keepalived高可用
keepalived是什么?
Keepalived 軟體起初是專為LVS負載均衡軟體設計的,用來管理并監控LVS集群系統中各個服務節點的狀態,后來又加入了可以實作高可用的VRRP功能,因此,Keepalived除了能夠管理LVS軟體外,還可以作為其他服務(例如:Nginx、Haproxy、MySQL等)的高可用解決方案軟體,
Keepalived軟體主要是通過VRRP協議實作高可用功能的,VRRP是Virtual Router RedundancyProtocol(虛擬路由器冗余協議)的縮寫,VRRP出現的目的就是為了解決靜態路由單點故障問題的,它能夠保證當個別節點宕機時,整個網路可以不間斷地運行,
所以,Keepalived 一方面具有配置管理LVS的功能,同時還具有對LVS下面節點進行健康檢查的功能,另一方面也可實作系統網路服務的高可用功能,
Keepalived官網:http://www.keepalived.org/
Keepalived的重要功能
keepalived 有三個重要的功能,分別是:
-
管理LVS負載均衡軟體
-
實作LVS集群節點的健康檢查
-
作為系統網路服務的高可用性
keepalived高可用故障轉移的原理
Keepalived 高可用服務之間的故障切換轉移,是通過 VRRP (Virtual Router Redundancy Protocol ,虛擬路由器冗余協議)來實作的,
在 Keepalived 服務正常作業時,主 Master 節點會不斷地向備節點發送(多播的方式)心跳訊息,用以告訴備 Backup 節點自己還活看,當主 Master 節點發生故障時,就無法發送心跳訊息,備節點也就因此無法繼續檢測到來自主 Master 節點的心跳了,于是呼叫自身的接管程式,接管主 Master 節點的 IP 資源及服務,而當主 Master 節點恢復時,備 Backup 節點又會釋放主節點故障時自身接管的IP資源及服務,恢復到原來的備用角色,
keepalived原理
Keepalived高可用對之間是通過VRRP通信的,因此,我們從 VRRP開始了解起:
- VRRP,全稱 Virtual Router Redundancy Protocol,中文名為虛擬路由冗余協議,VRRP的出現是為了解決靜態路由的單點故障,
- VRRP是通過一種竟選協議機制來將路由任務交給某臺 VRRP路由器的,
- VRRP用 IP多播的方式(默認多播地址(224.0.0.18))實作高可用對之間通信,
- 作業時主節點發包,備節點接包,當備節點接收不到主節點發的資料包的時候,就啟動接管程式接管主節點的資源,備節點可以有多個,通過優先級競選,但一般 Keepalived系統運維作業中都是一對,
- VRRP使用了加密協議加密資料,但Keepalived官方目前還是推薦用明文的方式配置認證型別和密碼,
介紹完 VRRP,接下來我再介紹一下 Keepalived服務的作業原理:
Keepalived高可用是通過 VRRP 進行通信的, VRRP是通過競選機制來確定主備的,主的優先級高于備,因此,作業時主會優先獲得所有的資源,備節點處于等待狀態,當主掛了的時候,備節點就會接管主節點的資源,然后頂替主節點對外提供服務,
在 Keepalived 服務之間,只有作為主的服務器會一直發送 VRRP 廣播包,告訴備它還活著,此時備不會槍占主,當主不可用時,即備監聽不到主發送的廣播包時,就會啟動相關服務接管資源,保證業務的連續性.接管速度最快可以小于1秒,
演示:
實驗環境:
| 主機名 | 系統 | IP | VIP |
|---|---|---|---|
| lxmaster.example.com | Red Hat Enterprise Linux release 8.2 | 192.168.100.110/24 | 192.168.100.200/32 |
| lxbackup.example.com | Red Hat Enterprise Linux release 8.2 | 192.168.100.120/24 |
配置IP
#Master主節點
[root@lxmaster ~]# nmcli
eth0: 已連接 到 eth0
"VMware VMXNET3"
ethernet (vmxnet3), 00:0C:29:E7:7F:F3, 硬體, mtu 1500
ip4 默認
inet4 192.168.100.110/24
route4 192.168.100.0/24
route4 0.0.0.0/0
inet6 fe80::20c:29ff:fee7:7ff3/64
route6 fe80::/64
route6 ff00::/8
#backup備份節點
[root@lxbackup ~]# nmcli
ens160: 已連接 到 ens160
"VMware VMXNET3"
ethernet (vmxnet3), 00:0C:29:88:DC:C6, 硬體, mtu 1500
ip4 默認
inet4 192.168.100.120/24
route4 192.168.100.0/24
route4 0.0.0.0/0
inet6 fe80::20c:29ff:fe88:dcc6/64
route6 fe80::/64
route6 ff00::/8
關閉防火墻
#Master主節點
[root@lxmaster ~]# systemctl stop firewalld.service
[root@lxmaster ~]# systemctl disable firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@lxmaster ~]# vim /etc/selinux/
[root@lxmaster ~]# vim /etc/selinux/config
...
SELINUX=disabled
...
#backup備份節點
[root@lxbackup ~]# systemctl stop firewalld.service
[root@lxbackup ~]# systemctl disable firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@lxbackup ~]# vim /etc/selinux/config
...
SELINUX=disabled
...
安裝keeppalived
#Mster主節點
[root@lxmaster ~]# yum -y install vim wget gcc gcc-c++
[root@lxmaster ~]# yum -y install keepalived
#backup節點
[root@lxbackup ~]# yum -y install vim wget gcc gcc-c++
[root@lxbackup ~]# yum -y install keepalived
安裝nginx
#Master主節點
[root@lxmaster ~]# yum -y install nginx
[root@lxmaster ~]# echo " master node" > /usr/share/nginx/html/index.html
[root@lxmaster ~]# systemctl restart nginx.service
[root@lxmaster ~]# systemctl enable nginx.service
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.
#backup節點
[root@lxbackup ~]# yum -y install nginx
[root@lxbackup ~]# echo "backup node" > /usr/share/nginx/html/index.html
[root@lxbackup ~]# systemctl enable --now nginx.service
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.
測驗
#Master主節點
[root@lxmaster ~]# curl localhost
master node
#backup節點
[root@lxbackup ~]# curl localhost
backup node
配置keepalived
#Master主節點
[root@lxmaster ~]# cd /etc/keepalived/
[root@lxmaster keepalived]# cp keepalived.conf keepalived.conf.bak
[root@lxmaster keepalived]# vim keepalived.conf
! Configuration File for keepalived
global_defs {
router id lx01
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.100.200
}
}
virtual_server 192.168.100.200 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.100.110 80 {
weight 1
TCP_CHECK{
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.200.3 1358 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
#重啟keepalived
[root@lxmaster keepalived]# systemctl restart keepalived.service
[root@lxmaster keepalived]# systemctl enable keepalived.service
Created symlink /etc/systemd/system/multi-user.target.wants/keepalived.service → /usr/lib/systemd/system/keepalived.service.
#backup備份節點
[root@lxbackup ~]# cd /etc/keepalived/
[root@lxbackup keepalived]# cp keepalived.conf keepalived.conf.bak
[root@lxbackup keepalived]# vim keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lx02
}
vrrp_instance VI_1 {
state BACKUP
interface ens160
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.100.200
}
}
virtual_server 192.168.100.200 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.100.110 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.100.120 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@lxbackup keepalived]# systemctl restart keepalived.service
[root@lxbackup keepalived]# systemctl enable keepalived.service
Created symlink /etc/systemd/system/multi-user.target.wants/keepalived.service → /usr/lib/systemd/system/keepalived.service.
在master中配置VIP
[root@lxmaster ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
...
IPADDR1=192.168.100.200
PREFIX1=32
[root@lxmaster ~]# systemctl restart NetworkManager
[root@lxmaster ~]# nmcli connection up eth0
連接已成功激活(D-Bus 活動路徑:/org/freedesktop/NetworkManager/ActiveConnection/4)
[root@lxmaster ~]# ip a
...
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:e7:7f:f3 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.110/24 brd 192.168.100.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 192.168.100.200/32 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
...
撰寫腳本
#Master主節點
[root@lxmaster scripts]# vim check.sh
#!/bin/bash
nginx_status=`ps -ef | grep -v "grep" | grep "nginx" | wc -l`
if [ $nginx_status -lt 1 ];then
systemctl stop keepalived
fi
[root@lxmaster scripts]# vim notify.sh
#!/bin/bash
VIP=$2
sendmail () {
subject="${VIP}'s server keepalived state is translate"
content="`date +'%F %T'`: `hostname`'s state change to master"
echo $content | mail -s "$subject" [email protected]
}
case "$1" in
master)
nginx_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bnginx\b'|wc -l)
if [ $nginx_status -lt 1 ];then
systemctl start nginx
fi
sendmail
;;
backup)
nginx_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bnginx\b'|wc -l)
if [ $nginx_status -gt 0 ];then
systemctl stop nginx
fi
;;
*)
echo "Usage:$0 master|backup VIP"
;;
esac
[root@lxmaster scripts]# chmod +x check.sh
[root@lxmaster scripts]# chmod +x notify.sh
再次配置keepalived
#Master主節點
[root@lxmaster scripts]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router id lx01
}
vrrp_script nginx_check {
script "/scripts/check.sh"
interval 10
weight -20
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.100.200
}
track_script{
nginx_check
}
notify_master "/scripts/notify.sh master 192.168.100.200"
notify_backup "/scripts/notify.sh backup 192.168.100.200"
}
virtual_server 192.168.100.200 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.100.110 80 {
weight 1
TCP_CHECK{
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.200.3 1358 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@lxmaster scripts]# systemctl restart keepalived.service
#backup節點
[root@lxbackup ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lx02
}
vrrp_script nginx_check {
script "/scripts/check.sh"
interval 10
weight -20
}
vrrp_instance VI_1 {
state BACKUP
interface ens160
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.100.200
}
notify_master "/scripts/notify.sh master 192.168.100.200"
notify_backup "/scripts/notify.sh backup 192.168.100.200"
}
virtual_server 192.168.100.200 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.100.110 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.100.120 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@lxbackup ~]# systemctl restart keepalived.service
模擬故障
[root@lxmaster ~]# systemctl restart nginx.service
[root@lxmaster ~]# systemctl enable nginx
#此時查看備份節點80埠暫未開啟
[root@lxbackup ~]# ss -tanl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::1]:631 [::]:*
[root@lxmaster ~]# systemctl stop nginx.service
[root@lxmaster ~]# systemctl restart keepalived.service
#再次查看備份節點80埠已開啟
[root@lxbackup ~]# ss -tanl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 [::]:80 [::]:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::1]:631 [::]:*
轉載請註明出處,本文鏈接:https://www.uj5u.com/caozuo/512937.html
標籤:Linux
上一篇:JavaScript-在不使用display:none的情況下顯示div
下一篇:Linux目錄與路徑