keepalived高可用
keepalived高可用
- 1、keepalived简介
-
- 1.1keepalived原理
- 2、keepalived部署httpd
- 3、让keepalived通过脚本监控httpd负载均衡机
- 4、配置keepalived加入监控脚本的配置
- 5、验证
实验环境:
| 服务器 | IP |
|---|---|
| master | 192.168.164.128 |
| slave | 192.168.164.137 |
VIP(面向客户端的IP)为192.168.164.250
1、keepalived简介
高可用的实现方式:
- keepalived 在物理机、虚拟机上部署
- slb 在云主机上使用,自带负载均衡和高可用功能
keepalived是什么?
Keepalived 软件起初是专为LVS负载均衡软件设计的,用来管理并监控LVS集群系统中各个服务节点的状态,后来又加入了可以实现高可用的VRRP功能。因此,Keepalived除了能够管理LVS软件外,还可以作为其他服务(例如:Nginx、Haproxy、MySQL等)的高可用解决方案软件。
Keepalived软件主要是通过VRRP协议实现高可用功能的。VRRP是Virtual Router RedundancyProtocol(虚拟路由器冗余协议)的缩写,VRRP出现的目的就是为了解决静态路由单点故障问题的,它能够保证当个别节点宕机时,整个网络可以不间断地运行。
所以,Keepalived 一方面具有配置管理LVS的功能,同时还具有对LVS下面节点进行健康检查的功能,另一方面也可实现系统网络服务的高可用功能。
keepalived的重要功能
keepalived 有三个重要的功能,分别是:
- 管理LVS负载均衡软件
- 实现LVS集群节点的健康检查
- 作为系统网络服务的高可用性(failover)
1.1keepalived原理
Keepalived高可用对之间是通过VRRP通信的,因此,我们从 VRRP开始了解起:
- VRRP,全称 Virtual Router Redundancy Protocol,中文名为虚拟路由冗余协议,VRRP的出现是为了解决静态路由的单点故障。
- VRRP是通过一种竟选协议机制来将路由任务交给某台 VRRP路由器的。
- VRRP用 IP多播的方式(默认多播地址(224.0_0.18))实现高可用对之间通信。
- 工作时主节点发包,备节点接包,当备节点接收不到主节点发的数据包的时候,就启动接管程序接管主节点的开源。备节点可以有多个,通过优先级竞选,但一般 Keepalived系统运维工作中都是一对。
- VRRP使用了加密协议加密数据,但Keepalived官方目前还是推荐用明文的方式配置认证类型和密码。
介绍完 VRRP,接下来我再介绍一下 Keepalived服务的工作原理:
Keepalived高可用是通过 VRRP 进行通信的, VRRP是通过竞选机制来确定主备的,主的优先级高于备,因此,工作时主会优先获得所有的资源,备节点处于等待状态,当主挂了的时候,备节点就会接管主节点的资源,然后顶替主节点对外提供服务。
在 Keepalived 服务之间,只有作为主的服务器会一直发送 VRRP 广播包,告诉备它还活着,此时备不会枪占主,当主不可用时,即备监听不到主发送的广播包时,就会启动相关服务接管资源,保证业务的连续性.接管速度最快可以小于1秒。
Keepalived对服务器运行状态和故障隔离的工作原理:
Keepalived工作在TCP/IP参考模型的三层、四层、五层(物理层,链路层):
网络层(3):Keepalived通过ICMP协议向服务器集群中的每一个节点发送一个ICMP数据包(有点类似与Ping的功能),如果某个节点没有返回响应数据包,那么认为该节点发生了故障,Keepalived将报告这个节点失效,并从服务器集群中剔除故障节点。
传输层(4):Keepalived在传输层里利用了TCP协议的端口连接和扫描技术来判断集群节点的端口是否正常,比如对于常见的WEB服务器80端口。或者SSH服务22端口,Keepalived一旦在传输层探测到这些端口号没有数据响应和数据返回,就认为这些端口发生异常,然后强制将这些端口所对应的节点从服务器集群中剔除掉。
应用层(5):,Keepalived的运行方式也更加全面化和复杂化,用户可以通过自定义Keepalived工作方式,例如:可以通过编写程序或者脚本来运行Keepalived,而Keepalived将根据用户的设定参数检测各种程序或者服务是否允许正常,如果Keepalived的检测结果和用户设定的不一致时,Keepalived将把对应的服务器从服务器集群中剔除。
2、keepalived部署httpd
主服务器配置
关闭防火墙下载keepalived
//关闭防火墙和selinux
[root@master ~]# systemctl disable --now firewalld.service
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@master ~]# setenforce 0
[root@master ~]# vim /etc/selinux/config
SELINUX=disabled
//安装keepalived
[root@master ~]# yum -y install keepalived
//查看安装生成的文件
[root@master ~]# rpm -ql keepalived
/etc/keepalived
/etc/keepalived/keepalived.conf //配置文件
/etc/sysconfig/keepalived
/usr/bin/genhash
/usr/lib/systemd/system/keepalived.service //服务控制文件
/usr/libexec/keepalived
/usr/sbin/keepalived
......
备服务器配置
关闭防火墙和selinux、下载keepalived
//关闭防火墙和selinux
[root@slave ~]# systemctl disable --now firewalld.service
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@slaver ~]# setenforce 0
[root@slave ~]# vim /etc/selinux/config
SELINUX=disabled
//安装keepalived
[root@slaver ~]# yum -y install keepalived
在主备机上分别安装httpd
主服务器
[root@master ~]# yum -y install httpd
[root@master ~]# cd /var/www/html/
[root@master html]# ls
[root@master html]# echo "master" > index.html
[root@master html]# cat index.html
master
//启动httpd服务
[root@master html]# systemctl start httpd.service
[root@master html]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
备服务器
[root@slave ~]# yum -y install httpd
[root@slave ~]# cd /var/www/html/
[root@slave html]# ls
[root@slave html]# echo "slave" > index.html
[root@slave html]# cat index.html
slave
//启动httpd服务
[root@slave html]# systemctl start httpd.service
[root@slave html]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
keepalived配置
主服务器配置
[root@master ~]# cd /etc/keepalived/
[root@master keepalived]# ls
keepalived.conf
[root@master keepalived]# cp keepalived.conf{,-bak} //本分原配置文件
[root@master keepalived]# ls
keepalived.conf keepalived.conf-bak
[root@master keepalived]# rm -rf keepalived.conf
[root@master keepalived]# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_instance VI_1 {
state MASTER
interface ens33 //网卡名要和IP a 网卡名一样
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass wjm123 //密码
}
virtual_ipaddress {
192.168.164.250
}
}
virtual_server 192.168.164.250 80 {
//VIP 加端口号
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.164.128 80 {
//主服务器IP
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.164.137 80 {
//备服务器IP
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@master keepalived]# systemctl start keepalived
[root@master keepalived]# systemctl enable keepalived
Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.
//把配置文件传到备服务器上,应为主备都需要配置
[root@master keepalived]# scp keepalived.conf [email protected]:/etc/keepalived
The authenticity of host '192.168.164.137 (192.168.164.137)' can't be established.
ECDSA key fingerprint is SHA256:LHRhfz+dzwLMs+25QRqhHneTBq5ScV3htejYRiSJ7Pk.
ECDSA key fingerprint is MD5:cc:ac:35:a9:d1:e5:74:d9:8b:11:62:1c:31:9e:01:5d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.164.137' (ECDSA) to the list of known hosts.
[email protected]'s password:
keepalived.conf 100% 868 339.8KB/s 00:00
配置备keepalived
//查看目录中是否有来自主服务器发来的文件
[root@slave keepalived]# ls
keepalived.conf keepalived.conf-bak
//修改配置文件
[root@slave keepalived]# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP //修改为backup 备份
interface ens33
virtual_router_id 51
priority 90 //权重改成90,这样VIP才能到128主机上
advert_int 1
authentication {
auth_type PASS
auth_pass wjm123
}
virtual_ipaddress {
192.168.164.250
}
}
virtual_server 192.168.164.250 80 {
//VIP地址 和服务端口号
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.164.128 80 {
//主服务器
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.164.137 80 {
//备服务器
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
//重启并设置为开机自启
[root@slave keepalived]# systemctl start keepalived
[root@slave keepalived]# systemctl enable keepalived
Created symlink /etc/systemd/system/multi-user.target.wants/keepalived.service → /usr/lib/systemd/system/keepalived.service.
查看VIP在哪里
主服务查看
[root@master keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:73:96:01 brd ff:ff:ff:ff:ff:ff
inet 192.168.164.128/24 brd 192.168.164.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.164.250/32 scope global ens33 //看见此次主服务上有VIP,说明是这台主机提供的服务(面向客户端的IP地址)
valid_lft forever preferred_lft forever
inet6 fe80::65f2:205e:c9e8:7e94/64 scope link noprefixroute
valid_lft forever preferred_lft forever
备服务器查看
[root@slave ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:b0:c6:8a brd ff:ff:ff:ff:ff:ff
inet 192.168.164.137/24 brd 192.168.164.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::394:4b63:da73:a11/64 scope link noprefixroute
valid_lft forever preferred_lft forever
测试
关闭主服务器上的keepalived
[root@master ~]# systemctl stop keepalived
[root@master ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:73:96:01 brd ff:ff:ff:ff:ff:ff
inet 192.168.164.128/24 brd 192.168.164.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::65f2:205e:c9e8:7e94/64 scope link noprefixroute
valid_lft forever preferred_lft forever
//去备服务器查看,发现vip到备服务了说明是备服务器提供的服务
[root@slave ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:b0:c6:8a brd ff:ff:ff:ff:ff:ff
inet 192.168.164.137/24 brd 192.168.164.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.164.250/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::394:4b63:da73:a11/64 scope link noprefixroute
valid_lft forever preferred_lft forever
关闭主服务的Keeplived,发现VIP到了备服务器,此时去访问网站是备服服务器提供的服务
3、让keepalived通过脚本监控httpd负载均衡机
keepalived通过脚本来监控nginx负载均衡机的状态
主服务器编辑脚本
两个脚本
[root@master ~]# mkdir /scripts
[root@master ~]# cd /scripts/
[root@master scripts]# vi check_h.sh
#!/bin/bash
httpd_status=$(ps -ef|grep -Ev "httpd|$0"|grep '\bhttpd\b'|wc -l)
if [ $httpd_status -lt 1 ];then
systemctl stop keepalived
fi
[root@master scripts]# chmod +x check_h.sh //添加执行的权限 X
[root@master scripts]# ll
总用量 4
-rwxr-xr-x. 1 root root 142 10月 21 21:16 check_h.sh
//创建编辑第二个脚本
[root@master scripts]# vi notify.sh
#!/bin/bash
VIP=$2
case "$1" in
master)
httpd_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bhttpd\b'|wc -l)
if [ $httpd_status -lt 1 ];then
systemctl start httpd
fi
;;
backup)
httpd_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bhttpd\b'|wc -l)
if [ $httpd_status -gt 0 ];then
systemctl stop httpd
fi
;;
*)
echo "Usage:$0 master|backup VIP"
;;
esac
[root@master scripts]# chmod +x notify.sh
[root@master scripts]# ll
总用量 8
-rwxr-xr-x. 1 root root 142 10月 21 21:16 check_h.sh
-rwxr-xr-x. 1 root root 432 10月 21 21:26 notify.sh
//待备服务器创建完/scripts后,再把notify脚本用scp传到对面相同目录中
//待备服务器创建完/scripts后,再把notify脚本用scp传到对面相同目录中
//待备服务器创建完/scripts后,再把notify脚本用scp传到对面相同目录中
[root@master scripts]# scp notify.sh [email protected]:/scripts
[email protected]'s password:
notify.sh 100% 432 109.0KB/s 00:00
备服务器编辑脚本
[root@slave ~]# mkdir /scripts
[root@slave ~]# cd /scripts/
//查看是否收到对面穿过来的脚本文件
[root@slave scripts]# ll
总用量 4
-rwxr-xr-x. 1 root root 432 10月 21 21:30 notify.sh
4、配置keepalived加入监控脚本的配置
配置主服务器的keepalived
//开启主服务器上的Keeplived
[root@master scripts]# systemctl start keepalived
[root@master scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:73:96:01 brd ff:ff:ff:ff:ff:ff
inet 192.168.164.128/24 brd 192.168.164.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.164.250/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::65f2:205e:c9e8:7e94/64 scope link noprefixroute
valid_lft forever preferred_lft forever
//编辑主服务的keepalived配置文件
[root@master scripts]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_script httpd_check {
//添加以下4行
script "/scripts/check_h.sh"
interval 1
weight -20
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass wjm123
}
virtual_ipaddress {
192.168.164.250
}
track_script {
httpd_check
}
notify_master "/scripts/notify.sh master 192.168.164.250" //添加以下两行
notify_backup "/scripts/notify.sh backup 192.168.164.250"
}
virtual_server 192.168.164.250 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.164.128 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.164.137 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
//重启服务
[root@master scripts]# systemctl restart keepalived
备服务器配置keepalived
[root@slave scripts]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass wjm123
}
virtual_ipaddress {
192.168.164.250
}
notify_master "/scripts/notify.sh master 192.168.164.250" //添加以下两行内容
notify_backup "/scripts/notify.sh backup 192.168.164.250"
}
virtual_server 192.168.164.250 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.164.128 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.164.137 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
//重启服务
[root@slave ~]# systemctl restart keepalived
5、验证
//模拟关闭主上面的httpd,发现keepalived服务已经自动关闭了
[root@master scripts]# systemctl stop httpd
[root@master scripts]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@master scripts]# ip a //此时去查看IP发现VIP已经不在了
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:73:96:01 brd ff:ff:ff:ff:ff:ff
inet 192.168.164.128/24 brd 192.168.164.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::65f2:205e:c9e8:7e94/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@master scripts]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vendor preset: disabled)
Active: inactive (dead) since 四 2021-10-21 23:41:22 CST; 55s ago
Process: 117289 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 117290 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/keepalived.service
10月 21 23:41:21 master Keepalived_vrrp[117292]: WARNING -...
10月 21 23:41:21 master Keepalived_vrrp[117292]: SECURITY ...
10月 21 23:41:21 master Keepalived_vrrp[117292]: VRRP_Inst...
10月 21 23:41:21 master Keepalived_vrrp[117292]: Using Lin...
10月 21 23:41:21 master Keepalived_vrrp[117292]: VRRP sock...
10月 21 23:41:21 master Keepalived[117290]: Stopping
10月 21 23:41:21 master systemd[1]: Stopping LVS and VRRP ...
10月 21 23:41:21 master Keepalived_healthcheckers[117291]: ...
10月 21 23:41:21 master Keepalived_healthcheckers[117291]: ...
10月 21 23:41:22 master systemd[1]: Stopped LVS and VRRP H...
Hint: Some lines were ellipsized, use -l to show in full.
//去备服务器查看IP,发现VIP在备服务上,现在访问VIP 所提供服务的是备服务器
[root@slave scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:b0:c6:8a brd ff:ff:ff:ff:ff:ff
inet 192.168.164.137/24 brd 192.168.164.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.164.250/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::394:4b63:da73:a11/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@slave scripts]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
现在去访问,查看是否是备提供的服务
