目標: Keeplaived 簡單模擬測試一下Nginx 故障切換
前言:C7 默認的 1.3.5 似乎有點問題,改裝 keepalived-2.0.7
1:安裝 Nginx 和確認 (略)
2:安裝配置 Keepalived
3:Nginx 健康腳本
4:Maix 郵件報警
2:安裝配置 Keepalived
2.1 安裝 cheese 源
# wget http://www.nosuchhost.net/~cheese/fedora/packages/epel-7/x86_64/cheese-release-7-1.noarch.rpm
2.2 rpm -ivh cheese-release-7-1.noarch.rpm
2.3 yum install keepalived
======================================================================
Package Arch Version Repository Size
======================================================================
Installing:
keepalived x86_64 2.0.7-1.el7 cheese 417 k
Installing for dependencies:
libnl x86_64 1.1.4-3.el7 base 128 k
lm_sensors-libs x86_64 3.4.0-8.20160601gitf9185e5.el7 base 42 k
net-snmp-agent-libs x86_64 1:5.7.2-48.el7_8.1 updates 707 k
net-snmp-libs x86_64 1:5.7.2-48.el7_8.1 updates 751 k
Transaction Summary
======================================================================
2.4 配置
# vi /etc/keepalived/keepalived.conf
主節點配置
########## Master ##################
global_defs {
notification_email {
acassen@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict # 需要注釋掉
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER # 主節點
interface ens192 # 網卡名稱 !
virtual_router_id 51
priority 100 # 優先級高
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.5.40 # 虛擬IP
}
}
########## 余下內容可先刪除 ###########
備用節點配置
########## Backup ##################
global_defs {
notification_email {
acassen@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict # 需要注釋掉
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state Backup # 備用節點
interface ens192 # 網卡名稱 !
virtual_router_id 51
priority 90 # 優先級低
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.5.40 # 虛擬IP
}
}
########## 余下內容可先刪除 ########
2.5 服務啟動
# systemctl start keepalived (主/備順序啟動)
# tailf /var/log/message (可監控LOG)
41 systemd: Starting LVS and VRRP High Availability Monitor...
41 Keepalived[1332]: Starting Keepalived v2.0.7 (08/23,2018)
41 Keepalived[1332]: Running on Linux 3.10.0-1127.13.1.el7.x86_64 #1 SMP Tue Jun 23 (built for Linux 3.10.0)
41 Keepalived[1332]: Command line: '/usr/sbin/keepalived' '-D'
41 Keepalived[1332]: Opening file '/etc/keepalived/keepalived.conf'.
41 Keepalived[1332]: (Line 13) number '0' outside range [1e-06, 4294]
41 Keepalived[1332]: (Line 13) vrrp_garp_interval '0' is invalid
41 Keepalived[1332]: (Line 14) number '0' outside range [1e-06, 4294]
41 Keepalived[1332]: (Line 14) vrrp_gna_interval '0' is invalid
41 systemd: Started LVS and VRRP High Availability Monitor.
41 Keepalived[1333]: Starting VRRP child process, pid=1334
41 Keepalived_vrrp[1334]: Registering Kernel netlink reflector
41 Keepalived_vrrp[1334]: Registering Kernel netlink command channel
41 Keepalived_vrrp[1334]: Opening file '/etc/keepalived/keepalived.conf'.
41 Keepalived_vrrp[1334]: Assigned address 192.168.5.41 for interface ens192
41 Keepalived_vrrp[1334]: Registering gratuitous ARP shared channel
41 Keepalived_vrrp[1334]: (VI_1) removing VIPs.
41 Keepalived_vrrp[1334]: (VI_1) Entering BACKUP STATE (init)
41 Keepalived_vrrp[1334]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(8,9)]
41 Keepalived_vrrp[1334]: (VI_1) Receive advertisement timeout
41 Keepalived_vrrp[1334]: (VI_1) Entering MASTER STATE
41 Keepalived_vrrp[1334]: (VI_1) setting VIPs.
41 Keepalived_vrrp[1334]: Sending gratuitous ARP on ens192 for 192.168.5.40
41 Keepalived_vrrp[1334]: (VI_1) Sending/queueing gratuitous ARPs on ens192 for 192.168.5.40
41 Keepalived_vrrp[1334]: Sending gratuitous ARP on ens192 for 192.168.5.40
※ number '0' outside range 可以改成 0.001
# ip addr (主節點虛擬ip OK )
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:5f:11:11 brd ff:ff:ff:ff:ff:ff
inet 192.168.5.41/24 brd 192.168.5.255 scope global ens192
valid_lft forever preferred_lft forever
inet 192.168.5.40/32 scope global ens192
valid_lft forever preferred_lft forever
# ip addr (備份節點 無虛擬ip)
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:22:22:22 brd ff:ff:ff:ff:ff:ff
inet 192.168.5.42/24 brd 192.168.5.255 scope global ens192
valid_lft forever preferred_lft forever
2.6 訪問測試
C:\Users\liu>ping 192.168.5.40
正在 Ping 192.168.5.40 具有 32 字節的數據:
來自 192.168.5.40 的回復: 字節=32 時間=8ms TTL=63
來自 192.168.5.40 的回復: 字節=32 時間=8ms TTL=63
64 bytes from 192.168.5.40: icmp_seq=1 ttl=64 time=0.047 ms
web 服務應該也能正常訪問(主節點提供)
2.7 手動切換測試
# systemctl stop keepalived (主節點 停服務)
# tailf /var/log/message (備用節點LOG顯示已經接管)
42 Keepalived_vrrp[1570]: (VI_1) Backup received priority 0 advertisement
42 Keepalived_vrrp[1570]: (VI_1) Receive advertisement timeout
42 Keepalived_vrrp[1570]: (VI_1) Entering MASTER STATE
42 Keepalived_vrrp[1570]: (VI_1) setting VIPs.
42 Keepalived_vrrp[1570]: Sending gratuitous ARP on ens192 for 192.168.5.40
42 Keepalived_vrrp[1570]: (VI_1) Sending/queueing gratuitous ARPs on ens192 for 192.168.5.40
42 Keepalived_vrrp[1570]: Sending gratuitous ARP on ens192 for 192.168.5.40
web 服務應該也能正常訪問(備用節點提供)
如果主節點恢復后會重新接管服務(根據配置)
3:Nginx 健康腳本
3.1 編輯 Nginx 監控Shell(使用腳本自動檢測和切換服務,注意腳本運行權限)
# vi /etc/keepalived/nginx_health.sh
#!/bin/bash
counter=$(ps -C nginx --no-heading|wc -l)
if [ "${counter}" = "0" ]; then
/usr/sbin/nginx
sleep 2
counter=$(ps -C nginx --no-heading|wc -l)
if [ "${counter}" = "0" ]; then
systemctl stop keepalived
fi
fi
3.2 keepalived 配置文件中添加監控項
########## Master ##################
global_defs {
notification_email {
acassen@firewall.loc # mail 故障報警
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict # 需要注釋掉
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_script nginx_check {
script "/etc/keepalived/nginx_health.sh" # nginx 檢測腳本路徑
interval 2 # 檢測間隔
weight -20 # 如果條件成立權重 -20 注意數字
}
vrrp_instance VI_1 {
state MASTER # 主節點
interface eth0 # 網卡名稱 !
virtual_router_id 51
priority 100 # 優先級高
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
nginx_check # Nginx監控服務
}
virtual_ipaddress {
192.168.5.40 # 虛擬IP
}
}
########## 余下內容可先刪除 ########
4:Mailx 郵件報警
4.1 安裝mailx和配置(略)
注意25端口是否能夠發送
4.2 編輯郵件監控Shell(使用腳本自動發送服務切換郵件,注意腳本運行權限)
# vi /etc/keepalived/mail.sh
contact='admin@cnblog.xyz'
notify() {
mailsubject="$(hostname) to be $1, vip Trans"
mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"
echo "$mailbody" | mail -s "$mailsubject" $contact
}
case $1 in
master)
notify master
;;
backup)
notify backup
;;
fault)
notify fault
;;
*)
echo "Usage: $(basename $0) {master|backup|fault}"
exit 1
;;
esac
4.3 手動測試一下郵件腳本
[root@ nginx-A1] # sh /etc/keepalived/mail.sh backup
正常情況下應該能收到郵件
4.4 keepalived 配置文件中添加配置
...
vrrp_script nginx_check {
script "/etc/keepalived/nginx_health.sh"
interval 2
weight -20
}
notify_master "/etc/keepalived/mail.sh master"
notify_backup "/etc/keepalived/mail.sh backup"
notify_fault "/etc/keepalived/mail.sh fault"
}
主備切換時候正常情況下應該收到2封郵件。