Keepalived高可用集群搭建

1. Keepalived高可用原理

简单来说,只有主节点的服务器会一直发送VRRP广播包,告诉备节点它还活着,此时备节点不会抢占主节点。
当备节点监听不到主节点发送的广播包时,就会启动相关服务接管资源,保证业务的连续性。
接管速度最快可以小于1秒。

2. Keepalived高可用服务搭建

2.1 安装Keepalived

(1)硬件准备

HOSTNAME IP 说明
lb01 192.168.1.51 Keepalived主服务器(Nginx主负载均衡器)
lb02 192.168.1.52 Keepalived备服务器(Nginx辅负载均衡器)
web01 192.168.1.53 web01服务器
web02 192.168.1.54 web02服务器

(2)安装Keepalived软件(两台负载都做,这里演示只做一台)

[root@lb01 ~]# yum -y install keepalived

(3)启动keepalived服务并检查

[root@lb01 ~]# systemctl enable keepalived.service 
Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.
[root@lb01 ~]# systemctl start keepalived.service 
[root@lb01 ~]# ps -ef|grep [k]eepalived
root       7212      1  0 04:46 ?        00:00:00 /usr/sbin/keepalived -D        # 启动成功后有3个进程表示正确
root       7213   7212  0 04:46 ?        00:00:00 /usr/sbin/keepalived -D
root       7214   7212  0 04:46 ?        00:00:00 /usr/sbin/keepalived -D
[root@lb01 ~]# ip a|grep 192.168.
    inet 192.168.1.51/24 brd 192.168.1.255 scope global noprefixroute eth0
    inet 192.168.200.16/32 scope global eth0              # 默认情况下,会生成3个C类IP地址,16、17、18
    inet 192.168.200.17/32 scope global eth0
    inet 192.168.200.18/32 scope global eth0
# 测试完毕后关闭服务
[root@lb01 ~]# systemctl stop keepalived

2.2 Keepalived配置文件介绍

这里只介绍具备高可用功能的两个区块

[root@lb01 ~]# cat -n /etc/keepalived/keepalived.conf 
## 全局定义部分
     1	! Configuration File for keepalived                                 # 注释,!和#一样,都是注释。
     2	
     3	global_defs {                                                       # 3-8行是定义服务故障报警的邮件地址(可选)
     4	   notification_email {
     5	     acassen@firewall.loc
     6	     failover@firewall.loc
     7	     sysadmin@firewall.loc
     8	   }
     9	   notification_email_from Alexandre.Cassen@firewall.loc            # 发件人地址(可选)
    10	   smtp_server 192.168.200.1                                        # 指定发送邮件的SMTP服务器,如果本机开启了sendmail或postfix,可以使用上面的默认配置发送邮件(可选)
    11	   smtp_connect_timeout 30                                          # 连接smtp超时时间(可选)
    12	   router_id LVS_DEVEL                                              # 路由标识,全局唯一。
# 省略部分内容
## VRRP实例定义区块部分
    19	vrrp_instance VI_1 {                                                # 定义一个vrrp_instance实例,名字为VI_1,可以有多个。
    20	    state MASTER                                                    # 表示当前VI_1的状态为MASTER,状态只有MASTER和BACKUP。
    21	    interface eth0                                                  # 对外提供的网络接口。
    22	    virtual_router_id 51                                            # 虚拟路由ID标识,最好是数字,在一个keepalived.conf中唯一,但是MASTER和BACKUP配置中相同实例的virtual_router_id必须相同,否则会出现脑裂问题。
    23	    priority 100                                                    # 优先级,数字越大,优先级越高,MASTER要比BACKUP的优先级高。一般建议隔50。
    24	    advert_int 1                                                    # 同步通知间隔,也就是M和B之间通信检查的时间,默认为1秒。
    25	    authentication {                                                # 25-28行,权限认证配置。包含认证类型(auth_type)和认证密码(auth_pass)。
    26	        auth_type PASS                                              # 认证类型有:PASS、HA两种。官方推荐使用PASS。
    27	        auth_pass 1111                                              # 验证密码为明文方式,长度最好不要超过8个字符,建议4个字符。统一VRRP实例的M和B使用相同的密码才能通信。
    28	    }
    29	    virtual_ipaddress {                                             # 29-33行,为虚拟IP地址,可以配置多个。不指定子网掩码的话,默认为32位。
    30	        192.168.200.16
    31	        192.168.200.17
    32	        192.168.200.18
    33	    }
    34	}

3. Keepalived高可用服务单实例配置

3.1 配置Keepalived实现单实例单IP自动漂移接管

(1)配置Keepalived主服务器lb01 MASTER

#首先,配置lb01 MASTER的Keepalived.conf文件
[root@lb01 ~]# cd /etc/keepalived/
[root@lb01 /etc/keepalived]# cp keepalived.conf{,.bak}
[root@lb01 /etc/keepalived]# >keepalived.conf
[root@lb01 /etc/keepalived]# ls
keepalived.conf  keepalived.conf.bak
[root@lb01 /etc/keepalived]# vim keepalived.conf
[root@lb01 /etc/keepalived]# cat keepalived.conf
global_defs {
    router_id lb01                    # ID为lb01,不同的keepalived.conf此ID要唯一。
}

vrrp_instance VI_1 {                  # 实例名为VI_1,相同实例的备节点名字要跟这个相同。
    state MASTER                      # 状态为MASTER,备节点为BACKUP。
    interface eth0                    # 通信接口,主备一样。
    virtual_router_id 51              #实例ID为51,配置文件中唯一。
    priority 150                      # 优先级,备节点的优先级数字要比这个低。
    advert_int 1                      # 通信检查间隔。
    authentication {                  
        auth_type PASS                # 认证类型为PASS,主备相同。
        auth_pass 1111                # 认证密码,主备相同。
    }
    virtual_ipaddress {
        192.168.1.99/24 dev eth0 label eth0:3  # 虚拟IP,即VIP,子网掩码为24,绑定接口为eth0,别名eth0:3,主备相同。这个地址也是网站域名绑定的地址。
    }
}

#启动keepalived服务
[root@lb01 /etc/keepalived]# ps -ef|grep [k]eepalived
[root@lb01 /etc/keepalived]# systemctl start keepalived
[root@lb01 /etc/keepalived]# ps -ef|grep [k]eepalived
root       7332      1  0 05:27 ?        00:00:00 /usr/sbin/keepalived -D
root       7333   7332  0 05:27 ?        00:00:00 /usr/sbin/keepalived -D
root       7334   7332 12 05:27 ?        00:00:00 /usr/sbin/keepalived -D

#检查配置结果,是否有虚拟IP
[root@lb01 /etc/keepalived]# ip a|grep .99
    inet 192.168.1.99/24 scope global secondary eth0:3

(2)配置Keepalived lb02 BACKUP

#首先,配置lb01 MASTER的Keepalived.conf文件
[root@lb02 ~]# cd /etc/keepalived/
[root@lb02 /etc/keepalived]# cp keepalived.conf{,.bak}
[root@lb02 /etc/keepalived]# >keepalived.conf
[root@lb02 /etc/keepalived]# vim keepalived.conf
global_defs {
    router_id lb02                        # 改这里
}

vrrp_instance VI_1 {
    state BACKUP                          # 改这里
    interface eth0
    virtual_router_id 51
    priority 100                          # 改这里
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.99/24 dev eth0 label eth0:3
    }
}

#启动keepalived服务
[root@lb02 /etc/keepalived]# systemctl start keepalived.service 
[root@lb02 /etc/keepalived]# ps -ef|grep [k]eepalived
root       7213      1  0 05:33 ?        00:00:00 /usr/sbin/keepalived -D
root       7214   7213  0 05:33 ?        00:00:00 /usr/sbin/keepalived -D
root       7215   7213  0 05:33 ?        00:00:00 /usr/sbin/keepalived -D

#检查配置结果,是否有虚拟IP
[root@lb02 /etc/keepalived]# ip a|grep .99
[root@lb02 /etc/keepalived]#                         # 这里没有输出就对了,以为此时的lb02是备节点,当主节点活着的时候,它不会接管VIP 192.168.1.99。如果有.99这个IP,则表示服务不正常,裂脑了。也就是两台服务器争抢同一资源导致。

主备争抢同一IP排查方法

(1)主备两台服务器之间是否通信正常,如果不正常,是否有防火墙阻挡。
(2)主备两台服务器对应的keepalived.conf配置文件是否有误。

(3)进行高可用主备切换实验

#停掉主服务器上的keepalived服务,或关闭服务器
[root@lb01 /etc/keepalived]# ip a|grep .99
    inet 192.168.1.99/24 scope global secondary eth0:3
[root@lb01 /etc/keepalived]# systemctl stop keepalived.service 
[root@lb01 /etc/keepalived]# ip a|grep .99                      # 关闭服务后,VIP消失了。

# 查看备服务器,是否有VIP
[root@lb02 /etc/keepalived]# ip a|grep .99
    inet 192.168.1.99/24 scope global secondary eth0:3         # 备服务器已经接管了VIP

# 启动主服务器,查看VIP是否会回去
[root@lb01 /etc/keepalived]# systemctl start keepalived.service 
[root@lb01 /etc/keepalived]# ip a|grep .99
    inet 192.168.1.99/24 scope global secondary eth0:3          # 服务启动后,VIP又回来了

# 查看备服务器的VIP
[root@lb02 /etc/keepalived]# ip a|grep .99                      # 主服务器的服务启动后,VIP自动漂移回去了,所以备服务器没有

4. Keepalived双实例双主模式配置

4.1 Keepalived双实例双主模式配置介绍

即A业务在lb01上是主模式,在lb02上是备模式,而B业务在lb01上是备模式,在lb02上是主模式。

双主模式IP规划表

HOSTNAME IP 说明
lb01 192.168.1.51 VIP:192.168.1.99(用于绑定A服务www.etiantian.org域名)
lb02 192.168.1.52 VIP:192.168.1.100(用于绑定B服务bbs.etiantian.org域名)

4.2 Keepalived双实例双主模式配置开始

(1)在lb01的keepalived.conf配置文件中,增加一个vrrp_instance VI_2实例

[root@lb01 /etc/keepalived]# cat keepalived.conf
global_defs {
    router_id lb01
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 150
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.99/24 dev eth0 label eth0:3
    }
}


vrrp_instance VI_2 {                                     # 从这里开始为增加的配置
    state BACKUP
    interface eth0
    virtual_router_id 52
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.100/24 dev eth0 label eth0:4
    }
}

(2)在lb02的keepalived.conf配置文件中,增加一个vrrp_instance VI_2实例

[root@lb02 /etc/keepalived]# cat keepalived.conf
global_defs {
    router_id lb02
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.99/24 dev eth0 label eth0:3
    }
}


vrrp_instance VI_2 {                                     # 从这里开始为增加的配置
    state MASTER
    interface eth0
    virtual_router_id 52
    priority 150
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.100/24 dev eth0 label eth0:4
    }
}

(3)重启服务,并观察两台机器的VIP情况

#lb01
[root@lb01 /etc/keepalived]# systemctl restart keepalived.service 
[root@lb01 /etc/keepalived]# ip a|egrep "192.*99|192.*100"
    inet 192.168.1.99/24 scope global secondary eth0:3

#lb02
[root@lb02 /etc/keepalived]# systemctl restart keepalived.service 
[root@lb02 /etc/keepalived]# ip a|egrep "192.*99|192.*100"
    inet 192.168.1.100/24 scope global secondary eth0:4

(4)停止任意一端服务器或keepalived服务,查看VIP漂移情况

#lb01
[root@lb01 /etc/keepalived]# systemctl stop keepalived.service 
[root@lb01 /etc/keepalived]# ip a|egrep "192.*99|192.*100"
[root@lb01 /etc/keepalived]#                                    # 停止服务后,VIP 99被释放,下面检查lb02

#lb02
[root@lb02 /etc/keepalived]# ip a|egrep "192.*99|192.*100"
    inet 192.168.1.100/24 scope global secondary eth0:4
    inet 192.168.1.99/24 scope global secondary eth0:3          # 已经接管了lb01的VIP 99。下面再次启动lb01的keepalived服务。

#lb01
[root@lb01 /etc/keepalived]# systemctl start keepalived.service 
[root@lb01 /etc/keepalived]# ip a|egrep "192.*99|192.*100"
    inet 192.168.1.99/24 scope global secondary eth0:3          # 服务启动后,VIP 又回来了。下面查看lb02的VIP

#lb02
[root@lb02 /etc/keepalived]# ip a|egrep "192.*99|192.*100"
    inet 192.168.1.100/24 scope global secondary eth0:4         # 由于lb01服务再次启动,所以这里的VIP99就被释放了。

###停止lb02的keepalived服务
[root@lb02 /etc/keepalived]# systemctl stop keepalived.service 
[root@lb02 /etc/keepalived]# ip a|egrep "192.*99|192.*100"      # 服务停止后,VIP释放了。下面查看lb01的VIP

#lb01
[root@lb01 /etc/keepalived]# ip a|egrep "192.*99|192.*100"
    inet 192.168.1.99/24 scope global secondary eth0:3
    inet 192.168.1.100/24 scope global secondary eth0:4         # 这里lb01接管了lb02的VIP 100。下面启动lb02的服务

#lb02
[root@lb02 /etc/keepalived]# systemctl start keepalived.service 
[root@lb02 /etc/keepalived]# ip a|egrep "192.*99|192.*100"
    inet 192.168.1.100/24 scope global secondary eth0:4         # 服务启动后,VIP 又回来了。下面查看lb01的VIP          

#lb01
[root@lb01 /etc/keepalived]# ip a|egrep "192.*99|192.*100"
    inet 192.168.1.99/24 scope global secondary eth0:3         # 由于lb02服务再次启动,所以这里的VIP 100就被释放了。

5. Nginx负载均衡配合Keepalived服务配置

5.1 在lb01和lb02上配置Nginx负载均衡

配置如下

#lb01
[root@lb01 /application/nginx/conf]# cat nginx.conf
worker_processes  1;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    upstream www {
        server 192.168.1.53:80 weight=1;
        server 192.168.1.54:80 weight=1;
    }
    server {
        listen       192.168.1.99:80;                        # 指定监听地址
        server_name  www.etiantian.org;
        location / {
          proxy_pass http://www;
          proxy_set_header Host $host;
          proxy_set_header X-Forwarded-For $remote_addr;
        }
    }
}

[root@lb01 /application/nginx/conf]# nginx -t
nginx: the configuration file /application/nginx-1.18.0/conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx-1.18.0/conf/nginx.conf test is successful
[root@lb01 /application/nginx/conf]# nginx -s reload

5.2 配置lb01和lb02的keepalived服务

#lb01
[root@lb01 /etc/keepalived]# cat keepalived.conf
global_defs {
    router_id lb01
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 150
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.99/24 dev eth0 label eth0:3
    }
}

#lb02
[root@lb02 /etc/keepalived]# cat keepalived.conf
global_defs {
    router_id lb02
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.99/24 dev eth0 label eth0:3
    }
}

5.3 用户访问准备及模拟实际访问

(1)添加如下解析到hosts文件中

192.168.1.99 www.etiantian.org

(2)检查各服务是否正常

#lb01
[root@lb01 /etc/keepalived]# netstat -lntup|grep 80
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      7048/nginx: master  
[root@lb01 /etc/keepalived]# ip a|grep 99
    inet 192.168.1.99/24 scope global secondary eth0:3

#lb02
[root@lb02 /etc/keepalived]# netstat -lntup|grep nginx
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      6977/nginx: master  
[root@lb02 /etc/keepalived]# ip a|grep 99

(3)模式客户端访问

(4)停止lb01的keep服务,观察业务是否正常

#lb01
[root@lb01 /etc/keepalived]# systemctl stop keepalived.service 
[root@lb01 /etc/keepalived]# ip a|grep 99
[root@lb01 /etc/keepalived]# 

#lb02
[root@lb02 /etc/keepalived]# ip a|grep 99
    inet 192.168.1.99/24 scope global secondary eth0:3

(5)访问测试

(6)开启lb01的keep服务

[root@lb01 /etc/keepalived]# systemctl start keepalived.service
[root@lb01 /etc/keepalived]# ip a|grep 99
    inet 192.168.1.99/24 scope global secondary eth0:3

(7)最后测试访问结果

6. 配置指定文件接收Keepalived服务日志

默认情况下,Keepalived的日志会输出到/var/log/messages,但查看起来不方便。
可以调整成独立文件记录。操作如下:

(1)编辑/etc/sysconfig/keepalived,将“KEEPALIVED_OPTIONS="-D"”修改为“KEEPALIVED_OPTIONS="-D -d -S 0"”

[root@lb01 /etc/keepalived]# cat -n /etc/sysconfig/keepalived 
     1	# Options for keepalived. See `keepalived --help' output and keepalived(8) and
     2	# keepalived.conf(5) man pages for a list of all options. Here are the most
     3	# common ones :
     4	#
     5	# --vrrp               -P    Only run with VRRP subsystem.
     6	# --check              -C    Only run with Health-checker subsystem.
     7	# --dont-release-vrrp  -V    Dont remove VRRP VIPs & VROUTEs on daemon stop.
     8	# --dont-release-ipvs  -I    Dont remove IPVS topology on daemon stop.
     9	# --dump-conf          -d    Dump the configuration data.
    10	# --log-detail         -D    Detailed log messages.
    11	# --log-facility       -S    0-7 Set local syslog facility (default=LOG_DAEMON)
    12	#
    13	
    14	KEEPALIVED_OPTIONS="-D"
    15	
[root@lb01 /etc/keepalived]# sed -i '14 s#KEEPALIVED_OPTIONS="-D"#KEEPALIVED_OPTIONS="-D -d -S 0"#g' /etc/sysconfig/keepalived[root@lb01 /etc/keepalived]# sed -n '14p' /etc/sysconfig/keepalived
KEEPALIVED_OPTIONS="-D -d -S 0"

# --dump-conf          -d    导出备份配置数据。
# --log-detail         -D    详细日志。
# --log-facility       -S    设置本地syslog设备,编号0-7.
# -S 0 表示指定为local0设备。

(2)修改rsyslog的配置文件,文件末尾添加如下内容

[root@lb01 /etc/keepalived]# vim /etc/rsyslog.conf 
[root@lb01 /etc/keepalived]# tail -2 /etc/rsyslog.conf
# keepalived
local0.*                                                /var/log/keepalived.log

#然后在文件中54行结尾加入“;local0.none”
[root@lb01 /etc/keepalived]# vim /etc/rsyslog.conf 
[root@lb01 /etc/keepalived]# sed -n '54p' /etc/rsyslog.conf
*.info;mail.none;authpriv.none;cron.none;local0.none                /var/log/messages

# 重启rsyslog服务
[root@lb01 /etc/keepalived]# systemctl restart rsyslog.service

# 测试keep日志
[root@lb01 /etc/keepalived]# systemctl restart keepalived.service 
[root@lb01 /etc/keepalived]# tail /var/log/keepalived.log 
Jun 16 06:58:00 lb01 Keepalived_vrrp[7758]: Sending gratuitous ARP on eth0 for 192.168.1.99
Jun 16 06:58:00 lb01 Keepalived_vrrp[7758]: Sending gratuitous ARP on eth0 for 192.168.1.99
Jun 16 06:58:00 lb01 Keepalived_vrrp[7758]: Sending gratuitous ARP on eth0 for 192.168.1.99
Jun 16 06:58:00 lb01 Keepalived_vrrp[7758]: Sending gratuitous ARP on eth0 for 192.168.1.99
Jun 16 06:58:05 lb01 Keepalived_vrrp[7758]: Sending gratuitous ARP on eth0 for 192.168.1.99
Jun 16 06:58:05 lb01 Keepalived_vrrp[7758]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on eth0 for 192.168.1.99
Jun 16 06:58:05 lb01 Keepalived_vrrp[7758]: Sending gratuitous ARP on eth0 for 192.168.1.99
Jun 16 06:58:05 lb01 Keepalived_vrrp[7758]: Sending gratuitous ARP on eth0 for 192.168.1.99
Jun 16 06:58:05 lb01 Keepalived_vrrp[7758]: Sending gratuitous ARP on eth0 for 192.168.1.99
Jun 16 06:58:05 lb01 Keepalived_vrrp[7758]: Sending gratuitous ARP on eth0 for 192.168.1.99

# 还可以对该文件设置轮询,防止的单个文件变大
posted @ 2020-06-16 07:01  三花  阅读(770)  评论(0编辑  收藏  举报