一、Keepalived概述与安装
(1)Keepalived简介
Keepalived是一款专门为LVS+HA设计的一款健康检查工具
它支持的功能有:
(1)支持故障自动切换(Failover)
(2)支持节点健康状态检查(Health Checking)
官方网站:http://www.keepalived.org/
logo:
(2)Keepalived的热备方式
1.VRRP(Virtual Router Redundancy Protocol,虚拟路由冗余协议)
示例图:
2.一主+多备,共用一个ip地址,但是优先级不一样
注:如果需要使用多台备用服务器,state均设为backup,但是各自的优先级priority不要相同即可
示例图:
(3)Keepalived的安装
实验环境:
| 服务器名称 | IP地址 | 扮演角色 |
| keepalived-1 | 192.168.100.1 | 主服务器 |
| keepalived-2 | 192.168.100.2 | 备用服务器 |
漂移地址为:192.168.100.254
提供的应用服务有:Web
本次实验全部采用Centos7的操作系统
主服务器配置
******(1)先做基础配置 [root@centos7-007 ~]# hostnamectl set-hostname keepalived-1 [root@centos7-007 ~]# su [root@keepalived-1 ~]# systemctl stop firewalld [root@keepalived-1 ~]# setenforce 0 setenforce: SELinux is disabled [root@keepalived-1 ~]# mount /dev/cdrom /media/cdrom/ mount: /dev/sr0 写保护,将以只读方式挂载 ******(2)使用yum安装必要组件 [root@keepalived-1 ~]# yum -y install keepalived ipvsadm httpd 。。。。。。 完毕! ******(2)编写web页面,设置keepalived为自启动 [root@keepalived-1 ~]# echo "1111111111" > /var/www/html/index.html [root@keepalived-1 ~]# systemctl enable keepalived Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service. ******(3)配置keepalived配置文件(做之前先备份一下养成习惯) [root@keepalived-1 ~]# mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak [root@keepalived-1 ~]# vim /etc/keepalived/keepalived.conf (编写新的配置文件) 写入: global_defs { router_id A1 } vrrp_instance VI_1 { state MASTER interface ens33 virtual_router_id 1 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 192.168.100.254 } } 保存退出 ——————————————————————————————————————华丽分割线—————————————————————————————————————— 配置文件项解析: router_id A1 ##本服务器的名称(这个名称随便写) vrrp_instance VI_1 { ##定义VRRP热备实例 state MASTER ##MASTER表示主服务器,备份服务器填BACKUP interface ens33 ##承载VIP地址的物理接口 virtual_router_id 1 ##虚拟路由器的ID号,这个ID号主服务器要和备份服务器一致 priority 100 ##优先级,数值越大优先级越高,备份服务器的优先级要比主服务器的低 advert_int 1 ##通告间隔秒数(心跳频率) authentication { ##认证信息 auth_type PASS ##认证类型 auth_pass 123456 ##密码字串 } virtual_ipaddress { 192.168.200.254 ##指定漂移地址(VIP),主服务器要和备份服务器一致 ————————————————————————————————————————————————————————————————————————————————————— ******(4)启动keepalived和httpd [root@keepalived-1 ~]# systemctl start keepalived [root@keepalived-1 ~]# systemctl start httpd [root@keepalived-1 ~]# curl 127.0.0.1 (测试是否启动正常) 11111 ******(5)使用ip a命令查看vip是否在主服务器上 [root@keepalived-1 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:44:ad:db brd ff:ff:ff:ff:ff:ff inet 192.168.100.1/24 brd 192.168.100.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet 192.168.100.254/32 scope global ens33 (发现vip在主服务器上) valid_lft forever preferred_lft forever inet6 fe80::7762:f351:dbfc:cb0e/64 scope link noprefixroute valid_lft forever preferred_lft forever
备份服务器配置
******和主服务器配置相同 [root@centos7-008 ~]# hostnamectl set-hostname keepalived-2 [root@centos7-008 ~]# su [root@keepalived-2 ~]# systemctl stop firewalld [root@keepalived-2 ~]# setenforce 0 setenforce: SELinux is disabled [root@keepalived-2 ~]# mount /dev/cdrom /media/cdrom/ mount: /dev/sr0 写保护,将以只读方式挂载 [root@keepalived-2 ~]# yum -y install keepalived ipvsadm httpd 。。。。。。 完毕! [root@keepalived-2 ~]# echo "22222222222" > /var/www/html/index.html [root@keepalived-2 ~]# systemctl enable keepalived Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service. [root@keepalived-2 ~]# mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak [root@keepalived-2 ~]# vim /etc/keepalived/keepalived.conf 写入: gglobal_defs { router_id A2 } vrrp_instance VI_1 { state BACKUP interface ens33 virtual_router_id 1 priority 99 advert_int 1 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 192.168.100.254 } } 保存退出 [root@keepalived-2 ~]# systemctl start keepalived [root@keepalived-2 ~]# systemctl start httpd [root@keepalived-2 ~]# curl 127.0.0.1 22222 [root@keepalived-2 ~]# ip a (查看地址,因为是备份服务器所以vip不在此服务器上) 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:bc:67:07 brd ff:ff:ff:ff:ff:ff inet 192.168.100.2/24 brd 192.168.100.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet6 fe80::2ff4:55fa:6c3d:65e0/64 scope link noprefixroute valid_lft forever preferred_lft forever
验证
开一台测试机,去访问192.168.100.254(vip)
发现访问的是主服务器的,这个时候把主服务器的网卡ifdown,然后再次进行访问(如果关闭网卡没有进行切换那就把主服务器关掉)
开启主服务器网卡,然后用测试机pingVIP,过程中再次关掉主服务器网卡看多长时间恢复通信
至此Keepalived部署完成!!
二、利用Keepalived+LVS搭建高可用负载均衡群集
实验环境
| 服务器名称 | ip地址 | 扮演角色 |
| master | 192.168.100.1 | 主调度器 |
| backup | 192.168.100.2 | 备用调度器 |
| web1 | 192.168.100.3 | 节点服务器 |
| web2 | 192.168.100.4 | 节点服务器 |
漂移地址为:192.168.100.254
以下实验都在上面实验的基础上进行
主调度器配置
******(1)做基础配置 [root@Centos7 ~]# hostnamectl set-hostname master [root@Centos7 ~]# su [root@master ~]# systemctl stop httpd [root@master ~]# yum -y remove httpd (删除httpd,因为之前安装只是用来测试的) ******(2)修改keepalived的配置文件 [root@master ~]# vim /etc/keepalived/keepalived.conf (修改主配置文件为) global_defs { router_id A1 } vrrp_instance VI_1 { state MASTER interface ens32 virtual_router_id 1 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 192.168.100.254 } } virtual_server 192.168.100.254 80 { delay_loop 15 lb_algo rr lb_kind DR protocol TCP real_server 192.168.100.3 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 3 nb_get_retry 3 delay_before_retry 4 } } real_server 192.168.100.4 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 3 nb_get_retry 3 delay_before_retry 4 } } } 保存退出 —————————————————————————————————————华丽分割线——————————————————————————————————————— 新增配置项详解: virtual_server 192.168.100.254 80 {#这里填写vip漂移地址和端口号 delay_loop 15 #健康检查间隔时间秒 lb_algo rr #调度算法,这里是轮询,更多请点击文章开头的超链接 lb_kind DR #群集工作模式,这里是DR模式,更多请点击文章开头的超链接 ! persistence_timeout 50 #连接保持时间 protocol TCP #应用服务采用的协议 real_server 192.168.100.3 80 { #这里填节点服务器的地址和端口,可以写多个节点,每个节点都这么写 weight 1 #权重 TCP_CHECK { #健康检查方式 connect_port 80 #目标端口 connect_timeout 3 #连接超时 nb_get_retry 3 #重试次数 delay_before_retry 3 #重试间隔 } } #一定要注意{}完整性 ————————————————————————————————————————————————————————————————————————————————————— ******(3)加载系统内核的服务模块等 [root@master ~]# modprobe ip_vs (加载模块) [root@master ~]# lsmod | grep ip_vs (查看模块状态) ip_vs 141092 0 nf_conntrack 133387 1 ip_vs libcrc32c 12644 3 xfs,ip_vs,nf_conntrack [root@master ~]# echo "modprobe ip_vs" >> /etc/rc.local (添加模块为开机启动的服务项) [root@master ~]# systemctl restart keepalived (重新启动keepalived)
备份调度器配置
和主调度器的配置基本一致 [root@Centos7 ~]# hostnamectl set-hostname backup [root@Centos7 ~]# su [root@backup ~]# systemctl stop httpd [root@backup ~]# yum -y remove httpd [root@backup ~]# vim /etc/keepalived/keepalived.conf 修改: global_defs { router_id A2 } vrrp_instance VI_1 { state BACKUP interface ens32 virtual_router_id 1 priority 99 advert_int 1 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 192.168.100.254 } } virtual_server 192.168.100.254 80 { delay_loop 15 lb_algo rr lb_kind DR protocol TCP real_server 192.168.100.3 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 3 nb_get_retry 3 delay_before_retry 4 } } real_server 192.168.100.4 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 3 nb_get_retry 3 delay_before_retry 4 } } } 保存退出 [root@backup ~]# modprobe ip_vs [root@backup ~]# lsmod | grep ip_vs ip_vs 141092 0 nf_conntrack 133387 1 ip_vs libcrc32c 12644 3 xfs,ip_vs,nf_conntrack [root@backup ~]# echo "modprobe ip_vs" >> /etc/rc.local [root@backup ~]# systemctl restart keepalived
web1节点服务器配置
******(1)先做基础配置,使用yum安装httpd和编写web页面 [root@Centos7 ~]# hostnamectl set-hostname web1 [root@Centos7 ~]# su [root@web1 ~]# mount /dev/cdrom /mnt/ mount: /dev/sr0 写保护,将以只读方式挂载 mount: /dev/sr0 已经挂载或 /mnt 忙 /dev/sr0 已经挂载到 /mnt 上 [root@web1 ~]# yum -y install httpd 。。。。。。 完毕! [root@web1 ~]# echo "1111111111" > /var/www/html/index.html ******(2)编写网卡配置 [root@web1 ~]# cd /etc/sysconfig/network-scripts/ [root@web1 network-scripts]# cp ifcfg-lo ifcfg-lo:0 写入: DEVICE=lo:0 IPADDR=192.168.100.254 NETMASK=255.255.255.255 ONBOOT=yes 保存退出 [root@web1 network-scripts]# systemctl restart network (重启网络服务) [root@web1 network-scripts]# ip a (查看是否添加成功) 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet 192.168.100.254/32 brd 192.168.100.254 scope global lo:0 valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 。。。。。。 [root@web1 network-scripts]# cd ******(3)添加路由,下一跳为vip地址 [root@web1 ~]# echo "route add -host 192.168.100.254 dev lo:0" >> /etc/rc.local [root@web1 ~]# route add -host 192.168.100.254 dev lo:0 [root@web1 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.100.0 0.0.0.0 255.255.255.0 U 100 0 0 ens32 192.168.100.254 0.0.0.0 255.255.255.255 UH 0 0 0 lo ******(4)添加不响应arp的策略 [root@web1 ~]# vim /etc/sysctl.conf (修改) # sysctl settings are defined through files in # /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/. # # Vendors settings live in /usr/lib/sysctl.d/. # To override a whole file, create a new file with the same in # /etc/sysctl.d/ and put new settings there. To override # only specific settings, add a file with a lexically later # name in /etc/sysctl.d/ and put new settings there. # # For more information, see sysctl.conf(5) and sysctl.d(5). net.ipv4.conf.all.arp_ignore = 1 net.ipv4.conf.all.arp_announce = 2 net.ipv4.conf.default.arp_ignore = 1 net.ipv4.conf.default.arp_announce = 2 net.ipv4.conf.lo.arp_ignore = 1 net.ipv4.conf.lo.arp_announce = 2 保存退出 [root@web1 ~]# sysctl -p (立即生效) net.ipv4.conf.all.arp_ignore = 1 net.ipv4.conf.all.arp_announce = 2 net.ipv4.conf.default.arp_ignore = 1 net.ipv4.conf.default.arp_announce = 2 net.ipv4.conf.lo.arp_ignore = 1 net.ipv4.conf.lo.arp_announce = 2 ******(5)开启httpd服务 [root@web1 ~]# systemctl start httpd [root@web1 ~]# curl 127.0.0.1 1111111111
web2节点服务器配置
和web1节点服务器配置基本相同 [root@Centos7 ~]# hostnamectl set-hostname web2 [root@Centos7 ~]# su [root@web2 ~]# mount /dev/cdrom /mnt/ mount: /dev/sr0 写保护,将以只读方式挂载 mount: /dev/sr0 已经挂载或 /mnt 忙 /dev/sr0 已经挂载到 /mnt 上 [root@web2 ~]# yum -y install httpd 。。。。。。 完毕! [root@web2 ~]# echo "222222222" > /var/www/html/index.html [root@web2 ~]# cd /etc/sysconfig/network-scripts/ [root@web2 network-scripts]# cp ifcfg-lo ifcfg-lo:0 [root@web2 network-scripts]# cat <<aa> ifcfg-lo:0 > DEVICE=lo:0 > IPADDR=192.168.100.254 > NETMASK=255.255.255.255 > ONBOOT=yes > aa [root@web2 network-scripts]# systemctl restart network [root@web2 network-scripts]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet 192.168.100.254/32 brd 192.168.100.254 scope global lo:0 valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:ed:7c:e7 brd ff:ff:ff:ff:ff:ff inet 192.168.100.4/24 brd 192.168.100.255 scope global ens32 valid_lft forever preferred_lft forever inet6 fe80::34f4:cad:16ae:5b4d/64 scope link valid_lft forever preferred_lft forever [root@web2 network-scripts]# cd [root@web2 ~]# echo "route add -host 192.168.100.254 dev lo:0" >> /etc/rc.local [root@web2 ~]# route add -host 192.168.100.254 dev lo:0 [root@web2 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.100.0 0.0.0.0 255.255.255.0 U 100 0 0 ens32 192.168.100.254 0.0.0.0 255.255.255.255 UH 0 0 0 lo [root@web2 ~]# cat <<aaa>> /etc/sysctl.conf > net.ipv4.conf.all.arp_ignore = 1 > net.ipv4.conf.all.arp_announce = 2 > net.ipv4.conf.default.arp_ignore = 1 > net.ipv4.conf.default.arp_announce = 2 > net.ipv4.conf.lo.arp_ignore = 1 > net.ipv4.conf.lo.arp_announce = 2 > aaa [root@web2 ~]# sysctl -p net.ipv4.conf.all.arp_ignore = 1 net.ipv4.conf.all.arp_announce = 2 net.ipv4.conf.default.arp_ignore = 1 net.ipv4.conf.default.arp_announce = 2 net.ipv4.conf.lo.arp_ignore = 1 net.ipv4.conf.lo.arp_announce = 2 [root@web2 ~]# systemctl start httpd [root@web2 ~]# curl 127.0.0.1 222222222
测试
打开测试机访问vip192.168.100.254,刷新几次,查看负载均衡是否正常
确认负载均衡正常后,关闭主调度器的网卡或者关闭主调度器
然后再次进行访问,查看是否还能正常访问
查看备用调度器,发现vip已经成功漂移到备用调度器上
至此,LVS+keepalived(HA)的高可用负载均衡群集已经部署完毕!!!!
