一、什么是keepalived的?
1.Keepalived是一款运行在Linux操作系统上的软件,其主要功能是提升本地网络服务的可用性和冗余度。Keepalived的工作机制主要基于VRRP(Virtual Router Redundancy Protocol,虚拟路由器冗余协议)实现高可用性。
二、keepalived如何实现故障转移
1.keepalived对高可用服务之间的故障转移是通过VRRP来实现的。在keepalived服务正常工作时,Master节点会一直向backup(备)节点发送心跳消息,告诉backup节点自己还活着。当master节点出现故障的时候就无法发送这个消息,backup节点也就接受不到这个消息了。这时backup节点会调用自身的程序,去接管master节点的ip资源以及服务。当master节点恢复时,backup节点会释放ip资源以及服务,由master节点继续接管服务。
三、资源准备
名称 | IP | 安装服务 |
---|---|---|
keepalived1 | 192.168.36.134 | nginx、keepalived |
keepalived2 | 192.168.36.135 | nginx、keepalived |
web1 | 192.168.36.136 | nginx |
web2 | 192.168.36.137 | nginx |
VIP | 192.168.36.30 | 无 |
四、架构图
1.Vip一般是公网ip,绑定着域名。keepalived+nginx实现负载均衡以及高可用,两台web服务器都在内网,这边用的 web服务是nginx.
五、安装Keepalived
1.进入keepalived官网获取安装包。传送门
2.安装keepalived,两台安装方式一样
tar -zxvf keepalived-2.0.20.tar.gz -C /usr/local
#编译安装
cd /usr/local/keepalived-2.0.20
./configure --prefix=/usr/local/keepalived
make && make install
3.配置keepalived,主备略有区别
3.1主节点
点击查看代码
global_defs {
notification_email {
ellison.zhang@colourdata.com.cn #定义邮件地址
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1 #邮件服务器
smtp_connect_timeout 30
router_id keep_134 #不与其他节点重名
vrrp_skip_check_adv_addr
script_user root #定义脚本的执行者
enable_script_security #
}
vrrp_script chk_http_port{
script "/etc/keepalived/nginx_check.sh" #nginx的检测脚本
interval 2 #定义2秒执行一次
weight 2 #脚本定义优先级
}
vrrp_instance VI_1 {
state MASTER #该节点为master
interface ens33 #网卡名称
virtual_router_id 51 #同一个keepalived集群的virtual_router_id应该相同
priority 100 #权重,MASTER节点的权重必须高于backup
advert_int 1 #主备通讯时间间隔
authentication { #设置密码, master和backup必须一致才能通讯
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.36.30/24 #vip,开启keepalived后会自动加入虚拟ip,这个ip可以有多个
}
#与上方nginx运行状态检测呼应
track_script{
chk_http_port
}
}
点击查看代码
global_defs {
notification_email {
ellison.zhang@colourdata.com.cn #定义邮件地址
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1 #邮件服务器
smtp_connect_timeout 30
router_id keep_135#不与其他节点重名
vrrp_skip_check_adv_addr
script_user root #定义脚本的执行者
enable_script_security
}
vrrp_script chk_http_port{
script "/etc/keepalived/nginx_check.sh" #nginx的检测脚本
interval 2 #定义2秒执行一次
weight 2 #脚本定义优先级
}
vrrp_instance VI_1 {
state BACKUP #该节点为backup节点
interface ens33 #网卡名称
virtual_router_id 51 #同一个keepalived集群的virtual_router_id应该相同
priority 90 #权重,backup节点的权重必须低于master
advert_int 1 #主备通讯时间间隔
authentication { #设置密码, master和backup必须一致才能通讯
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.36.30/24 #vip,开启keepalived后会自动加入虚拟ip,这个ip可以有多个
}
#与上方nginx运行状态检测呼应
track_script{
chk_http_port
}
}
六、nginx检测监听脚本
#!/bin/bash
A=`ps -C nginx --no-header | wc -l`
if [ $A -eq 0 ];then
systemctl start nginx
sleep 2
if [ `ps -C nginx --no-header | wc -l` -eq 0 ];then
systemctl stop keepalived
fi
fi
#授予执行权限
chmod +x /etc/keepalived/nginx_check.sh
七、在nginx上配置负载均衡(两台keepalived服务器一样)和web服务器
1.配置负载均衡
upstream myserver{
server 192.168.36.136:80;
server 192.168.36.137:80;
}
server{
listen 80;
location / {
proxy_pass http://myserver/;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/nginx/html;
}
}
2.配置web服务器(为了区别负载均衡生效需要弄两个不同的页面)
echo "137" > index.html
echo "136" > index.html
八、测试生效
1.启动所有服务
2.查看master节点的ip
[root@test01 conf.d]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:c1:34:9f brd ff:ff:ff:ff:ff:ff
inet 192.168.36.135/24 brd 192.168.36.255 scope global noprefixroute dynamic ens33
valid_lft 1279sec preferred_lft 1279sec
inet 192.168.36.30/24 scope global secondary ens33 #可以看到130这个ip出现了
valid_lft forever preferred_lft forever
inet6 fe80::592c:a41d:2db5:1f2d/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3.访问网页,可以看到自己的页面,并且不断刷新,如果是在变化说明负载均衡成功了。
4.测试高可用是否成功。
#停掉主节点的keepalived
[root@test02 conf.d]# systemctl stop keepalived
#查看从节点
[root@test01 conf.d]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:c1:34:9f brd ff:ff:ff:ff:ff:ff
inet 192.168.36.135/24 brd 192.168.36.255 scope global noprefixroute dynamic ens33
valid_lft 1774sec preferred_lft 1774sec
inet 192.168.36.30/24 scope global secondary ens33 #可以发现30这个Ip以及漂移过来了
valid_lft forever preferred_lft forever
inet6 fe80::592c:a41d:2db5:1f2d/64 scope link noprefixroute
valid_lft forever preferred_lft forever
#检查脚本是否成功
[root@test01 conf.d]# systemctl stop nginx
[root@test01 conf.d]# systemctl status nginx
● nginx.service - nginx
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
Active: active (running) since 二 2024-04-23 16:03:37 CST; 3s ago
Process: 16036 ExecStart=/usr/local/nginx/sbin/nginx (code=exited, status=0/SUCCESS)
Main PID: 16037 (nginx)
CGroup: /system.slice/nginx.service
├─16037 nginx: master process /usr/local/nginx/sbin/nginx
└─16038 nginx: worker process
4月 23 16:03:37 test01 systemd[1]: Starting nginx...
4月 23 16:03:37 test01 systemd[1]: Started nginx.
#停掉后再次查看发现nginx自己起来了,说明成功了。