使用Keepalived在VPC实现高可用架构
更新时间:2024-08-26
概览
Keepalived的作用是检测服务器的状态,通常用来搭建高可用服务,例如Nginx、MySQL等。
需求场景
当主服务器发生故障无法对外提供服务时,动态将辅助IP切换到备服务器,继续对外提供服务。
方案概述
通常高可用主备集群包含2台服务器,一台主服务器处于某种业务的激活状态(即Active状态),另一台备服务器处于该业务的备用状态(即Standby状态),主服务器上绑定了一个辅助IP,当主服务器出现问题时,主服务器释放该辅助IP,然后备用服务器绑定该辅助IP继续提供服务。
示例场景:
3台云主机,其中2台作为主备,其中一台进行流量测试。弹性网卡辅助IP为172.16.0.100。
| 云主机名称 | 虚机ID | 网卡ID | 内网IP | 角色 |
|---|---|---|---|---|
| VM1 | i-U63mWIg9 | eni-jdbx8ddgpsz1 | 172.16.0.202 | 主 |
| VM2 | i-jW72IAK8 | eni-1jvkdmai1iu1 | 172.16.0.203 | 备 |
| VM3 | i-Y99AbvOF | eni-h5242i8788v0 | 172.16.0.201 | 测试机 |
配置步骤
1.在主服务器和备服务器上搭建Keepalived,使用 yum 方式安装软件包。
# yum install keepalived -y2.设置抢占默认,配置脚本来check服务。keeplived check脚本/tmp/check_status.sh如下:
#!/bin/sh
if [ ! -f /tmp/down ]; then
exit 1
fi
exit 0如何获取AKSK
生成POST token的文件 post_sign.py
生成DELETE token的文件 delete_sign.py
地址切换脚本changed_ip.sh如下:
#!/bin/bash
STATUS=$1
MASTERENI=$2
BACKUPENI=$3
IP=$4
set_master_eni_ip()
{
TOKEN=`cat /proc/sys/kernel/random/uuid`
SIGN=`python /root/post_sign.py $MASTERENI $TOKEN`
curl -H "Host:bcc.bj.baidubce.com" -H "Content-Type:application/json;charset=UTF-8" -H "Authorization:$SIGN" -X POST --data '{"privateIpAddress":"'$IP'"}' "http://bcc.bj.baidubce.com/v1/eni/$MASTERENI/privateIp?clientToken=$TOKEN"
}
del_backup_eni_ip()
{
TOKEN=`cat /proc/sys/kernel/random/uuid`
SIGN=`python /root/delete_sign.py $BACKUPENI $IP $TOKEN`
curl -H "Host:bcc.bj.baidubce.com" -H "Content-Type:application/json;charset=UTF-8" -H "Authorization:$SIGN" -X DELETE "http://bcc.bj.baidubce.com/v1/eni/$BACKUPENI/privateIp/$IP?clientToken=$TOKEN"
}
case "$1" in
master)
del_backup_eni_ip
set_master_eni_ip
;;
backup)
;;
esac注:changed_ip.sh $role $master_eni $backup_eni $ip
- role: 切换的角色,目前脚本仅实现了 master
- master_eni:需要新增IP的网卡
- backup_eni:需要删除IP的网卡
-
ip: 需要变动的IP,一般为内网IP
3.登录主服务器,执行/etc/keepalived/keepalived.conf,修改相关配置。
! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_DEVEL vrrp_skip_check_adv_addr # vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.16.0.100 } unicast_src_ip 172.16.0.202 unicast_peer { 172.16.0.203 } notify_master "/usr/bin/echo master >> /tmp/keep_status;date >> /tmp/keep_status;/root/changed_ip.sh master eni-jdbx8ddgpsz1 eni-1jvkdmai1iu1 172.16.0.100;date >> /tmp/keep_status;" notify_backup "/usr/bin/echo backup >> /tmp/keep_status" notify_fault "/usr/bin/echo fault >> /tmp/keep_status" }4.登录备服务器,执行/etc/keepalived/keepalived.conf,修改相关配置。
! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_DEVEL vrrp_skip_check_adv_addr # vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 51 priority 90 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.16.0.100 } unicast_src_ip 172.16.0.203 unicast_peer { 172.16.0.202 } notify_master "/usr/bin/echo master >> /tmp/keep_status;date >> /tmp/keep_status;/root/changed_ip.sh master eni-1jvkdmai1iu1 eni-jdbx8ddgpsz1 172.16.0.100;date >> /tmp/keep_status;" notify_backup "/usr/bin/echo backup >> /tmp/keep_status" notify_fault "/usr/bin/echo fault >> /tmp/keep_status" }
说明
- keepalived 启动时可能会设置防火墙,因此测试流量连通性时删除即可。
iptables -D INPUT 1
5.功能验证,在云服务器1生成down文件
touch /tmp/down
删除此文件,会自动切回主,断网时间5秒左右。
