开发笔记:keepalived基于keepalived实现lvs的高可用

通告&＃xff1a;心跳 优先级等 周期性
挂载方式&＃xff1a;抢占式 非强制式
安全认证&＃xff1a;
1.无认证 2.简单字符认证&＃xff1a;预共享密钥 3.MD5
工作模式&＃xff1a;
主/备&＃xff1a;单虚拟路由器
主/主&＃xff1a;主/备&＃xff08;虚拟路由器1&＃xff09;&＃xff0c;备/主&＃xff08;虚拟路由器2&＃xff09;
keepalived
基于vrrp协议完成地址流动
为vip地址所在的节点生成ipvs规则(在配置文件中预先定义)
为ipvs集群的各RS做健康状态检测
基于脚本调用接口完成脚本中定义的功能&＃xff0c;进而影响集群事务&＃xff0c;以此支持nginx、haproxy等服务
#/etc/keepalived/keepalived.conf
global_defs {
notification_email {
root&＃64;localhost #keepalived 发生故障切换时邮件发送的目标邮箱&＃xff0c;可以按行区分写多个
root&＃64;wangxiaochun.com
29308620&＃64;qq.com
}
notification_email_from keepalived&＃64;localhost #发邮件的地址
smtp_server 127.0.0.1 #邮件服务器地址
smtp_connect_timeout 30 #邮件服务器连接timeout
router_id ka1.example.com#每个keepalived主机唯一标识&＃xff0c;建议使用当前主机名&＃xff0c;但多节点重名
不影响
vrrp_skip_check_adv_addr#对所有通告报文都检查&＃xff0c;会比较消耗性能&＃xff0c;启用此配置后&＃xff0c;如果收到的
通告报文和上一个报文是同一个路由器&＃xff0c;则跳过检查&＃xff0c;默认值为全检查
vrrp_strict #严格遵守VRRP协议,启用此项后以下状况将无法启动服务:1.无VIP地址 2.配置了单播邻
居 3.在VRRP版本2中有IPv6地址&＃xff0c;开启动此项并且没有配置vrrp_iptables时会自动开启iptables防火墙规则&＃xff0c;默认导致VIP无法访问,建议不加此项配置
vrrp_garp_interval 0 #gratuitous ARP messages 报文发送延迟&＃xff0c;0表示不延迟 vrrp_gna_interval 0 #unsolicited NA messages &＃xff08;不请自来&＃xff09;消息发送延迟
vrrp_mcast_group4 224.0.0.18 #指定组播IP地址范围&＃xff1a;224.0.0.0到239.255.255.255,默认
值&＃xff1a;224.0.0.18
vrrp_iptables #此项和vrrp_strict同时开启时&＃xff0c;则不会添加防火墙规则,如果无配置
vrrp_strict项,则无需启用此项配置
脑裂&＃xff1a;主备节点上都有vip。当主备的rout_id或密码不相同等时&＃xff0c;俩个keepalived之间通信不成功的时候&＃xff0c;双方都会宣告自己是主服务器&＃xff0c;都有vip。
抢占模式&＃xff1a;
A state master priority 100
B state backup priority 80
A主down后&＃xff0c;vip会切换到备份服务器上&＃xff0c;当主服务器恢复的时候&＃xff0c;vip会立即切换到主服务器上
非抢占模式
keepalived默认为抢占模式 如果需要修改为非抢占模式需要将俩个节点的state 都修改为backup
即 statue backup
A state backup priority 100 nopreempt
B state backup priority 80 nopreempt
A主down后&＃xff0c;vip会切换到备份服务器上&＃xff0c;当主服务器恢复的时候&＃xff0c;vip依旧会在备份服务器上&＃xff0c;不会切换到主服务器上。
抢占延迟模式
A state backup priority 100 preempt_delay 60 #延迟抢占的等待时间
B state backup priority 80
A主down后&＃xff0c;vip会切换到备份服务器上&＃xff0c;当主服务器恢复的时候&＃xff0c;vip不会立即切换到主服务器上&＃xff0c;等待60s后切换到主服务器上。
实现主备模式
A:172.18.40.14 B:A:172.18.40.15
主配置文件 /etc/keepalived.conf
global_defs {
notification_email {
sysadmin&＃64;firewall.loc #报警邮件收件地址
}
notification_email_from Alexandre.Cassen&＃64;firewall.loc #邮件发件地址
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id kp #
vrrp_skip_check_adv_addr
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 239.1.1.1 #组播地址
}
include /etc/keepalived/conf.d/*.conf #子配置文件存放路径
A B子配置文件
vrrp_instance m44 {
state BACKUP
interface eth0
virtual_router_id 66
priority 80 #优先级 根据优先级决定开始的主备 A 100 B 80
advert_int 1
authentication {
auth_type PASS # 认证类型
auth_pass 123456 #认证密码
}
virtual_ipaddress {
172.18.40.200 dev eth0 label eth0:0 #vip 绑定在当前主机eth0网卡上
}
#实现单播通告
unicast_src_ip 172.18.40.14 #本机ip
unicast_peer{
172.18.40.15 #指向对方主机的ip,如果有多个则执行多个节点ip
}
}
实现keepalived日志另存
vim /etc/sysconfig/keepalived
KEEPALIVED_OPTIONS&＃61;"-D -S 6"
[root&＃64;cen7 conf.d]# vim /etc/sysconfig/
local6.* /var/log/keepalived.log
systemctl retsart keepalived rsyslog
实现IPVS的高可用性
虚拟服务器配置
virtual_server IP port #定义虚拟主机IP地址及其端口
virtual_server fwmark int #ipvs的防火墙打标&＃xff0c;实现基于防火墙的负载均衡集群
virtual_server group string #使用虚拟服务器组
virtual_server IP port { #VIP和PORT
delay_loop #检查后端服务器的时间间隔
lb_algo rr|wrr|lc|wlc|lblc|sh|dh #定义调度方法
lb_kind NAT|DR|TUN #集群的类型,注意要大写
persistence_timeout #持久连接时长
protocol TCP|UDP|SCTP #指定服务协议,一般为TCP
sorry_server #所有RS故障时&＃xff0c;备用服务器地址
real_server { #RS的IP和PORT
weight #RS权重
notify_up | #RS上线通知脚本
notify_down | #RS下线通知脚本
HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|MISC_CHECK { ... } #定义当前主机健康状
态检测方法
}
}


实现基于基于keepalived的lvs负载均衡

real-server 配置mariadb&＃43;apache
RS1和RS2配置如下:
yum -y install httpd mariadb-server;systemc enable --now httpd mariadb;echo &＃96;hostname&＃96; > /var/www/html/index.html
创建数据库测试账号:test&＃64;&＃39;172.18.40.%&＃39;
临时修改变量让本机vip地址不去回应arp
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
在回环网卡上配置俩个子地址vip
ifconfig lo:2 172.18.40.222 netmask 255.255.255.255
ifconfig lo:2 172.18.40.111 netmask 255.255.255.255
lvs1 集群mysql主&＃xff0c;apache备
lvs2 集群mysql备&＃xff0c;apache主
lvs1和lvs2安装上keepalived,ipvsad
lvs1配置如下:
[root&＃64;lvs1 ~]# cat /etc/keepalived/keepalived.conf
global_defs {
notification_email {
sysadmin&＃64;firewall.loc
}
notification_email_from Alexandre.Cassen&＃64;firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id kp
vrrp_skip_check_adv_addr
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 229.1.1.1
}
include /etc/keepalived/conf.d/*.conf
[root&＃64;lvs1 keepalived]# tree
.
├── conf.d
│ ├── lvs_dr_apache.conf
│ ├── lvs_dr_mysql.conf
│ └── t1.conf
└── keepalived.conf
[root&＃64;lvs1 keepalived]# cat conf.d/t1.conf
vrrp_instance test_apache {
state BACKUP
interface eth0
virtual_router_id 66
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
172.18.40.111 dev eth0 label eth0:1
}
unicast_src_ip 172.18.40.14 #本机ip
unicast_peer {
172.18.40.15 #指向对方主机的ip,如果有多个则执行多个节点ip
}
}
vrrp_instance test_mysql {
state MASTER
interface eth0
virtual_router_id 77
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
172.18.40.222 dev eth0 label eth0:2
}
unicast_src_ip 172.18.40.14 #本机ip
unicast_peer {
172.18.40.15 #指向对方主机的ip,如果有多个则执行多个节点ip
}
}
[root&＃64;lvs1 keepalived]# cat conf.d/lvs_dr_apache.conf
virtual_server 172.18.40.111 80 {
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 172.18.40.22 80 {
weight 1
HTTP_GET {
url {
path /monitor.html
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
real_server 172.18.40.23 80 {
weight 1
HTTP_GET { #http健康检查 需要在rs1和rs2上配置monitor.html
url {
path /monitor.html
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
}
[root&＃64;lvs1 keepalived]# cat conf.d/lvs_dr_mysql.conf
virtual_server 172.18.40.222 3306 {
delay_loop 3
lb_algo wrr
lb_kind DR
protocol TCP
sorry server 127.0.0.1 3306
real_server 172.18.40.22 3306 {
weight 1
TCP_CHECK {
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
connect_port 3306
}
}
real_server 172.18.40.23 3306 {
weight 1
TCP_CHECK {
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
connect_prot 80
}
}
}
lv2的keepalived目录结构相同 主配置文件配置一样
[root&＃64;lvs2 conf.d]# cat t1.conf
vrrp_instance test_apache {
state MASTER
interface eth0
virtual_router_id 66
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
172.18.40.111 dev eth0 label eth0:1
}
unicast_src_ip 172.18.40.15 #本机ip
unicast_peer {
172.18.40.14 #指向对方主机的ip,如果有多个则执行多个节点ip
}
}
vrrp_instance test_mysql {
state BACKUP
interface eth0
virtual_router_id 77
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
172.18.40.222 dev eth0 label eth0:2
}
unicast_src_ip 172.18.40.15 #本机ip
unicast_peer {
172.18.40.14 #指向对方主机的ip,如果有多个则执行多个节点ip
}
}
[root&＃64;lvs2 conf.d]# cat lvs_dr_apache.conf
virtual_server 172.18.40.111 80 {
delay_loop 3
lb_algo wrr
lb_kind DR
protocol TCP
sorry server 127.0.0.1 80
real_server 172.18.40.22 80 {
weight 1
HTTP_GET {
url {
path /monitor.html
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
real_server 172.18.40.23 80 {
weight 1
TCP_CHECK {
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
connect_prot 80
}
}
}
virtual_server 172.18.40.222 3306 {
delay_loop 3
lb_algo wrr
lb_kind DR
protocol TCP
sorry server 127.0.0.1 3306
real_server 172.18.40.22 3306 {
weight 1
TCP_CHECK {
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
connect_port 3306
}
}
real_server 172.18.40.23 3306 {
weight 1
TCP_CHECK {
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
connect_port 3306
}
}
配置完成后启动keepalibed
[root&＃64;lvs2 conf.d]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size&＃61;4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.18.40.111:80 wrr
-> 172.18.40.22:80 Route 1 0 0
-> 172.18.40.23:80 Route 1 0 0
TCP 172.18.40.222:3306 wrr
-> 172.18.40.22:3306 Route 1 0 0
-> 172.18.40.23:3306 Route 1 0 0
可以查看到lvs的俩个集群 mysql 和 http集群
测试&＃xff1a;
[root&＃64;localhost ~]# mysql -utest -p123456 -h172.18.40.222 -e &＃39;show variables like "hostname";&＃39;
&＃43;---------------&＃43;-------&＃43;
| Variable_name | Value |
&＃43;---------------&＃43;-------&＃43;
| hostname | rs2 |
&＃43;---------------&＃43;-------&＃43;
[root&＃64;localhost ~]# mysql -utest -p123456 -h172.18.40.222 -e &＃39;show variables like "hostname";&＃39;
&＃43;---------------&＃43;-------&＃43;
| Variable_name | Value |
&＃43;---------------&＃43;-------&＃43;
| hostname | rs1 |
&＃43;---------------&＃43;-------&＃43;
[root&＃64;localhost ~]# curl 172.18.40.111
r2.server
[root&＃64;localhost ~]# curl 172.18.40.111
r1.server
[root&＃64;localhost ~]# curl 172.18.40.111
r2.server
[root&＃64;lvs2 conf.d]# hostname -I
172.18.40.15 172.18.40.111
[root&＃64;lvs1 keepalived]# hostname -I
172.18.40.14 172.18.40.222
停止lvs2的keepalived服务&＃xff0c;测试lvs的负载均衡
[root&＃64;lvs1 keepalived]# hostname -I
172.18.40.14 172.18.40.222 172.18.40.111
在从客户端上去访问mysql和http
[root&＃64;localhost ~]# mysql -utest -p123456 -h172.18.40.222 -e &＃39;show variables like "hostname";&＃39;
&＃43;---------------&＃43;-------&＃43;
| Variable_name | Value |
&＃43;---------------&＃43;-------&＃43;
| hostname | rs2 |
&＃43;---------------&＃43;-------&＃43;
[root&＃64;localhost ~]#
[root&＃64;localhost ~]# mysql -utest -p123456 -h172.18.40.222 -e &＃39;show variables like "hostname";&＃39;
&＃43;---------------&＃43;-------&＃43;
| Variable_name | Value |
&＃43;---------------&＃43;-------&＃43;
| hostname | rs1 |
&＃43;---------------&＃43;-------&＃43;
[root&＃64;localhost ~]# curl 172.18.40.111
r2.server
[root&＃64;localhost ~]# curl 172.18.40.111
r1.server
[root&＃64;localhost ~]# curl 172.18.40.111
r2.server
恢复lvs2的keepalived服务&＃xff0c;发现http的vip又飘回了lvs2,因实现是采取默认模式即抢占模式。