码(8位以内) auth_pass 1111 } virtual_ipaddress { # 虚拟IP配置 # 192.168.1.10/24 # VIP地址/掩码(单网卡模式) 192.168.1.10/24 dev eth0 # VIP地址/掩码(多网卡模式) } track_interface { # 路由检测, 通过检测指定的网卡是否存在来判断服务是否正常 eth0 } notify_master "/etc/keepalived/notify.sh master" # 成为 master 时执行 notify_backup "/etc/keepalived/notify.sh backup" # 成为 backup 时执行 notify_fault "/etc/keepalived/notify.sh fault" # 故障时执行 } -
从节点 编辑配置文件
vi /etc/keepalived/keepalived.conf内容如下
! Configuration File for keepalived global_defs { router_id LVS_DEVEL # 路由器标识,区分不同keepalived实例 script_user root # 执行脚本的用户 enable_script_security # 启用脚本安全限制 } vrrp_script chk_haproxy { # 定义健康检查脚本 script "/usr/bin/killall -0 haproxy" # 检查haproxy进程是否存在 interval 2 # 检查间隔(秒) weight -20 # 检查失败时优先级减20 fall 2 # 连续2次失败认为节点故障 rise 2 # 连续2次成功认为节点恢复 } # vrrp_script check_health { # 检测脚本 # script "/etc/keepalived/check_health_status.sh" # 执行间隔时间 # interval 5 # } vrrp_instance VI_1 { # VRRP实例定义 # track_script { # 开启检测脚本 # check_health # } # 备用状态(当 MASTER 宕机之后根据优先级提升 BACKUP 为 MASTER) state BACKUP # 网卡设备名 interface eth0 # 虚拟路由器ID(1-255),集群内唯一 virtual_router_id 50 # 优先级(1-254),越高越优先 priority 50 # VRRP通告间隔(秒) advert_int 1 # 非抢占模式 nopreempt # 本机源IP(单播模式) unicast_src_ip 192.168.1.12 # 对端IP列表(单播模式) unicast_peer { 192.168.1.11 } authentication { # 认证配置 # 认证类型:PASS/AH auth_type PASS # 认证密码(8位以内) auth_pass 1111 } virtual_ipaddress { # 虚拟IP配置 # 192.168.1.10/24 # VIP地址/掩码(单网卡模式) 192.168.1.10/24 dev eth0 # VIP地址/掩码(多网卡模式) } track_interface { # 路由检测, 通过检测指定的网卡是否存在来判断服务是否正常 eth0 } notify_master "/etc/keepalived/notify.sh master" # 成为 master 时执行 notify_backup "/etc/keepalived/notify.sh backup" # 成为 backup 时执行 notify_fault "/etc/keepalived/notify.sh fault" # 故障时执行 } -
配置通知脚本
cat > /etc/keepalived/notify.sh <<'EOF' #!/bin/bash TYPE=$1 NAME=$2 STATE=$3 case $STATE in "MASTER") echo "$(date): 进入MASTER状态,虚拟IP已绑定" >> /var/log/keepalived.log # 可以在这里重启负载均衡器或相关服务 ;; "BACKUP") echo "$(date): 进入BACKUP状态" >> /var/log/keepalived.log ;; "FAULT") echo "$(date): 进入FAULT状态" >> /var/log/keepalived.log ;; esac EOF -
分配脚本权限
chmod +x /etc/keepalived/notify.sh -
启动 keepalived
systemctl start keepalived systemctl enable keepalived systemctl status keepalived
配置健康检测
-
编辑脚本
vi /etc/keepalived/check_health_status.sh内容如下
#!/bin/bash /usr/bin/curl -I http://localhost:10254/healthz if [ $? -ne 0 ];then cat /var/run/keepalived.pid | xargs kill fi -
授权
chmod +x /etc/keepalived/check_health_status.sh -
确保服务启动后,编辑 keepalived 配置文件取消检测注释,重启后生效
systemctl restart keepalived
配置 Keepalived 自恢复
更改 Keepalived Systemd 配置文件, 加入如下内容, Keepalived会一直重启检测服务是否恢复正常
vi /lib/systemd/system/keepalived.service
[Service]
# 总是重启该服务
Restart=always
# 重启间隔时间
RestartSec=10
防火墙配置
开放其中一种即可
-
允许vrrp流量
iptables -A INPUT -p vrrp -j ACCEPT -
允许组播流量
iptables -A INPUT -m pkttype --pkt-type multicast -j ACCEPT