keepalived的热备方式
Keepalived 采用 VRRP(Virtual Router Redundancy Protocol,虚拟路由冗余协议)热备份协议,以软件的方式实现Linux服务器的多机热备功能(VRRP是针对路由器的一种备份解决方案--由多台路由器组成一个热备组,通过共用的虚拟 IP地址对外提供服务)
- 专为LVS和HA设计的一款健康状态检查工具
- 支持故障自动切换(Failover)
- 支持节点健康状态检查(Health Checking)
keepalived的安装与服务
//除了安装keepalived,在 LVS 群集环境中应用时,也需要用到 ipvsadm管理工具
[root@localhost ~]# yum install y keepalived ipvsadm
//控制 Keepalived 服务;YUM 安装 keepalived 后,执行以下命令将 keepalived 服务设置为开机启动
[root@localhost ~]# systemctl enable keepalived
一、使用Keepalived双机实现热备案例
|--------|-----------|----------------|
| 服务器 | 操作系统 | 主机名/IP 地址 |
| web服务器 | CentOS7.9 | 192.168.10.101 |
| web服务器 | CentOS7.9 | 192.168.10.102 |
1:主服务器配置
//安装keepalived服务控制
[root@localhost ~]# systemctl stop NetworkManager
[root@localhost ~]# setenforce 0
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# yum -y install keepalived ipvsadm
[root@localhost ~]# systemctl enable keepalived
//配置keepalived
[root@localhost ~]# cd /etc/keepalived/
[root@localhost keepalived]# cp keepalived.conf keepalived.conf.bak
[root@localhost keepalived]# vim keepalived.conf //打开配置文件,修改几个参数
...
router_id LVS_01 //router_id用于区分设备,可以重复但不建议
# vrrp_strict //严格执行VRRP协议规范,此模式不支持节点单播,配置了此参数,vip可以漂移到这台服务器,但是ping vip不通,因此需要将此参数注释
state MASTER //将状态改为master
virtual_router_id 51 //虚拟路由id,用于划分主机到同一个热备组
virtual_ipaddress { //更改虚拟IP地址
192.168.10.172
}
...
[root@localhost keepalived]# systemctl start keepalived
[root@localhost keepalived]# ip add show dev ens33
2:备用服务器的配置
- 在同一个Keepalived 热备组内,所有服务器的 Keepalived 配置文件基本相同,包括虚拟路由器的 ID号、认证信息、漂移地址、心跳频率等
- 路由器名称(router id):建议为每个参与热备的服务器指定不同的名称
- 热备状态(state):至少应有一台主服务器,将状态设为MASTER;可以有多台备用的服务器,将状态设为 BACKUP
- 优先级(priority):数值越大则取得 VIP 控制权的优先级越高,因此主服务器的优先级应设为最高;其他备用服务器的优先级可依次递减,但不要相同,以免在争夺 VIP 控制权时发生冲突
配置备用服务器(可以有多台)时,可以参考主服务器的 keepalived.conf 配置文件内容,只需修改路由器名称、热备状态、优先级
//安装keepalived服务控制
[root@localhost ~]# systemctl stop NetworkManager
[root@localhost ~]# yum -y install keepalived
[root@localhost ~]# setenforce 0
[root@localhost ~]# systemctl stop firewalld
//配置keepalived
[root@localhost ~]# cd /etc/keepalived/
[root@localhost keepalived]# cp keepalived.conf keepalived.conf.bak
[root@localhost keepalived]# vi keepalived.conf
...
//需要和主服务器不同的地方
state BACKUP // 角色
priority 90
// Backup的优先级必须比Master低
...
[root@localhost keepalived]# systemctl start keepalived
3:测试虚拟ip的连通性
Keepalived 的日志消息保存在/var/log/messages 文件中,在测试主、备故障自动切换功能时,可以跟踪此日志文件来观察热备状态的变化
//可以先查看两个服务器地址
[root@localhost keepalived]# ip a
//安装keepalived服务控制
[root@localhost ~]# less /var/log/message
在测试过程中down掉master服务器的网络,观察结果,虚拟IP漂移到Backup主机
二、LVS+Keepalived高可用性
|-----------|-----------|----------------|
| 服务器 | 操作系统 | 主机名/IP 地址 |
| 主调度器 | CentOS7.9 | 192.168.10.101 |
| 从调度器 | CentOS7.9 | 192.168.10.102 |
| Web服务器(1) | CentOS7.9 | 192.168.10.103 |
| Web服务器(1) | CentOS7.9 | 192.168.10.104 |
| 客户端(测试机) | CentOS7.9 | 192.168.10.105 |
1:主调度器配置
(1)主服务器keepalived的安装
[root@localhost ~]# systemctl stop NetworkManager
[root@localhost ~]# setenforce 0
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# yum -y install keepalived ipvsadm
[root@localhost ~]# systemctl enable keepalived
(2)配置主服务器keepalived
[root@localhost ~]# cd /etc/keepalived/
[root@localhost keepalived]# cp keepalived.conf keepalived.conf.bak
[root@localhost keepalived]# vi keepalived.conf
...
virtual_server 192.168.10.172 80 {
delay_loop 6 # 回环延迟时间
lb_algo wrr # 调度算法
lb_kind DR # 负载均衡的工作模式
#persistence_timeout 50 会话保持时间
protocol TCP
real_server 192.168.10.103 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.10.104 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
# 剩下的内容删除
# 命令模式下:d + G
保存并退出
...
(3)主服务器内核参数的配置
[root@localhost ~]# vi /etc/sysctl.conf
在末尾添加:
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
[root@localhost ~]# sysctl -p
//开启主服务器的keepalived服务
[root@localhost keepalived]# systemctl start keepalived
[root@localhost keepalived]# ip add show dev ens33
健康状态检查的方式
- SSL_GET
- 通过SSL,GET一下网站根目录的网页文件,如果有内容,就是正常的
- TCP_CHECL
- 工作在第4层,keepalived向后端服务器发起一个tcp连接请求,如果后端服务器没有响应或超时,那么这个后端将从服务器池中移除。
- HTTP_GET
- 工作在第5层,向指定的URL执行http请求,将得到的结果用md5加密并与指定的md5值比较看是否匹配,不匹配则从服务器池中移除;此外还可以指定http返回码来判断检测是否成功。HTTP_GET可以指定多个URL用于检测,在一台服务器有多个虚拟主机的情况下使用。
- MISC_CHECK
- 用脚本来检测,脚本如果带有参数,需将脚本和参数放入双引号内,根据脚本的返回值来判断
2:从调度器配置
//从调度器keepalived安装
[root@localhost ~]# systemctl stop NetworkManager
[root@localhost ~]# setenforce 0
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# yum -y install keepalived ipvsadm
[root@localhost ~]# systemctl enable keepalived
//从调度器keepalived的配置
[root@localhost ~]# cd /etc/keepalived/
[root@localhost keepalived]# cp keepalived.conf keepalived.conf.bak
[root@localhost keepalived]# vi keepalived.conf
...
//从服务器内核参数的配置
[root@localhost ~]# vi /etc/sysctl.conf
在末尾添加:
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
[root@localhost ~]# sysctl -p
//开启从服务器的keepalived服务
[root@localhost keepalived]# systemctl start keepalived
3:服务器池配置
(1)web1网络的配置
//网络配置
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0
[root@localhost network-scripts]# vi ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.10.172
NETMASK=255.255.255.255
ONBOOT=yes
[root@localhost network-scripts]# systemctl restrt network
[root@localhost network-scripts]# vi /etc/rc.local
/sbin/route add -host 192.168.10.172 dev lo:0
[root@localhost network-scripts]# route add -host 192.168.10.172 dev lo:0
(2)httpd服务的安装
[root@localhost ~]# yum -y install httpd
[root@localhost ~]# vi /var/www/html/index.html
test web01
(3)内核参数的设置
[root@localhost ~]# vi /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
(4)开启httpd服务
[root@localhost ~]# systemctl start httpd
(2)web2服务器配置
//网络配置
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0
[root@localhost network-scripts]# vi ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.10.172
NETMASK=255.255.255.255
ONBOOT=yes
[root@localhost network-scripts]# systemctl restart network
[root@localhost network-scripts]# vi /etc/rc.local
/sbin/route add -host 192.168.10.172 dev lo:0
[root@localhost network-scripts]# route add -host 192.168.10.172 dev lo:0
(2)httpd服务的安装
[root@localhost ~]# yum -y install httpd
[root@localhost ~]# vi /var/www/html/index.html
test web02
(3)内核参数的设置
[root@localhost ~]# vi /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
(4)开启httpd服务
[root@localhost ~]# systemctl start httpd
4:模拟故障
//先访问
[root@localhost ~]# curl 192.168.10.172
test web02
//把主服务器暂停,再测试,可以看到在几秒后, 服务可以正常访问,实现高可用(主调度器和备调度器之间切换Master和VIP)
//在启动主服务器,使用ipvsadm -ln查看创建出对应的LVS策略
[root@localhost ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.10.172:80 rr
-> 192.168.10.103:80 Route 1 0 0
-> 192.168.10.104:80 Route 1 0 0