Keepalived实现Httpd负载均衡机高可用
简介
Keepalived是Linux下一个轻量级别的高可用解决方案。高可用(High Avalilability,HA),其实两种不同的含义:广义来讲,是指整个系统的高可用行,狭义的来讲就是之主机的冗余和接管,
它与HeartBeat RoseHA 实现相同类似的功能,都可以实现服务或者网络的高可用,但是又有差别,HeartBeat是一个专业的、功能完善的高可用软件,它提供了HA 软件所需的基本功能,比如:心跳检测、资源接管,检测集群中的服务,在集群节点转移共享IP地址的所有者等等。HeartBeat功能强大,但是部署和使用相对比较麻烦,
与HeartBeat相比,Keepalived主要是通过虚拟路由冗余来实现高可用功能,虽然它没有HeartBeat功能强大,但是Keepalived部署和使用非常的简单,所有配置只需要一个配置文件即可以完成,
Keepalived是什么?
Keepalived起初是为LVS设计的,专门用来监控集群系统中各个服务节点的状态,它根据TCP/IP参考模型的第三、第四层、第五层交换机制检测每个服务节点的状态,如果某个服务器节点出现异常,或者工作出现故障,Keepalived将检测到,并将出现的故障的服务器节点从集群系统中剔除,这些工作全部是自动完成的,不需要人工干涉,需要人工完成的只是修复出现故障的服务节点。
后来Keepalived又加入了VRRP的功能,VRRP(Vritrual Router Redundancy Protocol,虚拟路由冗余协议)出现的目的是解决静态路由出现的单点故障问题,通过VRRP可以实现网络不间断稳定运行,因此Keepalvied 一方面具有服务器状态检测和故障隔离功能,另外一方面也有HA cluster功能,下面介绍一下VRRP协议实现的过程。
实例
环境说明:
| 主机名 | ip | 职责 | 系统 |
|---|---|---|---|
| master | 192.168.58.10 | Keepalived、httpd | redhat-8 |
| slave | 192.168.58.20 | Keepalived、httpd | redhat-8 |
| client | 192.168.58.30 | redhat-8 |
本次高可用虚拟IP(VIP)地址暂定为 192.168.58.200
Keepalived安装
##master
//关闭防火墙
[root@master ~]# systemctl disable --now firewalld
[root@master ~]# sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
[root@master ~]# setenforce 0
//安装keepalived
[root@master ~]# yum -y install keepalived
//查看安装生成的文件
[root@master ~]# rpm -ql keepalived
/etc/keepalived //配置目录
/etc/keepalived/keepalived.conf //此为主配置文件
/etc/sysconfig/keepalived
/usr/bin/genhash
/usr/lib/.build-id
/usr/lib/.build-id/6c
/usr/lib/systemd/system/keepalived.service //此为服务控制文件
/usr/libexec/keepalived
/usr/sbin/keepalived
······
用同样的方法在备服务器上安装keepalived
#slave
//关闭防火墙
[root@slave ~]# systemctl disable --now firewalld
[root@slave ~]# sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
[root@slave ~]# setenforce 0
//安装keepalived
[root@slave ~]# yum -y install keepalived
在主备机上分别安装Httpd
在master上安装httpd
#master
[root@master ~]# yum -y install httpd
[root@master ~]# cd /var/www/html/
[root@master html]# echo 'work1' > index.html
[root@master html]# systemctl enable --now httpd
[root@master html]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:80 *:*
在slave上安装httpd
#slave
[root@slave ~]# yum -y install httpd
[root@slave ~]# cd /var/www/html
[root@slave html]# echo 'work2' > index.html
[root@slave html]# systemctl enable --now httpd
[root@slave html]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:80 *:*
在浏览器上访问试试,确保master上的nginx服务能够正常访问
Keepalived配置
配置主Keepalived
#master
//查看自己网卡名称,这里是ens160
[root@master ~]# ip a
······
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:ec:35 brd ff:ff:ff:ff:ff:ff
inet 192.168.58.10/24 brd 192.168.58.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef9:ec35/64 scope link
valid_lft forever preferred_lft forever
[root@master ~]# cd /etc/keepalived/
[root@master keepalived]# ls
keepalived.conf
[root@master keepalived]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_instance VI_1 {
state MASTER
interface ens160 //这里是修改成本机的网卡名称
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass xu
}
virtual_ipaddress {
192.168.58.200
}
}
virtual_server 192.168.58.200 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.58.10 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.58.20 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@master ~]# systemctl enable --now keepalived
配置备Keepalived
#slave
//查看自己网卡名称,我这里是ens160
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:ec:35 brd ff:ff:ff:ff:ff:ff
inet 192.168.58.20/24 brd 192.168.58.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef9:ec35/64 scope link
valid_lft forever preferred_lft forever
[root@slave ~]# cd /etc/keepalived/
[root@slave keepalived]# ls
keepalived.conf
[root@slave keepalived]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
interface ens160
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass xu
}
virtual_ipaddress {
192.168.58.200
}
}
virtual_server 192.168.58.200 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.58.10 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.58.20 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@slave ~]# systemctl enable --now keepalived
查看VIP在哪里
在MASTER上查看
##matser
[root@master scripts]# ip a
.......
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:b7:b0:df brd ff:ff:ff:ff:ff:ff
inet 192.168.58.10/24 brd 192.168.58.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet 192.168.58.200/32 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::ca43:3f86:3176:184c/64 scope link noprefixroute
valid_lft forever preferred_lft forever
在SLAVE上查看
##slave
[root@slave ~ ]# ip a
.....
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:1f:6e:86 brd ff:ff:ff:ff:ff:ff
inet 192.168.58.20/24 brd 192.168.58.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet6 fe80::a90a:1a7a:e81e:bfa7/64 scope link noprefixroute
valid_lft forever preferred_lft forever
Keepalived监控httpd负载均衡机
keepalived通过脚本来监控nginx负载均衡机的状态
在master上编写脚本
#master
[root@master ~]# mkdir /scripts
[root@master ~]# vim /scripts/check_n.sh
#!/bin/bash
httpd_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bhttpd\b'|wc -l)
if [ $httpd_status -lt 1 ];then
systemctl stop keepalived
fi
[root@master ~]# vim /scripts/notify.sh
#!/bin/bash
VIP=$2
sendmail (){
subject="${VIP}'s server keepalived state is translate"
content="`date +'%F %T'`: `hostname`'s state change to master"
echo $content | mail -s "$subject" xmfile00@163.com
}
case "$1" in
master)
httpd_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bhttpd\b'|wc -l)
if [ $httpd_status -lt 1 ];then
systemctl start httpd
fi
sendmail
;;
backup)
httpd_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bhttpd\b'|wc -l)
if [ $httpd_status -gt 0 ];then
systemctl stop httpd
fi
;;
*)
echo "Usage:$0 master|backup VIP"
;;
esac
[root@master ~]# chmod +x /scripts/check_n.sh
[root@master ~]# chmod +x /scripts/notify.sh
[root@master ~]# ll /scripts/
总用量 8
-rwxr-xr-x 1 root root 142 10月 21 15:49 check_n.sh
-rwxr-xr-x 1 root root 686 10月 21 15:57 notify.sh
在slave上编写脚本
#slave
[root@slave ~]# mkdir /scripts
[root@slave ~]# vim /scripts/check_n.sh
#!/bin/bash
httpd_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bhttpd\b'|wc -l)
if [ $httpd_status -lt 1 ];then
systemctl stop keepalived
fi
[root@slave ~]# vim /scripts/notify.sh
#!/bin/bash
VIP=$2
sendmail (){
subject="${VIP}'s server keepalived state is translate"
content="`date +'%F %T'`: `hostname`'s state change to master"
echo $content | mail -s "$subject" xmfile00@163.com
}
case "$1" in
master)
httpd_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bhttpd\b'|wc -l)
if [ $httpd_status -lt 1 ];then
systemctl start httpd
fi
sendmail
;;
backup)
httpd_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bhttpd\b'|wc -l)
if [ $httpd_status -gt 0 ];then
systemctl stop httpd
fi
;;
*)
echo "Usage:$0 master|backup VIP"
;;
esac
[root@slave ~]# chmod +x /scripts/notify.sh
[root@slave scripts]# ll
总用量 4
-rwxr-xr-x 1 root root 686 10月 22 00:00 notify.sh
配置Keepalived加入监控脚本的配置
配置主Keepalived
[root@master ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_script httpd_check {
script "/scripts/check_n.sh"
interval 10
weight -20
}
vrrp_instance VI_1 {
state MASTER
interface ens160
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass xu
}
virtual_ipaddress {
192.168.58.200
}
track_script {
httpd_check
}
notify_master "/scripts/notify.sh master 192.168.58.200"
notify_backup "/scripts/notify.sh backup 192.168.58.200"
}
virtual_server 192.168.58.200 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.58.10 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.58.20 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@master ~]# systemctl restart keepalived
配置备Keepalived
backup无需检测httpd是否正常,当升级为MASTER时启动nginx,当降级为BACKUP时关闭
[root@slave ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
interface ens160
virtual_router_id 51
priority 90
nopreempt
advert_int 1
authentication {
auth_type PASS
auth_pass xu
}
virtual_ipaddress {
192.168.58.200
}
notify_master "/scripts/notify.sh master 192.168.58.200"
notify_backup "/scripts/notify.sh backup 192.168.58.200"
}
virtual_server 192.168.58.200 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.58.10 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.58.20 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@slave ~]# systemctl restart keepalived
测试验证
模拟master挂掉,slave继承
#master
//开启keepalived和httpd
[root@master ~]# systemctl start keepalived
[root@master ~]# systemctl start httpd
[root@master ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:80 [::]:*
LISTEN 0 128 [::]:22 [::]:*
#slave
//开启keepalived
[root@slave ~]# systemctl start keepalived
[root@slave ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
#client
//此时客户端正常访问VIP到master
[root@client ~]# curl 192.168.58.200
work1
#master
//模拟master挂掉
[root@master ~]# systemctl stop httpd
[root@master ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
#client
//此时再访问VIP会访问到slave
[root@client ~]# curl 192.168.58.200
work2
#slave
//此时的slave会因为master挂掉,自动上位,启动httpd
[root@slave ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:80 [::]:*
LISTEN 0 128 [::]:22 [::]:*
模拟master抢救回来后重新上位
#master
//先重启启动master的httpd,再启动keepalived
[root@master ~]# systemctl start httpd
[root@master ~]# systemctl start keepalived
[root@master ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:80 [::]:*
LISTEN 0 128 [::]:22 [::]:*
#client
//等待一会,再访问VIP会重新访问到master
[root@client ~]# curl 192.168.58.200
web1
#slave
//此时slave会让位把httpd停止
[root@slave ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
241
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
