keepalived 自生存活监测

vrrp script

keepalived调用外部的辅助脚本进行资源监控，并根据监控的结果状态能实现优先动态调整。也就是keepalived监测自身，当自身挂了之后主动让出VIP。

需要对vrrp_script:自定义资源监控脚本，vrrp实例根据脚本返回值进行下一步操作，脚本可被多个实例调用。 track_script:调用vrrp_script定义的脚本去监控资源，定义在实例之内，调用事先定义的vrrp_script

---

vrrp_script

vrrp_script 
    
      {         #定义 名称    script 
     
      |
      
        #定义脚本所在的位置    interval 
       
                      #间隔多久执行一次脚本    timeout 
        
                        #多久么有返回值就失败    weight 
         
           #权重-254到254，如果监测失败则当前优先权减去次权重，如果 rise 
          
            #服务器下线了开始监测多少测成功则上线 fall 
           
             #服务器连续检测多少测都失败，则标记为失败 user USERNAME [GROUPNAME] #一般为root init_fail #在未进行监测时，默认为失败。}
           
          
         
        
       
      
     
    

keepalived+lvs实现自生存活监测

由于lvs没有进程，所以只能使用脚本去访问第三方的设备来探测自己是否存活，比如本机的端口，或者网关。

配置方法1

1.创建出一个ping脚本

[root@s1 ~]# vim /etc/keepalived/ping.sh#!/bin/bashping -c 2 172.20.0.1 &> /dev/nullif [ $? -eq 0 ];then    exit 0else    exit 2fi

2.修改keepalived配置文件

vrrp_script check {                     #定义脚本        script /etc/keepalived/ping.sh        interval 2        weight -50        fall 3        rise 5        timeout 2}vrrp_instance VI_1 {    state Master    interface ens33    virtual_router_id 27    priority 100    advert_int 2    authentication {        auth_type PASS        auth_pass 1111    }    unicast_src_ip 172.20.27.10    unicast_peer {    172.20.27.11    }    virtual_ipaddress {        172.20.27.100 dev ens33 label ens33:0    }    track_script {              #调用脚本        check    }}#在另一台主机上也执行相同的配置

3.重启服务后查看vip

[root@s1 ~]# ifconfigens33: flags=4163
    
       mtu 1500        inet 172.20.27.10  netmask 255.255.0.0  broadcast 172.20.255.255        inet6 fe80::20c:29ff:fec5:123c  prefixlen 64  scopeid 0x20
             ether 00:0c:29:c5:12:3c  txqueuelen 1000  (Ethernet)        RX packets 540749  bytes 43766835 (41.7 MiB)        RX errors 0  dropped 12  overruns 0  frame 0        TX packets 78080  bytes 11718371 (11.1 MiB)        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0ens33:0: flags=4163
     
        mtu 1500        inet 172.20.27.100  netmask 255.255.255.255  broadcast 0.0.0.0        ether 00:0c:29:c5:12:3c  txqueuelen 1000  (Ethernet)#vip在当前的主机上
     
    

4.测试

更改ping.sh脚本中的地址到一个不存在的地址，并对keepalived日志进行跟踪

[root@s1 ~]# tail -f /var/log/messages Jun  8 15:48:37 s1 Keepalived_healthcheckers[10792]: SMTP alert successfully sent.Jun  8 15:50:05 s1 Keepalived_vrrp[10793]: /etc/keepalived/ping.sh exited due to signal 15          #脚本监测失败Jun  8 15:50:07 s1 Keepalived_vrrp[10793]: /etc/keepalived/ping.sh exited due to signal 15          #脚本监测失败Jun  8 15:50:09 s1 Keepalived_vrrp[10793]: VRRP_Script(check) timed out                             #连续三次次超时Jun  8 15:50:09 s1 Keepalived_vrrp[10793]: VRRP_Instance(VI_1) Changing effective priority from 100 to 50       #优先级从100降低到50Jun  8 15:50:09 s1 Keepalived_vrrp[10793]: /etc/keepalived/ping.sh exited due to signal 15          #脚本监测失败Jun  8 15:50:11 s1 Keepalived_vrrp[10793]: VRRP_Instance(VI_1) Received advert with higher priority 80, ours 50     #发现备节点的优先级比本机高，主动让出vip

查看vip是否在s2节点上

[root@s2 ~]# ifconfigens33: flags=4163
    
       mtu 1500        inet 172.20.27.11  netmask 255.255.0.0  broadcast 172.20.255.255        inet6 fe80::20c:29ff:fe4d:1ce3  prefixlen 64  scopeid 0x20
             ether 00:0c:29:4d:1c:e3  txqueuelen 1000  (Ethernet)        RX packets 535679  bytes 43641678 (41.6 MiB)        RX errors 0  dropped 0  overruns 0  frame 0        TX packets 36428  bytes 3457323 (3.2 MiB)        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0ens33:0: flags=4163
     
        mtu 1500        inet 172.20.27.100  netmask 255.255.255.255  broadcast 0.0.0.0        ether 00:0c:29:4d:1c:e3  txqueuelen 1000  (Ethernet)#VIP在备节点上
     
    

配置方法2

在脚本中判断lvs后端的服务器是否存在，如果存不存在，则创建一个文件

在vrrp_script中判断文件是否存在如果文件存在，则表示自己挂了，将自己的优先级减低让出vip

script "/bin/bash -c '[[ -f /etc/keepalived/down ]]' && exit 7 || exit 0"

---

HAProxy+keepalived的检测机制

HAProxy+keepalived的检测方式可以使用curl HAProxy的状态页面，或者使用killall -0对HAProxy发送一个信号，如果进程存在则返回值为0，如果进程不存在则返回值为非0

配置方法1

1.创建检测脚本

[root@s1 ~]# vim /etc/keepalived/curl.sh#!/bin/bashcurl -I http://172.20.27.10:9000/haproxy-status &> /dev/nullif [ $? -eq 0 ];then    exit 0else    exit 2fi

2.修改keepalived配置文件定义vrrp_script和调用

root@s1 ~]# cat /etc/keepalived/keepalived.conf ! Configuration File for keepalivedglobal_defs {   notification_email {    root@mylinuxops.com   }   notification_email_from root@mylinuxops.com   smtp_server 127.0.0.1   smtp_connect_timeout 30   router_id s1.mylinuxops.com   vrrp_skip_check_adv_addr   #vrrp_strict   vrrp_iptables   vrrp_garp_interval 0   vrrp_gna_interval 0}vrrp_script check {                         #定义脚本名    script /etc/keepalived/curl.sh          #定义脚本路径    interval 2    weight -50    fall 3    rise 5    timeout 2}vrrp_instance VI_1 {    state Master    interface ens33    virtual_router_id 27    priority 100    advert_int 2    authentication {        auth_type PASS        auth_pass 1111    }    unicast_src_ip 172.20.27.10    unicast_peer {    172.20.27.11    }    virtual_ipaddress {    172.20.27.100 dev ens33 label ens33:0    }    track_script {    check                               #调用脚本    }}#另一台服务器也执行相同的操作

3.重启服务后查看vip是否存在

[root@s1 ~]# ifconfigens33: flags=4163
    
       mtu 1500        inet 172.20.27.10  netmask 255.255.0.0  broadcast 172.20.255.255        inet6 fe80::20c:29ff:fec5:123c  prefixlen 64  scopeid 0x20
             ether 00:0c:29:c5:12:3c  txqueuelen 1000  (Ethernet)        RX packets 639634  bytes 52435377 (50.0 MiB)        RX errors 0  dropped 12  overruns 0  frame 0        TX packets 103375  bytes 13944325 (13.2 MiB)        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0ens33:0: flags=4163
     
        mtu 1500        inet 172.20.27.100  netmask 255.255.255.255  broadcast 0.0.0.0        ether 00:0c:29:c5:12:3c  txqueuelen 1000  (Ethernet)lo: flags=73
      
         mtu 65536        inet 127.0.0.1  netmask 255.0.0.0        inet6 ::1  prefixlen 128  scopeid 0x10
       
                loop  txqueuelen 1000  (Local Loopback)        RX packets 4511  bytes 317479 (310.0 KiB)        RX errors 0  dropped 0  overruns 0  frame 0        TX packets 4511  bytes 317479 (310.0 KiB)        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
       
      
     
    

4.停止haproxy并追踪日志

[root@s1 ~]# tail -f /var/log/messages Jun  8 17:15:16 s1 Keepalived_vrrp[16954]: /etc/keepalived/curl.sh exited with status 2Jun  8 17:15:18 s1 Keepalived_vrrp[16954]: /etc/keepalived/curl.sh exited with status 2Jun  8 17:15:20 s1 Keepalived_vrrp[16954]: /etc/keepalived/curl.sh exited with status 2     #连续3次无法curl到页面Jun  8 17:15:20 s1 Keepalived_vrrp[16954]: VRRP_Script(check) failedJun  8 17:15:20 s1 Keepalived_vrrp[16954]: VRRP_Instance(VI_1) Changing effective priority from 100 to 50       #自动将优先级降低50Jun  8 17:15:22 s1 Keepalived_vrrp[16954]: VRRP_Instance(VI_1) Received advert with higher priority 80, ours 50     #发现备的优先级比自己高Jun  8 17:15:22 s1 Keepalived_vrrp[16954]: VRRP_Instance(VI_1) Entering BACKUP STATE        #自己转为备Jun  8 17:15:22 s1 Keepalived_vrrp[16954]: VRRP_Instance(VI_1) removing protocol VIPs.Jun  8 17:15:22 s1 Keepalived_vrrp[16954]: /etc/keepalived/curl.sh exited with status 2Jun  8 17:15:24 s1 Keepalived_vrrp[16954]: /etc/keepalived/curl.sh exited with status 2

配置方法2

使用killall -0 haproxy对进程发起信号

1.安装killall

[root@s1 ~]# yum install psmisc -y

2.修改配置文件

[root@s1 ~]# vim /etc/keepalived/keepalived.conf ! Configuration File for keepalivedglobal_defs {   notification_email {        root@mylinuxops.com   }   notification_email_from root@mylinuxops.com   smtp_server 127.0.0.1   smtp_connect_timeout 30   router_id s1.mylinuxops.com   vrrp_skip_check_adv_addr   #vrrp_strict   vrrp_iptables   vrrp_garp_interval 0   vrrp_gna_interval 0}vrrp_script check {                         #定义脚本名称        script "killall -0 haproxy"         #由于脚本中只有一条命令，直接写在这里就行，无需再写脚本        interval 2        weight -50        fall 3        rise 5        timeout 2}vrrp_instance VI_1 {    state Master    interface ens33    virtual_router_id 27    priority 100    advert_int 2    authentication {        auth_type PASS        auth_pass 1111    }    unicast_src_ip 172.20.27.10    unicast_peer {    172.20.27.11    }    virtual_ipaddress {        172.20.27.100 dev ens33 label ens33:0    }    track_script {        check                               #调用脚本    }}

3.重启服务后查看vip是否存在

[root@s1 ~]# ifconfigens33: flags=4163
    
       mtu 1500        inet 172.20.27.10  netmask 255.255.0.0  broadcast 172.20.255.255        inet6 fe80::20c:29ff:fec5:123c  prefixlen 64  scopeid 0x20
             ether 00:0c:29:c5:12:3c  txqueuelen 1000  (Ethernet)        RX packets 639634  bytes 52435377 (50.0 MiB)        RX errors 0  dropped 12  overruns 0  frame 0        TX packets 103375  bytes 13944325 (13.2 MiB)        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0ens33:0: flags=4163
     
        mtu 1500        inet 172.20.27.100  netmask 255.255.255.255  broadcast 0.0.0.0        ether 00:0c:29:c5:12:3c  txqueuelen 1000  (Ethernet)lo: flags=73
      
         mtu 65536        inet 127.0.0.1  netmask 255.0.0.0        inet6 ::1  prefixlen 128  scopeid 0x10
       
                loop  txqueuelen 1000  (Local Loopback)        RX packets 4511  bytes 317479 (310.0 KiB)        RX errors 0  dropped 0  overruns 0  frame 0        TX packets 4511  bytes 317479 (310.0 KiB)        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
       
      
     
    

4.停止haproxy并追踪日志

[root@s1 ~]# tail -f /var/log/messages Jun  8 17:30:53 s1 Keepalived_vrrp[18639]: /usr/bin/killall -0 haproxy exited with status 1Jun  8 17:30:55 s1 Keepalived_vrrp[18639]: /usr/bin/killall -0 haproxy exited with status 1Jun  8 17:30:57 s1 Keepalived_vrrp[18639]: /usr/bin/killall -0 haproxy exited with status 1Jun  8 17:30:57 s1 Keepalived_vrrp[18639]: VRRP_Script(check) failed                            #连续监测3次失败Jun  8 17:30:57 s1 Keepalived_vrrp[18639]: VRRP_Instance(VI_1) Changing effective priority from 100 to 50           #优先级降低为50Jun  8 17:30:59 s1 Keepalived_vrrp[18639]: VRRP_Instance(VI_1) Received advert with higher priority 80, ours 50     #发现有优先级比当前高的主机Jun  8 17:30:59 s1 Keepalived_vrrp[18639]: VRRP_Instance(VI_1) Entering BACKUP STATE                                #自动将为备Jun  8 17:30:59 s1 Keepalived_vrrp[18639]: VRRP_Instance(VI_1) removing protocol VIPs.                              #移除vipJun  8 17:30:59 s1 Keepalived_vrrp[18639]: /usr/bin/killall -0 haproxy exited with status 1Jun  8 17:31:01 s1 Keepalived_vrrp[18639]: /usr/bin/killall -0 haproxy exited with status 1Jun  8 17:31:03 s1 Keepalived_vrrp[18639]: /usr/bin/killall -0 haproxy exited with status 1