目录
1.简介
2.实现master/slave的 Keepalived 单主架构
3.vip通行 (ping通:
4.启用日志功能
5.实现独立子配置文件
6.非抢占式模式
7.抢占延迟模式
8.单播配置
9.keepalived状态切换的通知脚本
10.双主结构:两个虚拟路由(多主模式,不同的VIP
11.keepalived+lvs
12.利用脚本实现主从角色切换
13.keepalived+haproxy
1.简介
集群类型
LB:Load Balance 负载均衡
LVS/HAProxy/nginx(http/upstream, stream/upstream)
HA:High Availability 高可用集群
数据库、Redis
SPoF: Single Point of Failure,解决单点故障
HPC:High Performance Computing 高性能集群
实现高可用
提升系统高用性解决方案:降低MTTR- Mean Time To Repair(平均故障时间) 解决方案:建立冗余机制
2.实现master/slave的 Keepalived 单主架构
创建四台主机ka1、ka2、realserver1、realserver2
#ka1--172.25.254.10:
yum install keepalived -y
systemctl stop firewalld
rpm -ql keepalived #查看文件
/etc/keepalived/keepalived.conf #主配置文件
vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
2241317915@qq.com
}
notification_email_from keepalived@yellmiky.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1.yellmiky.org
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}systemctl restart keepalived
抓包测试:
tcpdump -i eth0 -nn host 224.0.0.18 #只显示主的(172.25.254.10
#ka2--172.25.254.20:
yum install keepalived -y
systemctl stop firewalld
vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
2241317915@qq.com
}
notification_email_from keepalived@yellmiky.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1.yellmiky.org
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100 ##相同id管理同一个虚拟路由
priority 80 #低优先级
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}systemctl restart keepalived
#realserver1--172.25.254.110:
yum install httpd -y
systemctl stop firewalld
sentenforce 0
echo 172.25.254.110 > /var/www/html/index.html
systemctl restart httpd
vim /etc/keepalived/keepalived.conf
#realserver2--172.25.254.120:
yum install httpd -y
systemctl stop firewalld
sentenforce 0
echo 172.25.254.120 > /var/www/html/index.html
systemctl restart httpd
3.vip通行 (ping通:
vrrp_strict
vrrp_iptables
在ka1,ka2的keepalived配置文件里这两行均显示或均注释,在ka1 :iptables -nL 查看效果
4.启用日志功能
rsys 指定采集方法
vim /etc/rsyslog.conf
local6.* /var/log/keepalived.logvim /etc/sysconfig/keepalived
KEEPALIVED_OPTIONS="-D -S 6"systemctl restart keepalived
systemctl restart rsyslog.service
ll /var/log/keepalived.log
tail -f /var/log/keepalived.log
5.实现独立子配置文件
当生产环境复杂时, /etc/keepalived/keepalived.conf 文件中内容过多,不易管理 将不同集群的配置,比如:不同集群的VIP配置放在独立的子配置文件中利用include 指令可以实现包含子配置文件。
mkdir -p /etc/keepalived/conf.d
#将后面的vrrp_instance VI_1 全注释
vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
2241317915@qq.com
}
notification_email_from keepalived@yellmiky.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1.yellmiky.org
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
include /etc/keepalived/conf.d/*.conf #相关子配置文件#子配置文件
vim /etc/keepalived/conf.d/172.25.254.100.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}systemctl restart keepalived
6.非抢占式模式
#ka1 :
vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
2241317915@qq.com
}
notification_email_from keepalived@yellmiky.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1.yellmiky.org
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100 ##相同id管理同一个虚拟路由
priority 80 #低优先级
advert_int 1
nopreempt #加非抢占式的参数
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}systemctl restart keepalived
#ka2:
vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
2241317915@qq.com
}
notification_email_from keepalived@yellmiky.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1.yellmiky.org
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100 ##相同id管理同一个虚拟路由
priority 80 #低优先级
advert_int 1
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}systemctl restart keepalived
测试:
在ka1、ka2查看ifconfig ,看eth0:1 在哪个机子(优先级高的),然后把那个机子的keepalived服务关了(杀了),然后去另一台机子查看是否有eth0:1。
7.抢占延迟模式
防止来回抢占,企业一般是五到十分钟
#ka2:
vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
2241317915@qq.com
}
notification_email_from keepalived@yellmiky.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1.yellmiky.org
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100 ##相同id管理同一个虚拟路由
priority 80 #低优先级
advert_int 1
preempt_deplay 5s #加延迟抢占式的参数
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}systemctl restart keepalived
五秒后测试:ifconfig
(服务关的时候eth0:1没有,重启服务五秒后查看eth0:1出现)
8.单播配置
单播不支持vrrp_strict,需要注释掉 : #vrrp_strict
#ka1 :
vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
2241317915@qq.com
}
notification_email_from keepalived@yellmiky.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1.yellmiky.org
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100 ##相同id管理同一个虚拟路由
priority 80 #低优先级
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_ip_src 172.25.254.10 #本地IP
unicast_peer {
172.25.254.20 #对端IP
}
}systemctl restart keepalived
#ka2 :
vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
2241317915@qq.com
}
notification_email_from keepalived@yellmiky.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1.yellmiky.org
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100 #相同id管理同一个虚拟路由
priority 80 #低优先级
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_ip_src 172.25.254.20 #本地IP
unicast_peer {
172.25.254.10 #对端IP
}
}systemctl restart keepalived
测试:
9.keepalived状态切换的通知脚本
邮箱授权码获取方法:
【进入QQ邮箱并登录】——>点击邮箱首页右上角的【账号与安全】——>点击【安全设置】——>【授权码】
#ka1 + ka2:
yum install mailx -y
systemctl stop firewalld
setenforce 0
date +%F
date +%F\ %T
vim /etc/keepalived/mail.sh
#!/bin/bash
mail_dst="2xxxxxxxxx@qq.com"
send_message()
{
mail_sub="$HOSTNAME to be $1 vip move"
mail_msg="'date +%F\ %T':vrrp move $HOSTNAME change $1"
echo $mail_msg | mail -s "$mail_sub" $mail_dst
}
case $1 in
master)
send_message master
;;
backup)
send_message backup
;;
fault)
send_message fault
;;
*)
;;
esac
chmod +x /etc/keepalived/mail.sh
vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
2xxxxxxxxx@qq.com
}
notification_email_from keepalived@yellmiky.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1.yellmiky.org
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
#nopreempt
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicats_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
notify_master "/etc/keepalived/mail.sh master"
notify_backup "/etc/keepalived/mail.sh backup"
notify_fault "/etc/keepalived/mail.sh fault"
}vim /etc/mail.rc
#######mail set##########
set from=2xxxxxxx@qq.com
set smtp=smtp.qq.com
set smtp-auth-user=2xxxxxxx@qq.com
set smtp-auth-password=xxxxxxxxxxxxx #邮箱授权码
set smtp-auth=login
set ssl-verify=ignoresystemctl restart keepalived
echo test message |mail -s test 你的QQ号@qq.com #测试是否能成功发送
/etc/keepalived/mail.sh master #脚本测试
systemctl restart keepalived #重启服务就会发送
测试结果总结:两台主机的服务都开启时,发送的是主结构的服务信息,主结构的服务关后发送的则是从结构的服务信息内容。
10.双主结构:两个虚拟路由(多主模式,不同的VIP
#ka1:
vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
#nopreempt
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 200
priority 80
advert_int 1
#nopreempt
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:2
}
}systemctl restart keepalived
#ka2:
vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
#nopreempt
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 200
priority 100
advert_int 1
#nopreempt
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:2
}
}systemctl restart keepalived
11.keepalived+lvs
#ka1+ka2:
vim /etc/keepalived/keepalived.conf
virtual_server 172.25.254.100 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
#persistence_timeout 50
protocol TCP
real_server 172.25.254.110 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
# url {
# path /mrtg/
# digest 9b3a0c85a887a256d6939da88aabd8cd
# }
connect_timeout 3
nb_get_retry 3
delay_before_retry 2
}
}
real_server 172.25.254.120 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 2
delay_before_retry 2
}
}
}systemctl restart keepalived.service
yum install ipvsadm -y
ipvsadm -Ln systemctl stop firewalld.service setenforce 0
#realserver1
vim /etc/sysctl.d/arp.conf
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.lo.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2sysctl --system systemctl restart rsyslog.service
ip a a 172.25.254.100/32 dev lo
yum install httpd -y
echo 172.25.254.110 > /var/www/html/index.html
systemctl restart httpd systemctl status firewalld systemctl stop firewalld setenforce 0
#realserver2
vim /etc/sysctl.d/arp.conf
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.lo.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2sysctl --system systemctl restart rsyslog.service
ip a a 172.25.254.100/32 dev lo
yum install httpd -y
echo 172.25.254.120 > /var/www/html/index.html
systemctl restart httpd systemctl status firewalld systemctl stop firewalld setenforce 0
测试:
12.利用脚本实现主从角色切换
#ka1 :
vim /etc/keepalived/miky.sh
#!/bin/bash
[ ! -f /mnt/miky ]
sh /etc/keepalived/miky.sh
echo $? touch /mnt/miky
sh /etc/keepalived/miky.sh
echo $? chmod +x /etc/keepalived/miky.sh
vim /etc/keepalived/keepalived.conf
#全局变量后加
vrrp_script check_file{
script "/etc/keepalived/miky.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
#nopreempt
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicats_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
track_script {
check_haproxy
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 200
priority 80
advert_int 1
#nopreempt
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:2
}
unicats_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
}systemctl restart keepalived
touch /mnt/miky
tail -f /var/log/messages
13.keepalived+haproxy
#ka1、ka2 :
vim /etc/selinux/config
SELINUX=disabledreboot #重启
systemctl stop firewalld
vim /etc/keepalived/keepalived.conf
#全局变量后加
vrrp_script check_haproxy {
script "/etc/keepalived/test.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
#nopreempt
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicats_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
track_script {
check_haproxy
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 200
priority 80
advert_int 1
#nopreempt
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:2
}
unicats_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
}systemctl restart keepalived
#在两个ka1和ka2两个节点启用内核参数
vim /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind = 1sysctl --system
yum install haproxy -y
vim /etc/haproxy/haproxy.cfg
#在最后加
listen webserver
bind *:80
mode http
balance roundrobin
server web1 172.25.254.110:80 check inter 2 fall 2 rise 5
server web2 172.25.254.120:80 check inter 2 fall 2 rise 5systemctl restart haproxy
#在ka1中编写检测脚本
vim /etc/keepalived/test.sh
#!/bin/bash
killall -0 haproxy#realserver1、realserver2 :
vim /etc/selinux/config
SELINUX=disabledreboot #重启
systemctl stop firewalld
yum install httpd -t
echo 172.25.254.110 >/var/www/html/index.html #realserver2 : echo 172.25.254.110 >/var/www/html/index.html
systemctl restart httpd
vim /etc/sysctl.d/arp.conf #将值全设为0
net.ipv4.conf.all.arp_ignore=0
net.ipv4.conf.all.arp_announce=0
net.ipv4.conf.lo.arp_ignore=0
net.ipv4.conf.lo.arp_announce=0systemctl restart rsyslog.service
nmcli connection show
nmcli connection delete ens33
systemctl restart network
ip a d 172.25.254.100/32 dev lo #将环回删了
vim /etc/sysconfig/network-scripts/ifcfg-lo #检查环回配置
测试:
服务全开启状态下:
将ka1上的haproxy关掉:systemctl stop haproxy
