LVS+Keepalived高可用集群
文章目录
Keepalived工作原理
Keepalived 是一个基于VRRP协议来实现的LVS服务高可用方案,可以解决静态路由出现的单点故障问题。
在一个LVS服务集群中通常有主服务器(MASTER)和备份服务器(BACKUP)两种角色的服务器,但是对外表现为一个虚拟IP,主服务器会发送VRRP通告信息给备份服务器,当备份服务器收不到VRRP消息的时候,即主服务器异常的时候,备份服务器就会接管虚拟IP,继续提供服务,从而保证了高可用性。
Keepalived体系主要模块和作用
keepalived体系架构中主要有三个模块,分别是core、check和vrrp。
-
core模块:为keepalived的核心,负责主进程的启动、维护及全局配置文件的加载和解析。
-
vrrp模块:是来实现VRRP协议的。
-
check模块:负责健康检查,常见的方式有端口检查及URL检查。
VRRP(虚拟路由冗余协议)
- 是针对路由器的一种备份解决方案
- 由多台路由器组成一个热备组,通过共用的虚拟IP地址对外提供服务
- 每个热备组内同时只有一台主路由器提供服务,其他路由器处于冗余状态
- 若当前在线的路由器失效,则其他路由器会根据设置的优先级自动接替虚拟IP地址,继续提供服务
keepalived的抢占与非抢占模式
抢占模式即MASTER从故障中恢复后,会将VIP从BACKUP节点中抢占过来。非抢占模式即MASTER恢复后不抢占BACKUP升级为MASTER后的VIP
非抢占式俩节点state必须为bakcup,且必须配置nopreempt。
注:这样配置后,我们要注意启动服务的顺序,优先启动的获取master权限,与优先级没有关系了。
keepalived判断主机方法和配置浮动IP方法
Keepalived首先做初始化先检查state状态,master为主服务器,backup为备服务器。然后再对比所有服务器的priority,谁的优先级高谁是最终的主服务器。优先级高的服务器会通过ip命令为自己的电脑配置一个提前定义好的浮动IP地址。
LVS DR模式+Keepalived部署
主负载调度器: ens33:192.168.237.129 vip:192.168.237.100
辅负载调度器: ens33:192.168.237.141
web1节点服务器: 192.168.237.148
web2节点服务器: 192.168.237.138
NFS服务器: 192.168.237.128
客户端:192.168.237.134
主负载调度器
[root@localhost]# systemctl stop firewalld.service
[root@localhost]# setenforce 0
[root@localhost]# yum -y install ipvsadm keepalived
[root@localhost]# cd /etc/keepalived/
[root@localhost]# cp keepalived.conf keepalived.conf.bak #备份配置文件
[root@localhost]# vim keepalived.conf
global_defs {
smtp_server 127.0.0.1 #修改这一行,将邮件服务指向本地
router_id LVS_01 #指定服务器的名称,主备服务器名称须不同,主为LVS_01,备为LVS_02
#vrrp_skip_check_adv_addr
#vrrp_strict
#vrrp_garp_interval 0
#vrrp_gna_interval 0 #四行vrrp的配置注释掉, 取消严格遵守VRRP协议功能,否则VIP无法被连接
}
#定义VRRP热备实例参数
vrrp_instance VI_1 {
state MASTER #指定热备状态,主为MASTER,备为BACKUP。但真正的主备是用优先级区分。
interface ens33 #指定承载vip地址的物理接口
virtual_router_id 10 #指定虚拟路由器的ID号,每个热备组保持一致。
priority 100 #指定优先级,数值越大优先级越高
advert_int 1 #通告间隔秒数(心跳频率)
authentication { #定义认证信息,每个热备组保持一致
auth_type PASS #认证类型
auth_pass abc123 #指定验证密码,主备服务器保持一致
}
virtual_ipaddress { #指定群集vip地址
192.168.237.100
}
}
#指定虚拟服务器地址(VIP)、端口,定义虚拟服务器和Web服务器池参数
virtual_server 192.168.237.100 80 {
delay_loop 6 #健康检查的间隔时间(秒)
lb_algo rr #指定调度算法,轮询(rr)
lb_kind DR #指定群集工作模式,直接路由(DR)
persistence_timeout 0 #连接保持时间(秒)
protocol TCP #应用服务采用的是 TCP协议
real_server 192.168.237.138 80 { #添加第一个Web节点的地址、端口
weight 1 #节点的权重
TCP_CHECK { #采用TCP_CHECK健康检查的方式
connect_port 80 #添加检查的目标端口
connect_timeout 3 #添加连接超时(秒)
nb_get_retry 3 #添加重试次数
delay_before_retry 3 #添加重试间隔
}
}
real_server 192.168.237.148 80 { #添加第二个Web节点的地址、端口
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
后面全部删除
:wq
[root@localhost keepalived]# systemctl start keepalived
[root@localhost keepalived]# ip addr show dev ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:f6:5a:9a brd ff:ff:ff:ff:ff:ff
inet 192.168.237.129/24 brd 192.168.237.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.237.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::a1ef:4b2d:6637:6caa/64 scope link
valid_lft forever preferred_lft forever
已经可以看到创建的虚拟网卡了
[root@localhost keepalived]# ipvsadm-save > /etc/sysconfig/ipvsadm
[root@localhost keepalived]# systemctl start ipvsadm
[root@localhost keepalived]# ipvsadm -ln //查看调度策略
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.72.200:80 rr persistent 50
-> 192.168.237.138:80 Masq 1 0 0
-> 192.168.237.148:80 Masq 1 0 0
[root@yuji keepalived]# vim /etc/sysctl.conf
[root@yuji keepalived]# sysctl -p //刷新配置,读取修改后的配置
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
辅负载调度器
[root@localhost]# systemctl stop firewalld.service
[root@localhost]# setenforce 0
[root@localhost]# yum -y install ipvsadm keepalived
[root@localhost]# cd /etc/keepalived/
[root@localhost]# cp keepalived.conf keepalived.conf.bak #备份配置文件
[root@localhost]# vim keepalived.conf
global_defs {
smtp_server 127.0.0.1 #修改这一行,将邮件服务指向本地
router_id LVS_02 #指定服务器的名称,主备服务器名称须不同,主为LVS_01,备为LVS_02
#vrrp_skip_check_adv_addr
#vrrp_strict
#vrrp_garp_interval 0
#vrrp_gna_interval 0 #四行vrrp的配置注释掉, 取消严格遵守VRRP协议功能,否则VIP无法被连接
}
#定义VRRP热备实例参数
vrrp_instance VI_1 {
state BACKUP #指定热备状态,主为MASTER,备为BACKUP。但真正的主备是用优先级区分。
interface ens33 #指定承载vip地址的物理接口
virtual_router_id 10 #指定虚拟路由器的ID号,每个热备组保持一致。
priority 99 #指定优先级,数值越大优先级越高
advert_int 1 #通告间隔秒数(心跳频率)
authentication { #定义认证信息,每个热备组保持一致
auth_type PASS #认证类型
auth_pass abc123 #指定验证密码,主备服务器保持一致
}
virtual_ipaddress { #指定群集vip地址
192.168.237.100
}
}
#指定虚拟服务器地址(VIP)、端口,定义虚拟服务器和Web服务器池参数
virtual_server 192.168.237.100 80 {
delay_loop 6 #健康检查的间隔时间(秒)
lb_algo rr #指定调度算法,轮询(rr)
lb_kind DR #指定群集工作模式,直接路由(DR)
persistence_timeout 0 #连接保持时间(秒)
protocol TCP #应用服务采用的是 TCP协议
real_server 192.168.237.138 80 { #添加第一个Web节点的地址、端口
weight 1 #节点的权重
TCP_CHECK { #采用TCP_CHECK健康检查的方式
connect_port 80 #添加检查的目标端口
connect_timeout 3 #添加连接超时(秒)
nb_get_retry 3 #添加重试次数
delay_before_retry 3 #添加重试间隔
}
}
real_server 192.168.237.148 80 { #添加第二个Web节点的地址、端口
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
后面全部删除
:wq
[root@localhost keepalived]# systemctl start keepalived
[root@localhost keepalived]# ip addr show dev ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:94:7f:47 brd ff:ff:ff:ff:ff:ff
inet 192.168.237.141/24 brd 192.168.237.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::788f:e634:cdbd:3267/64 scope link
valid_lft forever preferred_lft forever
等下测试主负载调度器宕机后,会看到这里出现虚拟网卡
NFS服务器
[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# systemctl disable firewalld.service
[root@localhost ~]# setenforce 0
NFS服务器
[root@localhost ~]# yum -y install nfs-utils rpcbind
[root@localhost ~]# mkdir /opt/zc /opt/wpc
[root@localhost opt]# echo 'this is zc' > /opt/zc/index.html
[root@localhost opt]# echo 'this is wpc'> /opt/wpc/index.html
[root@localhost ~]# chmod 777 /opt/zc /opt/wpc
[root@localhost ~]# vim /etc/exports
/opt/zc 192.168.237.0/24(rw,sync)
/opt/wpc 192.168.237.0/24(rw,sync)
:wq
[root@localhost ~]# systemctl start nfs.service
[root@localhost ~]# systemctl start rpcbind.service
web1服务器
[root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0
[root@localhost network-scripts]# vim ifcfg-lo:0
[root@localhost network-scripts]# ifup lo:0
DEVICE=lo:0
IPADDR=192.168.237.100
NETMASK=255.255.255.255
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
BROADCAST=192.168.237.100
ONBOOT=yes
NAME=loopback
:wq
[root@localhost network-scripts]# ifconfig lo:0
lo:0: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 192.168.237.100 netmask 255.255.255.255
loop txqueuelen 1 (Local Loopback)
[root@localhost network-scripts]# route add -host 192.168.237.100 dev lo:0
[root@localhost network-scripts]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.237.2 0.0.0.0 UG 100 0 0 ens33
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
192.168.237.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
192.168.237.110 0.0.0.0 255.255.255.255 UH 0 0 0 lo
[root@localhost network-scripts]# vim /etc/rc.local
/sbin/route add -host 192.168.237.100 dev lo:0
:wq
[root@localhost network-scripts]# vim /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
:wq
[root@localhost network-scripts]# sysctl -p
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@localhost network-scripts]# mount 192.168.237.128:/opt/zc /var/www/html
[root@localhost network-scripts]# yum -y install nfs-utils rpcbind httpd
[root@localhost network-scripts]# systemctl start rpcbind
[root@localhost network-scripts]# systemctl start httpd
web服务器2
[root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0
[root@localhost network-scripts]# vim ifcfg-lo:0
[root@localhost network-scripts]# ifup lo:0
DEVICE=lo:0
IPADDR=192.168.237.100
NETMASK=255.255.255.255
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
BROADCAST=192.168.237.100
ONBOOT=yes
NAME=loopback
:wq
[root@localhost network-scripts]# ifconfig lo:0
lo:0: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 192.168.237.120 netmask 255.255.255.255
loop txqueuelen 1 (Local Loopback)
[root@localhost network-scripts]# route add -host 192.168.237.100 dev lo:0
[root@localhost network-scripts]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.237.2 0.0.0.0 UG 100 0 0 ens33
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
192.168.237.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
192.168.237.120 0.0.0.0 255.255.255.255 UH 0 0 0 lo
[root@localhost network-scripts]# vim /etc/rc.local
/sbin/route add -host 192.168.237.100 dev lo:0
:wq
[root@localhost network-scripts]# vim /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
:wq
[root@localhost network-scripts]# sysctl -p
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@localhost network-scripts]# mount 192.168.237.128:/opt/zc /var/www/html
[root@localhost network-scripts]# yum -y install nfs-utils rpcbind httpd
[root@localhost network-scripts]# systemctl start rpcbind
[root@localhost network-scripts]# systemctl start httpd
测试1
客户端登录192.168.237.100,看到写入页面,等一段时间刷新看到第二个写入页面
测试2
停止主负载调度器的keepalived服务,开启辅负载调度器的keepalived
辅负载调度器
[root@localhost keepalived]# systemctl start keepalived.service
[root@localhost keepalived]# ip addr show dev ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:94:7f:47 brd ff:ff:ff:ff:ff:ff
inet 192.168.237.141/24 brd 192.168.237.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.237.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::788f:e634:cdbd:3267/64 scope link
valid_lft forever preferred_lft forever
[root@localhost keepalived]# ipvsadm-save > /etc/sysconfig/ipvsadm
[root@localhost keepalived]# systemctl start ipvsadm
[root@localhost keepalived]# ipvsadm -ln //查看调度策略
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.237.100:80 rr persistent 50
-> 192.168.237.138:80 Masq 1 0 0
-> 192.168.237.148:80 Masq 1 0 0
[root@localhost keepalived]# vim /etc/sysctl.conf
[root@localhost keepalived]# sysctl -p //刷新配置,读取修改后的配置
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
测试
客户端登录192.168.237.100,看到写入页面,等一段时间刷新看到第二个写入页面
总结:需要注意的是keepalived的配置文件修改,似乎并不像其他服务配置文件修改有问题时,会启动报错,少了一两个大括号还是能启动,并不会给予提示,修改配置文件要尤其注意格式和语法错误。
439
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
