目录
[keepalived 概述](#keepalived 概述)
[keepalived 体系主要模块及其作用](#keepalived 体系主要模块及其作用)
[keepalived 工作原理](#keepalived 工作原理)
[LVS+Keepalived 高可用群集](#LVS+Keepalived 高可用群集)
[部署 192.168.142.20 主](#部署 192.168.142.20 主)
[部署 192.168.142.30 从](#部署 192.168.142.30 从)
keepalived 概述
keepalived 软件就是通过VRRP协议实现高可用功能
keepalived 体系主要模块及其作用
故障自动切换 failover
实现LVS集群中节点健康检查
节点服务器高可用性 HA
keepalived 主要有三个模块
core
keepalived 核心,负责主进程启动、维护并且调用全局配置文件来去加载和解析
vrrp
就是来实现VRRP协议
check
负责健康检查,检查模式常见端口、URL
keepalived 工作原理
keepalived 高可用之间是通过VRRP进行通信,VRRP是通过竞选来确定主备,主优先级高于备,因此,工作时主优先获得所有资源,备节点处于等待状态,当主挂了的时候,备节点就会接管主节点资源,然后顶替主节点对外提供服务。在keepalived 服务器之间,只有作为主的服务器会一直发送VRRP广播包,告诉备我还活着,此时备不会去抢占主,当主不可用的时候,即备要监听不到主发送的广播包时,它就会启动相关服务来去接管资源,保证业务的连续性,接管速度最快小于1秒
一个健康的集群的特点
1.负载均衡
2.健康检查:探针(心跳消息-ping, tcp端口检查-三次握手,http url检查-返回码)
3.故障切换
Keepalived经常会出现的问题
脑裂现象
出现脑裂现象产生的原因
Master一直发送心跳消息给backup主机,如果中间的链路突然断掉,backup主机将无法收到master主机发送过来的心跳消息(也就是vrrp报文),backup这时候会立即抢占master的工作,但其实这时候的master是正常工作的,此时就会出现脑裂的现象。
怎么预防脑裂现象
1.使用shell脚本对这两个主机之间的连通性进行监测,如果发现有问题,就会立即关闭keepalived服务来防止脑裂的产生。
2.增加一条链路作为备用链路,即使主链路挂掉了,备用链路也会顶上来,master主机可以继续给backup主机发送心跳消息。
3.监控软件的方法,这边主要是采用的zabbix来监控的,主要就是创建监控项,创建触发器来测试关闭keepalived服务。
keepalived的配置相关解释
cd /etc/keepalived/
cp keepalived.conf keepalived.conf.bak
vim keepalived.conf
......
global_defs { #定义全局参数
--10行--修改,邮件服务指向本地
smtp_server 127.0.0.1
--12行--修改,指定服务器(路由器)的名称,主备服务器名称须不同,主为LVS_01,备为LVS_02
router_id LVS_01
--14行--注释掉,取消严格遵守VRRP协议功能,否则VIP无法被连接
#vrrp_strict
}
vrrp_instance VI_1 { #定义VRRP热备实例参数
--20行--修改,指定热备状态,主为MASTER,备为BACKUP
state MASTER
--21行--修改,指定承载vip地址的物理接口
interface ens33
--22行--修改,指定虚拟路由器的ID号,每个热备组保持一致
virtual_router_id 10
#nopreempt #如果设置非抢占模式,两个节点state必须为bakcup,并加上配置 nopreempt
--23行--修改,指定优先级,数值越大优先级越高,这里设置主为100,备为90
priority 100
advert_int 1 #通告间隔秒数(心跳频率)
authentication { #定义认证信息,每个热备组保持一致
auth_type PASS #认证类型
--27行--修改,指定验证密码,主备服务器保持一致
auth_pass abc123
}
virtual_ipaddress { #指定群集vip地址
192.168.80.188
}
}
--36行--修改,指定虚拟服务器地址(VIP)、端口,定义虚拟服务器和Web服务器池参数
virtual_server 192.168.80.188 80 {
delay_loop 6 #健康检查的间隔时间(秒)
lb_algo rr #指定调度算法,轮询(rr)
--39行--修改,指定群集工作模式,直接路由(DR)
lb_kind DR
persistence_timeout 0 #连接保持时间(秒)
protocol TCP #应用服务采用的是 TCP协议
--43行--修改,指定第一个Web节点的地址、端口
real_server 192.168.80.12 80 {
weight 1 #节点的权重
--45行--删除,添加以下健康检查方式
TCP_CHECK {
connect_port 80 #添加检查的目标端口
connect_timeout 3 #添加连接超时(秒)
nb_get_retry 3 #添加重试次数
delay_before_retry 3 #添加重试间隔
}
}
real_server 192.168.80.13 80 { #添加第二个 Web节点的地址、端口
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
##删除后面多余的配置##
}
systemctl start keepalived
ip addr #查看虚拟网卡vip
部署keepalived
192.168.142.20(主)
192.168.142.30(备)
部署192.168.142.20
systemctl stop firewalld
setenforce 0
yum -y install keepalived.x86_64
cd /etc/keepalived/
cp keepalived.conf keepalived.conf.bak
vim keepalived.conf
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_01
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.142.188
}
}
systemctl start keepalived.service
systemctl enable keepalived.service
可以将主的配置文件复制到从后进行修改
scp keepalived.conf 192.168.142.30`pwd`
部署192.168.142.30
systemctl stop firewalld
setenforce 0
yum -y install keepalived.x86_64
cd /etc/keepalived/
cp keepalived.conf keepalived.conf.bak
vim keepalived.conf ##此文件已经从主服务器上复制过来了
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_02
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.142.188
}
}
systemctl start keepalived.service
systemctl enable keepalived.service
LVS+Keepalived 高可用群集
192.168.142.20 主
192.168.142.30 备
192.168.142.50 nginx
192.168.142.60 nginx
部署192.168.142.50(nginx)
把nginx.repo的包拖到/etc/yum.repos.d
yum -y install nginx
编辑网页文件
cd /usr/share/nginx/html/
vim test.html
<html>
<body>
<h1>this is nginx1 test web!</h1>
</body>
</html>
添加vip,在lo上面
cd /etc/sysconfig/network-scripts/
cp ifcfg-lo ifcfg-lo:0
vim ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.142.188
NETMASK=255.255.255.255
ONBOOT=yes
修改内核参数
vim /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
指定路由
route add -host 192.168.142.188 dev lo:0
部署192.168.142.60(nginx)
把nginx.repo的包拖到/etc/yum.repos.d
yum -y install nginx
添加网页文件
cd /usr/share/nginx/html/
vim test.html
<html>
<body>
<h1>this is nginx2 test web!</h1>
</body>
</html>
添加vip,在lo上面
cd /etc/sysconfig/network-scripts/
cp ifcfg-lo ifcfg-lo:0
vim ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.142.188
NETMASK=255.255.255.255
ONBOOT=yes
修改内核参数
vim /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
指定路由
route add -host 192.168.142.188 dev lo:0
部署 192.168.142.20 主
systemctl stop firewalld.service
setenforce 0
yum -y install keepalived ipvsadm
modprobe ip_vs
ipvsadm-save > /etc/sysconfig/ipvsadm
systemctl start ipvsadm
cd /etc/keepalived/
cp keepalived.conf keepalived.conf.bak
vim keepalived.conf
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_01
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.142.188
}
}
virtual_server 192.168.142.188 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 0
protocol TCP
real_server 192.168.142.50 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.142.60 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
#可以把主的配置文件复制到从中去
scp keepalived.conf 192.168.146.30:`pwd`
设置内核参数
vim /etc/sysctl.conf
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
sysctl -p
systemctl start keepalived
部署 192.168.142.30 从
systemctl stop firewalld.service
setenforce 0
yum -y install keepalived ipvsadm
modprobe ip_vs
ipvsadm-save > /etc/sysconfig/ipvsadm
systemctl start ipvsadm
keepalived的配置文件已经从主复制过来了
vim keepalived.conf
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_02
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.142.188
}
}
virtual_server 192.168.142.188 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 0
protocol TCP
real_server 192.168.142.50 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.142.60 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
设置内核参数
vim /etc/sysctl.conf
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
sysctl -p
systemctl start keepalived