keepalived集群高可用

背景：

​ keepalived默认是组播地址进行广播，且vrrp组播地址是：224.0.0.18，如果配置多个keepalived主机，会导致虚拟IP地址存在冲突问题，这种问题怎么解决呢？（目前搭建的OpenStack环境就是使用3台haproxy机器进行的高可用模式），如果环境中还有其他的keepalive机器会导致vip冲突

解决方法：

​ 就是将keepalived主机的多播地址修改为单播地址，绑定固定IP地址，避免在多播模式下，通过VRRP进行广播地址，造成IP地址地址冲突。

vrrp_strict #严格遵守VRRP协议,不允许状况，在配置单播IP地址时，此行需要删除或者注释掉即可。

1、OpenStack三个控制节点keepalived配置

背景：OpenStack环境两个keepalived已经不能满足需求，此时需要配置两台以上的keepalived，应该怎么配置？

实现方法如下：

1、在controller-01主机配置keepalived

## vim   /etc/keepalived/keepalived.conf
global_defs {
   notification_email {
     keeplived@system.com
   }
   notification_email_from lcoalhost@system.com
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id osvm-controller-01
}

vrrp_script chk_http_port {
    script "/etc/keepalived/check_haproxy.sh"
    interval 2
    weight 2
}

vrrp_instance VI_1 {
    state MASTER   ## 主节点服务器
    interface bond0.170
    virtual_router_id 75
    priority 100  ## 优先级为100
    #nopreempt   ##打开后是抢占vip模式参数
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 2376
    }
    virtual_ipaddress {
        11.50.63.207/19 dev bond0.170   ##添加vip地址，也可以添加几个地址
    }
    virtual_routes {
        default via 11.50.63.254 dev bond0.170
    }
    unicast_src_ip 11.50.63.200   ## 绑定单播地址，防止IP地址与其他keepalive地址冲突
    unicast_peer {
         11.50.63.201    ## 目标keepalive主机ip地址
         11.50.63.202    ## 目标keepalive主机ip地址
                 }
    track_script {
         chk_http_port
    notify_master "/etc/keepalived/notify.sh 0"
    notify_backup "/etc/keepalived/notify.sh 1"
    notify_fault "/etc/keepalived/notify.sh 2"

     }
}

在controller-02主机配置keepalived

global_defs {
   notification_email {
     keeplived@system.com
   }
   notification_email_from lcoalhost@system.com
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id osvm-controller-02
}

vrrp_script chk_http_port {
    script "/etc/keepalived/check_haproxy.sh"
    interval 2
    weight 2
}

vrrp_instance VI_1 {
    state BACKUP  ## 从节点服务器
    interface bond0.170
    virtual_router_id 75
    priority 80
    #nopreempt
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 2376
    }
    virtual_ipaddress {
        11.50.63.207/19 dev bond0.170  
    }
    virtual_routes {
        default via 11.50.63.254 dev bond0.170
    }
    unicast_src_ip 11.50.63.201  ## 绑定本地ip地址，也是单播地址
    unicast_peer {
         11.50.63.202  ## 两个目标的keepalived的IP地址
         11.50.63.200
                 }
    track_script {
         chk_http_port
    notify_master "/etc/keepalived/notify.sh 0"
    notify_backup "/etc/keepalived/notify.sh 1"
    notify_fault "/etc/keepalived/notify.sh 2"

     }
}

在controller-03主机配置keepalived

## vim /etc/keepalived/keepalived.conf
global_defs {
   notification_email {
     keeplived@system.com
   }
   notification_email_from lcoalhost@system.com
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id osvm-controller-03
}

vrrp_script chk_http_port {
    script "/etc/keepalived/check_haproxy.sh"
    interval 2
    weight 2
}

vrrp_instance VI_1 {
    state BACKUP   ## 从节点服务器
    interface bond0.170
    virtual_router_id 75
    priority 60 ## 优先级为60，要比前两个的主机优先级都要低
    nopreempt 
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 2376
    }
    virtual_ipaddress {
        11.50.63.207/19 dev bond0.170 
    }
    virtual_routes {
        default via 11.50.63.254 dev bond0.170
    }
    unicast_src_ip 11.50.63.202 ## 绑定单播地址，源地址
    unicast_peer {
         11.50.63.200 #两个keepalived的目标地址
         11.50.63.201
                 }
    track_script {
         chk_http_port
    notify_master "/etc/keepalived/notify.sh 0"
    notify_backup "/etc/keepalived/notify.sh 1"
    notify_fault "/etc/keepalived/notify.sh 2"

     }
}

check_haproxy.sh脚本

#!/bin/bash

/usr/bin/python /etc/keepalived/haproxy_vrrp_check.py /var/lib/haproxy/stats; exit $?

haproxy_vrrp_check.py脚本

# cat haproxy_vrrp_check.py
import socket
import sys

SOCKET_TIMEOUT = 5

def get_status(sock_address):
    """Query haproxy stat socket
    Only VRRP fail over if the stats socket is not responding.
    :param sock_address: unix socket file
    :return: 0 if haproxy responded
    """

    s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
    s.settimeout(SOCKET_TIMEOUT)
    s.connect(sock_address)
    s.send(b'show stat -1 -1 -1\n')
    data = b''


    while True:
        x = s.recv(1024)
        if not x:
            break
        data += x
    s.close()


    # if get nothing, means has no response
    if len(data) == 0:
        return 1
    return 0

def health_check(sock_addresses):
    """Invoke queries for all defined listeners
    :param sock_addresses:
    :return:
    """
    status = 0
    for address in sock_addresses:
        status += get_status(address)
    return status

def main():
    # usage python haproxy_vrrp_check.py <list_of_stat_sockets>
    # Note: for performance, this script loads minimal number of module.
    # Loading octavia modules or any other complex construct MUST be avoided.
    listeners_sockets = sys.argv[1:]
    try:
        status = health_check(listeners_sockets)
    except Exception:
        sys.exit(1)
    sys.exit(status)

if __name__ == '__main__':
    import re
    sys.argv[0] = re.sub(r'(-script\.pyw?|\.exe)?$', '', sys.argv[0])
    sys.exit(main())