Centos7部署keepalived高可用架构

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Centos7部署keepalived高可用架构相关的知识,希望对你有一定的参考价值。

简介

Keepalived的作用是检测服务器的状态,如果有一台web服务器宕机,或工作出现故障,Keepalived将检测到,并将有故障的服务器从系统中剔除,同时使用其他服务器代替该服务器的工作,当服务器工作正常后Keepalived自动将服务器加入到服务器群中,这些工作全部自动完成,不需要人工干涉,需要人工做的只是修复故障的服务器。
单播和组播
keepalived在组播模式下会向224.0.0.18发送许多无用的信息
单播模式下仅对配置中的结点发送信息,可避免干扰和冲突
脑裂
脑裂现象是在高可用部署时,多台机器同时绑定了虚拟IP地址,导致客户端在访问IP地址时造成访问混乱
通过脑裂监控脚本可防止脑裂情况的出现

前期准备

准备两台Centos7虚拟机,关闭防火墙和selinux,同步系统时间,修改IP地址和hostname

ip hostname
192.168.29.132 master
192.168.29.138 bak

部署Nginx

#从官网获取yum源
[root@master ~]# yum install nginx -y
[root@bak ~]# yum install nginx -y

#修改首页内容以区分
[root@master ~]# vi /usr/share/nginx/html/index.html
<h1>Welcome to nginx!132</h1>
[root@bak ~]# vi /usr/share/nginx/html/index.html
<h1>Welcome to nginx!138</h1>

部署keepalived

安装软件

[root@master ~]# yum install keepalived -y
[root@bak ~]# yum install keepalived -y

修改配置文件

[root@master ~]# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   #1.3+版本需要把此行注释掉才能在宿主机PING通
   #vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}
#组建vrrp实例组
vrrp_instance VI_1 {
    #设置为非抢占模式
    state BACKUP
    interface ens33
    virtual_router_id 51
    #设置非抢占模式
    nopreempt
    #把组播改为单播模式
    #发送数据包的主机地址
    unicast_src_ip 192.168.29.132
    #接收数据包的目的主机地址,支持多台机器
    unicast_peer{
    192.168.29.138
    }
    #设置权重
    #权重大的优先成为master,权重相同时IP地址大的成为master
    priority 100
    advert_int 1
    #设置认证
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    #设置虚拟IP地址,要与集群的机器处于同一网段
    virtual_ipaddress {
        192.168.29.100
    }
}

[root@bak ~]# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   #1.3+版本需要把此行注释掉才能PING通
   #vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}
#组建vrrp实例组
vrrp_instance VI_1 {
    #非抢占模式
    state BACKUP
    interface ens33
    virtual_router_id 51
    #设置非抢占模式
    nopreempt
    #把组播改为单播模式
    #发送数据包的主机地址
    unicast_src_ip 192.168.29.138
    #接收数据包的目的主机地址,支持多台机器
    unicast_peer{
    192.168.29.132
    }
    #权重
    priority 90
    advert_int 1
    #认证
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    #设置虚拟IP地址
    virtual_ipaddress {
        192.168.29.100
    }
}

启动服务

[root@master ~]# systemctl start keepalived.service
[root@bak ~]# systemctl start keepalived.service 

#验证服务
[root@master ~]# ip a
inet 192.168.29.100/32 scope global ens33

测试验证

浏览器访问虚拟ip地址
技术图片
关闭master结点的keepalived服务

[root@master ~]# systemctl stop keepalived.service

#虚拟IP飘移
[root@bak ~]# ip a 
inet 192.168.29.100/32 scope global ens33

浏览器访问虚拟ip地址
技术图片
重启master结点的keepalived服务
由于设置为非抢占模式,重启服务后master结点不会抢夺虚拟IP地址,因此虚拟ip依旧绑定在bak结点

配置Nginx高可用架构

编写监控Nginx脚本

[root@master ~]# vi /etc/keepalived/check_nginx.sh
#!/bin/bash
#检测Nginx状态
nginx_status=`ps -C nginx --no-header |wc -l`
if [ $nginx_status -eq 0 ]; then 
    systemctl stop keepalived
fi

[root@bak ~]# vi /etc/keepalived/check_nginx.sh
#!/bin/bash
#检测Nginx状态
nginx_status=`ps -C nginx --no-header |wc -l`
if [ $nginx_status -eq 0 ]; then 
    systemctl stop keepalived
fi

#修改权限
[root@master ~]#chmod a+x /etc/keepalived/check_nginx.sh
[root@bak ~]#chmod a+x /etc/keepalived/check_nginx.sh

修改配置文件

[root@master ~]# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   #vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}
#配置检测Nginx运行情况
vrrp_script check_nginx{
    script /etc/keepalived/check_nginx.sh
    #设定脚本执行间隔时间
    interval 3
}
vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    virtual_router_id 51
    nopreempt
    unicast_src_ip 192.168.29.132
    unicast_peer{
    192.168.29.138
    }
    priority 100
    advert_int 1
    #调用检查Nginx运行情况的脚本
    track_script{
    check_nginx
    }
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.29.100
    }
}

[root@bak ~]# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   #vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}
#配置检测Nginx运行情况
vrrp_script check_nginx{
    script /etc/keepalived/check_nginx.sh
    interval 3
}
vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    virtual_router_id 51
    nopreempt
    unicast_src_ip 192.168.29.138
    unicast_peer{
    192.168.29.132
    }
    priority 90
    advert_int 1
    #调用检查Nginx运行情况的脚本
    track_script{
    check_nginx
    }
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.29.100
    }
}

#两结点重启keepalived服务

测试验证

浏览器访问虚拟ip地址
技术图片
关闭master结点的Nginx服务

[root@master ~]# systemctl stop nginx.service

#查看keepalived服务情况
[root@master ~]# systemctl status keepalived.service 
master Keepalived_vrrp[3937]: Stopped - used 0.008106 user time, 0.085418 system time
master Keepalived[3936]: Stopped Keepalived v2.0.10 (11/12,2018)
master systemd[1]: Stopped LVS and VRRP High Availability Monito

浏览器访问虚拟ip地址
技术图片
重启服务

[root@master ~]# systemctl restart nginx.service 
[root@master ~]# systemctl start keepalived.service

#非抢占模式因此虚拟ip依旧绑定在bak结点
[root@bak ~]# ip a 
inet 192.168.29.100/32 scope global ens33

以上是关于Centos7部署keepalived高可用架构的主要内容,如果未能解决你的问题,请参考以下文章

lvs+keepalived部署高可用集群

实践:在CentOS7.3部署 keepalived 高可用nginx(负载均衡)

Centos7 安装keepalived实现高可用

CentOS 7 上部署Memcached 主主复制 + keepalived 高可用架构

Centos7+Nginx+Keepalived实现Apache服务的高可用&负载均衡

Memcached主从复制+keepalived高可用架构