目录
[2.1 安装keepalived](#2.1 安装keepalived)
[2.2 安装ipvsadm](#2.2 安装ipvsadm)
[2.3 配置keepalived](#2.3 配置keepalived)
[2.3.1 主](#2.3.1 主)
[2.3.1 从](#2.3.1 从)
[2.4 查看lvs节点状态](#2.4 查看lvs节点状态)
[3.1 调整ARP参数](#3.1 调整ARP参数)
[3.2 配置虚拟IP地址](#3.2 配置虚拟IP地址)
[3.3 添加回环路由](#3.3 添加回环路由)
[3.4 安装nginx](#3.4 安装nginx)
一、概述
1.简介
Keepalived 是一个基于 VRRP 协议来实现的 LVS 服务高可用方案,可以解决静态路由出现的单点故障问题。
2.原理
在一个 LVS 服务集群中通常有主服务器(MASTER)和备份服务器(BACKUP)两种角色的服务器,但是对外表现为一个虚拟 IP,主服务器会发送 VRRP 通告信息给备份服务器,当备份服务器收不到 VRRP消息的时候,即主服务器异常的时候,备份服务器就会接管虚拟 IP,继续提供服务,从而保证了高可用性。
3.作用
解决单点故障问题
二、安装
yum install -y keepalived
1.配置文件
/etc/keepalived/keepalived.conf
2.配置项
router_id 1 定义节点id
state MASTER|BACKUP 定义节点主从状态
interface ens33 配置监听的网卡
virtual_router_id 51 同一个热备组要保持一致
priority 100 节点优先级
advert_int 1 多少秒进行一次心跳检测
authentication {
auth_type PASS
auth_pass 1111
} keepalived节点的认证方式,同一个keepalived双机热备组一定要保持一致
virtual_ipaddress 配置VIP,即漂移地址
vrrp
vrrp_script chk_nginx_server {
script "/etc/keepalived/chk_nginx.sh "
interval 1
weight -2
}
三、功能模块
1.core
主进程启动
2.vrrp
vrrp协议:热备份路由协议
3.check
健康状态检测
四、配置双机热备
1.master
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.42.100
192.168.42.101
192.168.42.102
}
}
2.backup
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.42.100
192.168.42.101
192.168.42.102
}
}
五、验证
1.curl验证
2.关闭主服务验证
六、双机热备的脑裂现象
- Keepalived配置里同一 VRRP实例如果 virtual_router_id两端参数配置不一致也会导致裂脑问题发生。
- vrrp实例名字不一致、优先级一致
- 防火墙打开,导致心跳无法正常通信
- 网卡故障 网卡进行多路复用
注:VIP无法通信,注释:vrrp_strict
七、keepalived+lvs(DR)
1.作用
- 使用keepalived解决lvs的单点故障
- 高可用集群
2.调度器配置
2.1 安装keepalived
yum install -y keepalived
2.2 安装ipvsadm
yum install -y ipvsadm
modprobe ip_vs
lsmod |grep ip_vs
2.3 配置keepalived
2.3.1 主
vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL1
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.42.200
}
}
virtual_server 192.168.42.200 80 {
delay_loop 6
lb_algo rr
lb_kind DR
#persistence_timeout 50
protocol TCP
real_server 192.168.42.5 80 {
weight 1
HTTP_GET {
url {
path /
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.42.6 80 {
weight 1
HTTP_GET {
url {
path /
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
2.3.1 从
vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL2
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.42.200
}
}
virtual_server 192.168.42.200 80 {
delay_loop 6
lb_algo rr
lb_kind DR
#persistence_timeout 50
protocol TCP
real_server 192.168.42.5 80 {
weight 1
HTTP_GET {
url {
path /
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.42.6 80 {
weight 1
HTTP_GET {
url {
path /
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
2.4 查看lvs节点状态
systemctl start keepalived
ipvsadm -ln
ip a
3.web节点配置
3.1 调整ARP参数
vim /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.default.arp_ignore=1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce=2
sysctl -p
3.2 配置虚拟IP地址
cd /etc/sysconfig/network-scripts/
cp ifcfg-lo ifcfg-lo:0
vim ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.115.200
NETMASK=255.255.255.255
ONBOOT=yes
NAME=loopback:0
3.3 添加回环路由
route add -host 192.168.42.200/32 dev lo:0
3.4 测试
断掉主,测试备