简介:
Keepalived是Linux下一个轻量级别的高可用解决方案。高可用(High Avalilability,HA),其实两种不同的含义:广义来讲,是指整个系统的高可用行,狭义的来讲就是之主机的冗余和接管,它与HeartBeat RoseHA 实现相同类似的功能,都可以实现服务或者网络的高可用,但是又有差别,HeartBeat是一个专业的、功能完善的高可用软件,它提供了HA 软件所需的基本功能,比如:心跳检测、资源接管,检测集群中的服务,在集群节点转移共享IP地址的所有者等等。HeartBeat功能强大,但是部署和使用相对比较麻烦,与HeartBeat相比Keepalived主要是通过虚拟路由冗余来实现高可用功能,虽然它没有HeartBeat功能强大,但是Keepalived部署和使用非常的简单,所有配置只需要一个配置文件即可以完成。
作用:Keepalived的作用是检测服务器的状态,如果有一台web服务器宕机,或工作出现故障,Keepalived将检测到,并将有故障的服务器从系统中剔除,同时使用其他服务器代替该服务器的工作,当服务器工作正常后Keepalived自动将服务器加入到服务器群中,这些工作全部自动完成,不需要人工干涉,需要人工做的只是修复故障的服务器。
keepalived的热备方式:
keepalived采用VRRP(虚拟路由冗余协议)热备份协议,以软件的方式实现Linux服务器的多机热备功能。
一,部署keepalived双机热备
安装Keepalived
yum install -y keepalived ipvsadm
控制Keepalived服务
systemctl enable keepalived
主服务器的配置
[root@localhost ~]# systemctl stop firewalld #关闭防火墙 [root@localhost ~]# cd /etc/keepalived/ [root@localhost keepalived]# cp keepalived.conf keepalived.conf.bak #备份配置文件 [root@localhost keepalived]# vim keepalived.conf global_defs { #全局参数 router_id HA_TEST_R1 #本路由器(服务器)的名称 } vrrp_instance VI_1 { #定义VRRP热备实例 state MASTER #热备状态,MASTER表示主路由器 interface ens33 #承载VIP地址的物理接口 virtual_router_id 51 #虚拟路由器的ID号,每个热备组保持一致 priority 100 #优先级,数值越大优先级越高 advert_int 1 #通告间隔秒数 authentication { #认知信息,每个热备组保持一致 auth_type PASS #认证类型 auth_pass 1111 #密码字串 } virtual_ipaddress { #指定漂移地址 192.168.2.254 } }
开启服务,查看配置是否生效
[root@localhost keepalived]# ip addr show dev ens33 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:83:b0:2e brd ff:ff:ff:ff:ff:ff inet 192.168.2.1/24 brd 192.168.2.255 scope global ens33 valid_lft forever preferred_lft forever inet 192.168.2.254/32 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::f14d:4ec5:d7b2:c6c1/64 scope link valid_lft forever preferred_lft forever
测试双机热备功能,配置两台keepalived服务器,设置相同的漂流地址,ping -t 漂流IP地址,持续ping通,查看效果,或在两台keepalived上搭建网页,访问查看效果,或查看日志文件查看主备服务器的迁移状态
1.连通性测试
2.web访问测试
3.查看日志记录
二,LVS+Keepalived高可用(DR)群集
一,配置Keepalived高可用
配置主调度器
[root@localhost ~]# cd /etc/keepalived/ [root@localhost keepalived]# vim keepalived.conf global_defs { #全局参数 router_id HA_TEST_R1 #本路由器(服务器)的名称 } vrrp_instance VI_1 { #定义VRRP热备实例 state MASTER #热备状态,MASTER表示主路由器 interface ens33 #承载VIP地址的物理接口 virtual_router_id 51 #虚拟路由器的ID号,每个热备组保持一致 priority 100 #优先级,数值越大优先级越高 advert_int 1 #通告间隔秒数 authentication { #认知信息,每个热备组保持一致 auth_type PASS #认证类型 auth_pass 1111 #密码字串 } virtual_ipaddress { #指定漂移地址 192.168.2.254 } }
配置从调度器
[root@localhost ~]# cd /etc/keepalived/ [root@localhost keepalived]# vim keepalived.conf global_defs { router_id HA_TEST_R2 } vrrp_instance VI_1 { state BACKUP #热备状态,BACKUP表示从路由器 priority 90 #优先级,数值越大优先级越高 virtual_ipaddress { #指定漂移地址 192.168.2.254 } }
调整proc配置文件 ,两天LVS都需要添加
[root@localhost ~]# vi /etc/sysctl.conf [root@localhost ~]# sysctl -p net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.ens33.send_redirects = 0
二,安装配置nginx服务
配置IP地址
第一台Nginx服务器 [root@localhost ~]# ifconfig ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.2.3 netmask 255.255.255.0 broadcast 192.168.2.255 inet6 fe80::20c:29ff:fe1c:a1a4 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:1c:a1:a4 txqueuelen 1000 (Ethernet) RX packets 17151 bytes 1481642 (1.4 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 9028 bytes 904486 (883.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ens36: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.7.1 netmask 255.255.255.0 broadcast 192.168.7.255 inet6 fe80::20c:29ff:fe1c:a1ae prefixlen 64 scopeid 0x20<link> ether 00:0c:29:1c:a1:ae txqueuelen 1000 (Ethernet) RX packets 250 bytes 45678 (44.6 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 47 bytes 7062 (6.8 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 第二台Nginx服务器 [root@localhost network-scripts]# ifconfig ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.2.4 netmask 255.255.255.0 broadcast 192.168.2.255 inet6 fe80::20c:29ff:feb5:b978 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:b5:b9:78 txqueuelen 1000 (Ethernet) RX packets 15495 bytes 1572697 (1.4 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 7750 bytes 817696 (798.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ens36: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.7.2 netmask 255.255.255.0 broadcast 192.168.7.255 inet6 fe80::20c:29ff:feb5:b982 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:b5:b9:82 txqueuelen 1000 (Ethernet) RX packets 155 bytes 16854 (16.4 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 283 bytes 46422 (45.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
安装依赖关系安装包
[root@localhost ~]# yum -y install pcre-devel zlib-devel
创建nginx需要指定的组
[root@localhost ~]# useradd -M -s /sbin/nologin nginx
解压nginx源代码包,配置,编译,安装
[root@localhost ~]# tar zxf /mnt/nginx-1.12.0.tar.gz -C /usr/src/ [root@localhost ~]# cd /usr/src/nginx-1.12.0/ [root@localhost nginx-1.12.0]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx [root@localhost nginx-1.12.0]# make && make install
优化路径,将nginx可用执行执行
[root@localhost nginx-1.12.0]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
开启nginx服务
[root@localhost nginx-1.12.0]# nginx
三,在(两台)Nginx服务器上配置lo:0回环VIP地址并关闭ARP重定向
[root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0 [root@localhost network-scripts]# vim ifcfg-lo:0 DEVICE=lo:0 IPADDR=192.168.2.54 NETMASK=255.255.255.255 ONBOOT=yes NAME=loopback:0 [root@localhost network-scripts]# ifup ifcfg-lo:0
关闭ARP重定向
[root@localhost network-scripts]# vi /etc/sysctl.conf [root@localhost network-scripts]# sysctl -p net.ipv4.conf.all.arp_ignore = 1 net.ipv4.conf.all.arp_announce = 2 net.ipv4.conf.default.arp_ignore = 1 net.ipv4.conf.default.arp_announce = 2 net.ipv4.conf.lo.arp_ignore = 1 net.ipv4.conf.lo.arp_announce = 2
添加VIP地址lo:0网卡路由
[root@localhost network-scripts]# route add -host 192.168.2.254 dev lo:0
四,在LVS两台服务器上配置Web服务器池的配置
[root@localhost ~]# vi /etc/keepalived/keepalived.conf virtual_server 192.168.2.254 80 { delay_loop 6 lb_algo rr lb_kind DR protocol TCP real_server 192.168.2.3 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.2.4 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } [root@localhost ~]# systemctl restart keepalived
五,配置NFS共享文件服务器
配置IP地址
[root@localhost ~]# ifconfig ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.7.3 netmask 255.255.255.0 broadcast 192.168.7.255 inet6 fe80::20c:29ff:fe4f:2519 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:4f:25:19 txqueuelen 1000 (Ethernet) RX packets 1474 bytes 240615 (234.9 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 827 bytes 93826 (91.6 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
安装NFS程序
[root@localhost ~]# yum -y install nfs-utils rpcbind [root@localhost ~]# systemctl enable nfs Created symlink from /etc/systemd/system/multi-user.target.wants/nfs-server.service to /usr/lib/systemd/system/nfs-server.service. [root@localhost ~]# systemctl enable rpcbind
设置共享目录
[root@localhost ~]# mkdir -p /opt/www [root@localhost ~]# vi /etc/exports /opt/www 192.168.7.0/24(rw,sync,no_root_squash)
启动NFS服务程序
[root@localhost ~]# systemctl start rpcbind [root@localhost ~]# systemctl start nfs
查看本机发布的NFS共享目录
1. [root@localhost ~]# showmount -e 2. Export list for localhost.localdomain: 3. /opt/www 192.168.7.0/24
六,在Nginx服务器上挂载共享资源
安装rpcbind软件包,并启动rpbind服务
[root@localhost ~]# yum -y install rpcbind nfs-utils [root@localhost ~]# systemctl enable rpcbind [root@localhost ~]# systemctl start rpcbind
手动挂载NFS共享目录
[root@localhost ~]# mount 192.168.7.3:/opt/www /var/www
设置统一信息
[root@localhost ~]# echo "hello" > /var/www/index.html
浏览器测试即可
最终验收
- 在internet上可以正常访问网站,并通过命令查看负载均衡正常。
- 断掉第一台web服务器的网卡,网站依然可以访问。
- 断掉主调度器的网卡,网站依然可以访问。