keepalived绑定单播地址非抢占模式及LVS的TCP模式的高可用

Posted struggle-1216

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了keepalived绑定单播地址非抢占模式及LVS的TCP模式的高可用相关的知识,希望对你有一定的参考价值。

背景:keepalived默认是组播地址进行播放,且默认地址是224.0.0.18,如果配置多个keepalived主机,会导致虚拟IP地址存在冲突问题,这种问题怎么解决呢?

解决办法:就是将keepalived主机的多播地址修改为单播地址,绑定固定IP地址,避免在多播模式下,通过VRRP进行广播地址,造成IP地址地址冲突。

vrrp_strict   #严格遵守VRRP协议,不允许状况,在配置单播IP地址时,此行需要删除或者注释掉即可。

1、没有VIP地址

2、单播邻居

3、在VRRP版本2中有IPv6地址

实验一:实现keepalived单播地址配置

1、在主节点配置keepalived文件

[root@centos_17~]#vim /etc/keepalived/keepalived.conf
global_defs {
   notification_email {
     root@localhost.com
   }
   notification_email_from root@localhost.com
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id ka1
   vrrp_skip_check_adv_addr
   vrrp_iptables
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 50
    priority 100
    unicast_src_ip 192.168.37.17  配置源地址的IP地址
    unicast_peer {
       192.168.37.7  配置从节点的目标IP地址
    }
    advert_int 2
    authentication {
        auth_type pass
        auth_pass 123456
    }
    virtual_ipaddress {
        192.168.37.100 dev ens33 label ens33:1
    }
}

 配置完成之后重启keepalived:

[root@centos_17~]#systemctl restart keepalived

2、在从节点配置keepalived文件  

[root@centos7~]#vim /etc/keepalived/keepalived.conf
global_defs {
   notification_email {
     root@localhost.com
   }
   notification_email_from root@localhost.com
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id ka2
   vrrp_skip_check_adv_addr
   vrrp_iptables
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    virtual_router_id 50
    priority 80
    unicast_src_ip 192.168.37.7
    unicast_peer {
       192.168.37.17
    advert_int 2
    authentication {
        auth_type pass
        auth_pass 123456
    }
    virtual_ipaddress {
        192.168.37.100 dev ens33 label ens33:1
    }
}

 配置完成之后重启keepalived: 

[root@centos_17~]#systemctl restart keepalived

 3、验证锁单播IP地址效果。

此时由于绑定了双方keepalived主机的IP地址,就只会对双方进行广播,避免多个keepalived的虚拟IP地址进行冲突。

 技术图片

 实验二:实现非抢占模式漂移VIP

 原理:关闭VIP抢占模式,需要VIP state都为BACKUP,此时哪个keepalived的优先级大,优先占用哪个keepalived服务器,当此占用的服务器宕机后,另一个BACKUP主机才会进行占用,就算优先级高的恢复了,也不能进行抢占,除非优先级低的服务器宕机后,才会继续占用到高优先级的keepalived服务器上。

1、在优先级高的keepalived主机进行配置

 vim   /etc/keepalived/keepalived.conf

global_defs {
   notification_email {
     root@localhost.com
   }
   notification_email_from root@localhost.com
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id ka1
   vrrp_skip_check_adv_addr
   vrrp_iptables
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VIP_1 {
    state BACKUP  角色必须是BACKUP
    interface ens33
    virtual_router_id 50
    priority 100
    unicast_src_ip 192.168.37.17
    unicast_peer {
       192.168.37.7
    }
    advert_int 2
    nopreempt  设置为非抢占模式
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        192.168.37.100 dev ens33 label ens33:1
    }
}

 技术图片

 2、在优先级低的keepalived主机配置

 vim   /etc/keepalived/keepalived.conf

global_defs {
   notification_email {
     root@localhost.com
   }
   notification_email_from root@localhost.com
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id ka2
   vrrp_skip_check_adv_addr
   vrrp_iptables
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VIP_1 {
    state BACKUP   角色必须是BACKUP
    interface ens33
    virtual_router_id 60
    priority 80
    unicast_src_ip 192.168.37.7
    unicast_peer {
       192.168.37.17
    }
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        192.168.37.100 dev ens33 label ens33:1
    }
}

 测试效果:

 此时手动将keepalived主机优先级高的进行宕机,VIP就会漂移到优先级低的主机上。

[root@centos_17~]#systemctl stop keepalived

 此时查看优先级低的主机IP地址情况:

 技术图片

 此时就算高优先级的主机恢复,也无法抢占VIP地址,此时需要宕机优先级低的主机才会占用VIP地址。

  启动优先级高的主机:systemctl start keepalived

  停掉优先级低的主机:systemctl stop keepalived

 技术图片

 实战三:实现两个以上的Keepalived主机

 背景:当公司需求量较大时,两个keepalived已经不能满足公司需求,此时需要配置两台以上的keepalived,应该怎么配置?

 实现方法如下:

1、在A主机配置keepalived

  vim   /etc/keepalived/keepalived.conf

global_defs {
   notification_email {
     root@localhost.com
   }
   notification_email_from root@localhost.com
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id ka1
   vrrp_skip_check_adv_addr
   vrrp_iptables
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VIP_1 {
    state MASTER  主节点服务器
    interface ens33
    virtual_router_id 60 
    priority 100   优先级为100
    unicast_src_ip 192.168.37.7  绑定单播地址,防止IP地址与其他keepalived地址冲突
    unicast_peer {
       192.168.37.17   目标keepalived主机IP地址
       192.168.37.27   目标keepalived主机IP地址                                                                                                                          
    }
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        192.168.37.100 dev ens33 label ens33:1  添加VIP地址,也可以多添加几个地址
    }
}

 2、在B主机配置keepalived  

global_defs {
   notification_email {
     root@localhost.com
   }
   notification_email_from root@localhost.com
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id ka1
   vrrp_skip_check_adv_addr
   vrrp_iptables
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VIP_1 {
    state BACKUP  从节点服务器
    interface ens33
    virtual_router_id 50
    priority 80 优先级为80
    unicast_src_ip 192.168.37.17   绑定单播地址,源keepalived的IP地址
    unicast_peer {
       192.168.37.7   两个目标的keepalived的IP地址
       192.168.37.27
    }
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        192.168.37.100 dev ens33 label ens33:1
    }
}

3、在C主机配置keepalived  

global_defs {
   notification_email {
     root@localhost.com
   }
   notification_email_from root@localhost.com
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id ka1
   vrrp_skip_check_adv_addr
   vrrp_iptables
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VIP_1 {
    state BACKUP   从节点服务器
    interface ens33
    virtual_router_id 50
    priority 60  优先级为60,要比前两个的主机优先级都要低
    unicast_src_ip 192.168.37.27  绑定单播地址,源地址
    unicast_peer {
       192.168.37.7  两个keepalived的目标地址
       192.168.37.17
    }   
    advert_int 2
    authentication {                                                                                                                             
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        192.168.37.100 dev ens33 label ens33:1
    }
}

 测试效果:  

将A主机的keepalived宕机,可以观察此时的B主机成为MASTER主机,VIP地址就会漂移到B主机上。  

 技术图片

 当B主机的keepalived也宕机之后,此时的VIP就会漂移到C主机从节点的keepalived服务器上

 技术图片

  同理:当优先级高的keepalived服务器恢复后,VIP地址就又会漂移回去。

实战四:实现TCP模式keepalived及LVS-DR模式高可用(此用法多于HTTP用法)

 参数含义:

delay_loop<INT>:检查后端服务器的时间间隔
lb_algorr|wrr|lc|wlc|lblc|sh|dh:定义调度方法
lb_kindNAT|DR|TUN:集群的类型
persistence_timeout<INT>:持久连接时长
protocol TCP|UDP|SCTP:指定服务协议
sorry_server<IPADDR> <PORT>:所有RS故障时,备用服务器地址
real_server<IPADDR> <PORT>
{
weight <INT> RS权重
notify_up<STRING>|<QUOTED-STRING> RS上线通知脚本
notify_down<STRING>|<QUOTED-STRING> RS下线通知脚本
HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|MISC_CHEC K { ... }:定义当前主机的健康状态检测方法
}

 HTTP监测含义

HTTP_GET|SSL_GET:应用层检测
HTTP_GET|SSL_GET {
url{
path <URL_PATH>:定义要监控的URL
status_code<INT>:判断上述检测机制为健康状态的响应码
}
connect_timeout<INTEGER>:连接请求的超时时长
nb_get_retry<INT>:重试次数
delay_before_retry<INT>:重试之前的延迟时长
connect_ip<IP ADDRESS>:向当前RS哪个IP地址发起健康状态检测请求
connect_port<PORT>:向当前RS的哪个PORT发起健康状态检测请求
bindto<IP ADDRESS>:发出健康状态检测请求时使用的源地址
bind_port<PORT>:发出健康状态检测请求时使用的源端口
}

TCP监测

 传输层检测TCP_CHECK

TCP_CHECK {
connect_ip<IP ADDRESS>:向当前RS的哪个IP地址发起健康状态检测请求
connect_port<PORT>:向当前RS的哪个PORT发起健康状态检测请求
bindto<IP ADDRESS>:发出健康状态检测请求时使用的源地址
bind_port<PORT>:发出健康状态检测请求时使用的源端口
connect_timeout<INTEGER>:连接请求的超时时长
}

1、在A主机修改keepalived配置文件

vim  /etc/keepalived/keepalived.conf

global_defs {
   notification_email {
     root@localhost.com
   }
   notification_email_from root@localhost.com
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id ka2
   vrrp_skip_check_adv_addr
   vrrp_iptables
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VIP_1 {
    state MASTER
    interface ens33
    virtual_router_id 50
    priority 100
    unicast_src_ip 192.168.37.7
    unicast_peer {
       192.168.37.17
    }
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        192.168.37.100 dev ens33 label ens33:1
    }
}

include  /etc/keepalived/conf/*.conf   定义一个单独管理的目录,定义keepalived配置文件

 在A主机定义LVS-DR模式配置文件

如果后期keepalived的配置文件修改过大,我们可以调用include,新建一个目录,并在此目录下进行存放配置文件。

[root@centos7keepalived]#mkdir conf
[root@centos7keepalived]#vim conf/tcp.conf 
virtual_server 192.168.37.100 80 {     VIP地址                                                                                                          
        delay_loop 6
        lb_algo wrr  权重轮询
        lb_kind DR   DR模式
        protocol TCP
        sorry_server 192.168.37.47  80  配置后端sorry服务器,当两个keepalived主机都宕机之后,就在此主机进行显示信息。

   real_server 192.168.37.27 80 {  后端RS1服务器IP地址
        weight 1
        TCP_CHECK {
        connect_timeout 5
        nb_get_retry 3
        delay_before_retry 3
        connect_port 80
        }
   }

   real_server 192.168.37.37 80 {  后端RS2服务器
        weight 1
        TCP_CHECK {
        connect_timeout 5
        nb_get_retry 3
        delay_before_retry 3
        connect_port 80
        }
    }
}

2、在B主机修改keepalived配置文件 

 vim  /etc/keepalived/keepalived.conf

global_defs {
   notification_email {
     root@localhost.com
   }
   notification_email_from root@localhost.com
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id ka1
   vrrp_skip_check_adv_addr
   vrrp_iptables
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VIP_1 {
    state BACKUP
    interface ens33
    virtual_router_id 50
    priority 80
    unicast_src_ip 192.168.37.17
    unicast_peer {
       192.168.37.7
    }
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {
        192.168.37.100 dev ens33 label ens33:1
    }
}

include  /etc/keepalived/conf/*.conf

 在B主机定义LVS-DR模式的配置文件 

 新建conf目录,并在此目录下新建一个配置文件

[root@centos_17keepalived]#mkdir conf
[root@centos_17keepalived]#vim conf/tcp.conf 
virtual_server 192.168.37.100 80 {
        delay_loop 6
        lb_algo wrr
        lb_kind DR
        protocol TCP
        sorry_server 192.168.37.47  80  定义sorry server的后端主机,当两个keepalived主机宕机后,就会提示此信息。

   real_server 192.168.37.27 80 {
        weight 1
        TCP_CHECK {
        connect_timeout 5
        nb_get_retry 3
        delay_before_retry 3
        connect_port 80
        }
   }

   real_server 192.168.37.37 80 {
        weight 1
        TCP_CHECK {
        connect_timeout 5
        nb_get_retry 3
        delay_before_retry 3
        connect_port 80
        }
    }
}

 3、后端服务器RS1上修改配置  

  在RS1绑定VIP地址及lo回环网卡

[root@centos27~]#vim lvs_dr_rs.sh 
#!/bin/bash
#Author:wangxiaochun
#Date:2017-08-13                                                                                                                                 
vip=192.168.37.100   绑定VIP地址
mask=‘255.255.255.255‘
dev=lo:1  绑定在lo回环网卡上
rpm -q httpd &> /dev/null || yum -y install httpd &>/dev/null
service httpd start &> /dev/null && echo "The httpd Server is Ready!"
echo "<h1>`hostname`</h1>" > /var/www/html/index.html

case $1 in
start)
    echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
    echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
    ifconfig $dev $vip netmask $mask #broadcast $vip up
    #route add -host $vip dev $dev
    echo "The RS Server is Ready!"
    ;;
stop)
    ifconfig $dev down
    echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
    echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
    echo "The RS Server is Canceled!"
    ;;
*)
    echo "Usage: $(basename $0) start|stop"
    exit 1
    ;;
esac

执行脚本:

[root@centos27~]#bash lvs_dr_rs.sh  start

 4、在RS2后端服务器上修改配置  

 修改RS2的配置脚本,绑定VIP地址及lo回环网卡

#!/bin/bash
#Author:wangxiaochun
#Date:2017-08-13
vip=192.168.37.100                                                                                                                               
mask=‘255.255.255.255‘
dev=lo:1
rpm -q httpd &> /dev/null || yum -y install httpd &>/dev/null
service httpd start &> /dev/null && echo "The httpd Server is Ready!"
echo "<h1>`hostname`</h1>" > /var/www/html/index.html

case $1 in
start)
    echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
    echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
    ifconfig $dev $vip netmask $mask #broadcast $vip up
    #route add -host $vip dev $dev
    echo "The RS Server is Ready!"
    ;;
stop)
    ifconfig $dev down
    echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
    echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
    echo "The RS Server is Canceled!"
    ;;
*)
    echo "Usage: $(basename $0) start|stop"
    exit 1
    ;;
esac

 执行以上脚本

[root@centos37~]#bash lvs_dr_rs.sh  start

 4、在sorry后端服务器上修改配置  

 修改sorry后端服务器配置脚本,绑定VIP地址及lo回环网卡

#!/bin/bash
#Author:wangxiaochun
#Date:2017-08-13
vip=192.168.37.100                                                                                                                               
mask=‘255.255.255.255‘
dev=lo:1
rpm -q httpd &> /dev/null || yum -y install httpd &>/dev/null
service httpd start &> /dev/null && echo "The httpd Server is Ready!"
echo "<h1>`hostname`</h1>" > /var/www/html/index.html

case $1 in
start)
    echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
    echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
    ifconfig $dev $vip netmask $mask #broadcast $vip up
    #route add -host $vip dev $dev
    echo "The RS Server is Ready!"
    ;;
stop)
    ifconfig $dev down
    echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
    echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
    echo "The RS Server is Canceled!"
    ;;
*)
    echo "Usage: $(basename $0) start|stop"
    exit 1
    ;;
esac

 执行以上脚本

[root@centos47~]#bash lvs_dr_rs.sh  start

5、测试效果: 

将RS1和RS2及sorry后端服务器添加测试页面,并启动httpd服务:systemctl  start httpd

[root@cenots277~]#yum install httpd
[root@cenots27~]#cd /var/www/html
[root@cenots27html]#cat index.html 
<h1>cenots27</h1>
[root@cenots37html]#cat index.html 
<h1>cenots37</h1>
[root@cenots37html]#cat index.html 
sorry server !!

 客户端访问LVS的VIP地址,此时LVS将调度到后端服务器,进行轮询访问。

 技术图片

 当后端RS1和RS2后端服务器宕机后,此时就会显示sorry server信息。

 技术图片

 

 

 

 

 

  

 

  

 

以上是关于keepalived绑定单播地址非抢占模式及LVS的TCP模式的高可用的主要内容,如果未能解决你的问题,请参考以下文章

keepalived抢占VIP(单播模式解决)

keepalived介绍与使用

keepalived介绍与使用

keepalived介绍与使用

keepalived介绍与使用

keepalived的抢占与非抢占模式