目录
实现 master/master 的 Keepalived 双主架构
介绍
定义
keepalived 是一款基于 VRRP(Virtual Router Redundancy Protocol,虚拟路由冗余协议)协议来实现高可用(High Availability, HA)的轻量级软件。它主要用于防止单点故障,特别是在 Linux 环境下,为 LVS(Linux Virtual Server,Linux 虚拟服务器)集群和其他服务提供高可用性和故障转移功能。虽然它最初是为 LVS 设计的,但现在也被广泛用于其他需要高可用性的场景,比如 MySQL 数据库集群、Nginx 负载均衡器等。
工作原理
keepalived 在集群中通常部署为一对或多对主备服务器。每个 keepalived 实例都会运行 VRRP 协议,并通过组播(Multicast)或单播(Unicast)方式与其他实例通信。主服务器定期发送 VRRP 广告包,通知其他备份服务器其状态。如果备份服务器在一定时间内没有收到主服务器的广告包,它会认为主服务器已经故障,并接管虚拟 IP 和服务。
VRRP
VRRP(Virtual Router Redundancy Protocol,虚拟路由器冗余协议)是一种由IETF(Internet Engineering Task Force,互联网工程任务组)提出的路由协议,旨在解决局域网中配置静态网关时可能出现的单点失效问题。该协议于1998年推出。同时vrrp协议的软件实现,原生设计目的为了高可用 ipvs服务。
官网地址:http://keepalived.org/
功能作用
1.基于vrrp协议完成地址流动
2.为vip地址所在的节点生成ipvs规则(在配置文件中预先定义)
3.为ipvs集群的各RS做健康状态检测
4.基于脚本调用接口完成脚本中定义的功能,进而影响集群事务,以此支持nginx、haproxy等服务
VRRP运行原理
1.选举机制:VRRP协议通过选举机制确定哪台路由器成为Master路由器。选举基于路由器的优先级,优先级高的路由器成为Master。如果优先级相同,则比较接口IP地址,IP地址大的成为Master。
2.状态维持:Master路由器定期发送VRRP通告报文,通知备份组内的其他路由器自己工作正常。Backup路由器则启动定时器等待通告报文的到来,并根据收到的通告报文判断Master路由器的状态。
3.故障转移:如果Backup路由器在定时器超时后仍未收到Master路由器的VRRP通告报文,则认为Master路由器已经无法正常工作,此时Backup路由器将升级为主路由器,并对外发送VRRP通告报文,接管数据转发任务。
keepalived模块
1.core模块:KEEPALIVED的核心模块,负责主进程的启动、维护以及全局配置文件的加载和解析。
2.check模块:负责健康检查,包括各种常见的检查方式,如ICMP、TCP端口状态、HTTP GET等,以确保集群中各节点的正常运行。
3.vrrp模块:实现VRRP协议的关键模块,负责虚拟路由器的选举、状态维护和报文发送等工作。
keepalived的环境准备
keepalived的安装与基本配置
安装keepalived
dnf install keepalived -y
systemctl start keepalived/etc/keepalived/keepalived.conf ————配置文件
man keepalived.conf ————查看手册
名称 | IP |
ka1.exam.com | 172.25.254.10 |
ka2.exam.com | 172.25.254.20 |
realserver1.exam.com | 172.25.254.110 |
realserver2.exam.com | 172.25.254.120 |
vip | 172.25.254.100 |
配置vip和keepalived架构
ka1和ka2配置
ka1
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
2546061269@qq.com
}
notification_email_from keepalived@exam.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1.exam.org
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
ka2vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
2546061269@qq.com
}
notification_email_from keepalived@exam.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka2.exam.org
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}测试
tcpdump -i eth0 -nn host 224.0.0.18
启动keepalived日志功能
vim /etc/sysconfig/keepalived
KEEPALIVED_OPTIONS="-D -S 6"
systemctl restart keepalived.service
vim /etc/rsyslog.conf
local6.* /var/log/keepalived.log
systemctl restart keepalived.service rsyslog.service
tail -f /var/log/keepalived.log
实现独立的子配置文件
vim /etc/keepalived/keepalived.conf
include "/etc/keepalived/conf.d/*.conf"
[root@ka1 ~]# mkdir -p /etc/keepalived/conf.d
[root@ka1 ~]# vim /etc/keepalived/conf.d/172.25.254.100.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
systemctl restart rsyslog.service注意:重启keepalived,发现vip还在,服务也正常启动
抢占模式和非抢占模式
抢占模式
抢占模式(系统默认是抢占)不需要配置,即当高优先级的主机恢复在线后,会抢占低先级的主机的master角色, 这样会使vip在KA主机中来回漂移,造成网络抖动,建议设置为非抢占模式 nopreempt ,即高优先级主机恢复后,并不会抢占低优先级主机的master角色 非抢占模块下,如果原主机down机, VIP迁移至的新主机, 后续也发生down时,仍会将VIP迁移回原主机。。
抢占延迟模式,即优先级高的主机恢复后,不会立即抢回VIP,而是延迟一段时间(默认300s)再抢回VIP。
[root@ka1-10 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP #KA1设置为BACKUP模式
interface eth0
virtual_router_id 20 #同一个路由
priority 100 #高优先级
advert_int 1
preempt_delay 10s #抢占延迟10s
#宕机修好后延迟10s后再抢占
#测试:10s后看是否IP过来
[root@localhost ~]# ifconfig
eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:40:b6:df txqueuelen 1000 (Ethernet)
非抢占模式
认为抢占模式preempt,即当高优先级的主机恢复在线后,会抢占低先级的主机的master角色,
这样会使vip在KA主机中来回漂移,造成网络抖动。
==建议设置为非抢占模式 nopreempt ==,即高优先级主机恢复后,并不会抢占低优先级主机的master角色非抢占模块下,如果原主机down机, VIP迁移至的新主机, 后续也发生down时,仍会将VIP迁移回原主机。[root@ka1-10 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP #KA1设置为BACKUP模式
interface eth0
virtual_router_id 20 #同一个路由
priority 100 #高优先级
advert_int 1
nopreempt #非抢占模式
[root@ka2-20 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP #KA1设置为BACKUP模式
interface eth0
virtual_router_id 20 #同一个路由
priority 80 #低优先级
advert_int 1
nopreempt #非抢占模式
用处:一个宕机后另一个工作;宕机修好后不会直接抢去工作;而是等另一个宕机再接管工作
VIP单播配置
默认keepalived主机之间利用多播相互通告消息,会造成网络拥塞,可以替换成单播,减少网络流量。
unicast_src_ip <IPADDR> #指定发送单播的源IP
unicast_peer {
<IPADDR> #指定接收单播的对方目标主机IP
}ka1
global_defs {
notification_email {
2546061269@qq.com
}
notification_email_from keepalived@gxx.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1.gxx.org
vrrp_skip_check_adv_addr
#vrrp_strict #此条是需要注释掉的
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev ens33 label ens33:1
}
unicast_src_ip 172.25.254.10 #本机IP
unicast_peer {
172.25.254.20 #指向对方主机IP
#如果有多个keepalived,再加其它节点的IP
}
}ka2
global_defs {
notification_email {
2546061269@qq.com
}
notification_email_from keepalived@gxx.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka2.gxx.org
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 100
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev ens33 label ens33:1
}
unicast_src_ip 172.25.254.20 #本机ip
unicast_peer {
172.25.254.10 #对端主机IP
}
}
Keepalived 通知脚本配置
当keepalived的状态变化时,可以自动触发脚本的执行,比如:发邮件通知用户
默认以用户keepalived_script身份执行脚本
如果此用户不存在,以root执行脚本可以用下面指令指定脚本执行用户的身份
[root@KA1 ~]# yum install mailx -y
[root@KA1 ~]# vim /etc/mail.rc
set from=2546061269@qq.com
set smtp=smtp.qq.com
set smtp-auth-user=2546061269@qq.com
set smtp-auth-password=isjatjwmcxtxbefj
set smtp-auth=login
set ssl-verify=ignore
echo test message | mail -s test 2546061269@qq.com——确认发送成功
成功后编辑ka1与ka2
vim /etc/keepalived/mail.sh
#!/bin/bash
mail_dest='2546061269@qq.com'
mail_send()
{
mail_subj="$HOSTNAME to be $1 vip 转移"
mail_mess="`date +%F\ %T`: vrrp 转移,$HOSTNAME 变为 $1"
echo "$mail_mess" | mail -s "$mail_subj" $mail_dest
}
case $1 in
master)
mail_send master
;;
backup)
mail_send backup
;;
fault)
mail_send fault
;;
*)
exit 1
;;
esac在/etc/keepalived/keepalived.conf配置文件中调用
notify_master "/etc/keepalived/mail.sh master"
notify_backup "/etc/keepalived/mail.sh backup"
notify_fault "/etc/keepalived/mail.sh fault"
实现 master/master 的 Keepalived 双主架构
master/slave的单主架构,同一时间只有一个Keepalived对外提供服务,此主机繁忙,而另一台主机却很空闲,利用率低下,可以使用master/master的双主架构,解决此问题。
master/master 的双主架构:
即将两个或以上VIP分别运行在不同的keepalived服务器,以实现服务器并行提供web访问的目的,提高 服务器资源利用率
(ka1主机和ka2主机都要配置,都需要添加一个VRRP(虚拟路由冗余协议)实例的配置模块。)[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
vrrp_ipsets keepalived
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 200
priority 80
advert_int 1
vrrp_ipsets keepalived
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:2
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
}
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
}
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 200
priority 100
advert_int 1
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:2
}
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
}
}测试
[root@ka1 ~]# ifconfig
eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:85:2b:17 txqueuelen 1000 (Ethernet)
[root@ka2 ~]# ifconfig
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.200 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:40:b6:df txqueuelen 1000 (Ethernet)
keepalived实现IPVS的高可用性
实现单主的 LVS-DR 模式
ealserver1和realserver2主机准备web服务器并使用脚本绑定VIP至web服务器lo网卡
[root@realserver1 ~]# ip a a172.25.254.100 dev lo
[root@realserver1 ~]# vim /etc/sysctl.d/arp.conf
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.lo.arp_ignore=1
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.lo.arp_announce=2
[root@realserver1 ~]# sysctl --system
[root@realserver2 ~]# ip a a172.25.254.100 dev lo
[root@realserver2 ~]# vim /etc/sysctl.d/arp.conf
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.lo.arp_ignore=1
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.lo.arp_announce=2
[root@realserver2 ~]# sysctl --system
ka1主机和ka2主机配置keepalived服务
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
virtual_server 172.25.254.100 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
#persistence_timeout 50
protocol TCP
real_server 172.25.254.110 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 2
delay_before_retry 2
}
}
real_server 172.25.254.120 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 2
delay_before_retry 2
}
}
}
[root@ka1 ~]# systemctl restart keepalived.service
[root@ka1 ~]# ipvsadm -Ln ————配置完之后重启使用查看