目录
<5>.实现master/slave的keepalived双主架构
一.keepalived简介
二.keepalived配置
<1>.环境搭建
k1:172.25.254.10
k2:172.25.254.20
client:172.25.254.200
webserver1:172.25.254.110
webserver2:172.25.254.120
(1).webserver1和webserver2上都装httpd、写入测试文字、开启http服务
[root@webserver1 ~]# yum install httpd -y
[root@webserver1 ~]# echo 172.25.254.110 > /var/www/html/index.html
[root@webserver1 ~]# systemctl enable --now httpd.service
[root@webserver2 ~]# yum install httpd -y
[root@webserver2 ~]# echo 172.25.254.120 > /var/www/html/index.html
[root@webserver2 ~]# systemctl enable --now httpd.service
(2).k1和k2上测试
[root@k1 ~]# curl 172.25.254.110
172.25.254.110
[root@k1 ~]# curl 172.25.254.120
172.25.254.120
<2>.配置虚拟路由器
(1).开启服务,进入k1主配置文件编写代码
[root@k1 ~]# systemctl start keepalived.service
[root@k1 ~]# vim /etc/keepalived/keepalived.conf
global_defs { #定义邮件配置,route_id,vrrp配置,多播地址等
notification_email {
3283085081@qq.com #keepalived 发生故障切换时邮件发送的目标邮箱,可以按行区分写多个
}
notification_email_from keepalived@rhel7.org #发邮件的地址
smtp_server 127.0.0.1 #邮件服务器地址
smtp_connect_timeout 30 #邮件服务器连接timeout
router_id k1.rhel7.org #每个keepalived主机唯一标识
vrrp_skip_check_adv_addr #对所有通告报文都检查,会比较消耗性能
vrrp_strict #严格遵循vrrp协议
vrrp_garp_interval 0 #报文发送延迟,0表示不延迟
vrrp_gna_interval 0 #消息发送延迟
vrrp_mcast_group4 224.0.0.18 #指定组播IP地址范围
}
vrrp_instance VI_1 { #定义每个vrrp虚拟路由器
state MASTER
interface eth0 #绑定为当前虚拟路由器使用的物理接口
virtual_router_id 100 #每个虚拟路由器惟一标识,范围:0-255,每个虚拟路由器此值必须唯一
priority 100 #当前物理节点在此虚拟路由器的优先级,范围:1-254
advert_int 1 #vrrp通告的时间间隔,默认1s
authentication { #认证机制
auth_type PASS #AH为IPSEC认证(不推荐),PASS为简单密码(建议使用)
auth_pass 1111 #预共享密钥,仅前8位有效
}
virtual_ipaddress { #虚拟IP,生产环境可能指定上百个IP地址
172.25.254.100/24 dev eth0 label eth0:1
}
}
(2).开启服务,进入k2主配置文件编写代码
[root@k2 ~]# systemctl start keepalived.service
[root@k2 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
3283085081@qq.com
}
notification_email_from keepalived@rhel7.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id k2.rhel7.org
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state BACKUP #与k1不同
interface eth0
virtual_router_id 100 #相同id管理同一个虚拟路由
priority 80 #低优先级
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
(3).重启服务
[root@k2 ~]# systemctl restart keepalived.service
(4).测试
[root@k1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::20c:29ff:fe5d:d389 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:5d:d3:89 txqueuelen 1000 (Ethernet)
RX packets 5024 bytes 399854 (390.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6216 bytes 508605 (496.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:5d:d3:89 txqueuelen 1000 (Ethernet)
<3>.开启通信功能及独立日志
(1).进入配置文件编写策略并重启
[root@k1 ~]# vim /etc/keepalived/keepalived.conf
(2).开启日志功能
[root@k1 ~]# vim /etc/sysconfig/keepalived
-D
:这个选项使得 Keepalived 守护进程在前台运行,并且会打印日志到标准输出(stdout)和错误输出(stderr)。
-S 6
:这个选项用于设置 Keepalived 的日志级别。Keepalived 的日志级别范围从 0 到 7,其中 0 表示最少量的日志信息(仅错误信息),而 7 表示最详细的日志信息(包括调试信息)。
[root@k1 ~]# systemctl restart keepalived.service
(3).测试:此时vip通信开启
[root@k1 ~]# ping 172.25.254.100
PING 172.25.254.100 (172.25.254.100) 56(84) bytes of data.
64 bytes from 172.25.254.100: icmp_seq=1 ttl=64 time=0.048 ms
64 bytes from 172.25.254.100: icmp_seq=2 ttl=64 time=0.093 ms
64 bytes from 172.25.254.100: icmp_seq=3 ttl=64 time=0.066 ms
64 bytes from 172.25.254.100: icmp_seq=4 ttl=64 time=0.067 ms
(4).进入rsyslog.conf配置文件写日志路径并重启
[root@k1 ~]# vim /etc/rsyslog.conf
[root@k1 ~]# systemctl restart rsyslog.service
(5).测试:可以看到有日志生成
[root@k1 ~]# ll /var/log/keepalived.log
-rw------- 1 root root 12086 8月 12 13:29 /var/log/keepalived.log
[root@k1 ~]# tail -3 /var/log/keepalived.log
Aug 12 13:29:12 k1 Keepalived_healthcheckers[5809]: Lost quorum 1-0=1 > 0 for VS [192.168.200.100]:443
Aug 12 13:29:12 k1 Keepalived_healthcheckers[5809]: Remote SMTP server [127.0.0.1]:25 connected.
Aug 12 13:29:12 k1 Keepalived_healthcheckers[5809]: SMTP alert successfully sent.
<4>.独立子配置文件
[root@k1 ~]# mkdir -p /etc/keepalived/conf.d
[root@k1 ~]# vim /etc/keepalived/conf.d/172.25.254.100.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
(2).重启服务
[root@k1 ~]# systemctl restart keepalived.service
(3).测试:可以看到子配置文件生效了
[root@k1 ~]# ll /etc/keepalived/conf.d/172.25.254.100.conf
-rw-r--r-- 1 root root 271 8月 12 13:27 /etc/keepalived/conf.d/172.25.254.100.conf
三.企业应用示例
<1>.非抢占模式
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 100 #k1优先级高
advert_int 1
nopreempt #非抢占模式
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
<2>.延迟抢占模式
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80 #k2优先级低
advert_int 1
#nopreempt
preempt_delay 5s #指定抢占延迟时间为#s,默认延迟300s
authentication {
auth_type PASS
auth_pass 1111
}
<3>.VIP单播配置
unicast_src_ip 172.25.254.10 #指定发送单播的源IP
unicast_peer {
172.25.254.20 #指定接收单播的对方目标主机IP
} #如果有多个keepalived,再加其它节点的IP
(2).k2配置
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
}
(3).测试单播效果
vip在k1上时:
[root@k1 ~]# tcpdump -i eth0 -nn src host 172.25.254.10 and dst 172.25.254.20
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
14:53:29.157858 IP 172.25.254.10 > 172.25.254.20: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
14:53:30.159512 IP 172.25.254.10 > 172.25.254.20: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
14:53:31.161116 IP 172.25.254.10 > 172.25.254.20: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
vip在k2上时:
[root@k1 ~]# tcpdump -i eth0 -nn src host 172.25.254.20 and dst 172.25.254.10
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
15:04:39.790162 IP 172.25.254.20 > 172.25.254.10: VRRPv2, Advertisement, vrid 100, prio 80, authtype simple, intvl 1s, length 20
15:04:40.791608 IP 172.25.254.20 > 172.25.254.10: VRRPv2, Advertisement, vrid 100, prio 80, authtype simple, intvl 1s, length 20
15:04:41.792787 IP 172.25.254.20 > 172.25.254.10: VRRPv2, Advertisement, vrid 100, prio 80, authtype simple, intvl 1s, length 20
<4>.通知脚本配置
[root@k1 ~]# yum install mailx -y
(2).修改mail.rc配置文件
[root@k2 ~]# vim /etc/mail.rc
set from=3283085081@qq.com
set smtp=smtp.qq.com
set smtp-auth-user=3283085081@qq.com #邮箱账号
set smtp-auth-password=jcindwtmgqhncjdp #自己邮箱的授权码
set smtp-auth=login
set ssl-verify=ignore
(3).创建通知脚本,并添加可执行权限
[root@K1 ~]# vim /etc/keepalived/mail.sh
#!/bin/bash
mail_dst="3283085081@qq.com"
send_message()
{
mail_sub="$HOSTNAME to be $1 vip move"
mail_msg="`date +%F\ %T`: vrrp move $HOSTNAME chage $1"
echo $mail_msg | mail -s "$mail_sub" $mail_dst
}
case $1 in
master)
send_message master
;;
backup)
send_message backup
;;
fault)
send_message fault
;;
*)
;;
esac
[root@K1 ~]# chmod +x /etc/keepalived/mail.sh
(4).在 vrrp_instance VI_1语句块的末尾加下面三行,重启服务
[root@k1 ~]# vim /etc/keepalived/keepalived.conf
notify_master "/etc/keepalived/mail.sh master"
notify_backup "/etc/keepalived/mail.sh backup"
notify_fault "/etc/keepalived/mail.sh fault"
(5).测试
<5>.实现master/slave的keepalived双主架构
vrrp_instance VI_2 {
state BACKUP #备
interface eth0
virtual_router_id 200
priority 80 #优先级低
advert_int 1
#nopreempt
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:2
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
}
(2).k2配置
vrrp_instance VI_2 {
state MASTER #主
interface eth0
virtual_router_id 200
priority 100 #优先级高
advert_int 1
#nopreempt
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:2
}
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
}
}
(3).测试:可以看到两台服务器各有一个vip
<6>.实现IPVS的高可用性
(1).准备web服务器并使用脚本绑定VIP至web服务器lo网卡
[root@webserver1 ~]# ip a a 172.25.254.100/32 dev lo
(2). 使vip不对外响应,重载生效查看
[root@webserver1 ~]# vim /etc/sysctl.d/arp.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@webserver1 ~]# sysctl -p
[root@webserver1 ~]# sysctl --system
(3).k1和k2上安装ipvsadm软件
[root@k1 ~]# yum install ipvsadm -y
(4).修改k1和k2配置文件并重启服务
[root@k1 ~]# vim /etc/keepalived/keepalived.conf
virtual_server 172.25.254.100 80 { #定义虚拟主机IP地址及其端口
delay_loop 6
lb_algo wrr
lb_kind DR
protocol TCP
real_server 172.25.254.110 80 {
weight 1
HTTP_GET { #应用层监测
url {
path / #定义要监控的URL
status_code 200 #判断上述检测机制为健康状态的响应码,一般为 200
}
connect_timeout 3 #客户端请求的超时时长
nb_get_retry 2 #重试次数
delay_before_retry 2 #重试之前的延迟时长
}
}
real_server 172.25.254.120 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 2
delay_before_retry 2
}
}
}
(5).查看是否自动生成lvs策略,如果没有检查配置文件
[root@k1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.254.100:80 wrr
-> 172.25.254.110:80 Route 1 0 0
-> 172.25.254.120:80 Route 1 0 1
(6).测试:客户端访问,当K1故障时自动切换到k2,不会影响客户的体验
[root@client ~]# for i in {1..10}
> do
> curl 172.25.254.100
> done
172.25.254.120
172.25.254.110
172.25.254.120
172.25.254.110
172.25.254.120
172.25.254.110
172.25.254.120
172.25.254.110
172.25.254.120
172.25.254.110
<7>.利用脚本实现主从角色切换
[root@k1 ~]# vim /etc/keepalived/test.sh
#!/bin/bash
[ ! -f /mnt/liu ]
[root@k1 ~]# chmod +x /etc/keepalived/test.sh
(2).修改配置文件并重启服务
[root@k1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_script check_file { #定义一个检测脚本,在global_defs 之外配置
script "/etc/keepalived/test.sh" #shell命令或脚本路径
interval 1 #间隔时间,单位为秒,默认1秒
weight -30 #脚本返回值为0,权重-30
fall 2 #执行脚本连续几次都失败,则转换为失败,建议设为2以上
rise 2 #执行脚本连续几次都成功,把服务器从失败标记为成功
timeout 2 #超时时间
}
track_script { #调用脚本
check_file
}
(3).测试
此时k1上有vip
创建脚本,可以看到vip漂到了k2上
[root@k1 ~]# touch /mnt/liu
[root@k1 ~]# ls /mnt/
liu
<8>.实现haproxy的高可用性
(1).k1和k2上安装haproxy服务
[root@k1 ~]# yum install haproxy -y
(2).开启k1和k2内核路由器功能
[root@k2 ~]# vim /etc/sysctl.conf
[root@k1 ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
(3).编写haproxy.cfg配置文件并重启服务
[root@k1 ~]# vim /etc/haproxy/haproxy.cfg
listen webcluster
bind 172.25.254.100:80
mode http
balance roundrobin
server web1 172.25.254.110:80 check inter 3 fall 2 rise 5
server web2 172.25.254.120:80 check inter 3 fall 2 rise 5
[root@k1 ~]# systemctl restart haproxy.service
(4).编写监测脚本
[root@k1 ~]# vim /etc/keepalived/test.sh
#!/bin/bash
killall -0 haproxy
[root@k1 ~]# vim /etc/keepalived/keepalived.conf
(5).修改配置文件并重启服务
vrrp_script check_haproxy {
script "/etc/keepalived/test.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}
track_script {
check_haproxy
}
(6).测试:客户端访问,当一台服务器故障时自动切换到另一台服务器,不会影响客户的体验
[root@client ~]# for i in {1..10}
> do
> curl 172.25.254.100
> done
172.25.254.120
172.25.254.110
172.25.254.120
172.25.254.110
172.25.254.120
172.25.254.110
172.25.254.120
172.25.254.110
172.25.254.120
172.25.254.110