keepalived绑定单播地址非抢占模式及LVS的TCP模式的高可用
Posted struggle-1216
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了keepalived绑定单播地址非抢占模式及LVS的TCP模式的高可用相关的知识,希望对你有一定的参考价值。
背景:keepalived默认是组播地址进行播放,且默认地址是224.0.0.18,如果配置多个keepalived主机,会导致虚拟IP地址存在冲突问题,这种问题怎么解决呢?
解决办法:就是将keepalived主机的多播地址修改为单播地址,绑定固定IP地址,避免在多播模式下,通过VRRP进行广播地址,造成IP地址地址冲突。
vrrp_strict #严格遵守VRRP协议,不允许状况,在配置单播IP地址时,此行需要删除或者注释掉即可。
1、没有VIP地址
2、单播邻居
3、在VRRP版本2中有IPv6地址
实验一:实现keepalived单播地址配置
1、在主节点配置keepalived文件
[root@centos_17~]#vim /etc/keepalived/keepalived.conf global_defs { notification_email { root@localhost.com } notification_email_from root@localhost.com smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka1 vrrp_skip_check_adv_addr vrrp_iptables vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_instance VI_1 { state MASTER interface ens33 virtual_router_id 50 priority 100 unicast_src_ip 192.168.37.17 配置源地址的IP地址 unicast_peer { 192.168.37.7 配置从节点的目标IP地址 } advert_int 2 authentication { auth_type pass auth_pass 123456 } virtual_ipaddress { 192.168.37.100 dev ens33 label ens33:1 } }
配置完成之后重启keepalived:
[root@centos_17~]#systemctl restart keepalived
2、在从节点配置keepalived文件
[root@centos7~]#vim /etc/keepalived/keepalived.conf global_defs { notification_email { root@localhost.com } notification_email_from root@localhost.com smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka2 vrrp_skip_check_adv_addr vrrp_iptables vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_instance VI_1 { state BACKUP interface ens33 virtual_router_id 50 priority 80 unicast_src_ip 192.168.37.7 unicast_peer { 192.168.37.17 advert_int 2 authentication { auth_type pass auth_pass 123456 } virtual_ipaddress { 192.168.37.100 dev ens33 label ens33:1 } }
配置完成之后重启keepalived:
[root@centos_17~]#systemctl restart keepalived
3、验证锁单播IP地址效果。
此时由于绑定了双方keepalived主机的IP地址,就只会对双方进行广播,避免多个keepalived的虚拟IP地址进行冲突。
实验二:实现非抢占模式漂移VIP
原理:关闭VIP抢占模式,需要VIP state都为BACKUP,此时哪个keepalived的优先级大,优先占用哪个keepalived服务器,当此占用的服务器宕机后,另一个BACKUP主机才会进行占用,就算优先级高的恢复了,也不能进行抢占,除非优先级低的服务器宕机后,才会继续占用到高优先级的keepalived服务器上。
1、在优先级高的keepalived主机进行配置
vim /etc/keepalived/keepalived.conf
global_defs { notification_email { root@localhost.com } notification_email_from root@localhost.com smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka1 vrrp_skip_check_adv_addr vrrp_iptables vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_instance VIP_1 { state BACKUP 角色必须是BACKUP interface ens33 virtual_router_id 50 priority 100 unicast_src_ip 192.168.37.17 unicast_peer { 192.168.37.7 } advert_int 2 nopreempt 设置为非抢占模式 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 192.168.37.100 dev ens33 label ens33:1 } }
2、在优先级低的keepalived主机配置
vim /etc/keepalived/keepalived.conf
global_defs { notification_email { root@localhost.com } notification_email_from root@localhost.com smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka2 vrrp_skip_check_adv_addr vrrp_iptables vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_instance VIP_1 { state BACKUP 角色必须是BACKUP interface ens33 virtual_router_id 60 priority 80 unicast_src_ip 192.168.37.7 unicast_peer { 192.168.37.17 } advert_int 2 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 192.168.37.100 dev ens33 label ens33:1 } }
测试效果:
此时手动将keepalived主机优先级高的进行宕机,VIP就会漂移到优先级低的主机上。
[root@centos_17~]#systemctl stop keepalived
此时查看优先级低的主机IP地址情况:
此时就算高优先级的主机恢复,也无法抢占VIP地址,此时需要宕机优先级低的主机才会占用VIP地址。
启动优先级高的主机:systemctl start keepalived
停掉优先级低的主机:systemctl stop keepalived
实战三:实现两个以上的Keepalived主机
背景:当公司需求量较大时,两个keepalived已经不能满足公司需求,此时需要配置两台以上的keepalived,应该怎么配置?
实现方法如下:
1、在A主机配置keepalived
vim /etc/keepalived/keepalived.conf
global_defs { notification_email { root@localhost.com } notification_email_from root@localhost.com smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka1 vrrp_skip_check_adv_addr vrrp_iptables vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_instance VIP_1 { state MASTER 主节点服务器 interface ens33 virtual_router_id 60 priority 100 优先级为100 unicast_src_ip 192.168.37.7 绑定单播地址,防止IP地址与其他keepalived地址冲突 unicast_peer { 192.168.37.17 目标keepalived主机IP地址 192.168.37.27 目标keepalived主机IP地址 } advert_int 2 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 192.168.37.100 dev ens33 label ens33:1 添加VIP地址,也可以多添加几个地址 } }
2、在B主机配置keepalived
global_defs { notification_email { root@localhost.com } notification_email_from root@localhost.com smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka1 vrrp_skip_check_adv_addr vrrp_iptables vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_instance VIP_1 { state BACKUP 从节点服务器 interface ens33 virtual_router_id 50 priority 80 优先级为80 unicast_src_ip 192.168.37.17 绑定单播地址,源keepalived的IP地址 unicast_peer { 192.168.37.7 两个目标的keepalived的IP地址 192.168.37.27 } advert_int 2 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 192.168.37.100 dev ens33 label ens33:1 } }
3、在C主机配置keepalived
global_defs { notification_email { root@localhost.com } notification_email_from root@localhost.com smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka1 vrrp_skip_check_adv_addr vrrp_iptables vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_instance VIP_1 { state BACKUP 从节点服务器 interface ens33 virtual_router_id 50 priority 60 优先级为60,要比前两个的主机优先级都要低 unicast_src_ip 192.168.37.27 绑定单播地址,源地址 unicast_peer { 192.168.37.7 两个keepalived的目标地址 192.168.37.17 } advert_int 2 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 192.168.37.100 dev ens33 label ens33:1 } }
测试效果:
将A主机的keepalived宕机,可以观察此时的B主机成为MASTER主机,VIP地址就会漂移到B主机上。
当B主机的keepalived也宕机之后,此时的VIP就会漂移到C主机从节点的keepalived服务器上
同理:当优先级高的keepalived服务器恢复后,VIP地址就又会漂移回去。
实战四:实现TCP模式keepalived及LVS-DR模式高可用(此用法多于HTTP用法)
参数含义:
delay_loop<INT>:检查后端服务器的时间间隔 lb_algorr|wrr|lc|wlc|lblc|sh|dh:定义调度方法 lb_kindNAT|DR|TUN:集群的类型 persistence_timeout<INT>:持久连接时长 protocol TCP|UDP|SCTP:指定服务协议 sorry_server<IPADDR> <PORT>:所有RS故障时,备用服务器地址 real_server<IPADDR> <PORT> { weight <INT> RS权重 notify_up<STRING>|<QUOTED-STRING> RS上线通知脚本 notify_down<STRING>|<QUOTED-STRING> RS下线通知脚本 HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|MISC_CHEC K { ... }:定义当前主机的健康状态检测方法 }
HTTP监测含义
HTTP_GET|SSL_GET:应用层检测 HTTP_GET|SSL_GET { url{ path <URL_PATH>:定义要监控的URL status_code<INT>:判断上述检测机制为健康状态的响应码 } connect_timeout<INTEGER>:连接请求的超时时长 nb_get_retry<INT>:重试次数 delay_before_retry<INT>:重试之前的延迟时长 connect_ip<IP ADDRESS>:向当前RS哪个IP地址发起健康状态检测请求 connect_port<PORT>:向当前RS的哪个PORT发起健康状态检测请求 bindto<IP ADDRESS>:发出健康状态检测请求时使用的源地址 bind_port<PORT>:发出健康状态检测请求时使用的源端口 }
TCP监测
传输层检测TCP_CHECK
TCP_CHECK { connect_ip<IP ADDRESS>:向当前RS的哪个IP地址发起健康状态检测请求 connect_port<PORT>:向当前RS的哪个PORT发起健康状态检测请求 bindto<IP ADDRESS>:发出健康状态检测请求时使用的源地址 bind_port<PORT>:发出健康状态检测请求时使用的源端口 connect_timeout<INTEGER>:连接请求的超时时长 }
1、在A主机修改keepalived配置文件
vim /etc/keepalived/keepalived.conf
global_defs { notification_email { root@localhost.com } notification_email_from root@localhost.com smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka2 vrrp_skip_check_adv_addr vrrp_iptables vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_instance VIP_1 { state MASTER interface ens33 virtual_router_id 50 priority 100 unicast_src_ip 192.168.37.7 unicast_peer { 192.168.37.17 } advert_int 2 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 192.168.37.100 dev ens33 label ens33:1 } } include /etc/keepalived/conf/*.conf 定义一个单独管理的目录,定义keepalived配置文件
在A主机定义LVS-DR模式配置文件
如果后期keepalived的配置文件修改过大,我们可以调用include,新建一个目录,并在此目录下进行存放配置文件。
[root@centos7keepalived]#mkdir conf [root@centos7keepalived]#vim conf/tcp.conf virtual_server 192.168.37.100 80 { VIP地址 delay_loop 6 lb_algo wrr 权重轮询 lb_kind DR DR模式 protocol TCP sorry_server 192.168.37.47 80 配置后端sorry服务器,当两个keepalived主机都宕机之后,就在此主机进行显示信息。 real_server 192.168.37.27 80 { 后端RS1服务器IP地址 weight 1 TCP_CHECK { connect_timeout 5 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } real_server 192.168.37.37 80 { 后端RS2服务器 weight 1 TCP_CHECK { connect_timeout 5 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } }
2、在B主机修改keepalived配置文件
vim /etc/keepalived/keepalived.conf
global_defs { notification_email { root@localhost.com } notification_email_from root@localhost.com smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka1 vrrp_skip_check_adv_addr vrrp_iptables vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_instance VIP_1 { state BACKUP interface ens33 virtual_router_id 50 priority 80 unicast_src_ip 192.168.37.17 unicast_peer { 192.168.37.7 } advert_int 2 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 192.168.37.100 dev ens33 label ens33:1 } } include /etc/keepalived/conf/*.conf
在B主机定义LVS-DR模式的配置文件
新建conf目录,并在此目录下新建一个配置文件
[root@centos_17keepalived]#mkdir conf [root@centos_17keepalived]#vim conf/tcp.conf virtual_server 192.168.37.100 80 { delay_loop 6 lb_algo wrr lb_kind DR protocol TCP sorry_server 192.168.37.47 80 定义sorry server的后端主机,当两个keepalived主机宕机后,就会提示此信息。 real_server 192.168.37.27 80 { weight 1 TCP_CHECK { connect_timeout 5 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } real_server 192.168.37.37 80 { weight 1 TCP_CHECK { connect_timeout 5 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } }
3、后端服务器RS1上修改配置
在RS1绑定VIP地址及lo回环网卡
[root@centos27~]#vim lvs_dr_rs.sh #!/bin/bash #Author:wangxiaochun #Date:2017-08-13 vip=192.168.37.100 绑定VIP地址 mask=‘255.255.255.255‘ dev=lo:1 绑定在lo回环网卡上 rpm -q httpd &> /dev/null || yum -y install httpd &>/dev/null service httpd start &> /dev/null && echo "The httpd Server is Ready!" echo "<h1>`hostname`</h1>" > /var/www/html/index.html case $1 in start) echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce ifconfig $dev $vip netmask $mask #broadcast $vip up #route add -host $vip dev $dev echo "The RS Server is Ready!" ;; stop) ifconfig $dev down echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce echo "The RS Server is Canceled!" ;; *) echo "Usage: $(basename $0) start|stop" exit 1 ;; esac
执行脚本:
[root@centos27~]#bash lvs_dr_rs.sh start
4、在RS2后端服务器上修改配置
修改RS2的配置脚本,绑定VIP地址及lo回环网卡
#!/bin/bash #Author:wangxiaochun #Date:2017-08-13 vip=192.168.37.100 mask=‘255.255.255.255‘ dev=lo:1 rpm -q httpd &> /dev/null || yum -y install httpd &>/dev/null service httpd start &> /dev/null && echo "The httpd Server is Ready!" echo "<h1>`hostname`</h1>" > /var/www/html/index.html case $1 in start) echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce ifconfig $dev $vip netmask $mask #broadcast $vip up #route add -host $vip dev $dev echo "The RS Server is Ready!" ;; stop) ifconfig $dev down echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce echo "The RS Server is Canceled!" ;; *) echo "Usage: $(basename $0) start|stop" exit 1 ;; esac
执行以上脚本
[root@centos37~]#bash lvs_dr_rs.sh start
4、在sorry后端服务器上修改配置
修改sorry后端服务器配置脚本,绑定VIP地址及lo回环网卡
#!/bin/bash #Author:wangxiaochun #Date:2017-08-13 vip=192.168.37.100 mask=‘255.255.255.255‘ dev=lo:1 rpm -q httpd &> /dev/null || yum -y install httpd &>/dev/null service httpd start &> /dev/null && echo "The httpd Server is Ready!" echo "<h1>`hostname`</h1>" > /var/www/html/index.html case $1 in start) echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce ifconfig $dev $vip netmask $mask #broadcast $vip up #route add -host $vip dev $dev echo "The RS Server is Ready!" ;; stop) ifconfig $dev down echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce echo "The RS Server is Canceled!" ;; *) echo "Usage: $(basename $0) start|stop" exit 1 ;; esac
执行以上脚本
[root@centos47~]#bash lvs_dr_rs.sh start
5、测试效果:
将RS1和RS2及sorry后端服务器添加测试页面,并启动httpd服务:systemctl start httpd
[root@cenots277~]#yum install httpd [root@cenots27~]#cd /var/www/html [root@cenots27html]#cat index.html <h1>cenots27</h1> [root@cenots37html]#cat index.html <h1>cenots37</h1> [root@cenots37html]#cat index.html sorry server !!
客户端访问LVS的VIP地址,此时LVS将调度到后端服务器,进行轮询访问。
当后端RS1和RS2后端服务器宕机后,此时就会显示sorry server信息。
以上是关于keepalived绑定单播地址非抢占模式及LVS的TCP模式的高可用的主要内容,如果未能解决你的问题,请参考以下文章