一、Keepalived介绍
Keepalived是一款实现主机集群高可用的软件程序,它可以检查当前服务器的状态是否可用,如果当前服务器出现故障,那么他就会把该主机从当前系统中剔除,然后根据配置规则,让其他正常的服务器来继续工作,达到系统服务的高可用。
keepalived的主要模块有Checkers和VRRP Stack这两个模块,Checkers模块主要是实现对当前服务器运行状态的检测和故障的隔离,VRRP Stack是用来对虚拟ip地址做检查与切换的。因为系统对外提供服务,主要是请求虚拟ip,当主节点存活时,vip在主节点,系统服务主要由主节点对外系统;当主节点发送故障时,keepalived会检测到当前节点主机状态,则它会把对外提供服务的地址切换到另外一个备用节点上继续提供服务,来保证系统的高可用性。
VRRP(Virtual Router Redundancy Protocol)虚拟路由冗余协议是Keepalive能实现高可用的重要部分,VRRP是用来实现路由器高可用的一个协议,当一个路由发生故障时,由另外一个备份路由器来继续提供服务。VRRP是根据当前优先级来确定虚拟路由服务器的当前角色的。优先级大者为Master,优先级小者为Backup。VRRP的优先级的取值范围为0到255。
二、Keepalived实验配置
主调度器:192.168.126.138
从调度器:192.168.126.139
web1:192.168.126.133
web2:192.168.126.138
配置注意事项:
1、当前主机名要与hosts文件中的主机名保持一致,并且主备可以互相解析主机名;
2、主备两个节点时间要同步
3、关闭iptables与selinux
调度器1的配置:
[root@master ~]# iptables -X
[root@master ~]# iptables -F
[root@master ~]# iptables -Z
[root@master ~]# getenforce
Disabled //防火墙与selinux已关闭
[root@master ~]#
[root@master ~]#vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.126.135 master
192.168.126.139 backup
[root@master ~]# scp /etc/hosts backup:/etc/hosts
hosts 100% 206 70.8KB/s 00:00
[root@master ~]#
[root@master ~]# ping backup //ping主机名没有问题
PING backup (192.168.126.139) 56(84) bytes of data.
64 bytes from backup (192.168.126.139): icmp_seq=1 ttl=64 time=0.578 ms
64 bytes from backup (192.168.126.139): icmp_seq=2 ttl=64 time=0.601 ms
64 bytes from backup (192.168.126.139): icmp_seq=3 ttl=64 time=0.600 ms
^C
--- backup ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 0.578/0.593/0.601/0.010 ms
[root@master ~]#
[root@master ~]# yum install ipvsadm keepalived -y
Loaded plugins: fastestmirror
Determining fastest mirrors
....................................
...................................
[root@master ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs { //全局配置段
notification_email {
root@localhost //发生故障时接收邮件的地址或邮件人
}
notification_email_from kaadmin@hehe.com //发件人信息,此处可以自定义
smtp_server127.0.0.1 //邮件服务器地址,默认本主机即可
smtp_connect_timeout 30 //连接邮件服务器的超时时间
router_id LVS_DEVEL //路由器的标识
}
vrrp_instance VI_1 { //虚拟路由器配置实例1
state MASTER //当前角色身份
interface ens33 //虚拟地址所配置的接口网卡名称
virtual_router_id 51 //虚拟路由器id号,同一组主备服务器的id号要相同
priority 100 //优先级数值,优先级高者为master
advert_int 1 //VRRP的通知信息发送的间隔时间
authentication {
auth_type PASS //认证机制,此处为字符认证
auth_pass 1111 //密码信息
}
virtual_ipaddress {
192.168.126.140 //虚拟ip地址
}
}
virtual_server 192.168.126.140 80 { //设置虚拟服务器
delay_loop 2 //服务轮询的时间间隔
lb_algo wrr //使用的调度算法
lb_kind DR //lvs的工作模式
nat_mask 255.255.255.0 //虚拟ip地址的掩码
persistence_timeout 50 //会话保持时间
protocol TCP //指明健康状态检查使用的协议类型
real_server 192.168.126.133 { //后端real server地址
weight 2 //权重配置
HTTP_GET { //检查类型和方法
url {
path / //请求的资源路径
status_code 200 //指明成功类型
}
connect_timeout 3 //连接超时时间
nb_get_retry 3 //重连次数
delay_before_retry 3 //重连间隔
}
}
real_server 192.168.126.138{
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@master ~]# systemctl enable keepalived //设置服务开机自启动
Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.
[root@master ~]# systemctl start keepalived
[root@master ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:8f:12:c4 brd ff:ff:ff:ff:ff:ff
inet 192.168.126.135/24 brd 192.168.126.255 scope global noprefixroute dynamic ens33
valid_lft 1696sec preferred_lft 1696sec
inet 192.168.126.140/32 scope global ens33 //此时虚拟ip已经显示成功
valid_lft forever preferred_lft forever
inet6 fe80::e513:fdea:32d6:8cf3/64 scope link noprefixroute
valid_lft forever preferred_lft forever
调度器2的配置:
调度器1的配置与调度器2的配置基本一样,不过需要修改配置文件中的角色为BACKUP,优先级级别要设置比100小即可。
WEB端配置(web1端和web2端配置一样):
创建dr模型所需要的脚本
[root@web2 ~]# vim set.sh
#!/bin/bash
case $1 in
start)
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore //配置所有网卡只响应自己接口上的ip的arp请求,其余的忽略。
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_ignore //响应ip地址是在lo接口上的arp请求,其余的忽略。
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce //必须避免将接口信息向非本网络进行通告。
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce //对查询目标使用最适当的本地地址。
;;
stop)
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
;;
esac
[root@web2 ~]# chmod +x set.sh
[root@web2 ~]# bash set.sh start
[root@web2 ~]# cat /proc/sys/net/ipv4/conf/all/arp_ignore
1
[root@web2 ~]# cat /proc/sys/net/ipv4/conf/all/arp_announce
2
[root@web2 ~]# ifconfig lo:0 192.168.126.140 netmask 255.255.255.0 broadcast 192.168.126.140 up
//绑定虚拟ip地址到本地环回口
[root@web2 ~]# route add -host 192.168.126.140 dev lo:0
调度器端配置lvs规则:
[root@master keepalived]# ipvsadm -A -t 192.168.126.140:80 -s wrr
[root@master keepalived]# ipvsadm -a -t 192.168.126.140:80 -r 192.168.126.133 -g -w 1
[root@master keepalived]#
[root@master keepalived]# ipvsadm -a -t 192.168.126.140:80 -r 192.168.126.138 -g -w 2
[root@master keepalived]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.126.140:80 wrr
-> 192.168.126.133:80 Route 1 0 0
-> 192.168.126.138:80 Route 2 0 0
[root@master keepalived]#
[root@master keepalived]# curl 192.168.126.140
//查看结果是否轮询,
//关闭主机节点的keepalived,查看vip是否流动到backup节点上
状态通知脚本:
#!/bin/bash
vip=192.168.126.140
contact='root@localhost'
notify() {
mailsubject="`hostname` to be $1:$vip floating"
notify() {
mailsubject="`hostname` to be $1:$vip floating"
mailbody="`date '+%F %H:%M:%S'` : vrrp transition, `hostname` changed to be $1"
echo $mailbody | mail -s "$mailsubject" $contact
}
case "$1" in
master)
notify master
exit 0
;;
backup)
notify backup
exit 0
;;
fault)
notify fault
exit 0
;;
*)
echo "Usage:`basename $0` {master|backup|fault}"
exit 1
esac