虛拟IP(VIP)是一種網絡模式,它允許管理者快速将IP位址從一台伺服器移動到另一台伺服器,而幾乎不會停機,也稱為浮動IP,如果手動切換伺服器的速度超過DNS 的TTL時,最好配上keepalived。
在私有環境中部署keepalived本身并沒有好說的,但是aws中存在諸多限制,其中三個需要明确指出的:
1. VRRP協定的多點傳播被禁止,也就是說keepalived需要調整心跳的通知方式,修改/etc/keepalived/keepalived.conf配置檔案中的通知為單點傳播模式,一般配web 伺服器上數量較少,是以也不會損失太多網絡帶寬。
2. 配置了VIP(floating ip)以後,AWS的VPC并不知道,嘗試下arp也學習不到該vip的mac位址,是以必須要通過配置ENI(Elastic Network Interface彈性網絡接口)使得該VIP可達。
3. 然而當你關了Master以後,ENI的網絡配置并不會自動切換漂移IP,為了故障切換,我利用切換VIP的通知機制,通過調用添加和移除private-ip-addresses的方式達到漂移IP的效果。下面詳細介紹。
1. 準備
-
IAM 賬戶
進入控制台/服務/IAM中去建立一個賬号,然後建立一個系統管理者的組,把這個賬号加入到組中,這個過程中會得到Access Key ID和Secret Access Key。在伺服器上運作aws configure,填入Access Key ID和Secret Access Key(其中Access Key ID是用于叢集查Secret Access Key的一個key,而Secret Access Key用作用戶端資料的加密和服務端資料的解密)還有region就完成注冊了。
region是指你伺服器所在的區域,比如us-east-2。同時腳本還需要安裝jq, aws cli。在部署keepalived的節點上安裝下:
apt install jq
apt install aws cli
-
添加/移除IP的腳本
assign_private_ip.sh
#!/bin/bash
###### ###### ###### ###### ###### ###### ###### ######
# Description:
#
# attaches an IP of your choice to the primary NIC
# an instance you specify
#
# Setup:
#
# You need, at a minimum, the following permissions:
# {
# "Statement": [
# {
# "Action": [
# "ec2:AssignPrivateIpAddresses",
# "ec2:DescribeInstances"
# ],
# "Effect": "Allow",
# "Resource": "*"
# }
# ]
# }
#
# Usage:
#
# ./assign_private_ip.sh ip_address instance_id
#
# Example:
# ./assign_private_ip.sh '10.0.3.15' 'i-100ffabd'
#
###### ###### ###### ###### ###### ###### ###### ######
# http://www.davidpashley.com/articles/writing-robust-shell-scripts/
set -o errexit
set -o nounset
IP=$1
INSTANCE_ID=$2
ENI=$(\
aws ec2 describe-instances \
--instance-ids $INSTANCE_ID | \
jq -r \
'.Reservations[0].Instances[0].NetworkInterfaces[0].NetworkInterfaceId' \
)
echo "Adding IP $IP to ENI $ENI"
aws ec2 assign-private-ip-addresses \
--network-interface-id $ENI \
--private-ip-addresses $IP \
--allow-reassignment
unassign_private_ip.sh
#!/bin/bash
###### ###### ###### ###### ###### ###### ###### ######
# Description:
#
# attaches an IP of your choice to the primary NIC
# an instance you specify
#
# Setup:
#
# You need, at a minimum, the following permissions:
# {
# "Statement": [
# {
# "Action": [
# "ec2:AssignPrivateIpAddresses",
# "ec2:DescribeInstances"
# ],
# "Effect": "Allow",
# "Resource": "*"
# }
# ]
# }
#
# Usage:
#
# ./unassign_private_ip.sh ip_address instance_id
#
# Example:
# ./unassign_private_ip.sh '10.0.3.15' 'i-100ffabd'
#
###### ###### ###### ###### ###### ###### ###### ######
# http://www.davidpashley.com/articles/writing-robust-shell-scripts/
set -o errexit
set -o nounset
IP=$1
INSTANCE_ID=$2
ENI=$(\
aws ec2 describe-instances \
--instance-ids $INSTANCE_ID | \
jq -r \
'.Reservations[0].Instances[0].NetworkInterfaces[0].NetworkInterfaceId' \
)
echo "Removing IP $IP from ENI $ENI"
aws ec2 unassign-private-ip-addresses \
--network-interface-id $ENI \
--private-ip-addresses $IP
-
安裝/配置keepalived
/etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL
}
vrrp_script check_apiserver {
script "/etc/keepalived/check_apiserver.sh"
interval 3
weight -2
fall 10
rise 2
}
vrrp_instance VI_1 {
state MASTER
notify_master "/root/assign_private_ip.sh 172.31.40.156 i-04257c267fb6923f7"
notify_backup "/root/unassign_private_ip.sh 172.31.40.156 i-04257c267fb6923f7"
unicast_src_ip 172.31.40.155
unicast_peer {
172.31.38.87
}
interface eth0
virtual_router_id
priority
authentication {
auth_type PASS
auth_pass 4be37dc3b4c90194d1600c483e10ad1d
}
virtual_ipaddress {
172.31.40.156
}
track_script {
check_apiserver
}
}
其他節點類似。隻是state,改為backup就好了,backup節點的優先級改為100,下面對掉下:
unicast_src_ip 172.31.40.155
unicast_peer {
172.31.38.87
}
現在驗證下,systemctl stop keepalived.service。發現vip發生了漂移,并且叢集内可達。
參考1
參考2