一 案例分析
在企业应用中,单台服务器承担应用存在单点故障的危险,在企业应用集群中,存在了至少两处单点故障危险,单点故障一旦发生,企业服务将发生中断,造成极大的危害
二 keepalived工具介绍
● 支持故障自动切换(Failover)
● 支持节点健康状态检查(Health Checking)
● 官方网站:http://www.keepalived.org/
三 Keepalived实现原理剖析
Keepalived采用VRRP热备份协议实现Linux服务器的多机热备功能
VRRP ,虚拟路由冗余协议,是针对路由器的一种备份解决方案
1、由多台路由器组成一个热备组,通过共用的虚拟IP地址对外提供服务
2、每个热备组内同一时刻只有一台主路由器提供服务,其他路由器处于冗余状态
3、若当前在线的路由器失效,则其他路由器会根据设置的优先级自动接替虚拟IP地址,继续提供 服务
四 案例配置
IP地址规划:
漂移地址(VIP):192.168.100.100
主调度器:192.168.100.11
辅调度器:192.168.100.12
WEB服务器1:192.168.100.13
WEB服务器2:192.168.100.14
存储服务器:192.168.100.15
五 实验步骤
主调度器
##调整/proc响应参数##
[root@localhost network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
[root@localhost network-scripts]# sysctl -p
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
##清除负载分配策略##
[root@localhost /]# ipvsadm -C
##调整keepalived参数##
[root@localhost ~]# yum -y install keepalived ipvsadm
[root@localhost ~]# cd /etc/keepalived/
[root@localhost keepalived]# cp keepalived.conf keepalived.conf.bak
[root@localhost keepalived]# vi keepalived.conf
global_defs {
router_id HA_TEST_R1 ##本路由器的服务器名称 HA_TEST_R1
}
vrrp_instance VI_1 { ##定义VRRP热备实列
state MASTER ##热备状态,master表示主服务器
interface ens33 ##表示承载VIP地址的物理接口
virtual_router_id 1 ##虚拟路由器的ID号,每个热备组保持一致
priority 100 ##优先级,优先级越大优先级越高
advert_int 1 ##通告间隔秒数(心跳频率)
authentication { ##认证信息,每个热备组保持一致
auth_type PASS ##认证类型
auth_pass 123456 ##认证密码
}
virtual_ipaddress { ##漂移地址(VIP),可以是多个
192.168.100.100
}
}
virtual_server 192.168.100.100 80 { ##虚拟服务器地址(VIP)、端口
delay_loop 15 ##健康检查的时间间隔(秒)
lb_algo rr ##轮询调度算法
lb_kind DR ##直接路由(DR)群集工作模式
persistence 60 ##连接保持时间(秒),若启用请去掉!号
protocol TCP ##应用服务采用的是TCP协议
real_server 192.168.100.13 80 { ##第一个WEB站点的地址,端口
weight 1 ##节点的权重
TCP_CHECK { ##健康检查方式
connect_port 80 ##检查端口目标
connect_timeout 3 ##连接超时(秒)
nb_get_retry 3 ##重试次数
delay_before_retry 4 ##重试间隔(秒)
}
}
real_server 192.168.100.14 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
[root@localhost keepalived]# systemctl start keepalived ##启动keepalived
[root@localhost keepalived]# systemctl enable keepalived ##开机启动keepalived
[root@localhost keepalived]# ip addr show dev ens33
##查看主控制IP地址和漂移地址
辅调度器
##调整/proc响应参数##
[root@localhost network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
[root@localhost network-scripts]# sysctl -p
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
##清除负载分配策略##
[root@localhost /]# ipvsadm -C
##调整keepalived参数##
[root@localhost ~]# yum -y install keepalived ipvsadm
[root@localhost ~]# cd /etc/keepalived/
[root@localhost keepalived]# cp keepalived.conf keepalived.conf.bak
[root@localhost keepalived]# vi keepalived.conf
global_defs {
router_id HA_TEST_R2 ##本路由器的服务器名称 HA_TEST_R2
}
vrrp_instance VI_1 { ##定义VRRP热备实列
state BACKUP ##热备状态,BACKUP表示辅服务器
interface ens33 ##表示承载VIP地址的物理接口
virtual_router_id 1 ##虚拟路由器的ID号,每个热备组保持一致
priority 99 ##优先级,优先级越大优先级越高
advert_int 1 ##通告间隔秒数(心跳频率)
authentication { ##认证信息,每个热备组保持一致
auth_type PASS ##认证类型
auth_pass 123456 ##认证密码
}
virtual_ipaddress { ##漂移地址(VIP),可以是多个
192.168.100.100
}
}
virtual_server 192.168.100.100 80 { ##虚拟服务器地址(VIP)、端口
delay_loop 15 ##健康检查的时间间隔(秒)
lb_algo rr ##轮询调度算法
lb_kind DR ##直接路由(DR)群集工作模式
persistence 60 ##连接保持时间(秒),若启用请去掉!号
protocol TCP ##应用服务采用的是TCP协议
real_server 192.168.100.13 80 { ##第一个WEB站点的地址,端口
weight 1 ##节点的权重
TCP_CHECK { ##健康检查方式
connect_port 80 ##检查端口目标
connect_timeout 3 ##连接超时(秒)
nb_get_retry 3 ##重试次数
delay_before_retry 4 ##重试间隔(秒)
}
}
real_server 192.168.100.14 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
[root@localhost keepalived]# systemctl start keepalived ##启动keepalived
[root@localhost keepalived]# systemctl enable keepalived ##开机启动keepalived
[root@localhost keepalived]# ip addr show dev ens33
##查看主控制IP地址和漂移地址
存储服务器
[root@localhost ~]# yum -y install nfs-utils
[root@localhost ~]# yum -y install rpcbind
[root@localhost ~]# systemctl start nfs
[root@localhost ~]# systemctl start rpcbind
[root@localhost ~]# vi /etc/exports
/opt/51xit 192.168.100.0/24 (rw,sync)
/opt/52xit 192.168.100.0/24 (rw,sync)
[root@localhost ~]# systemctl restart nfs
[root@localhost ~]# systemctl restart rpcbind
[root@localhost ~]# systemctl enable nfs
[root@localhost ~]# systemctl enable rpcbind
[root@localhost ~]# mkdir /opt/51xit /opt/52xit
[root@localhost ~]# echo "this is 51xit" >/opt/51xit/index.html
[root@localhost ~]# echo "this is 52xit" >/opt/52xit/index.html
web1
##配置lo:0##
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0
[root@localhost network-scripts]# vi ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.100.100
NETMASK=255.255.255.255
ONBOOT=yes
[root@localhost network-scripts]# ifup lo:0
[root@localhost network-scripts]# ifconfig
[root@localhost network-scripts]# vi /etc/rc.local
/sbin/route add -host 192.168.100.100 dev lo:0
[root@localhost network-scripts]# route add -host 192.168.100.100 dev lo:0
##调整/proc响应参数##
[root@localhost network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@localhost network-scripts]# sysctl -p
##安装httpd挂载测试页##
[root@localhost ~]# yum -y install nfs-utils
[root@localhost ~]# showmount -e 192.168.100.15 ####如果还没发布,请到存储服务器发布下,exportfs -rv
Export list for 192.168.100.15:
/opt/51xit (everyone)
/opt/52xit (everyone)
[root@localhost ~]# yum -y install httpd
[root@localhost ~]# mount 192.168.100.15:/opt/51xit /var/www/html/
[root@localhost ~]# vi /etc/fstab
192.168.100.15:/opt/51xit/ /var/www/html/ nfs rw,tcp,intr 0 1
[root@localhost ~]# init 6
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl enable httpd
登录192.168.100.42测试网站是否正常
web2
##配置lo:0##
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0
[root@localhost network-scripts]# vi ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.100.100
NETMASK=255.255.255.255
ONBOOT=yes
[root@localhost network-scripts]# ifup lo:0
[root@localhost network-scripts]# ifconfig
[root@localhost network-scripts]# vi /etc/rc.local
/sbin/route add -host 192.168.100.100 dev lo:0
[root@localhost network-scripts]# route add -host 192.168.100.100 dev lo:0
##调整/proc响应参数##
[root@localhost network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@localhost network-scripts]# sysctl -p
##安装httpd挂载测试页##
[root@localhost ~]# yum -y install nfs-utils
[root@localhost ~]# showmount -e 192.168.100.15
Export list for 192.168.100.15:
/opt/51xit (everyone)
/opt/52xit (everyone)
[root@localhost ~]# yum -y install httpd
[root@localhost ~]# mount 192.168.100.15:/opt/52xit /var/www/html/
[root@localhost ~]# vi /etc/fstab
192.168.100.15:/opt/52xit/ /var/www/html/ nfs rw,tcp,intr 0 1
[root@localhost ~]# init 6
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl enable httpd
登录192.168.100.42测试网站是否正常
六 测试
测试主辅调度器是否正常切换,轮询是否正常
-
浏览器登录 192.168.100.100
-
停止主服务器的keepadlive
本机cmd
C:\Users\cwj>arp -a
接口: 192.168.100.1 --- 0xc
Internet 地址 物理地址 类型
192.168.100.11 00-0c-29-c7-4d-51 动态
192.168.100.12 00-0c-29-67-50-bb 动态
192.168.100.13 00-0c-29-bb-09-65 动态
192.168.100.14 00-0c-29-01-8b-28 动态
192.168.100.15 00-0c-29-e5-3c-cb 动态
192.168.100.100 00-0c-29-c7-4d-51 动态
MAC地址为:00-0c-29-c7-4d-51
主调度器
[root@localhost keepalived]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.11 netmask 255.255.255.0 broadcast 192.168.100.255
inet6 fe80::e86d:de1b:1742:2974 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:c7:4d:51 txqueuelen 1000 (Ethernet)
RX packets 4098 bytes 359936 (351.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2669 bytes 314547 (307.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.100 netmask 255.255.255.0 broadcast 192.168.100.255
ether 00:0c:29:c7:4d:51 txqueuelen 1000 (Ethernet)
[root@localhost keepalived]# systemctl stop keepalived.service
C:\Users\cwj>arp -a
接口: 192.168.100.1 --- 0xc
Internet 地址 物理地址 类型
192.168.100.11 00-0c-29-c7-4d-51 动态
192.168.100.12 00-0c-29-67-50-bb 动态
192.168.100.13 00-0c-29-bb-09-65 动态
192.168.100.14 00-0c-29-01-8b-28 动态
192.168.100.15 00-0c-29-e5-3c-cb 动态
192.168.100.100 00-0c-29-01-8b-28 动态
MAC地址:00-0c-29-01-8b-28
辅调度器
[root@localhost keepalived]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.12 netmask 255.255.255.0 broadcast 192.168.100.255
inet6 fe80::9bb2:e9a:b13f:83a1 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:01:8b:28 txqueuelen 1000 (Ethernet)
RX packets 478532 bytes 528201719 (503.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 218842 bytes 107664169 (102.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
说明:辅调度器接管
- 测试是否正常轮询