Keepalived作用是??
keepalived的作用是检测后端TCP服务的状态,如果有一台提供TCP服务的后端节点死机,或者工作出现故障,keepalived会及时检测到,并将有故障的节点从系统中剔除,当提供TCP服务的节点恢复并且正常提供服务后keepalived会自动将TCP服务的节点加入到集群中。这些工作都是keepalived自动完成,不需要人工干涉,需要人工做的只是修复发生故障的服务器。
前提
为了测试能够顺利进行,需要先关闭selinux和Firewalld
测试环境信息如下:
keepalived主机:20.20.20.121
keepalived备机:20.20.20.122
web服务器1: 20.20.20.126
web服务器2:20.20.20.127
VIP: 20.20.20.128
一、网络拓扑图
二、部署web服务器
1、两台服务器安装httpd
yum install -y httpd
2、添加首页
web服务器1设置主页
echo "20.20.20.126" >/var/www/html/index.html
web服务器2设置主页
echo "20.20.20.127" >/var/www/html/index.html
3、启动web服务并设置开机自启动
[root@node126 ~]# systemctl start httpd
[root@node126 ~]# systemctl enable httpd
Created symlink from etc/systemd/system/multi-user.target.wants/httpd.service to usr/lib/systemd/system/httpd.service.
[root@node126 ~]#
[root@node127 ~]# systemctl enable httpd
Created symlink from etc/systemd/system/multi-user.target.wants/httpd.service to usr/lib/systemd/system/httpd.service.
[root@node127 ~]#
三、部署keepalived主机服务
1、两台keepalived服务器安装keepalived
yum install openssl openssl-devel keepalived -y
2、keepalived主机配置
keepalived节点1配置文件
[root@node121 ~]# vim etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email { #指定当keepalived出现问题时,发送邮件给哪些用户
zhangzhikai@vclusters.com
}
notification_email_from jacky@itcloudblog.cn #指定发件人
smtp_server localhost #指定SMTP服务器地址
smtp_connect_timeout 30 #指定SMTP连接超时时间
router_id LVS_DEVEL #标识当前节点名称,不允许重复
}
vrrp_instance VI_1 { #定义一个实例,一个实例就是一个集群,当前实例名称VI_1可以更改
state MASTER #指定该节点为主节点
interface eth0 #指定VIP的网络接口
virtual_router_id 51 #指定VRRP组名,主节点和备用节点需要配置相同VRRP组名
priority 100 #优先级,范围1-254 数字数值比较,越大优先级别越高,主节点优先级必须高于备用节点。
advert_int 1 #组播信息发送间隔,单位秒,主节点备用节点必须设置一致
authentication { #设置验证信息,主节点备用节点必须设置一致
auth_type PASS #指定认证方法,PASS简单密码认证
auth_pass 1111 指定认证所使用的密码,最多8位
}
virtual_ipaddress { #指定VIP,主节点备用节点必须一致
20.20.20.128
}
}
virtual_server 20.20.20.128 80 { 对VIP为20.20.20.128,端口号为80的服务器添加相关信息
delay_loop 6 #keepalived多长时间监测一次真实服务器,单位秒
lb_algo rr #LVS调度算法
lb_kind DR #LVS-DR模式
# persistence_timeout 50 同一个IP50秒内的请求都会发到同一个真实服务器,会影响rr算法调度,测试时可以注释掉
protocol TCP #4层协议
real_server 20.20.20.126 80 { #对IP为20.20.20.126,端口号为80的真实服务器添加相关信息
weight 1 #指定权重,默认为1
TCP_CHECK {
connect_timeout 3 #连接超时时间,默认5秒
nb_get_retry 3 #重试次数,默认1次
delay_before_retry 3 #重试时间间隔,默认1秒
connect_port 80 #监测端口号
}
}
real_server 20.20.20.127 80 { #对IP为20.20.20.127,端口号为80的真实服务器添加相关信息
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
3、keepalived备服务器的keepalived.conf的配置
[root@node122 ~]# vim etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
zhangzhikai@vclusters.com
}
notification_email_from jacky@itcloudblog.cn
smtp_server localhost
smtp_connect_timeout 30
router_id LVS_BACKUP ###修改为LVS_BACKUP
}
vrrp_instance VI_1 {
state BACKUP ###修改为BACKUP
interface eth0
virtual_router_id 51
priority 90 ###备用修改为90 主节点为100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
20.20.20.128
}
}
virtual_server 20.20.20.128 80 {
delay_loop 6
lb_algo rr
lb_kind DR
# persistence_timeout 50
protocol TCP
real_server 20.20.20.126 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 20.20.20.127 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
/etc/keepalived/keepalived.conf为keeplived的主配置文件。以上配置state表示主节点为:20.20.20.121,副节点为:20.20.20.122。虚拟为IP:20.20.20.128,后端的真实服务器为:20.20.20.126和20.20.20.127,当通过20.20.20.128访问web服务器时,自动转到后端真实服务器,后端节点的权重相同,类似轮询模式。
四、keepalived启动服务与测试
1、启动keepalived服务
systemctl start keepalived
systemctl enable keepalived
2、测试VIP漂移
查看主节点和备用节点的ip地址
[root@node121 ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 1e:c0:57:cd:d5:03 brd ff:ff:ff:ff:ff:ff
inet 20.20.20.121/24 brd 20.20.20.255 scope global eth0
valid_lft forever preferred_lft forever
inet 20.20.20.128/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::1cc0:57ff:fecd:d503/64 scope link
valid_lft forever preferred_lft forever
[root@node122 ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 8e:39:b9:7e:1b:a4 brd ff:ff:ff:ff:ff:ff
inet 20.20.20.122/24 brd 20.20.20.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::8c39:b9ff:fe7e:1ba4/64 scope link
valid_lft forever preferred_lft forever
[root@node122 ~]#
停止主节点的keepalived,再查看主节点和备用节点IP
[root@node121 ~]# systemctl stop keepalived
[root@node121 ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 1e:c0:57:cd:d5:03 brd ff:ff:ff:ff:ff:ff
inet 20.20.20.121/24 brd 20.20.20.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::1cc0:57ff:fecd:d503/64 scope link
valid_lft forever preferred_lft forever
[root@node121 ~]#
[root@node122 ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 8e:39:b9:7e:1b:a4 brd ff:ff:ff:ff:ff:ff
inet 20.20.20.122/24 brd 20.20.20.255 scope global eth0
valid_lft forever preferred_lft forever
inet 20.20.20.128/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::8c39:b9ff:fe7e:1ba4/64 scope link
valid_lft forever preferred_lft forever
[root@node122 ~]#
测试通过需要再次开启keepalived服务。
五、配置真实服务器回环接口
1、配置node126web服务器回环口lo:1为VIP
[root@node126 ~]# cd etc/sysconfig/network-scripts/
[root@node126 ~]# cd etc/sysconfig/network-scripts/
[root@node126 network-scripts]# cp ifcfg-lo ifcfg-lo:1
DEVICE=lo:1
IPADDR=20.20.20.128
NETMASK=255.255.255.255
#NETWORK=127.0.0.0
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
#BROADCAST=127.255.255.255
ONBOOT=yes
NAME=loopback
[root@node126 ~]# systemctl restart network
2、配置node12web服务器回环口lo:1为VIP
[root@node127 ~]# cd etc/sysconfig/network-scripts/
[root@node127 ~]# cd etc/sysconfig/network-scripts/
[root@node127 network-scripts]# cp ifcfg-lo ifcfg-lo:1
DEVICE=lo:1
IPADDR=20.20.20.128
NETMASK=255.255.255.255
#NETWORK=127.0.0.0
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
#BROADCAST=127.255.255.255
ONBOOT=yes
NAME=loopback
[root@node127 ~]# systemctl restart network
六、测试
1、客户端访问VIP页面轮训到多台web服务器
2、模拟web1服务器故障
关闭web节点之前查看有两台web服务器
[root@node121 ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 20.20.20.128:80 rr
-> 20.20.20.126:80 Route 1 0 0
-> 20.20.20.127:80 Route 1 0 0
[root@node121 ~]#
关闭web1服务器
[root@node126 ~]# systemctl stop httpd
关闭web节点之后,将故障web服务器踢除操作
[root@node121 ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 20.20.20.128:80 rr
-> 20.20.20.127:80 Route 1 0 0
[root@node121 ~]#
七、实现keepalived两台服务器互为主从
在之前基础配置上实现keepalived互为主从,添加另外一个VIP:20.20.20.131,本次node122作为master,node121作为backup。
1、配置keepalived主机
(1)、在node121修改配置文件,添加实例和对应主机
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 52
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 2222
}
virtual_ipaddress {
20.20.20.131
}
}
virtual_server 20.20.20.131 80 {
delay_loop 6
lb_algo rr
lb_kind DR
# persistence_timeout 50
protocol TCP
real_server 20.20.20.126 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 20.20.20.127 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
重启keepalived服务
[root@node121 ~]# systemctl restart keepalived
(2)、在node122修改配置文件,添加实例和对应主机
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 2222
}
virtual_ipaddress {
20.20.20.131
}
}
virtual_server 20.20.20.131 80 {
delay_loop 6
lb_algo rr
lb_kind DR
# persistence_timeout 50
protocol TCP
real_server 20.20.20.126 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 20.20.20.127 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
重启keepalived服务
[root@node122 ~]# systemctl restart keepalived
2、配置真实web服务器回环口
(1)、在node121配置回环口
[root@node126 ~]# cd etc/sysconfig/network-scripts/
[root@node126 network-scripts]# cp ifcfg-lo:1 ifcfg-lo:2
DEVICE=lo:2
IPADDR=20.20.20.131
NETMASK=255.255.255.255
#NETWORK=127.0.0.0
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
#BROADCAST=127.255.255.255
ONBOOT=yes
NAME=loopback
重启网络服务
(2)、在node122配置回环口
DEVICE=lo:2
IPADDR=20.20.20.131
NETMASK=255.255.255.255
#NETWORK=127.0.0.0
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
#BROADCAST=127.255.255.255
ONBOOT=yes
NAME=loopback
重启网络服务
[root@node127 network-scripts]# systemctl restart network
3、查看keepalived节点上VIP信息
(1)、在node121节点查看VIP信息
[root@node121 ~]# ip a sh dev eth0 ##node121节点上只有128,没有131 vip地址
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 1e:c0:57:cd:d5:03 brd ff:ff:ff:ff:ff:ff
inet 20.20.20.121/24 brd 20.20.20.255 scope global eth0
valid_lft forever preferred_lft forever
inet 20.20.20.128/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::1cc0:57ff:fecd:d503/64 scope link
valid_lft forever preferred_lft forever
[root@node121 ~]#
(2)、在node122节点查看VIP信息
[root@node122 ~]# ip a sh dev eth0 ##node122节点上只有131,没有128 vip地址
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 8e:39:b9:7e:1b:a4 brd ff:ff:ff:ff:ff:ff
inet 20.20.20.122/24 brd 20.20.20.255 scope global eth0
valid_lft forever preferred_lft forever
inet 20.20.20.131/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::8c39:b9ff:fe7e:1ba4/64 scope link
valid_lft forever preferred_lft forever
[root@node122 ~]#
4、验证测试
keepalived部署过程中说明:
(1)、在修改keepalived配置文件中注意{}对称
(2)、主节点和备用节点 route_id 集群名称等
(3)、在测试过程中不轮训的情况,主要原因是:keepalived参数和lvs参数的问题
keepalived.conf配置文件注释persistence_timeout 50参数
查看ipvsadm -L --timeout
默认是Timeout (tcp tcpfin udp): 900 120 300 修改为:Timeout (tcp tcpfin udp): 1 2 1
修改命令:ipvsadm --set 1 2 1
原因解释:
检查keepalived软件配置,发现virtual_server配置了persistence_timeout 连接保持,意思就是在这个一定时间内会讲来自同一用户(根据ip来判断的)访问到同一个real server。
配置连接保持后用户访问到哪个后端由persistence_timeout和lvs的超时共同决定。
文章转载自MrJacky博客,如果涉嫌侵权,请发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。
