Keepalived简述
简介:keepalived 是vrrp协议的软件实现,为了高可用ipvs服务。
功能:
1.基于vrrp协议完成地址流动
2.为vip地址所在的节点生成ipvs规则(在配置文件中预先定义)
3.为ipvs集群的各RS做健康状态检测
4.基于脚本调用接口完成脚本中定义的功能,进而影响集群事务,以此支持nginx、haproxy等服务
实验环境
ka1:172.25.254.10
ka2:172.25.254.20
realserver1:172.25.254.110
realserver2:172.25.254.120
注:1.各节点时间必须同步:ntp, chrony
2.关闭防火墙及SELinux
Keepalived实战
keepalived虚拟路由管理
realserver
在ka1访问
在ka1和ka2中安装
yum install keepalived -y
rpm -ql keepalived
ka1
vim /etc/keepalived/keepalived.conf
上传到ka2
scp /etc/keepalived/keepalived.conf root@172.25.254.20:/etc/keepalived/keepalived.conf
ka2
通信及日志
开启通信功能
在ka1和ka2中:vim /etc/keepalived/keepalived.conf
独立日志
编写日志类型
vim /etc/sysconfig/keepalived
指定采集方法
重启服务
实现独立子配置文件
ka1和ka2
mkdir -p /etc/keepalived/conf.d
vim /etc/keepalived/conf.d/conf.d/172.25.254.100.conf
编辑 vim /etc/keepalived/keepalived.conf
非抢占和延迟抢占
非抢占模式
ka1
ka2
延时抢占模式
ka1
ka2
测试
ka1主机上先关闭服务,再开启服务,此时VIP不会立即出现
5s后VIP出现
VIP单播配置
ka1
ka2
ka1出现VIP
抓包
tcpdump -i eth0 -nn src host 172.25.254.10 and dst 172.25.254.20
在ka2开启VIP,抓包
通知脚本配置
ka1和ka2
yum install mailx -y
在QQ邮箱生产授权码
对qq邮箱配置 vim /etc/mail.rc
发送测试邮件
echo cici |mail -s test 1835534947@qq.com
邮件通知
在两台ka主机上配置
vim /etc/keepalived/mail.sh
加权限
chmod +x /etc/keepalived/mail.sh
编辑配置文件
测试
实现master双主架构
ka1
编辑配置文件:
作为172.25.254.200的备份
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 200
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:2
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
ka2
编辑配置文件
作为172.25.254.200的MASTER
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 200
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:2
}
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
实现单主的LVS-DR模式
rsl
[root@realserver1 ~]# echo RS1 - 172.25.254.110 > /var/www/html/index.html
[root@realserver1 ~]# ip a a 172.25.254.100/32 dev lo
[root@realserver1 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@realserver1 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@realserver1 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
rs2
[root@realserver2 ~]# echo RS2 - 172.25.254.120 > /var/www/html/index.html
[root@realserver2 ~]# ip a a 172.25.254.100/32 dev lo
[root@realserver2 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@realserver2 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@realserver2 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ka1和ka2
yum install ipvsadm -y 下载ipvsadm服务
编辑 vim /etc/keepalived/keepalived.conf 补充以下信息
real_server 172.25.254.110 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.25.254.120 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
查看信息
测试
利用脚本实现主从角色切换
ka1
[root@ka1 ~]# vim /etc/keepalived/test.sh
[root@ka1 ~]# chmod +x /etc/keepalived/test.sh
[root@ka1 ~]# cat /etc/keepalived/test.sh
#!/bin/bash
[ ! -f /mnt/qin ]
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
测试
重启keepalived服务,如果存在 /mnt/qin 文件的话,ka1的172.25.254.100虚拟IP将被ka2抢占。
实现haproxy高可用
ka1和ka2
安装haproxy服务,并实现haproxy配置
在ka1和ka2中启用内核参数(本地没有IP也能正常启动)
[root@ka2 ~]# vim /etc/sysctl.conf
[root@ka2 ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
在ka1中编写脚本
[root@ka1 ~]# vim /etc/keepalived/test.sh
[root@ka1 ~]# cat /etc/keepalived/test.sh
#!/bin/bash
killall -0 haproxy
[root@ka1 ~]# chmod +x /etc/keepalived/test.sh
配置keepalived服务
rs1和rs2
[root@realserver1 ~]# echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@realserver1 ~]# echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@realserver1 ~]# echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
[root@realserver1 ~]# echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@realserver1 ~]# sysctl -p
测试
systemctl stop haproxy.service