1. 安装
yum install -y keepalived
2. 配置
/etc/keepalived/keepalived.conf
3. 配置示例
# ha1执行
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL1
}
vrrp_instance k8s {
state MASTER
interface ens33
nopreempt
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
11.0.1.39
}
}
# ha2执行
cat >/etc/keepalived/keepalived.conf<<"EOF"
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL2
}
vrrp_instance k8s {
state BACKUP
interface ens33
nopreempt
virtual_router_id 51
priority 50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
11.0.1.39
}
}
EOF
这种情况只能实现本身keepalived的高可用检查,不能对haproxy进行高可用检查。
4. 启动
# 启动
systemctl start keepalived
# 查看状态
systemctl status keepalived
# 重启
systemctl restart keepalived
# 开机启动
systemctl enable keepalived
5. 对haproxy的高可用
haproxy参考下列文章:
# ha1执行
cat >/etc/keepalived/keepalived.conf<<"EOF"
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL1
script_user root
enable_script_security
}
vrrp_script chk_apiserver {
script "/etc/keepalived/check_apiserver.sh"
interval 5
weight -5
fall 2
rise 1
}
vrrp_instance VI_1 {
state MASTER
interface ens33
nopreempt
virtual_router_id 51
priority 100
advert_int 2
authentication {
auth_type PASS
auth_pass K8SHA_KA_AUTH
}
virtual_ipaddress {
11.0.1.39
}
track_script {
chk_apiserver
}
}
EOF
# ha2执行
cat >/etc/keepalived/keepalived.conf<<"EOF"
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL2
script_user root
enable_script_security
}
vrrp_script chk_apiserver {
script "/etc/keepalived/check_apiserver.sh"
interval 5
weight -5
fall 2
rise 1
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
nopreempt
virtual_router_id 51
priority 50
advert_int 2
authentication {
auth_type PASS
auth_pass K8SHA_KA_AUTH
}
virtual_ipaddress {
11.0.1.39
}
track_script {
chk_apiserver
}
}
EOF
说明:11.0.1.39是虚拟ip。
# ha1和ha2都执行
# 健康检查脚本
cat > /etc/keepalived/check_apiserver.sh <<"EOF"
#!/bin/bash
err=0
for k in $(seq 1 3)
do
check_code=$(pgrep haproxy)
if [[ $check_code == "" ]]; then
err=$(expr $err + 1)
sleep 1
continue
else
err=0
break
fi
done
if [[ $err != "0" ]]; then
echo "systemctl stop keepalived"
/usr/bin/systemctl stop keepalived
exit 1
else
exit 0
fi
EOF
# 添加权限
chmod +x /etc/keepalived/check_apiserver.sh
说明:这种配置无论haproxy还是keepalived本身的异常都能实现ip的飘逸,并且开启了抢占模式,MASTER正常后都有MASTER节点提供服务。