作者本人也搭建了一个docker镜像加速器,需要的朋友随时联系作者,镜像加速嘎嘎快,快速解决docker镜像拉不下的问题,文章最后带有作者wx,先好好学习吧。
keepalived
一:Keepalived简介
1.1:keepalived
vrrp协议的软件实现,原生设计目的为了高可用的ipvs服务
keepalived:
vrrp协议:Virtual Router Redundancy Protocol
术语:
虚拟路由器:Virtual Router
虚拟路由器标识:VRID(0-255),唯一标识虚拟路由器
物理路由器:
master:主设备
backup:备用设备
priority:优先级
VIP:Virtual IP=vip
VMAC:Virutal MAC (00-00-5e-00-01-VRIP)
keepalived就是维护像这样的操作
ifconfig eth0:0 172.16.10.188 netmask 255.255.0.0
通告:心跳,优先级等;周期性
工作方式:抢占式,非抢占式,抢占延迟
安全工作:
认证:
无认证
简单字符认证:预共享密钥
工作模式:
主/备:单虚拟路由器
主/主:主/备(虚拟路由器1),备/主(虚拟路由器2)
1.2:功能
基于vrrp协议完成地址流动
为vip地址所在的节点生成ipvs规则(在配置文件中预先定义)
为ipvs集群的各RS做健康状态监测
基于脚本调用接口通过执行脚本完成脚本中定义的功能,进而影响集群事务,以此支持nginx、haproxy等服务
1.3:组件
用户空间核心组件
vrrp stack-VIP消息通告
checkers-监测real server
system call-标记real server权重
SMTP-邮件组件
ipvs wrapper-生成ipvs规则
Netlink Reflector-网络接口
WatchDog-监控进程:监控check和vrrp进程的看管者,check负责检测器子进程的健康状态,当其检测到master上的服务不可用时则通告vrrp将其转移至backup服务器上。
控制组件:配置文件解析器
IO复用器
内存管理组件
二:keepalived安装
2.1:源码编译
https://www.keepalived.org/index.html 官方网站
[root@k8s-vip]# yum install libnfnetlink-devel libnfnetlink ipvsadm libnl libnl-devel libnl3 libnl3-devel lm_sensors-libs net-snmp-agent-libs net-snmp-libs openss-server openssh-clients openssl openssl-devel automake iproute
[root@k8s-vip ~]# wget https://www.keepalived.org/software/keepalived-2.0.2.tar.gz
[root@k8s-vip ~]# tar -xvf keepalived-2.0.2.tar.gz
[root@k8s-vip ~]#./configure --prefix=/apps/keepalived --disable-fwmark(禁止VIP的请求到本机的)
[root@k8s-vip ~]# make && make install
cp ./keepalived.conf /etc/keepalived/keepalived.conf
2.2:yum安装
yum install -y keepalived
三:keepalived配置
3.1:keepalived总体配置
配置文件组成部分:
GLOBAL CONFINGURATION
Global definitions
VRRP CONFINGURATION
VRRP instance(s): 即一个个的vrrp虚拟路由器
LVS CONFIGURATION
Virtual server group(s)
Virtual server(s):ipvs集群的vs和rs
3.2:keepalived虚拟路由器配置
vrrp_instance <STRING> {
...
}
配置参数:
state MASTER/BACKUP: 当前节点在此虚拟路由器上的初始状态,状态为MASTER或者BACKUP
interface IFACE_NAME: 绑定为当前虚拟路由器使用的物理接口 ens33 eth0
virtual_router_id VRID: 当前虚拟路由器唯一标识,范围时0-255
priority 100: 当前物理节点在此虚拟路由器中的优先级;范围1-254,这是选举master的重要指标,不是state的标识
advert_int 1: vrrp通告的时间间隔,默认1s(224.0.0.18往这个地址通告)
global_defs {
notification_email {
root@localhost #keepalived发生故障切换时邮件发送的对象,可以按行区分写多个
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr#所有报文都将检查比较消耗性能,此配置为如果收到的报文和上一个报文是同一个路由器则跳过检查报文中的源地址
vrrp_strict#严格遵守VRRP协议,不永许状况:1:没有vip地址,2.配置了单播邻居,3.在vrrp版本2中有IPV6地址
vrrp_iptables #可以让用户空间访问虚拟ip
vrrp_garp_interval 0 #ARP报文发送延迟
vrrp_gna_interval 0#消息发送延迟
vrrp_mcast_group4 224.0.0.18 #默认组播IP地址,224.0.0.0到239.255.255.255
}
tcpdump -i ens33 -nn src 172.16.10.105 #抓包
3.3单个虚拟机实现,测试vip在两个虚拟机漂移
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.10.252/24 dev ens33 label ens33:0
172.16.10.253/24 dev ens33 label ens33:1
}
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.10.252/24 dev ens33 label ens33:0
172.16.10.253/24 dev ens33 label ens33:1
}
}
3.4:keepalived非抢占、抢占延迟、单播配置、多主机高可用
3.4.1:nopreempt:关闭VIP抢占,需要各keepalived服务器state为BACKUP,需要关闭#vrrp_strict
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 100
nopreempt #关闭抢占延迟
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.10.252/24 dev ens33 label ens33:0
172.16.10.253/24 dev ens33 label ens33:1
}
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.10.252/24 dev ens33 label ens33:0
172.16.10.253/24 dev ens33 label ens33:1
}
}
3.4.2:抢占延迟
preemt_delay 60s #抢占延迟模式,默认延迟300s,需要各keepalived服务器state为BACKUP
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 100
#nopreempt
preempt_delay 60s #抢占延迟
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.10.252/24 dev ens33 label ens33:0
172.16.10.253/24 dev ens33 label ens33:1
}
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.10.252/24 dev ens33 label ens33:0
172.16.10.253/24 dev ens33 label ens33:1
}
}
脑裂:master机器犹豫向组播通报的时候,由于网络问题延迟。backup以为master挂了,结果就有2个vip
3.4.3:单播配置及示例
unicast_src_ip #指定单播的源ip
unicast_peer{ #指定单播的对方ip
目标主机IP
}
vrrp_instance VI_2 {
state BACKUP
interface ens33
virtual_router_id 52
priority 80
#nopreempt
#preempt_delay 60s
unicast_src_ip 172.16.10.105
unicast_peer {
172.16.10.50
}
advert_int 2
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.10.250/24 dev ens33 label ens33:2
172.16.10.251/24 dev ens33 label ens33:3
}
}
3.4.4:多主机高可用
s1 s2 s3
r1 100 80 60
r2 80 100 60
r3 60 80 100
s1:配置
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 100
unicast_src_ip 172.16.10.105
unicast_peer {
172.16.10.50
172.16.10.61
}
advert_int 2
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.10.252/24 dev ens33 label ens33:0
172.16.10.253/24 dev ens33 label ens33:1
}
}
vrrp_instance VI_2 {
state BACKUP
interface ens33
virtual_router_id 52
priority 80
unicast_src_ip 172.16.10.105
unicast_peer {
172.16.10.50
172.16.10.61
}
advert_int 2
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.10.250/24 dev ens33 label ens33:2
172.16.10.251/24 dev ens33 label ens33:3
}
}
vrrp_instance VI_3 {
state BACKUP
interface ens33
virtual_router_id 53
priority 60
advert_int 2
unicast_src_ip 172.16.10.105
unicast_peer {
172.16.10.50
172.16.10.61
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.10.248/24 dev ens33 label ens33:4
172.16.10.249/24 dev ens33 label ens33:5
}
}
s2配置
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 80
unicast_src_ip 172.16.10.50
unicast_peer {
172.16.10.105
172.16.10.61
}
advert_int 2
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.10.252/24 dev ens33 label ens33:0
172.16.10.253/24 dev ens33 label ens33:1
}
}
vrrp_instance VI_2 {
state BACKUP
interface ens33
virtual_router_id 52
priority 100
advert_int 2
unicast_src_ip 172.16.10.50
unicast_peer {
172.16.10.105
172.16.10.61
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.10.250/24 dev ens33 label ens33:2
172.16.10.251/24 dev ens33 label ens33:3
}
}
vrrp_instance VI_3 {
state BACKUP
interface ens33
virtual_router_id 53
priority 80
advert_int 2
unicast_src_ip 172.16.10.50
unicast_peer {
172.16.10.105
172.16.10.61
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.10.248/24 dev ens33 label ens33:4
172.16.10.249/24 dev ens33 label ens33:5
}
}
s3配置
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 60
unicast_src_ip 172.16.10.61
unicast_peer {
172.16.10.50
172.16.10.105
}
advert_int 2
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.10.252/24 dev ens33 label ens33:0
172.16.10.253/24 dev ens33 label ens33:1
}
}
vrrp_instance VI_2 {
state BACKUP
interface ens33
virtual_router_id 52
priority 60
advert_int 2
unicast_src_ip 172.16.10.61
unicast_peer {
172.16.10.50
172.16.10.105
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.10.250/24 dev ens33 label ens33:2
172.16.10.251/24 dev ens33 label ens33:3
}
}
vrrp_instance VI_3 {
state BACKUP
interface ens33
virtual_router_id 53
priority 100
advert_int 2
unicast_src_ip 172.16.10.61
unicast_peer {
172.16.10.50
172.16.10.105
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.10.248/24 dev ens33 label ens33:4
172.16.10.249/24 dev ens33 label ens33:5
}
}
3.5:keepalived邮箱配置
#定义发件人配置
yum install -y mailx
vim /etc/mail.rc
set from=1971206278@qq.com
set smtp=smtp.qq.com
set smtp-auth-user=1971206278@qq.com
set smtp-auth-password=zvdekhljgjwyfaeb
set smtp-auth=login
set ssl-verify=ignore
echo "test mail" | mailx -s "mail gf" 1971206278@qq.com
定义通知脚本
notify_master <STRING>|<QUOTED-STRING>:
当前节点成为主节点触发的脚本
notify_backup <STRING>|<QUOTED-STRING>:
当前节点成为备节点触发的脚本
notify_fault <STRING>|<QUOTED-STRING>:
当前节点成为”失败“节点触发的脚本
notify<STRING>|<QUOTED-STRING>:
通知格式的通知触发机制,一个脚本可完成以上三种状态的转换时的通知
配置脚本
#!/bin/bash
contact='1971206278@qq.com'
ROUTER=$2
notify() {
mailsubject="$(hostname) to be $1, vip 转移"
mailbody="$(date +'%F %T'): vrrp transition, $(hostname) vip:${ROUTER} changed to be $1"
echo "$mailbody" | mail -s "$mailsubject" $contact
}
case $1 in
master)
notify master ${ROUTER}
;;
backup)
notify backup ${ROUTER}
;;
fault)
notify fault ${ROUTER}
;;
*)
echo "Usage: $(basename $0) {master|backup|fault}"
exit 1
;;
esacbash
配置文件
vrrp_instance VI_3 {
state BACKUP
interface ens33
virtual_router_id 53
priority 100
advert_int 2
unicast_src_ip 172.16.10.61
unicast_peer {
172.16.10.50
172.16.10.105
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.10.248/24 dev ens33 label ens33:4
172.16.10.249/24 dev ens33 label ens33:5
}
notify_master "/etc/keepalived/keepalived.sh master"
notify_backup "/etc/keepalived/keepalived.sh backup"
notify_fault "/etc/keepalived/keepalived.sh fault"
}
3.6:keepalived与IPvs
虚拟服务器配置参数
virtual server (虚拟服务)的定义:
virtual_server IP PORT #定义虚拟主机IP地址及其端口
virtual_server fwmark int #ipvs的防火墙打标,实现基于防火墙的负载均衡集群
virtual_server group string #将多个虚拟服务器定义成组,将组定义成虚拟服务
virtual_server IP port
{
...
real_server{
...
}
...
}
delay_loop <INT>: 检查后端服务器的时间间隔
lb_algo rr|wrr|lc|wlc|lblc|sh|dh:定义调度方法
lb_kind NAT|DR|TUN:集群的类型
persistence_timeout <INT>:持久服务协议
protocol TCP|UDP|SCTP:指定服务协议
sorry_server <IPADDR> <PORT>:所有RS故障时,备用服务器地址
real_server <IPADDR> <PORT>
{
weight <INT> RS权重
notify_up <STRING>|<QUOTED-STRING> RS上线通知脚本
notify_down <STRING>|<QUOTED-STRING> RS下线通知脚本
HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|MISC_CHECK {...}:
定义当前主机的健康状态检测方法
}
3.6.1:应用层检测
HTTP_GET|SSL_GET:应用层检测
HTTP_GET|SSL_GET{
url{
path<URL_PATH>:定义要监控的URL
status_code<INT>:判断上述检测机制为健康状态的响应码
}
connect_timeout <INTEGER>:客户端请求的超时时长,等于haproxy的timeout server(tcp之后,haproxy请求后端服务器时长)
nb_get_retry <INT>:重试次数
delay_before_retry <INT>:重试之前的延迟时长
connect_ip<IP ADDRESS>:向当前RS那个IP地址发起健康状态检测请求
connect_port<PORT>:向当前RS那个PORT地址发起健康状态检测请求
bindto<IP ADDRESS>:发出健康状态检测请求时使用的源地址
bind_port<port>:发出健康状态检测请求时使用的源端口
}
3.7:keepalived与ipvs示例:DR模式
keepalived的server配置
virtual_server 172.16.10.188 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
#persistence_timeout 20
protocol TCP
real_server 172.16.10.61 80 {
weight 1
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
#HTTP_GET { tcp检测
# url{
# path /web/index.html
# status_code 200
# }
# }
}
real_server 172.16.10.62 80 {
weight 1
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
apache的server,需要添加一个ip地址
#!/bin/sh
#LVS DR模式初始化脚本
LVS_VIP=172.16.10.188
source /etc/rc.d/init.d/functions
case "$1" in
start)
/sbin/ifconfig lo:0 $LVS_VIP netmask 255.255.255.255 broadcast $LVS_VIP up
/sbin/route add -host $LVS_VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
/sbin/ifconfig lo:0 down
/sbin/route del $LVS_VIP >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0
3.7:VRRP Script
keepalived调用外部的辅助脚本进行资源监控,并根据监控的结果状态能实现优先动态调整
vrrp_script:自定义资源监控脚本,vrrp实例根据脚本返回值进行下一步操作,脚本可被多个实例调用。
track_script:调用vrrp_script定义的脚本去监控资源,定义在实例之内,调用事先定义的vrrp_script
分两步:(1)先定义一个脚本;(2)调用此脚本
vrrp_script <SCRIPT_NAME> {
script <STRING>|<QUOTED-STRING>
OPTIIONS
}
track_script {
SCRIPT_NAME_1
SCRIPT_NAME_2
}
vrrp_script <SCRIPT_NAME> {#定义一个检测脚本,在global_defs之外配置
script <STRING>|QUOTED-STRING> #shell命令或脚本路径
interval <INTEGER> #间隔时间,单位为秒,默认1秒
timeout <INTEGER. #超时时间
weight <INTEGER:-254...254>#权重,检测失败后执行权重相加,权重可以为负数即相加后降低本机权重
fall <INTEGER> #脚本几次失败转化为失败
rise <INTEGER> #脚本连续监测成功后,把服务器从失败标记为成功的次数
user USERNAME [GROUPNAME] #执行监测的用户或组
init_fail #设置默认标记为失败状态,监测成功之后在转化为成功状态
}
高可用haproxy
[root@k8s-vip keepalived]# cat /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.ip_nonlocal_bind = 1
172.16.10.105
keepalived配置
cat /etc/keepalived/keepalived
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_script chk_haproxy {
script "/etc/keepalived/chk_haproxy.sh"
interval 1
weight -30
fall 3
rise 5
timeout 2
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 100
unicast_src_ip 172.16.10.105
unicast_peer {
172.16.10.50
}
advert_int 2
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.10.188/24 dev ens33 label ens33:0
172.16.10.189/24 dev ens33 label ens33:1
}
}
track_script {
chk_haproxy
}
}
yum install -y psmisc
[root@k8s-vip keepalived]# cat chk_haproxy.sh
#!/bin/bash
/usr/bin/killall -0 haproxy #判断进程是否存在
haporxy配置
[root@k8s-vip keepalived]# cat /etc/haproxy/haproxy.cfg
global
maxconn 10000
chroot /apps/haproxy
stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
log 127.0.0.1 local0
uid 99
gid 99
daemon
#nbthread 32
nbproc 4
cpu-map 1 0
cpu-map 2 1
cpu-map 3 2
cpu-map 4 3
pidfile /var/lib/haproxy/haproxy.pid
log 127.0.0.1 local3 info
defaults
option http-keep-alive #开启与客户端的会话保持
option forwardfor #透传客户端真实ip至后端web服务器
option redispatch #当server Id对应的服务器挂掉后,强制定向到其他健康的服务器,重新派发
option abortonclose #服务器负载很高的时候,自动结束掉当前队列处理比较久的连接,关闭
maxconn 10000
mode http
timeout connect 30s #客户端请求从haproxy到后端server的最长连接等待时间(tcp之前)
timeout client 30s #设置haproxy与客户端的最长非活动时间
timeout server 30s #客户端请求从haproxy到后端服务器的请求处理超时时长(tcp之后)
timeout http-keep-alive 120s #session会话保持超时时间,范围内会转发到相同的后端服务器
log global
errorfile 500 /usr/share/nginx/html/500.http
errorfile 502 /usr/share/nginx/html/502.http
errorfile 503 /usr/share/nginx/html/503.http
listen stats
mode http
bind 0.0.0.0:9999
stats enable
log global
stats uri /haproxy-status
stats auth gf:1234
stats hide-version
stats realm Haproxy\ statistics
stats admin if TRUE
listen web_port
bind 172.16.10.188:80
mode http
log global
server web1 172.16.10.61:80 check inter 3000 fall 2 rise 5
server web2 172.16.10.62:80 check inter 3000 fall 2 rise 5
高可用nginx
keepalived配置
cat /etc/keepalived/keepalived
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_script chk_haproxy {
script "/etc/keepalived/chk_nginx.sh"
interval 1
weight -30
fall 3
rise 5
timeout 2
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 100
unicast_src_ip 172.16.10.105
unicast_peer {
172.16.10.50
}
advert_int 2
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.10.188/24 dev ens33 label ens33:0
172.16.10.189/24 dev ens33 label ens33:1
}
}
track_script {
chk_nginx #调用脚本
}
}
yum install -y psmisc
[root@k8s-vip keepalived]# cat chk_haproxy.sh
#!/bin/bash
/usr/bin/killall -0 nginx #判断进程是否存在
nginx配置
upstream webserver {
server 172.16.10.61:80 weight=2 fail_timeout=15s max_fails=3;
server 172.16.10.62:80 weight=2 fail_timeout=15s max_fails=3;
}
server {
listen 80;
server_name 172.16.10.188;
access_log /var/nginx/logs/pc.gf.com-access.log access_json;
error_log /var/nginx/logs/pc.gf.com-error.log info;
location / {
index index.html;
proxy_pass http://webserver;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
仲裁设备
touch /etc/keepalived/down #当存在此仲裁设备时发生故障迁移,使用场景:在backup服务器探测文件时候存在,当master运行正常时没有此文件,当master异常的时候生成此文件,然后将backup服务器的优先级设置高于master,从而将vip接管到backup服务器
vrrp_backup chk_down {
script "/bin/bash -c '[[-f /etc/keepalived/device/down]]' && exit 0 || exit 7" #成功退出为0
interval 1
weight +80
fall 3
rise 5
timeout 2
}
m install -y psmisc
[root@k8s-vip keepalived]# cat chk_haproxy.sh
#!/bin/bash
/usr/bin/killall -0 nginx #判断进程是否存在
**nginx配置**
upstream webserver {
server 172.16.10.61:80 weight=2 fail_timeout=15s max_fails=3;
server 172.16.10.62:80 weight=2 fail_timeout=15s max_fails=3;
}
server {
listen 80;
server_name 172.16.10.188;
access_log /var/nginx/logs/pc.gf.com-access.log access_json;
error_log /var/nginx/logs/pc.gf.com-error.log info;
location / {
index index.html;
proxy_pass http://webserver;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
**仲裁设备**
touch /etc/keepalived/down #当存在此仲裁设备时发生故障迁移,使用场景:在backup服务器探测文件时候存在,当master运行正常时没有此文件,当master异常的时候生成此文件,然后将backup服务器的优先级设置高于master,从而将vip接管到backup服务器
vrrp_backup chk_down {
script “/bin/bash -c ‘[[-f /etc/keepalived/device/down]]’ && exit 0 || exit 7” #成功退出为0
interval 1
weight +80
fall 3
rise 5
timeout 2
}
扫一扫
1615
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
