引言
Keepalived 是一个基于VRRP协议来实现的LVS服务高可用方案,可以解决静态路由出现的单点故障问题。
一、Keepalived工具介绍
专为LVS和HA设计的一款健康检查工具
-
支持故障自动切换(Failover)
-
支持节点健康状态检查(Health Checking)
二、Keepalived实现原理剖析
Keepalived采用VRRP热备份协议实现Linux服务器的多机热备功能
1、VRRP (虚拟路由冗余协议)
是针对路由器的一种备份解决方案
由多台路由器组成一个热备组,通过共用的虚拟IP地址对外提供服务
每个热备组内同时只有一台主路由器提供服务,其他路由器处于冗余状态
若当前在线的路由器失效,则其他路由器会根据设置的优先级自动接替虚拟IP地址,继续提供服务
[vrrp会把多台路由组成一个虚拟路由组vrid,VRRP会生成一个虚拟路由(包括虚拟IP和虚拟MAC,局域网内用户不关心那个是主哪个是备,他们只用虚拟路由器的虚拟IP作为他们的网关)实际上虚拟IP是承载在master路由器,也就是说实际的数据通过master进行转发.backup是通过优先级来决定哪个是master路由,优先级最大的那台就是master,backup只是用来监听master定时发来的vrrp报文,如果超时未收到master发来的vrrp报文backup就会抢占master 虚拟IP也会一起漂移到backup上]
(2)Keepalived体系主要模块及其作用
keepalived体系架构中主要有三个模块,分别是core、check和vrrp。
●core模块:为keepalived的核心,负责主进程的启动、维护及全局配置文件的加载和解析。
●vrrp模块:是来实现VRRP协议的。
●check模块:负责健康检查,常见的方式有端口检查及URL检查。
三、Keepalived案例讲解
Keepalived可实现多机热备,每个热备组可有多台服务器
双机热备的故障切换是由虚拟P地址的漂移来实现,适用于各种应用服务器
Keepalived配置目录位于/etc/keepalived/
配置Keepalived master服务器
keepalived.conf是主配置文件
global_defs {...}区段指定全局参数
vrrp_instance 实例名称{...}区段指定VRRP热备参数
注释文字以"∵"符号开头
目录samples,提供了许多配置样例作为参考
常用配置选项
router_id HA_TEST_R1:本路由器(服务器)的名称、主备名称要不一样
vrrp_instance Vl_1∶定义VRRP热备实例
state MASTER:热备状态,MASTER表示主服务器
interface ens33:承载VIP地址的物理接口
virtual_router_id 1 :虚拟路由器的ID号,每个热备组保持一致
priority 100:优先级,数值越大优先级越高
advert_int 1:通告间隔秒数(心跳频率)
auth_type PASS:认证类型
auth_pass 123456:密码字串
virtual_ipaddress { vip}:指定漂移地址(VIP),可以有多个
配置Keepalived slave服务器
Keepalived备份服务器的配置与master的配置有三个选项不同
router_id:设为自有名称
state:设为BACKUP
priority:值低于主服务器
其他选项与master相同
测试双机热备的效果
router_id:设为自有名称
state:设为BACKUP
priority:值低于主服务器
四、LVS+Keepalived 高可用群集的搭建
环境
主DR 服务器:192.168.154.19 ipvsadm、keepalived(热备) 虚拟IP:192.168.154.188 网卡ens33:0
备DR 服务器:192.168.154.20 ipvsadm、keepalived(热备) 虚拟IP:192.168.154.188 网卡ens33:0
Web 服务器1:192.168.154.21
Web 服务器2:192.168.154.22
vip:192.168.154.188
客户端:192.168.154.100
1 、配置负载调度器(主:192.168.154.19)
(1)关闭防火墙关闭增强功能
systemctl stop firewalld
setenforce 0
(2) 安装软件包
yum install -y ipvsadm keepalived
(3)加载模块ip_vs并查看
modprobe ip_vs
cat /proc/net/ip_vs
(4) 启动ipvsadm.service
[root@fbc ~]# ipvsadm-save > /etc/sysconfig/ipvsadm
[root@fbc ~]# systemctl start ipvsadm.service
(5)配置keepalived主配置文件
[root@fbc ~]# cd /etc/keepalived/
[root@fbc keepalived]# cp keepalived.conf{,.bak} #备份配置文件
[root@fbc keepalived]# vim keepalived.conf
1 ! Configuration File for keepalived
2
3 global_defs {
4 smtp_server 127.0.0.1
5 router_id LVS_01
6 vrrp_skip_check_adv_addr
7 # vrrp_strict
8 vrrp_garp_interval 0
9 vrrp_gna_interval 0
10 }
11
12 vrrp_instance VI_1 {
13 state MASTER
14 interface ens33
15 virtual_router_id 51
16 priority 100
17 advert_int 1
18 authentication {
19 auth_type PASS
20 auth_pass 1111
21 }
22 virtual_ipaddress {
23 192.168.154.188
24 }
25 }
26
27 virtual_server 192.168.154.188 80 {
28 delay_loop 6
29 lb_algo rr
30 lb_kind DR
31 persistence_timeout 0
32 protocol TCP
33
34 real_server 192.168.154.21 80 {
35 weight 1
36 TCP_CHECK {
37 connect_port 80
38 connect_timeout 3
39 nb_get_retry 3
40 delay_before_retry 3
41 }
42 }
43
44 real_server 192.168.154.22 80 {
45 weight 1
46 TCP_CHECK {
47 connect_port 80
48 connect_timeout 3
49 nb_get_retry 3
50 delay_before_retry 3
51 }
52 }
53 }
54
(6)把配置文件远程复制给备用主机方便快捷
[root@fbc keepalived]# scp keepalived.conf root@192.168.154.20:/etc/keepalived/
The authenticity of host '192.168.154.20 (192.168.154.20)' can't be established.
ECDSA key fingerprint is SHA256:nIUCiwHuqlvgyYt4DWqMmPZXA/v/64DCtOw9iwVFmXQ.
ECDSA key fingerprint is MD5:59:93:91:b8:b9:95:e1:af:69:6d:d4:36:c9:28:a3:ea.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.154.20' (ECDSA) to the list of known hosts.
root@192.168.154.20's password:
keepalived.conf 100% 947 1.2MB/s 00:00
(7)编辑虚拟网卡信息
[root@fbc keepalived]# vim /etc/sysconfig/network-scripts/ifcfg-ens33:0
DEVICE=ens33:0
ONBOOT=yes
IPADDR=192.168.154.188
NETMASK=255.255.255.255
打开虚拟网卡并查看
(8) 开启keepalived服务并查看
[root@fbc keepalived]# systemctl start keepalived.service
[root@fbc keepalived]# systemctl status keepalived.service
(9)设置ipvsadm规则并查看
[root@fbc keepalived]# ipvsadm -C
[root@fbc keepalived]# ipvsadm -A -t 192.168.154.188:80 -s rr
[root@fbc keepalived]# ipvsadm -a -t 192.168.154.188:80 -r 192.168.154.21:80 -g
[root@fbc keepalived]# ipvsadm -a -t 192.168.154.188:80 -r 192.168.154.22:80 -g
[root@fbc keepalived]# ipvsadm
(10)调整 proc 响应参数,关闭Linux 内核的重定向参数响应
vim /etc/sysctl.conf
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
重载
sysctl -p
2、配置负载调度器(备:192.168.154.20)
(1)关闭防火墙
systemctl stop firewalld
setenforce 0
(2) 安装软件包
yum install -y ipvsadm keepalived
(3)加载模块ip_vs并查看
[root@localhost ~]# modprobe ip_vs
[root@localhost ~]# cat /proc/net/ip_vs
(4) 启动ipvsadm.service
[root@localhost ~]# ipvsadm-save > /etc/sysconfig/ipvsadm
[root@localhost ~]# systemctl start ipvsadm.service
(5) 配置keepalived主配置文件
[root@localhost network-scripts]# vim /etc/keepalived/keepalived.conf
1 ! Configuration File for keepalived
2
3 global_defs {
4 smtp_server 127.0.0.1
5 router_id LVS_02
6 vrrp_skip_check_adv_addr
7 # vrrp_strict
8 vrrp_garp_interval 0
9 vrrp_gna_interval 0
10 }
11
12 vrrp_instance VI_1 {
13 state BACKUP
14 interface ens33
15 virtual_router_id 51
16 priority 90
17 advert_int 1
18 authentication {
19 auth_type PASS
20 auth_pass 1111
21 }
22 virtual_ipaddress {
23 192.168.154.188
24 }
25 }
26
27 virtual_server 192.168.154.188 80 {
28 delay_loop 6
29 lb_algo rr
30 lb_kind DR
31 persistence_timeout 0
32 protocol TCP
33
34 real_server 192.168.154.21 80 {
35 weight 1
36 TCP_CHECK {
37 connect_port 80
38 connect_timeout 3
39 nb_get_retry 3
40 delay_before_retry 3
41 }
42 }
43
44 real_server 192.168.154.22 80 {
45 weight 1
46 TCP_CHECK {
47 connect_port 80
48 connect_timeout 3
49 nb_get_retry 3
50 delay_before_retry 3
51 }
52 }
53 }
54
(6)编辑虚拟网卡
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33:0
(7)开启虚拟网卡重启网卡在查看
(8)开启服务并查看
[root@localhost network-scripts]# systemctl start keepalived.service
[root@localhost network-scripts]# systemctl status keepalived.service
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabld)
Active: active (running) since 四 2022-06-09 18:53:22 CST; 56s ago
Process: 34886 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCESS)
Main PID: 34891 (keepalived)
Tasks: 3
CGroup: /system.slice/keepalived.service
├─34891 /usr/sbin/keepalived -D
├─34892 /usr/sbin/keepalived -D
└─34893 /usr/sbin/keepalived -D
(9)调整 proc 响应参数,关闭Linux 内核的重定向参数响应
vim /etc/sysctl.conf
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
重载
[root@localhost network-scripts]# sysctl -p
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
3、配置web1服务器(Web 服务器1:192.168.154.21)
(1)关闭防火墙,关闭增强功能
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# setenforce 0
(2) 安装并启动httpd服务
[root@localhost ~]# yum install -y httpd
[root@localhost ~]# systemctl start httpd
(3)编写web1网页的内容
[root@localhost ~]# echo 'hello user1' > /var/www/html/index.html
(4)编辑虚拟网卡lo:0
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-lo:0
DEVICE=lo:0
ONBOOT=yes
IPADDR=192.168.154.188
NETMASK=255.255.255.255
重启网卡
systemctl restart network
查看
(5)调整 proc 响应参数,关闭Linux 内核的重定向参数响应
[root@localhost ~]# vim /etc/sysctl.conf
[root@localhost ~]# sysctl -p
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
4、配置web2服务器(Web 服务器2:192.168.154.22)
(1)关闭防火墙,关闭增强功能
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# setenforce 0
(2) 安装并启动httpd服务
[root@localhost ~]# yum install -y httpd
[root@localhost ~]# systemctl start httpd
(3)编写web1网页的内容
[root@localhost ~]# echo 'hello user2' > /var/www/html/index.html
(4)编辑虚拟网卡lo:0
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-lo:0
DEVICE=lo:0
ONBOOT=yes
IPADDR=192.168.154.188
NETMASK=255.255.255.255
重启网卡
systemctl restart network
(5)调整 proc 响应参数,关闭Linux 内核的重定向参数响应
[root@localhost ~]# vim /etc/sysctl.conf
[root@localhost ~]# sysctl -p
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
5、验证结果
在客户端访问 http://192.168.154.188/
再在主服务器关闭 keepalived 服务后再测试, systemctl stop keepalived
开启keepalived
systemctl start keepalived
查看主备网卡信息
ip addr
主网卡信息
备网卡信息
关闭主keepalived服务
再次查看主备信息看到虚拟接口跳转到了备用主机上
主网卡信息
备网卡信息
总结
本文主要叙述了
LVS+keepalived群集的工作原理
Keepalived体系主要模块及其作用
LVS+DR+keepalived的配置实验