一、背景
项目内部工程7层调用,走nginx,将域名使用dnsPod 轮询解析在 两个vip上了。
dnsPod 能实现将域名轮询解析在多个ip上,实现负载, 但是无法对被轮询的ip所在的主机上的监听的端口(此处为80)做健康检查,所以需要keepalived绑定vip结合检测脚本,实现高可用。
nginx01 + nginx02 + keepalived ----> vip01
nginx03 + nginx04 + keepalived ----> vip02
将域名 www.example.com 解析在 vip01 vip02 上,既实现了负载均衡,又实现了高可用。
这种主备模式,每组一台备机,有点浪费资源,怎么才能充分利用起来呢?
我们可以将 keepalived改造为vrrp双实例,每组绑定2个vip,这样正常情况下每台主机能分到一个vip,就算有某台主机故障了,该组另一台最多多承接1/4 的流量,结合监控功告警,可以快速恢复。
nginx01 + nginx02 + keepalived ---> vip01 vip03
nginx03 + nginx04 + keepalived ---> vip02 vip04
二、keepalived配置
以 nginx01 + nginx02 + keepalived -------> vip01 vip03 为例
BACKUP <-----> MASTER(vip01)
MASTER(vip03)<-----> BACKUP
nginx01: 192.168.1.101
nginx02:192.168.1.102
vip01:192.168.1.110
vip03:192.168.1.120
对nginx01
cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id ka
}
#Insertcheckscript
#InsertvrrpInstance
vrrp_script chk_innernginx01 {
script "/etc/keepalived/check_innernginx.sh"
interval 2
timeout 2
rise 3
fall 3
}
vrrp_instance innernginx01 {
state BACKUP
interface eth0
virtual_router_id 77
priority 90
advert_int 1
# nopreempt
authentication {
auth_type PASS
auth_pass 111111
}
unicast_src_ip 192.168.1.101
unicast_peer {
192.168.1.102
}
virtual_ipaddress {
192.168.1.110/24
}
track_script {
chk_innernginx01
}
}
###############################################
vrrp_script chk_innernginx02 {
script "/etc/keepalived/check_innernginx.sh"
interval 2
timeout 2
rise 3
fall 3
}
vrrp_instance innernginx02 {
state MASTER
interface eth0
virtual_router_id 99
priority 100
advert_int 1
# nopreempt
authentication {
auth_type PASS
auth_pass 111111
}
unicast_src_ip 192.168.1.101
unicast_peer {
192.168.1.102
}
virtual_ipaddress {
192.168.1.120/24
}
track_script {
chk_innernginx02
}
}
对nginx02
cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id ka
}
#Insertcheckscript
#InsertvrrpInstance
vrrp_script chk_innernginx01 {
script "/etc/keepalived/check_innernginx.sh"
interval 2
timeout 2
rise 3
fall 3
}
vrrp_instance innernginx01 {
state MASTER
interface eth0
virtual_router_id 77
priority 100
advert_int 1
# nopreempt
authentication {
auth_type PASS
auth_pass 111111
}
unicast_src_ip 192.168.1.102
unicast_peer {
192.168.1.101
}
virtual_ipaddress {
192.168.1.110/24
}
track_script {
chk_innernginx01
}
}
#################################################
vrrp_script chk_innernginx02 {
script "/etc/keepalived/check_innernginx.sh"
interval 2
timeout 2
rise 3
fall 3
}
vrrp_instance innernginx02 {
state BACKUP
interface eth0
virtual_router_id 99
priority 90
advert_int 1
# nopreempt
authentication {
auth_type PASS
auth_pass 111111
}
unicast_src_ip 192.168.1.102
unicast_peer {
192.168.1.101
}
virtual_ipaddress {
192.168.1.120/24
}
track_script {
chk_innernginx02
}
}
检测脚本
cat /etc/keepalived/check_innernginx.sh
#!/bin/bash
if ! ps aux | grep -w "nginx" | grep -v "grep" | grep -w "master process" > /dev/null 2>&1; then
/usr/local/openresty/nginx/sbin/nginx
if ! ps aux | grep -w "nginx" | grep -v "grep" | grep -w "master process" > /dev/null 2>&1; then
exit 1
fi
fi
测试
# systemctl restart keepalived
# ip addr list
三、参考
keepalived双主多实例
https://blog.csdn.net/zfx1997/article/details/78765540
如何运用VRRP协议实现双主双备网络?
https://blog.csdn.net/m0_47452405/article/details/107039453
LVS+keepalived实现双实例
https://blog.csdn.net/cx55887/article/details/82830816
keepalived双实例配置
https://blog.51cto.com/jiayimeng/1896830
安装keepalived高可用(双实例)
https://www.cnblogs.com/mashuang/p/10074675.html
keepalived配置多实例高可用
https://cloud.tencent.com/developer/article/1843033
网友评论