Keepalived High Availability

1. Prepare the environment

Server System Role Internet IP Intranet IP
Centos 7.5keepalived-mastereth0: 10.0.0.5eth1: 172.16.1.5
Centos 7.5keepalived-slaveeth0: 10.0.0.6eth1: 172.16.1.6
2. Install keepalived on lb01 and lb02 respectively.

[[Email protected] ~] # Yum install keepalived-y
[[Email protected] ~] # Yum install keepalived-y
3. Configure lb01 and keepalived-Master

[[Email protected] ~] # Cat/etc/keepalived. conf
Global_defs {
Router_id lb01
}

Vrrp_instance vi_1 {
State master
Interface eth0
Virtual_router_id 50
Priority150
Advert_int 1
Authentication {
Auth_type pass
Auth_pass 1111
}
Virtual_ipaddress {
10.0.0.3/24 Dev eth0
}
}
4. Configure lb02, keepalived-Backup

[[Email protected] ~] # Cat/etc/keepalived. conf
Global_defs {
Router_id lb02
}

Vrrp_instance vi_1 {
State backup
Interface eth0
Virtual_router_id 50
Priority100
Advert_int 1
Authentication {
Auth_type pass
Auth_pass 1111
}
Virtual_ipaddress {
10.0.0.3/24 Dev eth0
}
}
5. Comparison of master and backup configurations of keepalived

Keepalived configuration difference master configuration backup section configuration
Route_id (unique identifier) route_id lb01route_id lb02
State (role status) State masterstate backup
Priority (campaign priority) Priority 150 priority 100
6. Start keepalived of lb01 and lb02.

# Lb01
[[Email protected] ~] # Systemctl enable keepalived
[[Email protected] ~] # Systemctl start keepalived

# Lb02
[[Email protected] ~] # Systemctl enable keepalived
[[Email protected] ~] # Systemctl start keepalived
7. Check whether the virtual IP address of keepalived is drifting.

Perform the following operations on lb01:

# Lb01 VIP address
[[Email protected] ~] # Ip addr | grep 10.0.0.3
Inet 10.0.0.3/24 scope global secondary eth0

# Stop keepalived on lb01 and check that the VIP does not exist.
[[Email protected] ~] # Systemctl stop keepalived
[[Email protected] ~] # Ip addr | grep 10.0.0.3
Perform the following operations on lb02:

[[Email protected] ~] # Ip addr | grep 10.0.0.3
Inet 10.0.0.3/24 scope global secondary eth0
Lb01 restart keepalived and find the address is taken over again

[[Email protected] ~] # Systemctl start keepalived
[[Email protected] ~] # Ip addr | grep 10.0.0.3
Inet 10.0.0.3/24 scope global secondary eth0
3. keepalived High Availability Configuration

4. keepalived high-availability column brain
For some reason, the two keepalived high-availability servers cannot detect the heartbeat messages of each other within the specified time, and each of them obtains the ownership of resources and services, at this time, both high-availability servers are still active.

Network faults such as server network cable Looseness
Server hardware failure and crash
Both the master and slave nodes enable the firewalld firewall.
Nginx service dead

1. Write a detection script on the slave node. If the test can ping the master node and the slave node has a VIP, it is considered that a brain is generated.

[[Email protected] ~] # Cat check_split_brain.sh
#! /Bin/sh
Lb01_vip = 10.0.0.3
Lb01_ip = 10.0.0.5
While true; do
Ping-C 2-W 3 $ lb01_ip &>/dev/null
If [$? -EQ 0-A 'IP add | grep "$ lb01_vip" | WC-l'-EQ 1]; then
Echo "Ha is split brain. Warning ."
Else
Echo "Ha is OK"
Fi
Sleep 5
Done
2. If nginx goes down, user requests may fail, but keepalived does not switch. Therefore, you need to write a script to check the nginx survival status. If it does not survive, kill nginx and keepalived.

[[Email protected] ~] # Mkdir/Server/scripts
[[Email protected] ~] # Vim/Server/scripts/check_web.sh
#! /Bin/sh
# Use the while endless loop
While true; do
Nginxpid = $ (PS-C nginx -- no-header | WC-l)
#1. Determine whether nginx is alive. If nginx is not alive, try to start nginx
If [$ nginxpid-EQ 0]; then
Systemctl start nginx
Sleep 1
#2. Wait 1 second before obtaining the nginx status again
Nginxpid = $ (PS-C nginx -- no-header | WC-l)
#3. Make another judgment. If nginx is not alive, stop keepalived, let the address drift, and exit the script.
If [$ nginxpid-EQ 0]; then
Systemctl stop keepalived
Exit 1
Fi
Fi
Sleep 2
Done

[[Email protected] ~] # Chmod + x/Server/scripts/check_web.sh
Call this script in the keepalived configuration file. Both lb01 and lb02 require operations.

[[Email protected] ~] # Cat/etc/keepalived. conf
Global_defs {
Router_id lvs_01
}

# Execute the script every 5 seconds. The script execution content cannot exceed 5 seconds. Otherwise, the script will be interrupted and re-run.
Vrrp_script check_web {
Script "/Server/scripts/check_web.sh"
Interval 5
Weight 50
}

Vrrp_instance vi_1 {
State master
Interface eth0
Virtual_router_id 51
Priority150
Advert_int 1
Authentication {
Auth_type pass
Auth_pass 1111
}
Virtual_ipaddress {
10.0.0.3/24 Dev ens33
}
Track_script {
Check_web
}
}

Keepalived High Availability