Implementation principle and deployment
- Understand the principle of Keepalived implementation
- Highly available LVS+Keepalived deployment
- Validation results
-
-
- (1) First, use the notebook browser to visit 192.168.100.88 to see if polling: the following is the correct result
- (2) Capture packets to see who is the master scheduler, just see who sends the VRRP message: the following is the correct result
- (3) Check again whether the standby scheduler can poll: the following is the correct result
- (4) Open the notebook CMD to view the MAC address of 192.168.100.88
- (5) CMD keeps ping 88, stop standby scheduler Keepalived service to see if MAC address is switched
-
- Error set and troubleshooting
Understand the principle of Keepalived implementation
Case analysis
| In enterprise applications, a single server bears the risk of a single point of failure in the application |
|---|
| In enterprise application clusters, there are at least two single-point failure dangers. Once a single-point failure occurs, enterprise services will be interrupted, causing great harm |
In the above topology diagram, you can see that in the DR cluster, if the scheduler is down, the entire cluster cannot be used normally
Keepalived tool introduction
Support automatic failover (Failover)
Support node health check (Health Checking)
Official website: http://www.keepalived.org/
Analysis of realization principle
Keepalived adopts VRRP hot backup protocol to realize the multi-machine hot backup function of Linux server
VRRP, Virtual Routing Redundancy Protocol, is a backup solution for routers
| 1. A hot backup group is formed by multiple routers, which provide services to the outside through a shared virtual IP address |
|---|
| 2. Only one main router provides service at the same time in each hot standby group, and other routers are in redundant state |
| 3. If the currently online router fails, other routers will automatically take over the virtual IP address according to the set priority and continue to provide services |
Solve the problem topology
Keepalived configuration file analysis
| 1. Drift address: | 192.168.100.88 |
|---|---|
| Primary and standby servers: | 192.168.100.22、192.168.100.23 |
| Application services provided: | Web |
#########################################################################
| 2. The configuration file keepalived.conf | |
|---|---|
| Global Settings: | global_defs { … } |
| Hot backup settings: | vrrp_instance instance name {…} |
| The sample files are located at: | /etc/keepalived/samples/… |
#####################################################################
| 3. Main server configuration | |
|---|---|
| state: | Set the status of this node, MASTER, BACKUP |
| priority: | Set election priority, the larger the value, the higher the priority |
| virtual_ipaddress { … }: | Set drifting IP address |
########################################################################
| 4. Standby server configuration |
|---|
| router_id is set to own name |
| state is set to BACKUP |
| The priority value is lower than the main server |
#########################################################################
| 5. Enable keepalived service |
|---|
| Keepalived service is enabled in the main and standby machines |
| Among them, the device with the highest priority will gain control of the VIP |
| VIP address will be automatically set by keepalived |
Highly available LVS+Keepalived deployment
Web environment
IP address planning:
| Drifting address (VIP): | 192.168.100.88 | ||
|---|---|---|---|
| Master scheduler: | 192.168.100.22 | Gateway: | 192.168.100.1 |
| Secondary scheduler: | 192.168.100.23 | Gateway: | 192.168.100.1 |
| WEB server 1: | 192.168.100.24 | Gateway: | 192.168.100.1 |
| WEB server 2: | 192.168.100.25 | Gateway: | 192.168.100.1 |
| Storage server: | 192.168.100.21 | Gateway: | 192.168.100.1 |
| lab environment |
|---|
| All systems close the firewall, close the core protection |
| System: Centos7.6 |
Configure the main scheduler 192.168.100.22
#【1】调整/proc响应参数
[root@localhost network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
##生效
[root@localhost network-scripts]# sysctl -p
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
#【2】清除负载分配策略
[root@localhost /]# ipvsadm -C
#【3】调整keepalived参数
[root@localhost ~]# yum -y install keepalived ipvsadm
[root@localhost ~]# cd /etc/keepalived/
#备份原配置文件
[root@localhost keepalived]# cp keepalived.conf keepalived.conf.bak
[root@localhost keepalived]# vi keepalived.conf
global_defs {
router_id HA_TEST_R1
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 1
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.100.88
}
}
virtual_server 192.168.100.88 80 {
delay_loop 15
lb_algo rr
lb_kind DR
persistence 60
protocol TCP
real_server 192.168.100.24 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
real_server 192.168.100.25 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
####启动keepalived
[root@localhost keepalived]# systemctl start keepalived
####开机启动keepalived
[root@localhost keepalived]# systemctl enable keepalived
####查看主控制IP地址和漂移地址
[root@localhost keepalived]# ip addr show dev ens33
inet 192.168.100.22/24 brd 192.168.100.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.100.88/32 scope global ens33
Configure the auxiliary scheduler 192.168.100.23
【1】调整/proc响应参数
[root@localhost network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
#生效
[root@localhost network-scripts]# sysctl -p
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
【2】清除负载分配策略
[root@localhost /]# ipvsadm -C
【3】调整keepalived参数
[root@localhost ~]# yum -y install keepalived ipvsadm
[root@localhost ~]# cd /etc/keepalived/
[root@localhost keepalived]# cp keepalived.conf keepalived.conf.bak
[root@localhost keepalived]# vi keepalived.conf
global_defs {
router_id HA_TEST_R2
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 1
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.100.88
}
}
virtual_server 192.168.100.88 80 {
delay_loop 15
lb_algo rr
lb_kind DR
persistence 60
protocol TCP
real_server 192.168.100.24 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
real_server 192.168.100.25 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
####启动keepalived
[root@localhost keepalived]# systemctl start keepalived
####开机启动keepalived
[root@localhost keepalived]# systemctl enable keepalived
####查看主控制IP地址和漂移地址,这里是没有虚拟192.168.100.88地址的
[root@localhost keepalived]# ip addr show dev ens33
inet 192.168.100.23/24 brd 192.168.100.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe44:b2a/64 scope link
valid_lft forever preferred_lft forever
Take a look at the VRRP of the master/standby scheduler
Here we can see that 192.168.100.22 is now the master scheduler
Configure storage server: 192.168.100.21
rpm -q nfs-utils ###如果没装,yum -y install nfs-utils
rpm -q rpcbind ###如果没装,yum -y install rpcbind
[root@localhost ~]# systemctl start nfs
[root@localhost ~]# systemctl start rpcbind
[root@localhost ~]# vi /etc/exports
/opt/51xit 192.168.100.0/24(rw,sync)
/opt/52xit 192.168.100.0/24(rw,sync)
[root@localhost ~]# systemctl restart nfs
[root@localhost ~]# systemctl restart rpcbind
[root@localhost ~]# systemctl enable nfs
[root@localhost ~]# systemctl enable rpcbind
[root@localhost ~]# mkdir /opt/51xit /opt/52xit
[root@localhost ~]# echo "51是我" >/opt/51xit/index.html
[root@localhost ~]# echo "我是52" >/opt/52xit/index.html
Configure the node server: 192.168.100.24
【1】配置虚拟IP地址
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0
[root@localhost network-scripts]# vi ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.100.88
NETMASK=255.255.255.255
ONBOOT=yes
[root@localhost network-scripts]# ifup lo:0
[root@localhost network-scripts]# ifconfig
lo:0: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 192.168.100.10 netmask 255.255.255.255
loop txqueuelen 1000 (Local Loopback)
##这个相当于开机手动添加本地路由
[root@localhost network-scripts]# vi /etc/rc.local
/sbin/route add -host 192.168.100.88 dev lo:0
##我们需要手动添加本地192.168.100.88的路由,不然本机虚拟IP不能访问
[root@localhost network-scripts]# route add -host 192.168.100.88 dev lo:0
【2】调整/proc响应参数
[root@localhost network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@localhost network-scripts]# sysctl -p
【2】安装httpd 挂载测试页
[root@localhost ~]# showmount -e 192.168.100.21
Export list for 192.168.100.21:
/opt/51xit 192.168.100.0/24
/opt/52xit 192.168.100.0/24
[root@localhost ~]# yum -y install httpd
[root@localhost ~]# mount 192.168.100.21:/opt/51xit /var/www/html/
##永久挂载
[root@localhost ~]# vi /etc/fstab
192.168.100.21:/opt/51xit/ /var/www/html/ nfs rw,tcp,intr 0 1
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl enable httpd
#关机重启看一下服务是否会掉
[root@localhost ~]# init6
##重启好以后,用笔记本的浏览器访问一下是否正常
Configure the node server: 192.168.100.25
【1】配置虚拟IP地址
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0
[root@localhost network-scripts]# vi ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.100.88
NETMASK=255.255.255.255
ONBOOT=yes
[root@localhost network-scripts]# ifup lo:0
[root@localhost network-scripts]# ifconfig
lo:0: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 192.168.100.88 netmask 255.255.255.255
loop txqueuelen 1000 (Local Loopback)
[root@localhost network-scripts]# vi /etc/rc.local
/sbin/route add -host 192.168.100.88 dev lo:0
[root@localhost network-scripts]# route add -host 192.168.100.88 dev lo:0
【2】调整/proc响应参数
[root@localhost network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@localhost network-scripts]# sysctl -p
【3】安装httpd 挂载测试页
[root@localhost ~]# showmount -e 192.168.100.21
Export list for 192.168.100.21:
/opt/51xit 192.168.100.0/24
/opt/52xit 192.168.100.0/24
[root@localhost ~]# yum -y install httpd
[root@localhost ~]# mount 192.168.100.21:/opt/52xit /var/www/html/
[root@localhost ~]# vi /etc/fstab
192.168.100.21:/opt/52xit/ /var/www/html/ nfs rw,tcp,intr 0 1
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl enable httpd
###登录192.168.100.43测试网站是否正常####
Validation results
(1) First, use the notebook browser to visit 192.168.100.88 to see if polling: the following is the correct result
Clear browser history, close and reopen visit 88
(2) Capture packets to see who is the master scheduler, just see who sends the VRRP message: the following is the correct result
At this time, stop the Keepalived service of the main scheduler and check whether it is automatically switched to the 192.168.100.23 standby scheduler
(3) Check again whether the standby scheduler can poll: the following is the correct result
Clear browser history, close and reopen visit 88
(4) Open the notebook CMD to view the MAC address of 192.168.100.88
Note: At this time we are on the standby scheduler, the MAC address should be the standby scheduler.
You can see that it is the MAC address of the 192.168.100.23 host, and the virtual address is also there.
(5) CMD keeps ping 88, stop standby scheduler Keepalived service to see if MAC address is switched
This timeout is a normal phenomenon, because it takes time to switch, the packet is normal,
MAC address switch is successful, virtual address switch is successful, and the experiment is successful
Error set and troubleshooting
#(1)如果你之前配置了错误的ipvsadm,重启Keepalived后任然不能生效:
解决:[root@localhost /]# ipvsadm -C
#(2)如果你重启了WEB1或者WEB2的network,那么你的本地192.168.100.88路由也会消失
解决:
手动添加:route add -host 192.168.100.10 dev lo:0
#(3)任何服务搭建完毕后,都应该init6重启,因为生产环境上线的机器是不能重启的
#以后一旦服务器挂掉,开启后服务不能正常运行,你再去排错,还能记得吗?