keepalived

已于 2024-08-18 10:41:05 修改
阅读量484 收藏 14
点赞数 11
文章标签: linux 运维
于 2024-08-17 17:41:31 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/Dream_of_falling/article/details/141283479
版权

一、高可用集群keepalived

解决问题:可以实现当lvs即挂了以后,架构依然可用,客户端依然能够连接到服务器

1.1 集群类型

LB:Load Balance 负载均衡

​ LVS/HAProxy/nginx(http/upstream, stream/upstream)

HA:High Availability 高可用集群

​ 数据库、Redis

SPoF: Single Point of Failure,解决单点故障

​ HPC:High Performance Computing 高性能集群

1.2 系统可用性

SLA:Service-Level Agreement 服务等级协议(提供服务的企业与客户之间就服务的品质、水准、性能 等方面所达成的双方共同认可的协议或契约)

A = MTBF / (MTBF+MTTR)

例如:99.95%:(60X24X30)X(1-0.9995)=21.6分钟 #一般按一个月停机时间统计

指标 :99.9%, 99.99%, 99.999%,99.9999%

计算结果越大,越可用

1.3 实现高可用

提升系统高用性的解决方案:降低MTTR- Mean Time To Repair(平均故障时间) 解决方案:建立冗余机制

  • active/passive 主/备
  • active/active 双主
  • active --> HEARTBEAT --> passive
  • active <–> HEARTBEAT <–> active

1.4 vrrp

思路:虚拟一个网关,让终端连接这个虚拟网关。同时真实的路由器会竞争这个虚拟网关的身份,竞争成功则成为主网关,竞争失败则成为从网关,当主网关挂了以后,从网关就会晋升为主网关,从而实现备份效果。

二、keepalived部署

vrrp协议的软件设计,原生设计目的为了高可用 ipvs服务

支持nginx、haproxy等服务

官网: http://keepalived.org/

在这里插入图片描述

2.1 环境准备

四台:linux7,一个网卡,net模式

KA1:172.25.254.10

KA2:172.25.254.20

realserver1:172.25.254.110

realserver2:172.25.254.120

VIP:172.25.254.100

realserver1

[root@realserver1 ~]# vmset.sh eth0 172.25.254.110 realserver1.timinglee.org

realserver2

[root@realserver2 ~]# vmset.sh eth0 172.25.254.120 realserver.timinglee.org

KA1

[root@ka1 ~]# vmset.sh eth0 172.25.254.10 ka1.timinglee.org

KA1

[root@ka2 ~]# vmset.sh eth0 172.25.254.20 ka2.timinglee.org

ALL

查看selinux状态

[root@local ~]# getenforce
Disabled

查看防火墙状态—确认为防火墙关闭

[root@ka1 ~]# systemctl status firewalld
● firewalld.service
Loaded: masked (/dev/null; bad)
Active: inactive (dead)

realserver1

下载httpd

[root@realserver1 ~]# yum install httpd -y

在静态网页中写入172.25.254.110

[root@realserver1 ~]# echo 172.25.254.110 > /var/www/html/index.html

设置为开机自启动

[root@realserver1 ~]# systemctl enable --now httpd

realserver2

下载httpd

[root@realserver2 ~]# yum install httpd -y

在静态网页中写入172.25.254.120

[root@realserver2 ~]# echo 172.25.254.120 > /var/www/html/index.html

设置为开机自启动

[root@realserver2 ~]# systemctl enable --now httpd

2.2 keepalived配置

配置文件:/etc/keepalived/keepalived.conf

配置文件组成

GLOBAL CONFIGURATION

​ Global definitions: 定义邮件配置,route_id,vrrp配置,多播地址等

VRRP CONFIGURATION

​ VRRP instance(s): 定义每个vrrp虚拟路由器

LVS CONFIGURATION

​ Virtual server group(s)

​ Virtual server(s): LVS集群的VS和RS

KA1

安装keepalived

[root@ka1 ~]# yum install keepalived -y

全局配置—修改发送警报邮件的邮箱

[root@ka1 ~]# vim /etc/keepalived/keepalived.conf

global_defs {
   notification_email {
     1540509690@qq.com
   }
   notification_email_from keepalived@timinglee.org
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id ka1.timinglee.org
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
   vrrp_mcast_group4 224.0.0.18
}

配置vrrp

[root@ka1 ~]# vim /etc/keepalived/keepalived.conf

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 100
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.25.254.100/24 dev eth0 label eth0:1
    }
}

开机自启动keepalived

[root@ka1 ~]# systemctl enable --now keepalived.service

传递配置给ka2

[root@ka1 ~]# scp /etc/keepalived/keepalived.conf root@172.25.254.20:/etc/keepalived/keepalived.conf

The authenticity of host '172.25.254.20 (172.25.254.20)' can't be established.
ECDSA key fingerprint is SHA256:E3qE8JvU9z/9Q6iQNWX4FB2C7Of1r+MKoHRNklKH9ow.
ECDSA key fingerprint is MD5:26:47:a1:e9:a2:08:3a:f9:fa:eb:2d:a8:99:11:bf:6b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.25.254.20' (ECDSA) to the list of known hosts.
root@172.25.254.20's password:
keepalived.conf                                        100% 3552     3.9MB/s   00:00

测试

[root@ka1 ~]# tcpdump -i eth0 -nn host 224.0.0.18

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
20:31:10.631725 IP 172.25.254.10 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
20:31:11.632742 IP 172.25.254.10 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20

KA2

安装keepalived

[root@ka2 ~]# yum install keepalived -y

全局配置

[root@ka2 ~]# vim /etc/keepalived/keepalived.conf

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 100
    priority 80
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.25.254.100/24 dev eth0 label eth0:1
    }
}

[root@ka2 ~]# systemctl enable --now keepalived.service

测试

realserver1

远程登录ka1

[root@realserver1 ~]# ssh -l root 172.25.254.10

The authenticity of host '172.25.254.10 (172.25.254.10)' can't be established.
ECDSA key fingerprint is SHA256:E3qE8JvU9z/9Q6iQNWX4FB2C7Of1r+MKoHRNklKH9ow.
ECDSA key fingerprint is MD5:26:47:a1:e9:a2:08:3a:f9:fa:eb:2d:a8:99:11:bf:6b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.25.254.10' (ECDSA) to the list of known hosts.
root@172.25.254.10's password:
Last login: Sun Aug 11 19:28:30 2024 from 172.25.254.1

在realserver1机上远程登陆ka1,关闭服务,模拟ka1的keepalived服务故障

[root@ka1 ~]# systemctl stop keepalived.service

在ka1机上检查

[root@ka1 ~]# tcpdump -i eth0 -nn host 224.0.0.18

20:32:37.737668 IP 172.25.254.10 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
20:32:38.129269 IP 172.25.254.10 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 0, authtype simple, intvl 1s, length 20
20:32:38.817522 IP 172.25.254.20 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 80, authtype simple, intvl 1s, length 20
20:32:39.819082 IP 172.25.254.20 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 80, authtype simple, intvl 1s, length 20

# ka1挂了以后,ka2无缝衔接

在realserver1机上恢复ka1的keepalived服务

[root@ka1 ~]# systemctl start keepalived.service

在ka1机上检查

[root@ka1 ~]# tcpdump -i eth0 -nn host 224.0.0.18

20:32:55.827526 IP 172.25.254.20 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 80, authtype simple, intvl 1s, length 20
20:32:56.828071 IP 172.25.254.20 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 80, authtype simple, intvl 1s, length 20
20:32:56.828462 IP 172.25.254.10 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
20:32:57.829287 IP 172.25.254.10 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20

#因为为抢占模式,所以恢复为ka1的服务

2.3 keepalived’开启通信功能

linux7可以使用,linux9不可以

在全局里面添加该参数,允许vip可以通信

ka1

[root@ka1 ~]# vim /etc/keepalived/keepalived.conf

global_defs {
   notification_email {
     1540509690@qq.com
   }
   notification_email_from keepalived@timinglee.org
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id ka1.timinglee.org
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
   vrrp_mcast_group4 224.0.0.18
   vrrp_iptables
}

[root@ka1 ~]# systemctl restart keepalived.service

ka2

[root@ka2 ~]# vim /etc/keepalived/keepalived.conf

global_defs {
   notification_email {
     1540509690@qq.com
   }
   notification_email_from keepalived@timinglee.org
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id ka1.timinglee.org
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
   vrrp_mcast_group4 224.0.0.18
   vrrp_iptables
}

[root@ka2 ~]# systemctl restart keepalived.service

测试

[root@realserver1 ~]# ping 172.25.254.100

PING 172.25.254.100 (172.25.254.100) 56(84) bytes of data.
64 bytes from 172.25.254.100: icmp_seq=1 ttl=64 time=0.237 ms
64 bytes from 172.25.254.100: icmp_seq=2 ttl=64 time=0.583 ms

ka1

[root@ka1 ~]# vim /etc/keepalived/keepalived.conf

global_defs {
   notification_email {
     1540509690@qq.com
   }
   notification_email_from keepalived@timinglee.org
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id ka1.timinglee.org
   vrrp_skip_check_adv_addr
   #vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
   vrrp_mcast_group4 224.0.0.18
   #vrrp_iptables
}

[root@ka1 ~]# systemctl restart keepalived.service

ka2

[root@ka2 ~]# vim /etc/keepalived/keepalived.conf

global_defs {
   notification_email {
     1540509690@qq.com
   }
   notification_email_from keepalived@timinglee.org
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id ka1.timinglee.org
   vrrp_skip_check_adv_addr
   #vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
   vrrp_mcast_group4 224.0.0.18
   #vrrp_iptables
}

[root@ka2 ~]# systemctl restart keepalived.service

测试

[root@realserver1 ~]# ping 172.25.254.100

PING 172.25.254.100 (172.25.254.100) 56(84) bytes of data.
64 bytes from 172.25.254.100: icmp_seq=1 ttl=64 time=0.237 ms
64 bytes from 172.25.254.100: icmp_seq=2 ttl=64 time=0.583 ms

2.4 keepalived配置独立日志

ka1

[root@ka1 ~]# vim /etc/sysconfig/keepalived

# --log-facility       -S    0-7 Set local syslog facility (default=LOG_DAEMON)
#

KEEPALIVED_OPTIONS="-D -S 6"

[root@ka1 ~]# systemctl restart keepalived.service

[root@ka1 ~]# vim /etc/rsyslog.conf

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log
local6.*                                                /var/log/keepalived.log

[root@ka1 ~]# systemctl restart rsyslog.service

[root@ka1 ~]# systemctl restart keepalived.service

测试

[root@ka1 ~]# ll /var/log/keepalived.log
-rw------- 1 root root 8168 Aug 11 21:11 /var/log/keepalived.log

2.5 keepalived配置独立子配置文件

独立子配置文件:将配置改到子配置文件中

注释以后,虚拟路由消失

ka1

[root@ka1 ~]# vim /etc/keepalived/keepalived.conf

#vrrp_instance VI_1 {
#    state MASTER
#    interface eth0
#    virtual_router_id 100
#    priority 100
#    advert_int 1
#    authentication {
#        auth_type PASS
#        auth_pass 1111
#    }
#    virtual_ipaddress {
#        172.25.254.100/24 dev eth0 label eth0:1
#    }
#}
include "/etc/keepalived/conf.d/*.conf"

[root@ka1 ~]# systemctl restart keepalived.service

# 因为找不到conf.d目录,所以报错
Job for keepalived.service failed because the control process exited with error code. See "systemctl status keepalived.service" and "journalctl -xe" for details.

[root@ka1 ~]# mkdir -p /etc/keepalived/conf.d

[root@ka1 ~]# vim /etc/keepalived/conf.d/172.25.254.100.conf

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 100
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.25.254.100/24 dev eth0 label eth0:1
    }
}

[root@ka1 ~]# systemctl restart keepalived.service

三、工作过程

3.1 抢占模式和非抢占模式、延迟抢占

抢占模式:优先级高的直接抢

非抢占模式:等优先级低的挂了在抢

延迟抢占:优先级高的在指定时间后抢占

非抢占模式配置

ka1

[root@ka1 ~]# vim /etc/keepalived/keepalived.conf

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 100
    priority 100
    advert_int 1
    nopreempt          #设置非抢占模式
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.25.254.100/24 dev eth0 label eth0:1
    }
}

#include "/etc/keepalived/conf.d/*.conf"

[root@ka1 ~]# systemctl restart keepalived.service

ka2

[root@ka2 ~]# vim /etc/keepalived/keepalived.conf

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 100
    priority 80
    advert_int 1
    nopreempt   #设置非抢占模式
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.25.254.100/24 dev eth0 label eth0:1
    }
}

[root@ka2 ~]# systemctl restart keepalived.service

测试:ka1:ip a

延迟抢占模式配置

ka1

[root@ka1 ~]# vim /etc/keepalived/keepalived.conf

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 100
    priority 100
    advert_int 1
    preempt_delay 5s   #设置延迟5s抢占
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.25.254.100/24 dev eth0 label eth0:1
    }
}

#include "/etc/keepalived/conf.d/*.conf"

[root@ka1 ~]# systemctl restart keepalived.service

ka2

[root@ka2 ~]# vim /etc/keepalived/keepalived.conf

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 100
    priority 80
    advert_int 1
    preempt_delay 5s   #设置延迟5s抢占
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.25.254.100/24 dev eth0 label eth0:1
    }
}

[root@ka2 ~]# systemctl restart keepalived.service

测试:ka1:ip a

3.2 VIP单播配置

默认keepalived主机之间利用多播相互通告消息,会造成网络拥塞,可以替换成单播,减少网络流量

组播换成单播配置

前提,两个ka机中,全局配置global_defs 中vrrp_strict参数要注释掉,因为它不支持单播

ka1

[root@ka1 ~]# vim /etc/keepalived/keepalived.conf

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 100
    priority 100
    advert_int 1
    #nopreempt
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.25.254.100/24 dev eth0 label eth0:1
    }
    unicast_src_ip 172.25.254.10
    unicast_peer {
        172.25.254.20
   }
}

#include "/etc/keepalived/conf.d/*.conf"

[root@ka1 ~]# systemctl restart keepalived.service

ka2

[root@ka2 ~]# vim /etc/keepalived/keepalived.conf

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 100
    priority 80
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.25.254.100/24 dev eth0 label eth0:1
    }
    unicast_src_ip 172.25.254.20
    unicast_peer {
          172.25.254.10
    }
}

[root@ka2 ~]# systemctl restart keepalived.service

测试

ka1和ka2同时使用该命令

[root@ka1 ~]# tcpdump -i eth0 -nn src host 172.25.254.10 and dst 172.25.254.20

[root@ka2 ~]# tcpdump -i eth0 -nn src host 172.25.254.20 and dst 172.25.254.10

终端中

[root@realserver1 ~]# ssh -l root 172.25.254.10
[root@ka1 ~]# systemctl stop keepalived.service
[root@ka1 ~]# systemctl start keepalived.service

一方获得ip地址以后,另一方就停止:ka1有结果时,ka2就无结果。当ka1挂了以后,ka2立马就有结果

四、邮件通知

让linux可以发邮件

4.1 给qq邮箱发邮件

让linux的邮件发送到qq邮箱中,前提:QQ邮箱->账户与安全->安全设置->POP3/IMAP/SMTP/Exchange/CardDAV 服务开启

ka1配置

[root@ka1 ~]# yum install mailx -y

[root@ka1 ~]# vim /etc/mail.rc

# For Linux and BSD, this should be set.
set bsdcompat
set from=1540509690@qq.com
set smtp=smtp.qq.com
set smtp-auth-user=1540509690@qq.com
set smtp-auth-password=pbqcsmebsewfbabi
set smtp-auth=login
set ssl-verify=ignore

测试

给自己的qq邮箱发邮件

[root@ka1 ~]# echo hello world | mail -s test 1540509690@qq.com
在这里插入图片描述

ka2

[root@ka2 ~]# yum install mailx -y

[root@ka2 ~]# vim /etc/mail.rc

# For Linux and BSD, this should be set.
set bsdcompat
set from=1540509690@qq.com
set smtp=smtp.qq.com
set smtp-auth-user=1540509690@qq.com
set smtp-auth-password=pbqcsmebsewfbabi
set smtp-auth=login
set ssl-verify=ignore

测试

给自己的qq邮箱发邮件

[root@ka2 ~]# echo hello world2 | mail -s test 1540509690@qq.com
在这里插入图片描述

4.2 脚本编写

ka1、2

[root@ka1 ~]# vim /etc/keepalived/mail.sh

#! /bin/bash

mail_dst="1540509690@qq.com"
send_message()
{
   mail_sub="$HOSTNAME to be $1 vip move"
   mail_msg="`date +%F\ %T`:vrrp move $HOSTNAME chage $1"
   echo $mail_msg | mail -s "$mail_sub" $mail_dst
}

case $1 in
        master)
        send_message master
        ;;
        backup)
        send_message backup
        ;;
        fault)
        send_message fault
        ;;
        *)
        ;;
esac

~

[root@ka1 ~]# chmod +x /etc/keepalived/mail.sh

[root@ka1 ~]# vim /etc/keepalived/keepalived.conf

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 100
    priority 100
    advert_int 1
    #nopreempt
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.25.254.100/24 dev eth0 label eth0:1
    }
    unicast_src_ip 172.25.254.10
    unicast_peer {
        172.25.254.20
   }
   #如下为添加的配置
   notify_master "/etc/keepalived/mail.sh master"
   notify_backup "/etc/keepalived/mail.sh backup"
   notify_fault "/etc/keepalived/mail.sh fault"

}

#include "/etc/keepalived/conf.d/*.conf"

[root@ka1 ~]# systemctl restart keepalived.service

测试

[root@ka1 ~]# /etc/keepalived/mail.sh fault

在这里插入图片描述

五、实现keepalived双主结构

给两台keepalived一台配置一个vip

配置

ka1

[root@ka1 ~]# vim /etc/keepalived/keepalived.conf

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 100
    priority 100
    advert_int 1
    #nopreempt
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.25.254.100/24 dev eth0 label eth0:1
    }
    unicast_src_ip 172.25.254.10
    unicast_peer {
        172.25.254.20
   }
}

vrrp_instance VI_2 {
    state BACKUP
    interface eth0
    virtual_router_id 200
    priority 80
    advert_int 1
    #nopreempt
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.25.254.200/24 dev eth0 label eth0:2
    }
    unicast_src_ip 172.25.254.10
    unicast_peer {
        172.25.254.20
   }
}

[root@ka1 ~]# systemctl restart keepalived.service

ka2

[root@ka2 ~]# vim /etc/keepalived/keepalived.conf

以下为两个,第一个保持不变,变更名称即可,下图为复制的

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 100
    priority 80
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.25.254.100/24 dev eth0 label eth0:1
    }
    unicast_src_ip 172.25.254.20
    unicast_peer {
          172.25.254.10
    }
}

vrrp_instance VI_2 {
    state MASTER
    interface eth0
    virtual_router_id 200
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.25.254.200/24 dev eth0 label eth0:2
    }
    unicast_src_ip 172.25.254.20
    unicast_peer {
          172.25.254.10
    }
}

[root@ka2 ~]# systemctl restart keepalived.service

六、实现ipvs的高可用性(lvs+keepalived)

6.1 虚拟·服务器配置结构

virtual_server IP port {
 	...
 real_server {
 ...
 }
 real_server {
 ...
 }
 …
 }

6.2 虚拟服务器配置

virtual_server IP port {		#VIP和PORT                
delay_loop <INT>               	#检查后端服务器的时间间隔
lb_algo rr|wrr|lc|wlc|lblc|sh|dh    #定义调度方法
lb_kind NAT|DR|TUN                  #集群的类型,注意要大写        
persistence_timeout <INT>			#持久连接时长         
protocol TCP|UDP|SCTP				#指定服务协议,一般为TCP              
sorry_server <IPADDR> <PORT>        #所有RS故障时,备用服务器地址   
real_server <IPADDR> <PORT> {       #RS的IP和PORT   
weight <INT>                        #RS权重   
notify_up <STRING>|<QUOTED-STRING>  #RS上线通知脚本   
notify_down <STRING>|<QUOTED-STRING>   #RS下线通知脚本
HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|MISC_CHECK { ... }   #定义当前主机健康状
态检测方法
}
 }
 #注意:括号必须分行写,两个括号写在同一行,如: }} 会出错

6.3 应用层检测

应用层检测:HTTP_GET|SSL_GET

HTTP_GET|SSL_GET {
 url {
 	path <URL_PATH>    #定义要监控的URL      
	status_code <INT>  #判断上述检测机制为健康状态的响应码,一般为 200      
 }
 connect_timeout <INTEGER>  #客户端请求的超时时长, 相当于haproxy的timeout server
 nb_get_retry <INT>         #重试次数
 delay_before_retry <INT>   #重试之前的延迟时长
 connect_ip <IP ADDRESS>    #向当前RS哪个IP地址发起健康状态检测请求
 connect_port <PORT>        #向当前RS的哪个PORT发起健康状态检测请求
 bindto <IP ADDRESS>        #向当前RS发出健康状态检测请求时使用的源地址
 bind_port <PORT>           #向当前RS发出健康状态检测请求时使用的源端口
}

6.4 TCP检测

传输层检测:TCP_CHECK

TCP_CHECK {					
connect_ip <IP ADDRESS>     #向当前RS的哪个IP地址发起健康状态检测请求   
connect_port <PORT>         #向当前RS的哪个PORT发起健康状态检测请求   
bindto <IP ADDRESS>         #发出健康状态检测请求时使用的源地址   
bind_port <PORT>            #发出健康状态检测请求时使用的源端口   
connect_timeout <INTEGER>   #客户端请求的超时时长
							#等于haproxy的timeout server
}

6.5 实现双主的LVS-DR模式

rs1

[root@realserver1 ~]# ip a a 172.25.254.100/32 dev lo

[root@realserver1 ~]# cd /etc/sysconfig/network-scripts/

[root@realserver1 network-scripts]# vim ifcfg-lo

DEVICE=lo
IPADDR0=127.0.0.1
NETMASK0=255.0.0.0

IPADDR1=172.25.254.100
NETMASK1=255.255.255.255

NETWORK=127.0.0.0
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
BROADCAST=127.255.255.255
ONBOOT=yes
NAME=loopback

[root@realserver1 network-scripts]# systemctl restart network

Job for network.service failed because the control process exited with error code. See "systemctl status network.service" and "journalctl -xe" for details.

删除多余网卡-ens33

[root@realserver1 network-scripts]# rm -fr ifcfg-ens33

[root@realserver1 network-scripts]# systemctl restart network

rs2

[root@realserver2 ~]# ip a a 172.25.254.100/32 dev lo

[root@realserver2 ~]# vim /etc/sysctl.d/arp.conf

net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.lo.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2

查看是否生效

[root@realserver2 ~]# sysctl --system

* Applying /usr/lib/sysctl.d/00-system.conf ...
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
kernel.yama.ptrace_scope = 0
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
kernel.kptr_restrict = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/arp.conf ...

#查看如下内容 
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
* Applying /etc/sysctl.conf ...

[root@realserver2 ~]# scp /etc/sysctl.d/arp.conf root@172.25.254.110:/etc/sysctl.d/arp.conf

The authenticity of host '172.25.254.110 (172.25.254.110)' can't be established.
ECDSA key fingerprint is SHA256:E3qE8JvU9z/9Q6iQNWX4FB2C7Of1r+MKoHRNklKH9ow.
ECDSA key fingerprint is MD5:26:47:a1:e9:a2:08:3a:f9:fa:eb:2d:a8:99:11:bf:6b.
Are you sure you want to continue connecting (yes/no)? yes  #输入yes
Warning: Permanently added '172.25.254.110' (ECDSA) to the list of known hosts.
root@172.25.254.110's password:   #输入密码
arp.conf                                               100%  127   162.7KB/s   00:00

查看结果

[root@realserver2 ~]# sysctl --system

[root@realserver2 ~]# cat /etc/sysctl.d/arp.conf

net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.lo.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2

ka1

[root@ka1 ~]# yum install ipvsadm -y

[root@ka1 ~]# vim /etc/keepalived/keepalived.conf

#include "/etc/keepalived/conf.d/*.conf"
virtual_server 172.25.254.100 80 {
    delay_loop 6
    lb_algo wrr
    lb_kind DR
    #persistence_timeout 50
    protocol TCP
#################################################################
    real_server 172.25.254.110 80 {
        weight 1
        SSL_GET {
            url {
              path /
              status_code 200
            }
            connect_timeout 3
            nb_get_retry 2
            delay_before_retry 2
        }
    }
###############################################################
    real_server 172.25.254.120 80 {
        weight 1
        SSL_GET {
            url {
              path /
              status_code 200
            }
            connect_timeout 3
            nb_get_retry 2
            delay_before_retry 2
        }
    }
#################################################################
}

[root@ka1 ~]# systemctl restart keepalived.service

在这里插入图片描述

ka2

[root@ka2 ~]# yum install ipvsadm -y

查询是否能curl 172.25.254.100

[root@ka2 ~]# curl 172.25.254.100
172.25.254.110

[root@ka2 ~]# vim /etc/keepalived/keepalived.conf

virtual_server 172.25.254.100 80{
    delay_loop 6
    lb_algo wrr
    lb_kind DR
    #persistence_timeout 50
    protocol TCP

    real_server 172.25.254.110 80 {
        weight 1
        SSL_GET {
            url {
              path /
              status_code 200
            }
            connect_timeout 3
            nb_get_retry 2
            delay_before_retry 2
        }
    }
##################################################################
    real_server 172.25.254.120 80 {
        weight 1
        SSL_GET {
            url {
              path /
              status_code 200
            }
            connect_timeout 3
            nb_get_retry 2
            delay_before_retry 2
        }
    }

}

[root@ka2 ~]# systemctl restart keepalived.service

6.6 实现其他应用的高可用性 vrrp script(haproxy+keepalived)

6.6.1 利用脚本实现主从角色切换

ka1

[root@ka1 ~]# vim /etc/keepalived/test.sh

#! /bin/bash
[ ! -f /mnt/lee ]

[root@ka1 ~]# sh /etc/keepalived/test.sh

[root@ka1 ~]# echo $?

​ 0

[root@ka1 ~]# touch /mnt/lee

[root@ka1 ~]# sh /etc/keepalived/test.sh

[root@ka1 ~]# echo $?

​ 1

[root@ka1 ~]# chmod +x /etc/keepalived/test.sh

[root@ka1 ~]# vim /etc/keepalived/keepalived.conf

vrrp_script check_file {
    script "/etc/keepalived/test.sh"
    interval 1
    weight -30
    fall 2
    rise 2
    timeout 2
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 100
    priority 100
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 100
    priority 100
    advert_int 1
    #nopreempt
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.25.254.100/24 dev eth0 label eth0:1
    }
    unicast_src_ip 172.25.254.10
    unicast_peer {
        172.25.254.20
    }
    track_script {
        check_file
    }
}

[root@ka1 ~]# systemctl restart keepalived.service

check_file后的空格删除干净

[root@ka1 ~]# ls /mnt/lee

/mnt/lee

测试

[root@ka1 ~]# tcpdump -i eth0 -nn src host 172.25.254.10 and dst host 172.25.254.20

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
01:43:30.217900 ARP, Request who-has 172.25.254.20 tell 172.25.254.10, length 28
01:43:31.218509 ARP, Request who-has 172.25.254.20 tell 172.25.254.10, length 28
01:43:32.220167 ARP, Request who-has 172.25.254.20 tell 172.25.254.10, length 28
01:43:34.222801 ARP, Request who-has 172.25.254.20 tell 172.25.254.10, length 28
01:43:35.224120 ARP, Request who-has 172.25.254.20 tell 172.25.254.10, length 28

6.6.2 haproxy+keepalived实现高可用的配置

ka1

root@ka1 ~]# yum install haproxy -y

[root@ka1 ~]# vim /etc/sysctl.conf

# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.

#For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.ip_nonlocal_bind=1

[root@ka1 ~]# sysctl -p

net.ipv4.ip_nonlocal_bind = 1

ka2

root@ka1 ~]# yum install haproxy -y

[root@ka1 ~]# vim /etc/sysctl.conf

# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.

#For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.ip_nonlocal_bind=1

[root@ka2 ~]# sysctl -p

net.ipv4.ip_nonlocal_bind = 1

ka1

[root@ka1 ~]# vim /etc/haproxy/haproxy.cfg

#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
    balance     roundrobin
    server  app1 127.0.0.1:5001 check
    server  app2 127.0.0.1:5002 check
    server  app3 127.0.0.1:5003 check
    server  app4 127.0.0.1:5004 check
listen webcluster
    bind 172.25.254.100:80
    balance roundrobin
    server web1 172.25.254.110:80 check inter 3 fall 2 rise 5
    server web2 172.25.254.120:80 check inter 3 fall 2 rise 5

[root@ka1 ~]# systemctl enable --now haproxy.service

在这里插入图片描述

Dream_of_falling
关注
  • 11
    点赞
  • 14
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
keepalived安装部署
09-30
**Keepalived安装部署详解** Keepalived是一款开源的网络和服务监控软件,它主要用于实现Linux服务器间的负载均衡和高可用性。在系统集群中,Keepalived与Nginx、HAProxy等配合使用,可以确保当主服务器出现故障时...
Keepalived
y805805的博客
04-11 1635
1、背景及相关介绍 keepalived在百度上是这样解释的: 简单介绍: Keepalived的作用是检测服务器的状态,如果有一台web服务器宕机,或工作出现故障,Keepalived将检测到,并将有故障的服务器从系统中剔除,同时使用其他服务器代替该服务器的工作,当服务器工作正常后Keepalived自动将服务器加入到服务器群中,这些工作全部自动完成,不需要人工干涉,需要人工做的只是修复故障的服务器。 他是vrrp协议的软件实现,原生设计目的为了高可用ipvs服务,大白话就是为实现ip...
Keepalived 配置详解
热门推荐
挣扎技术
03-21 1万+
一、Keepalived概述 keepalived是一个类似于layer3,4,5交换机制的软件,也就是我们平时说的第3层、第4层和第5层交换。Keepalived的作用是检测web服务器的状态,如果有一台web服务器死机,或工作出现故障,Keepalived将检测到,并将有故障的web服务器从系统中剔除,当web服务器工作正常后Keepalived自动将web服务器加入到服务器群中,这些工作全部自动完成,不需要人工干涉,需要人工做的只是修复故障的web服务器。 Layer3,4&5工作在IP/TC
Keepalived入门
青晨的歌
11-19 2148
Keepalived入门1 安装和基本操作1.1 准备1.2 安装1.3 配置1.4 启动停止2 常用配置2.1 非抢占模式2.2 密码验证2.3 监控脚本2.4 网卡监控2.5 通知脚本   Keepalived通过VRRP协议(Virtual Router Redundancy Protocol,虚拟路由器冗余协议)实现高可用功能,解决静态路由单点故障问题,保证个别节点宕机时,整个网络能不间断...
keepalived安装
tracy9171的博客
04-18 1219
keepalived安装
Keepalived 简介
weixin_43740223的博客
11-03 503
Keepalived 简介 官网: https://www.keepalived.org/index.html 什么是Keepalived Keepalived是一个用c语言编写的路由软件,这个项目的主要目标是为Linux系统和基于Linux的基础设施提供简单而健壮的负载平衡和高可用性的设施。loadbalance框架依赖于著名且广泛使用的Linux Virtual Server (IPVS)内核模块提供的第4层loadbalance。Keepalived实现了一组检查器,根据负载平衡服务器池的运行状况动态
keepalived 介绍
qq_60271706的博客
08-03 725
VRRP(Virtual Router Redundancy Protocol,虚拟路由器冗余协议)是由IETF提出的解决局域网中配置静态网关出现单点失效现象的路由协议。当两台高可用服务器在指定的时间内,无法互相检测到对方而各自启动故障转移功能,取得了资源以及服务的所有权,而此时的两台高可用服务器对都还活着并作正常运行,这样就会导致同一个服务在两端同时启动而发生冲突的严重问题,最严重的就是两台主机同时占用一个VIP的地址。
Keepalived+LVS构建高可用集群
最新发布
qq_64612585的博客
03-07 1321
Keepalive 是一种用于监视系统或服务是否处于活动状态的机制。在网络环境中,它通常指定一个周期性的信号或数据包,用于检测设备、服务或连接是否仍然处于活动状态。如果设备或服务停止响应,相应的监视器将触发警报或采取预定义的操作。VRRP 是一种用于提供冗余路由器功能的协议,通过允许多个路由器共享同一个虚拟 IP 地址来提供冗余。这样,即使其中一个路由器失效,网络流量仍然可以被另一个路由器接管,从而保证了网络的连通性和可用性。
keepalived安装包
05-26
keepalived安装包内容: keepalived-2.2.7.tar.gz keepalived-1.4.5.tar.gz keepalived-2.0.20.tar.gz keepalived-2.1.5.tar.gz
keepalived离线安装包
08-21
keepalived离线安装包详解》 在IT领域,特别是在服务器高可用性与负载均衡的解决方案中,Keepalived是一款至关重要的工具。本篇将详细介绍Keepalived 2.0.19版本的离线安装包,以及如何在没有网络连接的环境下...
keepalived-2.2.7.tar.gz
04-13
《深入理解Keepalived:基于2.2.7版本的剖析》 Keepalived是一款开源的网络服务高可用性(High Availability, HA)工具,它主要用于实现Linux环境下的负载均衡和故障切换。在这个主题中,我们将围绕keepalived-...
keepalived附件
07-29
【标题】: Keepalived详解及其配置应用 【描述】: Keepalived是一款开源的、基于LVS(Linux Virtual Server)的高可用性解决方案,它主要用于实现负载均衡和故障转移,确保服务的持续稳定运行。Keepalived通过VRRP...
keepalived依赖包和安装包.rar
07-28
标题 "keepalived依赖包和安装包.rar" 暗示了这个压缩包包含了在CentOS 7系统上安装keepalived所需的所有依赖和安装文件。Keepalived是一款开源的网络和服务监控软件,它主要用于实现高可用性(HA)集群,通过VRRP...
搭建keepalived.doc
06-06
搭建keepalived+lvs+ftpserver+tomcat;keepalived是什么 keepalived是集群管理中保证集群高可用的一个服务软件,其功能类似于heartbeat,用来防止单点故障。 keepalived工作原理 keepalived是以VRRP协议为实现基础的...
keepalived.zip
10-16
安装keepalived1.3.5版本所需rpm包以及对应的安装顺序 1. rpm -ivh net-snmp-libs-5.7.2-38.el7_6.2.x86_64.rpm 2. rpm -ivh perl-Data-Dumper-2.145-3.el7.x86_64.rpm 3. rpm -ivh ...
keepalived-2.2.7
09-16
《深入理解Keepalived-2.2.7》 Keepalived是一款开源的网络和系统守护进程,主要用于实现高可用性(HA)解决方案,确保关键服务的持续运行。其核心功能是通过Virtual Router Redundancy Protocol (VRRP) 实现负载...
keepalived-2.2.4.tar
05-29
keepalived详解及其2.2.4版安装指南》 keepalived是一款开源的网络服务高可用性(High Availability, HA)工具,主要用于实现Linux系统中的负载均衡和故障转移。它通过VRRP(Virtual Router Redundancy Protocol...
设置无标题 android
05-02
在Android应用中,设置无标题是一种简洁和美观的设计方式,可以为用户提供更流畅的使用体验。以下是一些实现设置无标题的方法: 1. 在Android的Manifest文件中,找到对应Activity的标签,并添加”android:theme="@android:style/Theme.NoTitleBar"“属性。这样可以通过Android自带的主题去掉标题栏。 2. 使用自定义的主题,可以在样式表中添加以下代码: <style name="AppTheme" parent="Theme.AppCompat.NoActionBar"> <!-- ...其他样式... --> </style> 这种方式可以通过设置主题去除ActionBar和标题栏,同时保留其他布局元素。 3. 去掉代码中的setTitle()方法,这是一种最简单的方法,通过不设置Activity的标题来实现无标题。 以上就是三种常见的实现Android无标题的方式,开发者可以根据实际需求进行选择。值得注意的是,去除标题栏可能会影响用户的导航体验,因此在设计上需要考虑周全。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值