keepalived

慢吞云雾缓吐愁 · 2024-10-20 00:14:50

实验环境布置

webserver1	172.25.250.110
webserver2	172.25.250.120
kail1	172.25.250.10
kail2	17225.250.20

在webserver1和webserver2下载httpd服务
  [root@webserver1 ~]# yum install httpd -y
  [root@webserver1 ~]# echo webserver1 172.25.250.110 > /var/www/html/index.html
[root@webserver2 ~]# yum install httpd -y
  [root@webserver2 ~]# echo webserver2 172.25.250.120 > /var/www/html/index.html
[root@kail1 ~]# yum install keepalived -y
[root@kail1 ~]# vim /etc/keepalived/keepalived.conf
  global_defs {
notification_email {
bwmis@qq.com
}
notification_email_from keepalived@bwmis.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id kail1.bwmis.org
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
  vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100 #优先级
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.250.100/24 dev eth0 label eth0:1
}
}
[root@kail1 ~]# systemctl start keepalived
[root@kail1 ~]# yum install tcpdump -y
  [root@kail2 ~]# yum install keepalived -y
  vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80 #优先级
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.250.100/24 dev eth0 label eth0:1
}
}
   kail1

kail2

[root@kail1 ~]# yum install tcpdump -y
[root@kail2 ~]# yum install tcpdump -y
[root@kail1 ~]# tcpdump -i eth0 -nn host 224.0.0.18

[root@kail2 ~]# systemctl stop keepalived #当停掉kail2的服务后

然后就可以ping通172.25.250.100
keepalive的日志

[root@kail1 ~]# vim /etc/sysconfig/keepalived

[root@kail1 ~]# vim /etc/rsyslog.conf

[root@kail1 ~]# systemctl restart keepalived
[root@kail1 ~]# systemctl restart rsyslog
[root@kail1 ~]# ll /var/log/keepalived.log
-rw------- 1 root root 517 Aug 12 01:23 /var/log/keepalived.log
[root@kail1 ~]# cat /var/log/keepalived.log

写到子配置文件中

上图是把 /etc/keepalived/keepalived.conf中在主配置上的注销
如果直接写完起服务会报错，要创建自己写的子配置文件目次

  [root@kail1 ~]# mkdir -p /etc/keepalived/conf.d #创建子配置文件
[root@kail1 ~]# vim /etc/keepalived/conf.d/172.25.250.100.conf
  [root@kail1 ~]# cat /etc/keepalived/conf.d/172.25.250.100.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.250.100/24 dev eth0 label eth0:1
}
}
  [root@kail1 ~]# > /var/log/keepalived.log #清空日志
[root@kail1 ~]# systemctl restart keepalived
^[[A[root@kail1 systemctl restart rsyslogived

非抢占

  [root@kail2 ~]# systemctl restart keepalived\
  #先在哪边起服务那里就有，大概一边关掉一边就有

延迟抢占

  重启服务后就会从kail2到kail1 了

单播设置

在kail1里面
  [root@kail1 ~]# vim /etc/keepalived/keepalived.conf
  vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.250.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.250.10
unicast_peer {
172.25.250.20
}
}
在kail2里面
  [root@kail2 ~]# vim /etc/keepalived/keepalived.conf
  vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.250.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.250.20
unicast_peer {
172.25.250.10
}

测试命令
[root@kail1 ~]# tcpdump -i eth0 -nn src host 172.25.250.10 and dst 172.25.250.20

下图是当kail1的keepalived关掉后在kail2实现

  就不用经过172.25.250.100组播网段，淘汰网络流量
keepalived脚本关照设置

[root@kail1 ~]# vi /etc/keepalived/mail.sh
   #!/bin/bash
mail_dest='1935671842@qq.com'
mail_send()
{
mail_subj="$HOSTNAME to be $1 vip 转移"
mail_mess="`date +%F\ %T`: vrrp 转移,$HOSTNAME 变为 $1"
echo "$mail_mess" | mail -s "$mail_subj" $mail_dest
}
case $1 in
master)
mail_send master
;;
backup)
mail_send backup
;;
fault)
mail_send fault
;;
*)
exit 1
;;
esac
[root@kail1 ~]# chmod +x /etc/keepalived/mail.sh
[root@kail1 ~]# yum install mailx -y
  [root@kail1 ~]# echo test message |mail -s test 1935671842@qq.com
  #######mail set##########
set from=1935671842@qq.com
set smtp=smtp.qq.com
set smtp-auth-user=1935671842@qq.com
set smtp-auth-password=xkimoyrwkyinbbig
set smtp-auth=login
set ssl-verify=ignore

利用脚本关照
[root@kail2 ~]# vim /etc/keepalived/keepalived.conf
  [root@kail1 ~]# vim /etc/keepalived/keepalived.conf
   notify_master "/etc/keepalived/mail.sh master"
notify_backup "/etc/keepalived/mail.sh backup"
notify_fault "/etc/keepalived/mail.sh fault"

  [root@kail1 ~]# systemctl restart keepalived
  [root@kail2 ~]# systemctl restart keepalived

keepalived双主架构


  [root@kail2 ~]# vim /etc/keepalived/keepalived.conf
  vrrp_instance VI_1 {
state BACKUP #另一台写master
interface eth0
virtual_router_id 100
    priority 80
advert_int 1
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.250.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.250.20 #源IP地址
unicast_peer {
172.25.250.10 #目标IP地址
}
}
  vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 200
priority 200
advert_int 1
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.250.200/24 dev eth0 label eth0:2
}
unicast_src_ip 172.25.250.20
unicast_peer {
172.25.250.10
}
}
[root@kail1 ~]# vim /etc/keepalived/keepalived.conf
  vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.250.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.250.10
unicast_peer {
172.25.250.20
}
}
  vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 200
priority 110
advert_int 1
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.250.200/24 dev eth0 label eth0:2
}
unicast_src_ip 172.25.250.10
unicast_peer {
172.25.250.20
}
}

实战案例

实现单主的LVS-DR模式

环境摆设

在俩台server上配置一样的利用
  [root@webserver1 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@webserver1 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@webserver1 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
[root@webserver1 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
  [root@webserver1 ~]# ip a a 172.25.250.100 dev lo

  在kail上也是在俩边加
  [root@kail1 ~]# vim /etc/keepalived/keepalived.conf
  virtual_server 172.25.250.100 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
# persistence_timeout 50
protocol TCP
    real_server 172.25.250.110 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.25.250.120 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@kail1 ~]# yum install ipvsadm -y
[root@kail1 ~]# ipvsadm -Ln

测试

模拟故障

[root@webserver1 ~]# systemctl stop httpd #关掉RS1

当server2
[root@webserver2 ~]# systemctl stop httpd

实现双主的DR模式
思路
[root@kail1 ~]# vim /etc/keepalived/keepalived.conf
  #与上面双主架构一样加上如下代码
  virtual_server 172.25.250.100 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
# persistence_timeout 50
protocol TCP
    real_server 172.25.250.110 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.25.250.120 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
  virtual_server 172.25.250.230 80 { #vip2
delay_loop 6
lb_algo wrr
lb_kind DR
# persistence_timeout 50
protocol TCP
    real_server 172.25.250.X 80 { # server3的IP地址
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.25.250.X 80 {  # server4的IP地址
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
   利用脚本实现主从脚色的转换
[root@kail1 ~]# cat /etc/keepalived/yu.sh
#! /bin/bash
[ ! -f "/mnt/bwmis" ]
  [root@kail1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_script check_yu { #放在策略的前面如下图的VI_1前面
script "/etc/keepalived/yu.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}

当 /mnt/bwmis不存在时

当/mnt/bwmis存在时

实现HAProxy高可用
在kail1和kail2实现haproxy的配置
  [root@kail1 ~]# vim /etc/haproxy/haproxy.cfg
listen webserver
bind 172.25.250.100:80
server web1 172.25.250.110:80 check
server web2 172.25.250.120:80 check
  [root@kail2 ~]# cat /etc/keepalived/yu.sh
  #! /bin/bash
killall -0 haproxy

  在俩个kail里面节点启用内核参数
  [root@kail1 ~]# vim /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind = 1

  vrrp_script check_yu {
script "/etc/keepalived/yu.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}
  track_script {
check_yu
}

测试
[root@webserver2 ~]# while true ;do curl 172.25.250.100;done
  当其中一台keepalived关掉时
  也照旧会执行比如kail2的vip会到kail1的 kail1就会有俩个就不会挂掉
  [root@kail2 ~]# systemctl stop keepalived.service

实验的重点
只保持VI_1的俩边主机如下图
[root@webserver2 ~]# while true ;do curl 172.25.250.100;done

  [root@kail2 ~]# systemctl stop haproxy
  [root@kail2 ~]# systemctl stop keepalived.service
  照旧能测不会断掉

总结

1. 高可用系统网络服务

故障切换：Keepalived能够在两台或多台主机之间实现故障切换转移。当配置为Master脚色的主机出现故障时，Backup脚色的主机将自动接受Master的所有资源（如VIP资源、服务资源）并开始工作，确保服务的连续性。
资源接受：当Master主机故障修复后，如果Keepalived配置为抢占模式，它将重新接受原来的资源和工作，Backup主机则释放资源，规复到原来的脚色。

2. 实现对LVS集群中各RealServer的康健状态检测

多层检测：Keepalived支持从网络层（Layer3）、传输层（Layer4）和应用层（Layer7）三个层次来检测RealServer的康健状态。
- Layer3：通过发送ICMP数据包（如Ping）来检测服务器的IP地址是否有效。
- Layer4：通过检测TCP端口的状态（如Web服务器的80端口）来判断服务器是否正常运行。
- Layer7：通过执行用户定义的脚本或HTTP GET请求来检测应用步伐或服务是否正常工作。
动态调整：当检测到有RealServer出现故障时，Keepalived会自动将其从LVS的正常转发队列中移除，防止请求被发送到故障服务器。当故障服务器规复后，Keepalived会将其重新参加转发队列。

3. 管理LVS负载平衡软件

自动生成规则：Keepalived能够读取配置文件，并通过一个更为底层的接口来管理IPVS并生成IPVS规则，使得LVS的利用更为方便。
配置简化：通过Keepalived的配置文件，用户可以方便地定义LVS集群的虚拟服务器、真实服务器以及相干的负载平衡策略等。

4. 支持其他系统网络服务的高可用

扩展性：除了LVS之外，Keepalived还可以作为其他系统网络服务（如Nginx、Haproxy等）的高可用办理方案。
脚本调用：Keepalived支持通过调用用户定义的脚原来实现更复杂的康健检查或资源监控功能。

免责声明：如果侵犯了您的权益，请联系站长，我们会及时删除侵权内容，谢谢合作！更多信息从访问主页：qidao123.com:ToB企服之家，中国第一个企服评测及商务社交产业平台。

		自动登录	找回密码
密码			立即注册

keepalived

0 个回复

快速回复

楼主热帖

标签云

浏览过的版块