keepalived配合脚本对HAProxy、ping网关实现高可用检测
调用脚本参数含义
vrrp_script<SCRIPT_NAME> { #定义一个检测脚本,在global_defs之外配置 script <STRING>|<QUOTED-STRING> # shell命令或脚本路径 interval <INTEGER> # 间隔时间,单位为秒,默认1秒 timeout <INTEGER> # 超时时间 weight <INTEGER:-254..254> # 权重,监测失败后会执行权重+操作 fall <INTEGER> #脚本几次失败转换为失败 rise <INTEGER> # 脚本连续检测成果后,把服务器从失败标记为成功的次数 user USERNAME [GROUPNAME] # 执行监测的用户或组 init_fail # 设置默认标记为失败状态,监测成功之后再转换为成功状态 }
实战一:实现ping网关地址高可用检测
1、在主机A配置keepalived调用ping脚本。
书写一个脚本,ping主机的网关IP地址,如果ping不通时,启动以下keepalived配置文件中内容。
vim /etc/keepalived/ping.sh
#!/bin/bash ping -c 192.168.37.2 &> /dev/null if [ $? -eq 0 ];then exit 0 else exit 2 fi
加上执行权限:chmod +x ping.sh
配置keepalived文件,当以上ping脚本不通时,则执行以下配置文件,此时权重就会减50,就会降低优先级,此时VIP地址就会漂移到从服务器上。
vim /etc/keepalived/keepalived.conf
global_defs { notification_email { } notification_email_from smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka2 vrrp_skip_check_adv_addr vrrp_iptables vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_script linux_ping { 调用脚本时起名 script /etc/keepalived/ping.sh 调用脚本路径 interval 2 时间间隔2秒 weight -50 权重减50 fall 3 连续失败3次转为失败 rise 5 连续检测成功5次后,标记为成功 timeout 2 时间超时2秒 } vrrp_instance VIP_1 { state MASTER interface ens33 virtual_router_id 50 priority 100 unicast_src_ip 192.168.37.7 unicast_peer { 192.168.37.17 } advert_int 2 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 192.168.37.100 dev ens33 label ens33:1 } track_script { linux_ping 检查脚本,将上面命名的名称进行调用 } }
2、在B主机配置keepalived
书写一个脚本,ping主机的网关IP地址,如果ping不通时,启动以下keepalived配置文件中内容。
vim /etc/keepalived/ping.sh
#!/bin/bash ping -c 192.168.37.2 &> /dev/null if [ $? -eq 0 ];then exit 0 else exit 2 fi
加上执行权限:chmod +x ping.sh
vim /etc/keepalived/keepalived.conf
global_defs { notification_email { } notification_email_from smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka1 vrrp_skip_check_adv_addr vrrp_iptables vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_script linux_ping { script /etc/keepalived/ping.sh 也调用ping脚本,当从服务器Ping网关不通时也将权重减50,此时优先级变低,当主服务器恢复时,VIP地址就又会漂移到主服务器上。 interval 2 weight -50 fall 3 rise 5 timeout 2 } vrrp_instance VIP_1 { state BACKUP interface ens33 virtual_router_id 50 priority 80 unicast_src_ip 192.168.37.17 unicast_peer { 192.168.37.7 } advert_int 2 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 192.168.37.100 dev ens33 label ens33:1 } track_script { linux_ping } }
3、测试效果:
将ping.sh脚本的网关地址修改为不存在的IP地址.
vim /etc/keepalived/ping.sh
#!/bin/bash #ping -c 192.168.37.2 &> /dev/null ping -c 192.168.77.2 &> /dev/null if [ $? -eq 0 ];then exit 0 else exit 2 fi
重启主从keepalived服务:systemctl reload keepalived
此时可以看到VIP地址已经漂移到从服务器上。
当主服务器的网关IP地址修改正确之后,VIP地址就又会飘回到主服务器上。
实战二:实现HAProxy高可用检测
1、在A主机配置keepalived,并写一个检测haproxy脚本
vim /etc/keepalived/chk_haproxy.sh
#!/bin/bash # #******************************************************************** #Author: liu #QQ: 29308620 #Date: 2019-12-26 #FileName: /etc/keepalived/chk_haproxy.sh #URL: http://www.struggle.com #Description: The test script #Copyright (C): 2019 All rights reserved #******************************************************************** killall -0 haproxy
修改keepalived配置文件,调用检测haproxy脚本。
global_defs { notification_email { } notification_email_from smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka2 vrrp_skip_check_adv_addr vrrp_iptables vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_script chk_haproxy { script /etc/keepalived/chk_haproxy.sh 调用chk_haproxy.sh脚本 interval 2 weight -50 fall 3 rise 5 timeout 2 } vrrp_instance VIP_1 { state MASTER interface ens33 virtual_router_id 50 priority 100 unicast_src_ip 192.168.37.7 unicast_peer { 192.168.37.17 } advert_int 2 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 192.168.37.100 dev ens33 label ens33:1 } track_script { chk_haproxy 调用上面调用脚本的名称 } }
配置A主机的haproxy文件
global maxconn 100000 chroot /usr/local/haproxy stats socket /var/lib/haproxy/haproxy.sock1 mode 600 level admin process 1 stats socket /var/lib/haproxy/haproxy.sock2 mode 600 level admin process 2 user haproxy group haproxy daemon nbproc 2 cpu-map 1 0 cpu-map 2 1 #cpu-map 3 2 #cpu-map 4 3 pidfile /run/haproxy.pid log 127.0.0.1 local3 info defaults option http-keep-alive option forwardfor maxconn 100000 mode http timeout connect 300000ms timeout client 300000ms timeout server 300000ms listen stats bind :9527 stats enable stats hide-version stats uri /haproxy-status stats realm HAPorxy\Stats\Page stats auth haadmin:123456 stats auth admin:123456 stats refresh 30s stats admin if TRUE listen web_port bind 0.0.0.0:80 mode http log global server web1 127.0.0.1:80 check inter 3000 fall 2 rise 5
2、在B主机配置keepalived,并写一个检测haproxy脚本
vim /etc/keepalived/chk_haproxy.sh
#!/bin/bash # #******************************************************************** #Author: liu #QQ: 29308620 #Date: 2019-12-26 #FileName: /etc/keepalived/chk_haproxy.sh #URL: http://www.struggle.com #Description: The test script #Copyright (C): 2019 All rights reserved #******************************************************************** killall -0 haproxy 对haproxy发信号,确定haproxy的状态信息。
修改keepalived配置文件,调用检测haproxy脚本。
global_defs { notification_email { } notification_email_from ro smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka2 vrrp_skip_check_adv_addr vrrp_iptables vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_script chk_haproxy { script /etc/keepalived/chk_haproxy.sh 调用chk_haproxy.sh脚本 interval 2 weight -50 fall 3 rise 5 timeout 2 } vrrp_instance VIP_1 { state BACKUP interface ens33 virtual_router_id 50 priority 100 unicast_src_ip 192.168.37.17 unicast_peer { 192.168.37.7 } advert_int 2 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 192.168.37.100 dev ens33 label ens33:1 } track_script { chk_haproxy 调用上面调用脚本的名称 } }
配置B主机的haproxy文件
global maxconn 100000 chroot /usr/local/haproxy stats socket /var/lib/haproxy/haproxy.sock1 mode 600 level admin process 1 stats socket /var/lib/haproxy/haproxy.sock2 mode 600 level admin process 2 user haproxy group haproxy daemon nbproc 2 cpu-map 1 0 cpu-map 2 1 #cpu-map 3 2 #cpu-map 4 3 pidfile /run/haproxy.pid log 127.0.0.1 local3 info defaults option http-keep-alive option forwardfor maxconn 100000 mode http timeout connect 300000ms timeout client 300000ms timeout server 300000ms listen stats bind :9527 stats enable stats hide-version stats uri /haproxy-status stats realm HAPorxy\Stats\Page stats auth haadmin:123456 stats auth admin:123456 stats refresh 30s stats admin if TRUE listen web_port bind 0.0.0.0:80 mode http log global server web1 127.0.0.1:80 check inter 3000 fall 2 rise 5
3、测试效果:
将A主机的haproxy服务器停掉,此时VIP地址就会漂移到从服务器上。
当启动haproxy服务器时,VIP地址就又会飘回主服务器上
如果想实现nginx的高可用检测,只需要将脚本改为:killall -0 nginx;
然后在keepalived配置文件中调用此脚本即可。