keepalived介绍
keepalived是什么
keepalived起初是为LVS设计的专门用来监控集群系统中各个服务节点的状态如果某个服务节点出现异常或者工作出现故障,keepalived将检测到,并将出现故障的服务节点从集群系统中剔除,而在故障节点恢复正常后,keepalived又可以自动将该服务节点重新加入集群中,这些工作全部自动完成。这部分功能类似于nginx 等反向代理的应用探活功能实现后端服务高可用。
后来又加入了VRRP的功能,VRRP(Virtual Router Redundancy Protocol),虚拟路由协议出现的目的是为了解决静态路由出现的单点故障问题,通过VRRP可以实现网络不间断稳定运行,因此keepalived一方面具有服务器状态检测和故障隔离功能,另一方面也有HA cluster功能;这个功能实现反向代理组件高可用。
详细介绍及配置参见 keepalived介绍、安装、配置详解
环境准备
这里准备两台web服务器 两台keeplived服务器,具体如下
192.168.47.11 webapp1 分别在 80 和 443 端口开启 http 和 https 服务
192.168.47.12 webapp2 分别在 80 和 443 端口开启 http 和 https 服务
192.168.47.16 主Keepalived lvs 虚拟IP192.168.8.100
192.168.47.17 从Keepalived lvs 虚拟IP192.168.8.100
keepalive安装
到 https://www.keepalived.org/download.html 下载指定版本的 keepalived,
安装步骤详见
keepalived安装
按照步骤 在两台lvs服务器上安装 keepalived
keepalive配置
安装完成后,keepalived 默认配置文件位置在 /etc/keepalived/keepalived.conf,这里基于 DR模式配置
192.168.47.16 服务器配置如下
global_defs {
# notification_email {
# 499812002@qq.com
# }
# notification_email_from zhangxm_qz@163.com
# smtp_server smtp.163.com
# smtp_connect_timeout 30
router_id LVS_DEVEL16 --唯一标识
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER --主节点
interface ens33
virtual_router_id 51
priority 100 --优先级
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.47.100/24
}
}
virtual_server 192.168.47.100 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.47.11 80 {
weight 1
TCP_CHECK {
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 192.168.47.12 80 {
weight 1
TCP_CHECK {
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
virtual_server 192.168.47.100 443 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.47.11 443 {
weight 1
TCP_CHECK {
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 192.168.47.12 443 {
weight 1
TCP_CHECK {
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
192.168.47.17服务器配置如下:
global_defs {
notification_email {
499812002@qq.com
}
notification_email_from zhangxm_qz@163.com
smtp_server smtp.163.com
smtp_connect_timeout 30
router_id LVS_DEVEL17 --唯一id
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP --备机
interface ens33
virtual_router_id 51 --必须保持和主一致
priority 90 --优先级
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.47.100
}
}
virtual_server 192.168.47.100 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.47.11 80 {
weight 1
TCP_CHECK {
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 192.168.47.12 80 {
weight 1
TCP_CHECK {
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
virtual_server 192.168.47.100 443 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.47.11 443 {
weight 1
TCP_CHECK {
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 192.168.47.12 443 {
weight 1
TCP_CHECK {
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
配置完成重启 keepalived
systemctl restart keepalived
通过ipvsadm观察主从服务器的配置情况,可以看到keepalived 自动帮我们完成了 lvs 配置 如下:
[root@localhost network-scripts]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.47.100:80 rr persistent 50
-> 192.168.47.12:80 Route 1 1 1
TCP 192.168.47.100:443 rr persistent 50
-> 192.168.47.12:443 Route 1 0 0
观察虚拟ip的情况 可以看到主节点 上自动配置了虚拟ip,标识主节点在发挥作用
[root@localhost network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:56:26:7f:8c brd ff:ff:ff:ff:ff:ff
inet 192.168.47.16/24 brd 192.168.47.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.47.100/24 scope global secondary ens33
valid_lft forever preferred_lft forever
inet6 fe80::afb9:dd2b:a39b:120a/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::7944:29b0:57e:b615/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::424c:ed59:6c6b:c569/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
从节点未配置虚拟ip
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:56:39:53:82 brd ff:ff:ff:ff:ff:ff
inet 192.168.47.17/24 brd 192.168.47.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fd15:4ba5:5a2b:1008:daa2:625b:bd42:4d63/64 scope global noprefixroute dynamic
valid_lft 86388sec preferred_lft 14388sec
inet6 fe80::afb9:dd2b:a39b:120a/64 scope link noprefixroute
valid_lft forever preferred_lft forever
web应用服务器配置
web 应用服务器需要根据LVS工作模式做相应的配置,具体参考 LVS实战
运行测试及功能验证
浏览器通过 虚拟IP访问 web服务,可以正常负载到 后端,如下:
关闭 主节点的 keepalived 服务进行 lvs 高可用测试
[root@localhost network-scripts]# systemctl stop keepalived
[root@localhost network-scripts]#
可以看到服务仍然可用,且后台服务使用的是12 节点,
停掉12 节点的web 服务,进行 web 服务高可用测试,发现短暂不可用后 服务自动负载到了 11 节点
欢迎交流,如果有用欢迎点赞收藏!
