Keepalived 高可用

1,130次阅读
没有评论

共计 20453 个字符,预计需要花费 52 分钟才能阅读完成。

Keepalived 高可用

Keepalived简介

Keepalived 字如其名,保持存活,即高可用,经常用来防止单点故障。以前接触过一些人对高可用和负载均衡概念出现混淆,在此简单说明下:

  • 高可用:重点关注持续可用,只需要满足slave节点在master节点故障时自动接管master服务即可
  • 负载均衡:重点在于分摊请求至后端多个节点,避免后端请求不均

Keepalived是以VRRP(Virtual Router Redundancy Protocol虚拟路由冗余协议)协议实现基础的,这个协议以前博主在大学时学习网络课程时接触过,简单讲就是用多台路由器组成一个路由器组,这个路由器组中有个master和多个backup,其中master上有vip,局域网内其他机器的默认路由为该vip。期间master会发组播,如果backup收不到vrrp包则认为master宕机,此时根据vrrp优先级从backup中选举master,vip便会漂移到新master上提供路由网关服务。

VRRP主要包含以下几个概念:

  • 虚拟路由器VR(Virtual Router)
  • 虚拟路由器标志VRID(0-255)虚拟路由组器唯一标志,同虚拟路由组则为一致,不同组内则需要不同
  • VIP(Virtual IP)
  • 物理路由器
    • master
    • backup
    • priority:(0-255)优先级越高则为主,可以通过其他字段声明初始时谁为主或备
  • 心跳通告:以组播的形式进行心跳,默认VRRP组播地址224.0.0.18

Keepalived配置文件样例

! Configuration File for keepalived
# 全局配置块,邮件,route_id,vrrp配置,多播地址等
global_defs {
    notification_email { 
        root@localhost 
    }
    notification_email_from keepalived@localhost
    smtp_server 127.0.0.1
    smtp_connect_timeout 30
    router_id hk01

    # 默认VRRP组播地址为224.0.0.18,可自定义
    vrrp_mcast_group4 224.0.0.18
}

# 定义检测脚本配置块
vrrp_script check_web {
    script "/server/scripts/check_web.sh"
    interval 2
    weight 2
}

# 虚拟路由组配置块,多个虚拟路由组则可以定义多个块
# 定义角色,网卡,优先级,认证,vip等
vrrp_instance VI_1 {
    state MASTER
    interface eth0

    # 虚拟路由器的标识,同一虚拟路由器组中的ID要相同
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication
        auth_type PASS
        auth_pass 1111
    }
    # 配置VIP
    virtual_ipaddress {
        192.168.11.99/24 dev eth0 label eth0:1
    }
    # 配置检测脚本
    track_script {
        check_web
    }
}

Keepalived部署

keepalived 主备模式

主节点部署配置

1.安装软件包

[root@hk01 ~]# yum install nginx -y
[root@hk01 ~]# yum install keepalived -y

2.配置文件

[root@hk01 ~]# cat >/etc/keepalived/keepalived.conf<<'EOF'
! Configuration File for keepalived
global_defs {
    router_id hk01
}
vrrp_script check_web {
    script "/server/scripts/check_web.sh"
    interval 2
    weight 2
}
vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.174.201/24 dev eth0 label eth0:1 
    }
    track_script {
        check_web
    }
}
EOF

3.检测脚本

[root@hk01 ~]# mkdir -p /server/scripts
[root@hk01 ~]# cat /server/scripts/check_web.sh 
#/bin/bash
cnt=`ps -ef |grep -c '[n]ginx'`

if [ $cnt -eq 0 ];then
systemctl stop keepalived
fi
[root@hk01 ~]# chmod + x /server/scripts/check_web.sh

4.启动服务并测试

[root@hk01 ~]# sysetmctl start nginx
[root@hk01 ~]# systemctl start keepalived

# 可以看到vip在master节点上
[root@hk01 ~]# ip a s eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:24:49:ed brd ff:ff:ff:ff:ff:ff
    inet 192.168.174.137/24 brd 192.168.174.255 scope global noprefixroute dynamic eth0
       valid_lft 5523859sec preferred_lft 5523859sec
    inet 192.168.174.201/24 scope global secondary eth0:1
       valid_lft forever preferred_lft forever
    inet6 fe80::8074:c1a5:fa67:cfaa/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::c5f2:37c:a210:ea88/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

[root@hk01 ~]# echo node-hk01 >/usr/share/nginx/html/index.html 
# 此时访问服务为master在提供
[root@hk01 ~]# curl 192.168.174.201
node-hk01

5.查看master节点此时日志

# 注意此时备机还未开始安装
[root@hk01 ~]# less /var/log/messages 

....
May 12 23:46:51 localhost systemd: Starting LVS and VRRP High Availability Monitor...
May 12 23:46:51 localhost Keepalived[18849]: Starting Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2
May 12 23:46:51 localhost Keepalived[18849]: Opening file '/etc/keepalived/keepalived.conf'.
May 12 23:46:51 localhost Keepalived[18850]: Starting Healthcheck child process, pid=18851
May 12 23:46:51 localhost systemd: Started LVS and VRRP High Availability Monitor.
May 12 23:46:51 localhost Keepalived[18850]: Starting VRRP child process, pid=18852
May 12 23:46:51 localhost Keepalived_healthcheckers[18851]: Opening file '/etc/keepalived/keepalived.conf'.
May 12 23:46:51 localhost Keepalived_vrrp[18852]: Registering Kernel netlink reflector
May 12 23:46:51 localhost Keepalived_vrrp[18852]: Registering Kernel netlink command channel
May 12 23:46:51 localhost Keepalived_vrrp[18852]: Registering gratuitous ARP shared channel
May 12 23:46:51 localhost Keepalived_vrrp[18852]: Opening file '/etc/keepalived/keepalived.conf'.
May 12 23:46:51 localhost Keepalived_vrrp[18852]: WARNING - default user 'keepalived_script' for script execution does not exist - please create.
May 12 23:46:51 localhost Keepalived_vrrp[18852]: SECURITY VIOLATION - scripts are being executed but script_security not enabled.
May 12 23:46:51 localhost Keepalived_vrrp[18852]: VRRP_Instance(VI_1) removing protocol VIPs.
May 12 23:46:51 localhost Keepalived_vrrp[18852]: Using LinkWatch kernel netlink reflector...
May 12 23:46:51 localhost Keepalived_vrrp[18852]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]
May 12 23:46:51 localhost Keepalived_vrrp[18852]: VRRP_Script(check_web) succeeded
May 12 23:46:52 localhost Keepalived_vrrp[18852]: VRRP_Instance(VI_1) Transition to MASTER STATE
May 12 23:46:52 localhost Keepalived_vrrp[18852]: VRRP_Instance(VI_1) Changing effective priority from 100 to 102
May 12 23:46:53 localhost Keepalived_vrrp[18852]: VRRP_Instance(VI_1) Entering MASTER STATE
May 12 23:46:53 localhost Keepalived_vrrp[18852]: VRRP_Instance(VI_1) setting protocol VIPs.
May 12 23:46:53 localhost Keepalived_vrrp[18852]: Sending gratuitous ARP on eth0 for 192.168.174.201
May 12 23:46:53 localhost Keepalived_vrrp[18852]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on eth0 for 192.168.174.201
May 12 23:46:53 localhost Keepalived_vrrp[18852]: Sending gratuitous ARP on eth0 for 192.168.174.201
May 12 23:46:53 localhost Keepalived_vrrp[18852]: Sending gratuitous ARP on eth0 for 192.168.174.201
May 12 23:46:53 localhost Keepalived_vrrp[18852]: Sending gratuitous ARP on eth0 for 192.168.174.201
May 12 23:46:53 localhost Keepalived_vrrp[18852]: Sending gratuitous ARP on eth0 for 192.168.174.201
May 12 23:46:58 localhost Keepalived_vrrp[18852]: Sending gratuitous ARP on eth0 for 192.168.174.201
May 12 23:46:58 localhost Keepalived_vrrp[18852]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on eth0 for 192.168.174.201
May 12 23:46:58 localhost Keepalived_vrrp[18852]: Sending gratuitous ARP on eth0 for 192.168.174.201
May 12 23:46:58 localhost Keepalived_vrrp[18852]: Sending gratuitous ARP on eth0 for 192.168.174.201
May 12 23:46:58 localhost Keepalived_vrrp[18852]: Sending gratuitous ARP on eth0 for 192.168.174.201
May 12 23:46:58 localhost Keepalived_vrrp[18852]: Sending gratuitous ARP on eth0 for 192.168.174.201
....

备节点部署

1.安装软件包

[root@hk02 ~]# yum install nginx -y
[root@hk02 ~]# yum install keepalived -y

2.keepalived配置文件

[root@hk02 ~]# cat >/etc/keepalived/keepalived.conf<<'EOF'
! Configuration File for keepalived
global_defs {
   router_id hk02
}
vrrp_script check_web {
    script "/server/scripts/check_web.sh"
    interval 2
    weight 2
}
vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 51
    priority 50
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.174.201/24 dev eth0 label eth0:1 
    }
    track_script {
        check_web
    }
}
EOF

3.检测脚本

[root@hk02 ~]# mkdir -p /server/scripts
[root@hk02 ~]# cat /server/scripts/check_web.sh 
#/bin/bash
cnt=`ps -ef |grep -c '[n]ginx'`

if [ $cnt -eq 0 ];then
systemctl stop keepalived
fi
[root@hk02 ~]# chmod + x /server/scripts/check_web.sh

4.启动服务

[root@hk02 ~]# sysetmctl start nginx
[root@hk02 ~]# systemctl start keepalived

# vip不在backup上
[root@hk02 ~]# ip a s eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:59:d4:55 brd ff:ff:ff:ff:ff:ff
    inet 192.168.174.138/24 brd 192.168.174.255 scope global noprefixroute dynamic eth0
       valid_lft 5523144sec preferred_lft 5523144sec
    inet6 fe80::c5f2:37c:a210:ea88/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::8074:c1a5:fa67:cfaa/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::772e:38a7:d2af:640a/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever


[root@hk02 ~]# echo node-hk02 >/usr/share/nginx/html/index.html 
# 此时访问服务为master在提供
[root@hk02 ~]# curl 192.168.174.201
node-hk01

5.查看slave节点日志

[root@hk02 ~]# cat /var/log/messages 
May 12 23:54:56 localhost systemd: Starting LVS and VRRP High Availability Monitor...
May 12 23:54:56 localhost Keepalived[23208]: Starting Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2
May 12 23:54:56 localhost Keepalived[23208]: Opening file '/etc/keepalived/keepalived.conf'.
May 12 23:54:56 localhost Keepalived[23209]: Starting Healthcheck child process, pid=23210
May 12 23:54:56 localhost systemd: Started LVS and VRRP High Availability Monitor.
May 12 23:54:56 localhost Keepalived[23209]: Starting VRRP child process, pid=23211
May 12 23:54:56 localhost Keepalived_healthcheckers[23210]: Opening file '/etc/keepalived/keepalived.conf'.
May 12 23:54:56 localhost Keepalived_vrrp[23211]: Registering Kernel netlink reflector
May 12 23:54:56 localhost Keepalived_vrrp[23211]: Registering Kernel netlink command channel
May 12 23:54:56 localhost Keepalived_vrrp[23211]: Registering gratuitous ARP shared channel
May 12 23:54:56 localhost Keepalived_vrrp[23211]: Opening file '/etc/keepalived/keepalived.conf'.
May 12 23:54:56 localhost Keepalived_vrrp[23211]: WARNING - default user 'keepalived_script' for script execution does not exist - please create.
May 12 23:54:56 localhost Keepalived_vrrp[23211]: SECURITY VIOLATION - scripts are being executed but script_security not enabled.
May 12 23:54:56 localhost Keepalived_vrrp[23211]: VRRP_Instance(VI_1) removing protocol VIPs.
May 12 23:54:56 localhost Keepalived_vrrp[23211]: Using LinkWatch kernel netlink reflector...
May 12 23:54:56 localhost Keepalived_vrrp[23211]: VRRP_Instance(VI_1) Entering BACKUP STATE
May 12 23:54:56 localhost Keepalived_vrrp[23211]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]
May 12 23:54:56 localhost Keepalived_vrrp[23211]: VRRP_Script(check_web) succeeded
May 12 23:54:57 localhost Keepalived_vrrp[23211]: VRRP_Instance(VI_1) Changing effective priority from 50 to 52

查看此时的VRRP通告数据包

[root@hk02 ~]#
 tcpdump vrrp -w vrrp.pcap
Keepalived 高可用

故障模拟

1.关闭master节点中的nginx

# 关掉nginx服务
[root@hk01 ~]# systemctl stop nginx

# 查看vip已移除
[root@hk01 ~]# ip a s eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:24:49:ed brd ff:ff:ff:ff:ff:ff
    inet 192.168.174.137/24 brd 192.168.174.255 scope global noprefixroute dynamic eth0
       valid_lft 5522870sec preferred_lft 5522870sec
    inet6 fe80::8074:c1a5:fa67:cfaa/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::c5f2:37c:a210:ea88/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

# 服务依旧可用,以切换到node-hk02
[root@hk01 ~]# curl 192.168.174.201
node-hk02


# 查看日志,vip自动移除
[root@hk01 ~]# less /var/log/messages
....
May 13 00:02:16 localhost systemd: Stopping The nginx HTTP and reverse proxy server...
May 13 00:02:16 localhost systemd: Stopped The nginx HTTP and reverse proxy server.
May 13 00:02:18 localhost Keepalived[18850]: Stopping
May 13 00:02:18 localhost systemd: Stopping LVS and VRRP High Availability Monitor...
May 13 00:02:18 localhost Keepalived_healthcheckers[18851]: Stopped
May 13 00:02:18 localhost Keepalived_vrrp[18852]: VRRP_Instance(VI_1) sent 0 priority
May 13 00:02:18 localhost Keepalived_vrrp[18852]: VRRP_Instance(VI_1) removing protocol VIPs.
May 13 00:02:19 localhost Keepalived_vrrp[18852]: Stopped
May 13 00:02:19 localhost Keepalived[18850]: Stopped Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2
May 13 00:02:19 localhost systemd: Stopped LVS and VRRP High Availability Monitor.
....

2.查看vip漂移到slave

[root@hk02 ~]# ip a s eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:59:d4:55 brd ff:ff:ff:ff:ff:ff
    inet 192.168.174.138/24 brd 192.168.174.255 scope global noprefixroute dynamic eth0
       valid_lft 5522648sec preferred_lft 5522648sec
    inet 192.168.174.201/24 scope global secondary eth0:1
       valid_lft forever preferred_lft forever
    inet6 fe80::c5f2:37c:a210:ea88/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::8074:c1a5:fa67:cfaa/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::772e:38a7:d2af:640a/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

# 查看日志
[root@hk02 ~]# less /var/log/messages
....
May 13 00:02:19 localhost Keepalived_vrrp[23211]: VRRP_Instance(VI_1) Transition to MASTER STATE
May 13 00:02:20 localhost Keepalived_vrrp[23211]: VRRP_Instance(VI_1) Entering MASTER STATE
May 13 00:02:20 localhost Keepalived_vrrp[23211]: VRRP_Instance(VI_1) setting protocol VIPs.
May 13 00:02:20 localhost Keepalived_vrrp[23211]: Sending gratuitous ARP on eth0 for 192.168.174.201
May 13 00:02:20 localhost Keepalived_vrrp[23211]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on eth0 for 192.168.174.201
May 13 00:02:20 localhost Keepalived_vrrp[23211]: Sending gratuitous ARP on eth0 for 192.168.174.201
May 13 00:02:20 localhost Keepalived_vrrp[23211]: Sending gratuitous ARP on eth0 for 192.168.174.201
May 13 00:02:20 localhost Keepalived_vrrp[23211]: Sending gratuitous ARP on eth0 for 192.168.174.201
May 13 00:02:20 localhost Keepalived_vrrp[23211]: Sending gratuitous ARP on eth0 for 192.168.174.201
May 13 00:02:25 localhost Keepalived_vrrp[23211]: Sending gratuitous ARP on eth0 for 192.168.174.201
May 13 00:02:25 localhost Keepalived_vrrp[23211]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on eth0 for 192.168.174.201
May 13 00:02:25 localhost Keepalived_vrrp[23211]: Sending gratuitous ARP on eth0 for 192.168.174.201
May 13 00:02:25 localhost Keepalived_vrrp[23211]: Sending gratuitous ARP on eth0 for 192.168.174.201
May 13 00:02:25 localhost Keepalived_vrrp[23211]: Sending gratuitous ARP on eth0 for 192.168.174.201
May 13 00:02:25 localhost Keepalived_vrrp[23211]: Sending gratuitous ARP on eth0 for 192.168.174.201
....

3.恢复master nginx和keepalive服务

# 恢复了master 的nginx,vip会自动切换回到master节点上
[root@hk01 ~]# systemctl start nginx 
[root@hk01 ~]# systemctl start keepalived
[root@hk01 ~]# ip a s eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:24:49:ed brd ff:ff:ff:ff:ff:ff
    inet 192.168.174.137/24 brd 192.168.174.255 scope global noprefixroute dynamic eth0
       valid_lft 5521457sec preferred_lft 5521457sec
    inet 192.168.174.201/24 scope global secondary eth0:1
       valid_lft forever preferred_lft forever
    inet6 fe80::8074:c1a5:fa67:cfaa/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::c5f2:37c:a210:ea88/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
[root@hk01 ~]# curl 192.168.174.201
node-hk01

非抢占模式

默认为抢占模式,即当高优先级的主机恢复在线后,会抢占低先级的主机的master角色,造成网络抖动,建议设置为非抢占模式 nopreempt ,即高优级主机恢复后,并不会抢占低优先级主机的master角色

对于抢占模式,可以使用抢占延迟配置(preempt_delay 60s),就是当故障恢复后,不会立即抢回VIP,而是延迟一段时间再抢回VIP,此处略,可以自行测试

# 生产中不建议修复故障后又进行一次vip飘逸,所以可以在配置文件中添加nopreempt参数,同时master/slave节点的priority值需要设置成一样,非抢占模式才生效
[root@hk01 ~]# cat >/etc/keepalived/keepalived.conf<<'EOF'
! Configuration File for keepalived
global_defs {
   router_id hk01
}
vrrp_script check_web {
    script "/server/scripts/check_web.sh"
    interval 2
    weight 2
}
vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    # 非抢占模式
    nopreempt
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.174.201/24 dev eth0 label eth0:1 
    }
    track_script {
        check_web
    }
}
EOF

[root@hk02 ~]# cat >/etc/keepalived/keepalived.conf<<'EOF'
! Configuration File for keepalived
global_defs {
   router_id hk02
}
vrrp_script check_web {
    script "/server/scripts/check_web.sh"
    interval 2
    weight 2
}
vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    nopreempt
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.174.201/24 dev eth0 label eth0:1 
    }
    track_script {
        check_web
    }
}
EOF

# 自行测试~

Keepalive 双主模式

双主模式(互为主备),相较于主备可以提高服务器的利用率,需要dns来做域名负载到两个vip

节点一配置

[root@hk01 ~]# cat /etc/keepalived/keepalived.conf 
! Configuration File for keepalived
global_defs {
   router_id hk01
}
vrrp_script check_web {
    script "/server/scripts/check_web.sh"
    interval 2
    weight 2
}
vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.174.201/24 dev eth0 label eth0:1 
    }
    track_script {
        check_web
    }
}
vrrp_instance VI_2 {
    state BACKUP
    interface eth0
    virtual_router_id 52
    priority 99
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.174.202/24 dev eth0 label eth0:2 
    }
    track_script {
        check_web
    }
}

# 重启keepalived
[root@hk01 ~]# systemctl restart keepalived.service

节点二配置

[root@hk02 ~]# cat /etc/keepalived/keepalived.conf 
! Configuration File for keepalived
global_defs {
   router_id hk02
}
vrrp_script check_web {
    script "/server/scripts/check_web.sh"
    interval 2
    weight 2
}
vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 51
    priority 99
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.174.201/24 dev eth0 label eth0:1 
    }
    track_script {
        check_web
    }
}
vrrp_instance VI_2 {
    state MASTER
    interface eth0
    virtual_router_id 52
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.174.202/24 dev eth0 label eth0:2 
    }
    track_script {
        check_web
    }
}

# 重启keepalive
[root@hk02 ~]# systemctl restart keepalived.service

待两个节点重启完后查看vip

# 节点一
[root@hk01 ~]# ip a s eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:24:49:ed brd ff:ff:ff:ff:ff:ff
    inet 192.168.174.137/24 brd 192.168.174.255 scope global noprefixroute dynamic eth0
       valid_lft 5517867sec preferred_lft 5517867sec
    inet 192.168.174.201/24 scope global secondary eth0:1
       valid_lft forever preferred_lft forever
    inet6 fe80::8074:c1a5:fa67:cfaa/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::c5f2:37c:a210:ea88/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever


# 节点二
[root@hk02 ~]# ip a s eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:59:d4:55 brd ff:ff:ff:ff:ff:ff
    inet 192.168.174.138/24 brd 192.168.174.255 scope global noprefixroute dynamic eth0
       valid_lft 5517908sec preferred_lft 5517908sec
    inet 192.168.174.202/24 scope global secondary eth0:2
       valid_lft forever preferred_lft forever
    inet6 fe80::c5f2:37c:a210:ea88/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::8074:c1a5:fa67:cfaa/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::772e:38a7:d2af:640a/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

# 访问测试,自行测试域名做dns负载
[root@hk01 ~]# curl 192.168.174.201
node-hk01
[root@hk01 ~]# curl 192.168.174.202
node-hk02

故障模拟测试

# 停止节点一服务
[root@hk01 ~]# systemctl stop nginx
[root@hk01 ~]# curl 192.168.174.201
node-hk02
[root@hk01 ~]# curl 192.168.174.201
node-hk02

# vip已漂移到节点二
[root@hk02 ~]# ip a s eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:59:d4:55 brd ff:ff:ff:ff:ff:ff
    inet 192.168.174.138/24 brd 192.168.174.255 scope global noprefixroute dynamic eth0
       valid_lft 5517680sec preferred_lft 5517680sec
    inet 192.168.174.202/24 scope global secondary eth0:2
       valid_lft forever preferred_lft forever
    inet 192.168.174.201/24 scope global secondary eth0:1
       valid_lft forever preferred_lft forever
    inet6 fe80::c5f2:37c:a210:ea88/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::8074:c1a5:fa67:cfaa/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::772e:38a7:d2af:640a/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

故障恢复测试

[root@hk01 ~]# systemctl start nginx
[root@hk01 ~]# systemctl start keepalived.service 

[root@hk01 ~]# curl 192.168.174.201
node-hk01
[root@hk01 ~]# curl 192.168.174.202
node-hk02

# 节点一已抢占回原vip
[root@hk01 ~]# ip a s eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:24:49:ed brd ff:ff:ff:ff:ff:ff
    inet 192.168.174.137/24 brd 192.168.174.255 scope global noprefixroute dynamic eth0
       valid_lft 5517590sec preferred_lft 5517590sec
    inet 192.168.174.201/24 scope global secondary eth0:1
       valid_lft forever preferred_lft forever
    inet6 fe80::8074:c1a5:fa67:cfaa/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::c5f2:37c:a210:ea88/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

[root@hk02 ~]# ip a s eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:59:d4:55 brd ff:ff:ff:ff:ff:ff
    inet 192.168.174.138/24 brd 192.168.174.255 scope global noprefixroute dynamic eth0
       valid_lft 5517587sec preferred_lft 5517587sec
    inet 192.168.174.202/24 scope global secondary eth0:2
       valid_lft forever preferred_lft forever
    inet6 fe80::c5f2:37c:a210:ea88/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::8074:c1a5:fa67:cfaa/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::772e:38a7:d2af:640a/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

Keepalived组播改单播

Keepalived默认心跳通告是利用组播通告消息,没有必要同一网段下的服务器都会收到该消息,可能会造成网络拥堵,所以改成单播的方式通告可以减少网络拥堵

# 主节点配置
[root@hk01 ~]# cat >/etc/keepalived/keepalived.conf<<'EOF'
! Configuration File for keepalived
global_defs {
    router_id hk01
}
vrrp_script check_web {
    script "/server/scripts/check_web.sh"
    interval 2
    weight 2
}
vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    # 配置单播源地址,即本机地址
    nicast_src_ip 192.168.174.137
    # 配置单播目的地址,即对端备机地址
    unicast_peer {  
        192.168.174.138
    }
    virtual_ipaddress {
        192.168.174.201/24 dev eth0 label eth0:1 
    }
    track_script {
        check_web
    }
}
EOF


# 备节点配置
[root@hk02 ~]# cat >/etc/keepalived/keepalived.conf<<'EOF'
! Configuration File for keepalived
global_defs {
    router_id hk02
}
vrrp_script check_web {
    script "/server/scripts/check_web.sh"
    interval 2
    weight 2
}
vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 51
    priority 50
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    # 配置单播源地址,即本机地址
    nicast_src_ip 192.168.174.138
    # 配置单播目的地址,即对端备机地址
    unicast_peer {  
        192.168.174.137
    }
    virtual_ipaddress {
        192.168.174.201/24 dev eth0 label eth0:1 
    }
    track_script {
        check_web
    }
}
EOF

此时可以查看VRRP数据包

Keepalived 高可用

正文完
keepalived
发表至: Linux 杂锦 运维
2019-06-15
 117
xadocker
版权声明:本站原创文章,由 xadocker 2019-06-15发表,共计20453字。
转载说明:除特殊说明外本站文章皆由CC-4.0协议发布,转载请注明出处。
Nginx GeoIP模块使用
Nginx负载均衡
用Openresty来返回json数据
Redis-cluster集群分片
评论(没有评论)