合规国际互联网加速 OSASE为企业客户提供高速稳定SD-WAN国际加速解决方案。 广告
[TOC] # 用Keepalived实现haproxy的高可用 > 192.168.56.10 haproxy > 192.168.56.11 haproxy nginx > 虚拟ip:192.168.56.100 端口:1358 ## 1、安装组件 1、安装haproxy 192.168.56.10-11 ``` yum -y install haproxy yum -y install keepalived ``` 2、安装nginx 192.168.56.11 ``` yum -y install nginx ``` ## 2、配置 ### 2.1 haproxy配置 1、配置haproxy 两台机器配置一样,实验只负载一个nginx ``` vim /etc/haproxy/haproxy.cfg ``` ``` listen nginx-r bind 0.0.0.0:8888 mode http balance source server nginx1 192.168.56.11:8080 weight 1 maxconn 10000 check inter 10s ``` 启动 ``` haproxy -f /etc/haproxy/haproxy.cfg ``` 2、开启端口 ``` firewall-cmd --zone=public --add-port=8080/tcp --permanent firewall-cmd --zone=public --add-port=8888/tcp --permanent firewall-cmd --zone=public --add-port=1358/tcp --permanent firewall-cmd --reload ``` ## 一定要 防火墙开启vrrp 不开启会出现脑列的情况,即当master从故障恢复后,不能抢回vip ``` firewall-cmd --add-rich-rule='rule protocol value="vrrp" accept' --permanent firewall-cmd --reload ``` 访问haproxy测试 ![](https://box.kancloud.cn/8df3939ee0e1283815e2558eacb63de9_1290x472.png) ![](https://box.kancloud.cn/00f5d743e788f3145733f68a80863dcc_1368x472.png) ### 2.2 keepalived配置 ``` vim /etc/keepalived/keepalived.conf ``` 1)master配置 192.168.56.10 ``` ! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_DEVEL vrrp_skip_check_adv_addr vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_instance VI_1 { state MASTER //角色 interface enp0s8 //虚拟ip绑定网卡 virtual_router_id 51 //backup节点应与此id一致,否则vip无法漂移 priority 100 //值越大优先权越高,所以backup节点要低于此值 advert_int 1 authentication { //与backup节点认证的方式,需一致 auth_type PASS auth_pass 1111 } virtual_ipaddress { //虚拟ip 192.168.56.100 } track_script { //指定haproxy脚本的名称 chk_haproxy } } //以下部分是检查haproxy进程的脚本 vrrp_script chk_haproxy { script "killall -0 haproxy" interval 1 weight -5 fall 3 rise 5 } virtual_server 192.168.56.100 1358 { //虚拟ip地址 delay_loop 3 lb_algo rr lb_kind NAT persistence_timeout 50 protocol TCP real_server 192.168.56.10 8888 { //映射真是ip和端口 } } ``` 2)修改从配置 * 在backup(192.168.56.11)节点上需修改三处 * MASTER 改为BACKUP * priority 100 改为 priority 99 * real\_server 192.168.56.10 8888 改为real\_server 192.168.56.11 8888 * 另,查看系统网卡并修改interface ``` vrrp_instance VI_1 { state BACKUP //修改 interface enp0s8 //修改 virtual_router_id 51 priority 99 //修改 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.56.100 } } virtual_server 192.168.56.100 1358 { delay_loop 3 lb_algo rr lb_kind NAT persistence_timeout 50 protocol TCP real_server 192.168.56.11 8888 { //修改 } ``` 7、指定日志输出文件 1、/etc/sysconfig/keepalived  修改为  KEEPALIVED\_OPTIONS="-D -d -S 0" 2、/etc/rsyslog.conf 最后加  local0.\*                                                /var/log/keepalived.log 3、重启 /etc/init.d/rsyslog restart /etc/init.d/keepalived restart 3)启动 ``` service keepalived start ``` master状态: ![](https://box.kancloud.cn/872bd7fc6e55e6d305a292979849ec40_1841x648.png) backup状态: ![](https://box.kancloud.cn/db819bbfae0b0383de36c8ea4ee1d54f_1872x593.png) 访问vip: ![](https://box.kancloud.cn/e062289642d1a7a160646738418e9662_1436x473.png) ## 3、实验 1、停掉192.168.56.10 的haproxy vip漂移到了192.168.56.11上 ![](https://box.kancloud.cn/a5b1a197a8f09bd58a79023e23082f53_1742x624.png) 2、应用依然可以访问 ![](https://box.kancloud.cn/a5b1a197a8f09bd58a79023e23082f53_1742x624.png) 3、将192.168.56.10 的haproxy也停掉,应用不能访问le ![](https://box.kancloud.cn/7caeb3a9ce8125e971621fd16a6d893c_1411x672.png) 4、开启192.168.56.10 的haproxy ## keepalived配置 ``` 配置虚拟路由器: vrrp_instance <STRING> { .... } 专用参数: state MASTER|BACKUP:当前节点在此虚拟路由器上的初始状态;只能有一个是MASTER,余下的都应该为BACKUP; interface IFACE_NAME:绑定为当前虚拟路由器使用的物理接口; virtual_router_id VRID:当前虚拟路由器的惟一标识,范围是0-255; priority 100:当前主机在此虚拟路径器中的优先级;范围1-254; advert_int 1:vrrp通告的时间间隔; authentication { auth_type AH|PASS auth_pass <PASSWORD> } virtual_ipaddress { <IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPE> label <LABEL> 192.168.200.17/24 dev eth1 192.168.200.18/24 dev eth2 label eth2:1 } track_interface { eth0 eth1 ... } 配置要监控的网络接口,一旦接口出现故障,则转为FAULT状态; nopreempt:定义工作模式为非抢占模式; preempt_delay 300:抢占式模式下,节点上线后触发新选举操作的延迟时长; 定义通知脚本: notify_master <STRING>|<QUOTED-STRING>:当前节点成为主节点时触发的脚本 notify_backup <STRING>|<QUOTED-STRING>:当前节点转为备节点时触发的脚本; notify_fault <STRING>|<QUOTED-STRING>:当前节点转为“失败”状态时触发的脚本; notify <STRING>|<QUOTED-STRING>:通用格式的通知触发机制,一个脚本可完成以上三种状态的转换时的通知; ``` # NGINX高可用 ## master 1.keepalived.conf ``` ! Configuration File for keepalived global_defs { router_id LVS_DEVEL } vrrp_script chk_http_port { script "/etc/keepalived/check_nginx.sh" interval 2 #(检测脚本执行的间隔) weight -20 } vrrp_instance VI_1 { state MASTER nopreempt interface bond1 virtual_router_id 53 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 136.160.160.218 } track_script { chk_http_port } } ``` 2. check_nginx.sh ``` #!/bin/bash COUNT=$(ps -C nginx --no-header |wc -l) echo $COUNT #判断Nginx 是否都挂掉了 if [ $COUNT -eq 0 ] then #如果挂掉了,就启动nginx /data/pinpoint/nginx/nginx/sbin/nginx -c /data/pinpoint/nginx/nginx/conf/nginx.conf echo "重启nginx" #等5秒钟后,再次查看是否 启动成功 sleep 15 #如果nginx没有启动起来,就直接干掉keepalived COUNT=$(ps -C nginx --no-header |wc -l) if [ $COUNT -eq 0 ] then echo "干掉keepalived" #如果killall命令不能使用,就需要安装psmisc工具了 #yum install -y psmisc killall keepalived fi fi ``` ## slave ``` ! Configuration File for keepalived global_defs { router_id LVS_DEVEL } vrrp_script chk_http_port { script "/etc/keepalived/check_nginx.sh" interval 2 #(检测脚本执行的间隔) weight -20 } vrrp_instance VI_1 { state BACKUP # backup nopreempt interface bond1 virtual_router_id 53 priority 90 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 136.160.160.218 } track_script { chk_http_port } } ``` nginx脚本一样