vrrp 协议的软件实现,原生设计目的为了高可用 ipvs服务
官网:http://keepalived.org/
功能:
- 基于vrrp协议完成地址流动
- 为vip地址所在的节点生成ipvs规则(在配置文件中预先定义)
- 为ipvs集群的各RS做健康状态检测
- 基于脚本调用接口完成脚本中定义的功能,进而影响集群事务,以此支持nginx、haproxy等服务
环境
| 主机名 | IP地址 |
|---|---|
| KA1 | 192.168.136.10 |
| KA2 | 192.168.136.20 |
| realserver1 | 192.168.136.110 |
| realserver2 | 192.168.136.120 |
在realserver1和realserver2上配置httpd服务
[root@KA1 ~]# curl 192.168.136.110
realserver1 - 192.168.136.110
[root@KA1 ~]# curl 192.168.136.120
realserver2 192.168.136.120
配置一个简单的VIP
在KA1和KA2 安装配置KEEPALIVED
[root@KA1 ~]# yum install keepalived -y
[root@KA1 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
1581218609@qq.com
}
notification_email_from keepalived@jieyu.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1.yu1.org
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.136.100/24 dev ens33 label ens33:1
}
}
#在KA2上 修改为备份和优先级
[root@KA2 ~]# yum install keepalived -y
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 100
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.136.100/24 dev ens33 label ens33:1
}
}
测试
[root@KA1 ~]# tcpdump -i ens33 -nn host 224.0.0.18把KA1关闭
VIP飘逸到KA2上
把KA1打开 ,默认抢占模式,VIP回来了
开启VIP的通信功能
现在VIP是ping不通的
编辑配置文件,并重启 要么都写或者都不写
编写keeplaved的日志级别
vim /etc/sysconfig/keepalived
KEEPALIVED_OPTIONS="-D -S 6"
[root@KA1 ~]# vim /etc/rsyslog.conf
重启服务
[root@KA1 ~]# systemctl restart keepalived.service
[root@KA1 ~]# systemctl restart rsyslog.service 查看日志
[root@ka1 ~]#tail -f /var/log/keepalived.log独自子配置文件
建立子目录 写配置
[root@KA1 ~]# mkdir -p /etc/keepalived/conf.d/
[root@KA1 ~]# vim /etc/keepalived/conf.d/192.168.136.100.conf
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.136.100/24 dev ens33 label ens33:1
}
}在主配置中加上这一条
[root@KA1 ~]# vim /etc/keepalived/keepalived.conf
VIP同样生效
抢占模式和非抢占模式
抢占模式(系统默认是抢占)不需要配置,即当高优先级的主机恢复在线后,会抢占低先级的主机的master角色, 这样会使vip在KA主机中来回漂移,造成网络抖动,建议设置为非抢占模式 nopreempt ,即高优先级主机恢复后,并不会抢占低优先级主机的master角色 非抢占模块下,如果原主机down机, VIP迁移至的新主机, 后续也发生down时,仍会将VIP迁移回原主机
非抢占模式
抢占延时时间
VIP单播配置
注意:单播模式不支持vrrp_strict
在KA1上
在KA2上
测试
当KA1的keepalived服务关闭 VIP飘逸到KA2
Keepalived 通知脚本配置---Keepalived 状态切换的通知脚本
两台主机 都安装邮件发送工具 qq邮箱配置
[root@KA1 ~]# yum install mailx -y
[root@KA1 ~]# vim /etc/mail.rc
[root@KA1 ~]# vim /etc/keepalived/mail.sh
#!/bin/bash
mail_dst="1581218609@qq.com"
send_message()
{
mail_sub="$HOSTNAME to be $1 vip move"
mail_msg="`date +%F\ %T`: vrrp move $HOSTNAME chage $1"
echo $mail_msg | mail -s "$mail_sub" $mail_dst
}
case $1 in
master)
send_message master
;;
fault)
send_message fault
;;
*)
exit 1
;;
esac
[root@KA1 ~]# chmod +x /etc/keepalived/mail.sh vim /etc/keepalived/keepalived.conf
测试
[root@KA1 ~]# /etc/keepalived/mail.sh master
实现 master/master 的 Keepalived 双主架构
[root@KA1 ~]# vim /etc/keepalived/keepalived.conf
[root@KA2 ~]# vim /etc/keepalived/keepalived.conf
查看 现在在KA2上面
把KA2上关闭keepalived 现在VIP在KA1上了
实现IPVS的高可用性
实战案例1:实现单主的 LVS-DR 模式
realserver1上
环回lo临时配置IP
[root@realserver1 ~]# ip a a 192.168.136.100/32 dev lo
[root@realserver1 ]# vim /etc/sysctl.d/arp.conf
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.lo.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2
在realserver2上
[root@realserver2 ~]# ip a a 192.168.136.120/32 dev lo
[root@realserver1 ~]# scp /etc/sysctl.d/arp.conf root@192.168.136.120:/etc/sysctl.d/arp.conf
在KA1上
[root@KA1 ~]# yum install ipvsadm -y
virtual_server 192.168.136.100 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
#persistence_timeout 50
protocol TCP
real_server 192.168.136.110 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 2
delay_before_retry 2
}
}
real_server 192.168.136.120 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 2
delay_before_retry 2
}
}
}
测试
将KA1的keepalive关闭 VIP飘逸到了KA2上 客户端也可以正常访问,无感知错误发生
VRRP Script 配置
[root@KA1 ~]# vim /etc/keepalived/test.sh
[root@KA1 ~]# cat /etc/keepalived/test.sh
#!/bin/bash
[ ! -f "/mnt/yu" ]
[root@KA1 ~]# chmod +x /etc/keepalived/test.sh
[root@KA1 ~]# ls /mnt/
[root@KA1 ~]# sh /etc/keepalived/test.sh
[root@KA1 ~]# echo $?
0
[root@KA1 ~]# touch /mnt/yu
[root@KA1 ~]# sh /etc/keepalived/test.sh
[root@KA1 ~]# echo $?
1
在KA1和KA2上 修改配置文件
[root@KA1 ~]# vim /etc/keepalived/test.sh
#定义脚本
...省略...
vrrp_script check_file {
script "/etc/keepalived/test.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}
vrrp_instance VI_1 {
rtate MASTER
interface ens33
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.136.100/24 dev ens33 label ens33:1
}
unicast_src_ip 192.168.136.10
unicast_peer {
192.168.136.20
}
#调用脚本
track_script {
check_file
}
}
...省略...当KA1上有/mnt/yu上 VIP就飘逸到KA2上
[root@KA1 mnt]# touch /mnt/yu
实现HAProxy高可用
注意:如果要haproxy和lvs和keepalived一起用 那么两个VIP一人服务一个应用
KA1 KA2安装haproxy
KA1 KA2在配置文件中最下面添加
# vim /etc/haproxy/haproxy.cfg
listen webcluster
bind 192.168.136.100:80
mode http
balance roundrobin
server web1 192.168.136.110:80 check inter 3 fall 3 rise 5
server web2 192.168.136.120:80 check inter 3 fall 3 rise 5
在两个ka1和ka2两个节点启用内核参数
# vim /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind = 1
# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
删除刚刚在realserver1和realserver2上配置的环回IP
以及不开启arp响应
ip a d 192.168.136.100 dev lo
# vim /etc/sysctl.d/arp.conf
net.ipv4.conf.all.arp_ignore=0
net.ipv4.conf.all.arp_announce=0
net.ipv4.conf.lo.arp_ignore=0
net.ipv4.conf.lo.arp_announce=0
清空策略 并且注释掉刚刚配置的lvs
[root@KA1 ~]# ipvsadm -C
重启haproxy和keepalived 并测试
配合脚本使用
[root@KA1 ~]# vim /etc/keepalived/test.sh
#!/bin/bash
killall -0 haproxyvim /etc/keepalived/keepalived.conf
sh /etc/keepalived/test.sh
之后 VIP飘逸到了KA2
扫一扫
227
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
