目录
一、Keepalived概述与安装
(1)Keepalived简介
Keepalived是一款专门为LVS+HA设计的一款健康检查工具
它支持的功能有:
(1)支持故障自动切换(Failover)
(2)支持节点健康状态检查(Health Checking)
官方网站:http://www.keepalived.org/
logo:
(2)Keepalived的热备方式
1.VRRP(Virtual Router Redundancy Protocol,虚拟路由冗余协议)
示例图:
2.一主+多备,共用一个ip地址,但是优先级不一样注:如果需要使用多台备用服务器,state均设为backup,但是各自的优先级priority不要相同即可
示例图:
(3)Keepalived的安装
实验环境:
| 服务器名称 | IP地址 | 扮演角色 |
|---|---|---|
| keepalived-1 | 192.168.100.1 | 主服务器 |
| keepalived-2 | 192.168.100.2 | 备用服务器 |
漂移地址为:192.168.100.254
提供的应用服务有:Web本次实验全部采用Centos7的操作系统
主服务器配置
******(1)先做基础配置
[root@centos7-007 ~]# hostnamectl set-hostname keepalived-1
[root@centos7-007 ~]# su
[root@keepalived-1 ~]# systemctl stop firewalld
[root@keepalived-1 ~]# setenforce 0
setenforce: SELinux is disabled
[root@keepalived-1 ~]# mount /dev/cdrom /media/cdrom/
mount: /dev/sr0 写保护,将以只读方式挂载
******(2)使用yum安装必要组件
[root@keepalived-1 ~]# yum -y install keepalived ipvsadm httpd
。。。。。。
完毕!
******(2)编写web页面,设置keepalived为自启动
[root@keepalived-1 ~]# echo "1111111111" > /var/www/html/index.html
[root@keepalived-1 ~]# systemctl enable keepalived
Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.
******(3)配置keepalived配置文件(做之前先备份一下养成习惯)
[root@keepalived-1 ~]# mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@keepalived-1 ~]# vim /etc/keepalived/keepalived.conf (编写新的配置文件)
写入:
global_defs {
router_id A1
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 1
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.100.254
}
}
保存退出
——————————————————————————————————————华丽分割线——————————————————————————————————————
配置文件项解析:
router_id A1 ##本服务器的名称(这个名称随便写)
vrrp_instance VI_1 { ##定义VRRP热备实例
state MASTER ##MASTER表示主服务器,备份服务器填BACKUP
interface ens33 ##承载VIP地址的物理接口
virtual_router_id 1 ##虚拟路由器的ID号,这个ID号主服务器要和备份服务器一致
priority 100 ##优先级,数值越大优先级越高,备份服务器的优先级要比主服务器的低
advert_int 1 ##通告间隔秒数(心跳频率)
authentication { ##认证信息
auth_type PASS ##认证类型
auth_pass 123456 ##密码字串
}
virtual_ipaddress {
192.168.200.254 ##指定漂移地址(VIP),主服务器要和备份服务器一致
—————————————————————————————————————————————————————————————————————————————————————
******(4)启动keepalived和httpd
[root@keepalived-1 ~]# systemctl start keepalived
[root@keepalived-1 ~]# systemctl start httpd
[root@keepalived-1 ~]# curl 127.0.0.1 (测试是否启动正常)
11111
******(5)使用ip a命令查看vip是否在主服务器上
[root@keepalived-1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:44:ad:db brd ff:ff:ff:ff:ff:ff
inet 192.168.100.1/24 brd 192.168.100.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.100.254/32 scope global ens33 (发现vip在主服务器上)
valid_lft forever preferred_lft forever
inet6 fe80::7762:f351:dbfc:cb0e/64 scope link noprefixroute
valid_lft forever preferred_lft forever
备份服务器配置
******和主服务器配置相同
[root@centos7-008 ~]# hostnamectl set-hostname keepalived-2
[root@centos7-008 ~]# su
[root@keepalived-2 ~]# systemctl stop firewalld
[root@keepalived-2 ~]# setenforce 0
setenforce: SELinux is disabled
[root@keepalived-2 ~]# mount /dev/cdrom /media/cdrom/
mount: /dev/sr0 写保护,将以只读方式挂载
[root@keepalived-2 ~]# yum -y install keepalived ipvsadm httpd
。。。。。。
完毕!
[root@keepalived-2 ~]# echo "22222222222" > /var/www/html/index.html
[root@keepalived-2 ~]# systemctl enable keepalived
Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.
[root@keepalived-2 ~]# mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@keepalived-2 ~]# vim /etc/keepalived/keepalived.conf
写入:
gglobal_defs {
router_id A2
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 1
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.100.254
}
}
保存退出
[root@keepalived-2 ~]# systemctl start keepalived
[root@keepalived-2 ~]# systemctl start httpd
[root@keepalived-2 ~]# curl 127.0.0.1
22222
[root@keepalived-2 ~]# ip a (查看地址,因为是备份服务器所以vip不在此服务器上)
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:bc:67:07 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.2/24 brd 192.168.100.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::2ff4:55fa:6c3d:65e0/64 scope link noprefixroute
valid_lft forever preferred_lft forever
验证
开一台测试机,去访问192.168.100.254(vip)
发现访问的是主服务器的,这个时候把主服务器的网卡ifdown,然后再次进行访问(如果关闭网卡没有进行切换那就把主服务器关掉)
开启主服务器网卡,然后用测试机pingVIP,过程中再次关掉主服务器网卡看多长时间恢复通信
至此Keepalived部署完成!!
二、利用Keepalived+LVS搭建高可用负载均衡群集
实验环境
| 服务器名称 | ip地址 | 扮演角色 |
|---|---|---|
| master | 192.168.100.1 | 主调度器 |
| backup | 192.168.100.2 | 备用调度器 |
| web1 | 192.168.100.3 | 节点服务器 |
| web2 | 192.168.100.4 | 节点服务器 |
漂移地址为:192.168.100.254
以下实验都在上面实验的基础上进行
主调度器配置
******(1)做基础配置
[root@Centos7 ~]# hostnamectl set-hostname master
[root@Centos7 ~]# su
[root@master ~]# systemctl stop httpd
[root@master ~]# yum -y remove httpd (删除httpd,因为之前安装只是用来测试的)
******(2)修改keepalived的配置文件
[root@master ~]# vim /etc/keepalived/keepalived.conf (修改主配置文件为)
global_defs {
router_id A1
}
vrrp_instance VI_1 {
state MASTER
interface ens32
virtual_router_id 1
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.100.254
}
}
virtual_server 192.168.100.254 80 {
delay_loop 15
lb_algo rr
lb_kind DR
protocol TCP
real_server 192.168.100.3 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
real_server 192.168.100.4 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
保存退出
—————————————————————————————————————华丽分割线———————————————————————————————————————
新增配置项详解:
virtual_server 192.168.100.254 80 {#这里填写vip漂移地址和端口号
delay_loop 15 #健康检查间隔时间秒
lb_algo rr #调度算法,这里是轮询,更多请点击文章开头的超链接
lb_kind DR #群集工作模式,这里是DR模式,更多请点击文章开头的超链接
! persistence_timeout 50 #连接保持时间
protocol TCP #应用服务采用的协议
real_server 192.168.100.3 80 { #这里填节点服务器的地址和端口,可以写多个节点,每个节点都这么写
weight 1 #权重
TCP_CHECK { #健康检查方式
connect_port 80 #目标端口
connect_timeout 3 #连接超时
nb_get_retry 3 #重试次数
delay_before_retry 3 #重试间隔
}
} #一定要注意{}完整性
—————————————————————————————————————————————————————————————————————————————————————
******(3)加载系统内核的服务模块等
[root@master ~]# modprobe ip_vs (加载模块)
[root@master ~]# lsmod | grep ip_vs (查看模块状态)
ip_vs 141092 0
nf_conntrack 133387 1 ip_vs
libcrc32c 12644 3 xfs,ip_vs,nf_conntrack
[root@master ~]# echo "modprobe ip_vs" >> /etc/rc.local (添加模块为开机启动的服务项)
[root@master ~]# systemctl restart keepalived (重新启动keepalived)
备份调度器配置
和主调度器的配置基本一致
[root@Centos7 ~]# hostnamectl set-hostname backup
[root@Centos7 ~]# su
[root@backup ~]# systemctl stop httpd
[root@backup ~]# yum -y remove httpd
[root@backup ~]# vim /etc/keepalived/keepalived.conf
修改:
global_defs {
router_id A2
}
vrrp_instance VI_1 {
state BACKUP
interface ens32
virtual_router_id 1
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.100.254
}
}
virtual_server 192.168.100.254 80 {
delay_loop 15
lb_algo rr
lb_kind DR
protocol TCP
real_server 192.168.100.3 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
real_server 192.168.100.4 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
保存退出
[root@backup ~]# modprobe ip_vs
[root@backup ~]# lsmod | grep ip_vs
ip_vs 141092 0
nf_conntrack 133387 1 ip_vs
libcrc32c 12644 3 xfs,ip_vs,nf_conntrack
[root@backup ~]# echo "modprobe ip_vs" >> /etc/rc.local
[root@backup ~]# systemctl restart keepalived
web1节点服务器配置
******(1)先做基础配置,使用yum安装httpd和编写web页面
[root@Centos7 ~]# hostnamectl set-hostname web1
[root@Centos7 ~]# su
[root@web1 ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护,将以只读方式挂载
mount: /dev/sr0 已经挂载或 /mnt 忙
/dev/sr0 已经挂载到 /mnt 上
[root@web1 ~]# yum -y install httpd
。。。。。。
完毕!
[root@web1 ~]# echo "1111111111" > /var/www/html/index.html
******(2)编写网卡配置
[root@web1 ~]# cd /etc/sysconfig/network-scripts/
[root@web1 network-scripts]# cp ifcfg-lo ifcfg-lo:0
写入:
DEVICE=lo:0
IPADDR=192.168.100.254
NETMASK=255.255.255.255
ONBOOT=yes
保存退出
[root@web1 network-scripts]# systemctl restart network (重启网络服务)
[root@web1 network-scripts]# ip a (查看是否添加成功)
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 192.168.100.254/32 brd 192.168.100.254 scope global lo:0
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
。。。。。。
[root@web1 network-scripts]# cd
******(3)添加路由,下一跳为vip地址
[root@web1 ~]# echo "route add -host 192.168.100.254 dev lo:0" >> /etc/rc.local
[root@web1 ~]# route add -host 192.168.100.254 dev lo:0
[root@web1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.100.0 0.0.0.0 255.255.255.0 U 100 0 0 ens32
192.168.100.254 0.0.0.0 255.255.255.255 UH 0 0 0 lo
******(4)添加不响应arp的策略
[root@web1 ~]# vim /etc/sysctl.conf (修改)
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
保存退出
[root@web1 ~]# sysctl -p (立即生效)
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
******(5)开启httpd服务
[root@web1 ~]# systemctl start httpd
[root@web1 ~]# curl 127.0.0.1
1111111111
web2节点服务器配置
和web1节点服务器配置基本相同
[root@Centos7 ~]# hostnamectl set-hostname web2
[root@Centos7 ~]# su
[root@web2 ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护,将以只读方式挂载
mount: /dev/sr0 已经挂载或 /mnt 忙
/dev/sr0 已经挂载到 /mnt 上
[root@web2 ~]# yum -y install httpd
。。。。。。
完毕!
[root@web2 ~]# echo "222222222" > /var/www/html/index.html
[root@web2 ~]# cd /etc/sysconfig/network-scripts/
[root@web2 network-scripts]# cp ifcfg-lo ifcfg-lo:0
[root@web2 network-scripts]# cat <<aa> ifcfg-lo:0
> DEVICE=lo:0
> IPADDR=192.168.100.254
> NETMASK=255.255.255.255
> ONBOOT=yes
> aa
[root@web2 network-scripts]# systemctl restart network
[root@web2 network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 192.168.100.254/32 brd 192.168.100.254 scope global lo:0
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:ed:7c:e7 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.4/24 brd 192.168.100.255 scope global ens32
valid_lft forever preferred_lft forever
inet6 fe80::34f4:cad:16ae:5b4d/64 scope link
valid_lft forever preferred_lft forever
[root@web2 network-scripts]# cd
[root@web2 ~]# echo "route add -host 192.168.100.254 dev lo:0" >> /etc/rc.local
[root@web2 ~]# route add -host 192.168.100.254 dev lo:0
[root@web2 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.100.0 0.0.0.0 255.255.255.0 U 100 0 0 ens32
192.168.100.254 0.0.0.0 255.255.255.255 UH 0 0 0 lo
[root@web2 ~]# cat <<aaa>> /etc/sysctl.conf
> net.ipv4.conf.all.arp_ignore = 1
> net.ipv4.conf.all.arp_announce = 2
> net.ipv4.conf.default.arp_ignore = 1
> net.ipv4.conf.default.arp_announce = 2
> net.ipv4.conf.lo.arp_ignore = 1
> net.ipv4.conf.lo.arp_announce = 2
> aaa
[root@web2 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@web2 ~]# systemctl start httpd
[root@web2 ~]# curl 127.0.0.1
222222222
测试
打开测试机访问vip192.168.100.254,刷新几次,查看负载均衡是否正常
确认负载均衡正常后,关闭主调度器的网卡或者关闭主调度器
然后再次进行访问,查看是否还能正常访问
查看备用调度器,发现vip已经成功漂移到备用调度器上
至此,LVS+keepalived(HA)的高可用负载均衡群集已经部署完毕!!!!