keepalived高可用
1. lb部署keepalived
# 1.抢占式
LB01部署keepalived(master)
1.1 安装
[root@lb01 ~]#yum -y install keepalived
1.2 部署
```keepalived
[root@lb01 ~]#vim /etc/keepalived/keepalived.conf
global_defs {
router_id lb01 #标识运行 Keepalived 的主机
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 50 #虚拟id
priority 150 #优先级
advert_int 1 #心跳间隔为1秒(组播)
authentication {
auth_type PASS
auth_pass 1111 #组间密码
}
virtual_ipaddress {
10.0.0.3 #vip(虚拟ip)
}
}
```
1.3 启动keepalived服务
[root@lb01 ~]#systemctl start keepalived
[root@lb01 ~]#systemctl enable keepalived
# 2.LB02部署keepalived(backup)
2.1 安装
[root@lb02 ~]#yum -y install keepalived
2.2 部署
[root@lb02 ~]#cat /etc/keepalived/keepalived.conf
global_defs {
router_id lb02 #改
}
vrrp_instance VI_1 {
state BACKUP #改
interface ens33
virtual_router_id 50
priority 100 #低于master
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
}
2.3 启动keepalived服务
[root@lb02 ~]#systemctl start keepalived
[root@lb02 ~]#systemctl enable keepalived
# 2.非抢占式
2.1 nopreempt #只需加这个
2.2 重启
F2
1. 默认情况下,当连续3 次接收不到主设备的 VRRP 通告时,备份设备就会认为主设备不可用2. 模拟脑裂
# 1.开启防火墙
如果开启了防火墙,默认拒绝80和443的访问,只允许了SSH远程连接服务22端口
放行80和443端口
开启防火墙拒绝组播地址:IPv4: 224.0.0.18
[root@lb01 ~]#firewall-cmd --permanent --add-port=80/tcp
success
[root@lb01 ~]#firewall-cmd --permanent --add-port=443/tcp
success
[root@lb01 ~]#firewall-cmd --reload
success
# 抓包检查:[root@lb02 /etc/keepalived]#tcpdump -i ens33 vrrp -n
# 防火墙默认放行组播地址:# 查看防火墙是否允许 VRRP 协议
firewall-cmd --query-protocol=vrrp
输出应为 "yes"
# 关闭vrrp协议:
firewall-cmd --permanent --add-rich-rule='rule protocol value="vrrp" drop'
firewall-cmd --reload
# 开启vrrp协议
sudo firewall-cmd --permanent --add-rich-rule='rule protocol value="vrrp" accept'
sudo firewall-cmd --reload
或
firewall-cmd --permanent --add-rich-rule='rule protocol value="112" accept'
firewall-cmd --reload
注意:VRRP 协议 ≙ IP 协议号 112
firewalld 中只有 IP 协议号是可靠识别方式,别名不一定有效。设置完记得手动开启关闭防火墙,才能生效
3. 解决脑裂脚本
3.1 LB02写出现脑裂则自动杀死当前的keepalived服务(必须为抢占式)
``` shell
#2.2.1 探测本机是否存在10.0.0.3 lb02变量的值要么1 要么是0 存在为1 不存在为0
lb02=`ip a|grep 10.0.0.3|wc -l`
#2.2.2 探测lb01是否存在10.0.0.3
lb01=`ssh 10.0.0.5 "ip a|grep 10.0.0.3"|wc -l`
#2.2.3 判断两台如果同时存在10.0.0.3则关闭本机的keepalived
[ $lb01 -eq 1 -a $lb02 -eq 1 ] && systemctl stop keepalived
#2.2.4 开启lb02的防火墙测试脚本是否执行成功
[root@lb02 ~]# systemctl start firewalld
[root@lb02 ~]# sh test.sh
#查看LB02是否杀死了keepalived
```3.2 脚本探测nginx是否存在
[root@lb01 ~]#chmod +x chek.sh
[root@lb01 ~]#ll chek.sh
-rwxr-xr-x 1 root root 362 Apr 18 11:43 chek.sh
3.2 将脚本将keepalived结合
```shell
[root@lb01 ~]#cat /etc/keepalived/keepalived.conf
global_defs {
router_id lb01
}
vrrp_script check_web {
script "/root/chek.sh" #指定脚本路径
interval 3 #三秒执行一次
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 50
priority 150
#nopreempt
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
track_script {
check_web #检查脚本执行对错
}
}
本文是原创文章,采用 CC BY-NC-ND 4.0 协议,完整转载请注明来自 程序员小航
评论
匿名评论
隐私政策
你无需删除空行,直接评论以获取最佳展示效果
