keepalived 高可用
1、keepalived 的工作原理
Keepalived 高可用对之间通过vrrp协议通信,vrrp是通过竞选机制来确定主备关系,主的优先级高一备,因此工作时主会优先获得资源,备节点处于等待状态,当主服务器宕机时,备节点就会接管主节点的资源(即vip),然后顶替主节点对外提供服务。
在Keepalived服务对之间,只有作为主服务器会一直发送vrrp广播包,告诉备还活着,此时备服务器不会抢占vip,当主不可用时,即备服务器监听不到主服务器发过来的广播包时,备服务器会立马接管vip,保证业务不中断。
2、keepalived 安装
yum install keepalived -y
查看安装目录位置 rpm -ql keepalived
3、keepalived 配置文件
1 global_defs { #全局配置 2 notification_email { 定义报警邮件地址 3 acassen@firewall.loc 4 failover@firewall.loc 5 sysadmin@firewall.loc 6 } 7 notification_email_from Alexandre.Cassen@firewall.loc #定义发送邮件的地址 8 smtp_server 192.168.200.1 #邮箱服务器 9 smtp_connect_timeout 30 #定义超时时间 10 router_id LVS_DEVEL #定义路由标识信息,相同局域网唯一 11 } 12 vrrp_instance VI_1 { #定义实例 13 state MASTER #状态参数 master/backup 只是说明 14 interface eth0 #虚IP地址放置的网卡位置 15 virtual_router_id 51 #同一家族要一直,同一个集群id一致 16 priority 100 # 优先级决定是主还是备 越大越优先 17 advert_int 1 #主备通讯时间间隔 18 authentication { # ↓ 19 auth_type PASS #↓ 20 auth_pass 1111 #认证 21 } #↑ 22 virtual_ipaddress { #↓ 23 192.168.200.16 设备之间使用的虚拟ip地址 24 192.168.200.17 25 192.168.200.18 26 } 27 }
4、 keepalived 配置双主nginx
1 ! Configuration File for keepalived 2 3 global_defs { 4 router_id lb01 5 } 6 7 vrrp_script chk_nginx { 8 script "/etc/keepalived/check_ng.sh" 9 interval 2 10 weight -2 11 } 12 13 vrrp_instance VI_1 { 14 state MASTER 15 interface eth0 16 virtual_router_id 51 17 priority 100 18 advert_int 1 19 authentication { 20 auth_type PASS 21 auth_pass 1111 22 } 23 virtual_ipaddress { 24 172.30.7.150/24 dev eth0 label eth0:1 25 } 26 track_script { 27 chk_nginx 28 } 29 } 30 31 vrrp_instance VI_2 { 32 state BACKUP 33 interface eth0 34 virtual_router_id 52 35 priority 99 36 advert_int 1 37 authentication { 38 auth_type PASS 39 auth_pass 1111 40 } 41 virtual_ipaddress { 42 172.30.7.151/24 dev eth0 label eth0:2 43 } 44 }
1 ! Configuration File for keepalived 2 3 global_defs { 4 router_id lb02 5 } 6 7 vrrp_script chk_nginx { 8 script "/etc/keepalived/check_ng.sh" 9 interval 2 10 weight -2 11 } 12 13 vrrp_instance VI_1 { 14 state BACKUP 15 interface eth0 16 virtual_router_id 51 17 priority 99 18 advert_int 1 19 authentication { 20 auth_type PASS 21 auth_pass 1111 22 } 23 virtual_ipaddress { 24 172.30.7.150/24 dev eth0 label eth0:1 25 } 26 } 27 28 vrrp_instance VI_2 { 29 state MASTER 30 interface eth0 31 virtual_router_id 52 32 priority 100 33 advert_int 1 34 authentication { 35 auth_type PASS 36 auth_pass 1111 37 } 38 virtual_ipaddress { 39 172.30.7.151/24 dev eth0 label eth0:2 40 } 41 track_script { 42 chk_nginx 43 } 44 }
1 #!/bin/bash 2 # 3 # Description: check-ng 4 # Author: hequan 5 # Date: 2018/6/20 6 7 if [ `ps -C nginx --no-header|wc -l` -eq 0 ];then 8 exit 1 9 fi
5、keepalived 配置lvs dr模式
1 global_defs { 2 router_id LVS_DEVEL # 设置lvs的id,在一个网络内应该是唯一的 3 } 4 vrrp_instance VI_1 { 5 state MASTER #指定Keepalived的角色,MASTER为主,BACKUP为备 6 interface eth0 #指定Keepalived的角色,MASTER为主,BACKUP为备 7 virtual_router_id 51 #虚拟路由编号,主备要一致 8 priority 100 #定义优先级,数字越大,优先级越高,主DR必须大于备用DR 9 advert_int 1 #检查间隔,默认为1s 10 authentication { 11 auth_type PASS 12 auth_pass 1111 13 } 14 virtual_ipaddress { 15 172.30.7.150/24 dev eht0 label eth0:1 #定义虚拟IP(VIP)为192.168.2.33,可多设,每行一个 16 } 17 } 18 # 定义对外提供服务的LVS的VIP以及port 19 virtual_server 172.30.7.150 80 { 20 delay_loop 6 # 设置健康检查时间,单位是秒 21 lb_algo wrr # 设置负载调度的算法为wlc 22 lb_kind DR # 设置LVS实现负载的机制,有NAT、TUN、DR三个模式 23 nat_mask 255.255.255.0 24 persistence_timeout 0 25 protocol TCP 26 real_server 172.30.7.181 80 { # 指定real server1的IP地址 27 weight 3 # 配置节点权值,数字越大权重越高 28 TCP_CHECK { 29 connect_timeout 10 30 nb_get_retry 3 31 delay_before_retry 3 32 connect_port 80 33 } 34 } 35 real_server 172.30.7.182 80 { # 指定real server2的IP地址 36 weight 3 # 配置节点权值,数字越大权重越高 37 TCP_CHECK { 38 connect_timeout 10 39 nb_get_retry 3 40 delay_before_retry 3 41 connect_port 80 42 } 43 } 44 }
1 #!/bin/bash 2 # 3 4 SNS_VIP=172.30.7.150 5 . /etc/rc.d/init.d/functions 6 case "$1" in 7 start) 8 ifconfig lo:0 $SNS_VIP netmask 255.255.255.255 broadcast $SNS_VIP 9 /sbin/route add -host $SNS_VIP dev lo:0 10 echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore 11 echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce 12 echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore 13 echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce 14 sysctl -p >/dev/null 2>&1 15 echo "RealServer Start OK" 16 ;; 17 stop) 18 ifconfig lo:0 down 19 route del $SNS_VIP >/dev/null 2>&1 20 echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore 21 echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce 22 echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore 23 echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce 24 echo "RealServer Stoped" 25 ;; 26 *) 27 echo "Usage: $0 {start|stop}" 28 exit 1 29 esac 30 exit 0
6、iptables 开通规则
-A INPUT -p vrrp -j ACCEPT
7、内网通信,公网浮动网卡配置
1 DEVICE=eth0 2 TYPE=Ethernet 3 ONBOOT=yes 4 NM_CONTROLLED=no 5 BOOTPROTO=none
8、keepalived 路由浮动配置
1 vrrp_instance IN_1 { 2 state MASTER 3 interface eth0 4 virtual_router_id 71 5 priority 99 6 advert_int 1 7 authentication { 8 auth_type PASS 9 auth_pass aaaa 10 } 11 virtual_ipaddress { 12 #42.123.110.37/24 dev eth0 label eth0:0 13 42.123.110.37/27 dev eth1 14 } 15 virtual_routes { 16 default via 42.123.110.33 17 #172.16.0.0/12 via 10.210.214.1 18 #192.168.1.0/24 via 192.168.1.1 dev eth1 19 } ## 设置默认网关为 123.123.123.1 20 track_script { 21 chk_nginx #引用上面的vrrp_script定义的脚本名称 22 } 23 }
9、keepalived 单播通信配置
1 priority 99 2 unicast_src_ip 10.51.96.208 ##(本地IP地址) 3 unicast_peer { 4 10.51.96.209 ##(对端IP地址)此地址一定不能忘记 5 }
10、tcpdump 抓包
tcpdump -nn -i any net 224.0.0.0/8