keepalived配合脚本对HAProxy、ping网关实现高可用检测

调用脚本参数含义

vrrp_script<SCRIPT_NAME> {   #定义一个检测脚本,在global_defs之外配置
  script <STRING>|<QUOTED-STRING>   # shell命令或脚本路径
  interval <INTEGER>   # 间隔时间,单位为秒,默认1秒
  timeout <INTEGER>   # 超时时间
  weight <INTEGER:-254..254>   # 权重,监测失败后会执行权重+操作
  fall <INTEGER>   #脚本几次失败转换为失败
  rise <INTEGER>   # 脚本连续检测成果后,把服务器从失败标记为成功的次数
  user USERNAME [GROUPNAME] # 执行监测的用户或组
  init_fail    # 设置默认标记为失败状态,监测成功之后再转换为成功状态
}

实战一:实现ping网关地址高可用检测

1、在主机A配置keepalived调用ping脚本。

 书写一个脚本,ping主机的网关IP地址,如果ping不通时,启动以下keepalived配置文件中内容。

vim  /etc/keepalived/ping.sh

#!/bin/bash
ping -c 192.168.37.2 &>  /dev/null
if [ $? -eq 0 ];then
   exit  0
else
   exit  2
fi

加上执行权限:chmod +x ping.sh 

配置keepalived文件,当以上ping脚本不通时,则执行以下配置文件,此时权重就会减50,就会降低优先级,此时VIP地址就会漂移到从服务器上。

vim  /etc/keepalived/keepalived.conf

global_defs {
   notification_email {
     
   }
   notification_email_from 
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id ka2
   vrrp_skip_check_adv_addr
   vrrp_iptables
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_script linux_ping {  调用脚本时起名
   script /etc/keepalived/ping.sh  调用脚本路径  
   interval 2  时间间隔2秒
   weight -50  权重减50
   fall 3     连续失败3次转为失败
   rise 5     连续检测成功5次后,标记为成功
   timeout 2  时间超时2秒

}

vrrp_instance VIP_1 {
    state MASTER
    interface ens33
    virtual_router_id 50
    priority 100
    unicast_src_ip 192.168.37.7
    unicast_peer {
       192.168.37.17
    }
    advert_int 2
    authentication {
      auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        192.168.37.100 dev ens33 label ens33:1
    }
    track_script {  
        linux_ping   检查脚本,将上面命名的名称进行调用
    }
}

2、在B主机配置keepalived 

 书写一个脚本,ping主机的网关IP地址,如果ping不通时,启动以下keepalived配置文件中内容。

vim  /etc/keepalived/ping.sh

#!/bin/bash
ping -c 192.168.37.2 &>  /dev/null
if [ $? -eq 0 ];then
   exit  0
else
   exit  2
fi

 加上执行权限:chmod +x ping.sh 

 vim  /etc/keepalived/keepalived.conf

global_defs {
   notification_email {
     
   }
   notification_email_from 
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id ka1
   vrrp_skip_check_adv_addr
   vrrp_iptables
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_script linux_ping {
   script /etc/keepalived/ping.sh  也调用ping脚本,当从服务器Ping网关不通时也将权重减50,此时优先级变低,当主服务器恢复时,VIP地址就又会漂移到主服务器上。
   interval 2
   weight -50
   fall 3
   rise 5
   timeout 2
}

vrrp_instance VIP_1 {
    state BACKUP
    interface ens33
    virtual_router_id 50
    priority 80
    unicast_src_ip 192.168.37.17
    unicast_peer {
       192.168.37.7
    }
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        192.168.37.100 dev ens33 label ens33:1
    }
    track_script {
        linux_ping
    }
}

3、测试效果: 

将ping.sh脚本的网关地址修改为不存在的IP地址.

vim  /etc/keepalived/ping.sh

#!/bin/bash
#ping -c 192.168.37.2 &>  /dev/null
 ping  -c 192.168.77.2 &> /dev/null
if [ $? -eq 0 ];then
   exit  0
else
   exit  2
fi

 重启主从keepalived服务:systemctl  reload keepalived 

 此时可以看到VIP地址已经漂移到从服务器上。

 keepalived配合脚本对HAProxy、ping网关实现高可用检测

当主服务器的网关IP地址修改正确之后,VIP地址就又会飘回到主服务器上。

实战二:实现HAProxy高可用检测

 1、在A主机配置keepalived,并写一个检测haproxy脚本

vim  /etc/keepalived/chk_haproxy.sh

#!/bin/bash
#
#********************************************************************
#Author:                liu
#QQ:                    29308620
#Date:                  2019-12-26
#FileName:             /etc/keepalived/chk_haproxy.sh
#URL:                   http://www.struggle.com
#Description:          The test script
#Copyright (C):         2019 All rights reserved
#********************************************************************
killall -0 haproxy

  修改keepalived配置文件,调用检测haproxy脚本。

global_defs {
   notification_email {
     
   }
   notification_email_from 
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id ka2
   vrrp_skip_check_adv_addr
   vrrp_iptables
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_script chk_haproxy  {
   script /etc/keepalived/chk_haproxy.sh   调用chk_haproxy.sh脚本
   interval 2
   weight -50
   fall 3
   rise 5
   timeout 2

}

vrrp_instance VIP_1 {
    state MASTER
    interface ens33
    virtual_router_id 50
    priority 100
    unicast_src_ip 192.168.37.7
    unicast_peer {
       192.168.37.17
    }
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        192.168.37.100 dev ens33 label ens33:1
    }
    track_script {
        chk_haproxy  调用上面调用脚本的名称
    }
}

配置A主机的haproxy文件

global
maxconn 100000
chroot /usr/local/haproxy
stats socket /var/lib/haproxy/haproxy.sock1 mode 600 level admin  process 1
stats socket /var/lib/haproxy/haproxy.sock2 mode 600 level admin  process 2
user haproxy
group haproxy
daemon
nbproc 2
cpu-map 1 0
cpu-map 2 1
#cpu-map 3 2
#cpu-map 4 3
pidfile  /run/haproxy.pid
log 127.0.0.1 local3 info

defaults
option http-keep-alive
option  forwardfor
maxconn 100000
mode http
timeout connect 300000ms
timeout client  300000ms
timeout server  300000ms


listen stats
        bind :9527
        stats enable
        stats hide-version
        stats uri /haproxy-status
        stats realm HAPorxy\Stats\Page
        stats auth haadmin:123456
        stats auth admin:123456
        stats refresh 30s
        stats admin if TRUE
listen  web_port
         bind 0.0.0.0:80
         mode http
         log global
         server web1  127.0.0.1:80  check inter 3000 fall 2 rise 5

2、在B主机配置keepalived,并写一个检测haproxy脚本

vim  /etc/keepalived/chk_haproxy.sh

#!/bin/bash
#
#********************************************************************
#Author:                liu
#QQ:                    29308620
#Date:                  2019-12-26
#FileName:             /etc/keepalived/chk_haproxy.sh
#URL:                   http://www.struggle.com
#Description:          The test script
#Copyright (C):         2019 All rights reserved
#********************************************************************
killall -0 haproxy  对haproxy发信号,确定haproxy的状态信息。

  修改keepalived配置文件,调用检测haproxy脚本。

global_defs {
   notification_email {
     
   }
   notification_email_from ro
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id ka2
   vrrp_skip_check_adv_addr
   vrrp_iptables
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_script chk_haproxy  {
   script /etc/keepalived/chk_haproxy.sh   调用chk_haproxy.sh脚本
   interval 2
   weight -50
   fall 3
   rise 5
   timeout 2

}

vrrp_instance VIP_1 {
    state BACKUP
    interface ens33
    virtual_router_id 50
    priority 100
    unicast_src_ip 192.168.37.17
    unicast_peer {
       192.168.37.7
    }
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        192.168.37.100 dev ens33 label ens33:1
    }
    track_script {
        chk_haproxy  调用上面调用脚本的名称
    }
}

配置B主机的haproxy文件

global
maxconn 100000
chroot /usr/local/haproxy
stats socket /var/lib/haproxy/haproxy.sock1 mode 600 level admin  process 1
stats socket /var/lib/haproxy/haproxy.sock2 mode 600 level admin  process 2
user haproxy
group haproxy
daemon
nbproc 2
cpu-map 1 0
cpu-map 2 1
#cpu-map 3 2
#cpu-map 4 3
pidfile  /run/haproxy.pid
log 127.0.0.1 local3 info

defaults
option http-keep-alive
option  forwardfor
maxconn 100000
mode http
timeout connect 300000ms
timeout client  300000ms
timeout server  300000ms


listen stats
        bind :9527
        stats enable
        stats hide-version
        stats uri /haproxy-status
        stats realm HAPorxy\Stats\Page
        stats auth haadmin:123456
        stats auth admin:123456
        stats refresh 30s
        stats admin if TRUE
listen  web_port
         bind 0.0.0.0:80
         mode http
         log global
         server web1  127.0.0.1:80  check inter 3000 fall 2 rise 5

3、测试效果:

 将A主机的haproxy服务器停掉,此时VIP地址就会漂移到从服务器上。 

  keepalived配合脚本对HAProxy、ping网关实现高可用检测

 当启动haproxy服务器时,VIP地址就又会飘回主服务器上

 keepalived配合脚本对HAProxy、ping网关实现高可用检测

  如果想实现nginx的高可用检测,只需要将脚本改为killall  -0  nginx;

  然后在keepalived配置文件中调用此脚本即可。

相关推荐