[TOC] # 用Keepalived實現haproxy的高可用 > 192.168.56.10 haproxy > 192.168.56.11 haproxy nginx > 虛擬ip：192.168.56.100 端口：1358 ## 1、安裝組件 1、安裝haproxy 192.168.56.10-11 ``` yum -y install haproxy yum -y install keepalived ``` 2、安裝nginx 192.168.56.11 ``` yum -y install nginx ``` ## 2、配置 ### 2.1 haproxy配置 1、配置haproxy 兩臺機器配置一樣,實驗只負載一個nginx ``` vim /etc/haproxy/haproxy.cfg ``` ``` listen nginx-r bind 0.0.0.0:8888 mode http balance source server nginx1 192.168.56.11:8080 weight 1 maxconn 10000 check inter 10s ``` 啟動 ``` haproxy -f /etc/haproxy/haproxy.cfg ``` 2、開啟端口 ``` firewall-cmd --zone=public --add-port=8080/tcp --permanent firewall-cmd --zone=public --add-port=8888/tcp --permanent firewall-cmd --zone=public --add-port=1358/tcp --permanent firewall-cmd --reload ``` ## 一定要 防火墻開啟vrrp 不開啟會出現腦列的情況，即當master從故障恢復后，不能搶回vip ``` firewall-cmd --add-rich-rule='rule protocol value="vrrp" accept' --permanent firewall-cmd --reload ``` 訪問haproxy測試   ### 2.2 keepalived配置 ``` vim /etc/keepalived/keepalived.conf ``` 1）master配置 192.168.56.10 ``` ! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_DEVEL vrrp_skip_check_adv_addr vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_instance VI_1 { state MASTER //角色 interface enp0s8 //虛擬ip綁定網卡 virtual_router_id 51 //backup節點應與此id一致，否則vip無法漂移 priority 100 //值越大優先權越高，所以backup節點要低于此值 advert_int 1 authentication { //與backup節點認證的方式，需一致 auth_type PASS auth_pass 1111 } virtual_ipaddress { //虛擬ip 192.168.56.100 } track_script { //指定haproxy腳本的名稱 chk_haproxy } } //以下部分是檢查haproxy進程的腳本 vrrp_script chk_haproxy { script "killall -0 haproxy" interval 1 weight -5 fall 3 rise 5 } virtual_server 192.168.56.100 1358 { //虛擬ip地址 delay_loop 3 lb_algo rr lb_kind NAT persistence_timeout 50 protocol TCP real_server 192.168.56.10 8888 { //映射真是ip和端口 } } ``` 2）修改從配置 * 在backup（192.168.56.11）節點上需修改三處 * MASTER 改為BACKUP * priority 100 改為 priority 99 * real\_server 192.168.56.10 8888 改為real\_server 192.168.56.11 8888 * 另，查看系統網卡并修改interface ``` vrrp_instance VI_1 { state BACKUP //修改 interface enp0s8 //修改 virtual_router_id 51 priority 99 //修改 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.56.100 } } virtual_server 192.168.56.100 1358 { delay_loop 3 lb_algo rr lb_kind NAT persistence_timeout 50 protocol TCP real_server 192.168.56.11 8888 { //修改 } ``` 7、指定日志輸出文件 1、/etc/sysconfig/keepalived? 修改為　　KEEPALIVED\_OPTIONS="-D?-d?-S?0" 2、/etc/rsyslog.conf 最后加　　local0.\*????????????????????????????????????????????????/var/log/keepalived.log 3、重啟 /etc/init.d/rsyslog?restart /etc/init.d/keepalived?restart 3）啟動 ``` service keepalived start ``` master狀態：  backup狀態：  訪問vip：  ## 3、實驗 1、停掉192.168.56.10 的haproxy vip漂移到了192.168.56.11上  2、應用依然可以訪問  3、將192.168.56.10 的haproxy也停掉，應用不能訪問le  4、開啟192.168.56.10 的haproxy ## keepalived配置 ``` 配置虛擬路由器： vrrp_instance <STRING> { .... } 專用參數： state MASTER|BACKUP：當前節點在此虛擬路由器上的初始狀態；只能有一個是MASTER，余下的都應該為BACKUP； interface IFACE_NAME：綁定為當前虛擬路由器使用的物理接口； virtual_router_id VRID：當前虛擬路由器的惟一標識，范圍是0-255； priority 100：當前主機在此虛擬路徑器中的優先級；范圍1-254； advert_int 1：vrrp通告的時間間隔； authentication { auth_type AH|PASS auth_pass <PASSWORD> } virtual_ipaddress { <IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPE> label <LABEL> 192.168.200.17/24 dev eth1 192.168.200.18/24 dev eth2 label eth2:1 } track_interface { eth0 eth1 ... } 配置要監控的網絡接口，一旦接口出現故障，則轉為FAULT狀態； nopreempt：定義工作模式為非搶占模式； preempt_delay 300：搶占式模式下，節點上線后觸發新選舉操作的延遲時長； 定義通知腳本： notify_master <STRING>|<QUOTED-STRING>：當前節點成為主節點時觸發的腳本 notify_backup <STRING>|<QUOTED-STRING>：當前節點轉為備節點時觸發的腳本； notify_fault <STRING>|<QUOTED-STRING>：當前節點轉為“失敗”狀態時觸發的腳本； notify <STRING>|<QUOTED-STRING>：通用格式的通知觸發機制，一個腳本可完成以上三種狀態的轉換時的通知； ``` # NGINX高可用 ## master 1.keepalived.conf ``` ! Configuration File for keepalived global_defs { router_id LVS_DEVEL } vrrp_script chk_http_port { script "/etc/keepalived/check_nginx.sh" interval 2 #（檢測腳本執行的間隔） weight -20 } vrrp_instance VI_1 { state MASTER nopreempt interface bond1 virtual_router_id 53 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 136.160.160.218 } track_script { chk_http_port } } ``` 2. check_nginx.sh ``` #!/bin/bash COUNT=$(ps -C nginx --no-header |wc -l) echo $COUNT #判斷Nginx 是否都掛掉了 if [ $COUNT -eq 0 ] then #如果掛掉了，就啟動nginx /data/pinpoint/nginx/nginx/sbin/nginx -c /data/pinpoint/nginx/nginx/conf/nginx.conf echo "重啟nginx" #等5秒鐘后，再次查看是否 啟動成功 sleep 15 #如果nginx沒有啟動起來，就直接干掉keepalived COUNT=$(ps -C nginx --no-header |wc -l) if [ $COUNT -eq 0 ] then echo "干掉keepalived" #如果killall命令不能使用，就需要安裝psmisc工具了 #yum install -y psmisc killall keepalived fi fi ``` ## slave ``` ! Configuration File for keepalived global_defs { router_id LVS_DEVEL } vrrp_script chk_http_port { script "/etc/keepalived/check_nginx.sh" interval 2 #（檢測腳本執行的間隔） weight -20 } vrrp_instance VI_1 { state BACKUP # backup nopreempt interface bond1 virtual_router_id 53 priority 90 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 136.160.160.218 } track_script { chk_http_port } } ``` nginx腳本一樣