0 前言

keepalived是一种借助lvs实现的的高可用方案，在物理机环境下是很好实施的。

但是在云环境，由于vpc网络的安全限制，是无法直接部署的。

近期各大云厂商都在内测havip功能，下文以阿里云为例

1 申请havip权限

当前阿里云的havip属于内测状态，需要单独申请

内测审批一般在当天就能通过

审批通过后，入口会出现在专有网络下

2 环境准备

部署2台ECS，放到同一个vpc的相同虚拟交换机下，ip分别是：

• 172.20.1.34
• 172.20.1.35

分别安装keepalived和lighttpd

sudo apt-get install -y keepalived lighttpd

看下lighttpd是否正常启动

curl "127.0.0.1"

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Welcome page 1</title>
....

为了方便实验，我修改了vim /var/www/html/index.lighttpd.html中的title，一个是page 1 ，另一个page 2

3 申请havip

注意要选择和上述ecs相同交换机下的，还要指定一个ip，不要和之前的机器冲突，我这里选了172.20.1.10：

创建成功后，点击进入havip，分别绑定2台ecs

4 配置keepalived

/etc/keepalived/keepalived.conf

第一台

sudo chmod a+x /etc/keepalived/notify_action.sh

! Configuration File for keepalived
global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_script chk_http {
    script "</dev/tcp/127.0.0.1/80"
    interval 1
    weight -30 # 差值，必须大于两者优先级只差
}

vrrp_instance VI_1 {
state MASTER                    #设置ECS1实例为主实例
    interface eth0              #设置网卡名，本示例配置为eth0  
    virtual_router_id 51
    nopreempt              
    priority 70                 #设置优先级，数字越大，优先级越高
    advert_int 1        
    authentication {
        auth_type PASS
        auth_pass mypass
    }
    unicast_src_ip 172.20.1.34  #当前ECS的ip
    unicast_peer {
        172.20.1.35             #对端ECS的ip
    }
    virtual_ipaddress {
        172.20.1.10             #设置HaVip的IP地址 
    }
    notify_master "/etc/keepalived/notify_action.sh MASTER"
    notify_backup "/etc/keepalived/notify_action.sh BACKUP"
    notify_fault "/etc/keepalived/notify_action.sh FAULT"
    notify_stop "/etc/keepalived/notify_action.sh STOP"
    garp_master_delay 1
    garp_master_refresh 5

    track_interface {
        eth0                #设置ECS实例网卡名，本示例配置为eth0
    }

    track_script {
        chk_http 
    }
}

第二台

sudo chmod a+x /etc/keepalived/notify_action.sh

! Configuration File for keepalived
global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_script chk_http {
    script "</dev/tcp/127.0.0.1/80"
    interval 1
    weight -30  # 差值，必须大于两者优先级只差
}

vrrp_instance VI_1 {
state BACKUP                    #设置ECS2实例为备用实例
    interface eth0              #设置网卡名，本示例配置为eth0  
    virtual_router_id 51
    nopreempt              
    priority 80                 #设置优先级，数字越大，优先级越高
    advert_int 1        
    authentication {
        auth_type PASS
        auth_pass mypass
    }
    unicast_src_ip 172.20.1.35  #当前ECS的ip
    unicast_peer {
        172.20.1.34             #对端ECS的ip
    }
    virtual_ipaddress {
        172.20.1.10             #设置HaVip的IP地址 
    }
    notify_master "/etc/keepalived/notify_action.sh MASTER"
    notify_backup "/etc/keepalived/notify_action.sh BACKUP"
    notify_fault "/etc/keepalived/notify_action.sh FAULT"
    notify_stop "/etc/keepalived/notify_action.sh STOP"
    garp_master_delay 1
    garp_master_refresh 5

    track_interface {
        eth0                    #设置ECS实例网卡名，本示例配置为eth0
    }

    track_script {
        chk_http 
    }
}

切换通知脚本/etc/keepalived/notify_action.sh这里比较简单，就打了日志

#!/bin/bash
log_file=/var/log/keepalived.log
log_write()
{
echo "[`date '+%Y-%m-%d %T'`] $1" >$log_file
}
[ ! -d /var/keepalived/ ] && mkdir -p /var/keepalived/
case "$1" in
"MASTER" )
   echo -n "$1" /var/keepalived/state
   log_write " notify_master"
   echo -n "0" /var/keepalived/vip_check_failed_count
   ;;
   "BACKUP" )
   echo -n "$1" /var/keepalived/state
   log_write " notify_backup"
   ;;
   "FAULT" )
   echo -n "$1" /var/keepalived/state
   log_write " notify_fault"
   ;;
   "STOP" )
   echo -n "$1" /var/keepalived/state
   log_write " notify_stop"
   ;;
*)
   log_write "notify_action.sh: STATE ERROR!!!"
   ;;
esac

5 重启检查

分别重启keepalived服务，验证状态，由于我们设置的机器1优先级更高，所以1处于master，2是slave

机器1

sudo service keepalived status
● keepalived.service - Keepalive Daemon (LVS and VRRP)
     Loaded: loaded (/lib/systemd/system/keepalived.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2021-09-18 03:53:15 CST; 9min ago
   Main PID: 537 (keepalived)
      Tasks: 2 (limit: 4482)
     Memory: 5.7M
     CGroup: /system.slice/keepalived.service
             ├─537 /usr/sbin/keepalived --dont-fork
             └─567 /usr/sbin/keepalived --dont-fork

Sep 18 03:53:18 h1 Keepalived_vrrp[567]: (VI_1) received lower priority (40) advert from 172.20.1.35 - discarding
Sep 18 03:53:19 h1 Keepalived_vrrp[567]: (VI_1) received lower priority (40) advert from 172.20.1.35 - discarding
Sep 18 03:53:19 h1 Keepalived_vrrp[567]: (VI_1) Entering MASTER STATE
Sep 18 03:53:49 h1 Keepalived_vrrp[567]: Netlink reports eth0 down
Sep 18 03:53:49 h1 Keepalived_vrrp[567]: (VI_1) Entering FAULT STATE
Sep 18 03:53:49 h1 Keepalived_vrrp[567]: (VI_1) sent 0 priority
Sep 18 03:53:49 h1 Keepalived_vrrp[567]: Netlink reports eth0 up
Sep 18 03:53:49 h1 Keepalived_vrrp[567]: (VI_1) Entering BACKUP STATE
Sep 18 03:53:52 h1 Keepalived_vrrp[567]: (VI_1) received lower priority (40) advert from 172.20.1.35 - discarding
Sep 18 03:53:53 h1 Keepalived_vrrp[567]: (VI_1) Entering MASTER STATE

机器2

● keepalived.service - Keepalive Daemon (LVS and VRRP)
     Loaded: loaded (/lib/systemd/system/keepalived.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2021-09-18 03:02:17 CST; 2s ago
   Main PID: 3688 (keepalived)
      Tasks: 2 (limit: 4482)
     Memory: 1.8M
     CGroup: /system.slice/keepalived.service
             ├─3688 /usr/sbin/keepalived --dont-fork
             └─3699 /usr/sbin/keepalived --dont-fork

Sep 18 03:02:17 h2 Keepalived[3688]: (Line 14) vrrp_gna_interval '0' is invalid
Sep 18 03:02:17 h2 Keepalived[3688]: Starting VRRP child process, pid=3699
Sep 18 03:02:17 h2 Keepalived_vrrp[3699]: Registering Kernel netlink reflector
Sep 18 03:02:17 h2 Keepalived_vrrp[3699]: Registering Kernel netlink command channel
Sep 18 03:02:17 h2 Keepalived_vrrp[3699]: Opening file '/etc/keepalived/keepalived.conf'.
Sep 18 03:02:17 h2 Keepalived_vrrp[3699]: WARNING - default user 'keepalived_script' for script execution does not exist - please create.
Sep 18 03:02:17 h2 Keepalived_vrrp[3699]: SECURITY VIOLATION - scripts are being executed but script_security not enabled.
Sep 18 03:02:17 h2 Keepalived_vrrp[3699]: (VI_1) Ignoring track_interface eth0 since own interface
Sep 18 03:02:17 h2 Keepalived_vrrp[3699]: Registering gratuitous ARP shared channel
Sep 18 03:02:17 h2 Keepalived_vrrp[3699]: (VI_1) Entering BACKUP STATE (init)

我们使用havip访问，是可以成功的，当前在机器1上：

url "172.20.1.10"
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Welcome page 1</title>
...

6 验证高可用

我们关掉机器1上的keepalived

访问havip，依然可以成功

测试脚本如下：

#/bin/bash
while true
do
  curl "172.20.1.10"
  sleep 1
done

此时观察日志，也可以发现，出现了切换

当前在page2上

curl "172.20.1.10" | grep Wel
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  3373  100  3373    0     0  3293k      0 --:--:-- --:--:-- --:--:-- 3293k
<title>Welcome page 2</title>

当机器1的80端口挂掉后，对应机器1的keepalived也会自动退出，因此当你恢复80后，需要重启keepalived，这样才能抢回master

你还可以验证eth接口重启，也是一样的效果。

ifconfig eth0 down && ifconfig eth0 up

如果不想恢复后重新抢占，可以配置成一样的权重、双BACKUP、nopreempt参数