Keepalived+Lvs+Nginx 实现高可用集群,保证nginx服务正常运行
系统centos7
IP | 主机名 | 作用 |
192.168.28.141/24 | klmaster | 配置Keepalived(Master)、配置LVS,作为负载均衡器 |
192.168.28.143/24 | klbackup | 配置Keepalived(Backup)、配置LVS,作为负载均衡器 |
192.168.28.144/24 | nginx1 | 配置nginx,作为RS web服务器测试 |
192.168.28.145/24 | nginx2 | 配置nginx,作为RS web服务器测试 |
通过Keepalived自动配置lvs,无需单独配置lvs。
[root@klmaster ~]# yum -y install keepalived ipvsadm
[root@klmaster ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id Directory01 #标识Keepalived,作为Backup的Keepalived此处应不同
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER #定义Keepalived角色,并非决定因素,起决定作用的是priority优先级
interface ens33 #检测的网络接口
virtual_router_id 66 #虚拟路由器标识,主备Keepalived一致
priority 100 #优先级
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { #设置VIP
192.168.28.150 dev ens33 label ens33:0
}
}
virtual_server 192.168.28.150 80 { #配置lvs的VIP和端口
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.28.144 80 { #作为RS的nginx1的真实IP
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.28.145 80 { #作为RS的nginx2的真实IP
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@klbackup ~]# yum -y install keepalived ipvsadm
[root@klbackup ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id Directory02
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 66
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.28.150 dev ens33 label ens33:0
}
}
virtual_server 192.168.28.150 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.28.144 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.28.145 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@nginx1 ~]# yum -y install nginx
[root@nginx1 ~]# vim /usr/share/nginx/html/index.html
This is nginx1 page!
[root@nginx1 ~]# systemctl enable --now nginx
[root@nginx1 ~]# cp /etc/sysconfig/network-scripts/ifcfg-lo /etc/sysconfig/network-scripts/ifcfg-lo:0
[root@nginx1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.28.150
NETMASK=255.255.255.255
ONBOOT=yes
NAME=loopback
[root@nginx1 ~]# systemctl restart network
[root@nginx1 ~]# ifconfig
ens33: flags=4163 mtu 1500
inet 192.168.28.144 netmask 255.255.255.0 broadcast 192.168.28.255
inet6 fe80::20c:29ff:febf:6bb8 prefixlen 64 scopeid 0x20
ether 00:0c:29:bf:6b:b8 txqueuelen 1000 (Ethernet)
RX packets 609 bytes 56028 (54.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 880 bytes 236014 (230.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback)
RX packets 36 bytes 3060 (2.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 36 bytes 3060 (2.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo:0: flags=73 mtu 65536
inet 192.168.28.150 netmask 255.255.255.255
loop txqueuelen 1000 (Local Loopback)
[root@nginx1 ~]# vim /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_announce = 2
[root@nginx1 ~]# systemctl -p
[root@nginx2 ~]# yum -y install nginx
[root@nginx2 ~]# vim /usr/share/nginx/html/index.html
This is nginx2 page!
[root@nginx2 ~]# systemctl enable --now nginx
[root@nginx2 ~]# cp /etc/sysconfig/network-scripts/ifcfg-lo /etc/sysconfig/network-scripts/ifcfg-lo:0
[root@nginx2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.28.150
NETMASK=255.255.255.255
ONBOOT=yes
NAME=loopback
[root@nginx2 ~]# systemctl restart network
[root@nginx2 ~]# ifconfig
ens33: flags=4163 mtu 1500
inet 192.168.28.144 netmask 255.255.255.0 broadcast 192.168.28.255
inet6 fe80::20c:29ff:febf:6bb8 prefixlen 64 scopeid 0x20
ether 00:0c:29:bf:6b:b8 txqueuelen 1000 (Ethernet)
RX packets 609 bytes 56028 (54.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 880 bytes 236014 (230.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback)
RX packets 36 bytes 3060 (2.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 36 bytes 3060 (2.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo:0: flags=73 mtu 65536
inet 192.168.28.150 netmask 255.255.255.255
loop txqueuelen 1000 (Local Loopback)
[root@nginx2 ~]# vim /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_announce = 2
[root@nginx2 ~]# systemctl -p
启动Keepalived
[root@klmaster ~]# systemctl enable --now keepalived
[root@klbackup ~]# systemctl enable --now keepalived
查看lvs规则
[root@klmaster ~]# ipvsadm -Ln
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.28.150:80 rr persistent 50
-> 192.168.28.144:80 Route 1 0 0
-> 192.168.28.145:80 Route 1 0 0
[root@klbackup ~]# ipvsadm -Ln
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.28.150:80 rr persistent 50
-> 192.168.28.144:80 Route 1 0 0
-> 192.168.28.145:80 Route 1 0 0
分别在主备Keepalived主机上抓包查看组播信息
此时主备Keepalived都正常运行,但klmaster优先级priority高,klmaster的Keepalived在提供服务
[root@klmaster ~]# tcpdump -i ens33 -nn | grep 224.0.0.18
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
20:24:47.755711 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
20:24:48.757495 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
20:24:49.758650 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
20:24:50.759840 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
20:24:51.761223 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
20:24:52.762540 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
[root@klbackup ~]# tcpdump -i ens33 -nn | grep 224.0.0.18
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
20:43:35.348367 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
20:43:36.349916 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
20:43:37.351849 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
20:43:38.353368 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
20:43:39.354468 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
20:43:40.355704 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
先关闭Keepalived(Master),等待两三秒再开启Keepalived(Master);此时抓包信息产生变化
[root@klmaster ~]# systemctl stop keepalived
[root@klbackup ~]# tcpdump -i ens33 -nn | grep 224.0.0.18
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
[root@klbackup ~]# tcpdump -i ens33 -nn | grep 224.0.0.18
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
20:49:39.034550 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
20:49:40.036474 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
20:49:41.038048 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
20:49:41.332438 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 0, authtype simple, intvl 1s, length 20
#此时Keepalived切换为backup
20:49:41.981848 IP 192.168.28.143 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 90, authtype simple, intvl 1s, length 20
20:49:42.983526 IP 192.168.28.143 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 90, authtype simple, intvl 1s, length 20
20:49:43.984625 IP 192.168.28.143 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 90, authtype simple, intvl 1s, length 20
20:49:44.985372 IP 192.168.28.143 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 90, authtype simple, intvl 1s, length 20
#此时Keepalived切换为master
20:49:49.988233 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
20:49:50.988865 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
20:49:51.990114 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
20:49:52.991064 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
前提:Keepalived主备、Lvs都已正常运行,nginx1/2都正常运行
访问VIP 192.168.28.150
关闭Keepalived(Master),再访问VIP,业务正常,抓包发现Keepalived(Backup)已启用
关闭nginx2,再访问VIP