keepalived高可用集群(5分钟做不好,你好意思?)
active/passive:主/备active/active:双主在 keepalived 中,VRRP(虚拟路由冗余协议)被用来实现高可用性和负载均衡。keepalived 是一个用于 Linux 的工具,主要用于管理 VRRP 实现和健康检查。可以判断路由器哪个坏了:VRRP自动把IP迁移到好的路由器上。
目录
编辑 会发现没有192.168.160.100, 因为KA2的优先级低,VIP地址会在KA1上出现,当KA1 down掉时,VIP地址:192.168.160.100,会出现在KA2上。
先重启rsyslog服务再重启keepalived服务,再测试查看/var/log/keepalived文件是否生成
再创建conf.d子配置文件夹,再创建以.conf结尾的子配置文件
编辑我们在realserver1上直接ping 192.168.160.100,会发现ping不通:
我们在KA1查看iptables的规则:可以看到是拒绝所以的访问
再观察iptables 规则(会发现拒绝规则消失了),并再次ping 测试
现在是抢占式模式,当我down掉ka2时,VIP2 也会转移到ka1上
在realserver1和realserver2上添加虚拟VIP地址
当down掉 realserver2时,观察ka1的ipvsadm的策略(观察到192.168.160.120 消失了)
再次测试访问:192.168.160.100(发现只能访问到192.168.160.110) 编辑
现在创建/opt/lee 文件,测试脚本,观察返回值,并观察VIP在哪台主机上
将2台realserver主机上的虚拟VIP地址和arp规则都还原
测试:一直访问 192.168.160.100,通过donw和up 改变haproxy的状态,使VIP来转移。并观察curl 192.168.160.100是否有中断
实现高可用
active/passive:主/备
active/active:双主
active -> HEARTBEAT -> passive
avtive -> HEARTBEAT -> active
VRRP虚拟路由冗余协议
在 keepalived 中,VRRP(虚拟路由冗余协议)被用来实现高可用性和负载均衡。
keepalived 是一个用于 Linux 的工具,主要用于管理 VRRP 实现和健康检查。
可以判断路由器哪个坏了:VRRP自动把IP迁移到好的路由器上。
用户空间核心组件
vrrp stack: VIP消息通告
checkers: 检查real server
system call: 实现 vrrp 协议状态转换时调用脚本的功能
SMTP: 邮件组件
IPVS wrapper: 生成IPVS规则
Netlink Reflector: 网络接口
WatchDog: 监控进程
控制组件:提供keepalived.conf 的解析器,完成keepalived配置
IO复用器:针对网络目的而优化的自己的线程抽象
内存管理组件: 为某些通用的内存管理功能(列如分配;重新分配,发布等)提供访问权限
Keepalived 环境准备
| 主机名 | 网卡 | ip地址 |
|---|---|---|
| realserver1 | nat | 192.168.160.110 |
| realserver2 | nat | 192.168.160.120 |
| KA1 | nat | 192.168.160.10 |
| KA2 | nat | 192.168.160.20 |
首先在2台realserver主机上部署web服务
yum install -y httpd
echo 192.168.160.110 - realserver1 > /var/www/html/index.html
systemctl enable httpd --now
systemctl stop firewalld
setenforce 0
在ka1上测试:
[root@ka1 yum.repos.d]# curl 192.168.160.110
192.168.160.110 - realserver1
[root@ka1 yum.repos.d]# curl 192.168.160.120
192.168.160.120 - realserver2
在ka主机上部署keepalived服务
yum install -y keepalived
添加:
global_defs {
notification_email {
2268864392@qq.com
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id KA1
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.160.100/24 dev ens33 label ens33:1
}
}
重启服务,并观察VIP变化:
systemctl restart keepalived
ifconfig
在KA2上做同样的操作
[root@ka1 ~]# scp /etc/keepalived/keepalived.conf root@192.168.160.20:/etc/keepalived//keepalived.conf
[root@ka2 yum.repos.d]# vim /etc/keepalived/keepalived.conf
修改: priority 80 ## KA2的优先级改为80
会发现没有192.168.160.100, 因为KA2的优先级低,VIP地址会在KA1上出现,当KA1 down掉时,VIP地址:192.168.160.100,会出现在KA2上。
systemctl restart keepalived.service
ifconfig
在realserver1上通过抓包测试
[root@realserver1 ~]# tcpdump -i ens33 -nn host 224.0.0.18
## 会发现访问的是 192.168.160.10
## 我们down掉 KA1的keepalived服务,再测试
[root@realserver1 ~]# tcpdump -i ens33 -nn host 224.0.0.18
## 会发现访问的是 1192.168.160.20
更改日志:
更改日志级别
[root@ka1 ~]# vim /etc/sysconfig/keepalived
添加:
KEEPALIVED_OPTIONS="-D -S 6"
修改rsyslog 服务的配置文件
[root@ka1 ~]# vim /etc/rsyslog.conf
添加:
local6.* /var/log/keepalived.log
先重启rsyslog服务再重启keepalived服务,再测试查看/var/log/keepalived文件是否生成
[root@ka1 ~]# systemctl restart rsyslog.service
[root@ka1 ~]# systemctl restart keepalived.service
[root@ka1 ~]# ll /var/log/keepalived.log
配置独立子配置文件
vim /etc/keepalived/keepalived.conf
先注释掉下面的内容
vim /etc/keepalived/keepalived.conf
添加:
include "/etc/keepalived/conf.d/*.conf"
再创建conf.d子配置文件夹,再创建以.conf结尾的子配置文件
mkdir -p /etc/keepalived/conf.d
vim /etc/keepalived/conf.d/192.168.160.100.conf
systemctl restart keepalived.service
cat /etc/keepalived/conf.d/192.168.160.100.conf
我们在realserver1上直接ping 192.168.160.100,会发现ping不通:
我们在KA1查看iptables的规则:可以看到是拒绝所以的访问
我们修改keepalived的配置文件
vim /etc/keepalived/keepalived.conf
添加:
vrrp_iptables
注意! vrrp_strict 和 vrrp_iptables是成对出现的。 要么都开启,要么都注释掉。
# systemctl restart keepalived
再观察iptables 规则(会发现拒绝规则消失了),并再次ping 测试
非抢占式优先级
ka1和ka2 都需要修改
vim /etc/keepalived/keepalived.conf
修改和添加:
state BACKUP
nopreempt
# systemctl restart keepaleved
测试:会发现当VIP服务器down掉时,VIP地址才会转移
(本来VIP在优先级高的ka1上,当ka1 down时 vip会转移到ka2上。重启ka1 后 VIP 应该回到ka1上,但是VIP依然在ka2 上。这就是非抢占式)
延时抢占
我们需要先还原抢占式模式,再修改配置文件
vim /etc/keepalived/keepalived.conf
添加:
preempt_delay 5s ## 延时5s
systemctl restart keepalived
ka1上:
ka2上:
测试:(会发现每次VIP转移都有5s的延迟)
VIP单播配置
在ka1上
vim /etc/keepalived/keepalived.conf
必须静止 单播模式
添加: ## 从192.168.160.10 到 192.168.160.20
unicast_src_ip 192.168.160.10
unicast_peer {
192.168.160.20
}
# systemctl restart keepalived
在ka2上
vim /etc/keepalived/keepalived.conf
必须静止 单播模式
添加: ## 从192.168.160.20 到 192.168.160.10
unicast_src_ip 192.168.160.20
unicast_peer {
192.168.160.10
}
# systemctl restart keepalived
测试
VIP在哪台ka上,才能抓包测试通过
邮件通知
获取邮件生成码
安装邮件服务并配置
yum install -y mailx
vim /etc/mail.rc
添加:
set bsdcompat
set from=2268864392@qq.com
set smtp=smtp.qq.com
set smtp-auth-user=2268864392@qq.com
set smtp-auth-password=dnlmpfomlteteaic
set smtp-auth=login
set ssl-verify=ignore
测试
在qq邮箱会收到邮件
echo test | mail -s test 2268864392@qq.com
编写mail脚本
2台ka上都做
[root@ka1 ~]# vim /etc/keepalived/mail.sh
添加:
#!/bin/bash
mail_dst="2268864392@qq.com"
send_message()
{
mail_sub="$HOSTNAME to be $1 vip move"
mail_msg="`date +%F\ %T`: vrrp move $HOSTNAME chage $1"
echo $mail_msg | mail -s "$mail_sub" $mail_dst
}case $1 in
master)
send_message master
;;
backup)
send_message backup
;;
fault)
send_message fault
;;
*)
;;
esac
[root@ka1 ~]# chmod +x /etc/keepalived/mail.sh
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
添加: ##注意括号位置
notify_master "/etc/keepalived/mail.sh master"
notify_backup "/etc/keepalived/mail.sh backup"
notify_fault "/etc/keepalived/mail.sh master"
[root@ka1 ~]# systemctl restart keepalived.service
[root@ka1 ~]# /etc/keepalived/mail.sh fault
测试
现在关闭ka1,观察收到的邮件:
会发现收到ka2 变为 VIP的邮件。
现在重启ka1,观察收到的邮件:
会发现ka1 重新变为VIP
keepalived双主架构
在ka1上
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
添加:
vrrp_instance VI_2 {
state BACKUP
interface ens33
virtual_router_id 200
priority 80
#nopreempt
advert_int 1
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.160.200/24 dev ens33 label ens33:2
}
unicast_src_ip 192.168.160.10
unicast_peer {
192.168.160.20
}
}
# systemctl restart keepalived
在ka2上
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
添加:
vrrp_instance VI_2 {
state MASTER
interface ens33
virtual_router_id 200
priority 100
#nopreempt
advert_int 1
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.160.200/24 dev ens33 label ens33:2
}
unicast_src_ip 192.168.160.20
unicast_peer {
192.168.160.10
}
}
# systemctl restart keepalived
现在
| 主机 | VIP1 | VIP2 |
|---|---|---|
| ka1 | 主 | 备 |
| ka2 | 备 | 主 |
观察到192.168.160.100 在ka1上,192.168.160.200在ka2上
现在是抢占式模式,当我down掉ka2时,VIP2 也会转移到ka1上
[root@ka2 ~]# systemctl stop keepalived.service
重启ka2 VIP2就会转移回ka2
IPVS+keepalived
实现单主的lvs
在realserver1和realserver2上添加虚拟VIP地址
[root@realserver1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-lo
添加:
IPADDR1=192.168.160.100
NETMASK1=255.255.255.255
# systemctl restart network
给2台realserver上配置arp规则
[root@realserver1 ~]# sysctl -a | grep arp
找到
net.ipv4.conf.all.arp_announce = 0 修改值为 2
net.ipv4.conf.all.arp_ignore = 0 修改值为 1
net.ipv4.conf.lo.arp_announce = 0 修改值为 2
net.ipv4.conf.lo.arp_ignore = 0 修改值为 1[root@realserver1 ~]# vim /etc/sysctl.d/99-sysctl.conf
添加:
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.lo.arp_ignore=1[root@realserver1 ~]# sysctl --system
在ka1和ka2上 部署ipvsadm服务
[root@ka1 ~]# yum install -y ipvsadm.x86_64
[root@ka2 ~]# yum install -y ipvsadm.x86_64
修改keepalived文件,添加lvs策略
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
添加:
virtual_server 192.168.160.100 80{
delay_loop 6
lb_algo wrr
lb_kind DR
protocol TCPreal_server 192.168.160.110 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}real_server 192.168.160.120 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
查看ipvsadm规则
[root@ka1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.160.100:80 wrr
-> 192.168.160.110:80 Route 1 0 0
-> 192.168.160.120:80 Route 1 0 0
测试:访问192.168.160.100
当down掉 realserver2时,观察ka1的ipvsadm的策略(观察到192.168.160.120 消失了)
[root@realserver2 ~]# systemctl stop httpd
[root@ka1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.160.100:80 wrr
-> 192.168.160.110:80 Route 1 0 2
再次测试访问:192.168.160.100(发现只能访问到192.168.160.110) 
重启reserver2后恢复
单主 keeplived + haproxy
难点:监控haproxy的生命来切换VIP
利用脚本实现主从的切换
创建一个脚本文件:
[root@ka1 ~]# vim /etc/keepalived/test.sh
[root@ka1 ~]# cat /etc/keepalived/test.sh
#!/bin/bash
[ ! -f /opt/lee ]
[root@ka1 ~]# chmod +x /etc/keepalived/test.sh
修改keepalived配置文件
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
添加:
vrrp_script check_file {
script "/etc/keepalived/test.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}
在 vrrp_instance VI_1 里添加:
track_script {
check_file
}
# systemctl restart keepalived
测试
现在/opt/lee 文件不存在,测试脚本,观察返回值,并观察VIP在哪台主机上。(可以看到返回值是0,优先级没有改变,VIP在ka1上)
[root@ka1 ~]# systemctl restart keepalived.service
[root@ka1 ~]# sh /etc/keepalived/test.sh
[root@ka1 ~]# echo $?
0
[root@ka1 ~]# ifconfig
现在创建/opt/lee 文件,测试脚本,观察返回值,并观察VIP在哪台主机上
可以看到返回值是非0,优先级降低,VIP转移到ka2上
[root@ka1 ~]#touch /opt/lee
[root@ka1 ~]# sh /etc/keepalived/test.sh
[root@ka1 ~]# echo $?
1
[root@ka1 ~]# ifconfig
[root@ka2 ~]# ifconfig
实现haproxy高可用
在2台ka上部署haproxy服务,并启动内核参数
[root@ka1 ~]# yum install -y haproxy.x86_64
[root@ka1 ~]# vim /etc/sysctl.conf
[root@ka1 ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
在keepalived配置文件里 注释掉前面做的lvs配置
(如果没有,跳过这一步)
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
将2台realserver主机上的虚拟VIP地址和arp规则都还原
(如果没有,跳过这一步)
在2台ka主机上修改haproxy的配置文件
[root@ka1 ~]# vim /etc/haproxy/haproxy.cfg
添加:
listen webcluster
bind 192.168.160.100:80
mode http
balance roundrobin
server web1 192.168.160.110:80 check inter 3 fall 2 rise 5
server web2 192.168.160.120:80 check inter 3 fall 2 rise 5
# systemctl restart haproxy
查看haproxy的端口
[root@ka1 ~]# netstat -tnlup | grep haproxy
tcp 0 0 0.0.0.0:5000 0.0.0.0:* LISTEN 27787/haproxy
tcp 0 0 192.168.160.100:80 0.0.0.0:* LISTEN 27787/haproxy
测试:访问 192.168.160.100
(实现了haproxy的负载均衡功能)
关闭 realserver1 的web 服务,在测试(只能访问到192.168.160.110)
现在配置haproxy的高可用配置
修改脚本文件
[root@ka1 ~]# vim /etc/keepalived/test.sh
[root@ka1 ~]# cat /etc/keepalived/test.sh
#!/bin/bash
killall -0 haproxy
[root@ka1 ~]# chmod +x /etc/keepalived/test.sh
修改keepalived配置文件
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_script check_haproxy {
script "/etc/keepalived/test.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 100
priority 100
#nopreempt
advert_int 1
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.160.100/24 dev ens33 label ens33:1
}
unicast_src_ip 192.168.160.10
unicast_peer {
192.168.160.20
}
track_script {
check_haproxy
}
}
#systemctl restart keepalived
测试
先观察VIP地址在ka1上,当关闭haproxy服务时,VIP也同时发生了转移
systemctl stop haproxy
测试:一直访问 192.168.160.100,通过donw和up 改变haproxy的状态,使VIP来转移。并观察curl 192.168.160.100是否有中断
/home/mobaxterm # while true; do curl 192.168.160.100; done
助力广东及东莞地区开发者,代码托管、在线学习与竞赛、技术交流与分享、资源共享、职业发展,成为松山湖开发者首选的工作与学习平台
更多推荐
19
0- 0
已为社区贡献1条内容
所有评论(0)