keepalived
实验环境布置
| webserver1 | 172.25.250.110 |
| webserver2 | 172.25.250.120 |
| kail1 | 172.25.250.10 |
| kail2 | 17225.250.20 |
在webserver1和webserver2下载httpd服务
[root@webserver1 ~]# yum install httpd -y
[root@webserver1 ~]# echo webserver1 172.25.250.110 > /var/www/html/index.html
[root@webserver2 ~]# yum install httpd -y[root@webserver2 ~]# echo webserver2 172.25.250.120 > /var/www/html/index.html
[root@kail1 ~]# yum install keepalived -y
[root@kail1 ~]# vim /etc/keepalived/keepalived.confglobal_defs {
notification_email {
bwmis@qq.com
}
notification_email_from keepalived@bwmis.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id kail1.bwmis.org
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100 #优先级
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.250.100/24 dev eth0 label eth0:1
}
}
[root@kail1 ~]# systemctl start keepalived
[root@kail1 ~]# yum install tcpdump -y[root@kail2 ~]# yum install keepalived -y
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80 #优先级
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.250.100/24 dev eth0 label eth0:1
}
}
kail1
kail2
[root@kail1 ~]# yum install tcpdump -y
[root@kail2 ~]# yum install tcpdump -y
[root@kail1 ~]# tcpdump -i eth0 -nn host 224.0.0.18
[root@kail2 ~]# systemctl stop keepalived #当停掉kail2的服务后
然后就可以ping通172.25.250.100
keepalive的日志
[root@kail1 ~]# vim /etc/sysconfig/keepalived
[root@kail1 ~]# vim /etc/rsyslog.conf
[root@kail1 ~]# systemctl restart keepalived
[root@kail1 ~]# systemctl restart rsyslog
[root@kail1 ~]# ll /var/log/keepalived.log
-rw------- 1 root root 517 Aug 12 01:23 /var/log/keepalived.log
[root@kail1 ~]# cat /var/log/keepalived.log
写到子配置文件中
上图是把 /etc/keepalived/keepalived.conf中在主配置上的注销
如果直接写完起服务会报错,要创建自己写的子配置文件目录
[root@kail1 ~]# mkdir -p /etc/keepalived/conf.d #创建子配置文件
[root@kail1 ~]# vim /etc/keepalived/conf.d/172.25.250.100.conf[root@kail1 ~]# cat /etc/keepalived/conf.d/172.25.250.100.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.250.100/24 dev eth0 label eth0:1
}
}[root@kail1 ~]# > /var/log/keepalived.log #清空日志
[root@kail1 ~]# systemctl restart keepalived
^[[A[root@kail1 systemctl restart rsyslogived
非抢占
[root@kail2 ~]# systemctl restart keepalived\
#先在哪边起服务那边就有,或者一边关掉一边就有
延迟抢占
重启服务后就会从kail2到kail1 了
单播设置
在kail1里面
[root@kail1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.250.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.250.10
unicast_peer {
172.25.250.20
}
}
在kail2里面[root@kail2 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.250.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.250.20
unicast_peer {
172.25.250.10
}
测试命令
[root@kail1 ~]# tcpdump -i eth0 -nn src host 172.25.250.10 and dst 172.25.250.20
下图是当kail1的keepalived关掉后在kail2实现
就不用经过172.25.250.100组播网段,减少网络流量
keepalived脚本通知设置
[root@kail1 ~]# vi /etc/keepalived/mail.sh
#!/bin/bash
mail_dest='1935671842@qq.com'
mail_send()
{
mail_subj="$HOSTNAME to be $1 vip 转移"
mail_mess="`date +%F\ %T`: vrrp 转移,$HOSTNAME 变为 $1"
echo "$mail_mess" | mail -s "$mail_subj" $mail_dest
}
case $1 in
master)
mail_send master
;;
backup)
mail_send backup
;;
fault)
mail_send fault
;;
*)
exit 1
;;
esac
[root@kail1 ~]# chmod +x /etc/keepalived/mail.sh
[root@kail1 ~]# yum install mailx -y
[root@kail1 ~]# echo test message |mail -s test 1935671842@qq.com
#######mail set##########
set from=1935671842@qq.com
set smtp=smtp.qq.com
set smtp-auth-user=1935671842@qq.com
set smtp-auth-password=xkimoyrwkyinbbig
set smtp-auth=login
set ssl-verify=ignore
使用脚本通知
[root@kail2 ~]# vim /etc/keepalived/keepalived.conf
[root@kail1 ~]# vim /etc/keepalived/keepalived.conf
notify_master "/etc/keepalived/mail.sh master"
notify_backup "/etc/keepalived/mail.sh backup"
notify_fault "/etc/keepalived/mail.sh fault"
[root@kail1 ~]# systemctl restart keepalived
[root@kail2 ~]# systemctl restart keepalived
keepalived双主架构
[root@kail2 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP #另一台写master
interface eth0
virtual_router_id 100priority 80
advert_int 1
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.250.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.250.20 #源IP地址
unicast_peer {
172.25.250.10 #目标IP地址
}
}vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 200
priority 200
advert_int 1
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.250.200/24 dev eth0 label eth0:2
}
unicast_src_ip 172.25.250.20
unicast_peer {
172.25.250.10
}
}
[root@kail1 ~]# vim /etc/keepalived/keepalived.confvrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.250.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.250.10
unicast_peer {
172.25.250.20
}
}vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 200
priority 110
advert_int 1
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.250.200/24 dev eth0 label eth0:2
}
unicast_src_ip 172.25.250.10
unicast_peer {
172.25.250.20
}
}
实战案例
实现单主的LVS-DR模式
环境部署
在俩台server上配置一样的操作
[root@webserver1 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@webserver1 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@webserver1 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
[root@webserver1 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce[root@webserver1 ~]# ip a a 172.25.250.100 dev lo
在kail上也是在俩边加
[root@kail1 ~]# vim /etc/keepalived/keepalived.conf
virtual_server 172.25.250.100 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
# persistence_timeout 50
protocol TCPreal_server 172.25.250.110 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.25.250.120 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@kail1 ~]# yum install ipvsadm -y
[root@kail1 ~]# ipvsadm -Ln
测试 
模拟故障
[root@webserver1 ~]# systemctl stop httpd #关掉RS1
当server2
[root@webserver2 ~]# systemctl stop httpd
实现双主的DR模式
思路
[root@kail1 ~]# vim /etc/keepalived/keepalived.conf
#与上面双主架构一样加上如下代码
virtual_server 172.25.250.100 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
# persistence_timeout 50
protocol TCPreal_server 172.25.250.110 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.25.250.120 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}virtual_server 172.25.250.230 80 { #vip2
delay_loop 6
lb_algo wrr
lb_kind DR
# persistence_timeout 50
protocol TCPreal_server 172.25.250.X 80 { # server3的IP地址
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.25.250.X 80 { # server4的IP地址
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
利用脚本实现主从角色的转换
[root@kail1 ~]# cat /etc/keepalived/yu.sh
#! /bin/bash
[ ! -f "/mnt/bwmis" ][root@kail1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_script check_yu { #放在策略的前面 如下图的VI_1前面
script "/etc/keepalived/yu.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}
当 /mnt/bwmis不存在时
当/mnt/bwmis存在时
实现HAProxy高可用
在kail1和kail2实现haproxy的配置
[root@kail1 ~]# vim /etc/haproxy/haproxy.cfg
listen webserver
bind 172.25.250.100:80
server web1 172.25.250.110:80 check
server web2 172.25.250.120:80 check[root@kail2 ~]# cat /etc/keepalived/yu.sh
#! /bin/bash
killall -0 haproxy
在俩个kail里面节点启用内核参数
[root@kail1 ~]# vim /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind = 1
vrrp_script check_yu {
script "/etc/keepalived/yu.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}track_script {
check_yu
}
测试
[root@webserver2 ~]# while true ;do curl 172.25.250.100;done
当其中一台keepalived关掉时
也还是会执行 比如kail2的vip会到kail1的 kail1就会有俩个 就不会挂掉
[root@kail2 ~]# systemctl stop keepalived.service
实验的重点
只保持VI_1的俩边主机 如下图
[root@webserver2 ~]# while true ;do curl 172.25.250.100;done
[root@kail2 ~]# systemctl stop haproxy
[root@kail2 ~]# systemctl stop keepalived.service
还是能测不会断掉
总结
1. 高可用系统网络服务
- 故障切换:Keepalived能够在两台或多台主机之间实现故障切换转移。当配置为Master角色的主机出现故障时,Backup角色的主机将自动接管Master的所有资源(如VIP资源、服务资源)并开始工作,确保服务的连续性。
- 资源接管:当Master主机故障修复后,如果Keepalived配置为抢占模式,它将重新接管原来的资源和工作,Backup主机则释放资源,恢复到原来的角色。
2. 实现对LVS集群中各RealServer的健康状态检测
- 多层检测:Keepalived支持从网络层(Layer3)、传输层(Layer4)和应用层(Layer7)三个层次来检测RealServer的健康状态。
- Layer3:通过发送ICMP数据包(如Ping)来检测服务器的IP地址是否有效。
- Layer4:通过检测TCP端口的状态(如Web服务器的80端口)来判断服务器是否正常运行。
- Layer7:通过执行用户定义的脚本或HTTP GET请求来检测应用程序或服务是否正常工作。
- 动态调整:当检测到有RealServer出现故障时,Keepalived会自动将其从LVS的正常转发队列中移除,防止请求被发送到故障服务器。当故障服务器恢复后,Keepalived会将其重新加入转发队列。
3. 管理LVS负载均衡软件
- 自动生成规则:Keepalived能够读取配置文件,并通过一个更为底层的接口来管理IPVS并生成IPVS规则,使得LVS的使用更为方便。
- 配置简化:通过Keepalived的配置文件,用户可以方便地定义LVS集群的虚拟服务器、真实服务器以及相关的负载均衡策略等。
4. 支持其他系统网络服务的高可用
- 扩展性:除了LVS之外,Keepalived还可以作为其他系统网络服务(如Nginx、Haproxy等)的高可用解决方案。
- 脚本调用:Keepalived支持通过调用用户定义的脚本来实现更复杂的健康检查或资源监控功能。