keepalived介绍
Keepalived 软件起初是专为LVS负载均衡软件设计的,用来管理并监控LVS集群系统中各个服务节点的状态,后来又加入了可以实现高可用的VRRP功能。因此,Keepalived除了能够管理LVS软件外,还可以作为其他服务(例如:Nginx、Haproxy、MySQL等)的高可用解决方案软件。
Keepalived软件主要是通过VRRP协议实现高可用功能的。VRRP是Virtual Router RedundancyProtocol(虚拟路由器冗余协议)的缩写,VRRP出现的目的就是为了解决静态路由单点故障问题的,它能够保证当个别节点宕机时,整个网络可以不间断地运行。
所以,Keepalived 一方面具有配置管理LVS的功能,同时还具有对LVS下面节点进行健康检查的功能,另一方面也可实现系统网络服务的高可用功能。
keepalived的重要功能
keepalived 有三个重要的功能,分别是:
管理LVS负载均衡软件
实现LVS集群节点的健康检查
作为系统网络服务的高可用性(failover)
keepalived高可用故障转移的原理
Keepalived 高可用服务之间的故障切换转移,是通过 VRRP (Virtual Router Redundancy Protocol ,虚拟路由器冗余协议)来实现的。
在 Keepalived 服务正常工作时,主 Master 节点会不断地向备节点发送(多播的方式)心跳消息,用以告诉备 Backup 节点自己还活看,当主 Master 节点发生故障时,就无法发送心跳消息,备节点也就因此无法继续检测到来自主 Master 节点的心跳了,于是调用自身的接管程序,接管主 Master 节点的 IP 资源及服务。而当主 Master 节点恢复时,备 Backup 节点又会释放主节点故障时自身接管的IP资源及服务,恢复到原来的备用角色。
那么,什么是VRRP呢?
VRRP ,全 称 Virtual Router Redundancy Protocol ,中文名为虚拟路由冗余协议 ,VRRP的出现就是为了解决静态踣甶的单点故障问题,VRRP是通过一种竞选机制来将路由的任务交给某台VRRP路由器的。
keepalived高可用架构图
keepalived工作原理描述
Keepalived高可用对之间是通过VRRP通信的,因此,我们从 VRRP开始了解起:
- VRRP,全称 Virtual Router Redundancy Protocol,中文名为虚拟路由冗余协议,VRRP的出现是为了解决静态路由的单点故障。
- VRRP是通过一种竟选协议机制来将路由任务交给某台 VRRP路由器的。
- VRRP用 IP多播的方式(默认多播地址(224.0_0.18))实现高可用对之间通信。
- 工作时主节点发包,备节点接包,当备节点接收不到主节点发的数据包的时候,就启动接管程序接管主节点的开源。备节点可以有多个,通过优先级竞选,但一般 Keepalived系统运维工作中都是一对。
- VRRP使用了加密协议加密数据,但Keepalived官方目前还是推荐用明文的方式配置认证类型和密码。
Keepalived服务的工作原理:
Keepalived高可用是通过 VRRP 进行通信的, VRRP是通过竞选机制来确定主备的,主的优先级高于备,因此,工作时主会优先获得所有的资源,备节点处于等待状态,当主挂了的时候,备节点就会接管主节点的资源,然后顶替主节点对外提供服务。
在 Keepalived 服务之间,只有作为主的服务器会一直发送 VRRP 广播包,告诉备它还活着,此时备不会枪占主,当主不可用时,即备监听不到主发送的广播包时,就会启动相关服务接管资源,保证业务的连续性.接管速度最快可以小于1秒。
配置lvs
IP类型 | IP地址 |
---|---|
VIP | 192.168.100.251 |
主 | 192.168.100.123 |
备 | 192.168.100.77 |
R1 | 192.168.100.33 |
R2 | 192.168.100.99 |
主
[root@master ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR0=192.168.100.123
NETMASK=255.255.255.0
IPADDR1=192.168.100.251
NETMASK=255.255.255.0
GATEWAY=192.168.100.2
DNS1=114.114.114.114
[root@master ~]# yum -y install ipvsadm
[root@master ~]# ipvsadm -A -t 192.168.100.251:80 -s rr
[root@master ~]# ipvsadm -a -t 192.168.100.251:80 -r 192.168.100.33 -g
[root@master ~]# ipvsadm -a -t 192.168.100.251:80 -r 192.168.100.99 -g
[root@master ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.100.251:80 rr
-> 192.168.100.33:80 Route 1 0 0
-> 192.168.100.99:80 Route 1 0 0
关闭防火墙
[root@master ~]# systemctl stop firewalld
[root@master ~]# setenforce 0
r1
[root@r1 ~]# yum -y install httpd
[root@r1 ~]# systemctl start httpd
[root@r1 ~]# systemctl stop firewalld
[root@r1 ~]# setenforce 0
编写arp
[root@r1 ~]# cat >> /etc/sysctl.conf <<EOF
> net.ipv4.conf.all.arp_ignore=1
> net.ipv4.conf.all.arp_announce=2
> EOF
[root@r1 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@r1 ~]# yum -y install net-tools
[root@r1 ~]# ifconfig lo:0 192.168.100.251/32 broadcast 192.168.100.250 up
[root@r1 ~]# route add -host 192.168.100.251 dev lo:0
r2
搭建完成httpd,编写arp
[root@r2 ~]# yum -y install httpd
[root@r2 ~]# which httpd
/usr/sbin/httpd
[root@r2 ~]# cat >> /etc/sysctl.conf <<EOF
> net.ipv4.conf.all.arp_ignore=1
> net.ipv4.conf.all.arp_announce=2
> EOF
[root@r2 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
启动httpd,关闭防火墙
[root@r2 ~]# systemctl start httpd
[root@r2 ~]# echo 'r2' > /var/www/html/index.html
[root@r2 ~]# systemctl stop firewalld
[root@r2 ~]# setenforce 0
添加ip和路由
[root@r2 ~]# yum -y install net-tools
[root@r2 ~]# ifconfig lo:0 192.168.100.251/32 broadcast 192.168.100.250 up
[root@r2 ~]# route add -host 192.168.100.251 dev lo:0
备
[root@savle ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:e3:00:67 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.77/24 brd 192.168.100.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.100.251/24 brd 192.168.100.255 scope global secondary noprefixroute ens33
valid_lft forever preferred_lft forever
[root@savle ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR0=192.168.100.77
NETMASK=255.255.255.0
IPADDR1=192.168.100.251
NETMASK=255.255.255.0
GATEWAY=192.168.100.2
DNS1=114.114.114.114
添加节点
[root@localhost ~]# ipvsadm -A -t 192.168.100.251:80 -s rr
[root@localhost ~]# ipvsadm -a -t 192.168.100.251:80 -r 192.168.100.33:80 -g
[root@localhost ~]# ipvsadm -a -t 192.168.100.251:80 -r 192.168.100.99:80 -g
[root@localhost ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.100.251:80 rr
-> 192.168.100.33:80 Route 1 0 0
-> 192.168.100.99:80 Route 1 0 0
关闭防火墙
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# setenforce 0
[root@r1 ~]# ifconfig lo:0 192.168.100.251/32 broadcast
[root@r1 ~]# route add -host 192.168.100.251 dev lo:0
配置keepalived
主
[root@master ~]# yum -y install keepalived
[root@master keepalived]# vim keepalived.conf
! Configuration File for keepalived
global_defs { //全局配置
router_id lb01
}
vrrp_instance VI_1 { //定义实例
state BACKUP //指定keepalived节点的初始状态
interface ens33 //VRRP实例绑定网卡接口,用户发送VRRP包
virtual_router_id 51 //虚拟路由的ID,同一集群要一致
priority 100 //定义优先级,按优先级来界定主备角色,优先级越大越优先
advert_int 1 //主备通讯时间间隔
authentication { //配置方式
auth_type PASS //认证方式。密码
auth_pass yhzdj071 //同一集群的keepalived配置此处必须一致,推荐使用八位随机密码
}
virtual_ipaddress { //配置要使用的VIP地址
192.168.100.251
}
}
virtual_server 192.168.100.251 80 { //配置虚拟服务器
delay_loop 6 //健康检查时间间隔
lb_algo rr //lvs调度算法
lb_kind DR //lvs模式
persistence_timeout 50 //持久化超时时间,单位是秒
protocol TCP //四层协议
real_server 192.168.100.33 80 { //定义备用服务器,当所有RS都故障时,用sorry_server来响应客户端
weight 1 //给服务器指定权重,默认为1
TCP_CHECK {
connect_port 80
connect_timeout 3 //连接超时时间
nb_get_retry 3 //get尝试次数
delay_before_retry 3 //在尝试之前延迟多长时间
}
}
real_server 192.168.100.99 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@master keepalived]# systemctl restart keepalived
备
[root@salve ~]# yum -y install keepalvied
[root@salve keepalived]# vim keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 90
nopreempt //设置抢占。默认时抢占
advert_int 1
authentication {
auth_type PASS
auth_pass yhzdj071
}
virtual_ipaddress {
192.168.100.251
}
}
virtual_server 192.168.100.251 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.100.33 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.100.99 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@salve keepalived]# systemctl restart keepalived
测试
//把主上的keepalvied停止
[root@master keepalived]# systemctl stop keepalived
[root@master keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 192.168.100.250/0 brd 192.168.100.250 scope global lo:0
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:74:8b:b9 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.123/24 brd 192.168.100.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
//可以看到主上,已经没有vip了
//去查看备上的keepalived状态
[root@salve keepalived]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disab>
Active: active (running) since Mon 2021-06-21 09:27:51 EDT; 2min 7s ago
Process: 313019 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/S>
Main PID: 313020 (keepalived)
Tasks: 3 (limit: 4615)
Memory: 2.6M
CGroup: /system.slice/keepalived.service
├─313020 /usr/sbin/keepalived -D
├─313021 /usr/sbin/keepalived -D
└─313022 /usr/sbin/keepalived -D
//查看vip
root@salve keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 192.168.100.250/0 brd 192.168.100.250 scope global lo:0
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:e3:00:67 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.77/24 brd 192.168.100.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.100.251/24 brd 192.168.100.255 scope global secondary noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fee3:67/64 scope link
valid_lft forever preferred_lft forever
可以看到vip到达备上
停止r2上的httpd服务
[root@r2 ~]# systemctl stop httpd
[root@r2 ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::1]:631 [::]:*
测试
在master上编写脚本
[root@master scripts]# cat check_httpd.sh
#!/bin/bash
status=$(ps -ef|grep -Ev "grep|$0"|grep -c httpd)
if [ $status -eq 0 ];then
systemctl stop keepalived
fi
[root@master scripts]# cat notify.sh
#!/bin/bash
VIP=$2
case "$1" in
master)
httpd_status=$(ps -ef|grep -Ev "grep|$0"|grep 'httpd'|wc -l)
if [ $httpd_status -lt 1 ];then
systemctl start httpd
fi
;;
backup)
httpd_status=$(ps -ef|grep -Ev "grep|$0"|grep 'httpd'|wc -l)
if [ $httpd_status -gt 0 ];then
systemctl stop httpd
fi
;;
*)
echo "Usage:$0 master|backup VIP"
;;
esac
在备上编写脚本
[root@salve scripts]# cat notify.sh
#!/bin/bash
VIP=$2
case "$1" in
master)
httpd_status=$(ps -ef|grep -Ev "grep|$0"|grep 'httpd'|wc -l)
if [ $httpd_status -lt 1 ];then
systemctl start httpd
fi
;;
backup)
httpd_status=$(ps -ef|grep -Ev "grep|$0"|grep 'httpd'|wc -l)
if [ $httpd_status -gt 0 ];then
systemctl stop httpd
fi
;;
*)
echo "Usage:$0 master|backup VIP"
;;
esac
配置keepalvied加入监控脚本的配置
主服务器
[root@master keepalived]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_script nginx_check {
script "/scripts/check_httpd.sh"
interval 1
weight -20
}
//加入上面五行
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass yhzdj071
}
virtual_ipaddress {
192.168.100.251
}
track_script {
httpd_check
}
notify_master "/scripts/notify.sh master 192.168.100.251"
notify_backup "/scripts/notify.sh backup 192.168.100.251"
}
//加入上面四行
virtual_server 192.168.100.251 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.100.33 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.100.99 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@master keepalived]# systemctl restart keepalived
备服务器
[root@salve keepalived]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 90
nopreempt
advert_int 1
authentication {
auth_type PASS
auth_pass yhzdj071
}
virtual_ipaddress {
192.168.100.251
}
notify_master "/scripts/notify.sh master 192.168.100.251"
notify_backup "/scripts/notify.sh backup 192.168.100.251"
//加入上面两行
}
virtual_server 192.168.100.251 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.100.33 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.100.99 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@salve keepalived]# systemctl restart keepalived
测试
关闭备上的keepalvied,和r2上的httpd
//主服务器
[root@master keepalived]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disab>
Active: active (running) since Mon 2021-06-21 10:03:47 EDT; 2min 42s ago
Process: 461172 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/S>
Main PID: 461174 (keepalived)
Tasks: 3 (limit: 11200)
Memory: 3.5M
CGroup: /system.slice/keepalived.service
├─461174 /usr/sbin/keepalived -D
├─461175 /usr/sbin/keepalived -D
└─461176 /usr/sbin/keepalived -D
//备服务器
[root@salve keepalived]# systemctl stop keepalived
[root@salve keepalived]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disab>
Active: inactive (dead)
[root@r2 ~]# systemctl stop httpd
[root@r2 ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:httpd.service(8)
[root@r1 ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::1]:631 [::]:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 *:80 *:*
把主服务器上的keepalived停止,把r1httpd停止
[root@master keepalived]# systemctl stop keepalived
[root@master keepalived]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disab>
Active: inactive (dead)
[root@r1 ~]# systemctl stop httpd
[root@r1 ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:httpd.service(8)