理解Keepalived实现原理
案件分析
| 在企业应用中,单台服务器承担应用存在单点故障的危险 |
|---|
| 在企业应用集群中,存在了至少两处单点故障危险,单点故障一旦发生,企业服务将发生中断,造成极大的危害 |
上面拓扑图中,可以看到,在DR群集中,如果调度器down掉,那么整个群集无法正常使用
Keepalived工具介绍
支持故障自动切换(Failover)
支持节点健康状态检查(Health Checking)
官方网站:http://www.keepalived.org/
实现原理剖析
Keepalived采用VRRP热备份协议实现Linux服务器的多机热备功能
VRRP ,虚拟路由冗余协议,是针对路由器的一种备份解决方案
| 1、由多台路由器组成一个热备组,通过共用的虚拟IP地址对外提供服务 |
|---|
| 2、每个热备组内同一时刻只有一台主路由器提供服务,其他路由器处于冗余状态 |
| 3、若当前在线的路由器失效,则其他路由器会根据设置的优先级自动接替虚拟IP地址,继续提供服务 |
解决问题拓扑图
Keepalived配置文件解析
| 1.漂移地址: | 192.168.100.88 |
|---|---|
| 主、备服务器: | 192.168.100.22、192.168.100.23 |
| 提供的应用服务: | Web |
#########################################################################
| 2、配置文件keepalived.conf | |
|---|---|
| 全局设置: | global_defs { … } |
| 热备设置: | vrrp_instance 实例名称 { … } |
| 样例文件位于: | /etc/keepalived/samples/… |
#####################################################################
| 3、主服务器配置 | |
|---|---|
| state: | 设置本节点状态,MASTER、BACKUP |
| priority: | 设置竞选优先级,数值越大优先级越高 |
| virtual_ipaddress { … }: | 设置漂移IP地址 |
########################################################################
| 4、备用服务器配置 |
|---|
| router_id设为自有名称 |
| state设为BACKUP |
| priority值低于主服务器 |
#########################################################################
| 5、启用keepalived服务 |
|---|
| 主、备机中均启用keepalived服务 |
| 其中优先级最高的设备将获得VIP的控制权 |
| VIP地址会由keepalived自动设置 |
高可用LVS+Keepalived部署
网络环境
IP地址规划:
| 漂移地址(VIP): | 192.168.100.88 | ||
|---|---|---|---|
| 主调度器: | 192.168.100.22 | 网关: | 192.168.100.1 |
| 辅调度器: | 192.168.100.23 | 网关: | 192.168.100.1 |
| WEB服务器1: | 192.168.100.24 | 网关: | 192.168.100.1 |
| WEB服务器2: | 192.168.100.25 | 网关: | 192.168.100.1 |
| 存储服务器: | 192.168.100.21 | 网关: | 192.168.100.1 |
| 实验环境 |
|---|
| 所有系统关闭防火墙,关闭核心防护 |
| 系统:Centos7.6 |
配置主调度器 192.168.100.22
#【1】调整/proc响应参数
[root@localhost network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
##生效
[root@localhost network-scripts]# sysctl -p
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
#【2】清除负载分配策略
[root@localhost /]# ipvsadm -C
#【3】调整keepalived参数
[root@localhost ~]# yum -y install keepalived ipvsadm
[root@localhost ~]# cd /etc/keepalived/
#备份原配置文件
[root@localhost keepalived]# cp keepalived.conf keepalived.conf.bak
[root@localhost keepalived]# vi keepalived.conf
global_defs {
router_id HA_TEST_R1
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 1
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.100.88
}
}
virtual_server 192.168.100.88 80 {
delay_loop 15
lb_algo rr
lb_kind DR
persistence 60
protocol TCP
real_server 192.168.100.24 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
real_server 192.168.100.25 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
####启动keepalived
[root@localhost keepalived]# systemctl start keepalived
####开机启动keepalived
[root@localhost keepalived]# systemctl enable keepalived
####查看主控制IP地址和漂移地址
[root@localhost keepalived]# ip addr show dev ens33
inet 192.168.100.22/24 brd 192.168.100.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.100.88/32 scope global ens33
配置辅调度器 192.168.100.23
【1】调整/proc响应参数
[root@localhost network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
#生效
[root@localhost network-scripts]# sysctl -p
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
【2】清除负载分配策略
[root@localhost /]# ipvsadm -C
【3】调整keepalived参数
[root@localhost ~]# yum -y install keepalived ipvsadm
[root@localhost ~]# cd /etc/keepalived/
[root@localhost keepalived]# cp keepalived.conf keepalived.conf.bak
[root@localhost keepalived]# vi keepalived.conf
global_defs {
router_id HA_TEST_R2
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 1
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.100.88
}
}
virtual_server 192.168.100.88 80 {
delay_loop 15
lb_algo rr
lb_kind DR
persistence 60
protocol TCP
real_server 192.168.100.24 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
real_server 192.168.100.25 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
####启动keepalived
[root@localhost keepalived]# systemctl start keepalived
####开机启动keepalived
[root@localhost keepalived]# systemctl enable keepalived
####查看主控制IP地址和漂移地址,这里是没有虚拟192.168.100.88地址的
[root@localhost keepalived]# ip addr show dev ens33
inet 192.168.100.23/24 brd 192.168.100.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe44:b2a/64 scope link
valid_lft forever preferred_lft forever
抓包看一下主/备调度器的VRRP
这里我们可以看到,现在192.168.100.22为主调度器
配置存储服务器:192.168.100.21
rpm -q nfs-utils ###如果没装,yum -y install nfs-utils
rpm -q rpcbind ###如果没装,yum -y install rpcbind
[root@localhost ~]# systemctl start nfs
[root@localhost ~]# systemctl start rpcbind
[root@localhost ~]# vi /etc/exports
/opt/51xit 192.168.100.0/24(rw,sync)
/opt/52xit 192.168.100.0/24(rw,sync)
[root@localhost ~]# systemctl restart nfs
[root@localhost ~]# systemctl restart rpcbind
[root@localhost ~]# systemctl enable nfs
[root@localhost ~]# systemctl enable rpcbind
[root@localhost ~]# mkdir /opt/51xit /opt/52xit
[root@localhost ~]# echo "51是我" >/opt/51xit/index.html
[root@localhost ~]# echo "我是52" >/opt/52xit/index.html
配置节点服务器:192.168.100.24
【1】配置虚拟IP地址
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0
[root@localhost network-scripts]# vi ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.100.88
NETMASK=255.255.255.255
ONBOOT=yes
[root@localhost network-scripts]# ifup lo:0
[root@localhost network-scripts]# ifconfig
lo:0: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 192.168.100.10 netmask 255.255.255.255
loop txqueuelen 1000 (Local Loopback)
##这个相当于开机手动添加本地路由
[root@localhost network-scripts]# vi /etc/rc.local
/sbin/route add -host 192.168.100.88 dev lo:0
##我们需要手动添加本地192.168.100.88的路由,不然本机虚拟IP不能访问
[root@localhost network-scripts]# route add -host 192.168.100.88 dev lo:0
【2】调整/proc响应参数
[root@localhost network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@localhost network-scripts]# sysctl -p
【2】安装httpd 挂载测试页
[root@localhost ~]# showmount -e 192.168.100.21
Export list for 192.168.100.21:
/opt/51xit 192.168.100.0/24
/opt/52xit 192.168.100.0/24
[root@localhost ~]# yum -y install httpd
[root@localhost ~]# mount 192.168.100.21:/opt/51xit /var/www/html/
##永久挂载
[root@localhost ~]# vi /etc/fstab
192.168.100.21:/opt/51xit/ /var/www/html/ nfs rw,tcp,intr 0 1
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl enable httpd
#关机重启看一下服务是否会掉
[root@localhost ~]# init6
##重启好以后,用笔记本的浏览器访问一下是否正常
配置节点服务器:192.168.100.25
【1】配置虚拟IP地址
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0
[root@localhost network-scripts]# vi ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.100.88
NETMASK=255.255.255.255
ONBOOT=yes
[root@localhost network-scripts]# ifup lo:0
[root@localhost network-scripts]# ifconfig
lo:0: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 192.168.100.88 netmask 255.255.255.255
loop txqueuelen 1000 (Local Loopback)
[root@localhost network-scripts]# vi /etc/rc.local
/sbin/route add -host 192.168.100.88 dev lo:0
[root@localhost network-scripts]# route add -host 192.168.100.88 dev lo:0
【2】调整/proc响应参数
[root@localhost network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@localhost network-scripts]# sysctl -p
【3】安装httpd 挂载测试页
[root@localhost ~]# showmount -e 192.168.100.21
Export list for 192.168.100.21:
/opt/51xit 192.168.100.0/24
/opt/52xit 192.168.100.0/24
[root@localhost ~]# yum -y install httpd
[root@localhost ~]# mount 192.168.100.21:/opt/52xit /var/www/html/
[root@localhost ~]# vi /etc/fstab
192.168.100.21:/opt/52xit/ /var/www/html/ nfs rw,tcp,intr 0 1
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl enable httpd
###登录192.168.100.43测试网站是否正常####
验证结果
(1)首先用笔记本浏览器访问192.168.100.88看一下是否轮询:以下为正确结果
清除浏览器历史记录,关闭再重新打开访问88
(2)抓包查看谁是主调度器,只需要看谁发VRRP报文即可:以下为正确结果
这个时候 stop主调度器的Keepalived服务,查看是否自动切换为192.168.100.23备调度器
(3)再次查看备调度器是否能够轮询:以下为正确结果
清除浏览器历史记录,关闭再重新打开访问88
(4)打开笔记本CMD查看192.168.100.88的MAC地址
注意:此时我们在备调度器上,MAC地址应该是备调度器
可以看到是192.168.100.23主机的MAC地址,虚拟地址也在,没有问题
(5)CMD一直ping88,stop备调度器Keepalived服务看MAC地址是否切换
这个超时属于正常现象,因为切换需要时间,掉包正常
MAC地址切换成功,虚拟地址切换成功,实验成功
报错集与排障
#(1)如果你之前配置了错误的ipvsadm,重启Keepalived后任然不能生效:
解决:[root@localhost /]# ipvsadm -C
#(2)如果你重启了WEB1或者WEB2的network,那么你的本地192.168.100.88路由也会消失
解决:
手动添加:route add -host 192.168.100.10 dev lo:0
#(3)任何服务搭建完毕后,都应该init6重启,因为生产环境上线的机器是不能重启的
#以后一旦服务器挂掉,开启后服务不能正常运行,你再去排错,还能记得吗?