目录
一、Keepalived实现原理
1.1 Keepalived案例分析
■在企业应用中,单台服务器承担应用,存在单点故障的危险,在企业应用群集中,存在了至少两处单点故障危险
■单点故障一旦发生,企业服务将发生中断,造成极大的危害
1.2 Keepalived工具介绍
■专为LVS和HA设计的一款健康检查工具
●支持故障自动切换( Failover)
●支持节点健康状态检查( Health Checking)
●官方网站http://www.keepalived.org
1.3 Keepalived实现原理剖析
■Keepalived采用VRRP热备份协议实现Linux服务器的多机热备功能
■VRRP,虚拟路由冗余协议,是针对路由器的一种备份解决方案
●Keepalived可实现多机热备,每个热备组可有多台服务器,最常用的就是双机热备
●双机热备的故障切换是由虚拟IP地址的漂移来实现,适用于各种应用服务器
●本次部署将实现基于web服务的双机热备
1.4 Keepalived案例讲解
■Keepalived可实现多机热备,每个热备组可有多台服务器
■双机热备的故障切换是由虚拟IP地址的漂移来实现,适用于各种应用服务器
■实现基于Web服务的双机热备
●漂移地址:192.168.10.72
●主、备服务器:192.168.10.73、192.168.10.74
●提供的应用服务:Web
二、部署Keepalievd思路
2.1 Keepalived安装与启动
■在LVS群集环境中应用时,也需用到 ipvsadm管理工具
■YUM安装 Keepalived
■启用 Keepalived服务
2.2 配置Keepalived master服务器
■Keepalived配置目录位于/etc/keepalived/
■keepalived.conf是主配置文件
●global_defs{…}区段指定全局参数
●vrrp_instance实例名称{…}区段指定VRRP热备参数
●注释文字以“!”符号开头
●目录samples/,提供了许多配置样例作为参考
■常用配置选项
●router_id HA_TEST_R1: 本路由器(服务器)的名称
●vrrp_instance VI_1:定义VRRP热备实例
●state MASTER:热备状态,MASTER表示主服务器
●interface ens33:承载VIP地址的物理接口
●virtual_router_id 1:虚拟路由器的ID号,每个热备组保持一致
●priority 100:优先级,数值越大优先级越高
●advert_int 1:通告间隔秒数(心跳频率)
●auth_type PASS:认证类型
●auth_pass 123456:密码字串
●virtual_ipaddress{vip}:指定漂移地址(VIP),可以有多个,多个漂移地址以逗号分隔
2.3 配置Keepalived slave服务器
■Keepalived备份服务器的配置与master的配置有三个选项不同
●router_id:设为自由名称
●state:设为BACKUP
●priority:值低于主服务器
■其他选项与master相同
2.4 Keepalived双机热备效果测试
■测试双机热备的效果
●主、备机均启用Web服务,内容相同
●先后禁用、启用主服务器的网卡
■执行以下测试
测试1:使用ping检测19216810.72的连通性
测试2:访问htt:/192168.10.72,确认可用性及内容变化
测试3:查看日志文件/var/log/messages中的变化
2.5 负载均衡+高可用群集
■keepalived的设计目标是构建高可用的LVS负载均衡群集,可以调用ipvsadm工具来创建虚拟服务器、管理服务器池,而不仅仅用作双机热备
■使用keepalived构建LVS群集更加简便易用
■主要优势体现在:
●对LVS负载调度器实现热备切换,提高可用性
●对服务器池中的节点进行健康检查,自动移除失效节点,恢复后再重新加入
■在基于LVS+keepalived实现的LVS群集结构中,至少包括两台热备的负载调度器,三台以上的节点服务器
2.6 配置主调度器
2.6.1 全局配置、热备配置
■应为主、从调度器实现热备功能,漂移地址使用LVS群集的VIP地址
2.6.2 Web服务器池配置
■在keepalived的热备配置基础上,添加”virtual_server VIP 端口 { … }“ 区段来配置虚拟服务器
■主要包括对负载调度算法、群集工作模式、健康检查间隔、真实服务器地址等参数的设置
2.6.3 重新启动keepalived服务
2.7 配置从调度器
■从调度器的配置与主调度器基本相同
■只需要调整router_id、state、priority
■配置完成后重启Keepalived服务
2.8 配置Web节点服务器
■在DR模式的LVS集群中,除了需要调整/proc系统的ARP响应参数以外,还需要为虚拟接口lo:0配置VIP地址,并添加一条到VIP的本地路由,具体方法与LVS-DR集群一致
2.9 测试群集
■在客户机浏览器中,能够通过群集的VIP地址正常访问Web页面内容
■当主、从调度器任何一个失效时,Web站点仍然可以访问
■只要服务器池有两台及以上的真是服务器可用,就可以实现访问量的负载均衡
通过主、从调度器的/var/log/messages日志文件,可跟踪故障切换过程
可执行“ipvsadm -ln”、“ipvsadm -lnc”等操作命令查看负载分配情况
三、实验流程
3.1 IP地址规划
注:所有服务器均需要关闭防火墙、关闭核心防护以及yum源的配置
调度器1:192.168.100.21 ens33:0 192.168.100.100(VIP)
调度器2:192.168.100.25 ens33:0 192.168.100.100(VIP)
Web1:192.168.100.22 lo:0 192.168.100.100(VIP)
Web2:192.168.100.23 lo:0 192.168.100.100(VIP)
存储:192.168.100.24
3.2 配置主调度器(192.168.100.21)
3.2.1 配置虚拟IP地址(VIP)
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp ifcfg-ens33 ifcfg-ens33:0
[root@localhost network-scripts]# vi ifcfg-ens33:0
NAME=ens33:0
DEVICE=ens33:0
ONBOOT=yes
IPADDR=192.168.100.100
NETMASK=255.255.255.255
[root@localhost network-scripts]# ifup ifcfg-ens33:0
[root@localhost network-scripts]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.21 netmask 255.255.255.0 broadcast 192.168.100.255
inet6 fe80::68bd:dba0:3368:a61d prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:7f:4c:a1 txqueuelen 1000 (Ethernet)
RX packets 4547 bytes 2024250 (1.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2072 bytes 283172 (276.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.100 netmask 255.255.255.255 broadcast 192.168.100.100
ether 00:0c:29:7f:4c:a1 txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 468 bytes 46312 (45.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 468 bytes 46312 (45.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:a6:0d:c4 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
3.2.2 调整/proc响应参数
■对于 DR 群集模式来说,由于 LVS 负载调度器和各节点需要共用 VIP 地址,应该关闭 Linux 内核的重定向参数响应,服务器不是一台路由器,那么它不会发送重定向,所以可以关闭该功能
[root@localhost network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
[root@localhost network-scripts]# sysctl -p
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
3.2.3 安装并调整keepalived参数
[root@localhost ~]# yum -y install keepalived ipvsadm
[root@localhost ~]# cd /etc/keepalived/
[root@localhost keepalived]# cp keepalived.conf keepalived.conf.bak
[root@localhost keepalived]# vi keepalived.conf
global_defs {
router_id HA_TEST_R1 '//本路由器的服务器名称 HA_TEST_R1'
}
vrrp_instance VI_1 { '//定义VRRP热备实列'
state MASTER '//热备状态,master表示主服务器'
interface ens33 '//表示承载VIP地址的物理接口'
virtual_router_id 1 '//虚拟路由器的ID号,每个热备组保持一致'
priority 100 '//优先级,优先级越大优先级越高'
advert_int 1 '//通告间隔秒数(心跳频率)'
authentication { '//认证信息,每个热备组保持一致'
auth_type PASS '//认证类型'
auth_pass 123456 '//认证密码'
}
virtual_ipaddress { '//漂移地址(VIP),可以是多个'
192.168.100.100
}
}
virtual_server 192.168.100.100 80 { '//虚拟服务器地址(VIP)、端口'
delay_loop 15 '//健康检查的时间间隔(秒)'
lb_algo rr '//轮询调度算法'
lb_kind DR '//直接路由(DR)群集工作模式'
persistence 60 '//连接保持时间(秒),若启用请去掉!号'
protocol TCP '//应用服务采用的是TCP协议'
real_server 192.168.100.22 80 { '//第一个WEB站点的地址,端口'
weight 1 '//节点的权重'
TCP_CHECK { '//健康检查方式'
connect_port 80 '//检查端口目标'
connect_timeout 3 '//连接超时(秒)'
nb_get_retry 3 '//重试次数'
delay_before_retry 4 '//重试间隔(秒)'
}
}
real_server 192.168.100.23 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
[root@localhost keepalived]# systemctl start keepalived
'//启动keepalived'
[root@localhost keepalived]# systemctl enable keepalived
'//开机启动keepalived'
Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.
[root@localhost keepalived]# ip addr show dev ens33
'//查看主控制IP地址和漂移地址'
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:7f:4c:a1 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.21/24 brd 192.168.100.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.100.100/32 brd 192.168.100.100 scope global noprefixroute ens33:0
valid_lft forever preferred_lft forever
inet6 fe80::68bd:dba0:3368:a61d/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3.3 配置辅调度器(192.168.100.25)
3.3.1 调整/proc响应参数
[root@localhost ~]# vi /etc/sysctl.conf
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
[root@localhost ~]# sysctl -p
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
3.3.2 安装并调整keepalived参数
[root@localhost ~]# yum -y install keepalived ipvsadm
[root@localhost ~]# cd /etc/keepalived/
[root@localhost keepalived]# cp keepalived.conf keepalived.conf.bak
[root@localhost keepalived]# vi keepalived.conf
global_defs {
router_id HA_TEST_R2 '//本路由器的服务器名称 HA_TEST_R2'
}
vrrp_instance VI_1 { '//定义VRRP热备实列'
state BACKUP '//热备状态,backup表示辅服务器'
interface ens33 '//表示承载VIP地址的物理接口'
virtual_router_id 1 '//虚拟路由器的ID号,每个热备组保持一致'
priority 99 '//优先级,优先级越大优先级越高'
advert_int 1 '//通告间隔秒数(心跳频率)'
authentication { '//认证信息,每个热备组保持一致'
auth_type PASS '//认证类型'
auth_pass 123456 '//认证密码'
}
virtual_ipaddress { '//漂移地址(VIP),可以是多个'
192.168.100.100
}
}
virtual_server 192.168.100.100 80 {
delay_loop 15
lb_algo rr
lb_kind DR
persistence 60
protocol TCP
real_server 192.168.100.22 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
real_server 192.168.100.23 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
[root@localhost keepalived]# systemctl start keepalived
[root@localhost keepalived]# systemctl enable keepalived
[root@localhost keepalived]# ip addr show dev ens33
'//查看主控制IP地址和漂移地址'
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:bf:48:40 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.25/24 brd 192.168.100.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::ff43:3a1:7854:7193/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3.4 配置存储服务器(192.168.100.24)
rpm -q nfs-utils '//如果没装,yum -y install nfs-utils'
rpm -q rpcbind '//如果没装,yum -y install rpcbind'
[root@localhost ~]# systemctl start nfs
[root@localhost ~]# systemctl start rpcbind
[root@localhost ~]# vi /etc/exports
/opt/51xit 192.168.100.0/24 (rw,sync)
/opt/52xit 192.168.100.0/24 (rw,sync)
[root@localhost ~]# systemctl restart nfs
[root@localhost ~]# systemctl restart rpcbind
[root@localhost ~]# systemctl enable nfs
[root@localhost ~]# systemctl enable rpcbind
[root@localhost ~]# mkdir /opt/51xit /opt/52xit
[root@localhost ~]# echo "this is 51xit" >/opt/51xit/index.html
[root@localhost ~]# echo "this is 52xit" >/opt/52xit/index.html
3.5 配置节点服务器Web1(192.168.100.22)
3.5.1 配置虚拟IP地址
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0
[root@localhost network-scripts]# vi ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.100.100
NETMASK=255.255.255.255
ONBOOT=yes
[root@localhost network-scripts]# ifup lo:0
[root@localhost network-scripts]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.22 netmask 255.255.255.0 broadcast 192.168.32.255
inet6 fe80::8edf:281f:bd34:b245 prefixlen 64 scopeid 0x20<link>
ether 00:50:56:22:ca:a7 txqueuelen 1000 (Ethernet)
RX packets 787 bytes 91078 (88.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 366 bytes 54581 (53.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 884 bytes 76416 (74.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 884 bytes 76416 (74.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo:0: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 192.168.100.100 netmask 255.255.255.255
loop txqueuelen 1000 (Local Loopback)
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:ca:42:28 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost network-scripts]# vi /etc/rc.local
/sbin/route add -host 192.168.100.100 dev lo:0
[root@localhost network-scripts]# route add -host 192.168.100.100 dev lo:0
3.5.2 调整/proc响应参数
[root@localhost network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@localhost network-scripts]# sysctl -p
3.5.3 安装httpd 挂载测试页
[root@localhost ~]# showmount -e 192.168.100.24
Export list for 192.168.100.24:
/opt/52xit (everyone)
/opt/51xit (everyone)
[root@localhost ~]# yum -y install httpd
[root@localhost ~]# mount 192.168.100.24:/opt/51xit /var/www/html/
[root@localhost ~]# vi /etc/fstab
192.168.100.24:/opt/51xit/ /var/www/html/ nfs defaults,_netdev 0 0 '//开机自动挂载,注意格式对齐'
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl enable httpd
3.6 配置节点服务器Web2(192.168.100.23)
3.6.1 配置虚拟IP地址
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0
[root@localhost network-scripts]# vi ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.100.10
NETMASK=255.255.255.255
ONBOOT=yes
[root@localhost network-scripts]# ifup lo:0
[root@localhost network-scripts]# ifconfig
3.6.2 调整/proc响应参数
[root@localhost network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@localhost network-scripts]# sysctl -p
3.6.3 安装httpd 挂载测试页
Export list for 192.168.100.24:
/opt/52xit (everyone)
/opt/51xit (everyone)
[root@localhost ~]# yum -y install httpd
[root@localhost ~]# mount 192.168.100.24:/opt/52xit /var/www/html/
[root@localhost ~]# vi /etc/fstab
192.168.100.24:/opt/52xit/ /var/www/html/ nfs defaults,_netdev 0 0 '//开机自动挂载,注意格式对齐'
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl enable httpd
3.7 测试
■浏览器输入192.168.100.22测试:
■浏览器登录192.168.100.23测试:
■测试:浏览器输入192.168.100.100,轮询调度Web1服务器和Web2服务器
■测试主调度器是否正常工作
打开抓包工具,会发现192.168.100.21主调度器,一直在发VRRP报文
打开浏览器 192.168.100.100,出现 this is 51xit
等待一分钟 打开浏览器 192.168.100.100,出现this is 52xit,主调度器正常
■测试辅调度器是否正常工作
停止主服务器的keepadlive systemctl stop keepalived.service
打开抓包工具,会发现192.168.100.25辅调度器,一直在发VRRP报文
打开浏览器 192.168.100.100 出现 this is 51xit
等待一分钟 打开浏览器 192.168.100.100 出现 this is 52xit,辅调度器正常