Core:是keepalived的核心,负责主进程的启动和维护,全局配置文件的加载解析等 。
Check:负责healthchecker(健康检查),包括了各种健康检查方式,以及对应的配置的解析包括LVS的配置解析;
Vrrp:VRRPD子进程,VRRPD子进程就是来实现VRRP协议;
Libipfwc:iptables(ipchains)库,配置LVS会用到;
Libipvs:虚拟服务集群,配置LVS会使用。
Layer3:Keepalived使用Layer3的方式工作式时,Keepalived会定期向服务器群中的服务器发送一个ICMP的数据包(如果发现某台服务的IP地址无法ping通,Keepalived便报告这台服务器失效,并将它从服务器集群中剔除。Layer3的方式是以服务器的IP地址是否有效作为服务器工作正常与否的标准。)
Layer4: Layer4主要以TCP端口的状态来决定服务器工作正常与否。如WEB server的服务端口一般是80,(如果Keepalived检测到80端口没有启动,则Keepalived将把这台服务器从服务器群中剔除)
Layer7:Layer7工作在应用层,Keepalived将根据用户的设定检查服务器程序的运行是否正常。(如果与用户的设定不相符,则Keepalived将把服务器从服务器群中剔除)
- 在主机上使用动态路由协议RIP、OSPF;
- 在主机上配置静态路由(默认网关)
nginx版本:nginx v1.18.0
keepalive版本:keepalive v1.3.5
Nginx-1:192.168.20.10(master)
Nginx-2:192.168.20.20(backup)
#下载keepalive源码包:
wget https://www.keepalived.org/software/keepalived-1.3.5.tar.gz
#下载nginx源码包:
wget http://nginx.org/download/nginx-1.18.0.tar.gz
#解压:
tar -xf keepalived-1.3.5.tar.gz -C /usr/src/
tar -xf nginx-1.18.0.tar.gz -C /usr/src/
#安装依赖包:
yum -y install gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel libnl libnl-devel libnfnetlink libnfnetlink-devel
#创建nginx用户:
useradd -s /sbin/nologin nginx -M
#预编译nginx:
cd /usr/src/nginx-1.18.0/
./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module
#编译&安装nginx
make && make install
#配置nginx环境变量:
vim /etc/profile
#后面添加如下内容:
export PATH=$PATH:/usr/local/nginx/sbin
source /etc/profile
#预编译keepalive:
cd /usr/src/keepalived-1.3.5/
./configure --prefix=/usr/local/keepalived/ --with-kernel-dir=/usr/src/kernels/3.10.0-514.el7.x86_64/
#编译&&安装keepalive:
make && install
#安装完成后,keepalived的默认配置文件地址和我们安装的地址不一样,所以复制过去就可以了
cp /usr/src/keepalived-1.3.5/keepalived/etc/init.d/keepalived /etc/init.d/
mkdir -p /etc/keepalived
cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
cp /usr/src/keepalived-1.3.5/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
#配置环境变量
vim /etc/profile
#后面添加如下内容:
export PATH=$PATH:/usr/local/keepalived/sbin
source /etc/profile
注意:以上的配置master和backup都需要安装
vim /etc/keepalived/keepalive.conf
! Configuration File for keepalived
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_nginx {
script "/data/sh/check_nginx.sh"
interval 2
weight 2
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 90
advert_int 5
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.20.100
}
track_script {
chk_nginx
}
}
#创建存放脚本路径:
mkdir -p /data/sh/
#创建脚本:
vim /data/sh/check_nginx.sh
#!/bin/bash
#auto check nginx process
#2020年9月15日17:16:29
#by author XiaoYuEr
killall -0 nginx
if [[ $? -ne 0 ]];then
service keepalived stop
fi
chmod +x /data/sh/check_nginx.sh
##killall这个命令没有需要安装psmisc-22.20-15.el7.x86_64即可
注意:这个脚本需要两台电脑都需要创建
启动keepalive时可能会遇到以下报错:
systemd: PID file /usr/local/keepalived/var/run/keepalived.pid not readable (yet?) after start.
#这时需要修改keepalived.service文件把pid路径修改一下就可以了
vim /lib/systemd/system/keepalived.service
#修改为以下内容即可:
PIDFile=/var/run/keepalived.pid
#在master中配置index.html
[root@localhost ~]# echo "this is 192.168.20.10 page" > /usr/local/nginx/html/index.html
#在backup机器中配置index.html
echo "this is 192.168.20.20 page" > /usr/local/nginx/html/index.html
[全局定义块]
global_defs {
notification_email { --指定keepalived在发生切换时需要发送email到的对象,一行一个;
[email protected]
}
notification_email_from root@localhost --指定发件人
smtp_server 127.0.0.1 --指定smtp服务器地址
smtp_connect_timeout 3 --指定smtp连接超时时间
router_id LVS_DEVEL --运行keepalived机器的标识
}
[监控Nginx进程]
vrrp_script chk_nginx {
script "/data/script/nginx.sh" --监控服务脚本,脚本x执行权限;
interval 2 --检测时间间隔(执行脚本间隔)
weight 2 --权重
}
[VRRP实例定义块]
vrrp_sync_group VG_1{ --监控多个网段的实例
group {
VI_1 --实例名1
VI_2
}
notify_master /data/sh/nginx.sh --指定当切换到master时,执行的脚本
notify_backup /data/sh/nginx.sh --指定当切换到backup时,执行的脚本
notify /data/sh/nginx.sh --发生任何切换,均执行的脚本
smtp_alert --使用global_defs中提供的邮件地址和smtp服务器发送邮件通知;
}
vrrp_instance VI_1 {
state BACKUP --设置主机状态,MASTER|BACKUP
nopreempt --设置为不抢占
interface eth0 --对外提供服务的网络接口
lvs_sync_daemon_inteface eth0 --负载均衡器之间监控接口;
track_interface { --设置额外的监控,网卡出现问题都会切换;
eth0
eth1
}
mcast_src_ip --发送组播包的地址,如果不设置默认使用绑定网卡的primary ip
garp_master_delay --在切换到master状态后,延迟进行gratuitous ARP请求
virtual_router_id 50 --VRID标记 ,路由ID,可通过#tcpdump vrrp查看
priority 90 --优先级,优先级高者竞选为master
advert_int 5 --检查间隔,默认5秒
preempt_delay --抢占延时,默认5分钟
debug --debug日志级别
authentication { --设置认证
auth_type PASS --认证方式
auth_pass 1111 --认证密码
}
track_script { --以脚本为监控chk_nginx;
chk_nginx
}
virtual_ipaddress { --设置vip地址
192.168.111.188
}
}
注意:使用了脚本监控Nginx或者MYSQL,不需要下面虚拟服务器设置块。
[虚拟服务器定义块]
virtual_server 192.168.111.188 3306 {
delay_loop 6 --健康检查时间间隔
lb_algo rr --调度算法rr|wrr|lc|wlc|lblc|sh|dh
lb_kind DR --负载均衡转发规则NAT|DR|TUN
persistence_timeout 5 --会话保持时间
protocol TCP --使用的协议
real_server 192.168.1.12 3306 {
weight 1 --默认为1,0为失效
notify_up <string> | <quoted-string> --在检测到server up后执行脚本;
notify_down <string> | <quoted-string> --在检测到server down后执行脚本;
TCP_CHECK {
connect_timeout 3 --连接超时时间;
nb_get_retry 1 --重连次数;
delay_before_retry 1 --重连间隔时间;
connect_port 3306 --健康检查的端口;
}
HTTP_GET {
url {
path /index.html --检测url,可写多个
digest 24326582a86bee478bac72d5af25089e --检测效验码
--digest效验码获取方法:genhash -s IP -p 80 -u http://IP/index.html
status_code 200 --检测返回http状态码
}
}
}
nginx版本:nginx v1.18.0
keepalive版本:keepalive v1.3.5
Nginx-1:192.168.20.10(master) (backup)
Nginx-2:192.168.20.20(backup) (master)
#以下配置是master端配置的,即192.168.20.10:
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_nginx {
script "/data/sh/check_nginx.sh"
interval 2
weight 2
}
#VIP1
vrrp_instance VI_1 {
state MASTER
interface ens33
lvs_sync_daemon_inteface ens33
virtual_router_id 51
priority 100
advert_int 5
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.20.100
}
track_script {
chk_nginx
}
}
#VIP2
vrrp_instance VI_2 {
state BACKUP
interface ens33
lvs_sync_daemon_inteface ens33
virtual_router_id 52
priority 90
advert_int 5
nopreempt
authentication {
auth_type PASS
auth_pass 2222
}
virtual_ipaddress {
192.168.20.200
}
track_script {
chk_nginx
}
}
#backup端配置即:192.168.20.20
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
notification_email {
[email protected]
}
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_nginx {
script "/data/sh/check_nginx.sh"
interval 2
weight 2
}
#VIP1
vrrp_instance VI_1 {
state BACKUP
interface ens33
lvs_sync_daemon_inteface ens33
virtual_router_id 51
priority 90
advert_int 5
nopreempt
authentication {
auth_pass 1111
}
virtual_ipaddress {
192.168.20.100
}
track_script {
chk_nginx
}
}
#VIP2
vrrp_instance VI_2 {
state MASTER
interface ens33
lvs_sync_daemon_inteface ens33
virtual_router_id 52
priority 100
advert_int 5
nopreempt
authentication {
auth_type PASS
auth_pass 2222
}
virtual_ipaddress {
192.168.20.200
}
track_script {
chk_nginx
}
}
[root@localhost ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:ec:10:55 brd ff:ff:ff:ff:ff:ff
inet 192.168.20.10/24 brd 192.168.20.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.20.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.20.200/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::cbc:47d:6f9d:da7/64 scope link noprefixroute
valid_lft forever preferred_lft forever
- Keepalived主配置文件必须设置不同的VRRP名称,同时优先级和VIP设置也各不相同;
- Nginx网站总访问量为两台Nginx服务器之和,可以写脚本自动统计访问量;
- 两台Nginx为Master,存在两个VIP地址,用户从外网访问VIP,需配置域名映射到两个VIP上方可。
- 通过外网DNS映射不同VIP的方法也称为DNS负载均衡模式; 可以通过Zabbix实时监控VIP访问状态是否正常。