What is Keepalived?
Keepalived是一个基于Linux平台的高可用性解决方案,它主要提供负载均衡和故障转移功能。以下是关于Keepalived的详细解析:
一、基本概念
- 定义:Keepalived是一个轻量级别的高可用解决方案,是一个免费开源的、用C编写的类似于Layer 3、4 & 7(也有说法为Layer 3、4 & 5)交换机制的软件,它具备第3层、第4层和第7层(或第5层)交换机的功能。
- 作用:Keepalived主要用于检测服务器的状态,如果服务器宕机或工作出现故障,Keepalived将检测到,并将有故障的服务器从系统中剔除,同时使用其他服务器代替该服务器的工作。当服务器工作正常后,Keepalived会自动将服务器加入到服务器群中。
二、核心功能
- 高可用性:
- 故障转移:通过VRRP(Virtual Router Redundancy Protocol,虚拟路由冗余协议)实现多台机器之间的故障转移服务。当主服务器故障时,自动将服务切换到备份服务器,确保服务的连续性。
- 选举机制:在VRRP组中,通常有一个主服务器(Master)和一个或多个备份服务器(Backup)。主服务器负责处理所有通过虚拟IP地址的流量,而备份服务器处于待机状态。如果主服务器发生故障,备份服务器中的一个将被选举为新的主服务器。
- 负载均衡:
- Keepalived支持多种负载均衡算法,如轮询、最小连接等,可以帮助分散流量,提高服务的可用性和性能。
- 健康检查:
- Keepalived可以定期对后端服务器进行健康检查,确保只有健康的服务器参与服务。健康检查可以通过多种方式实现,如ICMP请求、TCP端口状态、HTTP GET请求等。
三、工作原理
- Layer 3(网络层):Keepalived会定期向服务器群中的服务器发送一个ICMP的数据包(类似于Ping程序),如果发现某台服务器的IP地址没有响应,Keepalived便报告这台服务器失效,并将其从服务器群中剔除。
- Layer 4(传输层):主要以TCP端口的状态来决定服务器工作正常与否。如果Keepalived检测到某个端口没有启动,则将该服务器从服务器群中剔除。
- Layer 7(应用层):对指定的URL执行HTTP GET,并使用MD5算法对HTTP GET结果进行求和。如果这个总数与预期值不符,那么测试是错误的,服务器将从服务器池中移除。
四、应用场景
Keepalived广泛应用于需要高可用性和负载均衡的业务系统,如公司内部的OA系统、电商平台、金融系统等。这些系统需要保证7×24小时不中断服务,Keepalived通过其高可用性和负载均衡功能,可以有效地提升系统的稳定性和性能。
五、配置与管理
Keepalived的配置相对简单,可以通过编写配置文件来设置和管理高可用性和负载均衡。配置文件通常包含VRRP实例的配置、健康检查的设置、负载均衡算法的选择等。
综上所述,Keepalived是一个功能强大的高可用性解决方案,它通过VRRP协议实现故障转移,支持多种负载均衡算法和健康检查方式,能够有效地提升业务系统的稳定性和性能。
Actual combat drills
Keepalived结合LVS负载均衡
1.环境配置
客户机:192.168.190.104 7-4
LVS1代理服务器 安装 Keepalived 192.168.190.100 > 7-0
LVS2代理服务器 安装 Keepalived 192.168.190.101 > 7-1 > vip 虚拟ip > 192.168.190.188
web1服务器 192.168.190.102 > 7-2
web2服务器 192.168.190.103 > 7-3
2.实操
代理服务器7-0,7-1关闭防火墙,安装ipvsadm,keepalived
[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# setenforce 0
[root@localhost ~]#yum install ipvsadm keepalived -y修改代理服务器7-0keepalived服务配置
[root@localhost ~]#cd /etc/keepalived/
[root@localhost keepalived]#cp keepalived.conf keepalived.conf.bak #备份配置文件
[root@localhost keepalived]#vim keepalived.conf
10 smtp_server 127.0.0.1
12 router_id LVS_01
14 #vrrp_strict
21 interface ens33
27 auth_pass 123123
29 virtual_ipaddress {
30 192.168.190.188
31 }
34 virtual_server 192.168.190.188 80 {
37 lb_kind DR
38 persistence_timeout 0
删除43-51行,58行往后全部删除
后端真实服务器配置如下:
real_server 192.168.190.102 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.190.103 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}加载IPVS模块、保存当前的IPVS配置,并且查看当前系统上的IPVS配置信息
[root@localhost keepalived]# modprobe ip_vs #加载 IP 虚拟服务器 (IPVS) 模块
[root@localhost keepalived]# ipvsadm-save > /etc/sysconfig/ipvsadm #将当前 IPVS 的配置保存到 /etc/sysconfig/ipvsadm 文件中
[root@localhost keepalived]# systemctl start ipvsadm.service
[root@localhost keepalived]# systemctl restart keepalived.service
[root@localhost keepalived]# ipvsadm -ln #列出当前系统上的 IPVS 配置信息
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 127.0.0.1:80 rr
TCP 192.168.190.188:80 rr
-> 192.168.190.102:80 Route 1 0 0
-> 192.168.190.103:80 Route 1 0 0 修改代理服务器7-1keepalived服务配置
192.168.190.101,7-1:
[root@localhost ~]# cd /etc/keepalived/
[root@localhost keepalived]# cp keepalived.conf keepalived.conf.bak
[root@localhost keepalived]# ls
192.168.190.100,7-0:
[root@localhost keepalived]# scp keepalived.conf 192.168.190.101:/etc/keepalived/
The authenticity of host '192.168.190.101 (192.168.190.101)' can't be established.
ECDSA key fingerprint is SHA256:aIqKteFz37bh8tOF7A07YElsVqfHgBSbxwkKXK9dfks.
ECDSA key fingerprint is MD5:9c:5a:7f:ec:d9:0c:2a:b2:9d:9e:03:77:f3:87:36:d4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.190.101' (ECDSA) to the list of known hosts.
root@192.168.190.101's password:
keepalived.conf
#远程传输配置文件
192.168.190.101,7-1:
[root@localhost keepalived]# vim keepalived.conf
12 router_id LVS_02
20 state BACKUP
23 priority 80
[root@localhost keepalived]# ipvsadm-save > /etc/sysconfig/ipvsadm
[root@localhost keepalived]# systemctl start ipvsadm.service
[root@localhost keepalived]# systemctl start keepalived.service
[root@localhost keepalived]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.190.188:80 rr
-> 192.168.190.102:80 Route 1 0 0
-> 192.168.190.103:80 Route 1 0 0 查看虚拟IP在代理服务器7-0还是7-1
web服务器7-2,7-3分别添加web文件,开启httpd服务,添加路由
192.168.190.102,7-2:
[root@localhost ~]# echo 7-2 > /var/www/html/index.html
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# ifconfig lo:0 192.168.190.188 netmask 255.255.255.255
[root@localhost ~]# vim /etc/sysctl.conf
[root@localhost ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
192.168.190.103,7-3:
[root@localhost ~]# echo 7-2 > /var/www/html/index.html
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# ifconfig lo:0 192.168.190.188 netmask 255.255.255.255
[root@localhost ~]# vim /etc/sysctl.conf
[root@localhost ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2客户端7-4访问代理服务器VIP
[root@localhost ~]# curl 192.168.190.188
7-2
[root@localhost ~]# curl 192.168.190.188
7-3
[root@localhost ~]# curl 192.168.190.188
7-2
[root@localhost ~]# curl 192.168.190.188
7-3Keepalived 的使用
1.非抢占与延时抢占
非抢占模式
两台LVS代理服务器均需要修改keepalived服务配置
[root@localhost keepalived]# vim keepalived.conf
19 vrrp_instance VI_1 {
20 state BACKUP #均改为BACKUP
21 nopreempt #添加此行
[root@localhost keepalived]# systemctl restart keepalived.service默认虚拟IP在LVS1上,修改完LVS1配置后,查看虚拟IP已转移到LVS2上
[root@localhost keepalived]# hostname -I
192.168.190.101 192.168.190.188 192.168.122.1延迟抢占
两台LVS代理服务器均需要修改keepalived服务配置
[root@localhost keepalived]# vim keepalived.conf
19 vrrp_instance VI_1 {
20 state BACKUP
21 preempt_delay 10
[root@localhost keepalived]# systemctl restart keepalived.service先前测试非抢占模式,目前虚拟IP位于LVS2上,修改LVS1实例配置,并查看延迟抢占
[root@localhost keepalived]# vim keepalived.conf
19 vrrp_instance VI_1 {
20 state BACKUP
21 preempt_delay 10 #抢占延迟模式,默认延迟300s
[root@localhost keepalived]# systemctl restart keepalived.service
[root@localhost keepalived]# hostname -I
192.168.190.100 192.168.122.1
[root@localhost keepalived]# hostname -I
192.168.190.100 192.168.122.1
[root@localhost keepalived]# hostname -I
192.168.190.100 192.168.122.1
[root@localhost keepalived]# hostname -I
192.168.190.100 192.168.190.188 192.168.122.1
[root@localhost keepalived]# hostname -I
192.168.190.100 192.168.190.188 192.168.122.1 单播与多播
修改多播
分别修改LVS1,LVS2 keepalived配置文件
[root@localhost keepalived]# vim keepalived.conf
global_defs {
vrrp_mcast_group4 234.6.6.6
[root@localhost keepalived]# systemctl restart keepalived.service修改单播
分别修改LVS1,LVS2 keepalived配置文件
LVS1,192.168.190.100:
vrrp_instance VI_1 {
……
unicast_src_ip 192.168.190.100 #本机IP,master100,backup101
unicast_peer {
192.168.190.101 #指向对方主机IP 如果有多个keepalived,再下面加其它节点的IP
}
LVS2,192.168.190.101:
vrrp_instance VI_1 {
……
unicast_src_ip 192.168.190.101
unicast_peer {
192.168.190.100
}通知脚本
编写脚本
[root@localhost opt]# vim keepalive.sh
#!/bin/bash
#
contact='num@qq.com' #qq邮箱
notify() {
mailsubject="$(hostname) to be $1, vip floating"
mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"
echo "$mailbody" | mail -s "$mailsubject" $contact
}
case $1 in
master)
notify master
;;
backup)
notify backup
;;
fault)
notify fault
;;
*)
echo "Usage: $(basename $0) {master|backup|fault}"
exit 1
;;
esac
[root@localhost opt]# chmod +x keepalived.sh 修改LVS1keepalived配置文件
[root@localhost opt]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
……
notify_master "/opt/keepalive.sh master"
notify_backup "/opt/keepalive.sh backup"
notify_fault "/opt/keepalive.sh fault"
}
[root@localhost opt]# systemctl restart keepalived.service 配置邮箱
[root@localhost ~]# vim /etc/mail.rc
set from=num@qq.com
set smtp=smtp.qq.com
set smtp-auth-user=num5@qq.com
set smtp-auth-password=******* #POP3/IMAP/SMTP/Exchange/CardDAV 授权码注意要在QQ邮箱中打开smtp服务
6196
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
