Keepalived
-
概述
- 调度器出现单点故障,如何解决
- Keepalived实现高可用集群
- Keepalived最初是为了LVS设计的,专门监控各服务器节点的状态
- Keeplived后来加入了VRRP功能,放置单点故障
-
功能
- 自动配置LVS规则
- 健康检查
- VRRP(虚拟路由热备)
- 步骤
- 准备网络环境
- 给两台web服务器做相同的操作
- [root@web2 ~]# yum -y install keepalived
- [root@web1 ~]# yum -y install keepalived
- 部署Keepalived服务
- 修改web1服务器Keepalived配置文件
- [root@web1 ~]# rpm -qc keepalived
/etc/keepalived/keepalived.conf
/etc/sysconfig/keepalived - [root@web1 ~]# vim /etc/keepalived/keepalived.conf
- 3 global_defs {
4 notification_email {
5 acassen@firewall.loc
6 failover@firewall.loc
7 sysadmin@firewall.loc
8 }
9 notification_email_from Alexandre.Cassen@firewall.loc
10 smtp_server 192.168.200.1
11 smtp_connect_timeout 30
12 router_id web1 //更改服务器名称
13 vrrp_skip_check_adv_addr
14 vrrp_strict
15 vrrp_garp_interval 0
16 vrrp_gna_interval 0
17 }
18
19 vrrp_instance VI_1 {
20 state MASTER //状态为主,备为backup
21 interface eth0
22 virtual_router_id 51 //主备服务器id要求一致
23 priority 100 //优先级,数值大的优先
24 advert_int 1
25 authentication {
26 auth_type PASS //密码鉴权
27 auth_pass 1111
28 }
29 virtual_ipaddress {
30 10.211.55.150 //虚拟ip
31 }
32 } - 修改web2
- 1 ! Configuration File for keepalived
2
3 global_defs {
4 notification_email {
5 acassen@firewall.loc
6 failover@firewall.loc
7 sysadmin@firewall.loc
8 }
9 notification_email_from Alexandre.Cassen@firewall.loc
10 smtp_server 192.168.200.1
11 smtp_connect_timeout 30
12 router_id web2 //服务器名称改为web2
13 vrrp_skip_check_adv_addr
14 vrrp_strict
15 vrrp_garp_interval 0
16 vrrp_gna_interval 0
17 }
18
19 vrrp_instance VI_1 {
20 state BACKUP //状态为backup
21 interface eth0
22 virtual_router_id 51 //id和主服务器一致
23 priority 80 //优先级设置比主服务器低
24 advert_int 1
25 authentication {
26 auth_type PASS
27 auth_pass 1111
28 }
29 virtual_ipaddress {
30 10.211.55.150 //虚拟ip
31 }
32 } - 主备服务器起服务
- [root@web1 ~]# systemctl start keepalived.service
- [root@web2 ~]# systemctl start keepalived.service
- 清空iptables规则
- [root@web1 ~]# iptables -F
- [root@web2 ~]# iptables -F
- 测试
- [root@lvs ~]# curl 10.211.55.150
web1
关闭web1的keepalived后测试
[root@web1 ~]# systemctl stop keepalived.service
[root@lvs ~]# !cur
curl 10.211.55.150
web2 - 重启web1keepalived后虚拟ip又回到web1上
- [root@web1 ~]# systemctl start keepalived.service
[root@web1 ~]# iptables -F -
LVS+Keepalived
- 将网络配置好
- 在web1,web2上持久保存lo:0的配置
- [root@web1 network-scripts]# cp ifcfg-lo{,:0}
- [root@web1 network-scripts]# vim ifcfg-lo:0
- DEVICE=lo:0
IPADDR=10.211.55.150
NETMASK=255.255.255.255
NETWORK=10.211.55.150
、# If you’re having problems with gated making 127.0.0.0/8 a martian,
、# you can change this to something else (255.255.255.255, for example)
BROADCAST=10.211.55.150
ONBOOT=yes
NAME=lo:0 - 检查免费arp是否禁止
- [root@web1 network-scripts]# cat /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.lo.arp_ignore=1
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.lo.arp_announce=2 - 重启网络
- [root@web1 network-scripts]# systemctl restart network
- 注意:lvs服务器不要配置vip,本次实验使用keepalived配置vip
- 调度器安装keepalived和ipvsadm软件
- 清除ipvsadm策略
- [root@lvs2 ~]# ipvsadm -Ln
- 对lvs1和lvs2分别配置/etc/keepalived/keepalived.conf
- 1 ! Configuration File for keepalived
2
3 global_defs {
4 notification_email {
5 acassen@firewall.loc
6 failover@firewall.loc
7 sysadmin@firewall.loc
8 }
9 notification_email_from Alexandre.Cassen@firewall.loc
10 smtp_server 192.168.200.1
11 smtp_connect_timeout 30
12 router_id lvs1 //id名称为lvs1,另外一个为lvs2
13 vrrp_skip_check_adv_addr
14 vrrp_strict
15 vrrp_garp_interval 0
16 vrrp_gna_interval 0
17 }
19 vrrp_instance VI_1 {
20 state MASTER //状态为主,备用为BACKUP
21 interface eth0
22 virtual_router_id 51 //虚拟路由id,主备保持一致
23 priority 100 //优先级高的lvs,优先获取vip
24 advert_int 1
25 authentication {
26 auth_type PASS
27 auth_pass 1111
28 }
29 virtual_ipaddress {
30 10.211.55.150 //vip
31 }
32 }
34 virtual_server 10.211.55.150 80 { //虚拟集群配置
35 delay_loop 6
36 lb_algo rr
37 lb_kind DR
38 # persistence_timeout 50 //持久化连接时间
39 protocol TCP
40
41 real_server 10.211.55.35 80 { //添加真实主机
42 weight 1
43 TCP_CHECK {
44 connect_timeout 3
45 nb_get_retry 3
46 delay_before_retry 3
47 }
48 }
49 real_server 10.211.55.36 80 { //添加主机2
50 weight 1
51 TCP_CHECK {
52 connect_timeout 3
53 nb_get_retry 3
54 delay_before_retry 3
55 }
56 }
57 } - 主备lvs配置完成后,启动keepalived服务,不是keepalived.service
- [root@lvs2 ~]# systemctl start keepalived
- [root@lvs2 ~]# iptables -F
- 清空iptables规则
- 配置完成
- 测试
- 关闭lvs1的keepalived,vip会漂移到lvs2的eth0上
- [root@lvs1 ~]# systemctl stop keepalived.service
- [root@lvs2 ~]# ip a s eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:1c:42:7a:22:48 brd ff:ff:ff:ff:ff:ff
inet 10.211.55.22/24 brd 10.211.55.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 10.211.55.150/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fdb2:2c26:f4e4:0:21c:42ff:fe7a:2248/64 scope global noprefixroute dynamic
valid_lft 2591552sec preferred_lft 604352sec
inet6 fe80::21c:42ff:fe7a:2248/64 scope link noprefixroute
valid_lft forever preferred_lft forever - lvs1重新启动keepalived,vip地址回到lvs1上
- [root@lvs1 ~]# systemctl start keepalived.service
[root@lvs1 ~]# ip a s eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:1c:42:76:65:5d brd ff:ff:ff:ff:ff:ff
inet 10.211.55.21/24 brd 10.211.55.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 10.211.55.150/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fdb2:2c26:f4e4:0:21c:42ff:fe76:655d/64 scope global noprefixroute dynamic
valid_lft 2591939sec preferred_lft 604739sec
inet6 fe80::21c:42ff:fe76:655d/64 scope link noprefixroute
valid_lft forever preferred_lft forever -
Haproxy
- 准备新的拓扑环境
- 安装
- [root@haproxy ~]# yum -y install haproxy
- 修改配置文件
- [root@haproxy ~]# vim /etc/haproxy/haproxy.cfg
- 63 listen servers *:80
64 balance roundrobin
65 server web1 10.211.55.35 check inter 2000 rise 2 fall 5
、、web1:rs名称 check inter:健康检查 每2000毫秒检查一次,2次成功就上线,失败5次下线
66 server web2 10.211.55.36 check inter 2000 rise 2 fall 5
//其他配置不变,只在最后配置集群和rs。 - 保存配置,启动haproxy
- [root@haproxy ~]# systemctl start haproxy