keepalived单主

一、相关概念

1、Keekpalived工作原理:通过虚拟路由冗余协议(Virtual Router Redundancy Protocol,简称VRRP)实现

 在VRRP协议中,有两组重要的概念:VRRP路由器和虚拟路由器,主控路由器和备份路由器。VRRP路由器是指运行VRRP的路由器,是物理实体;虚拟路由器是指VRRP协议创建的,是逻辑概念。一组VRRP路由器协同工作,共同构成一台虚拟路由器。该虚拟路由器对外表现为一个具有唯一固定的IP地址和MAC地址的逻辑路由器。处于同一个VRRP组中的路由器具有两种互斥的角色:主控路由器和备份路由器,一个VRRP组中有且只有一台处于主控角色的路由器,可以有一个或者多个处于备份角色的路由器VRRP协议从路由器组中选出一台作为主控路由器,负责ARP解析和转发IP数据包,组中的其他路由器作为备份的角色并处于待命状态,当由于某种原因主控路由器发生故障时,其中的一台备份路由器能在瞬间的时延后升级为主控路由器,由于此切换非常迅速而且不用改变IP地址和MAC地址,故对终端使用者系统是透明的。

2、arp协议

地址解析协议,即ARP(Address Resolution Protocol),是根据IP地址获取物理地址的一个TCP/IP协议主机发送信息时将包含目标IP地址的ARP请求广播到局域网络上的所有主机,并接收返回消息,以此确定目标的物理地址;收到返回消息后将该IP地址和物理地址存入本机ARP缓存中并保留一定时间,下次请求时直接查询ARP缓存以节约资源。地址解析协议是建立在网络中各个主机互相信任的基础上的,局域网络上的主机可以自主发送ARP应答消息,其他主机收到应答报文时不会检测该报文的真实性就会将其记入本机ARP缓存;由此攻击者就可以向某一主机发送伪ARP应答报文,使其发送的信息无法到达预期的主机或到达错误的主机,这就构成了一个ARP欺骗ARP命令可用于查询本机ARP缓存中IP地址和MAC地址的对应关系、添加或删除静态对应关系等。

arp -n 与数字地址形式显示

Address                  HWtype  HWaddress           Flags Mask            Iface
192.168.1.1              ether   14:30:04:a3:fe:d5   C                     ens33
192.168.1.39             ether   00:0c:29:5d:57:e5   C                     ens33
192.168.1.222            ether   00:0c:29:5d:57:e5   C                     ens33
192.168.1.33             ether   00:e0:4c:36:05:bf   C                     ens33

3、Keepalived工作方式:抢占式、非抢占式

keepaliaved 抢占式配置(主备)

master

backup

非抢占式不再有主从之分,全部都为BACKUP,并且配置文件中添加nopreempt,用来标识为非抢占式;

4、设置虚拟ip的子网掩码

virtual_ipaddress {
192.168.1.200/24 brd 192.168.1.255 dev eth0 label eth0:1
}

二、实操

实验环境:centos7

节点1:192.168.40.140
节点2:192.168.40.141
vip地址:192.168.40.143

1、下载文件

cd /usr/local/src
wget https://www.keepalived.org/software/keepalived-2.0.20.tar.gz
# 官网地址 https://www.keepalived.org/download.html

2、解压文件

tar xzf keepalived-2.0.20.tar.gz
cd keepalived-2.0.20

3、安装依赖

yum -y install libnl libnl-devel openssl-devel  libnfnetlink-devel libnfnetlink 
ipvsadm  libnl3  libnl3-devel  lm_sensors-libs net-snmp-agent-libs net-snmp-libs
openssh-server openssh-clients openssl automake iproute gcc gcc-c++ wget tree

4、初始化配置

cd keepalived-2.0.20/
./configure --prefix=/usr/local/keepalived

5、编译安装

make && make install

6、配置

mkdir /etc/keepalived
cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
cp /usr/local/keepalived/sbin/keepalived /etc/init.d/

节点1配置文件如下,注意两个节点mcast_src_ip 和 priority 值
nginx1

# cat keepalived.conf
! Configuration File for keepalived
 
global_defs {
    router_id hf-ayd-web-balance-01
    script_user root
    enable_script_security
}
 
vrrp_script chk_nginx {
       script "/etc/keepalived/nginx_check.sh"
       interval 2
       weight -20
}
 
vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    virtual_router_id 151
    mcast_src_ip 192.168.40.140
    priority 100
    advert_int 1  #心跳检测,10秒以下
#  nopreempt
 
    authentication {
        auth_type PASS
        auth_pass 1111
    }
 
    
    virtual_ipaddress {
        192.168.40.143
    }
 
    track_script {
       chk_nginx
    }
}

nginx2

# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
 
global_defs {
    router_id hf-ayd-web-balance-02
    script_user root
    enable_script_security
}
vrrp_script chk_nginx {
       script "/etc/keepalived/nginx_check.sh"
       interval 2
       weight -20
}
 
vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    virtual_router_id 151
    mcast_src_ip 192.168.40.141
    priority 90
    advert_int 1
    nopreempt
 
     
    authentication {
        auth_type PASS
        auth_pass 1111
    }
     
    virtual_ipaddress {
        192.168.40.143
    }
 
    track_script {
       chk_nginx
    }
}

nginx的拉起脚本

# cat ck_ng.sh
#!/bin/bash

#检查nginx进程是否存在
counter=$(ps -C nginx --no-heading|wc -l)

if [ "${counter}" = "0" ]; then

#尝试启动一次nginx,停止5秒后再次检测

    service nginx start

    sleep 5

    counter=$(ps -C nginx --no-heading|wc -l)

    if [ "${counter}" = "0" ]; then

#如果启动没成功,就杀掉keepalive触发主备切换

        service keepalived stop

    fi

fi

7、管理服务

systemctl daemon-reload #重新加载服务
systemctl start keepalived #启动 systemctl restart keepalived #重启 systemctl stop keepalived #关闭 systemctl status keepalived # 状态

常见问题一:keepalived配置nopreempt参数无效解决方法

nopreempt    #设置为不抢占 注:这个配置只能设置在backup主机上,而且这个主机优先级要比另外一台高
master不能设置nopreempt
解决方案是:不设置master,全部设置成backup,这样大家都是backup,就都能添加nopreempt,即使原本成为master的LB坏掉重新修好之后也不会抢占master。
通常如果master服务死掉后backup会变成master,但是当master服务又好了的时候 master此时会抢占VIP,这样就会发生两次切换对业务繁忙的网站来说是不好的。
所以我们要在配置文件加入 nopreempt 非抢占,但是这个参数只能用于state 为backup,故我们在用HA的时候最好master和backup的state都设置成backup 让其通过priority来竞争

常见问题二:编译安装keepalived时提示以下错误

make
 cd . && /bin/sh /data/keepalived-2.0.19/missing automake-1.15 --foreign Makefile
/data/keepalived-2.0.19/missing: line 81: automake-1.15: command not found
WARNING: 'automake-1.15' is missing on your system.
         You should only need it if you modified 'Makefile.am' or
         'configure.ac' or m4 files included by 'configure.ac'.
         The 'automake' program is part of the GNU Automake package:
         <http://www.gnu.org/software/automake>
         It also requires GNU Autoconf, GNU m4 and Perl in order to run:
         <http://www.gnu.org/software/autoconf>
         <http://www.gnu.org/software/m4/>
         <http://www.perl.org/>
make: *** [Makefile.in] Error 127

解决方法如下:
yum install automake -y
autoreconf -ivf
再次执行make

https://blog.51cto.com/xiong51/2108353

https://www.jianshu.com/p/4e405ca6f60b


ubuntu16.04搭建keepalived-2.0.20环境
https://blog.csdn.net/Hello_World_QWP/article/details/104447076

posted @ 2020-04-09 09:21  凡人半睁眼  阅读(265)  评论(0编辑  收藏  举报