keepalived群集

孟孟爱吃香菜2023-10-03 16:32

keepalived介绍

Keepalived 是一个基于vrrp协议来实现LVS服务高可用方案,可以解决静态路由出现的单点故障问题

keepalived工作原理

在一个LWS服务集群中通常有主服务器STBR) 和备份服务器BACKUP) 两种角色的服务器,但是对外表现为一个虚拟IP(VIP),主服务器会发送VRRP通告信息给备份服务器,当备份服务器收不到VRRP消息的时候,即主服务器异常的时候,备份服务器就会接管虚拟IP,继续提供服务,从而保证了高可用性。

keepalived体系主要模块

keepalived体系架构中主要有三个模块:core check vrrp

core模块:为keepalived的核心,负责主进程的启动、维护及全局配置文件的加载和解析

check模块:负责健康检查,常见的方式有端口检查和URL检查 (节点服务器的检查)

vrrp模块: 来实现VRRP协议的(调度器之间的健康检查和主备切换)

keepalived+LVS高可用集群配置

bash 复制代码 
官方网站:http://www.keepalived.org/
web服务器1 192.168.65.101
web服务器2 192.168.65.102
主DR 服务器:192.168.65.106
备DR 服务器:192.168.65.105
VIP 192.168.65.110

#在所有操作前要关闭所有机器的防火墙和selinux

配置web服务器

bash 复制代码 
101 web服务器
[root@www ~]#yum -y install httpd
[root@www ~]#cd /var/www/html
[root@www html]#vim test.html
this is web1 page 
[root@www html]#cd /etc/sysconfig/network-scripts/
[root@www network-scripts]#vim ifcfg-lo:0
[root@www network-scripts]#systemctl restart network
[root@www network-scripts]#systemctl start httpd
[root@www network-scripts]#ifconfig lo:0
lo:0: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 192.168.65.110  netmask 255.255.255.255
        loop  txqueuelen 1  (Local Loopback)

[root@www network-scripts]#route add -host 192.168.65.110 dev lo:0
[root@www network-scripts]#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.65.2    0.0.0.0         UG    100    0        0 ens33
192.168.65.0    0.0.0.0         255.255.255.0   U     100    0        0 ens33
192.168.65.110  0.0.0.0         255.255.255.255 UH    0      0        0 lo
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
[root@www network-scripts]#vim /etc/sysctl.conf
[root@www network-scripts]#vim /etc/sysctl.conf
[root@www network-scripts]#sysctl -p
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@www network-scripts]#systemctl stop keepalived.service
[root@www network-scripts]#vim ifcfg-lo:0
[root@www network-scripts]#vim /etc/sysctl.conf
[root@www network-scripts]#sysctl -p
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@www network-scripts]#

102 web服务器
[root@localhost ~]#yum -y install httpd
[root@localhost ~]#cd /var/www/html
[root@localhost html]#ls
[root@localhost html]#vim test.html
this is web2 page
[root@localhost html]#
[root@localhost html]#cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]#ls
ifcfg-ens33  ifdown-ipv6    ifdown-TeamPort  ifup-ippp   ifup-routes       network-functions
ifcfg-lo     ifdown-isdn    ifdown-tunnel    ifup-ipv6   ifup-sit          network-functions-ipv6
ifdown       ifdown-post    ifup             ifup-isdn   ifup-Team
ifdown-bnep  ifdown-ppp     ifup-aliases     ifup-plip   ifup-TeamPort
ifdown-eth   ifdown-routes  ifup-bnep        ifup-plusb  ifup-tunnel
ifdown-ib    ifdown-sit     ifup-eth         ifup-post   ifup-wireless
ifdown-ippp  ifdown-Team    ifup-ib          ifup-ppp    init.ipv6-global
[root@localhost network-scripts]#vim ifcfg-lo:0
[root@localhost network-scripts]#systemctl restart network
[root@localhost network-scripts]#systemctl start httpd
[root@localhost network-scripts]#ifconfig lo:0
lo:0: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 192.168.65.110  netmask 255.255.255.255
        loop  txqueuelen 1  (Local Loopback)

[root@localhost network-scripts]#route add -host 192.168.65.110 dev lo:0
[root@localhost network-scripts]#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.65.2    0.0.0.0         UG    100    0        0 ens33
192.168.65.0    0.0.0.0         255.255.255.0   U     100    0        0 ens33
192.168.65.110  0.0.0.0         255.255.255.255 UH    0      0        0 lo
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
[root@localhost network-scripts]#vim /etc/sysctl.conf
[root@localhost network-scripts]#sysctl -p
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2

配置主备服务器

bash 复制代码 
主服务器
[root@localhost yum.repos.d]# yum -y install ipvsadm keepalived
[root@localhost yum.repos.d]# cd /etc/keepalived/
[root@localhost keepalived]# cp keepalived.conf keepalived.conf.bak
[root@localhost keepalived]# ls
keepalived.conf  keepalived.conf.bak
[root@localhost keepalived]# vim keepalived.conf
global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 127.0.0.1 #修改为本机邮件地址
   smtp_connect_timeout 30
   router_id LVS_01 #指定服务器(路由器)的名称,主备服务器名称须不同 主为LVS_01,备为LVS_02
   vrrp_skip_check_adv_addr
   #vrrp_strict  #要注释掉
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    state MASTER  #指定热备状态,主为MASTER,备为BACKUP
    interface ens33  #指定虚拟路由器的ID号,每个热备组保持一致
    virtual_router_id 51
    priority 100  #优先级,主的优先级大于备
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.65.110#指定群集vip地址
    }
}

virtual_server 192.168.65.110 80 {#指定虚拟服务器地址(VIP)、端口,定义虚拟服务器和Web服务器池参数
    delay_loop 6
    lb_algo rr
    lb_kind DR #改为DR模式
    persistence_timeout 50
    protocol TCP

    real_server 192.168.65.101 80 { #指定第一个Web节点的地址、端口
        weight 1 #节点的权重
        TCP_CHECK {  #添加健康检查方式
            connetc_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
    real_server 192.168.65.102 80 {#指定第二个Web节点的地址、端口
        weight 1
        TCP_CHECK {
            connetc_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}

[root@localhost keepalived]# systemctl start keepalived.service
[root@localhost keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:f6:41:44 brd ff:ff:ff:ff:ff:ff
    inet 192.168.65.106/24 brd 192.168.65.255 scope global ens33
       valid_lft forever preferred_lft forever
    inet 192.168.65.110/32 scope global ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::6e6:5516:e3a5:1df5/64 scope link
       valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN qlen 1000
    link/ether 52:54:00:62:7b:1b brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 1000
    link/ether 52:54:00:62:7b:1b brd ff:ff:ff:ff:ff:ff
[root@localhost keepalived]# vim /etc/sysctl.conf

[root@localhost keepalived]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
[root@localhost keepalived]# ipvsadm-save > /etc/sysconfig/ipvsadm
[root@localhost keepalived]# systemctl start ipvsadm
[root@localhost keepalived]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  127.0.0.1:80 rr persistent 50
  -> 192.168.65.101:80            Route   1      0          0
  -> 192.168.65.102:80            Route   1      0          0
[root@localhost keepalived]# ls
keepalived.conf  keepalived.conf.bak
[root@localhost keepalived]# scp keepalived.conf 192.168.65.105:`pwd` #在备服务器安装了keepalived服务之后
The authenticity of host '192.168.65.105 (192.168.65.105)' can't be established.
ECDSA key fingerprint is SHA256:0uVzxvjz78kvP/DW7x6yuiceb5ddmohQ+q+Rkw0Yci8.
ECDSA key fingerprint is MD5:cf:e7:ab:d9:0d:c0:56:dc:e8:22:96:cd:54:c3:3d:5b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.65.105' (ECDSA) to the list of known hosts.
root@192.168.65.105's password:
keepalived.conf                                                 100% 1174     1.6MB/s   00:00
[root@localhost keepalived]# vim /etc/sysctl.conf
[root@localhost keepalived]#
[root@localhost keepalived]#
[root@localhost keepalived]# ipvsadm -A -t 192.168.65.110:80 -s rr
[root@localhost keepalived]# ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  localhost:http rr persistent 50
  -> 192.168.65.101:http          Route   1      0          0
  -> 192.168.65.102:http          Route   1      0          0
TCP  localhost.localdomain:http rr
[root@localhost keepalived]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  127.0.0.1:80 rr persistent 50
  -> 192.168.65.101:80            Route   1      0          0
  -> 192.168.65.102:80            Route   1      0          0
TCP  192.168.65.110:80 rr
[root@localhost keepalived]#

备服务器
[root@localhost yum.repos.d]# yum -y install ipvsadm keepalived
[root@localhost yum.repos.d]# cd /etc/keepalived/
[root@localhost keepalived]# ls
keepalived.conf
[root@localhost keepalived]# ls
keepalived.conf
[root@localhost keepalived]# vim keepalived.conf

 notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id LVS_02 #指定服务器(路由器)的名称,主备服务器名称须不同 主为LVS_01,备为LVS_02
   vrrp_skip_check_adv_addr
   #vrrp_strict  
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    state BACKUP  #指定热备状态,主为MASTER,备为BACKUP
    interface ens33  
    virtual_router_id 51
    priority 90  #优先级,主的优先级大于备
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }

[root@localhost keepalived]# systemctl start keepalived.service
[root@localhost keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:38:f8:2e brd ff:ff:ff:ff:ff:ff
    inet 192.168.65.105/24 brd 192.168.65.255 scope global ens33
       valid_lft forever preferred_lft forever
    inet 192.168.65.110/32 scope global ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::fbdd:bf23:9285:4611/64 scope link
       valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN qlen 1000
    link/ether 52:54:00:46:82:bb brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 1000
    link/ether 52:54:00:46:82:bb brd ff:ff:ff:ff:ff:ff
[root@localhost keepalived]# vim /etc/sysctl.conf
[root@localhost keepalived]#
[root@localhost keepalived]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
[root@localhost keepalived]# ipvsadm-save > /etc/sysconfig/ipvsadm
[root@localhost keepalived]# systemctl start ipvsadm
[root@localhost keepalived]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  127.0.0.1:80 rr persistent 50
  -> 192.168.65.101:80            Route   1      0          0
  -> 192.168.65.102:80            Route   1      0          0

[root@localhost keepalived]# ipvsadm -A -t 192.168.65.110:80 -s rr
[root@localhost keepalived]# ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  localhost:http rr persistent 50
  -> 192.168.65.101:http          Route   1      0          0
  -> 192.168.65.102:http          Route   1      0          0
TCP  localhost.localdomain:http rr
[root@localhost keepalived]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  127.0.0.1:80 rr persistent 50
  -> 192.168.65.101:80            Route   1      0          0
  -> 192.168.65.102:80            Route   1      0          0
TCP  192.168.65.110:80 rr

测试

关闭主服务器后,依旧可以访问web服务器,证明实验成功

脑裂问题

脑裂现象

主服务器和备服务器同时拥有VIP

脑裂原因

主服务器好玩备服务器之间的通信链路中断,导致备服务器无法正常收到主服务器发送的VRRP心跳报文

解决方法

关闭主服务器或者备服务器其中一个的keepalived服务

预防措施

1、主服务器与备服务器之间添加双联通链路

2、在主服务器上定义运行脚本判断备服务器通信链路是否中断,如果中断则自行滚逼keepalived服务

3、利用第三方监控软件检测是否发生脑裂故障,如果发生则通过监控软件关闭主或备服务器上的keepalived服务

相关推荐
心灵彼岸-诗和远方1 小时前
DevOps业务价值流:架构设计最佳实践
运维·产品经理·devops
一只哒布刘1 小时前
NFS服务器
运维·服务器
苹果醋32 小时前
Java8->Java19的初步探索
java·运维·spring boot·mysql·nginx
二十雨辰2 小时前
[linux]docker基础
linux·运维·docker
Jason-河山3 小时前
【自动化更新,让商品信息跳舞】——利用API返回值的幽默编程之旅
运维·自动化
饮浊酒3 小时前
Linux操作系统 ------(3.文本编译器Vim)
linux·vim
lihuhelihu3 小时前
第3章 CentOS系统管理
linux·运维·服务器·计算机网络·ubuntu·centos·云计算
哲讯智能科技3 小时前
SAP Business One市场价格解析
运维·sap·erp
矛取矛求3 小时前
Linux系统性能调优技巧
linux
山东布谷科技官方3 小时前
布谷直播源码部署服务器关于数据库配置的详细说明
运维·服务器·数据库·直播系统源码·直播源码·直播系统搭建·直播软件开发
热门推荐
01如何才能让手机厂商主动拥抱华为,接入鸿蒙系统?02【HarmonyOS】HUAWEI DevEco Studio 下载地址汇总03组基轨迹建模 GBTM的介绍与实现(Stata 或 R)04基于YOLOv10深度学习的CT扫描图像肾结石智能检测系统【python源码+Pyqt5界面+数据集+训练代码】深度学习实战、目标检测05(欧拉)openEuler系统添加网卡文件配置流程、(欧拉)openEuler系统手动配置ipv6地址流程、(欧拉)openEuler系统网络管理说明06【经验分享】Ubuntu22.04安装微信(linux官方版)07【TC3xx芯片】TC3xx芯片电源管理系统PMS详解08全面解析:构建基于深度学习的安全帽检测系统(UI界面+YOLO代码+数据集)09RAG 实践- Ollama+RagFlow 部署本地知识库10你还在傻傻的打开页面输用户名和密码?来我教你实现自动化