keepalived简介
Keepalived起初是为LVS设计的,专门用来监控集群系统中各个服务节点的状态,它根据TCP/IP参考模型的第三、第四层、第五层交换机制检测每个服务节点的状态,如果某个服务器节点出现异常,或者工作出现故障,Keepalived将检测到,并将出现的故障的服务器节点从集群系统中剔除,这些工作全部是自动完成的,不需要人工干涉,需要人工完成的只是修复出现故障的服务节点。
后来Keepalived又加入了VRRP的功能,VRRP(VritrualRouterRedundancyProtocol,虚拟路由冗余协议)出现的目的是解决静态路由出现的单点故障问题,通过VRRP可以实现网络不间断稳定运行,因此Keepalvied一方面具有服务器状态检测和故障隔离功能,另外一方面也有HAcluster功能。
健康检查和失败切换是keepalived的两大核心功能。所谓的健康检查,就是采用tcp三次握手,icmp请求,http请求,udp echo请求等方式对负载均衡器后面的实际的服务器(通常是承载真实业务的服务器)进行保活;而失败切换主要是应用于配置了主备模式的负载均衡器,利用VRRP维持主备负载均衡器的心跳,当主负载均衡器出现问题时,由备负载均衡器承载对应的业务,从而在最大限度上减少流量损失,并提供服务的稳定性。
架构图
相关术语
Virtual Router (虚拟路由器) : 这是一个逻辑上的概念,用于实现高可用性。在Keepalive的上下文中,虚拟路由器是一个逻辑上的路由器,它由一组物理路由器组成,通过Keepalive机制实现故障切换和负载均衡。
Virtual Router Identifier (VRID) : 用于唯一标识虚拟路由器,其值范围是0到255。这个标识符在配置Keepalive时用于区分不同的虚拟路由器实例。
Physical Router (物理路由器) : 指的是实际的物理网络设备,它们根据优先级被配置为主设备(master)和备用设备(backup)。物理路由器的配置包括优先级、心跳间隔等参数,这些参数决定了在发生故障时哪个设备将接管服务。
Virtual IP (VIP ): 虚拟IP地址,用于高可用性配置中。当主设备出现故障时,备用设备会接管并使用虚拟IP地址,从而确保服务的连续性。
Virtual MAC (VMAC): 与虚拟IP相对应,VMAC是虚拟MAC地址,用于在网络中识别虚拟路由器。VMAC地址的格式为00-00-5e-00-01-VRID,其中VRID是虚拟路由器的标识符。
Heartbeat (心跳): 在Keepalive的上下文中,心跳是指定期发送的信号,用于检测物理路由器之间的连接状态。如果一段时间内没有收到心跳信号,则认为连接已断开或设备故障。
抢占式与非抢占式: Keepalive的工作方式可以分为抢占式和非抢占式两种。抢占式意味着备用设备在条件允许的情况下会尝试接管服务,而非抢占式则只有在主设备明确地将服务转移给备用设备时,备用设备才会接管服务。
**配置认证机制:**为了防止其他设备假冒真正的Keepalive设备,配置认证机制是必要的。这包括设置密码、密钥或其他认证方式,以确保只有合法的设备能够参与Keepalive的高可用配置
keepalived部署
1,环境配置
需要四台虚拟机,一台为keepalived的主设备,一台为备份,两台为后端服务器
后端服务器需要安装好web服务,如httpd或者nginx。开启并使用
可以在他们默认的访问路径下写数据来更好的区分,可以直观的看到实验
1,在keepalived的一台主机上配置网卡
[root@keep1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=none
IPADDR=172.25.254.10
PREFIX=24
GATEWAY=172.25.254.2
DNS1=114.114.114.114
NAME=eth0
[root@keep1 ~]# nmcli connection reload
[root@keep1 ~]# nmcli connection up eth0
2,在另一台主机上
[root@keep2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=none
IPADDR=172.25.254.20
PREFIX=24
GATEWAY=172.25.254.2
DNS1=114.114.114.114
NAME=eth0
[root@keep2 ~]# nmcli connection reload
[root@keep2 ~]# nmcli connection up eth0
3,在后端server服务器上
[root@ser1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=none
IPADDR=172.25.254.110
PREFIX=24
GATEWAY=172.25.254.2
DNS1=114.114.114.114
NAME=eth0
[root@ser1 ~]# nmcli connection reload
[root@ser1 ~]# nmcli connection up eth0
4,在server上
[root@ser2~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=none
IPADDR=172.25.254.120
PREFIX=24
GATEWAY=172.25.254.2
DNS1=114.114.114.114
NAME=eth0
[root@ser2 ~]# nmcli connection reload
[root@ser2 ~]# nmcli connection up eth0
后端服务器安装web服务两台都如此
[root@ser1 ~]# yum install httpd -y
已加载插件:langpacks, product-id, search-disabled-repos,
: subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
rhel7 | 2.8 kB 00:00
(1/2): rhel7/group | 628 kB 00:00
(2/2): rhel7/primary | 2.1 MB 00:00
rhel7 5230/5230
正在解决依赖关系
--> 正在检查事务
---> 软件包 httpd.x86_64.0.2.4.6-95.el7 将被 安装
--> 正在处理依赖关系 httpd-tools = 2.4.6-95.el7,它被软件包 httpd-2.4.6-95.el7.x86_64 需要
--> 正在处理依赖关系 /etc/mime.types,它被软件包 httpd-2.4.6-95.el7.x86_64 需要
--> 正在处理依赖关系 libaprutil-1.so.0()(64bit),它被软件包 httpd-2.4.6-95.el7.x86_64 需要
--> 正在处理依赖关系 libapr-1.so.0()(64bit),它被软件包 httpd-2.4.6-95.el7.x86_64 需要
--> 正在检查事务
---> 软件包 apr.x86_64.0.1.4.8-7.el7 将被 安装
---> 软件包 apr-util.x86_64.0.1.5.2-6.el7 将被 安装
---> 软件包 httpd-tools.x86_64.0.2.4.6-95.el7 将被 安装
---> 软件包 mailcap.noarch.0.2.1.41-2.el7 将被 安装
--> 解决依赖关系完成
依赖关系解决
=============================================================
Package 架构 版本 源 大小
=============================================================
正在安装:
httpd x86_64 2.4.6-95.el7 rhel7 1.2 M
为依赖而安装:
apr x86_64 1.4.8-7.el7 rhel7 104 k
apr-util x86_64 1.5.2-6.el7 rhel7 92 k
httpd-tools x86_64 2.4.6-95.el7 rhel7 93 k
mailcap noarch 2.1.41-2.el7 rhel7 31 k
事务概要
=============================================================
安装 1 软件包 (+4 依赖软件包)
总下载量:1.5 M
安装大小:4.3 M
Downloading packages:
-------------------------------------------------------------
总计 48 MB/s | 1.5 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安装 : apr-1.4.8-7.el7.x86_64 1/5
正在安装 : apr-util-1.5.2-6.el7.x86_64 2/5
正在安装 : httpd-tools-2.4.6-95.el7.x86_64 3/5
正在安装 : mailcap-2.1.41-2.el7.noarch 4/5
正在安装 : httpd-2.4.6-95.el7.x86_64 5/5
验证中 : httpd-tools-2.4.6-95.el7.x86_64 1/5
验证中 : mailcap-2.1.41-2.el7.noarch 2/5
验证中 : apr-1.4.8-7.el7.x86_64 3/5
验证中 : httpd-2.4.6-95.el7.x86_64 4/5
验证中 : apr-util-1.5.2-6.el7.x86_64 5/5
rhel7/productid | 1.6 kB 00:00
已安装:
httpd.x86_64 0:2.4.6-95.el7
作为依赖被安装:
apr.x86_64 0:1.4.8-7.el7 apr-util.x86_64 0:1.5.2-6.el7 httpd-tools.x86_64 0:2.4.6-95.el7 mailcap.noarch 0:2.1.41-2.el7
完毕!
写数据做区分,并启用
[root@ser1 ~]# echo web-110 > /var/www/html/index.html
[root@ser1 ~]# systemctl enable --now httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
两台都写但做区分
测试
此时环境就搭建好了
2,keepalived配置
完整的keepalived的配置文件,其配置文件keepalived.conf可以包含三个文本块:全局定义块 、VRRP实例定义块 及虚拟服务器定义块。全局定义块和虚拟服务器定义块是必须的,如果在只有一个负载均衡器的场合,就不须VRRP实例定义块。
1,在主机上安装keepalived并开启
[root@keep1 ~]# yum install keepalived -y
已加载插件:langpacks, product-id, search-disabled-repos,
: subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
rhel7 | 2.8 kB 00:00
(1/2): rhel7/group | 628 kB 00:00
(2/2): rhel7/primary | 2.1 MB 00:00
rhel7 5230/5230
正在解决依赖关系
--> 正在检查事务
---> 软件包 keepalived.x86_64.0.1.3.5-19.el7 将被 安装
--> 正在处理依赖关系 libnetsnmpmibs.so.31()(64bit),它被软件包 keepalived-1.3.5-19.el7.x86_64 需要
--> 正在处理依赖关系 libnetsnmpagent.so.31()(64bit),它被软件包 keepalived-1.3.5-19.el7.x86_64 需要
--> 正在处理依赖关系 libnetsnmp.so.31()(64bit),它被软件包 keepalived-1.3.5-19.el7.x86_64 需要
--> 正在检查事务
---> 软件包 net-snmp-agent-libs.x86_64.1.5.7.2-49.el7 将被 安装
---> 软件包 net-snmp-libs.x86_64.1.5.7.2-49.el7 将被 安装
--> 解决依赖关系完成
依赖关系解决
=============================================================
Package 架构 版本 源 大小
=============================================================
正在安装:
keepalived x86_64 1.3.5-19.el7 rhel7 332 k
为依赖而安装:
net-snmp-agent-libs x86_64 1:5.7.2-49.el7 rhel7 708 k
net-snmp-libs x86_64 1:5.7.2-49.el7 rhel7 751 k
事务概要
=============================================================
安装 1 软件包 (+2 依赖软件包)
总下载量:1.7 M
安装大小:6.0 M
Downloading packages:
-------------------------------------------------------------
总计 61 MB/s | 1.7 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安装 : 1:net-snmp-libs-5.7.2-49.el7.x86_64 1/3
正在安装 : 1:net-snmp-agent-libs-5.7.2-49.el7.x86 2/3
正在安装 : keepalived-1.3.5-19.el7.x86_64 3/3
验证中 : 1:net-snmp-agent-libs-5.7.2-49.el7.x86 1/3
验证中 : keepalived-1.3.5-19.el7.x86_64 2/3
验证中 : 1:net-snmp-libs-5.7.2-49.el7.x86_64 3/3
rhel7/productid | 1.6 kB 00:00
已安装:
keepalived.x86_64 0:1.3.5-19.el7
作为依赖被安装:
net-snmp-agent-libs.x86_64 1:5.7.2-49.el7
net-snmp-libs.x86_64 1:5.7.2-49.el7
完毕!
[root@keep1 ~]# systemctl start keepalived.service
2,在编辑配置文件,并重启
[root@keep1 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
2060264640@qq.com
}
notification_email_from kee1@mm.timinglee.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id keep1.timinglee.org
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
[root@keep1 ~]# systemctl restart keepalived.service
之后用ifcnfig查看
3,在另一台主机其的配置一样,但在vrrp_instance VI_1里的配置要做修改
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
之后在组播里测试
命令
[root@keep1 ~]# tcpdump -i eth0 -nn host 224.0.0.18
路由通讯设定
但此时后端是不能ping主机上的vip的
所以要在配置文件里加上vrrp_iptables,并重启
[root@keep1 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
2060264640@qq.com
}
notification_email_from kee1@mm.timinglee.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id keep1.timinglee.org
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
vrrp_iptables
}
[root@keep1 ~]# systemctl restart keepalived.service
或者直接注释掉vrrp_strict这个参数,并重启
[root@keep1 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
2060264640@qq.com
}
notification_email_from kee1@mm.timinglee.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id keep1.timinglee.org
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
[root@keep1 ~]# systemctl restart keepalived.service
两台都做
测试
日志分离
1,在配置文件里
[root@keep1 ~]# vim /etc/sysconfig/keepalived
# Options for keepalived. See `keepalived --help' output and keepalived(8) and
# keepalived.conf(5) man pages for a list of all options. Here are the most
# common ones :
#
# --vrrp -P Only run with VRRP subsystem.
# --check -C Only run with Health-checker subsystem.
# --dont-release-vrrp -V Dont remove VRRP VIPs & VROUTEs on daemon stop.
# --dont-release-ipvs -I Dont remove IPVS topology on daemon stop.
# --dump-conf -d Dump the configuration data.
# --log-detail -D Detailed log messages.
# --log-facility -S 0-7 Set local syslog facility (default=LOG_DAEMON)
#
KEEPALIVED_OPTIONS="-D -S 6"
2,在配置文件里
[root@keep1 ~]# vim /etc/rsyslog.conf
3,重启
[root@keep1 ~]# systemctl restart keepalived.service
[root@keep1 ~]# systemctl restart rsyslog.service
独立子配置文件
当生产环境复杂时, /etc/keepalived/keepalived.conf 文件中内容过多,不易管理 将不同集群的配置,比如:不同集群的VIP配置放在独立的子配置文件中利用include 指令可以实现包含 子配置文件
1,创建文件路径,写上配置
[root@keep1 ~]# mkdir /etc/keepalived/conf.d -p
[root@keep1 ~]# vim /etc/keepalived/conf.d/100.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
2,在主配置文件里把原本的注释掉,写上路径
[root@keep1 ~]# vim /etc/keepalived/keepalived.conf
#vrrp_instance VI_1 {
# state MASTER
# interface eth0
# virtual_router_id 51
# priority 100
# advert_int 1
# authentication {
# auth_type PASS
# auth_pass 1111
# }
# virtual_ipaddress {
# 172.25.254.100/24 dev eth0 label eth0:1
# }
#}
include "/etc/keepalived/conf.d/*.conf"
之后用systemctl restart keepalived.server重启keepalived服务
抢占模式和非抢占模式,延迟模式
默认为抢占模式preempt,即当高优先级的主机恢复在线后,会抢占低先级的主机的master角色, 这样会使vip在KA主机中来回漂移,造成网络抖动, 建议设置为非抢占模式 nopreempt ,即高优先级主机恢复后,并不会抢占低优先级主机的master角色 非抢占模块下,如果原主机down机, VIP迁移至的新主机, 后续也发生down时,仍会将VIP迁移回原主机
1,抢占模式是默认的不用修改任何配置
2,非抢占模式
在主配置文件里添加参数,并重启
[root@keep1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 100
advert_int 1
nopreempt #非抢占模式
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
[root@keep1 ~]# systemctl restart keepalived.service
两台主机都要配置
测试
此时vip在keep1这台主上
现在停掉这台主机
[root@keep1 ~]# systemctl stop keepalived.service
此时vip就会来到keep2这台主机
之后重启keep1主机
[root@keep1 ~]# systemctl start keepalived.service
发现vip并不会回到优先级大的keep1主机
2,延迟模式
在主配置文件里添加参数,并重启
[root@keep1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 100
advert_int 1
# nopreempt
preempt_delay 20s #抢占延迟20秒
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
[root@keep1 ~]# systemctl restart keepalived.service
两台都要配置
VIP单播配置
在配置单播前一定不能启用vrrp_strict,启用了不能使用单播!!!
1,在主配置文件里配置,并重启
[root@keep1 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
2060264640@qq.com
}
notification_email_from kee1@mm.timinglee.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id keep1.timinglee.org
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
# vrrp_iptables
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
# nopreempt
# preempt_delay 20s #抢占延迟20秒
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
}
[root@keep1 ~]# systemctl restart keepalived.service
2,在另一台主机上
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 80
advert_int 1
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
}
}
测试
命令
[root@keep1 ~]# tcpdump -i eth0 -nn src host 172.25.254.10 and dst 172.25.254.20
结果为成功
keepalived脚本通知设定
当keepalived的状态变化时,可以自动触发脚本的执行,比如:发邮件通知用户 默认以用户keepalived_script身份执行脚本 如果此用户不存在,以root执行脚本可以用下面指令指定脚本执行用户的身份
1,在keepalived主机上,安装好mail
命令
[root@keep1 ~]# yum install mailx -y
两台都要
2,创建文件脚本,并写入参数,给可执行权限
[root@keep1 ~]# vim /etc/keepalived/mail.sh
#!/bin/bash
mail_dest='18778726271@163.com'
mail_send()
{
mail_sub="$HOSTNAME to be $1"
mail_mess="`date +%F\ %T` : vrrp $HOSTNAME $1"
echo "$mail_mess" | mail -s "$mail_sub" $mail_dest
}
case $1 in
master)
mail_send master
;;
backup)
mail_send backup
;;
fault)
mail_send fault
;;
*)
exit 1
;;
esac
[root@keep1 ~]# chmod +x /etc/keepalived/mail.sh
3,在keepalived的主配置文件里写入参数,并重启
[root@keep1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
notify_master "/etc/keepalived/mail.sh master"
notify_backup "/etc/keepalived/mail.sh backup"
notify_fault "/etc/keepalived/mail.sh fault"
}
[root@keep1 ~]# systemctl restart keepalived.service
4,在mail的配置文件里
[root@keep1 ~]# vim /etc/mail.rc
set bsdcompat
set from=18778726271@163.com
set smtp=smtp.163.com
set smtp-auth-user=18778726271@163.com
set smtp-auth-password=OCVXZJKLBYEGZZMB
set smtp-auth=login
set ssl-verify=ignore
password的来源时根据你的邮箱的stmpd里的服务来给出的
如qq邮箱
测试
[root@keep1 ~]# echo 111 message | mail -s test 18778726271@163.com
此时邮箱里就会收到一条信息
实验测试
停掉keep1的keepalived服务
[root@keep1 ~]# systemctl stop keepalived.service
此时keep1的VIP就会移到keep2
而邮箱就会收到一条信息
keepalived双主架构
master/slave的单主架构,同一时间只有一个Keepalived对外提供服务,此主机繁忙,而另一台主机却 很空闲,利用率低下,可以使用master/master的双主架构,解决此问题。 master/master 的双主架构: 即将两个或以上VIP分别运行在不同的keepalived服务器,以实现服务器并行提供web访问的目的,提高 服务器资源利用率
在keep1 的主机上,添加配置文件,并重启
添加多一个instance语句块
[root@keep1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 60
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:2
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
}
[root@keep1 ~]# systemctl restart keepalived.service
在keep2的主机上,多添加一个instance语句块,并重启
[root@keep2 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 60
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:2
}
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
}
}
[root@keep2 ~]# systemctl restart keepalived.service
此时keep1和keep2都会有一个vip,而且两台主机都相互检测,如果挂了vip可以移到另一台
ipvs设定
实现单主的lvs-dr模式
在后端的RS主机上
[root@ser110 html]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@ser110 html]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@ser110 html]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@ser110 html]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
两台都要配置
lo的IP配置
[root@ser110 ~]# ip a a 172.25.254.100/32 dev lo
两台都配
2,在keepalive主机上
安装ipvsadm
[root@keep1 ~]# yum install ipvsadm -y
已加载插件:langpacks, product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
正在解决依赖关系
--> 正在检查事务
---> 软件包 ipvsadm.x86_64.0.1.27-8.el7 将被 安装
--> 解决依赖关系完成
依赖关系解决
=========================================================================================================================================
Package 架构 版本 源 大小
=========================================================================================================================================
正在安装:
ipvsadm x86_64 1.27-8.el7 rhel7 45 k
事务概要
=========================================================================================================================================
安装 1 软件包
总下载量:45 k
安装大小:75 k
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安装 : ipvsadm-1.27-8.el7.x86_64 1/1
验证中 : ipvsadm-1.27-8.el7.x86_64 1/1
已安装:
ipvsadm.x86_64 0:1.27-8.el7
完毕!
两台都装
3,在主配置文件里,并重启
keep1主机
[root@keep1 ~]# vim /etc/keepalived/keepalived.conf
virtual_server 172.25.254.100 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
# persistence_timeout 50
protocol TCP
real_server 172.25.254.110 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.25.254.120 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@keep1 ~]# systemctl restart keepalived.service
在keep2主机
[root@keep2 ~]# vim /etc/keepalived/keepalived.conf
virtual_server 172.25.254.100 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
#persistence_timeout 50
protocol TCP
real_server 172.25.254.110 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.25.254.120 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@keep2 ~]# systemctl restart keepalived.service
测试
测试结果为成功
可以使用命令ipvsadm -Ln来查看策略
[root@keep1 ~]# ipvsadm -Ln
keepalived+haproxy+脚本配置vip高可用集群
keepalived利用 VRRP Script 技术,可以调用外部的辅助脚本进行资源监控,并根据监控的结果实现优先 动态调整,从而实现其它应用的高可用性功能
1,安装haproxy,两台都装
[root@keep1 ~]# yum install haproxy -y
已加载插件:langpacks, product-id, search-disabled-repos,
: subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
正在解决依赖关系
--> 正在检查事务
---> 软件包 haproxy.x86_64.0.1.5.18-9.el7 将被 安装
--> 解决依赖关系完成
依赖关系解决
=============================================================
Package 架构 版本 源 大小
=============================================================
正在安装:
haproxy x86_64 1.5.18-9.el7 rhel7 835 k
事务概要
=============================================================
安装 1 软件包
总下载量:835 k
安装大小:2.6 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安装 : haproxy-1.5.18-9.el7.x86_64 1/1
验证中 : haproxy-1.5.18-9.el7.x86_64 1/1
已安装:
haproxy.x86_64 0:1.5.18-9.el7
完毕!
2,在后端服务器上,还原arp和去掉vip,两台都做
[root@ser120 ~]# echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@ser120 ~]# echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@ser120 ~]# echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
[root@ser120 ~]# echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@ser110 ~]# ip a del 172.25.254.100/32 dev lo
3,在keepalived主机的haproxy的配置文件里添加参数,并重启
[root@keep1 ~]# vim /etc/haproxy/haproxy.cfg
listen web
bind 172.25.254.100:80
server web1 172.25.254.110:80 check
server web2 172.25.254.120:80 check
[root@keep1 ~]# systemctl restart haproxy.service
4,编辑内核参数
[root@keep1 ~]# vim /etc/sysctl.conf
重启
[root@keep1 ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
5,安装psmisc以启用killall,两台都装
[root@keep1 ~]# yum install psmisc -y
已加载插件:langpacks, product-id, search-disabled-repos,
: subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
正在解决依赖关系
--> 正在检查事务
---> 软件包 psmisc.x86_64.0.22.20-17.el7 将被 安装
--> 解决依赖关系完成
依赖关系解决
=============================================================
Package 架构 版本 源 大小
=============================================================
正在安装:
psmisc x86_64 22.20-17.el7 rhel7 141 k
事务概要
=============================================================
安装 1 软件包
总下载量:141 k
安装大小:475 k
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安装 : psmisc-22.20-17.el7.x86_64 1/1
验证中 : psmisc-22.20-17.el7.x86_64 1/1
已安装:
psmisc.x86_64 0:22.20-17.el7
完毕!
6,创建脚本编辑,给执行权限,两台都做
[root@keep2 ~]# vim /etc/keepalived/mm.sh
#!/bin/bash
killall -0 haproxy
[root@keep2 ~]# chmod +x /etc/keepalived/mm.sh
7,在主配置文件里,两台都做
[root@keep2 ~]# vim /etc/keepalived/keepalived.conf
注释掉之前的
#virtual_server 172.25.254.100 80 {
# delay_loop 6
# lb_algo wrr
# lb_kind DR
#persistence_timeout 50
# protocol TCP
#
# real_server 172.25.254.110 80 {
# weight 1
# HTTP_GET {
# url {
# path /
# status_code 200
# }
# connect_timeout 3
# nb_get_retry 3
## delay_before_retry 3
# }
# }
#
# real_server 172.25.254.120 80 {
# weight 1
# HTTP_GET {
# url {
# path /
# status_code 200
# }
# connect_timeout 3
# nb_get_retry 3
# delay_before_retry 3
# }
# }
#
#
#}
编辑新的
vrrp_script check {
script "/etc/keepalived/mm.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 80
advert_int 1
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
}
track_script {
check
}
}
测试
结果为成功