Keepalived之——Keepalived + Nginx 实现高可用 Web 负载均衡
提示:以下是本篇文章正文内容,下面案例可供参考
一、keepalived
1. 什么是 keepalived?
Keepalived is a routing software written in C. The main goal of this project is to provide simple and robust facilities for loadbalancing and high-availability to Linux system and Linux based infrastructures. Loadbalancing framework relies on well-known and widely used Linux Virtual Server (IPVS) kernel module providing Layer4 loadbalancing. Keepalived implements a set of checkers to dynamically and adaptively maintain and manage loadbalanced server pool according their health. On the other hand high-availability is achieved by VRRP protocol. VRRP is a fundamental brick for router failover. In addition, Keepalived implements a set of hooks to the VRRP finite state machine providing low-level and high-speed protocol interactions. In order to offer fastest network failure detection, Keepalived implements BFD protocol. VRRP state transition can take into account BFD hint to drive fast state transition. Keepalived frameworks can be used independently or all together to provide resilient infrastructures.
Keepalived is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
Keepalived is free software,open source。
翻译:
keepalive是一个用c语言编写的路由软件。这个项目的主要目标是为Linux系统和基于Linux的基础设施提供简单而健壮的负载均衡和高可用性工具。负载均衡框架依赖于知名且广泛使用的Linux Virtual Server (IPVS)内核模块提供四层负载均衡。Keepalived实现了一组检查器,**根据它们的健康状况动态地、自适应地维护和管理负载均衡的服务器池。**另一方面,通过VRRP协议实现高可用性。VRRP是路由器故障转移的基础。此外,keepalive实现了一组与VRRP有限状态机的钩子,提供了底层和高速的协议交互。为了提供最快的网络故障检测速度,keepalive实现了BFD协议。VRRP的状态转换可以考虑BFD提示,实现快速的状态转换。keepalive框架可以单独使用,也可以一起使用,以提供弹性的基础架构。
keepalive是自由软件;您可以根据自由软件基金会发布的GNU通用公共许可证条款重新发布和/或修改它;许可证的版本2,或者(由您选择)任何更新的版本。
2. keepalived 有什么功能?
(1)high-availability 高可用
高可用性是通过VRRP实现的协议。VRRP 是路由器故障转移的基础。
问题:
vrrp协议到底是应用层的协议还是网络层的协议?
答案: 网络层
帧里的目的mac地址是否是一个广播地址?
01:00:51:00:00:12 --->二层的组播mac --》类似于 FF:FF:FF:FF:FF:FF
(2)loadbalancing --》负载均衡
启动VRRP协议的设备的角色:
master : 帮主
backup : 没有选上帮主的候选人
vip: virtual ip 虚拟的ip地址: 对外提供服务的 --》打狗棒
那台设备是master,vip就会配置到这个设备的网卡上,这样master就有vip地址了,就可以对外提供服务
(3)优先级选举出Master
VRRP报文: Priority 2^8 =256 ---》0~255
Virtual Rtr ID 2^8 =256 ---》0~255
VRRP包的源地址是本机地址,目的地址必须为 224.0.0.18,为一多播地址;IP协议号为112;IP包的TTL值必须为255。
224.0.0.18 运行了vrrp协议的软件的设备都会接受这个ip
通告信息 : master 给backup 发送的报文
Master路由器周期性发送VRRP报文 --》目的:告诉其他的backup机器,我还没有死,我还是master
advertise interval --》宣告间隔 --》1秒
3.keepalived 有什么优点?
单点: 整个架构中,只有一台服务器的地方
单点故障: 如果某台服务器down机会导致整个集群出现异常
如何解决单点故障或者防止单点故障?
高可用
高可用: 一台出现问题,另外的机器可以顶替,继续保障整个集群的正常运转
HA :高可用性 (High Availability)
一个业务不会因为某个设备或者点出现问题而导致整个业务不能正常运转,不能有单点故障。
keepalived 是实现高可用的软件
1.原理和机制
2.安装和配置
3.troubleshooting
如果还有不懂得可以参考官方文档:
keepalived 的官方文档
二、keepalived 的实验操作:
1. 安装keepalived软件
[root@load-balancer ~]# yum install keepalived -y
[root@load-balancer-2 ~]# yum install keepalived -y
2.配置keepalived.conf文件,添加vip和相关信息
[root@centos-LB-1 ~]# cd /etc/keepalived/
[root@centos-LB-1 keepalived]# ls
keepalived.conf
[root@centos-LB-1 keepalived]#
[root@centos-LB-1 keepalived]# vim keepalived.conf
#vrrp_strict 注释掉
vrrp_instance VI_1 { 启动一个vrrp的实例 VI_1 实例名,可以自定义
state MASTER --》角色是master
interface ens33 --》在哪个接口上监听vrrp协议,同时绑定vip到那个接口
virtual_router_id 105 --》虚拟路由id(帮派) 0~255范围
priority 120 ---》优先级 0~255
advert_int 1 --》advert interval 宣告消息 时间间隔 1秒
authentication { 认证
auth_type PASS 认证的类型是密码认证 password
auth_pass 11112222 具体的密码,可以自己修改
}
virtual_ipaddress { --》vip的配置,vip可以是多个ip
192.168.200.16
192.168.200.17
192.168.200.18
}
}
3.master的具体的配置
[root@load-balancer keepalived]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 188
priority 200
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.0.188
}
}
[root@load-balancer keepalived]#
4. backup上的配置
[root@load-balancer-2 keepalived]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 188
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.0.188
}
}
[root@load-balancer-2 keepalived]#
三. 脑裂问题
1.什么是脑裂?
脑裂是指出现在集群服务器系统中因通信故障等问题造成的,出现两个或者多个部分独立工作,从而造成整个系统状态不统一,造成数据不一致等问题。
脑裂是因为考虑不周或者误操作导致,我们一般不去故意制造脑裂。
[root@nfs-server ~]# arping -I ens33 192.168.0.188
ARPING 192.168.0.188 from 192.168.0.21 ens33
Unicast reply from 192.168.0.188 [00:0C:29:40:B0:D0] 2.008ms
Unicast reply from 192.168.0.188 [00:0C:29:6B:9B:3C] 2.047ms
Unicast reply from 192.168.0.188 [00:0C:29:6B:9B:3C] 0.888ms
^CSent 2 probes (1 broadcast(s))
Received 3 response(s)
[root@nfs-server ~]#
2. 如何知道脑裂的存在?
(1) 访问一下
如果是防火墙原因导致脑裂,会导致80端口也不能访问,这是有影响的,因为web服务不能访问
如果是虚拟路由器id不一样导致的脑裂,是没有影响,因为web服务可以访问
只是客户机访问那台配置了vip服务器,完全具有随机性了,谁先影响客户机的arp请求,客户机就访问谁
(2)
问题:用户如何知道自己访问的是那台服务器上的vip的呢?
查看客户机里的arp缓存表 192.168.0.188对应那个mac地址
vip会使用真实机器的ens33接口上的mac地址
通过mac地址来判断我们的客户机使用的是那台机器上的vip
有一定随机性,而且还不由运维人员来管控
(3)
*双 VIP 的配置:
keepalived 里的多实例
[root@load-balancer keepalived]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 188
priority 200
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.0.188
}
}
vrrp_instance VI_2 {
state BACKUP
interface ens33
virtual_router_id 189
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.0.199
}
}
[root@load-balancer keepalived]#
第2台LB上的配置
[root@load-balancer-2 keepalived]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 188
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.0.188
}
}
vrrp_instance VI_2 {
state MASTER
interface ens33
virtual_router_id 189
priority 200
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.0.199
}
}
[root@load-balancer-2 keepalived]#
在物理机上查看
C:\Users\Administrator>nslookup www.qq.com
服务器: public1.114dns.com
Address: 114.114.114.114
非权威应答:
名称: ins-r23tsuuf.ias.tencent-cloud.net
Addresses: 2402:4e00:1900:1400:0:9227:71e8:2ccc
2402:4e00:1900:1400:0:9227:71ef:f0b1
121.14.77.201
121.14.77.221
Aliases: www.qq.com
dns的记录类型
A: 地址记录 address --》域名到ip
www -->192.168.0.23
www -->120.77.248.190 -->阿里云服务器的公网ip
175.8.132.212
AAAA -->IPV6 --》域名到ip
CNAME 别名记录
NS --->指向你公司的dns服务器
MX --》指向你公司的邮件服务器 mail exchange
C:\Users\Administrator>nslookup www.sanchuangedu.cn
服务器: public1.114dns.com
Address: 114.114.114.114
非权威应答:
名称: www.sanchuangedu.cn
Addresses: 120.77.248.190
175.8.132.212
C:\Users\Administrator>
[root@load-balancer-2 keepalived]# ping www.sanchuangedu.cn
PING www.sanchuangedu.cn (120.77.248.190) 56(84) bytes of data.
64 bytes from 120.77.248.190 (120.77.248.190): icmp_seq=1 ttl=51 time=33.5 ms
64 bytes from 120.77.248.190 (120.77.248.190): icmp_seq=2 ttl=51 time=32.9 ms
^C
--- www.sanchuangedu.cn ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 32.973/33.262/33.551/0.289 ms
[root@load-balancer-2 keepalived]# ping www.sanchuangedu.cn
PING www.sanchuangedu.cn (175.8.132.212) 56(84) bytes of data.
^C64 bytes from 175.8.132.212: icmp_seq=1 ttl=128 time=1.77 ms
--- www.sanchuangedu.cn ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.779/1.779/1.779/0.000 ms
[root@load-balancer-2 keepalived]#
总结
- 这篇文章主要讲了3个问题,keepalived,双vip 和脑裂的问题,重点主要在keepalived,关于他的优点和功能,面试官主要会重点提问这个方面,所以需要掌握原理。
2.对于实验的操作方面,动手做才会体会到 keepalived 的作用。
3.如果你看到这里了,麻烦👍 + 关注哈,感谢支持,码字不易,谢谢理解.
|