Keepalived
1.Keepalived定义:Keepalived 是一个基于VRRP协议来实现的LVS服务高可用方案,可以利用其来避免单点故障。一个LVS服务会有2台服务器运行Keepalived,一台为主服务器(MASTER),一台为备份服务器(BACKUP),但是对外表现为一个虚拟IP,主服务器会发送特定的消息给备份服务器,当备份服务器收不到这个消息的时候,即主服务器宕机的时候, 备份服务器就会接管虚拟IP,继续提供服务,从而保证了高可用性。Keepalived是VRRP的完美实现,因此在介绍keepalived之前,先介绍一下VRRP的原理。
2.VRRP 协议简介
VRRP将局域网内的一组路由器划分在一起,形成一个VRRP备份组,它在功能上
相当于一台虚拟路由器,使用虚拟路由器号进行标识。以下使用虚拟路由器代替
VRRP备份组进行描述。
虚拟路由器有自己的虚拟IP地址和虚拟MAC地址,它的外在表现形式和实际的物
理路由器完全一样。局域网内的主机将虚拟路由器的IP地址设置为默认网关,通过
虚拟路由器与外部网络进行通信。
虚拟路由器是工作在实际的物理路由器之上的。它由多个实际的路由器组成,包括
一个Master路由器和多个Backup路由器。Master路由器正常工作时,局域网内的
主机通过Master与外界通信。当Master路由器出现故障时,Backup路由器中的一
台设备将成为新的Master路由器,接替转发报文的工作.
3.VRRP工作过程
(1) 虚拟路由器中的路由器根据优先级选举出Master。Master 路由器通过发送免
费ARP 报文,将自己的虚拟MAC 地址通知给与它连接的设备或者主机,从
而承担报文转发任务;
(2) Master 路由器周期性发送VRRP 报文,以公布其配置信息(优先级等)和工
作状况;
(3) 如果Master 路由器出现故障,虚拟路由器中的Backup 路由器将根据优先级
重新选举新的Master;
(4) 虚拟路由器状态切换时,Master 路由器由一台设备切换为另外一台设备,新
的Master 路由器只是简单地发送一个携带虚拟路由器的MAC 地址和虚拟IP
地址信息的免费ARP 报文,这样就可以更新与它连接的主机或设备中的
ARP 相关信息。网络中的主机感知不到Master 路由器已经切换为另外一台
设备。
(5) Backup 路由器的优先级高于Master 路由器时,由Backup 路由器的工作方
式(抢占方式和非抢占方式)决定是否重新选举Master。
实现双主模型的ipvs高可用集群;
一、实验环境:
操作系统
centos 7
keepalived master 192.168.18.97
keepalived bachup 192.168.18.98
Real Server 1 192.168.18.99
Real Server 2 192.168.18.100
前提
1.各节点时间必须同步;ntp 或者 chrony;
- 确保iptables及selinux不会成为阻碍
3.各节点之间可通过主机名互相通信(对Keepalived并非必须);
简单拓扑
二.配置
1.先安装各主机相应的软件:
MASTER与BACKUP主机:
yum -y install keepalived
RS1与RS2主机,安装相应的web服务,这里安装的是Nginx
yum -y install niginx
2.配置两web服务的简单测试页
RS1:
vim usr/share/nginx/html/index.html
<h1> SR1 </h1>
RS2:
vim usr/share/nginx/html/index.html
<h1> SR1 </h1>
3.启动两台相应的Nginx服务
systemctl start nginx
4.测试
[root@centos7 ~]#curl http://192.168.18.99
<h1> SR1 host </h1>
[root@centos7 ~]#curl http://192.168.18.100
<h1> SR2 host </h1>
这里可正常访问
三.配置各主机的VIP
因为要实现LVS+Keepalived 实现高可用的前端负载均衡器这里就是用LVS-DR模式
dr模型中,各主机上均需要配置VIP,解决地址冲突的方式有三种:
(1) 在前端网关做静态绑定
(2) 在各RS使用arptables
(3) 在各RS修改内核参数,来限制arp响应和通告的级别
限制响应级别:arp_ignore
0:默认值,表示可使用本地任意接口上配置的任意地址进行响应
1: 仅在请求的目标IP配置在本地主机的接收到请求报文的接口上时,才给予响应
限制通告级别:arp_announce
0:默认值,把本机所有接口的所有信息向每个接口的网络进行通告
1:尽量避免将接口信息向非直接连接网络进行通告
2:必须避免将接口信息向非本网络进行通告
1.在RS1于RS2上设置:这里可以设置成脚本,使用起来更加方便。
#!/bin/bash
#
vip1=192.168.18.68
vip2=192.168.18.168
mask=255.255.255.255
iface1="lo:1"
iface2="lo:2"
case $1 in
start)
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig $iface1 $vip1 netmask $mask broadcast $vip1 up
ifconfig $iface2 $vip2 netmask $mask broadcast $vip2 up
route add -host $vip1 dev $iface1 //此步骤非必须
;;
stop)
ifconfig $iface1 down
ifconfig $iface2 down
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
;;
*)
echo "Usage:$(basename $0) start|stop"
exit 1
;;
esac
2.在主机RS1和RS2运行脚本,查看VIP是否 已经添加成功。
[root@centos7 ~]#bash lvs_dr.sh start
[root@centos7 ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 192.168.18.68/32 brd 192.168.18.68 scope global lo:1
valid_lft forever preferred_lft forever
inet 192.168.18.168/32 brd 192.168.18.168 scope global lo:2
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
...
2: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:90:2e:2a brd ff:ff:ff:ff:ff:ff
inet 192.168.18.100/24 brd 192.168.18.255 scope global ens34
valid_lft forever preferred_lft forever
inet6 fe80::8c8e:8ee1:9668:4e8e/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::6a3c:6:139c:cc3b/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
3.测试两台准备做MASTER和BAVKUP的主机,LVS-DR是否可用:
MASTER:
yum -y install ipvsadm
ifconfig ens34:0 192.168.18.68 netmask 255.255.255.255 broadcast 192.168.18.68 up
ifconfig ens34:1192.168.18.168 netmask 255.255.255.255 broadcast 192.168.18.168 up
ipvsadm -A -t 192.168.18.68:80 -s rr
ipvsadm -a -t 192.168.18.68:80 -r 192.168.18.99:80 -g
ipvsadm -a -t 192.168.18.68:80 -r 192.168.18.100:80 -g
ipvsadm -A -t 192.168.18.168:80 -s rr
ipvsadm -a -t 192.168.18.168:80 -r 192.168.18.99:80 -g
ipvsadm -a -t 192.168.18.168:80 -r 192.168.18.100:80 -g
[root@cnetos7 ~]#ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.18.68:80 rr
-> 192.168.18.99:80 Route 1 0 0
-> 192.168.18.100:80 Route 1 0 0
TCP 192.168.18.168:80 rr
-> 192.168.18.99:80 Route 1 0 0
-> 192.168.18.100:80 Route 1 0 0
4.测试MASTER和BACKUP是否可用。
[root@centos7 ~]#for i in {1..10};do curl http://192.168.18.68;done
<h1> SR2 host </h1>
<h1> SR1 host </h1>
<h1> SR2 host </h1>
<h1> SR1 host </h1>
<h1> SR2 host </h1>
<h1> SR1 host </h1>
<h1> SR2 host </h1>
<h1> SR1 host </h1>
<h1> SR2 host </h1>
<h1> SR1 host </h1>
[root@centos7 ~]#for i in {1..10};do curl http://192.168.18.168;done
<h1> SR2 host </h1>
<h1> SR1 host </h1>
<h1> SR2 host </h1>
<h1> SR1 host </h1>
<h1> SR2 host </h1>
<h1> SR1 host </h1>
<h1> SR2 host </h1>
<h1> SR1 host </h1>
<h1> SR2 host </h1>
<h1> SR1 host </h1>
可正常访问
5.清除MASTER和BACKUP的VIP和集群
[root@cnetos7 ~]#ifconfig ens34:1 down //down掉VIP
[root@cnetos7 ~]#ifconfig ens34:0 down
[root@cnetos7 ~]#ipvsadm -C //清空定义的所有内容
[root@cnetos7 ~]#ipvsadm -Ln //查看
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
[root@cnetos7 ~]#ip a //查看ip确保ip恢复到最初状态
四、配置实现双主模型的ipvs高可用集群
1.在MASTER主机上:
[root@centos7 ~]#vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
keepalived@jie.com //配置管理员邮箱
}
notification_email_from ka_admin@jie.com //配置发件人
smtp_server 127.0.0.1 //p配置邮件服务器
smtp_connect_timeout 30 //邮件连接超时时长s为单位
router_id centos7.3 //主机名
vrrp_mcast_group4 224.27.27.18 //vrrp组
}
vrrp_instance VI_1 { //组1
state MASTER //当前节点在此虚拟路由器上的初始状态;只能有一个是MASTER,余下的都应该为BACKUP
interface ens34 //绑定为当前虚拟路由器使用的物理接口;
virtual_router_id 27 // 前虚拟路由器的惟一标识,范围是0-255;
priority 100 //当前主机在此虚拟路径器中的优先级;范围1-254;
advert_int 1 //vrrp通告的时间间隔;
authentication { //认证
auth_type PASS
auth_pass eHTQgK1n
}
virtual_ipaddress {
192.168.18.168 //配置虚拟ip地址
}
//定义通知脚本:
notify_master "/etc/keepalived/notify.sh master" //当前节点成为主节点时触发的脚本;
notify_backup "/etc/keepalived/notify.sh backup" //当前节点转为备节点时触发的脚本;
notify_fault "/etc/keepalived/notify.sh fault" //当前节点转为“失败”状态时触发的脚本;
}
vrrp_instance VI_2 {
state BACKUP
interface ens34
virtual_router_id 37
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass eHTQgK0n
}
virtual_ipaddress {
192.168.18.68
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
virtual_server 192.168.18.168 80 { //虚拟服务器
delay_loop 3 //服务轮询的时间间隔;
lb_algo rr //定义调度方法;
lb_kind DR //集群的类型;
protocol TCP //服务协议,仅支持TCP;
sorry_server 127.0.0.1 80 //备用服务器地址;
real_server 192.168.18.100 80 {
weight 1
HTTP_GET { 应用层检测
url {
path / //定义要监控的URL;
status_code 200 //
}
connect_timeout 1 //连接请求的超时时长;
nb_get_retry 3 //重试次数;
delay_before_retry 1 //重试之前的延迟时长;
}
}
real_server 192.168.18.99 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
}
virtual_server 192.168.18.68 80 {
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 192.168.18.100 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
real_server 192.168.18.99 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
}
2.在BACKUP主机上:
global_defs {
notification_email {
keepalived@jie.com
}
notification_email_from ka_admin@jie.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id cnetos7.localdomain
vrrp_mcast_group4 224.27.27.18 //保持一致
}
vrrp_instance VI_1 {
state BACKUP
interface ens34
virtual_router_id 27 //保持一致
priority 98
advert_int 1
authentication {
auth_type PASS
auth_pass eHTQgK1n //保持一致
}
virtual_ipaddress {
192.168.18.168
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance VI_2 {
state MASTER
interface ens34
virtual_router_id 37 //保持一致
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass eHTQgK0n //保持一致
}
virtual_ipaddress {
192.168.18.68
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
virtual_server 192.168.18.168 80 {
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 192.168.18.100 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
real_server 192.168.18.99 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
}
virtual_server 192.168.18.68 80 {
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 192.168.18.100 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
real_server 192.168.18.99 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
}
3.配置通知脚本
[root@cnetos7 keepalived]#vim notify.sh
#!bin/bash
contact='root@localhost'
notify() {
local mailsubject="$(hostname) to be $1, vip floating"
local mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"
echo "$mailbody" | mail -s "$mailsubject" $contact
}
case $1 in
master)
notify master
;;
backup)
notify backup
;;
fault)
notify fault
;;
*)
echo "Usage: $(basename $0) {master|backup|fault}"
exit 1
;;
esac
4.测试:
1).先在BACKUP上启用
[root@cnetos7 keepalived]#systemctl start keepalived
[root@cnetos7 keepalived]#systemctl status keepalived //查看状态
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Active: active (running) since 四 2017-09-07 04:58:27 CST; 42s ago
Process: 2859 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 2860 (keepalived)
CGroup: /system.slice/keepalived.service
├─2860 /usr/sbin/keepalived -D
├─2861 /usr/sbin/keepalived -D
└─2862 /usr/sbin/keepalived -D
9月 07 04:58:29 cnetos7.localdomain Keepalived_vrrp[2862]: Opening script file /etc/keepalived/notify.sh
9月 07 04:58:29 cnetos7.localdomain Keepalived_healthcheckers[2861]: Netlink reflector reports IP 192.168.18.68 added
9月 07 04:58:31 cnetos7.localdomain Keepalived_vrrp[2862]: VRRP_Instance(VI_1) Transition to MASTER STATE
9月 07 04:58:32 cnetos7.localdomain Keepalived_vrrp[2862]: VRRP_Instance(VI_1) Entering MASTER STATE
9月 07 04:58:32 cnetos7.localdomain Keepalived_vrrp[2862]: VRRP_Instance(VI_1) setting protocol VIPs.
9月 07 04:58:32 cnetos7.localdomain Keepalived_vrrp[2862]: VRRP_Instance(VI_1) Sending gratuitous ARPs on ens34 for 192.168.18.168
9月 07 04:58:32 cnetos7.localdomain Keepalived_vrrp[2862]: Opening script file /etc/keepalived/notify.sh
9月 07 04:58:32 cnetos7.localdomain Keepalived_healthcheckers[2861]: Netlink reflector reports IP 192.168.18.168 added
9月 07 04:58:34 cnetos7.localdomain Keepalived_vrrp[2862]: VRRP_Instance(VI_2) Sending gratuitous ARPs on ens34 for 192.168.18.68
9月 07 04:58:37 cnetos7.localdomain Keepalived_vrrp[2862]: VRRP_Instance(VI_1) Sending gratuitous ARPs on ens34 for 192.168.18.168
您在 /var/spool/mail/root 中有新邮件 //设置了邮件通知
因为主MASTER的Keepalived没有启动,所以先在两VIP都在BACHUP主机上
[root@cnetos7 keepalived]#ip a
....
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:50:56:2e:b2:ba brd ff:ff:ff:ff:ff:ff
inet 192.168.18.98/24 brd 192.168.18.255 scope global ens34
valid_lft forever preferred_lft forever
inet 192.168.18.68/32 scope global ens34
valid_lft forever preferred_lft forever
inet 192.168.18.168/32 scope global ens34
valid_lft forever preferred_lft forever
inet6 fe80::c4db:7bad:474f:7c55/64 scope link
valid_lft forever preferred_lft forever
[root@cnetos7 keepalived]#tcpdump -nn -i ens34 host 224.27.27.18 //组播信心查看
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens34, link-type EN10MB (Ethernet), capture size 65535 bytes
05:04:45.963370 IP 192.168.18.98 > 224.27.27.18: VRRPv2, Advertisement, vrid 27, prio 98, authtype simple, intvl 1s, length 20
05:04:46.228313 IP 192.168.18.98 > 224.27.27.18: VRRPv2, Advertisement, vrid 37, prio 100, authtype simple, intvl 1s, length 20
2).启动MASTER主机
[root@centos7 ~]#systemctl start keepalived
[root@centos7 ~]#systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Active: active (running) since 三 2017-09-06 21:06:56 CST; 7s ago
Process: 19901 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 19902 (keepalived)
CGroup: /system.slice/keepalived.service
├─19902 /usr/sbin/keepalived -D
├─19903 /usr/sbin/keepalived -D
└─19904 /usr/sbin/keepalived -D
9月 06 21:06:57 centos7.3 Keepalived_vrrp[19904]: VRRP_Instance(VI_1) Transition to MASTER STATE
9月 06 21:06:57 centos7.3 Keepalived_vrrp[19904]: VRRP_Instance(VI_1) Received lower prio advert, forcing new election
9月 06 21:06:58 centos7.3 Keepalived_vrrp[19904]: VRRP_Instance(VI_1) Entering MASTER STATE
9月 06 21:06:58 centos7.3 Keepalived_vrrp[19904]: VRRP_Instance(VI_1) setting protocol VIPs.
9月 06 21:06:58 centos7.3 Keepalived_vrrp[19904]: VRRP_Instance(VI_1) Sending gratuitous ARPs on ens34 for 192.168.18.168
9月 06 21:06:58 centos7.3 Keepalived_vrrp[19904]: Opening script file /etc/keepalived/notify.sh
[root@centos7 ~]#ip a
....
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:2b:e9:62 brd ff:ff:ff:ff:ff:ff
inet 192.168.18.97/24 brd 192.168.18.255 scope global ens34
valid_lft forever preferred_lft forever
inet 192.168.18.168/32 scope global ens34 //获取了ip
valid_lft forever preferred_lft forever
inet6 fe80::6a3c:6:139c:cc3b/64 scope link
valid_lft forever preferred_lft forever
[root@cnetos7 keepalived]#tcpdump -nn -i ens34 host 224.27.27.18
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens34, link-type EN10MB (Ethernet), capture size 65535 bytes
05:08:44.608354 IP 192.168.18.97 > 224.27.27.18: VRRPv2, Advertisement, vrid 27, prio 100, authtype simple, intvl 1s, length 20
05:08:44.740453 IP 192.168.18.98 > 224.27.27.18: VRRPv2, Advertisement, vrid 37, prio 100, authtype simple, intvl 1s, length 20
05:08:45.611090 IP 192.168.18.97 > 224.27.27.18: VRRPv2, Advertisement, vrid 27, prio 100, authtype simple, intvl 1s, length 20
05:08:45.744621 IP 192.168.18.98 > 224.27.27.18: VRRPv2, Advertisement, vrid 37, prio 100, authtype simple, intvl 1s, length 20
3)此时两台主机都会显示:
[root@centos7 ~]#ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.18.68:80 rr
-> 192.168.18.99:80 Route 1 0 0
-> 192.168.18.100:80 Route 1 0 0
TCP 192.168.18.168:80 rr
-> 192.168.18.99:80 Route 1 0 0
-> 192.168.18.100:80 Route 1 0 0
5在其它主机上测试:
[root@centos7 ~]#for i in {1..10};do curl http://192.168.18.168;done
<h1> SR1 host </h1>
<h1> SR2 host </h1>
<h1> SR1 host </h1>
<h1> SR2 host </h1>
<h1> SR1 host </h1>
<h1> SR2 host </h1>
<h1> SR1 host </h1>
<h1> SR2 host </h1>
<h1> SR1 host </h1>
<h1> SR2 host </h1>
[root@centos7 ~]#for i in {1..10};do curl http://192.168.18.68;done
<h1> SR1 host </h1>
<h1> SR2 host </h1>
<h1> SR1 host </h1>
<h1> SR2 host </h1>
<h1> SR1 host </h1>
<h1> SR2 host </h1>
<h1> SR1 host </h1>
<h1> SR2 host </h1>
<h1> SR1 host </h1>
<h1> SR2 host </h1>
6.设置sorry.server,当后端两台web服务器都宕机时,能显示信息提醒.
1)在MASTER和BACKUP上安装Nginx
[root@centos7 ~]#yum -y install nginx
[root@centos7 ~]#vim /usr/share/nginx/html/index.html
Website is currently under maintenance, please come back later!
[root@centos7 ~]#systenctl start nginx
2)停止RS1和RS2web服务。
systenctl stop nginx
[root@centos7 ~]#for i in {1..10};do curl http://192.168.18.168;done
Website is currently under maintenance, please come back later!
Website is currently under maintenance, please come back later!
Website is currently under maintenance, please come back later!
Website is currently under maintenance, please come back later!
Website is currently under maintenance, please come back later!
Website is currently under maintenance, please come back later!
Website is currently under maintenance, please come back later!
Website is currently under maintenance, please come back later!
Website is currently under maintenance, please come back later!
Website is currently under maintenance, please come back later!
总结,到这里keepalived的双主模型的ipvs高可用集群已经实现,极大的提高负载均衡,高可用。
双主模型的nginx proxy高可用集群;
简单拓扑
一、配置MASTER:
因为使用Nginx proxy,只需在上面的基础上稍加修改就可以了,在后端的RS1和RS2上就不需要配置VIP,只需提供web服务即可。
global_defs {
notification_email {
keepalived@jie.com
}
notification_email_from ka_admin@jie.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id centos7.3
vrrp_mcast_group4 224.27.27.18
}
vrrp_script chk_down { //keepalived调用外部的辅助脚本进行资源监控,并根据监控的结果状态能实现优先动态调整;
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0" //检测是否存在down文件,有,权重减5
interval 1
weight -5
}
vrrp_script chk_nginx {
script "killall -0 nginx && exit 0 || exit 1" //检测是否Nginx进程正常在运行,如没有Nginx进程,权重减5
interval 1
weight -5
fall 2
rise 1
}
vrrp_instance VI_1 {
state MASTER
interface ens34
virtual_router_id 27
priority 100
advert_int 1
authentication {
auth_type PASS
! Configuration File for keepalived
global_defs {
notification_email {
keepalived@jie.com
}
notification_email_from ka_admin@jie.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id centos7.3
vrrp_mcast_group4 224.27.27.18
}
vrrp_script chk_down {
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
interval 1
weight -5
}
vrrp_script chk_nginx {
script "killall -0 nginx && exit 0 || exit 1"
interval 1
weight -5
fall 2
rise 1
}
vrrp_instance VI_1 {
state MASTER
interface ens34
virtual_router_id 27
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass eHTQgK1n
}
virtual_ipaddress {
192.168.18.168
}
track_script {
chk_down
chk_nginx
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup" //如需必要可在相应的邮件通知脚本中添加一旦Nginx进程中断,可重启Nginx服务。
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance VI_2 {
state BACKUP
interface ens34
virtual_router_id 37
priority 98
advert_int 1
authentication {
auth_type PASS
auth_pass eHTQgK0n
}
virtual_ipaddress {
192.168.18.68
}
track_script {
chk_down
chk_nginx
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
二、设置BACKUP
global_defs {
notification_email {
keepalived@jie.com
}
notification_email_from ka_admin@jie.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id cnetos7.localdomain
vrrp_mcast_group4 224.27.27.18
}
vrrp_script chk_down {
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
interval 1
weight -5
}
vrrp_script chk_nginx {
script "killall -0 nginx && exit 0 || exit 1"
interval 1
weight -5
fall 2
rise 1
}
vrrp_instance VI_1 {
state BACKUP
interface ens34
virtual_router_id 27
priority 98
advert_int 1
authentication {
auth_type PASS
auth_pass eHTQgK1n
}
virtual_ipaddress {
192.168.18.168
}
track_script {
chk_down
chk_nginx
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance VI_2 {
state MASTER
interface ens34
virtual_router_id 37
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass eHTQgK0n
}
virtual_ipaddress {
192.168.18.68
}
track_script {
chk_down
chk_nginx
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
三、配置Nginx的代理
在MASTER和BACKUP主机上配置相同的Nginx服务。
vim /etc/nginx/nginx.cong
http { //在http下添加组
upstream websrvs {
server 192.168.18.99:80;
server 192.168.18.100:80;
}
server {
location / {
proxy_pass http://websrvs; //添加为代理
}
}
}
如果不想在注配置文件修改可在/etc/nginx/conf.d/目录下另外创建一个虚拟主机文件。
#######四.、测试
在MASTER和BACHUP主机上重启Nginx
systemctl restart Nginx
systemctl start keepalived //如果此前已经开启了Keepalived服务,则需停止,在启动。
1.测试down文件存在,看ip是否转移。
MASTER:
[root@centos7 keepalived]#ip a
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:2b:e9:62 brd ff:ff:ff:ff:ff:ff
inet 192.168.18.97/24 brd 192.168.18.255 scope global ens34
valid_lft forever preferred_lft forever
inet 192.168.18.168/32 scope global ens34
valid_lft forever preferred_lft forever
inet6 fe80::6a3c:6:139c:cc3b/64 scope link
valid_lft forever preferred_lft forever
[root@centos7 keepalived]#touch down
[root@centos7 keepalived]#ip a
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:2b:e9:62 brd ff:ff:ff:ff:ff:ff
inet 192.168.18.97/24 brd 192.168.18.255 scope global ens34
valid_lft forever preferred_lft forever
inet6 fe80::6a3c:6:139c:cc3b/64 scope link
valid_lft forever preferred_lft forever
BACHUP:
[root@centos7 keepalived]#ip a
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:50:56:2e:b2:ba brd ff:ff:ff:ff:ff:ff
inet 192.168.18.98/24 brd 192.168.18.255 scope global ens34
valid_lft forever preferred_lft forever
inet 192.168.18.68/32 scope global ens34
valid_lft forever preferred_lft forever
inet 192.168.18.168/32 scope global ens34
valid_lft forever preferred_lft forever
inet6 fe80::c4db:7bad:474f:7c55/64 scope link
valid_lft forever preferred_lft forever
2.测试Nginx服务进程是否正常工作
MASTER:
[root@centos7 ~]#tcpdump -nn -i ens34 host 224.27.27.18
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens34, link-type EN10MB (Ethernet), capture size 65535 bytes
10:04:49.240856 IP 192.168.18.97 > 224.27.27.18: VRRPv2, Advertisement, vrid 27, prio 100, authtype simple, intvl 1s, length 20
10:04:49.268780 IP 192.168.18.98 > 224.27.27.18: VRRPv2, Advertisement, vrid 37, prio 100, authtype simple, intvl 1s, length 20
10:04:50.242388 IP 192.168.18.97 > 224.27.27.18: VRRPv2, Advertisement, vrid 27, prio 100, authtype simple, intvl 1s, length 20
10:04:50.273757 IP 192.168.18.98 > 224.27.27.18: VRRPv2, Advertisement, vrid 37, prio 100, authtype simple, intvl 1s, length 20
root@centos7 keepalived]#systemctl stop nginx //停止Nginx服务地址转移到BACKUP主机上。
10:05:33.393194 IP 192.168.18.98 > 224.27.27.18: VRRPv2, Advertisement, vrid 37, prio 100, authtype simple, intvl 1s, length 20
10:05:34.382548 IP 192.168.18.98 > 224.27.27.18: VRRPv2, Advertisement, vrid 27, prio 98, authtype simple, intvl 1s, length 20
10:05:34.394344 IP 192.168.18.98 > 224.27.27.18: VRRPv2, Advertisement, vrid 37, prio 100, authtype simple, intvl 1s, length 20
10:05:35.390452 IP 192.168.18.98 > 224.27.27.18: VRRPv2, Advertisement, vrid 27, prio 98, authtype simple, intvl 1s, length 20
BACKUP:
[root@cnetos7 keepalived]#ip a
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:50:56:2e:b2:ba brd ff:ff:ff:ff:ff:ff
inet 192.168.18.98/24 brd 192.168.18.255 scope global ens34
valid_lft forever preferred_lft forever
inet 192.168.18.68/32 scope global ens34
valid_lft forever preferred_lft forever
inet 192.168.18.168/32 scope global ens34
valid_lft forever preferred_lft forever
inet6 fe80::c4db:7bad:474f:7c55/64 scope link
valid_lft forever preferred_lft forever
到这里双主模型的nginx proxy高可用集群也设置完毕!
