keepalived工作原理
keepalived是以VRRP协议为实现基础的.
虚拟路由冗余协议,可以认为是实现路由器高可用的协议,即将N台提供相同功能的路由器组成一个路由器组,这个组里面有一个master和多个backup,master上面有一个对外提供服务的vip(该路由器所在局域网内其他机器的默认路由为该vip),master会发组播,当backup收不到vrrp包时就认为master宕掉了,这时就需要根据VRRP的优先级来选举一个backup当master。这样的话就可以保证路由器的高可用了。
keepalived主要有三个模块,分别是core、check和vrrp。
core模块为keepalived的核心,负责主进程的启动、维护以及全局配置文件的加载和解析。
check负责健康检查,包括常见的各种检查方式,以及对应的配置解析包括LVS的配置解析,。
vrrp模块是来实现VRRP协议的。
使用Keepalived为LVS调度器提供高可用功能,防止调度器单点故障,为用户提供Web服务:
LVS+DR
Director分配请求到不同的real server。real server处理请求后直接回应给用户,这样director负载均衡器仅处理客户机与服务器的一半连接。负载均衡器仅处理一半的连接,避免了新的性能瓶颈,同样增加了系统的可伸缩性。Direct Routing由与采用物理层(修改MAC地址)技术,因此所有服务器都必须在一个网段中。
- LVS1调度器真实IP地址为192.168.4.21
- LVS2调度器真实IP地址为192.168.4.22
- 服务器VIP地址设置为192.168.4.15
- Web服务器地址分别为 node23 192.168.4.23
- node24 192.168.4.24
- node25 192.168.4.25
- node26 192.168.4.26
- nfs 服务器地址为192.168.4.20
- NSD1902 虚拟机为 模拟客户端 ip为 192.168.4.254
- 使用加权轮询调度算法
node20-26 ssh 无密码登陆
[root@NSD1902 ~]# ssh-keygen -f /root/.ssh/id_rsa -N ''
[root@NSD1902 ~]# for i in {20..26}; do ssh-copy-id 192.168.4.$i; done
node20-26配置yum源
[root@NSD1902 ~]# for i in {20..26}
> do
> ssh 192.168.4.$i wget ftp://192.168.4.254/c.repo -O /etc/yum.repos.d/c.repo
> done
[root@node20 ~]#mkdir /webs
[root@node20 ~]#vim /etc/fstab
/dev/vdb1 /webs xfs defaults 0 0
[root@node20 ~]# df -h
文件系统 容量 已用 可用 已用% 挂载点
/dev/mapper/rhel-root 17G 3.2G 14G 19% /
devtmpfs 481M 0 481M 0% /dev
tmpfs 497M 0 497M 0% /dev/shm
tmpfs 497M 7.0M 490M 2% /run
tmpfs 497M 0 497M 0% /sys/fs/cgroup
/dev/vda1 1014M 161M 854M 16% /boot
/dev/vdb1 40G 33M 40G 1% /webs
tmpfs 100M 0 100M 0% /run/user/0
[root@node20 ~]# vim /etc/exports
/webs 192.168.4.0/24(rw,no_root_squash)
[root@node20 ~]# systemctl restart nfs
[root@node20 webs]# echo 谢谢惠顾 >index.html
node23-26 装httpd
[root@NSD1902 ~]#for i in {23..26}; do ssh 192.168.4.$i yum -y install httpd; ssh 192.168.4.$i systemctl restart httpd; done
[root@NSD1902 ~]# for i in {23..26}; do ssh 192.168.4.$i "echo 192.168.4.20:/webs /var/www/html nfs _netdev 0 0 >> /etc/fstab"; ssh 192.168.4.$i mount -a; done
测试
[root@NSD1902 ~]# for i in {23..26}; do curl 192.168.4.$i; done
谢谢惠顾
谢谢惠顾
谢谢惠顾
谢谢惠顾
接下来给web1配置VIP地址
注意:这里的子网掩码必须是32(也就是全255),网络地址与IP地址一样,广播地址与IP地址也一样。
[root@node23 ~]#cp /etc/sysconfig/network-scripts/ifcfg-lo{,:0}
[root@node23 ~]#vim /etc/sysconfig/network-scripts/ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.4.15
NETMASK=255.255.255.255
NETWORK=192.168.4.15
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
BROADCAST=192.168.4.15
ONBOOT=yes
NAME=lo:0
把网卡文件传输给剩余3台web
[root@node23 ~]# for i in {24..26};do scp /etc/sysconfig/network-scripts/ifcfg-lo:0 192.168.4.$i:/etc/sysconfig/network-scripts/ifcfg-lo:0 ;done
注意:这里因为web1也配置与调度器一样的VIP地址,默认肯定会出现地址冲突。
写入这四行的主要目的就是访问192.168.4.15的数据包,只有调度器会响应,其他主机都不做任何响应。
#当有arp广播问谁是192.168.4.15时,本机忽略该ARP广播,不做任何回应
#本机不要向外宣告自己的lo回环地址是192.168.4.15
[root@node23 ~]# vim /etc/sysctl.conf
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_announce = 2
把文件分发给剩余web
[root@node23 ~]#for i in {24..26}
> do
> scp /etc/sysctl.conf 192.168.4.$i:/etc/sysctl.conf
> done
重启网络
[root@node23 ~]# for i in {23..26}
> do
> ssh 192.168.4.$i systemctl restart network
> done
设置防火墙与SELinux
[root@NSD1902 ~]#for i in {20..26}; do ssh 192.168.4.$i setenforce 0; ssh 192.168.4.$i systemctl stop firewalld.service ; done
[root@NSD1902 ~]# for i in {21..22}; do ssh 192.168.4.$i yum -y install keepalived ipvsadm; done
[root@node21 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS1
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.4.15
}
}
virtual_server 192.168.4.15 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
# persistence_timeout 50
protocol TCP
real_server 192.168.4.23 80 {
weight 1
TCP_CHECK
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.4.24 80 {
weight 1
TCP_CHECK
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.4.25 80 {
weight 1
TCP_CHECK
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.4.26 80 {
weight 1
TCP_CHECK
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@node21 ~]# systemctl restart keepalived.service
启动keepalived会自动添加一个drop的防火墙规则,需要清空!
[root@node21 ~]#iptables -F
[root@node21 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.4.15:80 wrr
-> 192.168.4.23:80 Route 1 0 0
-> 192.168.4.24:80 Route 1 0 0
-> 192.168.4.25:80 Route 1 0 0
-> 192.168.4.26:80 Route 1 0 0
[root@node21 ~]# ip a s eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:43:68:70 brd ff:ff:ff:ff:ff:ff
inet 192.168.4.21/24 brd 192.168.4.255 scope global eth0
valid_lft forever preferred_lft forever
inet 192.168.4.15/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::4074:f772:7f32:dff5/64 scope link
valid_lft forever preferred_lft forever
[root@node22 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS2
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.4.15
}
}
virtual_server 192.168.4.15 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
# persistence_timeout 50
protocol TCP
real_server 192.168.4.23 80 {
weight 1
TCP_CHECK
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.4.24 80 {
weight 1
TCP_CHECK
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.4.25 80 {
weight 1
TCP_CHECK
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.4.26 80 {
weight 1
TCP_CHECK
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@node22 ~]# systemctl restart keepalived.service
启动keepalived会自动添加一个drop的防火墙规则,需要清空!
[root@node22 ~]#iptables -F
[root@node22 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.4.15:80 wrr
-> 192.168.4.23:80 Route 1 0 0
-> 192.168.4.24:80 Route 1 0 0
-> 192.168.4.25:80 Route 1 0 0
-> 192.168.4.26:80 Route 1 0 0
[root@node22 ~]# ip a s eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:4f:33:f9 brd ff:ff:ff:ff:ff:ff
inet 192.168.4.22/24 brd 192.168.4.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5ab3:149c:a907:ef57/64 scope link
valid_lft forever preferred_lft forever
测试
[root@NSD1902 ~]# curl 192.168.4.15
谢谢惠顾
[root@NSD1902 ~]# curl 192.168.4.15
谢谢惠顾
[root@NSD1902 ~]# curl 192.168.4.15
谢谢惠顾
[root@NSD1902 ~]# curl 192.168.4.15
谢谢惠顾