1. Keepalived高可用原理
简单来说,只有主节点的服务器会一直发送VRRP广播包,告诉备节点它还活着,此时备节点不会抢占主节点。
当备节点监听不到主节点发送的广播包时,就会启动相关服务接管资源,保证业务的连续性。
接管速度最快可以小于1秒。
2. Keepalived高可用服务搭建
2.1 安装Keepalived
(1)硬件准备
| HOSTNAME | IP | 说明 |
|---|---|---|
| lb01 | 192.168.1.51 | Keepalived主服务器(Nginx主负载均衡器) |
| lb02 | 192.168.1.52 | Keepalived备服务器(Nginx辅负载均衡器) |
| web01 | 192.168.1.53 | web01服务器 |
| web02 | 192.168.1.54 | web02服务器 |
(2)安装Keepalived软件(两台负载都做,这里演示只做一台)
[root@lb01 ~]# yum -y install keepalived
(3)启动keepalived服务并检查
[root@lb01 ~]# systemctl enable keepalived.service
Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.
[root@lb01 ~]# systemctl start keepalived.service
[root@lb01 ~]# ps -ef|grep [k]eepalived
root 7212 1 0 04:46 ? 00:00:00 /usr/sbin/keepalived -D # 启动成功后有3个进程表示正确
root 7213 7212 0 04:46 ? 00:00:00 /usr/sbin/keepalived -D
root 7214 7212 0 04:46 ? 00:00:00 /usr/sbin/keepalived -D
[root@lb01 ~]# ip a|grep 192.168.
inet 192.168.1.51/24 brd 192.168.1.255 scope global noprefixroute eth0
inet 192.168.200.16/32 scope global eth0 # 默认情况下,会生成3个C类IP地址,16、17、18
inet 192.168.200.17/32 scope global eth0
inet 192.168.200.18/32 scope global eth0
# 测试完毕后关闭服务
[root@lb01 ~]# systemctl stop keepalived
2.2 Keepalived配置文件介绍
这里只介绍具备高可用功能的两个区块
[root@lb01 ~]# cat -n /etc/keepalived/keepalived.conf
## 全局定义部分
1 ! Configuration File for keepalived # 注释,!和#一样,都是注释。
2
3 global_defs { # 3-8行是定义服务故障报警的邮件地址(可选)
4 notification_email {
5 acassen@firewall.loc
6 failover@firewall.loc
7 sysadmin@firewall.loc
8 }
9 notification_email_from Alexandre.Cassen@firewall.loc # 发件人地址(可选)
10 smtp_server 192.168.200.1 # 指定发送邮件的SMTP服务器,如果本机开启了sendmail或postfix,可以使用上面的默认配置发送邮件(可选)
11 smtp_connect_timeout 30 # 连接smtp超时时间(可选)
12 router_id LVS_DEVEL # 路由标识,全局唯一。
# 省略部分内容
## VRRP实例定义区块部分
19 vrrp_instance VI_1 { # 定义一个vrrp_instance实例,名字为VI_1,可以有多个。
20 state MASTER # 表示当前VI_1的状态为MASTER,状态只有MASTER和BACKUP。
21 interface eth0 # 对外提供的网络接口。
22 virtual_router_id 51 # 虚拟路由ID标识,最好是数字,在一个keepalived.conf中唯一,但是MASTER和BACKUP配置中相同实例的virtual_router_id必须相同,否则会出现脑裂问题。
23 priority 100 # 优先级,数字越大,优先级越高,MASTER要比BACKUP的优先级高。一般建议隔50。
24 advert_int 1 # 同步通知间隔,也就是M和B之间通信检查的时间,默认为1秒。
25 authentication { # 25-28行,权限认证配置。包含认证类型(auth_type)和认证密码(auth_pass)。
26 auth_type PASS # 认证类型有:PASS、HA两种。官方推荐使用PASS。
27 auth_pass 1111 # 验证密码为明文方式,长度最好不要超过8个字符,建议4个字符。统一VRRP实例的M和B使用相同的密码才能通信。
28 }
29 virtual_ipaddress { # 29-33行,为虚拟IP地址,可以配置多个。不指定子网掩码的话,默认为32位。
30 192.168.200.16
31 192.168.200.17
32 192.168.200.18
33 }
34 }
3. Keepalived高可用服务单实例配置
3.1 配置Keepalived实现单实例单IP自动漂移接管
(1)配置Keepalived主服务器lb01 MASTER
#首先,配置lb01 MASTER的Keepalived.conf文件
[root@lb01 ~]# cd /etc/keepalived/
[root@lb01 /etc/keepalived]# cp keepalived.conf{,.bak}
[root@lb01 /etc/keepalived]# >keepalived.conf
[root@lb01 /etc/keepalived]# ls
keepalived.conf keepalived.conf.bak
[root@lb01 /etc/keepalived]# vim keepalived.conf
[root@lb01 /etc/keepalived]# cat keepalived.conf
global_defs {
router_id lb01 # ID为lb01,不同的keepalived.conf此ID要唯一。
}
vrrp_instance VI_1 { # 实例名为VI_1,相同实例的备节点名字要跟这个相同。
state MASTER # 状态为MASTER,备节点为BACKUP。
interface eth0 # 通信接口,主备一样。
virtual_router_id 51 #实例ID为51,配置文件中唯一。
priority 150 # 优先级,备节点的优先级数字要比这个低。
advert_int 1 # 通信检查间隔。
authentication {
auth_type PASS # 认证类型为PASS,主备相同。
auth_pass 1111 # 认证密码,主备相同。
}
virtual_ipaddress {
192.168.1.99/24 dev eth0 label eth0:3 # 虚拟IP,即VIP,子网掩码为24,绑定接口为eth0,别名eth0:3,主备相同。这个地址也是网站域名绑定的地址。
}
}
#启动keepalived服务
[root@lb01 /etc/keepalived]# ps -ef|grep [k]eepalived
[root@lb01 /etc/keepalived]# systemctl start keepalived
[root@lb01 /etc/keepalived]# ps -ef|grep [k]eepalived
root 7332 1 0 05:27 ? 00:00:00 /usr/sbin/keepalived -D
root 7333 7332 0 05:27 ? 00:00:00 /usr/sbin/keepalived -D
root 7334 7332 12 05:27 ? 00:00:00 /usr/sbin/keepalived -D
#检查配置结果,是否有虚拟IP
[root@lb01 /etc/keepalived]# ip a|grep .99
inet 192.168.1.99/24 scope global secondary eth0:3
(2)配置Keepalived lb02 BACKUP
#首先,配置lb01 MASTER的Keepalived.conf文件
[root@lb02 ~]# cd /etc/keepalived/
[root@lb02 /etc/keepalived]# cp keepalived.conf{,.bak}
[root@lb02 /etc/keepalived]# >keepalived.conf
[root@lb02 /etc/keepalived]# vim keepalived.conf
global_defs {
router_id lb02 # 改这里
}
vrrp_instance VI_1 {
state BACKUP # 改这里
interface eth0
virtual_router_id 51
priority 100 # 改这里
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.99/24 dev eth0 label eth0:3
}
}
#启动keepalived服务
[root@lb02 /etc/keepalived]# systemctl start keepalived.service
[root@lb02 /etc/keepalived]# ps -ef|grep [k]eepalived
root 7213 1 0 05:33 ? 00:00:00 /usr/sbin/keepalived -D
root 7214 7213 0 05:33 ? 00:00:00 /usr/sbin/keepalived -D
root 7215 7213 0 05:33 ? 00:00:00 /usr/sbin/keepalived -D
#检查配置结果,是否有虚拟IP
[root@lb02 /etc/keepalived]# ip a|grep .99
[root@lb02 /etc/keepalived]# # 这里没有输出就对了,以为此时的lb02是备节点,当主节点活着的时候,它不会接管VIP 192.168.1.99。如果有.99这个IP,则表示服务不正常,裂脑了。也就是两台服务器争抢同一资源导致。
主备争抢同一IP排查方法
(1)主备两台服务器之间是否通信正常,如果不正常,是否有防火墙阻挡。
(2)主备两台服务器对应的keepalived.conf配置文件是否有误。
(3)进行高可用主备切换实验
#停掉主服务器上的keepalived服务,或关闭服务器
[root@lb01 /etc/keepalived]# ip a|grep .99
inet 192.168.1.99/24 scope global secondary eth0:3
[root@lb01 /etc/keepalived]# systemctl stop keepalived.service
[root@lb01 /etc/keepalived]# ip a|grep .99 # 关闭服务后,VIP消失了。
# 查看备服务器,是否有VIP
[root@lb02 /etc/keepalived]# ip a|grep .99
inet 192.168.1.99/24 scope global secondary eth0:3 # 备服务器已经接管了VIP
# 启动主服务器,查看VIP是否会回去
[root@lb01 /etc/keepalived]# systemctl start keepalived.service
[root@lb01 /etc/keepalived]# ip a|grep .99
inet 192.168.1.99/24 scope global secondary eth0:3 # 服务启动后,VIP又回来了
# 查看备服务器的VIP
[root@lb02 /etc/keepalived]# ip a|grep .99 # 主服务器的服务启动后,VIP自动漂移回去了,所以备服务器没有
4. Keepalived双实例双主模式配置
4.1 Keepalived双实例双主模式配置介绍
即A业务在lb01上是主模式,在lb02上是备模式,而B业务在lb01上是备模式,在lb02上是主模式。
双主模式IP规划表
| HOSTNAME | IP | 说明 |
|---|---|---|
| lb01 | 192.168.1.51 | VIP:192.168.1.99(用于绑定A服务www.etiantian.org域名) |
| lb02 | 192.168.1.52 | VIP:192.168.1.100(用于绑定B服务bbs.etiantian.org域名) |
4.2 Keepalived双实例双主模式配置开始
(1)在lb01的keepalived.conf配置文件中,增加一个vrrp_instance VI_2实例
[root@lb01 /etc/keepalived]# cat keepalived.conf
global_defs {
router_id lb01
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.99/24 dev eth0 label eth0:3
}
}
vrrp_instance VI_2 { # 从这里开始为增加的配置
state BACKUP
interface eth0
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.100/24 dev eth0 label eth0:4
}
}
(2)在lb02的keepalived.conf配置文件中,增加一个vrrp_instance VI_2实例
[root@lb02 /etc/keepalived]# cat keepalived.conf
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.99/24 dev eth0 label eth0:3
}
}
vrrp_instance VI_2 { # 从这里开始为增加的配置
state MASTER
interface eth0
virtual_router_id 52
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.100/24 dev eth0 label eth0:4
}
}
(3)重启服务,并观察两台机器的VIP情况
#lb01
[root@lb01 /etc/keepalived]# systemctl restart keepalived.service
[root@lb01 /etc/keepalived]# ip a|egrep "192.*99|192.*100"
inet 192.168.1.99/24 scope global secondary eth0:3
#lb02
[root@lb02 /etc/keepalived]# systemctl restart keepalived.service
[root@lb02 /etc/keepalived]# ip a|egrep "192.*99|192.*100"
inet 192.168.1.100/24 scope global secondary eth0:4
(4)停止任意一端服务器或keepalived服务,查看VIP漂移情况
#lb01
[root@lb01 /etc/keepalived]# systemctl stop keepalived.service
[root@lb01 /etc/keepalived]# ip a|egrep "192.*99|192.*100"
[root@lb01 /etc/keepalived]# # 停止服务后,VIP 99被释放,下面检查lb02
#lb02
[root@lb02 /etc/keepalived]# ip a|egrep "192.*99|192.*100"
inet 192.168.1.100/24 scope global secondary eth0:4
inet 192.168.1.99/24 scope global secondary eth0:3 # 已经接管了lb01的VIP 99。下面再次启动lb01的keepalived服务。
#lb01
[root@lb01 /etc/keepalived]# systemctl start keepalived.service
[root@lb01 /etc/keepalived]# ip a|egrep "192.*99|192.*100"
inet 192.168.1.99/24 scope global secondary eth0:3 # 服务启动后,VIP 又回来了。下面查看lb02的VIP
#lb02
[root@lb02 /etc/keepalived]# ip a|egrep "192.*99|192.*100"
inet 192.168.1.100/24 scope global secondary eth0:4 # 由于lb01服务再次启动,所以这里的VIP99就被释放了。
###停止lb02的keepalived服务
[root@lb02 /etc/keepalived]# systemctl stop keepalived.service
[root@lb02 /etc/keepalived]# ip a|egrep "192.*99|192.*100" # 服务停止后,VIP释放了。下面查看lb01的VIP
#lb01
[root@lb01 /etc/keepalived]# ip a|egrep "192.*99|192.*100"
inet 192.168.1.99/24 scope global secondary eth0:3
inet 192.168.1.100/24 scope global secondary eth0:4 # 这里lb01接管了lb02的VIP 100。下面启动lb02的服务
#lb02
[root@lb02 /etc/keepalived]# systemctl start keepalived.service
[root@lb02 /etc/keepalived]# ip a|egrep "192.*99|192.*100"
inet 192.168.1.100/24 scope global secondary eth0:4 # 服务启动后,VIP 又回来了。下面查看lb01的VIP
#lb01
[root@lb01 /etc/keepalived]# ip a|egrep "192.*99|192.*100"
inet 192.168.1.99/24 scope global secondary eth0:3 # 由于lb02服务再次启动,所以这里的VIP 100就被释放了。
5. Nginx负载均衡配合Keepalived服务配置
5.1 在lb01和lb02上配置Nginx负载均衡
配置如下
#lb01
[root@lb01 /application/nginx/conf]# cat nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream www {
server 192.168.1.53:80 weight=1;
server 192.168.1.54:80 weight=1;
}
server {
listen 192.168.1.99:80; # 指定监听地址
server_name www.etiantian.org;
location / {
proxy_pass http://www;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
}
[root@lb01 /application/nginx/conf]# nginx -t
nginx: the configuration file /application/nginx-1.18.0/conf/nginx.conf syntax is ok
nginx: configuration file /application/nginx-1.18.0/conf/nginx.conf test is successful
[root@lb01 /application/nginx/conf]# nginx -s reload
5.2 配置lb01和lb02的keepalived服务
#lb01
[root@lb01 /etc/keepalived]# cat keepalived.conf
global_defs {
router_id lb01
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.99/24 dev eth0 label eth0:3
}
}
#lb02
[root@lb02 /etc/keepalived]# cat keepalived.conf
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.99/24 dev eth0 label eth0:3
}
}
5.3 用户访问准备及模拟实际访问
(1)添加如下解析到hosts文件中
192.168.1.99 www.etiantian.org
(2)检查各服务是否正常
#lb01
[root@lb01 /etc/keepalived]# netstat -lntup|grep 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 7048/nginx: master
[root@lb01 /etc/keepalived]# ip a|grep 99
inet 192.168.1.99/24 scope global secondary eth0:3
#lb02
[root@lb02 /etc/keepalived]# netstat -lntup|grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 6977/nginx: master
[root@lb02 /etc/keepalived]# ip a|grep 99
(3)模式客户端访问
(4)停止lb01的keep服务,观察业务是否正常
#lb01
[root@lb01 /etc/keepalived]# systemctl stop keepalived.service
[root@lb01 /etc/keepalived]# ip a|grep 99
[root@lb01 /etc/keepalived]#
#lb02
[root@lb02 /etc/keepalived]# ip a|grep 99
inet 192.168.1.99/24 scope global secondary eth0:3
(5)访问测试
(6)开启lb01的keep服务
[root@lb01 /etc/keepalived]# systemctl start keepalived.service
[root@lb01 /etc/keepalived]# ip a|grep 99
inet 192.168.1.99/24 scope global secondary eth0:3
(7)最后测试访问结果
6. 配置指定文件接收Keepalived服务日志
默认情况下,Keepalived的日志会输出到/var/log/messages,但查看起来不方便。
可以调整成独立文件记录。操作如下:
(1)编辑/etc/sysconfig/keepalived,将“KEEPALIVED_OPTIONS="-D"”修改为“KEEPALIVED_OPTIONS="-D -d -S 0"”
[root@lb01 /etc/keepalived]# cat -n /etc/sysconfig/keepalived
1 # Options for keepalived. See `keepalived --help' output and keepalived(8) and
2 # keepalived.conf(5) man pages for a list of all options. Here are the most
3 # common ones :
4 #
5 # --vrrp -P Only run with VRRP subsystem.
6 # --check -C Only run with Health-checker subsystem.
7 # --dont-release-vrrp -V Dont remove VRRP VIPs & VROUTEs on daemon stop.
8 # --dont-release-ipvs -I Dont remove IPVS topology on daemon stop.
9 # --dump-conf -d Dump the configuration data.
10 # --log-detail -D Detailed log messages.
11 # --log-facility -S 0-7 Set local syslog facility (default=LOG_DAEMON)
12 #
13
14 KEEPALIVED_OPTIONS="-D"
15
[root@lb01 /etc/keepalived]# sed -i '14 s#KEEPALIVED_OPTIONS="-D"#KEEPALIVED_OPTIONS="-D -d -S 0"#g' /etc/sysconfig/keepalived[root@lb01 /etc/keepalived]# sed -n '14p' /etc/sysconfig/keepalived
KEEPALIVED_OPTIONS="-D -d -S 0"
# --dump-conf -d 导出备份配置数据。
# --log-detail -D 详细日志。
# --log-facility -S 设置本地syslog设备,编号0-7.
# -S 0 表示指定为local0设备。
(2)修改rsyslog的配置文件,文件末尾添加如下内容
[root@lb01 /etc/keepalived]# vim /etc/rsyslog.conf
[root@lb01 /etc/keepalived]# tail -2 /etc/rsyslog.conf
# keepalived
local0.* /var/log/keepalived.log
#然后在文件中54行结尾加入“;local0.none”
[root@lb01 /etc/keepalived]# vim /etc/rsyslog.conf
[root@lb01 /etc/keepalived]# sed -n '54p' /etc/rsyslog.conf
*.info;mail.none;authpriv.none;cron.none;local0.none /var/log/messages
# 重启rsyslog服务
[root@lb01 /etc/keepalived]# systemctl restart rsyslog.service
# 测试keep日志
[root@lb01 /etc/keepalived]# systemctl restart keepalived.service
[root@lb01 /etc/keepalived]# tail /var/log/keepalived.log
Jun 16 06:58:00 lb01 Keepalived_vrrp[7758]: Sending gratuitous ARP on eth0 for 192.168.1.99
Jun 16 06:58:00 lb01 Keepalived_vrrp[7758]: Sending gratuitous ARP on eth0 for 192.168.1.99
Jun 16 06:58:00 lb01 Keepalived_vrrp[7758]: Sending gratuitous ARP on eth0 for 192.168.1.99
Jun 16 06:58:00 lb01 Keepalived_vrrp[7758]: Sending gratuitous ARP on eth0 for 192.168.1.99
Jun 16 06:58:05 lb01 Keepalived_vrrp[7758]: Sending gratuitous ARP on eth0 for 192.168.1.99
Jun 16 06:58:05 lb01 Keepalived_vrrp[7758]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on eth0 for 192.168.1.99
Jun 16 06:58:05 lb01 Keepalived_vrrp[7758]: Sending gratuitous ARP on eth0 for 192.168.1.99
Jun 16 06:58:05 lb01 Keepalived_vrrp[7758]: Sending gratuitous ARP on eth0 for 192.168.1.99
Jun 16 06:58:05 lb01 Keepalived_vrrp[7758]: Sending gratuitous ARP on eth0 for 192.168.1.99
Jun 16 06:58:05 lb01 Keepalived_vrrp[7758]: Sending gratuitous ARP on eth0 for 192.168.1.99
# 还可以对该文件设置轮询,防止的单个文件变大