目录
二、master/master 的 Keepalived 双双主架构
四、vrrp script:keepalived + haproxy的高可用集群
一、实验环境
四台RHEL7.9虚拟机,且保证防火墙和SELinux处于关闭状态
主机名 | IP地址 |
realserver1 | 172.25.254.110 |
realserver2 | 172.25.254.120 |
ka1 | 172.25.254.10 |
ka2 | 172.25.254.20 |
[root@realserver1 ~]# yum install httpd -y
[root@realserver1 ~]# echo 172.25.254.110 > /var/www/html/index.html
[root@realserver1 ~]# systemctl enable --now httpd
[root@realserver2 ~]# yum install httpd -y
[root@realserver2 ~]# echo 172.25.254.120 > /var/www/html/index.html
[root@realserver2 ~]# systemctl enable --now httpd
二、master/master 的 Keepalived 双双主架构
master/slave的单主架构,同一时间只有一个Keepalived对外提供服务,此主机繁忙,而另一台主机却很空闲,利用率低下,可以使用master/master的双主架构,解决此问题。 master/master 的双主架构: 即将两个或以上VIP分别运行在不同的keepalived服务器,以实现服务器并行提供web访问的目的,提高 服务器资源利用率
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
[root@ka1 ~]# systemctl restart keepalived.service
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
[root@ka1 ~]# systemctl restart keepalived.service
若设置实现三个节点的三主架构
#第一个节点ka1配置:
- Vrrp instance 1:MASTER,优先级100
- Vrrp instance 2:BACKUP,优先级80
- Vrrp instance 3:BACKUP,优先级60
#第二个节点ka2配置:
- Vrrp instance 1:BACKUP,优先级60
- Vrrp instance 2:MASTER,优先级100
- Vrrp instance 3:BACKUP,优先级80
#第三个节点ka3配置:
- Vrrp instance 1:BACKUP,优先级80
- Vrrp instance 2:BACKUP,优先级60
- Vrrp instance 3:MASTER,优先级100
三、实现单主的LVS-DR模式
[root@realserver1 ~]# ip addr add 172.25.254.100/32 dev lo
[root@realserver2 ~]# ip addr add 172.25.254.100/32 dev lo
# 或者直接修改配置文件
[root@realserver1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-lo
[root@realserver1 ~]# systemctl restart network # 需删除多余设备,如 [root@realserver1 ~]# nmcli connection delete Wired\ connection\ 1
# 关闭ARP响应
[root@realserver2 ~]# vim /etc/sysctl.d/arp.conf
[root@realserver2 ~]# cat /etc/sysctl.d/arp.conf
pv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.lo.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2
[root@realserver2 ~]# ll /proc/sys/net/ipv4/conf/all/
[root@realserver2 ~]# sysctl --system # 查看是否设置成功
[root@realserver2 ~]# scp /etc/sysctl.d/arp.conf root@172.25.254.110:/etc/sysctl.d/arp.conf
[root@realserver1 ~]# cat /etc/sysctl.d/arp.conf
[root@realserver1 ~]# sysctl --system # 查看是否设置成功
[root@ka1 ~]# yum install ipvsadm -y
[root@ka2 ~]# yum install ipvsadm -y
# 配置keepalived
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
[root@ka1 ~]# systemctl restart keepalived.service
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
[root@ka2 ~]# systemctl restart keepalived.service
# KA1
virtual_server 172.25.254.100 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
#persistence_timeout 50
protocol TCP
real_server 172.25.254.110 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 2
delay_before_retry 2
}
}
real_server 172.25.254.120 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connection_timeout 3
nb_get_retry 2
delay_before_retry 2
}
}
}
# KA2
virtual_server 172.25.254.100 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
#persistence_timeout 50
protocol TCP
real_server 172.25.254.110 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 2
delay_before_retry 2
}
}
real_server 172.25.254.120 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 2
delay_before_retry 2
}
}
}
此时,去轮询访问172.25.254.100,可访问172.25.254.110、172.25.254.120两个
当RS1的HTTP服务关闭,再去轮询访问,则只能访问172.25.254.120
[root@realserver1 ~]# systemctl stop httpd.service
当关闭KA1的keepalived服务,再去轮询访问,可再次访问到172.25.254.110、172.25.254.120
四、vrrp script:keepalived + haproxy的高可用集群
keepalived利用 VRRP Script 技术,可以调用外部的辅助脚本进行资源监控,并根据监控的结果实现优先 动态调整,从而实现其它应用的高可用性功能
1、vrrp script配置
(1)定义脚本
vrrp_script:自定义资源监控脚本,vrrp实例根据脚本返回值,公共定义,可被多个实例调用,定 义在vrrp实例之外的独立配置块,一般放在global_defs设置块之后。
通常此脚本用于监控指定应用的状态。一旦发现应用的状态异常,则触发对MASTER节点的权重减至 低于SLAVE节点,从而实现 VIP 切换到 SLAVE 节点
(2)调用脚本
track_script:调用vrrp_script定义的脚本去监控资源,定义在VRRP实例之内,调用事先定义的 vrrp_script
2、实战案例:实现HAProxy高可用
#在两个ka1和ka2先实现haproxy的配置
[root@ka1 ~]# vim /etc/haproxy/haproxy.cfg
listen webserver
bind 172.25.254.100:80
server web1 172.25.254.101:80 check
server web2 172.25.254.102:80 check
#在两个ka1和ka2两个节点启用内核参数
[root@ka1 ~]# vim /etc/sysctl.conf
[root@ka1 ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
#在ka1中编写检测脚本
[root@ka1 ~]# vim /etc/keepalived/scripts/haproxy.sh
[root@ka1 ~]# cat /etc/keepalived/scripts/haproxy.sh
#!/bin/bash
/usr/bin/killall -0 haproxy
[root@ka1 ~]# chmod +X /etc/keepalived/scripts/haproxy.sh
#在ka1中配置keepalived
vrrp_script check{
script "/etc/keepalived/scripts/haproxy.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
track_script {
check
}
}
[root@ka1 ~]# vim /etc/keepalived/test.sh
[root@ka1 ~]# sh /etc/keepalived/test.sh
0
[root@ka1 ~]# touch /etc/keepalived/zx
[root@ka1 ~]# sh /etc/keepalived/test.sh
1
[root@ka1 ~]# chmod +x /etc/keepalived/test.sh
[root@ka1 ~]# cat /etc/keepalived/test.sh
#!/bin/bash
[ ! -f /etc/keepalived/zx ]
echo $?
# KA1 keepalived.conf
vrrp_script check{
script "/etc/keepalived/test.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
track_script {
check
}
}
[root@ka1 ~]# yum install haproxy -y
[root@ka2 ~]# yum install haproxy -y
[root@ka1 ~]# vim /etc/sysctl.conf
[root@ka1 ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
[root@ka2 ~]# vim /etc/sysctl.conf
[root@ka2 ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1