keepalived-基于keepalived实现lvs的高可用
Posted 初如
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了keepalived-基于keepalived实现lvs的高可用相关的知识,希望对你有一定的参考价值。
通告:心跳 优先级等 周期性
挂载方式:抢占式 非强制式
安全认证:
1.无认证 2.简单字符认证:预共享密钥 3.MD5
工作模式:
主/备:单虚拟路由器
主/主:主/备(虚拟路由器1),备/主(虚拟路由器2)
keepalived
基于vrrp协议完成地址流动
为vip地址所在的节点生成ipvs规则(在配置文件中预先定义)
为ipvs集群的各RS做健康状态检测
基于脚本调用接口完成脚本中定义的功能,进而影响集群事务,以此支持nginx、haproxy等服务
#/etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost #keepalived 发生故障切换时邮件发送的目标邮箱,可以按行区分写多个
root@wangxiaochun.com
29308620@qq.com
}
notification_email_from keepalived@localhost #发邮件的地址
smtp_server 127.0.0.1 #邮件服务器地址
smtp_connect_timeout 30 #邮件服务器连接timeout
router_id ka1.example.com#每个keepalived主机唯一标识,建议使用当前主机名,但多节点重名
不影响
vrrp_skip_check_adv_addr#对所有通告报文都检查,会比较消耗性能,启用此配置后,如果收到的
通告报文和上一个报文是同一个路由器,则跳过检查,默认值为全检查
vrrp_strict #严格遵守VRRP协议,启用此项后以下状况将无法启动服务:1.无VIP地址 2.配置了单播邻
居 3.在VRRP版本2中有IPv6地址,开启动此项并且没有配置vrrp_iptables时会自动开启iptables防火墙规则,默认导致VIP无法访问,建议不加此项配置
vrrp_garp_interval 0 #gratuitous ARP messages 报文发送延迟,0表示不延迟 vrrp_gna_interval 0 #unsolicited NA messages (不请自来)消息发送延迟
vrrp_mcast_group4 224.0.0.18 #指定组播IP地址范围:224.0.0.0到239.255.255.255,默认
值:224.0.0.18
vrrp_iptables #此项和vrrp_strict同时开启时,则不会添加防火墙规则,如果无配置
vrrp_strict项,则无需启用此项配置
脑裂:主备节点上都有vip。当主备的rout_id或密码不相同等时,俩个keepalived之间通信不成功的时候,双方都会宣告自己是主服务器,都有vip。
抢占模式:
A state master priority 100
B state backup priority 80
A主down后,vip会切换到备份服务器上,当主服务器恢复的时候,vip会立即切换到主服务器上
非抢占模式
keepalived默认为抢占模式 如果需要修改为非抢占模式需要将俩个节点的state 都修改为backup
即 statue backup
A state backup priority 100 nopreempt
B state backup priority 80 nopreempt
A主down后,vip会切换到备份服务器上,当主服务器恢复的时候,vip依旧会在备份服务器上,不会切换到主服务器上。
抢占延迟模式
A state backup priority 100 preempt_delay 60 #延迟抢占的等待时间
B state backup priority 80
A主down后,vip会切换到备份服务器上,当主服务器恢复的时候,vip不会立即切换到主服务器上,等待60s后切换到主服务器上。
实现主备模式
A:172.18.40.14 B:A:172.18.40.15
主配置文件 /etc/keepalived.conf
global_defs {
notification_email {
sysadmin@firewall.loc #报警邮件收件地址
}
notification_email_from Alexandre.Cassen@firewall.loc #邮件发件地址
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id kp #
vrrp_skip_check_adv_addr
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 239.1.1.1 #组播地址
}
include /etc/keepalived/conf.d/*.conf #子配置文件存放路径
A B子配置文件
vrrp_instance m44 {
state BACKUP
interface eth0
virtual_router_id 66
priority 80 #优先级 根据优先级决定开始的主备 A 100 B 80
advert_int 1
authentication {
auth_type PASS # 认证类型
auth_pass 123456 #认证密码
}
virtual_ipaddress {
172.18.40.200 dev eth0 label eth0:0 #vip 绑定在当前主机eth0网卡上
}
#实现单播通告
unicast_src_ip 172.18.40.14 #本机ip
unicast_peer{
172.18.40.15 #指向对方主机的ip,如果有多个则执行多个节点ip
}
}
实现keepalived日志另存
vim /etc/sysconfig/keepalived
KEEPALIVED_OPTIONS="-D -S 6"
[root@cen7 conf.d]# vim /etc/sysconfig/
local6.* /var/log/keepalived.log
systemctl retsart keepalived rsyslog
实现IPVS的高可用性
虚拟服务器配置
virtual_server IP port #定义虚拟主机IP地址及其端口
virtual_server fwmark int #ipvs的防火墙打标,实现基于防火墙的负载均衡集群
virtual_server group string #使用虚拟服务器组
virtual_server IP port { #VIP和PORT
delay_loop <INT> #检查后端服务器的时间间隔
lb_algo rr|wrr|lc|wlc|lblc|sh|dh #定义调度方法
lb_kind NAT|DR|TUN #集群的类型,注意要大写
persistence_timeout <INT> #持久连接时长
protocol TCP|UDP|SCTP #指定服务协议,一般为TCP
sorry_server <IPADDR> <PORT> #所有RS故障时,备用服务器地址
real_server <IPADDR> <PORT> { #RS的IP和PORT
weight <INT> #RS权重
notify_up <STRING>|<QUOTED-STRING> #RS上线通知脚本
notify_down <STRING>|<QUOTED-STRING> #RS下线通知脚本
HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|MISC_CHECK { ... } #定义当前主机健康状
态检测方法
}
}
实现基于基于keepalived的lvs负载均衡
real-server 配置mariadb+apache
RS1和RS2配置如下:
yum -y install httpd mariadb-server;systemc enable --now httpd mariadb;echo `hostname` > /var/www/html/index.html
创建数据库测试账号:test@'172.18.40.%'
临时修改变量让本机vip地址不去回应arp
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
在回环网卡上配置俩个子地址vip
ifconfig lo:2 172.18.40.222 netmask 255.255.255.255
ifconfig lo:2 172.18.40.111 netmask 255.255.255.255
lvs1 集群mysql主,apache备
lvs2 集群mysql备,apache主
lvs1和lvs2安装上keepalived,ipvsad
lvs1配置如下:
[root@lvs1 ~]# cat /etc/keepalived/keepalived.conf
global_defs {
notification_email {
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id kp
vrrp_skip_check_adv_addr
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 229.1.1.1
}
include /etc/keepalived/conf.d/*.conf
[root@lvs1 keepalived]# tree
.
├── conf.d
│ ├── lvs_dr_apache.conf
│ ├── lvs_dr_mysql.conf
│ └── t1.conf
└── keepalived.conf
[root@lvs1 keepalived]# cat conf.d/t1.conf
vrrp_instance test_apache {
state BACKUP
interface eth0
virtual_router_id 66
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
172.18.40.111 dev eth0 label eth0:1
}
unicast_src_ip 172.18.40.14 #本机ip
unicast_peer {
172.18.40.15 #指向对方主机的ip,如果有多个则执行多个节点ip
}
}
vrrp_instance test_mysql {
state MASTER
interface eth0
virtual_router_id 77
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
172.18.40.222 dev eth0 label eth0:2
}
unicast_src_ip 172.18.40.14 #本机ip
unicast_peer {
172.18.40.15 #指向对方主机的ip,如果有多个则执行多个节点ip
}
}
[root@lvs1 keepalived]# cat conf.d/lvs_dr_apache.conf
virtual_server 172.18.40.111 80 {
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 172.18.40.22 80 {
weight 1
HTTP_GET {
url {
path /monitor.html
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
real_server 172.18.40.23 80 {
weight 1
HTTP_GET { #http健康检查 需要在rs1和rs2上配置monitor.html
url {
path /monitor.html
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
}
[root@lvs1 keepalived]# cat conf.d/lvs_dr_mysql.conf
virtual_server 172.18.40.222 3306 {
delay_loop 3
lb_algo wrr
lb_kind DR
protocol TCP
sorry server 127.0.0.1 3306
real_server 172.18.40.22 3306 {
weight 1
TCP_CHECK {
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
connect_port 3306
}
}
real_server 172.18.40.23 3306 {
weight 1
TCP_CHECK {
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
connect_prot 80
}
}
}
lv2的keepalived目录结构相同 主配置文件配置一样
[root@lvs2 conf.d]# cat t1.conf
vrrp_instance test_apache {
state MASTER
interface eth0
virtual_router_id 66
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
172.18.40.111 dev eth0 label eth0:1
}
unicast_src_ip 172.18.40.15 #本机ip
unicast_peer {
172.18.40.14 #指向对方主机的ip,如果有多个则执行多个节点ip
}
}
vrrp_instance test_mysql {
state BACKUP
interface eth0
virtual_router_id 77
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
172.18.40.222 dev eth0 label eth0:2
}
unicast_src_ip 172.18.40.15 #本机ip
unicast_peer {
172.18.40.14 #指向对方主机的ip,如果有多个则执行多个节点ip
}
}
[root@lvs2 conf.d]# cat lvs_dr_apache.conf
virtual_server 172.18.40.111 80 {
delay_loop 3
lb_algo wrr
lb_kind DR
protocol TCP
sorry server 127.0.0.1 80
real_server 172.18.40.22 80 {
weight 1
HTTP_GET {
url {
path /monitor.html
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
real_server 172.18.40.23 80 {
weight 1
TCP_CHECK {
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
connect_prot 80
}
}
}
virtual_server 172.18.40.222 3306 {
delay_loop 3
lb_algo wrr
lb_kind DR
protocol TCP
sorry server 127.0.0.1 3306
real_server 172.18.40.22 3306 {
weight 1
TCP_CHECK {
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
connect_port 3306
}
}
real_server 172.18.40.23 3306 {
weight 1
TCP_CHECK {
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
connect_port 3306
}
}
配置完成后启动keepalibed
[root@lvs2 conf.d]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.18.40.111:80 wrr
-> 172.18.40.22:80 Route 1 0 0
-> 172.18.40.23:80 Route 1 0 0
TCP 172.18.40.222:3306 wrr
-> 172.18.40.22:3306 Route 1 0 0
-> 172.18.40.23:3306 Route 1 0 0
可以查看到lvs的俩个集群 mysql 和 http集群
测试:
[root@localhost ~]# mysql -utest -p123456 -h172.18.40.222 -e 'show variables like "hostname";'
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| hostname | rs2 |
+---------------+-------+
[root@localhost ~]# mysql -utest -p123456 -h172.18.40.222 -e 'show variables like "hostname";'
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| hostname | rs1 |
+---------------+-------+
[root@localhost ~]# curl 172.18.40.111
r2.server
[root@localhost ~]# curl 172.18.40.111
r1.server
[root@localhost ~]# curl 172.18.40.111
r2.server
[root@lvs2 conf.d]# hostname -I
172.18.40.15 172.18.40.111
[root@lvs1 keepalived]# hostname -I
172.18.40.14 172.18.40.222
停止lvs2的keepalived服务,测试lvs的负载均衡
[root@lvs1 keepalived]# hostname -I
172.18.40.14 172.18.40.222 172.18.40.111
在从客户端上去访问mysql和http
[root@localhost ~]# mysql -utest -p123456 -h172.18.40.222 -e 'show variables like "hostname";'
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| hostname | rs2 |
+---------------+-------+
[root@localhost ~]#
[root@localhost ~]# mysql -utest -p123456 -h172.18.40.222 -e 'show variables like "hostname";'
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| hostname | rs1 |
+---------------+-------+
[root@localhost ~]# curl 172.18.40.111
r2.server
[root@localhost ~]# curl 172.18.40.111
r1.server
[root@localhost ~]# curl 172.18.40.111
r2.server
恢复lvs2的keepalived服务,发现http的vip又飘回了lvs2,因实现是采取默认模式即抢占模式。
以上是关于keepalived-基于keepalived实现lvs的高可用的主要内容,如果未能解决你的问题,请参考以下文章
keepalived-基于keepalived实现lvs的高可用
keepalived-基于keepalived实现lvs的高可用
keepalived-基于keepalived实现lvs的高可用