简介
Keepalived的作用是检测服务器的状态,如果有一台web服务器宕机,或工作出现故障,Keepalived将检测到,并将有故障的服务器从系统中剔除,同时使用其他服务器代替该服务器的工作,当服务器工作正常后Keepalived自动将服务器加入到服务器群中,这些工作全部自动完成,不需要人工干涉,需要人工做的只是修复故障的服务器。
单播和组播
keepalived在组播模式下会向224.0.0.18发送许多无用的信息
单播模式下仅对配置中的结点发送信息,可避免干扰和冲突
脑裂
脑裂现象是在高可用部署时,多台机器同时绑定了虚拟IP地址,导致客户端在访问IP地址时造成访问混乱
通过脑裂监控脚本可防止脑裂情况的出现
前期准备
准备两台Centos7虚拟机,关闭防火墙和selinux,同步系统时间,修改IP地址和hostname
| ip | hostname |
|---|---|
| 192.168.29.132 | master |
| 192.168.29.138 | bak |
部署Nginx
#从官网获取yum源
[root@master ~]# yum install nginx -y
[root@bak ~]# yum install nginx -y
#修改首页内容以区分
[root@master ~]# vi /usr/share/nginx/html/index.html
<h1>Welcome to nginx!132</h1>
[root@bak ~]# vi /usr/share/nginx/html/index.html
<h1>Welcome to nginx!138</h1>
部署keepalived
安装软件
[root@master ~]# yum install keepalived -y
[root@bak ~]# yum install keepalived -y
修改配置文件
[root@master ~]# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#1.3+版本需要把此行注释掉才能在宿主机PING通
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
#组建vrrp实例组
vrrp_instance VI_1 {
#设置为非抢占模式
state BACKUP
interface ens33
virtual_router_id 51
#设置非抢占模式
nopreempt
#把组播改为单播模式
#发送数据包的主机地址
unicast_src_ip 192.168.29.132
#接收数据包的目的主机地址,支持多台机器
unicast_peer {
192.168.29.138
}
#设置权重
#权重大的优先成为master,权重相同时IP地址大的成为master
priority 100
advert_int 1
#设置认证
authentication {
auth_type PASS
auth_pass 1111
}
#设置虚拟IP地址,要与集群的机器处于同一网段
virtual_ipaddress {
192.168.29.100
}
}
[root@bak ~]# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#1.3+版本需要把此行注释掉才能PING通
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
#组建vrrp实例组
vrrp_instance VI_1 {
#非抢占模式
state BACKUP
interface ens33
virtual_router_id 51
#设置非抢占模式
nopreempt
#把组播改为单播模式
#发送数据包的主机地址
unicast_src_ip 192.168.29.138
#接收数据包的目的主机地址,支持多台机器
unicast_peer {
192.168.29.132
}
#权重
priority 90
advert_int 1
#认证
authentication {
auth_type PASS
auth_pass 1111
}
#设置虚拟IP地址
virtual_ipaddress {
192.168.29.100
}
}
启动服务
[root@master ~]# systemctl start keepalived.service
[root@bak ~]# systemctl start keepalived.service
#验证服务
[root@master ~]# ip a
inet 192.168.29.100/32 scope global ens33
测试验证
浏览器访问虚拟ip地址
关闭master结点的keepalived服务
[root@master ~]# systemctl stop keepalived.service
#虚拟IP飘移
[root@bak ~]# ip a
inet 192.168.29.100/32 scope global ens33
浏览器访问虚拟ip地址
重启master结点的keepalived服务
由于设置为非抢占模式,重启服务后master结点不会抢夺虚拟IP地址,因此虚拟ip依旧绑定在bak结点
配置Nginx高可用架构
编写监控Nginx脚本
[root@master ~]# vi /etc/keepalived/check_nginx.sh
#!/bin/bash
#检测Nginx状态
nginx_status=`ps -C nginx --no-header |wc -l`
if [ $nginx_status -eq 0 ]; then
systemctl stop keepalived
fi
[root@bak ~]# vi /etc/keepalived/check_nginx.sh
#!/bin/bash
#检测Nginx状态
nginx_status=`ps -C nginx --no-header |wc -l`
if [ $nginx_status -eq 0 ]; then
systemctl stop keepalived
fi
#修改权限
[root@master ~]#chmod a+x /etc/keepalived/check_nginx.sh
[root@bak ~]#chmod a+x /etc/keepalived/check_nginx.sh
修改配置文件
[root@master ~]# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
#配置检测Nginx运行情况
vrrp_script check_nginx {
script /etc/keepalived/check_nginx.sh
#设定脚本执行间隔时间
interval 3
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
nopreempt
unicast_src_ip 192.168.29.132
unicast_peer {
192.168.29.138
}
priority 100
advert_int 1
#调用检查Nginx运行情况的脚本
track_script {
check_nginx
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.29.100
}
}
[root@bak ~]# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
#配置检测Nginx运行情况
vrrp_script check_nginx {
script /etc/keepalived/check_nginx.sh
interval 3
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
nopreempt
unicast_src_ip 192.168.29.138
unicast_peer {
192.168.29.132
}
priority 90
advert_int 1
#调用检查Nginx运行情况的脚本
track_script {
check_nginx
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.29.100
}
}
#两结点重启keepalived服务
测试验证
浏览器访问虚拟ip地址
关闭master结点的Nginx服务
[root@master ~]# systemctl stop nginx.service
#查看keepalived服务情况
[root@master ~]# systemctl status keepalived.service
master Keepalived_vrrp[3937]: Stopped - used 0.008106 user time, 0.085418 system time
master Keepalived[3936]: Stopped Keepalived v2.0.10 (11/12,2018)
master systemd[1]: Stopped LVS and VRRP High Availability Monito
浏览器访问虚拟ip地址
重启服务
[root@master ~]# systemctl restart nginx.service
[root@master ~]# systemctl start keepalived.service
#非抢占模式因此虚拟ip依旧绑定在bak结点
[root@bak ~]# ip a
inet 192.168.29.100/32 scope global ens33
474
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
