高可用集群Keepalived

        Keepalived是一个用于实现高可用性和负载均衡的工具。它通过定期检测服务器状态，发现并处理异常情况，避免服务中断。同时，它利用Linux Virtual Server (IPVS)内核模块实现负载均衡，通过虚拟路由器冗余协议 (VRRP)实现高可用性。当服务器节点出现异常时，Keepalived会自动剔除故障节点，确保服务的稳定性。

Keepalived实验环境准备

四台主机，两台虚拟路由，两台web服务器，将自己的主机作为测试机进行访问，四台主机要求时间服务器同步，防火墙和SELinux关闭。

KA1主机配置

配置IP地址并关闭防火墙和SELinux

nmcli c modify ens33 ipv4.address 172.25.254.10/24 ipv4.gateway 172.25.254.2 ipv4.dns 114.114.114.114 ipv4.method manual autoconnect yes
nmcli c up ens33
systemctl disable --now firewalld
cat /etc/selinux/config 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 

reboot

安装Keepalived并完成全局配置

yum install keepalived.x86_64 -y
vim /etc/keepalived/keepalived.conf
systemctl restart keepalived.service

启用Keepalived日志文件

vim /etc/sysconfig/keepalived
# Options for keepalived. See `keepalived --help' output and keepalived(8) and
# keepalived.conf(5) man pages for a list of all options. Here are the most
# common ones :
#
# --vrrp               -P    Only run with VRRP subsystem.
# --check              -C    Only run with Health-checker subsystem.
# --dont-release-vrrp  -V    Dont remove VRRP VIPs & VROUTEs on daemon stop.
# --dont-release-ipvs  -I    Dont remove IPVS topology on daemon stop.
# --dump-conf          -d    Dump the configuration data.
# --log-detail         -D    Detailed log messages.
# --log-facility       -S    0-7 Set local syslog facility (default=LOG_DAEMON)
#

KEEPALIVED_OPTIONS="-D -S 6"

KA2主机配置

配置IP地址并关闭防火墙和SELinux

nmcli c modify ens33 ipv4.address 172.25.254.20/24 ipv4.gateway 172.25.254.2 ipv4.dns 114.114.114.114 ipv4.method manual autoconnect yes
nmcli c up ens33
systemctl disable --now firewalld
cat /etc/selinux/config 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 

reboot

安装Keepalived并完成全局配置

yum install keepalived.x86_64 -y
vim /etc/keepalived/keepalived.conf
systemctl restart keepalived.service

测试

WebServer1主机配置

配置IP地址并关闭防火墙和SELinux，启动web服务

nmcli c modify ens33 ipv4.address 172.25.254.11/24 ipv4.gateway 172.25.254.2 ipv4.dns 114.114.114.114 ipv4.method manual autoconnect yes
nmcli c up ens33
systemctl disable --now firewalld
cat /etc/selinux/config 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 

reboot
yum install httpd -y
echo This is WebServer1 > /var/www/html/index.html
systemctl restart httpd

WebServer2主机配置

配置IP地址并关闭防火墙和SELinux，启动web服务

nmcli c modify ens33 ipv4.address 172.25.254.21/24 ipv4.gateway 172.25.254.2 ipv4.dns 114.114.114.114 ipv4.method manual autoconnect yes
nmcli c up ens33
systemctl disable --now firewalld
cat /etc/selinux/config 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 

reboot
yum install httpd -y
echo This is WebServer2 > /var/www/html/index.html
systemctl restart httpd

PS：可以在Keepalived全局配置中，使用nopreempt将模式改为非抢占模式，也可以使用                      preempt_delay来指定抢占延迟时间。

主机单播配置

编写KA1主机配置文件并重启服务

vim /etc/keepalived/keepalived.conf

编写KA2主机配置文件并重启服务

vim /etc/keepalived/keepalived.conf

测试

实现Keepalived状态切换的通知脚本

环境配置：安装邮件发送工具

yum install mailx -y
vim /etc/mail.rc

KA1和KA2主机配置

vim /etc/keepalived/mail.sh

chmod +x /etc/keepalived/mail.sh 
vim /etc/keepalived/keepalived.conf

测试

killall keepalived

查看邮箱信息

实现单主的LVS-DR模式

更改WebServer服务器主机内容

ip addr add 172.25.254.100/32 dev lo
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore 
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore 
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce

PS：两台Web服务器都要进行改变

配置KA1主机

vim /etc/keepalived/keepalived.conf

配置KA2主机

vim /etc/keepalived/keepalived.conf

在主机上测试：curl 172.25.254.100

利用脚本实现主从角色切换

KA1主机配置

cat /mnt/check_qdx.sh 
#!/bin/bash
[ ! -f "/mnt/qdx" ]
chmod +x /mnt/check_qdx.sh
cat /etc/keepalived/keepalived.conf 
! Configuration File for keepalived

global_defs {
   notification_email {
	2876143930@qq.com    
   }
   notification_email_from keepalived@KA1.qdx.com
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id KA1.qdx.com
   vrrp_skip_check_adv_addr
   vrrp_mcast_group4 224.0.0.18
}

vrrp_script check_qdx {
    script "/mnt/check_qdx.sh"
    interval 1
    weight -30
    fall 2
    rise 2
    timeout 2
}

vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 50
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.25.254.100/24 dev ens33 label ens33:0
    }
    trak_script {
	check_qdx
    }
}
touch /mnt/qdx

查看：tail -f /var/log/message

实现HAProxy高可用

更改KA1和KA2配置

cat /etc/haproxy/haproxy.cfg
listen webserver
    bind 172.25.254.100:80
    server web1 172.25.254.11:80 check
    server web2 172.25.254.21:80 check
echo net.ipv4.ip_nonlocal_bind = 1 >> /etc/sysctl.conf
sysctl -p
net.ipv4.ip_nonlocal_bind = 1

在KA1中编写测试脚本

vim /etc/keepalived/scripts/haproxy.sh
#!/bin/bash
/usr/bin/killall -0 haproxy
chmod +x /etc/keepalived/scripts/haproxy.sh

在KA1中配置Keepalived

cat /etc/keepalived/keepalived.conf
vrrp_script check_haproxy {
    script "/etc/keepalived/scripts/haproxy.sh"
    interval 1
    weight -30
    fall 2
    rise 2
    timeout 2
}
vrrp_instance web {
    state MASTER
    interface ens33
    virtual_router_id 50
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.25.254.100 dev ens33 label ens33:0
    }
    track_script {
        check_haproxy
    }
}

测试：systemctl stop haproxy.service