使用Keepalived在VPC实现高可用架构
更新时间:2024-08-26
概览
Keepalived的作用是检测服务器的状态,通常用来搭建高可用服务,例如Nginx、MySQL等。
需求场景
当主服务器发生故障无法对外提供服务时,动态将辅助IP切换到备服务器,继续对外提供服务。
方案概述
通常高可用主备集群包含2台服务器,一台主服务器处于某种业务的激活状态(即Active状态),另一台备服务器处于该业务的备用状态(即Standby状态),主服务器上绑定了一个辅助IP,当主服务器出现问题时,主服务器释放该辅助IP,然后备用服务器绑定该辅助IP继续提供服务。
示例场景:
3台云主机,其中2台作为主备,其中一台进行流量测试。弹性网卡辅助IP为172.16.0.100。
| 云主机名称 | 虚机ID | 网卡ID | 内网IP | 角色 |
|---|---|---|---|---|
| VM1 | i-U63mWIg9 | eni-jdbx8ddgpsz1 | 172.16.0.202 | 主 |
| VM2 | i-jW72IAK8 | eni-1jvkdmai1iu1 | 172.16.0.203 | 备 |
| VM3 | i-Y99AbvOF | eni-h5242i8788v0 | 172.16.0.201 | 测试机 |
配置步骤
1.在主服务器和备服务器上搭建Keepalived,使用 yum 方式安装软件包。
Plain Text
1 # yum install keepalived -y2.设置抢占默认,配置脚本来check服务。keeplived check脚本/tmp/check_status.sh如下:
Plain Text
1#!/bin/sh
2if [ ! -f /tmp/down ]; then
3 exit 1
4fi
5exit 0如何获取AKSK
生成POST token的文件 post_sign.py
生成DELETE token的文件 delete_sign.py
地址切换脚本changed_ip.sh如下:
Plain Text
1#!/bin/bash
2
3STATUS=$1
4MASTERENI=$2
5BACKUPENI=$3
6IP=$4
7
8set_master_eni_ip()
9{
10 TOKEN=`cat /proc/sys/kernel/random/uuid`
11 SIGN=`python /root/post_sign.py $MASTERENI $TOKEN`
12 curl -H "Host:bcc.bj.baidubce.com" -H "Content-Type:application/json;charset=UTF-8" -H "Authorization:$SIGN" -X POST --data '{"privateIpAddress":"'$IP'"}' "http://bcc.bj.baidubce.com/v1/eni/$MASTERENI/privateIp?clientToken=$TOKEN"
13}
14
15del_backup_eni_ip()
16{
17 TOKEN=`cat /proc/sys/kernel/random/uuid`
18 SIGN=`python /root/delete_sign.py $BACKUPENI $IP $TOKEN`
19 curl -H "Host:bcc.bj.baidubce.com" -H "Content-Type:application/json;charset=UTF-8" -H "Authorization:$SIGN" -X DELETE "http://bcc.bj.baidubce.com/v1/eni/$BACKUPENI/privateIp/$IP?clientToken=$TOKEN"
20}
21
22case "$1" in
23 master)
24 del_backup_eni_ip
25 set_master_eni_ip
26 ;;
27 backup)
28 ;;
29esac注:changed_ip.sh $role $master_eni $backup_eni $ip
- role: 切换的角色,目前脚本仅实现了 master
- master_eni:需要新增IP的网卡
- backup_eni:需要删除IP的网卡
-
ip: 需要变动的IP,一般为内网IP
3.登录主服务器,执行/etc/keepalived/keepalived.conf,修改相关配置。
Plain Text1! Configuration File for keepalived 2 3global_defs { 4 notification_email { 5 acassen@firewall.loc 6 failover@firewall.loc 7 sysadmin@firewall.loc 8 } 9 notification_email_from Alexandre.Cassen@firewall.loc 10 smtp_server 192.168.200.1 11 smtp_connect_timeout 30 12 router_id LVS_DEVEL 13 vrrp_skip_check_adv_addr 14# vrrp_strict 15 vrrp_garp_interval 0 16 vrrp_gna_interval 0 17} 18 19vrrp_instance VI_1 { 20 state MASTER 21 interface eth0 22 virtual_router_id 51 23 priority 100 24 advert_int 1 25 authentication { 26 auth_type PASS 27 auth_pass 1111 28 } 29 virtual_ipaddress { 30 172.16.0.100 31 } 32 unicast_src_ip 172.16.0.202 33 unicast_peer { 34 172.16.0.203 35 } 36 notify_master "/usr/bin/echo master >> /tmp/keep_status;date >> /tmp/keep_status;/root/changed_ip.sh master eni-jdbx8ddgpsz1 eni-1jvkdmai1iu1 172.16.0.100;date >> /tmp/keep_status;" 37 notify_backup "/usr/bin/echo backup >> /tmp/keep_status" 38 notify_fault "/usr/bin/echo fault >> /tmp/keep_status" 39}4.登录备服务器,执行/etc/keepalived/keepalived.conf,修改相关配置。
Plain Text1! Configuration File for keepalived 2 3global_defs { 4 notification_email { 5 acassen@firewall.loc 6 failover@firewall.loc 7 sysadmin@firewall.loc 8 } 9 notification_email_from Alexandre.Cassen@firewall.loc 10 smtp_server 192.168.200.1 11 smtp_connect_timeout 30 12 router_id LVS_DEVEL 13 vrrp_skip_check_adv_addr 14# vrrp_strict 15 vrrp_garp_interval 0 16 vrrp_gna_interval 0 17} 18 19vrrp_instance VI_1 { 20 state BACKUP 21 interface eth0 22 virtual_router_id 51 23 priority 90 24 advert_int 1 25 authentication { 26 auth_type PASS 27 auth_pass 1111 28 } 29 virtual_ipaddress { 30 172.16.0.100 31 } 32 unicast_src_ip 172.16.0.203 33 unicast_peer { 34 172.16.0.202 35 } 36 notify_master "/usr/bin/echo master >> /tmp/keep_status;date >> /tmp/keep_status;/root/changed_ip.sh master eni-1jvkdmai1iu1 eni-jdbx8ddgpsz1 172.16.0.100;date >> /tmp/keep_status;" 37 notify_backup "/usr/bin/echo backup >> /tmp/keep_status" 38 notify_fault "/usr/bin/echo fault >> /tmp/keep_status" 39}
说明
- keepalived 启动时可能会设置防火墙,因此测试流量连通性时删除即可。
Plain Text
1iptables -D INPUT 1
5.功能验证,在云服务器1生成down文件
Plain Text
1touch /tmp/down
删除此文件,会自动切回主,断网时间5秒左右。
