1、什么是Keepalived?
Keepalived是用C语言编写的路由软件。该项目的主要目标是为Linux系统和基于Linux的基础结构提供负载均衡和高可用性的简单而强大的功能。负载平衡框架依赖于提供第4层负载平衡的著名且广泛使用的Linux虚拟服务器(IPVS)内核模块。Keepalived实现了一组VIP功能,以根据其运行状况动态,自适应地维护和管理负载平衡的服务器池。另一方面,VRRP实现了高可用性 协议。VRRP是路由器故障转移的基础。
此外,Keepalived还实现了一组VRRP有限状态机的挂钩,从而提供了低级和高速协议交互。为了提供最快的网络故障检测,Keepalived实施BFD协议。VRRP状态转换可以考虑BFD提示来驱动快速状态转换。Keepalived框架可以独立使用,也可以一起使用以提供弹性基础架构。
keepalived支持多组VIP的操作,就是一台服务器上可以部署多台VIP,可以理解为每个VIP是一组操作。
2、keepalived运行原理
keepalived 通过选举(看服务器设置的权重)挑选出一台热备服务器做 MASTER 机器,MASTER 机器会被分配到一个指定的虚拟 ip,即VIP, 外部程序可通过该 VIP 访问这台服务器,如果这台服务器出现故障(断网,重启,或者本机器上的 keepalived crash 等),keepalived 会从其他的备份机器上重选(还是看服务器设置的权重)一台机器做 MASTER 并分配同样的虚拟 IP,充当前一台 MASTER 的角色。权重越高,备用机器被拉起来的占比就越大,一般的主备就可以满足我们的需求
Keepalived实验案例####
IP地址规划:
漂移地址(VIP):192.168.100.10
主调度器:192.168.100.114
辅调度器:192.168.100.90
WEB服务器1:192.168.100.85
WEB服务器2:192.168.100.87
存储服务器:192.168.100.86
###配置主调度器 192.168.100.114 ####### 关闭防火墙
【1】调整/proc响应参数
[root@localhost network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
[root@localhost network-scripts]# sysctl -p ###生效
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
【2】清除负载分配策略
[root@localhost /]# ipvsadm -C
【3】调整keepalived参数
[root@localhost ~]# yum -y install keepalived ipvsadm
[root@localhost ~]# cd /etc/keepalived/
[root@localhost keepalived]# cp keepalived.conf keepalived.conf.bak
[root@localhost keepalived]# vi keepalived.conf
#将配置文件修改成下面的内容#####
global_defs {
router_id HA_TEST_R1 ####本路由器的服务器名称 HA_TEST_R1
}
vrrp_instance VI_1 {
####定义VRRP热备实列
state MASTER ####热备状态,master表示主服务器
interface ens33 ####表示承载VIP地址的物理接口
virtual_router_id 1 ####虚拟路由器的ID号,每个热备组保持一致
priority 100 ####优先级,优先级越大优先级越高
advert_int 1 ####通告间隔秒数(心跳频率)
authentication {
####认证信息,每个热备组保持一致
auth_type PASS ####认证类型
auth_pass 123456 ####认证密码
}
virtual_ipaddress {
####漂移地址(VIP),可以是多个
192.168.100.10
}
}
virtual_server 192.168.100.10 80 {
####虚拟服务器地址(VIP)、端口
delay_loop 15 ####健康检查的时间间隔(秒)
lb_algo rr ####轮询调度算法
lb_kind DR ####直接路由(DR)群集工作模式
persistence 60 ####连接保持时间(秒),若启用请去掉!号
protocol TCP ####应用服务采用的是TCP协议
real_server 192.168.100.85 80 {
####第一个WEB站点的地址,端口
weight 1 ####节点的权重
TCP_CHECK {
####健康检查方式
connect_port 80 ####检查端口目标
connect_timeout 3 ####连接超时(秒)
nb_get_retry 3 ####重试次数
delay_before_retry 4 ####重试间隔(秒)
}
}
real_server 192.168.100.87 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
[root@localhost keepalived]# systemctl start keepalived ####启动keepalived
[root@localhost keepalived]# systemctl enable keepalived ####开机启动keepalived
[root@localhost keepalived]# ip addr show dev ens33 ####查看主控制IP地址和漂移地址
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fifo_fast state UP group default qlen 1000
link/ether 00:0c:29:bb:29:cc brd ff:ff:ff:ff:ff:ff
inet 192.168.100.40/24 brd 192.168.100.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.100.10/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:febb:29cc/64 scope link
valid_lft forever preferred_lft forever
###配置辅调度器 192.168.100.90 ####### 关闭防火墙
【1】调整/proc响应参数
[root@localhost network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
[root@localhost network-scripts]# sysctl -p ###生效
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
【2】清除负载分配策略
[root@localhost /]# ipvsadm -C
【3】调整keepalived参数
[root@localhost ~]# yum -y install keepalived ipvsadm
[root@localhost ~]# cd /etc/keepalived/
[root@localhost keepalived]# cp keepalived.conf keepalived.conf.bak
[root@localhost keepalived]# vi keepalived.conf
#将配置文件改为下面的内容 解析内容不需要####
global_defs {
router_id HA_TEST_R2 ####本路由器的服务器名称 HA_TEST_R2
}
vrrp_instance VI_1 {
####定义VRRP热备实列
state BACKUP ####热备状态,backup表示辅服务器
interface ens33 ####表示承载VIP地址的物理接口
virtual_router_id 1 ####虚拟路由器的ID号,每个热备组保持一致
priority 99 ####优先级,优先级越大优先级越高
advert_int 1 ####通告间隔秒数(心跳频率)
authentication {
####认证信息,每个热备组保持一致
auth_type PASS ####认证类型
auth_pass 123456 ####认证密码
}
virtual_ipaddress {
####漂移地址(VIP),可以是多个
192.168.100.10
}
}
virtual_server 192.168.100.10 80 {
delay_loop 15
lb_algo rr
lb_kind DR
persistence 60
protocol TCP
##
real_server 192.168.100.85 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
real_server 192.168.100.87 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
[root@localhost keepalived]# systemctl start keepalived ####启动keepalived
[root@localhost keepalived]# systemctl enable keepalived ####开机启动keepalived
[root@localhost keepalived]# ip addr show dev ens33 ####查看主控制IP地址和漂移地址
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:44:0b:2a brd ff:ff:ff:ff:ff:ff
inet 192.168.100.41/24 brd 192.168.100.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe44:b2a/64 scope link
valid_lft forever preferred_lft forever
####抓包查看调度器情况####
查看调度器发出的VRRP包信息。。。。
#####配置存储服务器:192.168.100.86####
rpm -q nfs-utils ###如果没装,yum -y install nfs-utils
rpm -q rpcbind ###如果没装,yum -y install rpcbind
[root@localhost ~]# systemctl start nfs
[root@localhost ~]# systemctl start rpcbind
[root@localhost ~]# vi /etc/exports
/opt/51xit 192.168.100.0/24 (rw,sync)
/opt/52xit 192.168.100.0/24 (rw,sync)
[root@localhost ~]# systemctl restart nfs
[root@localhost ~]# systemctl restart rpcbind
[root@localhost ~]# systemctl enable nfs
[root@localhost ~]# systemctl enable rpcbind
[root@localhost ~]# mkdir /opt/51xit /opt/52xit
[root@localhost ~]# echo “this is 51xit” >/opt/51xit/index.html
[root@localhost ~]# echo “this is 52xit” >/opt/52xit/index.html
###配置节点服务器:192.168.100.85####
【1】配置虚拟IP地址
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0
[root@localhost network-scripts]# vi ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.100.10
NETMASK=255.255.255.255
ONBOOT=yes
[root@localhost network-scripts]# ifup lo:0
[root@localhost network-scripts]# ifconfig
[root@localhost network-scripts]# vi /etc/rc.local
/sbin/route add -host 192.168.100.10 dev lo:0
[root@localhost network-scripts]# route add -host 192.168.100.10 dev lo:0
[root@mysql3 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.100.114 0.0.0.0 UG 100 0 0 ens33
192.168.100.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
192.168.100.10 0.0.0.0 255.255.255.255 UH 0 0 0 lo ##重启之后这个会消失但是不影响实验
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
【2】调整/proc响应参数
[root@localhost network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@localhost network-scripts]# sysctl -p
【2】安装httpd 挂载测试页
[root@localhost ~]# showmount -e 192.168.100.86 ####如果还没发布,请到存储服务器发布下,exportfs -rv
Export list for 192.168.100.86:
/opt/51xit (everyone)
/opt/52xit (everyone)
[root@localhost ~]# yum -y install httpd
[root@localhost ~]# mount 192.168.100.86:/opt/51xit /var/www/html/
[root@localhost ~]# vi /etc/fstab
192.168.100.86:/opt/51xit/ /var/www/html/ nfs rw,tcp,intr 0 1 ###开机自动挂载,注意格式对齐
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl enable httpd
###登录192.168.100.85测试网站是否正常####
###配置节点服务器:192.168.100.87####
【1】配置虚拟IP地址
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0
[root@localhost network-scripts]# vi ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.100.10
NETMASK=255.255.255.255
ONBOOT=yes
[root@localhost network-scripts]# ifup lo:0
[root@localhost network-scripts]# ifconfig
需要有下面的显示说明添加上了环回口的IP地址
lo:0: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 192.168.100.10 netmask 255.255.255.255
loop txqueuelen 1000 (Local Loopback)
[root@localhost network-scripts]# vi /etc/rc.local
/sbin/route add -host 192.168.100.10 dev lo:0
[root@localhost network-scripts]# route add -host 192.168.100.10 dev lo:0
【2】调整/proc响应参数
[root@localhost network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@localhost network-scripts]# sysctl -p #查看上面的参数有有没加上
【2】安装httpd 挂载测试页
[root@localhost ~]# showmount -e 192.168.100.86 ####如果还没发布,请到存储服务器发布下,exportfs -rv
Export list for 192.168.100.86:
/opt/accp (everyone)
/opt/bdqn (everyone)
[root@localhost ~]# yum -y install httpd
[root@localhost ~]# mount 192.168.100.86:/opt/52xit /var/www/html/
[root@localhost ~]# vi /etc/fstab
192.168.100.86:/opt/52xit/ /var/www/html/ nfs rw,tcp,intr 0 1 ###开机自动挂载,注意格式对齐
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl enable httpd
###登录192.168.100.87测试网站是否正常####
#######测试网站
1、测试主调度器是否正常工作
打开抓包工具,会发现192.168.100.114主调度器,一直在发VRRP报文
打开浏览器 192.168.100.10 出现 this is 51xit
等待一分钟 打开浏览器 192.168.100.10 出现this is 52xit
主调度器正常!!!
还可进行抓包查看情况
2、测试辅调度器是否正常工作
停止主服务器的keepadlive systemctl stop keepalived.service
打开抓包工具,会发现192.168.100.90辅调度器,一直在发VRRP报文
打开浏览器 192.168.100.10 出现 this is 51xit
等待一分钟 打开浏览器 192.168.100.10 出现 this is 52xit
辅调度器正常!!!
tail -f /var/log/messages ##动态查看日志信息
抓包情况
