Keepalived高可用配置

Keepalived简介

Keepalived基于VRRP协议在服务器之间建立了主备关系，通常称之为高可用对。VRRP中文叫虚拟路由冗余协议，目的是解决静态路由的单点故障问题。高可用对之间通过IP多播的方式进行通信，通过竞争机制确定主备关系，优先级高的为主服务器，主服务优先获得资源提供服务，备服务器处于等待状态，主节点不断向备节点发送VRRP数据包，当主服务器宕机时，备节点接收不到数据包，于是接管所有资源（VIP），对外提供服务。VRRP实现了主备关系建立和高可用对之间的故障切换，VIP实现了IP地址的热迁移，无需重启网卡，从而使得切换更加迅速。

安装Keepalived

yum install keepalived -y
rpm -qa keepalived

 单实例VIP自动漂移

===lb01===

vim /etc/keepalived/keepalived.conf 

! Configuration File for keepalived

global_defs {
   notification_email {
     asdftttt@163.com
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id lb01
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 55
    priority 150
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        10.0.0.12/24 dev eth0 label eth0:1
    }
}

/etc/init.d/keepalived start
ip addr | grep 10.0.0.12

===lb02===

vim /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {
   notification_email {
     asdftttt@163.com
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id lb02
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 55
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        10.0.0.12/24 dev eth0 label eth0:1
    }
}

/etc/init.d/keepalived start
ip addr | grep 10.0.0.12

 备份服务器创建裂脑检测脚本

裂脑指的是主备服务器上同时存在相同的VIP，原因通常是线路或防火墙导致的无法通信，备份服务器收不到主服务器发送的VRRP数据包即心跳信息，于是接管了服务。

vim /server/scripts/check_split_brain.sh

#!/bin/bash
#原理：Ping主节点，如果Master没有宕机而Slave出现了VIP，发送裂脑警告。
#收到警告后第一时间查看Master中Keepalived服务是否正常。
#有可能只是keepalived服务宕掉了
lb01_vip=10.0.0.12
lb01_ip=172.16.1.5
while true
do
ping -c 2 -W 3 $lb01_ip &> /dev/null
if [ $? -eq 0 -a `ip addr | grep "$lb01_vip" | wc -l` -eq 1 ];then
echo "ha is split brain.warning"
else echo "ha is ok"
fi
sleep 5
done

这个脚本的局限在于当线路问题导致裂脑时，该脚本无法判断，最好在监控服务器上也进行监控

 配置Keepalived和服务相关联

vim /server/scripts/chk_nginx_proxy.sh

#!/bin/bash
#keepalived通常只针对服务器，不针对服务，该脚本解决此问题
#当nginx proxy停止，keepalived也停止
if [ `netstat -nutlp | grep nginx | wc -l` -ne 1 ];then
    /etc/init.d/keepalived stop
fi

chmod u+x /server/scripts/chk_nginx_proxy.sh 

vim /etc/keepalived/keepalived.conf 

! Configuration File for keepalived

global_defs {
   notification_email {
    asdftttt@163.com
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id lb01
}

vrrp_script chk_nginx_proxy {
script "/server/scripts/chk_nginx_proxy.sh"
interval 2
weight 2
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 55
    priority 150
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        10.0.0.12/24 dev eth0 label eth0:1
    }
    track_script {
        chk_nginx_proxy
    }   
}

/etc/init.d/keepalived reload
/application/nginx/sbin/nginx -s stop
/etc/init.d/keepalived status

 配置多播地址

同一网段有多个高可用对，需要配置不同的多播地址

vim /etc/keepalived/keepalived.conf 

! Configuration File for keepalived

global_defs {
   notification_email {
     asdftttt@163.com
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id lb01
   vrrp_mcast_group4 224.0.0.19
}

 配置指定文件记录日志

vim /etc/sysconfig/keepalived 

KEEPALIVED_OPTIONS="-D -d -S 0"
#-D  详细日志 -d  导出备份  -S 0  指定syslog设备为local0

vim /etc/rsyslog.conf 

42 *.info;mail.none;authpriv.none;cron.none;local0.none           /var/log/messages
81 local0.*   /var/log/keepalived.log

/etc/init.d/rsyslog restart