| |
---|---|
| |
| |
| |
| |
| |
| |
---|---|
| |
| |
| |
| |
| |
---|---|
| |
| |
| |
| |
| |
| |
---|---|
| |
| |
| |
| |
| |
| |
---|---|
| |
| |
| |
| |
| |
---|---|
| |
| |
| |
| |
| |
# BLOG://renwole.com/ #The following scripts need to be executed in batch by using a springboard machine or a password free login machine, but can also be modified to be executed on a single machine. Just note out the login phase # tite=$(date "+%Y-%m-%d %H:%M:%S") #Hostnamelist="Host file list, one IP per line, without double quotation marks, for example;/mnt/renwolecom" hostnamelist="/tmp/renwole_com" #Clearing failed logs renwole_com_disk_clean_log="/tmp/renwole_clean_failure.log" #for envNamelist in ${Name[@]}; do #If you use the api interface to get the host list, you can use jq to filter josn, but first install jq 1.5 and above, yum install epel&&yum install jq, the default version of Centos 7 for epel source is 1.5+, and the Centos6+version is 1.3 #Curl - s can obtain the josn format through url and filter through jq | jq. data | jq - r [].hostname #done >$hostnamelist #The nailing notification can specify multiple unqualified notifications according to the if condition dingding_Notice() { dingtalk_openapi_url="//oapi.dingtalk.com" dingtalk_openapi_token="Token" if [[ "$(disk_use)" -ge 80 ]]; then curl ''$dingtalk_openapi_url'/robot/send?access_token='$dingtalk_openapi_token'' \ -H 'Content-Type: application/json' \ -d '{"msgtype": "text", "text": { "Content": "The system log has been cleared successfully, but the used space still exceeds 80%. Please repair it in time. The machine is: '" $hostname "'" } }' fi } #Check whether the machine can log in. Try 5 times at most and wait for 5 seconds each time (if the machine is extremely stuck, failure to retry may cause false alarms) check_login() { for i in $(seq 1 5); do [ $i -gt 1 ] $login_docker 2> /dev/null exit && antl=0 && break || antl=$?; sleep 5 done echo $antl } #After logging in to the container, check whether the relevant commands are available, and retry 3 times in case of failure (some machines are extremely stuck, and will timeout or retry when getting the results) check_login_command() { for i in $(seq 1 3); do [[ $i -gt 1 ]] $login_docker >/dev/null 2>&1 "type du" >/dev/null 2>&1 && antc=0 && break || antc=$?; sleep 5 done echo $antc } #Check whether the machine can be connected to the network normally. Retry 5 times if failure occurs, and wait 10 seconds for each retry (optional) check_login_command_netwotk() { #If the network is abnormal, please check this file on the container machine gateway="www.renwole.com" curl_timeout="curl -I -s --connect-timeout 16" for i in $(seq 1 5); do [[ $i -gt 1 ]] $login_docker "$curl_timeout $gateway 2>/dev/null -w %{http_code} | tail -n1" && antn=200 && break || antn="$?"; sleep 10 done } #Get the current disk usage size remotely disk_use() { disk_uses=$($login_docker "df -P|sort -n|grep /dev |grep -v -E '(shm|tmp|boot)'") disk_status=$(echo $disk_uses | awk -F'[ %]+' '{print $5}') echo $disk_status } #Find the log directory and file type to be cleaned, and specify the size to be cleaned. Here, specify 20M system_log_file() { #Multiple directory patrols are supported, separated by spaces, and the '/' must be followed by renwole_log_dir=(/var/log/ /usr/local/nginx/logs/) for log_dirs in ${renwole_log_dir[*]}; do #Log in to the machine remotely, define the file type to be cleaned, and then throw it into the black hole $login_docker "find $log_dirs 2> /dev/null -type f -size +20M \( -name "*.data*" \ -o -name "message*" -o -iname "wtm*" -o -name "vsa*" -o -name "secu*" \ -o -name "cron*" -o -name "*.log*" \) -exec cp /dev/null {} \; " done } #Get which directories or files occupy large space, sort by size, and get the first two lines of file size directories system_file_size_check() { home_file_size=$($login_docker "du -h --max-depth=5 /home/* | sort -h | tail -n5 |head -n2") echo $home_file_size } #Pipeline token | Process concurrency renwole_com="/tmp/renwolcomfile" [ -e "$renwole_com" ] || mkfifo $renwole_com exec 3<>$renwole_com rm -rf $renwole_com for ((i=1; i<=1000;i++)); do echo >&3 done #Start to cycle check the use status of machine disks and disks. If the conditions are not met, an alarm will be given for hostname in `cat $hostnamelist`; do read -u3 { #Remotely detect whether the machine can be logged in. The maximum attempt is 30s. Machines that cannot log in without password will automatically skip the login login_docker="timeout 30 ssh -o BatchMode=yes $hostname" if [[ $(check_login) -ne 0 ]]; then Echo "Container login failed $hostname">>$renwole_com_disk_clean_log #If conditions are met, terminate this cycle and continue the next cycle echo >&3 continue fi if [[ $(check_login_command) -ne 0 ]]; then Echo "Cannot find du command $hostname">>$renwole_com_disk_clean_log echo >&3 continue fi if [[ $(disk_use) -gt 80 ]]; then #If the disk utilization rate is greater than 80%, trigger cleaning system_log_file else Echo "The current disk usage $(disk_use)% does not exceed 80%, $hostname" echo >&3 continue fi if [[ $(disk_use) -gt 80 ]]; then Echo "$title $hostname Disk cleaning failed. The current usage rate is $(disk_use)%. File size: $(system_file_size_check)">>$renwole_com_disk_clean_log Echo "Failed to clean the disk. The current usage rate is $(disk_use)% $hostname" else Echo "The disk is cleaned successfully. The usage rate after cleaning is $(disk_use)% $hostname" fi echo >&3 }& done wait #Close exec 3<&- exec 3>&- #Whether to enable nailing notification, which is closed by default # dingding_Notice
#!/ bin/bash # BLOG : //renwole.com now_time=$(date -u -d"+8 hour" +'%Y-%m-%d %H:%M:%S') #Get domain name hostnamelist=$(hostname) #When the CPU utilization rate is greater than the set threshold, an alarm is triggered cpu_warn="60" #Trigger the alarm when there is only 2048MB of memory left mem_warn="2048" #When the disk utilization rate is greater than the set threshold, an alarm is triggered disk_warn="80" #Each execution will generate the corresponding log on the machine renwole_check_log="/tmp/renwole_check_mem_cpu_disk.log" #Nailing alarm token dingtalk_openapi="//oapi.dingtalk.com" dingtalk_openapi_token="Token" #Get CPU usage item_cpu () { cpu_idle=$(top -b -n 1 | grep Cpu | awk '{print $2}' | cut -f 1 -d ".") Echo "$now Current CPU usage is $cpu_idle">>$renwole_check_log if [[ "$cpu_idle" -gt "$cpu_warn" ]]; then curl ''$dingtalk_openapi'/robot/send?access_token='$dingtalk_openapi_token'' \ -H 'Content-Type: application/json' \ -d '{"msgtype": "text", "text": { "Content": "Warning: The CPU utilization of the current machine '$hostnamelist' has reached 60%, please know." } }' else Echo "The CPU is healthy" fi } #Get memory consumption item_mem () { mem_free=$(free -m | grep "Mem" | awk '{print $4+$6}') Echo "$now The current remaining memory space is$ {mem_free}MB " >> $renwole_check_log if [[ "$mem_free" -lt "$mem_warn" ]]; then curl ''$dingtalk_openapi'/robot/send?access_token='$dingtalk_openapi_token'' \ -H 'Content-Type: application/json' \ -d '{"msgtype": "text", "text": { "Content": "Warning: The memory usage rate of the current machine '$hostnamelist' is less than 2048MB, please know." } }' else Echo "The memory usage rate is normal, and you can use it with confidence" fi } #Get Disk Usage item_disk () { disk_use=$(df -P | grep /dev/sdb1 | grep -v -E '(tmp|boot)' | awk '{print $5}' | cut -f 1 -d "%") Echo "$now The current disk usage is $disk_use">>$renwole_check_log if [[ "$disk_use" -gt "$disk_warn" ]]; then curl ''$dingtalk_openapi'/robot/send?access_token='$dingtalk_openapi_token'' \ -H 'Content-Type: application/json' \ -d '{"msgtype": "text", "text": { "Content": "Warning: The disk utilization rate of the current machine '$hostnamelist' has reached 80%, please know." } }' else Echo "The hard disk utilization rate does not exceed 80%, so you can use it with confidence" fi } item_cpu item_mem item_disk
$n Parameters passed to script or function. N is a number indicating the number of parameters. For example, the first parameter is $1, and the second parameter is $2 $? The exit status of the last command, or the return value of the function. 0 is returned on success, 1 on failure $# Number of parameters passed to script or function $* All these parameters are enclosed in double quotation marks. If a script receives two parameters, $* equals $1 $2 $0 is the name of the command being executed. For shell scripts, this is the path of the activated command When $@ is contained in double quotation marks (""), it is slightly different from $*. If a script receives two parameters, $@ is equivalent to $1 $2 $$The process number of the current shell. For shell script, this is the process ID when it is executing $! The process number of the previous background command
-B file True if the file exists and is a block special file -C file True if the file exists and is a special character file -D file True if the file exists and is a directory -E file True if the file exists -F file True if the file exists and is a rule file -G file True if the file exists and the value of SGID bit is set -H file True if the file is a soft link -K file If the file exists and the value of "sticky" bit is set -L file True if the file is a symbolic link -P file True if the file exists and is a named pipe -R file True if the file is readable -S file Judge whether the file exists and is non empty. If it is not empty, it is true -S file to determine whether the file exists and whether it is a socket file -T file file descriptor (1 by default) is true when the specified device is a terminal -U file True if the file exists and SUID bit is set -W file True if the file is writable -X file True if the file is executable [file1 - nt file2] True if file1 is newer than file2, or if file1 exists but file2 does not exist [file1 - ot file2] True if file1 is older than file2, or if file2 exists but file1 does not exist [file1 - ef file2] Returns true if file1 and file2 point to the same device and node number
-If two eq numbers are equal, it is a true example: if ["$a" - eq "$b"] -If ne is not equal, it is a true example: if ["$a" - ne "$b"] -If gt a is greater than b, it is a true example: if ["$a" - gt "$b"] -If ge is greater than or equal to, it is a true example: if ["$a" - ge "$b"] -Lt a is less than b, it is a true example: if ["$a" - lt "$b"] -If le a is less than or equal to b, it is a true example: if ["$a" - le "$b"] <less than (double brackets are required) Example: (("$a"<"$b")) <=less than or equal to (double brackets are required) Example: ("$a"<="$b") >Greater than (need double brackets) Example: (("$a">"$b")) >=Greater than or equal to (double brackets are required) Example: (("$a">="$b"))
! [ ! false ] Returns true, logical No, condition is false, result is true -A [$a - lt 2 - a $b - gt 5] returns true logical AND. If both expressions are true, it is true -O [$a - lt 2 - o $b - gt 5] Returns true logical OR, which is true as long as one expression is true [] | | [] Use OR to merge two conditions []&&[] Combine two conditions with AND
==True if two strings are the same, equivalent to=: ["str1"="str2"] != If the strings are different, it is a true example: ["str1"!="str2"] <If the str1 dictionary is sorted before str2, it is a true example: [["str1"<"str2"]]>If the str1 dictionary is sorted after str2, it is a true example: ["str1" >"str2"] -N If str length is non-zero, it is true, that is, it is not empty Example: [- n "str1"] -Z If the file length is zero, that is, empty, it is a true example: [- z "str1"]
$ vim /etc/fstab
tmps /dev/shm tmpfs defaults,size=1G 0 0
$ mount -o remount /dev/shm/ $ mkdir /dev/shm/tmp $ chmod 755 /dev/shm/tmp $ mount -B /dev/shm/tmp /tmp
$ vim /etc/init.d/shmtmp.sh
#!/ bin/bash mkdir /dev/shm/tmp chmod 755 /dev/shm/tmp mount -B /dev/shm/tmp/ /tmp
$ vim /etc/rc.local
sh /etc/init.d/shmtmp.sh
$ cat /var/log/cron
... CROND[31471]: (root) CMD ( /usr/bin/certbot renew --quiet && /bin/systemctl restart nginx ) CROND[31470]: (root) MAIL (mailed 375 bytes of output but got status 0x004b#012) CROND[31482]: (root) CMD (run-parts /etc/cron.hourly) ...
$ /usr/bin/certbot renew --quiet
Attempting to renew cert from /etc/letsencrypt/renewal/renwole.com.conf produced an unexpected error: 'ascii' codec can't encode characters in position 247-248: ordinal not in range(128). Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/renwole.com.conf/fullchain.pem (failure) 1 renew failure(s), 0 parse failure(s)
$ vim /etc/letsencrypt/renewal/renwole.com.conf
... # Options used in the renewal process [renewalparams] authenticator = webroot installer = None account = a07a7160ea489g586aeaada1368ce0d6 [[webroot_map]] renwole.com = /apps/data/www/renwolecom ...
$ certbot certificates
[ root@renwolecom ~]# find / -name *rdb
[ root@renwolecom ~]# redis-cli
10.10.204.64:6379> save OK (1.02s)
10.10.204.64:6379> auth RenwoleQxl5qpKHrh9khuTW 10.10.204.64:6379> save
[ root@renwolecom ~]# cp /var/lib/redis/dump.rdb /apps/redis-backup-20180129
[ root@renwolecom ~]# systemctl stop redis
[ root@renwolecom ~]# mv /var/lib/redis/dump.rdb /var/lib/redis/dump.rdb.old [ root@renwolecom ~]# cp -p /apps/redis-backup-20180129/dump.rdb /var/lib/redis/dump.rdb
[ root@renwolecom ~]# chown redis:redis /var/lib/redis/dump.rdb [ root@renwolecom ~]# chmod 660 /var/lib/redis/dump.rdb
[ root@renwolecom ~]# systemctl start redis
[ root@renwolecom ~]# ls /var/lib/redis/
[ root@renwolecom ~]# mv /var/lib/redis/*.aof /var/lib/redis/appendonly.aof.old
[ root@renwolecom ~]# vim /etc/redis/redis.conf appendonly no
Advantages: cost saving.
Disadvantages: insufficient performance.
Operating user: root.
$ dd if=/dev/zero of=/dev/mapper/centos-swap bs=1024 count=2048000
$ mkswap /dev/mapper/centos-swap
$ mkswap -f /dev/mapper/centos-swap
$ swapon /dev/mapper/centos-swap
$ vim /etc/fstab
/dev/mapper/centos-swap swap swap default 0 0
$ swapoff /dev/mapper/centos-swap
$ rm /dev/mapper/centos-swap
/dev/mapper/centos-swap swap swap default 0 0
Web Nginx Intranet: 10.16.8.8/10.16.8.9
Keepalived Intranet: 10.16.8.10 (ka67)/10.16.8.11 (ka68)
Keepalived public network: 172.16.8.10/172.16.8.11
Keepalived Intranet VIP: 10.16.8.100/10.16.8.101
Keepalived public network VIP: 172.16.8.100/172.16.8.101
OS:CentOS Linux release 7.4.1708 (Core)
Install keepalived.
Time synchronization.
Set SELinux and firewall.
Between each other
/etc/hosts Add the opposite host name to the file (optional).
Confirm that the network interface supports multicast (multicast) by default.
global_defs { notification_email { root@localhost } notification_email_from ka@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 vrrp_mcast_group4 224.0.0.111 } vrrp_instance External_1 { state MASTER interface eth1 virtual_router_id 171 priority 100 advert_int 1 authentication { auth_type PASS auth_pass renwole0 } virtual_ipaddress { 10.16.8.100 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" } vrrp_instance External_2 { state BACKUP interface eth1 virtual_router_id 172 priority 95 advert_int 1 authentication { auth_type PASS auth_pass renwole1 } virtual_ipaddress { 10.16.8.101 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" } vrrp_instance Internal_1 { state MASTER interface eth0 virtual_router_id 191 priority 100 advert_int 1 authentication { auth_type PASS auth_pass renwole2 } virtual_ipaddress { 172.16.8.100 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" } vrrp_instance Internal_2 { state BACKUP interface eth0 virtual_router_id 192 priority 95 advert_int 1 authentication { auth_type PASS auth_pass renwole3 } virtual_ipaddress { 172.16.8.101 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" }
global_defs { notification_email { root@localhost } notification_email_from ka@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 vrrp_mcast_group4 224.0.0.111 } vrrp_instance External_1 { state BACKUP interface eth1 virtual_router_id 171 priority 100 advert_int 1 authentication { auth_type PASS auth_pass renwole0 } virtual_ipaddress { 10.16.8.100 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" } vrrp_instance External_2 { state MASTER interface eth1 virtual_router_id 172 priority 100 advert_int 1 authentication { auth_type PASS auth_pass renwole1 } virtual_ipaddress { 10.16.8.101 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" } vrrp_instance Internal_1 { state BACKUP interface eth0 virtual_router_id 191 priority 95 advert_int 1 authentication { auth_type PASS auth_pass renwole2 } virtual_ipaddress { 172.16.8.100 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" } vrrp_instance Internal_2 { state MASTER interface eth0 virtual_router_id 192 priority 100 advert_int 1 authentication { auth_type PASS auth_pass renwole3 } virtual_ipaddress { 172.16.8.101 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" }
$ vim /usr/local/keepalived/etc/keepalived/notify.sh
#!/ bin/bash # contact=' root@localhost ' notify() { local mailsubject="$(hostname) to be $1, vip floating" local mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1" echo "$mailbody" | mail -s "$mailsubject" $contact } case $1 in master) notify master ;; backup) notify backup systemctl start nginx #After configuring here, the Nginx service can automatically start if it hangs ;; fault) notify fault ;; *) echo "Usage: $(basename $0) {master|backup|fault}" exit 1 ;; esac
[ root@ka67 ~]# systemctl start keepalived
[ root@ka67 ~]# ip a
1: lo: <LOOPBACK, UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST, MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:15:5d:ae:02:78 brd ff:ff:ff:ff:ff:ff inet 172.16.8.10/24 brd 172.16.8.255 scope global eth0 valid_lft forever preferred_lft forever inet 172.16.8.100/32 scope global eth0 valid_lft forever preferred_lft forever inet 172.16.8.101/32 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::436e:b837:43b:797c/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST, MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:15:5d:ae:02:84 brd ff:ff:ff:ff:ff:ff inet 10.16.8.10/24 brd 10.16.8.255 scope global eth1 valid_lft forever preferred_lft forever inet 10.16.8.100/32 scope global eth1 valid_lft forever preferred_lft forever inet 10.16.8.101/32 scope global eth1 valid_lft forever preferred_lft forever inet6 fe80::1261:7633:b595:7719/64 scope link valid_lft forever preferred_lft forever
172.16.8.100/32
172.16.8.101/32
10.16.8.100/32
10.16.8.101/32
[ root@ka68 ~]# systemctl start keepalived
[ root@ka68 ~]# ip a
1: lo: <LOOPBACK, UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST, MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:15:5d:ae:02:79 brd ff:ff:ff:ff:ff:ff inet 172.16.8.11/24 brd 103.28.204.255 scope global eth0 valid_lft forever preferred_lft forever inet 172.16.8.101/32 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::3d2c:ecdc:5e6d:70ba/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST, MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:15:5d:ae:02:82 brd ff:ff:ff:ff:ff:ff inet 10.16.8.11/24 brd 10.16.8.255 scope global eth1 valid_lft forever preferred_lft forever inet 10.16.8.101/32 scope global eth1 valid_lft forever preferred_lft forever inet6 fe80::4fb3:d0a8:f08c:4536/64 scope link valid_lft forever preferred_lft forever
172.16.8.101/32
10.16.8.101/32
[ root@ka67 ~]# ip a
1: lo: <LOOPBACK, UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST, MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:15:5d:ae:02:78 brd ff:ff:ff:ff:ff:ff inet 172.16.8.10/24 brd 172.16.8.255 scope global eth0 valid_lft forever preferred_lft forever inet 172.16.8.100/32 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::436e:b837:43b:797c/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST, MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:15:5d:ae:02:84 brd ff:ff:ff:ff:ff:ff inet 10.16.8.10/24 brd 10.16.8.255 scope global eth1 valid_lft forever preferred_lft forever inet 10.16.8.100/32 scope global eth1 valid_lft forever preferred_lft forever inet6 fe80::1261:7633:b595:7719/64 scope link valid_lft forever preferred_lft forever
[ root@ka67 ~]# tcpdump -nn -i eth1 host 224.0.0.111
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes 02:00:15.690389 IP 10.16.8.10 > 224.0.0.111: VRRPv2, Advertisement, vrid 171, prio 100, authtype simple, intvl 1s, length 20 02:00:15.692654 IP 10.16.8.11 > 224.0.0.111: VRRPv2, Advertisement, vrid 172, prio 100, authtype simple, intvl 1s, length 20 02:00:16.691552 IP 10.16.8.10 > 224.0.0.111: VRRPv2, Advertisement, vrid 171, prio 100, authtype simple, intvl 1s, length 20 02:00:16.693814 IP 10.16.8.11 > 224.0.0.111: VRRPv2, Advertisement, vrid 172, prio 100, authtype simple, intvl 1s, length 20 02:00:17.692710 IP 10.16.8.10 > 224.0.0.111: VRRPv2, Advertisement, vrid 171, prio 100, authtype simple, intvl 1s, length 20
$ yum install epel-release -y $ yum install nginx -y
$ echo "Server 10.16.8.8" > /usr/share/nginx/html/index.html $ echo "Server 10.16.8.9" > /usr/share/nginx/html/index.html
$ curl //10.16.8.8 Server 10.16.8.8
$ yum install nginx psmisc -y
$ mv /etc/nginx/conf.d/default.conf{,.bak} $ mv /etc/nginx/nginx.conf{,.bak}
$ vim /etc/nginx/nginx.conf
user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; include /etc/nginx/conf.d/*.conf; upstream webserverapps { server 10.16.8.8:80; server 10.16.8.9:80; #server 127.0.0.1:8080 backup; } server { listen 80; server_name _; location / { proxy_pass //webserverapps; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 10m; client_body_buffer_size 128k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; add_header Access-Control-Allow-Origin *; } } }
$ systemctl restart nginx
[ root@ka67 ~]# for i in `seq 10`; do curl 10.16.8.10; done Server 10.16.8.8 Server 10.16.8.9 Server 10.16.8.8 Server 10.16.8.9 Server 10.16.8.8 Server 10.16.8.9 Server 10.16.8.8 Server 10.16.8.9 Server 10.16.8.9 Server 10.16.8.9
vrrp_script chk_nginx { script "killall -0 nginx" interval 2 weight -10 fall 2 rise 2 }
track_script { chk_nginx }
... vrrp_instance External_1 { state BACKUP interface eth1 virtual_router_id 171 priority 100 advert_int 1 authentication { auth_type PASS auth_pass renwole0 } virtual_ipaddress { 10.16.8.100 } track_script { chk_nginx } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_"/usr/local/keepalived/etc/keepalived/notify.sh fault" } ...
$ systemctl stop keepalived $ systemctl start keepalived
Web Nginx:10.16.8.8/10.16.8.9
Keepalived:10.16.8.10/10.16.8.11
Keepalived VIP:10.16.8.100/10.16.8.101
OS:CentOS Linux release 7.4.1708 (Core)
Install keepalived.
Time synchronization.
Set SELinux and firewall.
Add each other's hostname to the/etc/hosts file (optional).
Confirm that the network interface supports multicast (multicast) by default.
$ vim /usr/local/keepalived/etc/keepalived/keepalived.conf
global_defs { notification_email { root@localhost } notification_email_from ka@localhost smtp_server 127.0.0.1 smtp_connect_timeout 60 vrrp_mcast_group4 224.0.0.111 } vrrp_instance VI_1 { state MASTER interface eth1 virtual_router_id 191 priority 100 advert_int 1 authentication { auth_type PASS auth_pass renwole0 } virtual_ipaddress { 10.16.8.100 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" } vrrp_instance VI_2 { state BACKUP interface eth1 virtual_router_id 192 priority 95 advert_int 1 authentication { auth_type PASS auth_pass renwole1 } virtual_ipaddress { 10.16.8.101 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" }
$ vim /usr/local/keepalived/etc/keepalived/keepalived.conf
global_defs { notification_email { root@localhost } notification_email_from ka@localhost smtp_server 127.0.0.1 smtp_connect_timeout 60 vrrp_mcast_group4 224.0.0.111 } vrrp_instance VI_1 { state BACKUP interface eth1 virtual_router_id 191 priority 95 advert_int 1 authentication { auth_type PASS auth_pass renwole0 } virtual_ipaddress { 10.16.8.100 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" } vrrp_instance VI_2 { state MASTER interface eth1 virtual_router_id 192 priority 100 advert_int 1 authentication { auth_type PASS auth_pass renwole1 } virtual_ipaddress { 10.16.8.101 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" }
$ vim /usr/local/keepalived/etc/keepalived/notify.sh
#!/ bin/bash # contact=' root@localhost ' notify() { local mailsubject="$(hostname) to be $1, vip floating" local mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1" echo "$mailbody" | mail -s "$mailsubject" $contact } case $1 in master) notify master ;; backup) notify backup ;; fault) notify fault ;; *) echo "Usage: $(basename $0) {master|backup|fault}" exit 1 ;; esac
$ systemctl start keepalived $ systemctl enable keepalived
$ tcpdump -nn -i eth1 host 224.0.0.111
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes 00:32:31.714987 IP 10.16.8.10 > 224.0.0.111: VRRPv2, Advertisement, vrid 191, prio 100, authtype simple, intvl 1s, length 20 00:32:31.715739 IP 10.16.8.11 > 224.0.0.111: VRRPv2, Advertisement, vrid 192, prio 100, authtype simple, intvl 1s, length 20 00:32:32.716150 IP 10.16.8.10 > 224.0.0.111: VRRPv2, Advertisement, vrid 191, prio 100, authtype simple, intvl 1s, length 20 00:32:32.716292 IP 10.16.8.11 > 224.0.0.111: VRRPv2, Advertisement, vrid 192, prio 100, authtype simple, intvl 1s, length 20 00:32:33.717327 IP 10.16.8.10 > 224.0.0.111: VRRPv2, Advertisement, vrid 191, prio 100, authtype simple, intvl 1s, length 20 00:32:33.721361 IP 10.16.8.11 > 224.0.0.111: VRRPv2, Advertisement, vrid 192, prio 100, authtype simple, intvl 1s, length 20
$ yum install tcpdump -y
$ yum -y install ipvsadm
$ systemctl stop keepalived
$ vim /usr/local/keepalived/etc/keepalived/keepalived.conf
virtual_server 10.16.8.100 80 { delay_loop 3 lb_algo rr lb_kind DR protocol TCP # sorry_server 127.0.0.1 80 real_server 10.16.8.8 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 1 nb_get_retry 3 delay_before_retry 1 } } real_server 10.16.8.9 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 1 nb_get_retry 3 delay_before_retry 1 } } } virtual_server 10.16.8.101 80 { delay_loop 3 lb_algo rr lb_kind DR protocol TCP # sorry_server 127.0.0.1 80 real_server 10.16.8.8 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 1 nb_get_retry 3 delay_before_retry 1 } } real_server 10.16.8.9 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 1 nb_get_retry 3 delay_before_retry 1 } } }
$ yum install epel-release -y $ yum install nginx -y
$ echo "Server 10.16.8.8" > /usr/share/nginx/html/index.html $ echo "Server 10.16.8.9" > /usr/share/nginx/html/index.html
$ curl //127.0.0.1 Server 10.16.8.8
$ yum install net-tools -y
$ vim /tmp/rs.sh
#!/ bin/bash vip1=10.16.8.100 vip2=10.16.8.101 dev1=lo:1 dev2=lo:2 case $1 in start) echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce ifconfig $dev1 $vip1 netmask 255.255.255.255 broadcast $vip1 up ifconfig $dev2 $vip2 netmask 255.255.255.255 broadcast $vip2 up echo "VS Server is Ready! " ;; stop) ifconfig $dev down echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce echo "VS Server is Cancel! " ;; *) echo "Usage `basename $0` start|stop" exit 1 ;; esac
$ /tmp/rs.sh start
$ /tmp/rs.sh stop
[ root@localhost ~]# for i in `seq 5`; do > curl 10.16.8.100 > curl 10.16.8.101 > done Server 10.16.8.9 Server 10.16.8.8 Server 10.16.8.8 Server 10.16.8.9 Server 10.16.8.9 Server 10.16.8.8 Server 10.16.8.8 Server 10.16.8.9 Server 10.16.8.9 Server 10.16.8.8