HAProxy之三----keepalived配合脚本对HAProxy、ping网关实现高可用检测 |
| 发表者:admin分类:应用服务2023-02-02 15:45:17 阅读[293] |
HAProxy之三----keepalived配合脚本对HAProxy、ping网关实现高可用检测
调用脚本参数含义
1 2 3 4 5 6 7 8 9 10 | vrrp_script<SCRIPT_NAME> { #定义一个检测脚本,在global_defs之外配置 script <STRING>|<QUOTED-STRING> # shell命令或脚本路径 interval <INTEGER> # 间隔时间,单位为秒,默认1秒 timeout <INTEGER> # 超时时间 weight <INTEGER:-254..254> # 权重,监测失败后会执行权重+操作 fall <INTEGER> #脚本几次失败转换为失败 rise <INTEGER> # 脚本连续检测成果后,把服务器从失败标记为成功的次数 user USERNAME [GROUPNAME] # 执行监测的用户或组 init_fail # 设置默认标记为失败状态,监测成功之后再转换为成功状态} |
实战一:实现ping网关地址高可用检测
1、在主机A配置keepalived调用ping脚本。
书写一个脚本,ping主机的网关IP地址,如果ping不通时,启动以下keepalived配置文件中内容。
vim /etc/keepalived/ping.sh
1 2 3 4 5 6 7 | #!/bin/bashping -c 192.168.37.2 &> /dev/nullif [ $? -eq 0 ];then exit 0else exit 2fi |
加上执行权限:chmod +x ping.sh
配置keepalived文件,当以上ping脚本不通时,则执行以下配置文件,此时权重就会减50,就会降低优先级,此时VIP地址就会漂移到从服务器上。
vim /etc/keepalived/keepalived.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 | global_defs { notification_email { root@localhost.com } notification_email_from root@localhost.com smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka2 vrrp_skip_check_adv_addr vrrp_iptables vrrp_garp_interval 0 vrrp_gna_interval 0}vrrp_script linux_ping { 调用脚本时起名 script /etc/keepalived/ping.sh 调用脚本路径 interval 2 时间间隔2秒 weight -50 权重减50 fall 3 连续失败3次转为失败 rise 5 连续检测成功5次后,标记为成功 timeout 2 时间超时2秒}vrrp_instance VIP_1 { state MASTER interface ens33 virtual_router_id 50 priority 100 unicast_src_ip 192.168.37.7 unicast_peer { 192.168.37.17 } advert_int 2 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 192.168.37.100 dev ens33 label ens33:1 } track_script { linux_ping 检查脚本,将上面命名的名称进行调用 }} |
2、在B主机配置keepalived
书写一个脚本,ping主机的网关IP地址,如果ping不通时,启动以下keepalived配置文件中内容。
vim /etc/keepalived/ping.sh
1 2 3 4 5 6 7 | #!/bin/bashping -c 192.168.37.2 &> /dev/nullif [ $? -eq 0 ];then exit 0else exit 2fi |
加上执行权限:chmod +x ping.sh
vim /etc/keepalived/keepalived.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 | global_defs { notification_email { root@localhost } notification_email_from root@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka1 vrrp_skip_check_adv_addr vrrp_iptables vrrp_garp_interval 0 vrrp_gna_interval 0}vrrp_script linux_ping { script /etc/keepalived/ping.sh 也调用ping脚本,当从服务器Ping网关不通时也将权重减50,此时优先级变低,当主服务器恢复时,VIP地址就又会漂移到主服务器上。 interval 2 weight -50 fall 3 rise 5 timeout 2}vrrp_instance VIP_1 { state BACKUP interface ens33 virtual_router_id 50 priority 80 unicast_src_ip 192.168.37.17 unicast_peer { 192.168.37.7 } advert_int 2 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 192.168.37.100 dev ens33 label ens33:1 } track_script { linux_ping }} |
3、测试效果:
将ping.sh脚本的网关地址修改为不存在的IP地址.
vim /etc/keepalived/ping.sh
1 2 3 4 5 6 7 8 | #!/bin/bash#ping -c 192.168.37.2 &> /dev/null ping -c 192.168.77.2 &> /dev/nullif [ $? -eq 0 ];then exit 0else exit 2fi |
重启主从keepalived服务:systemctl reload keepalived
此时可以看到VIP地址已经漂移到从服务器上。
当主服务器的网关IP地址修改正确之后,VIP地址就又会飘回到主服务器上。
实战二:实现HAProxy高可用检测
1、在A主机配置keepalived,并写一个检测haproxy脚本
vim /etc/keepalived/chk_haproxy.sh
1 2 3 4 5 6 7 8 9 10 11 12 | #!/bin/bash##********************************************************************#Author: liu#QQ: 29308620#Date: 2019-12-26#FileName: /etc/keepalived/chk_haproxy.sh#URL: http://www.struggle.com#Description: The test script#Copyright (C): 2019 All rights reserved#********************************************************************killall -0 haproxy |
修改keepalived配置文件,调用检测haproxy脚本。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 | global_defs { notification_email { root@localhost.com } notification_email_from root@localhost.com smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka2 vrrp_skip_check_adv_addr vrrp_iptables vrrp_garp_interval 0 vrrp_gna_interval 0}vrrp_script chk_haproxy { script /etc/keepalived/chk_haproxy.sh # 调用chk_haproxy.sh脚本,发现haproxy宕机后就降级 interval 2 weight -50 fall 3 rise 5 timeout 2}vrrp_instance VIP_1 { state MASTER interface ens33 virtual_router_id 50 priority 100 unicast_src_ip 192.168.37.7 unicast_peer { 192.168.37.17 } advert_int 2 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 192.168.37.100 dev ens33 label ens33:1 } track_script { chk_haproxy 调用上面调用脚本的名称 }} |
配置A主机的haproxy文件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 | globalmaxconn 100000chroot /usr/local/haproxystats socket /var/lib/haproxy/haproxy.sock1 mode 600 level admin process 1stats socket /var/lib/haproxy/haproxy.sock2 mode 600 level admin process 2user haproxygroup haproxydaemonnbproc 2cpu-map 1 0cpu-map 2 1#cpu-map 3 2#cpu-map 4 3pidfile /run/haproxy.pidlog 127.0.0.1 local3 infodefaultsoption http-keep-aliveoption forwardformaxconn 100000mode httptimeout connect 300000mstimeout client 300000mstimeout server 300000mslisten stats bind :9527 stats enable stats hide-version stats uri /haproxy-status stats realm HAPorxy\Stats\Page stats auth haadmin:123456 stats auth admin:123456 stats refresh 30s stats admin if TRUElisten web_port bind 0.0.0.0:80 mode http log global server web1 192.168.7.102:80 check inter 3000 fall 2 rise 5 # 用户访问VIP地址之后,转发到后端服务器上 |
2、在B主机配置keepalived,并写一个检测haproxy脚本
vim /etc/keepalived/chk_haproxy.sh
1 2 3 4 5 6 7 8 9 10 11 12 | #!/bin/bash##********************************************************************#Author: liu#QQ: 29308620#Date: 2019-12-26#FileName: /etc/keepalived/chk_haproxy.sh#URL: http://www.struggle.com#Description: The test script#Copyright (C): 2019 All rights reserved#********************************************************************killall -0 haproxy 对haproxy发信号,确定haproxy的状态信息。 |
修改keepalived配置文件,调用检测haproxy脚本。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 | global_defs { notification_email { root@localhost.com } notification_email_from root@localhost.com smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka2 vrrp_skip_check_adv_addr vrrp_iptables vrrp_garp_interval 0 vrrp_gna_interval 0}vrrp_script chk_haproxy { script /etc/keepalived/chk_haproxy.sh # 调用chk_haproxy.sh脚本,发现haproxy宕机之后就降级 interval 2 weight -50 fall 3 rise 5 timeout 2}vrrp_instance VIP_1 { state BACKUP interface ens33 virtual_router_id 50 priority 100 unicast_src_ip 192.168.37.17 unicast_peer { 192.168.37.7 } advert_int 2 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 192.168.37.100 dev ens33 label ens33:1 } track_script { chk_haproxy 调用上面调用脚本的名称 }} |
配置B主机的haproxy文件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 | globalmaxconn 100000chroot /usr/local/haproxystats socket /var/lib/haproxy/haproxy.sock1 mode 600 level admin process 1stats socket /var/lib/haproxy/haproxy.sock2 mode 600 level admin process 2user haproxygroup haproxydaemonnbproc 2cpu-map 1 0cpu-map 2 1#cpu-map 3 2#cpu-map 4 3pidfile /run/haproxy.pidlog 127.0.0.1 local3 infodefaultsoption http-keep-aliveoption forwardformaxconn 100000mode httptimeout connect 300000mstimeout client 300000mstimeout server 300000mslisten stats bind :9527 stats enable stats hide-version stats uri /haproxy-status stats realm HAPorxy\Stats\Page stats auth haadmin:123456 stats auth admin:123456 stats refresh 30s stats admin if TRUElisten web_port bind 0.0.0.0:80 mode http log global server web1 192.168.7.102:80 check inter 3000 fall 2 rise 5 # 用户访问VIP地址之后,转发到后端服务器上 |
3、测试效果:
将A主机的haproxy服务器停掉,此时VIP地址就会漂移到从服务器上。
当启动haproxy服务器时,VIP地址就又会飘回主服务器上
如果想实现nginx的高可用检测,只需要将脚本改为:killall -0 nginx;
然后在keepalived配置文件添加一个调用此脚本即可,详细的nginx检测状态,请看:https://www.cnblogs.com/struggle-1216/p/12055924.html
转载请标明出处【HAProxy之三----keepalived配合脚本对HAProxy、ping网关实现高可用检测】。
《www.micoder.cc》
虚拟化云计算,系统运维,安全技术服务.
| Tags: | [阅读全文...] |
最新评论