Keepalived
Keepalived
1. Keepalived简介
Keepalived是VRRP协议的软件实现,可以完成IP地址漂移。因为其设计目的是为了实现IPVS服务的高可用,所以可以在VIP地址所在的节点生成ipvs规则并对后端服务器(Read Server)进行健康检测。并且提供了脚本调用节课,可以通过脚本扩展其他功能,从而支持Nginx、HAProxy等服务。
1.1. Keepalived的组成
- 用户空间核心组件Core components
- VRRP Stack:消息通告组件:提供Keepalived服务器之间周期性发送消息通告。
- Checkers:健康监测组件:提供对RealServer进行周期性健康检测,支持多种检测方式。
- TCP检测:判断IP:Port是否存在。
- HTTP/SSL检测:对指定URL进行检测,判断是否可以正常返回结果(返回值或Hash值)。
- MISC检测:使用脚本自定义检查。
- System call:提供额外系统脚本的功能,它主要用于MISC检查器中。在VRRP框架中,它提供了在协议状态转换期间启动额外脚本的功能。
- IPVS wrapper:将转发规则发送到内核的IPVS中。
- Netlink Reflector :实现发送广播报文功能。
- WatchDog:提供子进程监控(VRRP和运行状况检查)和日志记录功能(记录到message文件中)。
- SMTP:提供告警邮件处理功能。
-
控制组件Control Plane
- 通过解析keepalived.conf文件完成对keepalived的配置。
-
IO复用器Scheduler - I/O Multiplexer :Keepalived使用select模型实现调度功能。
-
内存管理Memory Management:该框架实现了内存管理功能。
1.2. Keepalived的术语
- VRRP协议:虚拟路由器冗余协议(Virtual Router Redundancy Protocol)
- Virtual Router:虚拟路由器。
- VRID:虚拟路由器标识,唯一标识虚拟路由器。
- 物理路由器:
- MASTER:主设备
- BACKUP:备设备
- PRIORITY:优先级
- VIP:虚拟IP地址(Virtual IP)不是生活中的那种VIP。
- VMAC:虚拟MAC地址(Virtual MAC)
1.3. Keepalived工作方式
- Keepalived常用的工作模式有以下两种
- 主/备:单个虚拟路由器。
- 主/主: 主/备(VRouter1)、备/主(VRouter2)
- Keepalived还提供基于预共享秘钥或字符认证方式的身份认证。
- Keepalived的主备节点之间通过心跳判断对方是否故障,默认情况下MASTER节点会每隔1S发送VRRP2广播报文到244.0.0.18,如果在指定时间内BACKUP节点没有收到VRRP2报文达到指定次数,则会认定MASTER节点故障,从而将自己提升为MASTER节点、并且接管MASTER节点的请求。
2. Keepalived安装
2.1. 环境准备
- 各节点之间配置时间同步
- 关闭防火墙和SELINUX
- 配置Keepalived软件源
2.2. 安装
2.2.1. RedHat系安装
yum install keepalived
2.2.2. Debian系安装
apt install keepalived
2.2.3. 编译安装(没啥必要)
-
安装依赖包
yum install libnfnetlink-devel libnfnetlink ipvsadm libnl libnl-devel libnl3 libnl3-devel lm_sensors-libs net-snmp-agent-libs net-snmp-libs openssl openssl-devel automake iproute -
下载源码包
wget http://www.keepalived.org/software/keepalived-2.2.2.tar.gz -
解压源码包
tar -xf keepalived-2.2.2.tar.gz cd keepalived-2.2.2 -
配置编译选项
./configure --prefix=/usr/local/keepalived --disable-fwmark # --disable-fwmark 禁止keepalived生成防火墙规则,等价于vrrp_iptables选项 确认没有出现报错
-
安装
make && make install -
复制配置文件
mkdir /etc/keepalived cp keepalived/etc/keepalived/keepalived.conf /etc/keepalived/ -
测试是否可以正常启动生成VIP
systemctl start keepalived
3. Keepalived配置
3.1.配置单主
3.1.1. 配置文件介绍
- 配置文件路径为
/etc/keepalived/keepalived.conf(无论是源码安装还是包管理器安装都在这里),可以使用include语句拆分配置文件会在三主配置时演示用法。
3.1.2. 环境介绍
| 主机名 | IP地址 | 节点角色 | VIP | 软件版本 |
|---|---|---|---|---|
| lb1 | 172.20.1.239 | VRouter1(Master) | 172.20.1.100 | keepalived-1.3.5 |
| lb2 | 172.20.1.223 | VRouter1(Backup) | / | keepalived-1.3.5 |
3.1.3. 配置lb1节点
-
安装软件包
yum install keepalived -y -
修改配置文件
cp /etc/keepalived/keepalived.conf{,.bak} vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc # 告警邮件的接收地址 } notification_email_from Alexandre.Cassen@firewall.loc # 告警邮件的发送账号 smtp_server smtp.qq.com # 邮件服务器地址 smtp_connect_timeout 30 # 连接邮件服务器的超时时间 router_id LVS_DEVEL # 唯一标识,默认为主机名 vrrp_skip_check_adv_addr # 如果收到的报文和上一个报文是相同的路由器发送则跳过检测报文中的源地址。 vrrp_strict # 严格遵守VRRP协议,在以下场景需要关闭该此项 1. 没有VIP地址 2. 配置了单播邻居 3. 在VRRPv2版本中有IPv6地址。 vrrp_iptables # 禁止Keepalived启动后自动生成iptable规则(如果使用Nginx和HAProxy)时没有编辑此项,则无法正常访问。 vrrp_garp_interval 0 # ARP报文的发送延迟ms vrrp_gna_interval 0 # 消息发送延迟ms vrrp_mcast_group4 224.0.0.18 # vrrp报文的组播地址,默认是224.0.0.18 (224.0.0.0到239.255.255.255) } # 定义VRouter vrrp_instance VRouter1 { # Vrouter1虚拟路由器的名称 state MASTER # 当前节点在此虚拟路由器上的初始状态(MASTER|BACKUP) interface eth0 # 绑定当前虚拟路由器使用的物理接口 virtual_router_id 1 # 当前虚拟路由器的唯一标识(0-255) priority 100 # 当前节点在此虚拟路由器中的优先级(1-254) advert_int 1 # VRRP的通告间隔 authentication { # 认证 auth_type PASS # 使用字符认证 auth_pass Passw0rd # 认证字符(仅前8位有效,可以超过8位) } virtual_ipaddress { # 配置虚拟IP 172.20.1.100 dev eth0 label eth0:0 # 设置虚拟IP } } -
启动Keepalived
systemctl start keepalived -
验证VIP是否正常
eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.20.1.100 netmask 255.255.255.255 broadcast 0.0.0.0 ether 52:54:00:9c:43:c8 txqueuelen 1000 (Ethernet)
3.1.4. 配置lb2节点
-
安装软件包
yum install keepalived -y -
修改配置文件
cp /etc/keepalived/keepalived.conf{,.bak} vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc # 告警邮件的接收地址 } notification_email_from Alexandre.Cassen@firewall.loc # 告警邮件的发送账号 smtp_server smtp.qq.com # 邮件服务器地址 smtp_connect_timeout 30 # 连接邮件服务器的超时时间 router_id LVS_DEVEL # 唯一标识,默认为主机名 vrrp_skip_check_adv_addr # 如果收到的报文和上一个报文是相同的路由器发送则跳过检测报文中的源地址。 vrrp_strict # 严格遵守VRRP协议,在以下场景需要关闭该此项 1. 没有VIP地址 2. 配置了单播邻居 3. 在VRRPv2版本中有IPv6地址。 vrrp_iptables # 禁止Keepalived启动后自动生成iptable规则(如果使用Nginx和HAProxy)时没有编辑此项,则无法正常访问。 vrrp_garp_interval 0 # ARP报文的发送延迟ms vrrp_gna_interval 0 # 消息发送延迟ms vrrp_mcast_group4 224.0.0.18 # vrrp报文的组播地址,默认是224.0.0.18 (224.0.0.0到239.255.255.255) } # 定义VRouter vrrp_instance VRouter1 { # Vrouter1虚拟路由器的名称 state BACKUP # 当前节点在此虚拟路由器上的初始状态(MASTER|BACKUP) interface eth0 # 绑定当前虚拟路由器使用的物理接口 virtual_router_id 1 # 当前虚拟路由器的唯一标识(0-255) priority 90 # 当前节点在此虚拟路由器中的优先级(1-254) advert_int 1 # VRRP的通告间隔 authentication { # 认证 auth_type PASS # 使用字符认证 auth_pass Passw0rd # 认证字符(仅前8位有效,可以超过8位) } virtual_ipaddress { # 配置虚拟IP 172.20.1.100 dev eth0 label eth0:0 # 设置虚拟IP } } -
启动Keepalived
systemctl start keepalived -
验证VIP是否正常
-
lb1节点关闭keepalived
killall keepalived -
lb2节点查看VIP是否可以自动漂移
eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.20.1.100 netmask 255.255.255.255 broadcast 0.0.0.0 ether 52:54:00:d3:6a:f5 txqueuelen 1000 (Ethernet) -
lb1节点启动之后会自动抢占VIP
systemctl start keepalived eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.20.1.100 netmask 255.255.255.255 broadcast 0.0.0.0 ether 52:54:00:9c:43:c8 txqueuelen 1000 (Ethernet)
-
3.1.5. 单主模式配置完成
3.2. 配置双主
3.2.1. 环境介绍
3.2.1.1. 模式
- VRouter1为非抢占模式
- VRouter2为延迟抢占模式
- 这俩模式都不怎么用,除非网络环境恶劣。
| 主机名 | IP地址 | 节点角色 | VIP | 软件版本 |
|---|---|---|---|---|
| lb1 | 172.20.1.239 | VRouter1(Master) VRouter2(Backup) |
172.20.1.100 | keepalived-1.3.5 |
| lb2 | 172.20.1.223 | VRouter1(Backup) VRouter2(Master) |
172.20.1.200 | keepalived-1.3.5 |
3.2.2. 配置lb1节点
-
安装
yum install keepalived -y -
配置
vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server smtp.qq.com smtp_connect_timeout 30 router_id LVS_DEVEL vrrp_skip_check_adv_addr #vrrp_strict # 在开启非抢占或延迟抢占时需要关闭此选项 vrrp_iptables vrrp_garp_interval 0 vrrp_gna_interval 0 } # 定义VRouter2 vrrp_instance VRouter1 { # Vrouter1虚拟路由器的名称 state BACKUP # 非抢占模式需要当前VRouter的所有节点均配置为BACKUP interface eth0 virtual_router_id 1 priority 100 # 当前节点在此虚拟路由器中的优先级1-254 advert_int 1 nopreempt # 设置此VRouter为非抢占模式 authentication { auth_type PASS auth_pass Passw0rd } virtual_ipaddress { 172.20.1.100 dev eth0 label eth0:0 } } # 定义VRouter1 vrrp_instance VRouter2 { state BACKUP # 延迟抢占需要所有VRouter的所有节点均配置为BACKUP interface eth0 virtual_router_id 2 # 路由器唯一标识,不能冲突 priority 90 # 优先级 advert_int 1 preempt_delay 60s # 配置为延迟抢占模式,默认值为300s authentication { auth_type PASS auth_pass Passw0rd } virtual_ipaddress { 172.20.1.200 dev eth0 label eth0:1 # 修改网卡标签 } } -
启动Keepalived
systemctl start keepalived -
验证VIP是否正常
eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.20.1.100 netmask 255.255.255.255 broadcast 0.0.0.0 ether 52:54:00:9c:43:c8 txqueuelen 1000 (Ethernet) eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 # lb2启动之后会延迟60s将该VIP抢占到lb2节点 inet 172.20.1.200 netmask 255.255.255.255 broadcast 0.0.0.0 ether 52:54:00:9c:43:c8 txqueuelen 1000 (Ethernet)
3.2.3. 配置lb2节点
-
安装
yum install keepalived -y -
配置
vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server smtp.qq.com smtp_connect_timeout 30 router_id LVS_DEVEL vrrp_skip_check_adv_addr #vrrp_strict # 在开启非抢占或延迟抢占时需要关闭此选项 vrrp_iptables vrrp_garp_interval 0 vrrp_gna_interval 0 } # 定义VRouter2 vrrp_instance VRouter1 { state BACKUP # 非抢占模式需要当前VRouter的所有节点均配置为BACKUP interface eth0 virtual_router_id 1 priority 90 # 当前节点在此虚拟路由器中的优先级1-254 advert_int 1 nopreempt # 设置此VRouter为非抢占模式 authentication { auth_type PASS auth_pass Passw0rd } virtual_ipaddress { 172.20.1.100 dev eth0 label eth0:0 } } # 定义VRouter1 vrrp_instance VRouter2 { state BACKUP # 延迟抢占需要所有VRouter的所有节点均配置为BACKUP interface eth0 virtual_router_id 2 # 路由器唯一标识,不能冲突 priority 100 # 优先级 advert_int 1 preempt_delay 60s # 配置为延迟抢占模式,默认值为300s authentication { auth_type PASS auth_pass Passw0rd } virtual_ipaddress { 172.20.1.200 dev eth0 label eth0:1 # 修改网卡标签 } } -
启动Keepalived
systemctl start keepalived -
验证VIP是否正常
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 # keepalived 服务启动60s之后会将该IP抢占到lb2节点 inet 172.20.1.200 netmask 255.255.255.255 broadcast 0.0.0.0 ether 52:54:00:d3:6a:f5 txqueuelen 1000 (Ethernet)
3.3. 配置三主(VRRP单播)
3.3.1. 环境介绍
| 主机名 | IP地址 | 节点角色 | VIP | 软件版本 |
|---|---|---|---|---|
| lb1 | 172.20.1.234 | VRouter1(Master) VRouter2(Backup) VRouter3(Backup) |
172.20.1.80 | keepalived-1.3.5 |
| lb2 | 172.20.1.235 | VRouter1(Backup) VRouter2(Master) VRouter3(Backup) |
172.20.1.81 | keepalived-1.3.5 |
| lb3 | 172.20.1.236 | VRouter1(Backup) VRouter2(Backup) VRouter3(Master) |
172.20.1.82 | keepalived-1.3.5 |
3.3.2. 配置lb1节点
-
安装软件包
yum install keepalived -y -
修改配置文件
cd /etc/keepalived/ vim keepalived.conf ! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_DEVEL vrrp_skip_check_adv_addr # vrrp_strict # 单播模式必须关闭 vrrp_iptables vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_instance VRouter1 { state BACKUP interface eth0 virtual_router_id 80 priority 100 advert_int 1 unicast_src_ip 172.20.1.234 # 当前VRouter本机地址 unicast_peer { 172.20.1.235 # 当前VRouter的其他节点地址 172.20.1.236 } authentication { auth_type PASS auth_pass D0cker } virtual_ipaddress { 172.20.1.80 dev eth0 label eth0:0 } } vrrp_instance VRouter2 { state BACKUP interface eth0 virtual_router_id 81 priority 90 advert_int 1 unicast_src_ip 172.20.1.234 unicast_peer { 172.20.1.235 172.20.1.236 } authentication { auth_type PASS auth_pass D0cker } virtual_ipaddress { 172.20.1.81 dev eth0 label eth0:1 } } include /etc/keepalived/confdir/*.conf ## mkdir confdir vim confdir/VRouter3.conf vrrp_instance VRouter3 { state BACKUP interface eth0 virtual_router_id 82 priority 80 advert_int 1 unicast_src_ip 172.20.1.234 unicast_peer { 172.20.1.235 172.20.1.236 } authentication { auth_type PASS auth_pass D0cker } virtual_ipaddress { 172.20.1.82 dev eth0 label eth0:2 } } -
启动keepalived
systemctp start keepalived -
验证VIP是否正常
ifconfig eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.20.1.80 netmask 255.255.255.255 broadcast 0.0.0.0 ether 52:54:00:99:f6:3d txqueuelen 1000 (Ethernet) eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.20.1.81 netmask 255.255.255.255 broadcast 0.0.0.0 ether 52:54:00:99:f6:3d txqueuelen 1000 (Ethernet) eth0:2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.20.1.82 netmask 255.255.255.255 broadcast 0.0.0.0 ether 52:54:00:99:f6:3d txqueuelen 1000 (Ethernet)
3.3.3. 配置lb2节点
-
安装软件包
yum install keepalived -y -
修改配置文件
cd /etc/keepalived/ vim keepalived.conf ! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_DEVEL vrrp_skip_check_adv_addr #vrrp_strict vrrp_iptables vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_instance VRouter1 { state BACKUP interface eth0 virtual_router_id 80 priority 80 advert_int 1 unicast_src_ip 172.20.1.235 unicast_peer { 172.20.1.234 172.20.1.236 } authentication { auth_type PASS auth_pass D0cker } virtual_ipaddress { 172.20.1.80 dev eth0 label eth0:0 } } vrrp_instance VRouter2 { state BACKUP interface eth0 virtual_router_id 81 priority 100 advert_int 1 unicast_src_ip 172.20.1.235 unicast_peer { 172.20.1.234 172.20.1.236 } authentication { auth_type PASS auth_pass D0cker } virtual_ipaddress { 172.20.1.81 dev eth0 label eth0:1 } } include /etc/keepalived/confdir/*.conf mkdir confdir vim confdir/VRouter3.conf vrrp_instance VRouter3 { state BACKUP interface eth0 virtual_router_id 82 priority 90 advert_int 1 unicast_src_ip 172.20.1.235 unicast_peer { 172.20.1.234 172.20.1.236 } authentication { auth_type PASS auth_pass D0cker } virtual_ipaddress { 172.20.1.82 dev eth0 label eth0:2 } } -
启动keepalived
systemctl start keepalived -
验证VIP是否正常
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.20.1.81 netmask 255.255.255.255 broadcast 0.0.0.0 ether 52:54:00:d7:fd:30 txqueuelen 1000 (Ethernet) # 因为lb2的VRouter3 优先级比lb1高,所以会飘到lb2 eth0:2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.20.1.82 netmask 255.255.255.255 broadcast 0.0.0.0 ether 52:54:00:d7:fd:30 txqueuelen 1000 (Ethernet) -
lb1节点查看
eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.20.1.80 netmask 255.255.255.255 broadcast 0.0.0.0 ether 52:54:00:99:f6:3d txqueuelen 1000 (Ethernet)
3.3.4. 配置lb3节点
-
安装软件包
yum install keepalived -y -
修改配置文件
cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived # 全局配置 global_defs { notification_email { acassen@firewall.loc # 告警邮件的接收地址 } notification_email_from Alexandre.Cassen@firewall.loc # 告警邮件的发送账号 smtp_server 192.168.200.1 # 邮件服务器地址 smtp_connect_timeout 30 # 连接邮件服务器的超时时间 router_id LVS_DEVEL # 唯一标识默认为主机名 vrrp_skip_check_adv_addr # 如果收到的报文和上一个报文是相同的路由器发送则跳过检测报文中的源地址 #vrrp_strict # 严格遵守VRRP协议在以下场景需要关闭该此项 1. 没有VIP地址 2. 配置了单播邻居 3. 在VRRPv2版本中有IPv6地址 vrrp_iptables # 禁止Keepalived启动后自动生成iptable规则(如果使用Nginx和HAProxy)时没有编辑此项则无法正常访问 vrrp_garp_interval 0 # ARP报文的发送延迟ms vrrp_gna_interval 0 # 消息发送延迟ms } # 定义VRouter vrrp_instance VRouter1 { # Vrouter1虚拟路由器的名称 state BACKUP # 当前节点在此虚拟路由器上的初始状态(MASTER|BACKUP) interface eth0 # 绑定当前虚拟路由器使用的物理接口 virtual_router_id 80 # 当前虚拟路由器的唯一标识0-255 priority 90 # 当前节点在此虚拟路由器中的优先级1-254 advert_int 1 # VRRP的通告间隔 unicast_src_ip 172.20.1.236 unicast_peer { 172.20.1.235 172.20.1.236 } authentication { # 认证 auth_type PASS # 使用字符认证 auth_pass D0cker # 认证字符(仅前8位有效可以超过8位) } virtual_ipaddress { # 配置虚拟IP 172.20.1.80 dev eth0 label eth0:0 # 设置虚拟IP } } vrrp_instance VRouter2 { state BACKUP interface eth0 virtual_router_id 81 priority 80 advert_int 1 unicast_src_ip 172.20.1.236 unicast_peer { 172.20.1.235 172.20.1.236 } authentication { auth_type PASS auth_pass D0cker } virtual_ipaddress { 172.20.1.81 dev eth0 label eth0:1 } } include /etc/keepalived/confdir/*.conf ### -------------------------------------------------------- cat /etc/keepalived/confdir/VRouter3.conf vrrp_instance VRouter3 { state BACKUP interface eth0 virtual_router_id 82 priority 100 advert_int 1 #nopreempt #preempt_delay 60s unicast_src_ip 172.20.1.236 unicast_peer { 172.20.1.234 172.20.1.235 } authentication { auth_type PASS auth_pass D0cker } virtual_ipaddress { 172.20.1.82 dev eth0 label eth0:2 } } -
启动keepalived
systemctl start keepalived -
验证VIP是否正常
eth0:2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.20.1.82 netmask 255.255.255.255 broadcast 0.0.0.0 ether 52:54:00:cf:42:f9 txqueuelen 1000 (Ethernet) -
lb2节点查看
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.20.1.81 netmask 255.255.255.255 broadcast 0.0.0.0 ether 52:54:00:d7:fd:30 txqueuelen 1000 (Ethernet) -
lb1节点查看
eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.20.1.80 netmask 255.255.255.255 broadcast 0.0.0.0 ether 52:54:00:99:f6:3d txqueuelen 1000 (Ethernet)
3.3.5. 三主环境配置完成,可以根据需求选择合适的负载均衡器。
3.4. 配置多主节点(4+)
- 按照三节点配置依次类推即可
4. Keepalived+LVS配置
- Keepalived可以对LVS的RealServer进行健康检测。
- Keepalived中定义LVS时不要合并大括号,如:
}}
4.1. 配置单主的LVS DR模式
4.1.1. 环境介绍
| 主机名 | IP地址 | 节点角色 | VIP | 软件版本 |
|---|---|---|---|---|
| lb1 | 172.20.1.221 | LVS(Master) | 172.20.1.100 | keepalived-1.3.5 |
| lb2 | 172.20.1.224 | LVS(Backup) | 172.20.1.100 | keepalived-1.3.5 |
| rs1 | 172.20.1.222 | RealServer1 | 172.20.1.100(lo:0) | nginx-1.16.1 |
| rs2 | 172.20.1.225 | RealServer2 | 172.20.1.100(lo:0) | nginx-1.16.1 |
4.1.2. 配置后端服务器(rs1/rs2)
-
安装Web服务器
yum install nginx -
修改主页
- rs1
echo "in rs1 web page." > /usr/share/nginx/html/index.html - rs2
echo "in rs2 web page." > /usr/share/nginx/html/index.html
- rs1
-
绑定VIP到lo:0网卡
cat /usr/local/sbin/setrs #!/usr/bin/env bash vip="172.20.1.100" # VIP 地址 netmask="255.255.255.255" # 32位掩码 iface="lo:0" # 配置到lo:0接口 case $1 in start) echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce ifconfig ${iface} ${vip} netmask ${netmask} broadcast ${vip} up route add -host ${vip} dev ${iface} ;; stop) ifconfig ${iface} down echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce ;; *) exit 1 esac ]# chmod +x /usr/local/sbin/setrs ]# setrs start -
查看内核参数和网卡配置
cat /proc/sys/net/ipv4/conf/{lo,all}/{arp_ignore,arp_announce} 1 2 1 2 ifconfig lo:0 lo:0: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 172.20.1.100 netmask 255.255.255.255 loop txqueuelen 1000 (Local Loopback)
4.1.3. 配置lb1
-
安装Keepalived
yum install keepalived -
修改配置文件
#!/bin/bash # 可以使vim打开时具有颜色高亮 ! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc } notification_email_from hello@qq.com smtp_server smtp.qq.com smtp_connect_timeout 30 router_id LVS_DEVEL vrrp_skip_check_adv_addr #vrrp_strict vrrp_iptables vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_instance VRouter1 { state MASTER interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass Passw0rd } virtual_ipaddress { 172.20.1.100 dev eth0 label eth0:0 } } virtual_server 172.20.1.100 80 { delay_loop 6 # 检查后端服务器的时间间隔 lb_algo rr # 调度方法 lb_kind DR # LVS集群类型 #persistence_timeout 50 # 持久连接时间,默认6分钟 # 测试时要关闭。 protocol TCP # 指定服务的协议TCP/UDP/SCTP #sorry_server www.liyblog.com # 所有RS故障时备用服务器的地址 # 定义后端服务器 real_server 172.20.1.222 80 { weight 1 # 权重 # RS上线,下线通知脚本 #notify_up "/etc/keepalived/notify_up.sh 172.20.1.222" #notify_down "/etc/keepalived/notify_down.sh 172.20.1.222" # 应用层检测 HTTP_GET { url { # 检测的url path /index.html status_code 200 } connect_timeout 3 # 健康检测的超时时间 nb_get_retry 3 # 重试次数 delay_before_retry 3 # 重试之前的等待时间 #connect_ip 172.20.1.222 # 指定对后端服务器健康检测时的目的IP #connect_port 80 # 指定对后端服务器健康检测时的目的端口 #bindto 172.20.1.221 # 指定对后端服务器健康检测时的源IP # bind_port # 指定对后端服务器健康检测时的源端口 } } real_server 172.20.1.225 80 { weight 1 # 权重 # 应用层检测 HTTP_GET { url { # 检测的url path /index.html status_code 200 } connect_timeout 3 # 健康检测的超时时间 nb_get_retry 3 # 重试次数 delay_before_retry 3 # 重试之前的等待时间 } } } -
启动Keepalived
systemctl start keepalived -
查看VIP
eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.20.1.100 netmask 255.255.255.255 broadcast 0.0.0.0 ether 52:54:00:b2:22:24 txqueuelen 1000 (Ethernet) -
客户端访问测试
in rs2 web page. in rs1 web page. in rs2 web page. in rs1 web page. in rs2 web page. in rs1 web page.
4.1.4. 配置lb2
-
安装Keepalived
yum install keepalived -
修改配置文件
#!/bin/bash ! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc } notification_email_from hello@qq.com smtp_server smtp.qq.com smtp_connect_timeout 30 router_id LVS_DEVEL vrrp_skip_check_adv_addr #vrrp_strict vrrp_iptables vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_instance VRouter1 { state MASTER interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass Passw0rd } virtual_ipaddress { 172.20.1.100 dev eth0 label eth0:0 } } virtual_server 172.20.1.100 80 { delay_loop 6 # 检查后端服务器的时间间隔 lb_algo rr # 调度方法 lb_kind DR # LVS集群类型 #persistence_timeout 50 # 持久连接时间,默认6分钟 protocol TCP # 指定服务的协议TCP/UDP/SCTP #sorry_server www.liyblog.com # 所有RS故障时备用服务器的地址 # 定义后端服务器 real_server 172.20.1.222 80 { weight 1 # 权重 # RS上线,下线通知脚本 #notify_up "/etc/keepalived/notify_up.sh 172.20.1.222" #notify_down "/etc/keepalived/notify_down.sh 172.20.1.222" # 应用层检测 HTTP_GET { url { # 检测的url path /index.html status_code 200 } connect_timeout 3 # 健康检测的超时时间 nb_get_retry 3 # 重试次数 delay_before_retry 3 # 重试之前的等待时间 #connect_ip 172.20.1.222 # 指定对后端服务器健康检测时的目的IP #connect_port 80 # 指定对后端服务器健康检测时的目的端口 #bindto 172.20.1.221 # 指定对后端服务器健康检测时的源IP # bind_port # 指定对后端服务器健康检测时的源端口 } } real_server 172.20.1.225 80 { weight 1 # 权重 # 应用层检测 HTTP_GET { url { # 检测的url path /index.html status_code 200 } connect_timeout 3 # 健康检测的超时时间 nb_get_retry 3 # 重试次数 delay_before_retry 3 # 重试之前的等待时间 } } } -
启动Keepalived
systemctl start keepalived -
lb1关闭Master并在客户端访问查看是否会出现无法访问情况
-
杀掉keepalived进程
killall keepalived -
客户端访问
while :; do curl 172.20.1.100 ;sleep 1 ;done in rs2 web page. in rs1 web page. in rs2 web page. in rs1 web page. in rs2 web page. in rs1 web page. in rs2 web page.
-
5.VRRP Script配置
-
Keepalived可以调用脚本对资源进行监控,并根据监控的结果对优先级动态调整,实现更精确的服务检测结果,实现VIP状态迁移。
-
使用
vrrp_script定义资源监控的脚本,vrrp实例会根据脚本的返回值进行下一步操作。一个脚本可以被多个vrrp实例调用。 -
track_script可以调用vrrp_script定义的脚本,相关配置文件格式为:# 定义资源监控脚本(全局唯一) vrrp_script nginx_check { script "/etc/keepalived/nginx_check.sh" # 检测NGINX状态的脚本路径 interval 2 # 执行间隔 weight -20 # 检测失败之后则权重+weight的值(如:优先级100+ -20 = 80) fall 3 # 判定服务为异常的检查次数 rise 2 # 判定服务为正常的检测次数 timeout 2 # 超时时间 #user username # 执行检测脚本的用户和组 #init_fail # 设置默认为失败状态,在检测成功之后再转换为成功状态 } # 定义VRouter vrrp_instance VRouter1 { …………options track_script { # 对Nginx进行监控 nginx_check } } -
资源监控脚本
cat /etc/keepalived/nginx_check.sh# 需要安装psmisc包 #! /bin/bash # killall -0 nginx A=$(ps -C nginx --no-header|wc -l) if [ $A -eq 0 ];then /usr/sbin/nginx if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then exit 1 fi fi
6. Keepalived+Nginx配置
6.1. 环境介绍
| 主机名 | IP地址 | 节点角色 | VIP | 软件版本 |
|---|---|---|---|---|
| node1 | 172.20.1.221 | Master | 172.20.1.100 | keepalived-1.3.5 nginx-1.16.1 |
| node2 | 172.20.1.222 | Slave | 172.20.1.100 | keepalived-1.3.5 nginx-1.16.1 |
| node3 | 172.20.1.223 | Web1 | / | nginx-1.16.1 |
| node4 | 172.20.1.224 | Web2 | / | nginx-1.16.1 |
6.2. 配置Nginx反向代理
6.2.1. 配置Nginx反向代理
http { upstream webserver{ server 172.20.1.223; server 172.20.1.224; } server { …… location / { index index.html; proxy_pass http://webserver; } } }
6.2.2. 编辑Nginx状态检测脚本
vim /etc/keepalived/nginx_check.sh #! /bin/bash killall -0 nginx
6.2.3. 为Nginx状态检测脚本添加执行权限
chmod +x /etc/keepalived/nginx_check.sh
6.2.4. 安装psmisc软件包
yum install psmisc
6.2.5. 启动Nginx
nginx
6.3. 配置Keepalived
6.3.1. 修改配置文件(node1)
#!/bin/bash ! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_DEVEL vrrp_skip_check_adv_addr vrrp_strict vrrp_iptables vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_script check_nginx { script "/etc/keepalived/nginx_check.sh" interval 2 timeout 1 weight -20 fall 3 rise 2 user root group root } vrrp_instance VRouter1 { state BACKUP interface eth0 virtual_router_id 80 priority 100 advert_int 1 authentication { auth_type PASS auth_pass Passw0rd } track_script { check_nginx } virtual_ipaddress { 172.20.1.100 dev eth0 label eth0:0 } }
6.3.2.修改配置文件(node2)
#!/bin/bash ! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_DEVEL vrrp_skip_check_adv_addr vrrp_strict vrrp_iptables vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_script check_nginx { script "/etc/keepalived/nginx_check.sh" interval 2 timeout 1 weight -20 fall 3 rise 2 user root group root } vrrp_instance VRouter1 { state BACKUP interface eth0 virtual_router_id 80 priority 90 advert_int 1 authentication { auth_type PASS auth_pass Passw0rd } track_script { check_nginx } virtual_ipaddress { 172.20.1.100 dev eth0 label eth0:0 } }
7. 其他配置
7.1. 自定义通知配置
vim /etc/keepalived/notify.sh #!/usr/bin/env bash __Author__="liy" source /etc/profile atMobiles="phone" dingtalkUrl="https://oapi.dingtalk.com/robot/send?access_token=token" function send(){ curl ${dingtalkUrl} -H 'Content-Type: application/json' \ -d '{ "msgtype": "markdown", "markdown": { "title": "'"$1"'", "text": "'"$content"'" }, "at":{ "atMobiles": ["'"$atMobiles"'"] } }' } function notify(){ title="Keepalived告警: $(hostname) to be $1,vip 转移" content="> $(date '+%F %T'): vrrp transfer, $(hostname) changed to be $1" send $title "$content" } case $1 in master) notify master ;; backup) notify backup ;; fault) notice fault ;; *) echo -e "\033[31mUsage: $0 <master|backup|fault>" exit 127 ;; esac chmod +x /etc/keepalived/notify.sh
7.2. 配置VRouter调用通知脚本
vrrp_instance VRouter1 { # Vrouter1虚拟路由器的名称 .... notify_master "/etc/keepalived/notify.sh master" # 当前节点成为主节点时触发的脚本 notify_backup "/etc/keepalived/notify.sh backup" # 当前节点成为备节点时触发的脚本 notify_fault "/etc/keepalived/notify.sh fault" # 当前节点转为“失败”状态时触发的脚本 }
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 从 HTTP 原因短语缺失研究 HTTP/2 和 HTTP/3 的设计差异
· AI与.NET技术实操系列:向量存储与相似性搜索在 .NET 中的实现
· 基于Microsoft.Extensions.AI核心库实现RAG应用
· Linux系列:如何用heaptrack跟踪.NET程序的非托管内存泄露
· 开发者必知的日志记录最佳实践
· winform 绘制太阳,地球,月球 运作规律
· AI与.NET技术实操系列(五):向量存储与相似性搜索在 .NET 中的实现
· 超详细:普通电脑也行Windows部署deepseek R1训练数据并当服务器共享给他人
· 上周热点回顾(3.3-3.9)
· AI 智能体引爆开源社区「GitHub 热点速览」