284 lines
7.3 KiB
Markdown
284 lines
7.3 KiB
Markdown
> 本文作者:丁辉
|
||
|
||
# Keepalived部署使用
|
||
|
||
> 介绍:当前配置完全可以在大规模生产集群中使用
|
||
|
||
| 节点 | 网关IP | VIP |
|
||
| :------: | :----------: | :----------: |
|
||
| 主网关一 | 192.168.1.11 | |
|
||
| 从网关二 | 192.168.1.12 | |
|
||
| | | 192.168.1.10 |
|
||
|
||
## 开始部署
|
||
|
||
1. 安装 keepalived
|
||
|
||
```bash
|
||
yum install -y keepalived
|
||
```
|
||
|
||
2. **主节点** 和 **从节点** 备份 Keepalived 配置文件
|
||
|
||
```bash
|
||
mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
|
||
```
|
||
|
||
3. **主节点** 编辑配置文件
|
||
|
||
```bash
|
||
vi /etc/keepalived/keepalived.conf
|
||
```
|
||
|
||
内容如下
|
||
|
||
```bash
|
||
! Configuration File for keepalived
|
||
|
||
global_defs {
|
||
router_id LVS_DEVEL # 路由器标识,区分不同keepalived实例
|
||
script_user root # 执行脚本的用户
|
||
enable_script_security # 启用脚本安全限制
|
||
}
|
||
|
||
vrrp_script chk_haproxy { # 定义健康检查脚本
|
||
script "/usr/bin/killall -0 haproxy" # 检查haproxy进程是否存在
|
||
interval 2 # 检查间隔(秒)
|
||
weight -20 # 检查失败时优先级减20
|
||
fall 2 # 连续2次失败认为节点故障
|
||
rise 2 # 连续2次成功认为节点恢复
|
||
}
|
||
|
||
# vrrp_script check_health {
|
||
# 检测脚本
|
||
# script "/etc/keepalived/check_health_status.sh"
|
||
# 执行间隔时间
|
||
# interval 5
|
||
# }
|
||
|
||
vrrp_instance VI_1 { # VRRP实例定义
|
||
# track_script { # 开启检测脚本
|
||
# check_health
|
||
# }
|
||
# 备用状态(当 MASTER 宕机之后根据优先级提升 BACKUP 为 MASTER)
|
||
state BACKUP
|
||
# 网卡设备名
|
||
interface eth0
|
||
# 虚拟路由器ID(1-255),集群内唯一
|
||
virtual_router_id 50
|
||
# 优先级(1-254),越高越优先
|
||
priority 100
|
||
# VRRP通告间隔(秒)
|
||
advert_int 1
|
||
# 非抢占模式
|
||
nopreempt
|
||
# 本机源IP(单播模式)
|
||
unicast_src_ip 192.168.1.11
|
||
# 对端IP列表(单播模式)
|
||
unicast_peer {
|
||
192.168.1.12
|
||
}
|
||
|
||
authentication { # 认证配置
|
||
# 认证类型:PASS/AH
|
||
auth_type PASS
|
||
# 认证密码(8位以内)
|
||
auth_pass 1111
|
||
}
|
||
|
||
virtual_ipaddress { # 虚拟IP配置
|
||
# 192.168.1.10/24 # VIP地址/掩码(单网卡模式)
|
||
192.168.1.10/24 dev eth0 # VIP地址/掩码(多网卡模式)
|
||
}
|
||
|
||
track_interface { # 路由检测, 通过检测指定的网卡是否存在来判断服务是否正常
|
||
eth0
|
||
}
|
||
|
||
notify_master "/etc/keepalived/notify.sh master" # 成为 master 时执行
|
||
notify_backup "/etc/keepalived/notify.sh backup" # 成为 backup 时执行
|
||
notify_fault "/etc/keepalived/notify.sh fault" # 故障时执行
|
||
}
|
||
```
|
||
|
||
4. **从节点** 编辑配置文件
|
||
|
||
```bash
|
||
vi /etc/keepalived/keepalived.conf
|
||
```
|
||
|
||
内容如下
|
||
|
||
```bash
|
||
! Configuration File for keepalived
|
||
|
||
global_defs {
|
||
router_id LVS_DEVEL # 路由器标识,区分不同keepalived实例
|
||
script_user root # 执行脚本的用户
|
||
enable_script_security # 启用脚本安全限制
|
||
}
|
||
|
||
vrrp_script chk_haproxy { # 定义健康检查脚本
|
||
script "/usr/bin/killall -0 haproxy" # 检查haproxy进程是否存在
|
||
interval 2 # 检查间隔(秒)
|
||
weight -20 # 检查失败时优先级减20
|
||
fall 2 # 连续2次失败认为节点故障
|
||
rise 2 # 连续2次成功认为节点恢复
|
||
}
|
||
|
||
# vrrp_script check_health {
|
||
# 检测脚本
|
||
# script "/etc/keepalived/check_health_status.sh"
|
||
# 执行间隔时间
|
||
# interval 5
|
||
# }
|
||
|
||
vrrp_instance VI_1 { # VRRP实例定义
|
||
# track_script { # 开启检测脚本
|
||
# check_health
|
||
# }
|
||
# 备用状态(当 MASTER 宕机之后根据优先级提升 BACKUP 为 MASTER)
|
||
state BACKUP
|
||
# 网卡设备名
|
||
interface eth0
|
||
# 虚拟路由器ID(1-255),集群内唯一
|
||
virtual_router_id 50
|
||
# 优先级(1-254),越高越优先
|
||
priority 50
|
||
# VRRP通告间隔(秒)
|
||
advert_int 1
|
||
# 非抢占模式
|
||
nopreempt
|
||
# 本机源IP(单播模式)
|
||
unicast_src_ip 192.168.1.12
|
||
# 对端IP列表(单播模式)
|
||
unicast_peer {
|
||
192.168.1.11
|
||
}
|
||
|
||
authentication { # 认证配置
|
||
# 认证类型:PASS/AH
|
||
auth_type PASS
|
||
# 认证密码(8位以内)
|
||
auth_pass 1111
|
||
}
|
||
|
||
virtual_ipaddress { # 虚拟IP配置
|
||
# 192.168.1.10/24 # VIP地址/掩码(单网卡模式)
|
||
192.168.1.10/24 dev eth0 # VIP地址/掩码(多网卡模式)
|
||
}
|
||
|
||
track_interface { # 路由检测, 通过检测指定的网卡是否存在来判断服务是否正常
|
||
eth0
|
||
}
|
||
|
||
notify_master "/etc/keepalived/notify.sh master" # 成为 master 时执行
|
||
notify_backup "/etc/keepalived/notify.sh backup" # 成为 backup 时执行
|
||
notify_fault "/etc/keepalived/notify.sh fault" # 故障时执行
|
||
}
|
||
```
|
||
|
||
5. 配置通知脚本
|
||
|
||
```bash
|
||
cat > /etc/keepalived/notify.sh <<'EOF'
|
||
#!/bin/bash
|
||
TYPE=$1
|
||
NAME=$2
|
||
STATE=$3
|
||
|
||
case $STATE in
|
||
"MASTER")
|
||
echo "$(date): 进入MASTER状态,虚拟IP已绑定" >> /var/log/keepalived.log
|
||
# 可以在这里重启负载均衡器或相关服务
|
||
;;
|
||
"BACKUP")
|
||
echo "$(date): 进入BACKUP状态" >> /var/log/keepalived.log
|
||
;;
|
||
"FAULT")
|
||
echo "$(date): 进入FAULT状态" >> /var/log/keepalived.log
|
||
;;
|
||
esac
|
||
EOF
|
||
```
|
||
|
||
6. 分配脚本权限
|
||
|
||
```bash
|
||
chmod +x /etc/keepalived/notify.sh
|
||
```
|
||
|
||
7. 启动 keepalived
|
||
|
||
```bash
|
||
systemctl start keepalived
|
||
systemctl enable keepalived
|
||
systemctl status keepalived
|
||
```
|
||
|
||
## 配置健康检测
|
||
|
||
1. 编辑脚本
|
||
|
||
```bash
|
||
vi /etc/keepalived/check_health_status.sh
|
||
```
|
||
|
||
内容如下
|
||
|
||
```bash
|
||
#!/bin/bash
|
||
/usr/bin/curl -I http://localhost:10254/healthz
|
||
|
||
if [ $? -ne 0 ];then
|
||
|
||
cat /var/run/keepalived.pid | xargs kill
|
||
|
||
fi
|
||
```
|
||
|
||
2. 授权
|
||
|
||
```bash
|
||
chmod +x /etc/keepalived/check_health_status.sh
|
||
```
|
||
|
||
3. 确保服务启动后,编辑 keepalived 配置文件取消检测注释,重启后生效
|
||
|
||
```bash
|
||
systemctl restart keepalived
|
||
```
|
||
|
||
## 配置 Keepalived 自恢复
|
||
|
||
> 更改 Keepalived Systemd 配置文件, 加入如下内容, Keepalived会一直重启检测服务是否恢复正常
|
||
|
||
```bash
|
||
vi /lib/systemd/system/keepalived.service
|
||
```
|
||
|
||
```bash
|
||
[Service]
|
||
# 总是重启该服务
|
||
Restart=always
|
||
# 重启间隔时间
|
||
RestartSec=10
|
||
```
|
||
|
||
## 防火墙配置
|
||
|
||
> 开放其中一种即可
|
||
|
||
- 允许vrrp流量
|
||
|
||
```bash
|
||
iptables -A INPUT -p vrrp -j ACCEPT
|
||
```
|
||
|
||
- 允许组播流量
|
||
|
||
```bash
|
||
iptables -A INPUT -m pkttype --pkt-type multicast -j ACCEPT
|
||
```
|
||
|
||
|