调用脚本参数含义
vrrp_script<SCRIPT_NAME> { #定义一个检测脚本,在global_defs之外配置
script <STRING>|<QUOTED-STRING> # shell命令或脚本路径
interval <INTEGER> # 间隔时间,单位为秒,默认1秒
timeout <INTEGER> # 超时时间
weight <INTEGER:-254..254> # 权重,监测失败后会执行权重+操作
fall <INTEGER> #脚本几次失败转换为失败
rise <INTEGER> # 脚本连续检测成果后,把服务器从失败标记为成功的次数
user USERNAME [GROUPNAME] # 执行监测的用户或组
init_fail # 设置默认标记为失败状态,监测成功之后再转换为成功状态
}
实战一:实现ping网关地址高可用检测
1、在主机A配置keepalived调用ping脚本。
书写一个脚本,ping主机的网关IP地址,如果ping不通时,启动以下keepalived配置文件中内容。
vim /etc/keepalived/ping.sh
#!/bin/bash ping -c 192.168.37.2 &> /dev/null if [ $? -eq 0 ];then exit 0 else exit 2 fi
加上执行权限:chmod +x ping.sh
配置keepalived文件,当以上ping脚本不通时,则执行以下配置文件,此时权重就会减50,就会降低优先级,此时VIP地址就会漂移到从服务器上。
vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost.com
}
notification_email_from root@localhost.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka2
vrrp_skip_check_adv_addr
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_script linux_ping { 调用脚本时起名
script /etc/keepalived/ping.sh 调用脚本路径
interval 2 时间间隔2秒
weight -50 权重减50
fall 3 连续失败3次转为失败
rise 5 连续检测成功5次后,标记为成功
timeout 2 时间超时2秒
}
vrrp_instance VIP_1 {
state MASTER
interface ens33
virtual_router_id 50
priority 100
unicast_src_ip 192.168.37.7
unicast_peer {
192.168.37.17
}
advert_int 2
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.37.100 dev ens33 label ens33:1
}
track_script {
linux_ping 检查脚本,将上面命名的名称进行调用
}
}
2、在B主机配置keepalived
书写一个脚本,ping主机的网关IP地址,如果ping不通时,启动以下keepalived配置文件中内容。
vim /etc/keepalived/ping.sh
#!/bin/bash ping -c 192.168.37.2 &> /dev/null if [ $? -eq 0 ];then exit 0 else exit 2 fi
加上执行权限:chmod +x ping.sh
vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from root@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1
vrrp_skip_check_adv_addr
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_script linux_ping {
script /etc/keepalived/ping.sh 也调用ping脚本,当从服务器Ping网关不通时也将权重减50,此时优先级变低,当主服务器恢复时,VIP地址就又会漂移到主服务器上。
interval 2
weight -50
fall 3
rise 5
timeout 2
}
vrrp_instance VIP_1 {
state BACKUP
interface ens33
virtual_router_id 50
priority 80
unicast_src_ip 192.168.37.17
unicast_peer {
192.168.37.7
}
advert_int 2
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.37.100 dev ens33 label ens33:1
}
track_script {
linux_ping
}
}
3、测试效果:
将ping.sh脚本的网关地址修改为不存在的IP地址.
vim /etc/keepalived/ping.sh
#!/bin/bash #ping -c 192.168.37.2 &> /dev/null ping -c 192.168.77.2 &> /dev/null if [ $? -eq 0 ];then exit 0 else exit 2 fi
重启主从keepalived服务:systemctl reload keepalived
此时可以看到VIP地址已经漂移到从服务器上。
当主服务器的网关IP地址修改正确之后,VIP地址就又会飘回到主服务器上。
实战二:实现HAProxy高可用检测
1、在A主机配置keepalived,并写一个检测haproxy脚本
vim /etc/keepalived/chk_haproxy.sh
#!/bin/bash # #******************************************************************** #Author: liu #QQ: 29308620 #Date: 2019-12-26 #FileName: /etc/keepalived/chk_haproxy.sh #URL: http://www.struggle.com #Description: The test script #Copyright (C): 2019 All rights reserved #******************************************************************** killall -0 haproxy
修改keepalived配置文件,调用检测haproxy脚本。
global_defs {
notification_email {
root@localhost.com
}
notification_email_from root@localhost.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka2
vrrp_skip_check_adv_addr
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_script chk_haproxy {
script /etc/keepalived/chk_haproxy.sh # 调用chk_haproxy.sh脚本,发现haproxy宕机后就降级
interval 2
weight -50
fall 3
rise 5
timeout 2
}
vrrp_instance VIP_1 {
state MASTER
interface ens33
virtual_router_id 50
priority 100
unicast_src_ip 192.168.37.7
unicast_peer {
192.168.37.17
}
advert_int 2
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.37.100 dev ens33 label ens33:1
}
track_script {
chk_haproxy 调用上面调用脚本的名称
}
}
配置A主机的haproxy文件
global
maxconn 100000
chroot /usr/local/haproxy
stats socket /var/lib/haproxy/haproxy.sock1 mode 600 level admin process 1
stats socket /var/lib/haproxy/haproxy.sock2 mode 600 level admin process 2
user haproxy
group haproxy
daemon
nbproc 2
cpu-map 1 0
cpu-map 2 1
#cpu-map 3 2
#cpu-map 4 3
pidfile /run/haproxy.pid
log 127.0.0.1 local3 info
defaults
option http-keep-alive
option forwardfor
maxconn 100000
mode http
timeout connect 300000ms
timeout client 300000ms
timeout server 300000ms
listen stats
bind :9527
stats enable
stats hide-version
stats uri /haproxy-status
stats realm HAPorxyStatsPage
stats auth haadmin:123456
stats auth admin:123456
stats refresh 30s
stats admin if TRUE
listen web_port
bind 0.0.0.0:80
mode http
log global
server web1 192.168.7.102:80 check inter 3000 fall 2 rise 5 # 用户访问VIP地址之后,转发到后端服务器上
2、在B主机配置keepalived,并写一个检测haproxy脚本
vim /etc/keepalived/chk_haproxy.sh
#!/bin/bash # #******************************************************************** #Author: liu #QQ: 29308620 #Date: 2019-12-26 #FileName: /etc/keepalived/chk_haproxy.sh #URL: http://www.struggle.com #Description: The test script #Copyright (C): 2019 All rights reserved #******************************************************************** killall -0 haproxy 对haproxy发信号,确定haproxy的状态信息。
修改keepalived配置文件,调用检测haproxy脚本。
global_defs {
notification_email {
root@localhost.com
}
notification_email_from root@localhost.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka2
vrrp_skip_check_adv_addr
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_script chk_haproxy {
script /etc/keepalived/chk_haproxy.sh # 调用chk_haproxy.sh脚本,发现haproxy宕机之后就降级
interval 2
weight -50
fall 3
rise 5
timeout 2
}
vrrp_instance VIP_1 {
state BACKUP
interface ens33
virtual_router_id 50
priority 100
unicast_src_ip 192.168.37.17
unicast_peer {
192.168.37.7
}
advert_int 2
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.37.100 dev ens33 label ens33:1
}
track_script {
chk_haproxy 调用上面调用脚本的名称
}
}
配置B主机的haproxy文件
global
maxconn 100000
chroot /usr/local/haproxy
stats socket /var/lib/haproxy/haproxy.sock1 mode 600 level admin process 1
stats socket /var/lib/haproxy/haproxy.sock2 mode 600 level admin process 2
user haproxy
group haproxy
daemon
nbproc 2
cpu-map 1 0
cpu-map 2 1
#cpu-map 3 2
#cpu-map 4 3
pidfile /run/haproxy.pid
log 127.0.0.1 local3 info
defaults
option http-keep-alive
option forwardfor
maxconn 100000
mode http
timeout connect 300000ms
timeout client 300000ms
timeout server 300000ms
listen stats
bind :9527
stats enable
stats hide-version
stats uri /haproxy-status
stats realm HAPorxyStatsPage
stats auth haadmin:123456
stats auth admin:123456
stats refresh 30s
stats admin if TRUE
listen web_port
bind 0.0.0.0:80
mode http
log global
server web1 192.168.7.102:80 check inter 3000 fall 2 rise 5 # 用户访问VIP地址之后,转发到后端服务器上
3、测试效果:
将A主机的haproxy服务器停掉,此时VIP地址就会漂移到从服务器上。
当启动haproxy服务器时,VIP地址就又会飘回主服务器上
如果想实现nginx的高可用检测,只需要将脚本改为:killall -0 nginx;
然后在keepalived配置文件添加一个调用此脚本即可,详细的nginx检测状态,请看:https://www.cnblogs.com/struggle-1216/p/12055924.html