Keepalived双机热备
Keepalived实现原理刨析
Keepalived采用VRRP热备份协议实现Linux服务器的多机热备功能
Keepalived案例分析
Keepalived可以实现多机热备,每个热备组可有多台服务器
双机热备的故障切换是由虚拟IP地址的漂移来实现,适用于各种应用服务器'
实现基于web服务的双机热备
- 漂移地址:192.168.10.72
- 主、备服务器:192.168.10.73、192.168.10.74
- 提供的应用服务:Web
LVS+Keepalived高可用性
配置主调度器
安装keepalived
cpp
[root@localhost ~]# systemctl stop NetworkManager
[root@localhost ~]# setenforce 0
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# yum -y install keepalived ipvsadm
[root@localhost ~]# systemctl enable keepalived主服务器keepalived的配置
cpp
[root@localhost keepalived]# cp keepalived.conf keepalived.conf.bak
[root@localhost keepalived]# vi keepalived.conf
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
#vrrp_strict //抢占模式
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_01 //路由id
}
vrrp_instance VI_1 {
state MASTER //热备状态,MASTER表示服务器
interface ens33 //承载VIP地址的物理接口
virtual_router_id 51 //虚拟路由的ID
priority 100 //优先级
advert_int 1
authentication {
auth_type PASS //连接方式
auth_pass 1111 //密码
}
virtual_ipaddress { //指定漂移地址
192.168.10.172
}
}
virtual_server 192.168.10.172 80 {
delay_loop 6
lb_algo rr //调度算法
lb_kind DR //
nat_mask 255.255.255.0
! persistence_timeout 50
protocol TCP
real_server 192.168.10.103 80 {
weight 1
TCP_CHECK {
connect_port 80 //连接端口
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.10.104 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}主内核参数的配置
cpp
[root@localhost ~]# vi /etc/sysctl.conf
............
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
[root@localhost ~]# sysctl -p开启主服务器的keepalived服务
cpp
[root@localhost ~]# systemctl start keepalived
[root@localhost keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:be:c5:4c brd ff:ff:ff:ff:ff:ff
inet 192.168.10.101/24 brd 192.168.10.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.10.172/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::fc95:68f1:8f59:7f55/64 scope link noprefixroute
valid_lft forever preferred_lft forever配置从调度器
从调度器keepalived安装
cpp
[root@localhost ~]# systemctl stop NetworkManager
[root@localhost ~]# setenforce 0
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# yum -y install keepalived ipvsadm
[root@localhost ~]# systemctl enable keepalived从调度器keepalived的配置
cpp
[root@localhost ~]# cd /etc/keepalived/
[root@localhost keepalived]# cp keepalived.conf keepalived.conf.bak
[root@localhost keepalived]# vi keepalived.conf
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
#vrrp_strict
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_02
}
vrrp_instance VI_1 {
state BACKUP //热备状态,BACKUP表示从服务器
interface ens33
virtual_router_id 51
priority 99 //从服务器的优先级要低于主服务器
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.10.172
}
}
virtual_server 192.168.10.172 80 {
delay_loop 6
lb_algo rr
lb_kind DR
nat_mask 255.255.255.0
! persistence_timeout 50
protocol TCP
real_server 192.168.10.101 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.10.102 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}从服务器内核参数的配置
cpp
[root@localhost ~]# vi /etc/sysctl.conf
在末尾添加:
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
[root@localhost ~]# sysctl -p开启从服务器的keepalived服务
cpp
[root@localhost keepalived]# systemctl start keepalived服务器池配置
两个web服务器节点配置
(1)网络配置
cpp
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0
[root@localhost network-scripts]# vi ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.10.172
NETMASK=255.255.255.255
ONBOOT=yes
[root@localhost network-scripts]# systemctl restrt network
[root@localhost network-scripts]# vi /etc/rc.local
route add -host 192.168.10.172 dev lo:0
[root@localhost ~]# route add -host 192.168.10.172 dev lo:0(2)httpd服务安装
cpp
[root@localhost ~]# yum -y install httpd
[root@localhost ~]# vim /var/www/html/index.html
test web1 //两个web节点服务器要看出差别即可
test web2(3)内核参数设置
cpp
(3)内核参数的设置
[root@localhost ~]# vi /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2(4)启动httpd服务
cpp
[root@localhost ~]# systemctl start httpd测试LVS+Keepalived高可用性
在客户端使用脚本测试
cpp
[root@localhost ~]# for i in $(seq 10); do curl 192.168.10.172 ;done
test web01
test web02
test web01
test web02
test web01