Keepalived 简介:
Keepalived是基于vrrp协议的一款高可用软件。Keepailived有一台主服务器和多台备份服务器,在主服务器和备份服务器上面部署相同的服务配置,使用一个虚拟IP地址对外提供服务,当主服务器出现故障时,虚拟IP地址会自动漂移到备份服务器。
Keepalived 的作用:
Keepalived 提供了很好的高可用性保障服务
,它可以检查服务器的状态,如果有服务器出现问题,Keepalived 会将其从系统中移除,并且同时使用备份服务器代替该服务器的工作,当这台服务器可以正常工作后,Keepalived 再将其放入服务器群中。
Keepalived 原理:
Keepalived 是以 VRRP
协议为实现基础的,即虚拟路由冗余协议
。工作在TCP/IP参考模型的第三、四和第五层,也就是网络层、传输层个和应用层,将N台提供相同功能的路由器组成一个路由器组,这个组里面有一个master 和多个 backup,master 上面有一个对外提供服务的 VIP(Virtual IP Address)
,master 会发组播,当 backup 收不到 vrrp 包时就认为 master 宕掉了,这时就需要根据 VRRP 的优先级来选举
一个 backup 当 master。这样的话就可以保证路由器的高可用了。
keepalived 模块:
core 模块:keepalived的核心,负责主进程的启动、维护以及全局配置文件的加载和解析。
check模块:负责健康检查,包括常见的各种检查方式。
vrrp 模块:实现 VRRP 协议的。
keepalived核心功能:
- 健康检查
采用tcp三次握手,icmp请求,http请求,udp ,echo请求等方式对负载均衡器后面的实际的服务器进行保活。
- 故障切换
主要应用在配置了主备的服务器上,使用虚拟路由冗余协议维持主备之间的心跳,当主服务器出现问题时,由备服务器承载对应的业务,从而在最大限度上减少损失,并提供服务的稳定性。
keepalived的环境搭建:
keepalived1(master):172.25.254.10
keepalived2(backup):172.25.254.20
web1:172.25.254.110
web2:172.25.254.120
keepalived1端配置(master):
[root@KA1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
5555@qq.com
}
notification_email_from keepalived@KA1.timinglee.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id KA1.timinglee.org
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state MASTER #指定为主服器
interface eth0
virtual_router_id 20
priority 100 #优先级100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0 #vip设定为100,接口为eth0:0
}
}
keepalived2端配置(backup):
[root@KA2 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
5555@qq.com
}
notification_email_from keepalived@timinglee.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id KA2.timinglee.org
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state BACKUP #指定为从服务器
interface eth0
virtual_router_id 20
priority 80 #低优先级80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0 #vip设定为100,接口为eth0:0
}
}
#测试:
[root@KA2 ~]# tcpdump -i eth0 -nn host 224.0.0.18
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
22:48:23.294894 IP 172.25.254.10 > 224.0.0.18: VRRPv2, Advertisement, vrid 20,
prio 100, authtype none, intvl 1s, length 20
22:48:24.084793 IP 172.25.254.20 > 224.0.0.18: VRRPv2, Advertisement, vrid 30,
prio 80, authtype none, intvl 1s, length 20
web服务器的配置,配置nginx就行
启用keepalived的日志功能
[root@KA1 ~]# vim /etc/sysconfig/keepalived
KEEPALIVED_OPTIONS="-D -S 6"
[root@kA1 ~]#vim /etc/rsyslog.conf #添加keepalived日志信息到系统日志
local6.* /var/log/keepalived.log
[root@kA1 ~]#systemctl restart keepalived.service rsyslog.service
[root@kA1 ~]#ll /var/log/keepalived.log
-rw-------. 1 root root 3452 Aug 14 21:05 /var/log/keepalived.log
实现独立子配置文件
[root@KA1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
1817660707@qq.com
}
notification_email_from keepalived@www.wang.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id KA1.timinglee.org
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_ipsets keepalived
vrrp_iptables
}
include /etc/keepalived/conf.d/*.conf #在主配置文件中加载子配置文件
#创建子配置文件
[root@KA1 ~]# mkdir /etc/keepalived/conf.d
[root@KA1 ~]# vim /etc/keepalived/conf.d/yulang.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 20
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0
}
}
抢占模式和非抢占模式设定
默认为抢占模式preempt,即当高优先级的主机恢复在线后,会抢占低先级的主机的master角色,
这样会使vip在KA主机中来回漂移,造成网络抖动。
建议设置为非抢占模式 nopreempt ,即高优先级主机恢复后,并不会抢占低优先级主机的master角色非抢占模块下,如果原主机down机, VIP迁移至的新主机, 后续也发生down时,仍会将VIP迁移回原主机。
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 20
nopreempt #非抢占模式
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0 #vip设定为100,接口为eth0:0
}
}
#此配置设定后vip不会回来了
VIP单播配置
单播,可以减少网络流量。
keepalived1端配置:
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 20
nopreempt #非抢占模式
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0 #vip设定为100,接口为eth0:0
}
unicast_src_ip 172.25.254.10 #本机IP
unicast_peer {
172.25.254.20 #指向对方主机IP
}
}
keepalived2端配置:
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 20
nopreempt #非抢占模式
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0
}
unicast_src_ip 172.25.254.20 #本机IP
unicast_peer {
172.25.254.10 #指向对方主机IP
}
}
注意:启用 vrrp_strict 时,不能启用单播
测试:
[root@KA1 ~]# tcpdump -i eth0 -nn src host 172.25.254.10 and dst 172.25.254.20
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
00:20:16.150917 IP 172.25.254.10 > 172.25.254.20: VRRPv2, Advertisement, vrid 20,
prio 100, authtype simple, intvl 1s, length 20
Keepalived 通知脚本配置
当keepalived的状态变化时,可以自动触发脚本的执行
脚本配置:
[root@KA1 ~]# vim /etc/keepalived/mail.sh
#!/bin/bash
mail_dest='1742562292@qq.com'
mail_send()
{
mail_subj="$HOSTNAME to be $1 vip 转移"
mail_mess="`date +%F\ %T`: vrrp 转移,$HOSTNAME 变为 $1"
echo "$mail_mess" | mail -s "$mail_subj" $mail_dest
}
case $1 in
master)
mail_send master
;;
backup)
mail_send backup
;;
fault)
mail_send fault
;;
*)
exit 1
;;
esac
邮件配置:
[root@KA1 ~]# yum install mailx -y
[root@KA1 ~]# vim /etc/mail.rc
set bsdcompat
set from=1742562292@qq.com
set smtp=smtp.qq.com
set smtp-auth-user=1742562292@qq.com #qq邮箱
set smtp-auth-password=peyatjwmgotxbnft #qq邮箱的授权码
set smtp-auth=login
set ssl-verify=ignore
keepalived文件加入脚本调用:
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 20
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0
}
notify_master "/etc/keepalived/mail.sh master"
notify_backup "/etc/keepalived/mail.sh backup"
notify_fault "/etc/keepalived/mail.sh fault"
}
脚本测试:
实现ipvs的高可用性
基于实现单主的 LVS-DR 模式
keepalived1端配置:
[root@kA1 ~]# yum install keepalived.x86_64 -y
[root@kA1 ~]# yum install ipvsadm.x86_64 -y
virtual_server 172.25.250.100 80{
delay_loop 6
lb_algo wrr
lb_kind DR
protocol TCP
real_server 172.25.250.110 80{
weight 1
http_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 2
delay_before_retry 2
}
}
real_server 172.25.250.120 80{
weight 1
http_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 2
delay_before_retry 2
}
}
}
keepalived2端配置:
[root@kA2 ~]# yum install keepalived.x86_64 -y
[root@kA2 ~]# yum install ipvsadm.x86_64 -y
virtual_server 172.25.250.100 80{
delay_loop 6
lb_algo wrr
lb_kind DR
protocol TCP
real_server 172.25.250.110 80{
weight 1
http_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 2
delay_before_retry 2
}
}
real_server 172.25.250.120 80{
weight 1
http_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 2
delay_before_retry 2
}
}
}
web1端配置:
#添加环回接口
[root@rs1 ~]# ip a a 172.25.250.100/32 dev lo
#禁用arp
[root@rs1 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@rs1 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@rs1 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@rs1 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
#添加页面信息
[root@rs1 ~]# yum install httpd -y
[root@rs1 ~]# echo "welcome to web1" > /var/www/html/index.html
web2端配置:
#添加环回接口
[root@rs2 ~]# ip a a 172.25.250.100/32 dev lo
#禁用arp
[root@rs2 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@rs2 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@rs2 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@rs2 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
#添加页面信息
[root@rs2 ~]# yum install httpd -y
[root@rs2 ~]# echo "welcome to web2" > /var/www/html/index.html
测试:
#查看添加的策略
#访问:
#停掉keep1中的keepalived
[root@ka1 ~]# systemctl stop keepalived.service
发现vip被调度到keep2了
实现HAProxy高可用
keepalive1的配置:
#启用内核参数
[root@KA1 ~]# vim /etc/sysctl.conf
[root@KA1 ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
[root@KA1 ~]# yum install haproxy
#编写配置文件
[root@KA1 ~]# vim /etc/haproxy/haproxy.cfg
listen webserver
bind 172.25.254.100:80
mode http
balance static-rr
server web1 172.25.254.110:80 check
server web2 172.25.254.120:80 check
#编写脚本检测
[root@KA1 ~]# cat /etc/keepalived/haproxy.sh
killall -0 haproxy
[root@KA1 ~]# chmod +x /etc/keepalived/haproxy.sh
[root@KA1 ~]# yum provides */killall
[root@KA1 ~]# yum install psmisc-22.20-17.el7.x86_64
vrrp_script check_haproxy {
script "/etc/keepalived/haproxy.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}
vrrp_instance haproxy {
state MASTER
interface eth0
virtual_router_id 50
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:2
}
track_script {
check_haproxy
}
}
keepalive2的配置:
#启用内核参数
[root@KA2 ~]# vim /etc/sysctl.conf
[root@KA2 ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
[root@KA2 ~]# yum install haproxy
#编写配置文件
[root@KA2 ~]# vim /etc/haproxy/haproxy.cfg
listen webserver
bind 172.25.254.100:80
mode http
balance static-rr
server web1 172.25.254.110:80 check
server web2 172.25.254.120:80 check
#编写脚本检测
[root@KA2 ~]# cat /etc/keepalived/haproxy.sh
killall -0 haproxy
[root@KA2 ~]# chmod +x /etc/keepalived/haproxy.sh
[root@KA2 ~]# yum provides */killall
[root@KA2 ~]# yum install psmisc-22.20-17.el7.x86_64
vrrp_script check_haproxy {
script "/etc/keepalived/haproxy.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}
vrrp_instance haproxy {
state BACKUP
interface eth0
virtual_router_id 50
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:2
}
track_script {
check_haproxy
}
}
测试:
关闭keep1服务器的haproxy,发现vip确实转移了