Keepalived是一个用于实现高可用性和负载均衡的工具。它通过定期检测服务器状态,发现并处理异常情况,避免服务中断。同时,它利用Linux Virtual Server (IPVS)内核模块实现负载均衡,通过虚拟路由器冗余协议 (VRRP)实现高可用性。当服务器节点出现异常时,Keepalived会自动剔除故障节点,确保服务的稳定性。
Keepalived实验环境准备
四台主机,两台虚拟路由,两台web服务器,将自己的主机作为测试机进行访问,四台主机要求时间服务器同步,防火墙和SELinux关闭。
KA1主机配置
配置IP地址并关闭防火墙和SELinux
nmcli c modify ens33 ipv4.address 172.25.254.10/24 ipv4.gateway 172.25.254.2 ipv4.dns 114.114.114.114 ipv4.method manual autoconnect yes
nmcli c up ens33
systemctl disable --now firewalld
cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
reboot
安装Keepalived并完成全局配置
yum install keepalived.x86_64 -y
vim /etc/keepalived/keepalived.conf
systemctl restart keepalived.service
启用Keepalived日志文件
vim /etc/sysconfig/keepalived
# Options for keepalived. See `keepalived --help' output and keepalived(8) and
# keepalived.conf(5) man pages for a list of all options. Here are the most
# common ones :
#
# --vrrp -P Only run with VRRP subsystem.
# --check -C Only run with Health-checker subsystem.
# --dont-release-vrrp -V Dont remove VRRP VIPs & VROUTEs on daemon stop.
# --dont-release-ipvs -I Dont remove IPVS topology on daemon stop.
# --dump-conf -d Dump the configuration data.
# --log-detail -D Detailed log messages.
# --log-facility -S 0-7 Set local syslog facility (default=LOG_DAEMON)
#
KEEPALIVED_OPTIONS="-D -S 6"
KA2主机配置
配置IP地址并关闭防火墙和SELinux
nmcli c modify ens33 ipv4.address 172.25.254.20/24 ipv4.gateway 172.25.254.2 ipv4.dns 114.114.114.114 ipv4.method manual autoconnect yes
nmcli c up ens33
systemctl disable --now firewalld
cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
reboot
安装Keepalived并完成全局配置
yum install keepalived.x86_64 -y
vim /etc/keepalived/keepalived.conf
systemctl restart keepalived.service
测试
WebServer1主机配置
配置IP地址并关闭防火墙和SELinux,启动web服务
nmcli c modify ens33 ipv4.address 172.25.254.11/24 ipv4.gateway 172.25.254.2 ipv4.dns 114.114.114.114 ipv4.method manual autoconnect yes
nmcli c up ens33
systemctl disable --now firewalld
cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
reboot
yum install httpd -y
echo This is WebServer1 > /var/www/html/index.html
systemctl restart httpd
WebServer2主机配置
配置IP地址并关闭防火墙和SELinux,启动web服务
nmcli c modify ens33 ipv4.address 172.25.254.21/24 ipv4.gateway 172.25.254.2 ipv4.dns 114.114.114.114 ipv4.method manual autoconnect yes
nmcli c up ens33
systemctl disable --now firewalld
cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
reboot
yum install httpd -y
echo This is WebServer2 > /var/www/html/index.html
systemctl restart httpd
PS:可以在Keepalived全局配置中,使用nopreempt将模式改为非抢占模式,也可以使用 preempt_delay来指定抢占延迟时间。
主机单播配置
编写KA1主机配置文件并重启服务
vim /etc/keepalived/keepalived.conf
编写KA2主机配置文件并重启服务
vim /etc/keepalived/keepalived.conf
测试
实现Keepalived状态切换的通知脚本
环境配置:安装邮件发送工具
yum install mailx -y
vim /etc/mail.rc
KA1和KA2主机配置
vim /etc/keepalived/mail.sh
chmod +x /etc/keepalived/mail.sh
vim /etc/keepalived/keepalived.conf
测试
killall keepalived
查看邮箱信息
实现单主的LVS-DR模式
更改WebServer服务器主机内容
ip addr add 172.25.254.100/32 dev lo
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
PS:两台Web服务器都要进行改变
配置KA1主机
vim /etc/keepalived/keepalived.conf
配置KA2主机
vim /etc/keepalived/keepalived.conf
在主机上测试:curl 172.25.254.100
利用脚本实现主从角色切换
KA1主机配置
cat /mnt/check_qdx.sh
#!/bin/bash
[ ! -f "/mnt/qdx" ]
chmod +x /mnt/check_qdx.sh
cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
2876143930@qq.com
}
notification_email_from keepalived@KA1.qdx.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id KA1.qdx.com
vrrp_skip_check_adv_addr
vrrp_mcast_group4 224.0.0.18
}
vrrp_script check_qdx {
script "/mnt/check_qdx.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 50
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev ens33 label ens33:0
}
trak_script {
check_qdx
}
}
touch /mnt/qdx
查看:tail -f /var/log/message
实现HAProxy高可用
更改KA1和KA2配置
cat /etc/haproxy/haproxy.cfg
listen webserver
bind 172.25.254.100:80
server web1 172.25.254.11:80 check
server web2 172.25.254.21:80 check
echo net.ipv4.ip_nonlocal_bind = 1 >> /etc/sysctl.conf
sysctl -p
net.ipv4.ip_nonlocal_bind = 1
在KA1中编写测试脚本
vim /etc/keepalived/scripts/haproxy.sh
#!/bin/bash
/usr/bin/killall -0 haproxy
chmod +x /etc/keepalived/scripts/haproxy.sh
在KA1中配置Keepalived
cat /etc/keepalived/keepalived.conf
vrrp_script check_haproxy {
script "/etc/keepalived/scripts/haproxy.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}
vrrp_instance web {
state MASTER
interface ens33
virtual_router_id 50
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100 dev ens33 label ens33:0
}
track_script {
check_haproxy
}
}
测试:systemctl stop haproxy.service