keepalived简介
keepalived介绍
Keepalived是基于vrrp协议的一款高可用软件。它的作用是检测服务器的状态,如果有一台web服务器
宕机,或工作出现故障,Keepalived将检测到,并将有故障的服务器从系统中剔除,同时使用其他服务器
代替该服务器的工作,当服务器工作正常后Keepalived自动将服务器加入到服务器群中,这些工作全部自
动完成,不需要人工干涉,需要人工做的只是修复故障的服务器。
keepalive结构图:
Keepalvied的工作原理
Keepalived工作在TCP/IP 参考模型的 三层、四层、五层,也就是分别为:网络层,
传输层和应用层,根据TCP、IP参数模型隔层所能实现的功能,Keepalived运行机制如下:
在网络层:我们知道运行这4个重要的协议,互联网络IP协议,互联网络可控制报文协议ICMP、地址转换协议ARP、反向地址转换协议RARP,在网络层Keepalived在网络层采用最常见的工作方式是通过ICMP协议向服务器集群中的每一个节点发送一个ICMP数据包(有点类似与Ping的功能),如果某个节点没有返回响应数据包,那么认为该节点发生了故障,Keepalived将报告这个节点失效,并从服务器集群中剔除故障节点。
在传输层:提供了两个主要的协议:传输控制协议TCP和用户数据协议UDP,传输控制协议TCP可以提供可靠的数据输出服务、IP地址和端口,代表TCP的一个连接端,要获得TCP服务,需要在发送机的一个端口和接收机的一个端口上建立连接,而Keepalived在传输层里利用了TCP协议的端口连接和扫描技术来判断集群节点的端口是否正常,比如对于常见的WEB服务器80端口。或者SSH服务22端口,Keepalived一旦在传输层探测到这些端口号没有数据响应和数据返回,就认为这些端口发生异常,然后强制将这些端口所对应的节点从服务器集群中剔除掉。
在应用层:可以运行FTP,TELNET,SMTP,DNS等各种不同类型的高层协议,Keepalived的运行方式也更加全面化和复杂化,用户可以通过自定义Keepalived工作方式,例如:可以通过编写程序或者脚本来运行Keepalived,而Keepalived将根据用户的设定参数检测各种程序或者服务是否允许正常,如果Keepalived的检测结果和用户设定的不一致时,Keepalived将把对应的服务器从服务器集群中剔除
配置Keepalived
配置环境
已关闭防火墙、selinux;
环境说明
| 角色 | IP地址 | 系统版本 |
|---|---|---|
| Client | 192.168.236.130 | Redhat 8 |
| MASTER | 192.168.236.131 | Redhat 8 |
| SLAVE | 192.168.86.138 | Redhat 8 |
| rs1 | 192.168.236.135 | Redhat 8 |
| rs2 | 192.168.236.132 | Redhat 8 |
配置步骤
在master和backup两主机上分别配置网络源、安装epel-release,并安装Keepalived和MySQL
//配置yum源和ep源
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
sed -i 's|^#baseurl=https://download.fedoraproject.org/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*
在RS端安装httpd服务
[root@rs1 ~]# yum -y install httpd
[root@rs1 ~]# systemctl enable --now httpd
[root@rs1 ~]# echo "web1" > /var/www/html/index.html
[root@RS2 ~]# yum -y install httpd
[root@RS2 ~]# systemctl enable --now httpd
[root@RS2 ~]# echo "web2" > /var/www/html/index.html
配置负载均衡
//配置MASTER的IP地址,并重启网卡
[root@MASTER ~]# vi /etc/sysconfig/network-scripts/ifcfg-ens160
TYPE=Ethernet
BOOTPROTO=static
ONBOOT=yes
NAME=ens160
DEVICE=ens160
IPADDR=192.168.236.131
PREFIX=24
GATEWAY=192.168.236.2
DNS1=114.114.114.114
[root@MASTER ~]# ifdown ens160;ifup ens160
[root@RS1 ~]# vi /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@RS1 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
//在RS端配置内核参数和IP地址
[root@RS1 ~]# vi /etc/sysconfig/network-scripts/ifcfg-ens160
TYPE=Ethernet
BOOTPROTO=static
ONBOOT=yes
NAME=ens160
DEVICE=ens160
IPADDR0=192.168.236.135
PREFIX0=24
GATEWAY0=192.168.236.2
IPADDR1=192.168.236.250
PREFIX1=24
DNS1=114.114.114.114
[root@RS1 ~]# ifdown ens160;ifup ens160
[root@SR2 ~]# vi /etc/sysctl.conf
[root@RS2 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@SR2 ~]# vi /etc/sysconfig/network-scripts/ifcfg-ens160
TYPE="Ethernet"
BOOTPROTO="static"
IPADDR0=192.168.236.136
PREFIX0=24
GATEWAY0=192.168.236.2
IPADDR1=192.168.236.250
PREFIX1=24
NAME="ens160"
DEVICE="ens160"
ONBOOT="yes"
DNS1=114.114.114.114
[root@RS2 ~]# ifdown ens160; ifup ens160
//在MASTER端添加负载均衡规则
[root@MASTER ~]# ipvsadm -A -t 192.168.236.250 -s rr
[root@MASTER ~]# ipvsadm -a -t 192.168.236.250:80 -r 192.168.236.135:80 -g
[root@MASTER ~]# ipvsadm -a -t 192.168.236.250:80 -r 192.168.236.136:80 -g
[root@MASTER ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.236.250:80 rr
-> 192.168.236.135:80 Route 1 0 0
-> 192.168.236.136:80 Route 1 0 0
关闭防火墙和SELINUX
[root@localhost ~]# systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# vim /etc/selinux/config
reboot
//配置SLAVE的IP地址并重启网卡
[root@SLAVE ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens160
BOOTPROTO=static
ONBOOT=yes
NAME=ens160
DEVICE=ens160
IPADDR=192.168.236.132
PREFIX=24
GATEWAY=192.168.236.2
DNS1=114.114.114.114
[root@SLAVE ~]# ifdown ens160;ifup ens160
//在SLAVE端添加负载均衡规则
[root@SLAVE ~]# ipvsadm -A -t 192.168.236.250:80 -s rr
[root@SLAVE ~]# ipvsadm -a -t 192.168.236.250:80 -r 192.168.236.135:80 -g
[root@SLAVE ~]# ipvsadm -a -t 192.168.236.250:80 -r 192.168.236.136:80 -g
[root@SLAVE ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.236.250:80 rr
-> 192.168.236.135:80 Route 1 0 0
-> 192.168.236.136:80 Route 1 0 0
//关闭防火墙和SELINUX
[root@localhost ~]# systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# vim /etc/selinux/config
[root@localhost ~]# reboot
配置Keepalived
//配置主Keepavlied 并安装Keepalived
[root@MASTER ~]# yum -y install keepalived
[root@MASTER ~]# cp /etc/keepalived/keepalived.conf{,-bak}
[root@MASTER ~]# vi /etc/keepalived/keepalived.conf
[root@MASTER keepalived]# vi keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_instance VI_1 {
state MASTER
interface ens160
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass wangqing
}
virtual_ipaddress {
192.168.236.250
}
}
virtual_server 192.168.236.250 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.236.135 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.236.136 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@MASTER keepalived]# systemctl enable --now keepalived
在SLAVE端上安装Keepalived
[root@SLAVE ~]# yum -y install keepalived
[root@localhost ~]# systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# vim /etc/selinux/config
[root@localhost ~]# reboot
//配置备Keepavlied
[root@SLAVE ~]# cp /etc/keepalived/keepalived.conf{,-bak}
[root@SLAVE keepalived]# vi keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
interface ens160
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass redhat
}
virtual_ipaddress {
192.168.236.250
}
}
virtual_server 192.168.236.250 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.236.135 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.236.136 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
//查看VIP在哪里
[root@MASTER ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:54:83:50 brd ff:ff:ff:ff:ff:ff
inet 192.168.236.131/24 brd 192.168.236.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet 192.168.236.250/32 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe54:8350/64 scope link
valid_lft forever preferred_lft forever
[root@SLAVE ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:e2:ff:58 brd ff:ff:ff:ff:ff:ff
inet 192.168.236.132/24 brd 192.168.236.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet 192.168.236.250/32 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fee2:ff58/64 scope link
valid_lft forever preferred_lft forever
//验证
//关闭MASTER端上的Keepavlied,模拟MASTER宕机
[root@MASTER ~]# systemctl stop keepalived
[root@MASTER ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:54:83:50 brd ff:ff:ff:ff:ff:ff
inet 192.168.236.131/24 brd 192.168.236.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe54:8350/64 scope link
valid_lft forever preferred_lft forever
//在SLAVE端上查看是否有VIP
[root@SLAVE ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:e2:ff:58 brd ff:ff:ff:ff:ff:ff
inet 192.168.236.132/24 brd 192.168.236.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet 192.168.236.250/32 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fee2:ff58/64 scope link
valid_lft forever preferred_lft forever
//验证
[root@localhost ~]# curl http://192.168.236.250
web2
210
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
