Keepalived高可用热备

Keepalived概述

  • 调度器出现单点故障,如何解决

  • Keepalived实现了高可用集群

  • Keepalived最初是为LVS设计的,专门监控各服务器节点的状态

  • Keepalived后来加入了VRRP功能,防止单点故障

  • 功能:

    配置LVS规则

    健康检查

    VRRP

节点准备

主机 角色 ip地址
web1 高可用服务器 ens33:192.168.1.21
VIP:192.168.1.50
web2 高可用服务器 ens33:192.168.1.22
VIP:192.168.1.50

准备web服务器

  • web1部署web服务
1
2
3
4
5
6
[root@web1 ~]# yum install httpd -y
[root@web1 ~]# echo "192.168.1.22" > /var/www/html/index.html
[root@web1 ~]# systemctl restart httpd
[root@web1 ~]# setenforce 0
[root@web1 ~]# iptables -F

  • web2部署web服务
1
2
3
4
5
6
[root@web2 ~]# yum install httpd -y
[root@web2 ~]# echo "192.168.1.22" > /var/www/html/index.html
[root@web2 ~]# systemctl restart httpd
[root@web2 ~]# setenforce 0
[root@web2 ~]# iptables -F

安装keepalibed

  • CentOS的光盘中已经包含Keepalived软件包,只要配置好yum源,指向光盘源即可安装
1
2
3
[root@web1 ~]# yum install -y keepalived

[root@web2 ~]# yum install -y keepalived

修改主配置文件

  • web1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
[root@web1 ~]# vim /etc/keepalived/keepalived.conf
global_defs {          #其他内容不用删除
   router_id web1        #设置路由ID号(修改)
   vrrp_iptables      #禁止设置防火墙规则(手动添加,默认自动添加防火墙规则)
}

vrrp_instance VI_1 {  
    state MASTER          #主服务器为MASRER
    interface ens33       #定义网络接口
    virtual_router_id 51  #主备服务器VRID号必须一致
    priority 100          #服务器优先级,优先级高优先获得VIP
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111    #主备服务器密码必须一致
    }
    virtual_ipaddress {
        192.168.1.50      #VIP(修改)
    }
}
#后面是其他功能,本次使用不到,直接删除
  • web2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
[root@web2 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
   router_id web2
   vrrp_iptables
}

vrrp_instance VI_1 {
    state BACKUP        #备服务器为BACKUP
    interface ens33
    virtual_router_id 51
    priority 50
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.50
    }   
}

启动服务

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
[root@web1 ~]# systemctl enable --now keepalived.service

[root@web2 ~]# systemctl enable --now keepalived.service

[root@web1 ~]# ip a s ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:da:8d:df brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.21/24 brd 192.168.1.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet 192.168.1.50/32 scope global ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::8680:100b:c108:4594/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

[root@web2 ~]# ip a s ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:13:ff:8d brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.22/24 brd 192.168.1.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::112b:25bd:3520:b967/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::8680:100b:c108:4594/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever

通过浏览器访问测试

  • 访问192.168.1.50
  • 将web1关机
  • 再次访问192.168.1.50

Keepalived+LVS

环境准备

1.png

web服务器准备

  • 网络配置

    web1 IP地址:192.168.4.100、伪装VIP:192.168.4.15(防止冲突)

    web2 IP地址:192.168.4.200、伪装VIP:192.168.4.15(防止冲突)

  • Web服务

    web1:安装httpd并启动服务

    web2:安装httpd并启动服务

  • web1和web2做相同操作,以web1 为例
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
[root@web1 ~]# yum install httpd -y && systemctl enable --now httpd

[root@web1 ~]# cp /etc/sysconfig/network-scripts/ifcfg-lo{,:0}
[root@web1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.4.15
NETMASK=255.255.255.255
NETWORK=192.168.4.15
BROADCAST=192.168.4.15
ONBOOT=yes
NAME=lo:0

[root@web1 ~]# vim /etc/sysctl.conf && sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2

[root@web1 ~]# systemctl restart network
[root@web1 ~]# ifconfig

lo:0: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 192.168.4.15  netmask 255.255.255.255
        loop  txqueuelen 1000  (Local Loopback)


测试页面

1
2
3
4
5
#web1
[root@web1 ~]# echo "192.168.4.100" > /var/www/html/index.html

#web2
[root@web2 ~]# echo "192.168.4.200" > /var/www/html/index.html

调度器准备

  • lvs1

    IP地址:192.168.4.5(不要手动配置VIP)

    配置系统光盘YUM

  • lvs2

    IP地址:192.168.4.6(不要手动配置VIP)

    配置系统光盘YUM

安装软件

  • lvs1
1
2
3
[root@lvs1 ~]# yum install -y keepalived && systemctl enable --now keepalived
[root@lvs1 ~]# yum install -y ipvsadm
[root@lvs1 ~]# ipvsadm -C
  • lvs2
1
2
3
[root@lvs2 ~]# yum install -y keepalived && systemctl enable --now keepalived
[root@lvs2 ~]# yum install -y ipvsadm
[root@lvs2 ~]# ipvsadm -C

修改keepalived配置

  • lvs1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
[root@lvs1 ~]# vim /etc/keepalived/keepalived.conf

global_defs {
   router_id lvs1
   vrrp_iptables
}

vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }   
    virtual_ipaddress {
        192.168.4.15
    }   
} 

virtual_server 192.168.4.15 80 { #设置ipvsadm的VIP规则(修改)
    lb_algo rr                   #设置LVS调度算法为RR
    lb_kind DR                   #设置LVS模式为DR(修改)
#  persistence_timeout 50 #开启后,客户端在一段时间内始终访问同一台服务器
    protocol TCP
    
    real_server 192.168.4.100 80 { #设置后端web服务器真实IP(修改)
        weight 1                   #设置权重
        TCP_CHECK {         #对后台real_server做健康检查(修改)
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
    real_server 192.168.4.200 80 {
        weight 1
        TCP_CHECK {
            connect_timeout 3      #超时时间
            nb_get_retry 3         #每次连接3次
            delay_before_retry 3   #每隔3秒连接一次
        }   
    }
}
#后面不需要可以删除
#启动服务
[root@lvs1 ~]# systemctl start keepalived.service
[root@lvs1 ~]# ip a s ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:50:cd:a3 brd ff:ff:ff:ff:ff:ff
    inet 192.168.4.5/24 brd 192.168.4.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet 192.168.4.15/32 scope global ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::8680:100b:c108:4594/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

[root@lvs1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.4.15:80 rr
  -> 192.168.4.100:80             Route   1      0          0         
  -> 192.168.4.200:80             Route   1      0          0

  • lvs2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
[root@lvs1 ~]# scp /etc/keepalived/keepalived.conf 192.168.4.6:/etc/keepalived/keepalived.conf 

[root@lvs2 ~]# vim /etc/keepalived/keepalived.conf 
#修改以下内容,其他不变
global_defs {
   router_id lvs2
}
vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    priority 50
[root@lvs2 ~]# systemctl start keepalived.service

[root@lvs2 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.4.15:80 rr
  -> 192.168.4.100:80             Route   1      0          0         
  -> 192.168.4.200:80             Route   1      0          0

浏览器访问192.168.4.15测试