一.Keepalived概述
- Keepalived是专门针对LVS设计的一款强大的辅助工具,主要用来提供故障切换和健康检查,来判断LVS负载调度器、节点服务器的可用性,及时隔离并且替换为新的服务器,当故障主机恢复后将其重新加入群集
- Keepalived的官方网站位于http://www.keepalived.org/,在非LVS的群集环境中使用时,Keepalived也可以作为热备软件使用
二.Keepalived的热备方式
- Keepalived采用VRRP(虚拟路由冗余协议)热备份协议,以软件的方式实现Linux服务器的多机热备功能。
- VRRP是针对路由器的一种备份解决方案——由多台路由器组成一个热备组,通过共用的虚拟IP地址对外提供服务,每个热备组内同一时刻只有一台主路由器提供服务,其他路由器处于冗余状态,如果当前在线的路由器失效,则其他路由器会自动接替(优先级决定接替顺序)虚拟IP地址,以继续提供服务(前文提供了VRRP协议的博客详解)
- 热备组内的每台路由器都可能成为主路由器,虚拟路由器的IP地址(VIP)可以在热备组内的路由器之间进行转移,所以也称为漂移IP地址。
- 此外,使用Keepalived时,漂移地址的实现不需要手动建立虚接口配置文件,而是由Keepalived根据配置文件自动管理
三.Keepalived实现双机热备的各个参数
- 基于VRRP协议的热备方式,keepalived可以用作服务器的故障切换,每个热备组可以有多台服务器,其中最常用的是双机热备。在双机热备方案中,故障切换主要针对虚拟IP地址的漂移来实现,因此能够使用于各种服务器(web、FTP、Mail、SSH、DNS)
- 双机热备中,主备服务器都需要安装Keepalived
- Keepalived服务的配置目录位于/etc/keepalived,其中keepalived.conf是主配置文件,在keepalived的配置文件中,使用“global_defs{...}”区段指定全局参数,使用“vrrp_instance实例名称{...}"区段指定vrrp热备参数,注释文字以“!”符号开头。
[root@localhost ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
...
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1 //主调度的IP地址
smtp_connect_timeout 30
router_id LVS_DEVEL //主调度器的名称,唯一性
vrrp_skip_check_adv_addr //vrrp协议
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER //主调度器的热备状态
interface ens33 //主调度器的网卡名称
virtual_router_id 51 //组名,主备必须相同
priority 100 //主调度器的优先级,从调度器的优先级必须比主调度器低
advert_int 1
authentication { //主、备热备份认证信息,必须相同
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { //指定群集的VIP地址
192.168.100.10
}
}
virtual_server 192.168.100.10 80 { //虚拟服务器地址、端口
delay_loop 6 //健康检查的间隔时间
lb_algo rr //调度算法,rr轮询
lb_kind DR //DR的群集工作模式
persistence_timeout 50
protocol TCP //应用服务采用的是TCP协议
real_server 192.168.100.100 80 { //匹配后面的节点服务器,有多少个服务节点增加多少个函数体
weight 1 //节点的权重
# SSL_GET { //删除带#号
# url {
# path /
# digest ff20ad2481f97b1754ef3e12ecd3a9cc
# }
# url {
# path /mrtg/
# digest 9b3a0c85a887a256d6939da88aabd8cd
# }
TCP_CHECK { //健康检查方式
connect_port 80 //检查的目的端口
connect_timeout 3 //连接超时(秒)
nb_get_retry 3 //重试次数
delay_before_retry 3 //重试间隔(秒)
}
}
}
##删除后续的函数体
四.LVS-DR模式下与Keepalived构建高可用群集
- 实验环境
类型 | IP地址 | 系统 | 软件包 |
主LVS调度器 | 192.168.100.110/24 VIP:192.168.100.100/24 | centos7 | keepalived ipvsadm |
从LVS调度器 | 192.168.100.120/24 VIP:192.168.100.100/24 | centos7 | keepalived ipvsadm |
web server 1 | 192.168.100.130/24 VIP:192.168.100.100/24 | centos7 | htpd |
web server 2 | 192.168.100.140/24 VIP:192.168.100.100/24 | centos7 | httpd |
客户机 | 192.168.100.150/24 | centos7 |
- 网络拓补图
- 主LVS调度器的配置
1.下载相应软件包
yum install ipvsadm keepalived -y
2.添加路由转发功能,关闭重定向功能
[root@localhost ~]# vim /etc/sysctl.conf
[root@localhost ~]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
3.配置real网卡
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# vim ifcfg-ens33
IPADDR=192.168.100.110
GATEWAY=192.168.100.1
NETMASK=255.255.255.0
4.添加虚拟网卡
[root@localhost network-scripts]# cp -p ifcfg-ens33 ifcfg-ens33:0
[root@localhost network-scripts]# vim ifcfg-ens33:0
DEVICE=ens33:0
IPADDR=192.168.100.100
NETMASK=255.255.255.0
ONBOOT=yes
5.编辑LVS规则脚本
[root@localhost network-scripts]# cd /etc/init.d
[root@localhost init.d]# vim dr.sh
#!/bin/bash
GW=192.168.100.1
VIP=192.168.100.100
RIP1=192.168.100.130
RIP2=192.168.100.140
case "$1" in
start)
/sbin/ipvsadm --save > /etc/sysconfig/ipvsadm
systemctl start ipvsadm
/sbin/ifconfig ens33:0 $VIP broadcast $VIP netmask 255.255.255.255 broadcast $VIP up
/sbin/route add -host $VIP dev ens33:0
/sbin/ipvsadm -A -t $VIP:80 -s rr
/sbin/ipvsadm -a -t $VIP:80 -r $RIP1:80 -g
/sbin/ipvsadm -a -t $VIP:80 -r $RIP2:80 -g
echo "ipvsadm starting ok"
;;
stop)
/sbin/ipvsadm -C
systemctl stop ipvsadm
ifconfig ens33:0 down
route del $VIP
echo "ipvsadm stoped ok"
;;
status)
if [ ! -e /var/lock/subsys/ipvsadm ];then
echo "ipvsadm stoped"
exit 1
else
echo "ipvsadm Runing ok"
fi
;;
*)
echo "Usage: $0 {start|stop|status}"
exit 1
esac
exit 0
[root@localhost init.d]# chmod +x dr.sh
6.配置keepalived配置文件
[root@localhost init.d]# cd /etc/keepalived/
[root@localhost keepalived]# vim keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_01
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.100.100
}
}
virtual_server 192.168.100.100 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.100.130 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.100.140 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
7.关闭安全功能,开启服务
systemctl stop firewalld
setenforce 0
systemctl start keepalived.service
ifup ens33:0
service dr.sh start
- 从LVS调度器的配置
1.下载相应软件包
yum install ipvsadm keepalived -y
2.添加路由转发功能,关闭重定向功能
[root@localhost ~]# vim /etc/sysctl.conf
[root@localhost ~]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
3.配置real网卡
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# vim ifcfg-ens33
IPADDR=192.168.100.120
GATEWAY=192.168.100.1
NETMASK=255.255.255.0
4.添加虚拟网卡
[root@localhost network-scripts]# cp -p ifcfg-ens33 ifcfg-ens33:0
[root@localhost network-scripts]# vim ifcfg-ens33:0
DEVICE=ens33:0
IPADDR=192.168.100.100
NETMASK=255.255.255.0
ONBOOT=yes
5.编辑LVS规则脚本
[root@localhost network-scripts]# cd /etc/init.d
[root@localhost init.d]# vim dr.sh
#!/bin/bash
GW=192.168.100.1
VIP=192.168.100.100
RIP1=192.168.100.130
RIP2=192.168.100.140
case "$1" in
start)
/sbin/ipvsadm --save > /etc/sysconfig/ipvsadm
systemctl start ipvsadm
/sbin/ifconfig ens33:0 $VIP broadcast $VIP netmask 255.255.255.255 broadcast $VIP up
/sbin/route add -host $VIP dev ens33:0
/sbin/ipvsadm -A -t $VIP:80 -s rr
/sbin/ipvsadm -a -t $VIP:80 -r $RIP1:80 -g
/sbin/ipvsadm -a -t $VIP:80 -r $RIP2:80 -g
echo "ipvsadm starting ok"
;;
stop)
/sbin/ipvsadm -C
systemctl stop ipvsadm
ifconfig ens33:0 down
route del $VIP
echo "ipvsadm stoped ok"
;;
status)
if [ ! -e /var/lock/subsys/ipvsadm ];then
echo "ipvsadm stoped"
exit 1
else
echo "ipvsadm Runing ok"
fi
;;
*)
echo "Usage: $0 {start|stop|status}"
exit 1
esac
exit 0
[root@localhost init.d]# chmod +x dr.sh
6.配置keepalived配置文件
[root@localhost init.d]# cd /etc/keepalived/
[root@localhost keepalived]# vim keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_02
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state backup
interface ens33
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.100.100
}
}
virtual_server 192.168.100.100 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.100.130 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.100.140 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
7.关闭安全功能,开启服务
systemctl stop firewalld
setenforce 0
systemctl start keepalived.service
ifup ens33:0
service dr.sh start
- 节点服务器的配置
web server 1
1.下载httpd软件包
yum insatll httpd -y
2.配置real网卡
[root@localhost html]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# vim ifcfg-ens33
IPADDR=192.168.100.130
GATEWAY=192.168.100.1
3.配置virual网卡
[root@localhost html]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp -p ifcfg-lo ifcfg-lo:0
[root@localhost network-scripts]# vim ifcfg-lo:0
DEVICE=lo:0
ONBOOT=yes
IPADDR=192.168.100.100
NETMASK=255.255.255.0
4.添加网页站点
[root@localhost ~]# cd /var/www/html
[root@localhost html]# ls
[root@localhost html]# echo "<h1>this is data</h1>" > index.html
5.配置LVS服务
[root@localhost html]# cd /etc/init.d
[root@localhost init.d]# ls
functions netconsole network README
[root@localhost init.d]# vim web.sh
#!/bin/bash
VIP=192.168.100.100
case "$1" in
start)
ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP
/sbin/route add -host $VIP dev lo:0
echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p > /dev/null 2>&1
echo "real server start ok"
;;
stop)
ifconfig lo:0 down
route del $VIP /dev/null 2>&1
echo "0" > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" > /proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" > /proc/sys/net/ipv4/conf/all/arp_announce
echo "real server stop"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0
~
[root@localhost init.d]# chmod +x web.sh
[root@localhost init.d]#
6.关闭安全性功能,开启服务
systemctl stop firewalld
setenforce 0
ifup lo:0
service web.sh start
systemctl start httpd
web server 2
1.下载httpd软件包
yum insatll httpd -y
2.配置real网卡
[root@localhost html]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# vim ifcfg-ens33
IPADDR=192.168.100.140
GATEWAY=192.168.100.1
3.配置virual网卡
[root@localhost html]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp -p ifcfg-lo ifcfg-lo:0
[root@localhost network-scripts]# vim ifcfg-lo:0
DEVICE=lo:0
ONBOOT=yes
IPADDR=192.168.100.100
NETMASK=255.255.255.0
4.添加网页站点
[root@localhost ~]# cd /var/www/html
[root@localhost html]# ls
[root@localhost html]# echo "<h1>this is yun</h1>" > index.html
5.配置LVS服务
[root@localhost html]# cd /etc/init.d
[root@localhost init.d]# ls
functions netconsole network README
[root@localhost init.d]# vim web.sh
#!/bin/bash
VIP=192.168.100.100
case "$1" in
start)
ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP
/sbin/route add -host $VIP dev lo:0
echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p > /dev/null 2>&1
echo "real server start ok"
;;
stop)
ifconfig lo:0 down
route del $VIP /dev/null 2>&1
echo "0" > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" > /proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" > /proc/sys/net/ipv4/conf/all/arp_announce
echo "real server stop"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0
~
[root@localhost init.d]# chmod +x web.sh
闭安全性功能,开启服务
systemctl stop firewalld
setenforce 0
ifup lo:0
service web.sh start
systemctl start httpd
- 验证LVS配置
- 模拟故障切换
注:重启调度器虚拟网卡服务时,可能会出现错误(此IP地址以被使用),可以尝试重启LVS服务器