keepalived高可用
一、keepalived高可用介绍
解决单点故障,提升服务高可用
基于VRRP协议设计
原理:
将多个物理设备放入到一个VRRP组中,通过VRRP组形成浮动IP,通过优先级进行主备选举,优先级高为主,浮动IP会配置到主设备上,同时主设备会发送心跳以通知自己的状态,备设备连续一段时间接收不到心跳,则认为主宕机,会自动接替主的工作
心跳:
默认以组播的方式发送心跳,地址224.0.0.18
影响心跳的因素:
1、防火墙
2、时间不同步
3、网络堵塞,多块网卡分担流量
二、keepalived高可用设计
1、两台haproxy负载均衡器配置一致
客户端通过DNS解析两台haproxy都可正常访问 业务
2、在haproxy上分别安装keepalived
[root@master_haproxy ~]# yum install -y keepalived
[root@slave_haproxy ~]# yum install -y keepalived
3、配置keepalived实现高可用
规划浮动IP: 192.168.140.100
主:
[root@master_haproxy ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id master_haproxy
}
vrrp_instance haproxy {
state MASTER
interface ens33
virtual_router_id 88
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass redhat
}
virtual_ipaddress {
192.168.140.100
}
}
备:
[root@slave_haproxy ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id slave_haproxy
}
vrrp_instance haproxy {
state BACKUP
interface ens33
virtual_router_id 88
priority 50
advert_int 1
authentication {
auth_type PASS
auth_pass redhat
}
virtual_ipaddress {
192.168.140.100
}
}
4、分别在两个调度器上查看浮动IP
主:
[root@master_haproxy ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:cc:6b:2f brd ff:ff:ff:ff:ff:ff
inet 192.168.140.10/24 brd 192.168.140.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.140.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fecc:6b2f/64 scope link
valid_lft forever preferred_lft forever
正常情况下,浮动只会出现的优先级高的设备上
备:
[root@slave_haproxy ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:29:e5:43 brd ff:ff:ff:ff:ff:ff
inet 192.168.140.11/24 brd 192.168.140.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe29:e543/64 scope link
valid_lft forever preferred_lft forever
5、测试客户端通过浮动IP可正常访问业务
C:\Users\admin>ping blog.linux.com
正在 Ping blog.linux.com [192.168.140.100] 具有 32 字节的数据:
来自 192.168.140.100 的回复: 字节=32 时间<1ms TTL=64
来自 192.168.140.100 的回复: 字节=32 时间<1ms TTL=64
来自 192.168.140.100 的回复: 字节=32 时间=1ms TTL=64
6、模拟故障,将优先级高的设备停机,测试客户端还可正常访问
7、配置脚本,检测虚拟服务故障,实现浮动IP转移
[root@master_haproxy ~]# cat /etc/keepalived/check_haproxy.sh
#!/bin/bash
#
netstat -tunlp | grep haproxy &> /dev/null
if [ $? -ne 0 ]; then
killall keepalived
fi
[root@master_haproxy ~]# ls -l /etc/keepalived/
total 8
-rwxr-xr-x 1 root root 107 Jun 12 11:04 check_haproxy.sh
-rw-r--r-- 1 root root 469 Jun 12 10:59 keepalived.conf
[root@master_haproxy ~]# cat /etc/keepalived/keepalived.conf
..........
vrrp_script check_haproxy { // 定义外部脚本
script "/etc/keepalived/check_haproxy.sh"
interval 1
}
vrrp_instance haproxy {
..............
track_script { // 调用外部脚本
check_haproxy
}
}
测试:关掉虚拟服务,测试浮动IP的转移
三、nginx 4层负载 + keepalived高可用
1、后台数据库为双主复制环境
2、安装nginx
[root@master_haproxy ~]# yum install -y gcc openssl-devel pcre-devel zlib-devel
[root@master_haproxy ~]# tar xf nginx-1.20.1.tar.gz
[root@master_haproxy ~]# cd nginx-1.20.1/
[root@master_haproxy nginx-1.20.1]# ./configure --prefix=/usr/local/nginx --with-stream && make && make install
3、配置nginx实现后端MySQL数据库的负载
[root@master_haproxy ~]# vim /usr/local/nginx/conf/nginx.conf
stream {
upstream dbserver {
server 192.168.140.13:3306;
server 192.168.140.14:3306;
}
server {
listen 3306;
proxy_pass dbserver;
}
}
[root@master_haproxy ~]# /usr/local/nginx/sbin/nginx
[root@master_haproxy ~]# netstat -tunlp | grep nginx
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 78726/nginx: master
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 78726/nginx: master
[root@master_haproxy ~]#
4、客户端测试通过两个nginx分别可正常连接数据库
5、配置keepalived实现nginx高可用
[root@master_haproxy ~]# cat /etc/keepalived/check_mysql_nginx.sh
#!/bin/bash
#
netstat -tunlp | grep nginx &> /dev/null
if [ $? -ne 0 ]; then
killall keepalived
fi
[root@master_haproxy ~]#
[root@master_haproxy ~]# chmod a+x /etc/keepalived/check_mysql_nginx.sh
主:
[root@master_haproxy ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id master_MySQL_nginx
}
vrrp_script check_mysql_nginx {
script "/etc/keepalived/check_mysql_nginx.sh"
interval 1
}
vrrp_instance mysql_nginx {
state MASTER
interface ens33
virtual_router_id 88
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass redhat
}
virtual_ipaddress {
192.168.140.100
}
track_script {
check_mysql_nginx
}
}
从调度:
[root@slave_haproxy ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id slave_MySQL_nginx
}
vrrp_script check_mysql_nginx {
script "/etc/keepalived/check_mysql_nginx.sh"
interval 1
}
vrrp_instance mysql_nginx {
state BACKUP
interface ens33
virtual_router_id 88
priority 50
advert_int 1
authentication {
auth_type PASS
auth_pass redhat
}
virtual_ipaddress {
192.168.140.100
}
track_script {
check_mysql_nginx
}
}
6、测试客户端通过浮动IP可正常连接数据库
7、测试关闭虚拟服务、浮动IP可正常转移
四、验证keepalived心跳
1、抓包查看心跳
[root@master_haproxy ~]# tcpdump -i ens33 -nn vrrp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
09:15:25.502757 IP 192.168.140.11 > 224.0.0.18: VRRPv2, Advertisement, vrid 88, prio 50, authtype simple, intvl 1s, length 20
09:15:26.504055 IP 192.168.140.11 > 224.0.0.18: VRRPv2, Advertisement, vrid 88, prio 50, authtype simple, intvl 1s, length 20
09:15:27.509837 IP 192.168.140.11 > 224.0.0.18: VRRPv2, Advertisement, vrid 88, prio 50, authtype simple, intvl 1s, length 20
09:15:28.521994 IP 192.168.140.11 > 224.0.0.18: VRRPv2, Advertisement, vrid 88, prio 50, authtype simple, intvl 1s, length 20
09:15:29.527629 IP 192.168.140.11 > 224.0.0.18: VRRPv2, Advertisement, vrid 88, prio 50, authtype simple, intvl 1s, length 20
2、将心跳传播方式修改为单播
unicast_src_ip 192.168.140.10
unicast_peer {
192.168.140.11
}
[root@master_haproxy ~]# tcpdump -i ens33 -nn vrrp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
09:26:24.888337 IP 192.168.140.10 > 192.168.140.11: VRRPv2, Advertisement, vrid 88, prio 100, authtype simple, intvl 1s, length 20
09:26:25.892076 IP 192.168.140.10 > 192.168.140.11: VRRPv2, Advertisement, vrid 88, prio 100, authtype simple, intvl 1s, length 20
09:26:26.895273 IP 192.168.140.10 > 192.168.140.11: VRRPv2, Advertisement, vrid 88, prio 100, authtype simple, intvl 1s, length 20
09:26:27.900182 IP 192.168.140.10 > 192.168.140.11: VRRPv2, Advertisement, vrid 88, prio 100, authtype simple, intvl 1s, length 20
09:26:28.908013 IP 192.168.140.10 > 192.168.140.11: VRRPv2, Advertisement, vrid 88, prio 100, authtype simple, intvl 1s, length 20
09:26:29.913588 IP 192.168.140.10 > 192.168.140.11: VRRPv2, Advertisement, vrid 88, prio 100, authtype simple, intvl 1s, length 20
五、配置高优先级的设备不抢占浮动IP
vrrp_instance mysql_nginx {
state BACKUP
nopreempt
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
