keepalived是什么
- keepalived是集群管理中保证集群高可用的一个服务软件,用来防止单点故障。
keepalived主要有三个模块
- 分别是core、check和vrrp。
- core模块为keepalived的核心,负责主进程的启动、维护以及全局配置文件的加载和解析。
- check负责健康检查,包括常见的各种检查方式。
- vrrp模块是来实现VRRP协议的。
案例1
-
环境:
- 初识keepalived,实现web服务器的高可用集群。
- Server1: 192.168.145.15
- Server2: 192.168.145.16
- VIP: 192.168.145.100 对外的虚拟ip
- 拓扑
- 注意:
- 关闭防火墙、selinux
- 配置yum源
-
server1
-
创建etc下的keepalived目录,编辑配置文件
-
yum -y install keepalived
-
vi /etc/keepalived/keepalived.conf
-
! Configuration File for keepalived global_defs { router_id 1 #设备在组中的标识,设置不一样即可 } #vrrp_script chk_nginx { #健康检查 # script "/etc/keepalived/ck_ng.sh" #检查脚本 # interval 2 #检查频率.秒 # weight -5 #priority减5 # fall 3 #失败三次 # } #高可用集群的组员设置 vrrp_instance VI_1 { #VI_1。实例名两台路由器相同。同学们要注意区分。 state MASTER #主或者从状态 interface ens33 #监控网卡 mcast_src_ip 192.168.229.11 #心跳源IP,当前主机的ip virtual_router_id 55 #虚拟路由编号,主备要一致。同学们注意区分 priority 100 #优先级 数值越大优先级越高 advert_int 1 #心跳间隔 单位是秒 authentication { #秘钥认证(1-8位) auth_type PASS auth_pass 123456 } virtual_ipaddress { #VIP 虚拟ip 192.168.229.100/24 } # track_script { #引用脚本 # chk_nginx # } } -
把当前服务器的keepalived的配置,传给另外一台服务器
-
#scp -r /etc/keepalived/keepalived.conf 192.168.145.16:/etc/keepalived/
-
systemctl enable keepalived.service
- 开机启动keepalived
-
-
安装Nginx
- rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
- yum -y install nginx
- systemctl enable nginx.service
- systemctl start nginx.service
- vi /usr/share/nginx/html/index.html
- curl -i localhost
- -i 显示目标地址返回的响应头信息
- systemctl start keepalived.service
-
-
-
server2
-
BACKUP服务器的配置需要几处修改
-
yum -y install keepalived
-
vi /etc/keepalived/keepalived.conf
-
state MASTER改为 state BACKUP mcast_src_ip 192.168.145.15改为backup服务器实际的IP mcast_src_ip 192.168.145.16 priority 100改为priority 99-
配置文件示例
-
! Configuration File for keepalived global_defs { router_id 2 } #vrrp_script chk_nginx { # script "/etc/keepalived/ck_ng.sh" # interval 2 # weight -5 # fall 3 # } vrrp_instance VI_1 { state BACKUP interface ens33 mcast_src_ip 192.168.229.12 virtual_router_id 55 priority 99 advert_int 1 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 192.168.229.100/24 } # track_script { # chk_nginx # } }
-
-
-
systemctl enable keepalived.service
-
-
安装Nginx
- rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
- yum -y install nginx
- systemctl enable nginx.service
- systemctl start nginx.service
- vi /usr/share/nginx/html/index.html
- curl -i localhost
- systemctl start keepalived.service
-
-
-
client
-
访问VIP http://192.168.145.100
-
拔掉master(server1)的网线。
 -
访问VIP http://192.168.145.100,观察网页已经切换
-
-
关于keepalived对nginx状态未知的问题
-
恢复之前的实验。启动两台主机的keepalived和nginx。确保页面访问正常。 关闭master的nginx服务 。systemctl stop nginx 继续访问VIP,请问页面是否会切换到slave呢?
-
请思考,nginx服务的状态和keepalived的关系。
-
原因是keepalived监控的是接口IP状态。无法监控nginx服务状态
-
编辑监控脚本。
-
server1
-
添加Nginx监控脚本
-
vi /etc/keepalived/ck_ng.sh
-
#!/bin/bash #检查nginx进程是否存在 counter=$(ps -C nginx --no-heading|wc -l) if [ "${counter}" = "0" ]; then #尝试启动一次nginx,停止5秒后再次检测 systemctl start nginx sleep 5 counter=$(ps -C nginx --no-heading|wc -l) if [ "${counter}" = "0" ]; then #如果启动没成功,就杀掉keepalive触发主备切换 systemctl stop keepalived fi fi
-
-
chmod +x /etc/keepalived/ck_ng.sh
-
-
-
server2
-
添加Nginx监控脚本
-
vi /etc/keepalived/ck_ng.sh
-
#!/bin/bash #检查nginx进程是否存在 counter=$(ps -C nginx --no-heading|wc -l) if [ "${counter}" = "0" ]; then #尝试启动一次nginx,停止5秒后再次检测 systemctl start nginx sleep 5 counter=$(ps -C nginx --no-heading|wc -l) if [ "${counter}" = "0" ]; then #如果启动没成功,就杀掉keepalive触发主备切换 service keepalived stop fi fi
-
-
chmod +x /etc/keepalived/ck_ng.sh
-
-
-
-
启动监控脚本
-
清除掉配置文件中的注释。
-
-
重启keepalived即可
-
-
-
nginx状态测试
- 因为脚本中有拉起nginx的语句,测试时可以将脚本文件位置进行改变。观察脚本的效果
-
案例2
-
keepalived+lvs集群
-
环境
- 192.168.145.15 dr1 负载均衡器 master
- 192.168.145.16 dr2 负载均衡器 backup
- 192.168.145.136 rs1 web1
- 192.168.145.137 rs2 web2
- 拓扑
-
1.在master上安装配置Keepalived:
- # yum install keepalived ipvsadm -y
- ipvsadm安装并不启动
- # yum install keepalived ipvsadm -y
-
2.在master上修改配置文件
-
# vim /etc/keepalived/keepalived.conf
-
! Configuration File for keepalived global_defs { router_id Director1 #两边不一样。 } vrrp_instance VI_1 { state MASTER #另外一台机器是BACKUP interface ens33 #心跳网卡 virtual_router_id 51 #虚拟路由编号,主备要一致 priority 150 #优先级 advert_int 1 #检查间隔,单位秒 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.229.100/24 dev ens33 #VIP和工作接口 } } virtual_server 192.168.229.100 80 { #LVS 配置,VIP,就是keepalived配置的对外地址 delay_loop 3 #服务论询的时间间隔,#每隔3秒检查一次real_server状态 lb_algo rr #LVS 调度算法 lb_kind DR #LVS 集群模式 protocol TCP real_server 192.168.229.13 80 { weight 1 #权重 TCP_CHECK { connect_timeout 3 #健康检查方式,连接超时时间 } } real_server 192.168.229.14 80 { weight 1 TCP_CHECK { connect_timeout 3 #设定连接超时时间为3秒 超过视为掉线 } } }
-
-
-
3.在backup上安装keepalived:
- # yum install keepalived ipvsadm -y
- ipvsadm安装并不启动
- # yum install keepalived ipvsadm -y
-
4.拷贝master上的keepalived.conf到backup上:
-
# scp 192.168.229.11:/etc/keepalived/keepalived.conf 192.168.229.12:/etc/keepalived/
-
-
5.拷贝后,修改配置文件
-
router_id Director2
-
state BACKUP
-
priority 100
-
配置示例
-
# vim /etc/keepalived/keepalived.conf
-
! Configuration File for keepalived global_defs { router_id Director2 } vrrp_instance VI_1 { state BACKUP #另外一台机器是BACKUP interface ens33 #心跳网卡 virtual_router_id 51 priority 100 #优先级 advert_int 1 #检查间隔,单位秒 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.229.100/24 dev ens33 #VIP和工作端口 } } virtual_server 192.168.229.100 80 { #LVS 配置,VIP delay_loop 3 #服务论询的时间间隔 lb_algo rr #LVS 调度算法 lb_kind DR #LVS 集群模式 protocol TCP real_server 192.168.229.13 80 { weight 1 TCP_CHECK { connect_timeout 3 } } real_server 192.168.229.14 80 { weight 1 TCP_CHECK { connect_timeout 3 } } }
-
-
-
6.master和backup上启动服务:
- #systemctl enable keepalived
- # systemctl start keepalived
- #reboot
-
7.web服务器配置
-
web1和web2同配置
-
安装web测试站点
- yum install -y httpd && systemctl start httpd && systemctl enable httpd
- netstat -antp | grep httpd
- # elinks 127.0.0.1
- vim /var/www/html/index.html
- 自定义web主页,以便观察负载均衡结果
-
配置虚拟地址
-
#cp /etc/sysconfig/network-scripts/{ifcfg-lo,ifcfg-lo:0} #vim /etc/sysconfig/network-scripts/ifcfg-lo:0 DEVICE=lo:0 IPADDR=192.168.229.100 #对外提供服务的地址 NETMASK=255.255.255.255 ONBOOT=yes 其他行注释掉
-
-
配置路由
- route add 192.168.145.100 dev lo
- 在两台机器(RS)上,添加一个路由:route add -host 192.168.145.100 dev lo 确保如果请求的目标IP是 V I P ,那么让出去的数据包的源地址也显示为 VIP,那么让出去的数据包的源地址也显示为 VIP,那么让出去的数据包的源地址也显示为VIP
-
配置ARP
-
# vim /etc/sysctl.conf
-
net.ipv4.conf.all.arp_ignore = 1 net.ipv4.conf.all.arp_announce = 2 net.ipv4.conf.default.arp_ignore = 1 net.ipv4.conf.default.arp_announce = 2 net.ipv4.conf.lo.arp_ignore = 1 net.ipv4.conf.lo.arp_announce = 2- 忽略arp请求 可以回复
-
-
-
reboot
-
-
-
8.测试:
-
1)观察lvs路由条目
-
master上 查询 # ipvsadm -Ln
-
[root@dr1 ~]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.229.100:80 rr -> 192.168.229.13:80 Route 1 0 0 -> 192.168.229.14:80 Route 1 0 0
-
-
-
2)观察vip地址在哪台机器上
-
master上 查询 # ip a
-
ens33: inet 192.168.229.11/24 brd 192.168.229.255 scope global noprefixroute ens33 inet 192.168.229.100/24 scope global secondary ens33
-
-
-
3)客户端浏览器访问vip
-
4)关闭master上的keepalived服务,再次访问vip
- master上 关闭 # systemctl stop keepalived.service
-
5)关闭web1站点服务,再次访问VIP
- web1 # systemctl stop httpd
-
