1.keepalived概览
Keepalived是基于vrrp协议的一款高可用软件。Keepailived有一台主服务器和多台备份服务器,在主服务器和备份服务器上面部署相同的服务配置,使用一个虚拟IP地址对外提供服务,当主服务器出现故障时,虚拟IP地址会自动漂移到备份服务器。
VRRP协议
Keepalived就是利用VRRP协议来实现高可用性(HA)的发生。
VRRP全称Virtual Router Redundancy Protocol,即虚拟路由冗余协议。对于VRRP,需要清楚知道的是:
- 1)VRRP是用来实现路由器冗余的协议。
- 2)VRRP协议是为了消除在静态缺省路由环境下路由器单点故障引起的网络失效而设计的主备模式的协议,使得发生故障而进行设计设备功能切换时可以不影响内外数据通信,不需要再修改内部网络的网络参数。
- 3)VRRP协议需要具有IP备份,优先路由选择,减少不必要的路由器通信等功能。
- 4)VRRP协议将两台或多台路由器设备虚拟成一个设备,对外提供虚拟路由器IP(一个或多个)。然而,在路由器组内部,如果实际拥有这个对外IP的路由器如果工作正常的话,就是master,或者是通过算法选举产生的,MASTER实现针对虚拟路由器IP的各种网络功能,如ARP请求,ICMP,以及数据的转发等,其他设备不具有该IP,状态是BACKUP。除了接收MASTER的VRRP状态通告信息外,不执行对外的网络功能,当主级失效时,BACKUP将接管原先MASTER的网络功能。
- 5)VRRP协议配置时,需要配置每个路由器的虚拟路由ID(VRID)和优先权值,使用VRID将路由器进行分组,具有相同VRID值的路由器为同一个组,VRID是一个0-255的整整数,;同一个组中的路由器通过使用优先权值来选举MASTER。,优先权大者为MASTER,优先权也是一个0-255的正整数。
keepalived工作原理
keepalived可提供vrrp以及health-check功能,可以只用它提供双机浮动的vip(vrrp虚拟路由功能),这样可以简单实现一个双机热备高可用功能;keepalived是以VRRP虚拟路由冗余协议为基础实现高可用的,可以认为是实现路由器高可用的协议,即将N台提供相同功能的路由器组成一个路由器组,这个组里面有一个master和多个backup,master上面有一个对外提供服务的vip(该路由器所在局域网内其他机器的默认路由为该vip),master会发组播,当backup收不到VRRP包时就认为master宕掉了,这时就需要根据VRRP的优先级来选举一个backup当master。这样的话就可以保证路由器的高可用了。
参考:
- https://www.jianshu.com/p/b050d8861fc1
- https://www.linuxidc.com/Linux/2019-01/156141.htm(更多配置详情点击此链接)
2.keepalived安装
以centos7 为例,直接yum安装:yum install -y keepalived
源码安装参考:keepalived源码安装,keppalived官网: keepalived.org
keepalived安装后配置文件
1.主配置文件:/etc/keepalived/keepalived.conf # 重要配置文件
2.主程序文件:/usr/sbin/keepalived
3.提供校验码:/usr/bin/genhash
4.Unit File:keepalived.service # /usr/lib/systemd/system/
5.Unit File的环境配置文件:/etc/sysconfig/keepalived
3.keepalived & nginx实现高可用
3.1 双机主备
网络拓扑结构:
环境说明,下同
- MASTER,192.168.181.129,VIP,192.168.181.160
- BACKUP,192.168.181.131,VIP,192.168.181.160,数量1
配置主备节点的keepalived.conf,路径:/etc/keepalived/keepalived.conf,编辑保存后重新启动keepalived。
master节点
! Configuration File for keepalived
global_defs {
# router id, global unique, host uuid
router_id keep_17
}
# vrrp conf, keepalived + nginx
vrrp_instance VI_1 {
# host -> master
state MASTER
# host interface name
interface ens33
# ensure master and backup are same
virtual_router_id 51
# weight, the larger, more chance to be master after master down
priority 100
# between m & b time interval, default 1s
advert_int 1
# authenticate pwd, default
authentication {
auth_type PASS
auth_pass 1111
}
# vip conf
virtual_ipaddress {
192.168.181.160
}
}
backup节点
! Configuration File for keepalived
global_defs {
# router id, global unique, host uuid
router_id keep_17
}
# vrrp conf, keepalived + nginx
vrrp_instance VI_1 {
# host -> master
state BACKUP
# host interface name
interface ens33
# ensure master and backup are same
virtual_router_id 51
# weight, the larger, more chance to be master after master down
priority 80
# between m & b time interval, default 1s
advert_int 1
# authenticate pwd, default
authentication {
auth_type PASS
auth_pass 1111
}
# vip conf
virtual_ipaddress {
192.168.181.160
}
}
主备节点重启keepalived
# restart keepalived -> master & backup
systemctl restart keppalived
# master节点,查看ip
ip a l ens33
---
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:b0:83:b2 brd ff:ff:ff:ff:ff:ff
inet 192.168.181.129/24 brd 192.168.181.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.181.160/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::fa05:b29b:80e1:6d0b/64 scope link noprefixroute
valid_lft forever preferred_lft forever
---
chrome测试VIP
主备正常工作时:
master down,backup正常:
# nginx down
nginx -s stop
netstat -tnlp
---
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 15000/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1235/master
tcp6 0 0 :::22 :::* LISTEN 15000/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1235/master
---
# stop keepalived
systemctl stop keepalived
ip a l ens33
---
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:b0:83:b2 brd ff:ff:ff:ff:ff:ff
inet 192.168.181.129/24 brd 192.168.181.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::fa05:b29b:80e1:6d0b/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3.2 双主热备
网络拓扑结构:
准备工作:
修改windows下的hosts文件,路径:C:WINDOWSsystem32driversetchosts,管理员身份修改。
添加至末尾:
说明
稍后实验分别以www.ha.com、www.ha1.com演示DNS解析。
129 节点配置
! Configuration File for keepalived
global_defs {
# router id, global unique, host uuid
router_id keep_17 # 标识一致
}
# vrrp conf, keepalived + nginx,运行实例1, 虚拟路由组id -> 51,VIP -> 192.168.181.160
vrrp_instance VI_1 {
# host -> master
state MASTER # 设为主机
# host interface name
interface ens33
# ensure master and backup are same
virtual_router_id 51 # 标识51组,另外的备机应该同id
# weight, the larger, more chance to be master after master down
priority 100
# between m & b time interval, default 1s
advert_int 1
# authenticate pwd, default
authentication {
auth_type PASS
auth_pass 1111
}
# vip conf
virtual_ipaddress {
192.168.181.160 # 在主机的VIP
}
}
# vrrp conf, as BACKUP,运行实例2,虚拟路由组id -> 52,VIP -> 192.168.181.161
vrrp_instance VI_2 {
# host -> master
state BACKUP # 设为备机
# host interface name
interface ens33
# ensure master and backup are same
virtual_router_id 52 # 标识组,另外的主机应该同id
# weight, the larger, more chance to be master after master down
priority 50 # 备机调低优先级
# between m & b time interval, default 1s
advert_int 1
# authenticate pwd, default
authentication {
auth_type PASS
auth_pass 1111
}
# vip conf
virtual_ipaddress {
192.168.181.161 # 备机的VIP
}
}
131 节点配置
! Configuration File for keepalived
global_defs {
# router id, global unique, host uuid
router_id keep_17 # 标识一致
}
# vrrp conf, keepalived + nginx
vrrp_instance VI_1 {
# host -> master
state BACKUP # 标为备机
# host interface name
interface ens33
# ensure master and backup are same
virtual_router_id 51 # 组号id: 51
# weight, the larger, more chance to be master after master down
priority 50 # 备机优先级调低
# between m & b time interval, default 1s
advert_int 1
# authenticate pwd, default
authentication {
auth_type PASS
auth_pass 1111
}
# vip conf
virtual_ipaddress {
192.168.181.160 # 同虚拟路由51对应的VIP
}
}
# vrrp conf, as BACKUP
vrrp_instance VI_2 {
# host -> master
state MASTER # 在路由组52中设为主机
# host interface name
interface ens33
# ensure master and backup are same
virtual_router_id 52 # 虚拟路由组id
# weight, the larger, more chance to be master after master down
priority 100 # 因在52中为master,优先级高
# between m & b time interval, default 1s
advert_int 1
# authenticate pwd, default
authentication {
auth_type PASS
auth_pass 1111
}
# vip conf
virtual_ipaddress {
192.168.181.161 # 在52组中的VIP
}
}
配置好文件后,依然重启两个节点的keepalived,systemctl restart keepalived。
查看各自网卡对应的ip/vip情况:
# 129节点
# ip addr l ens33
---
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:b0:83:b2 brd ff:ff:ff:ff:ff:ff
inet 192.168.181.129/24 brd 192.168.181.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.181.160/32 scope global ens33 # 作为master的VIP
valid_lft forever preferred_lft forever
inet 192.168.181.161/32 scope global ens33 # 作为backup的VIP
valid_lft forever preferred_lft forever
inet6 fe80::fa05:b29b:80e1:6d0b/64 scope link noprefixroute
valid_lft forever preferred_lft forever
# 131节点
# ip addr l ens33
---
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:5b:21:2d brd ff:ff:ff:ff:ff:ff
inet 192.168.181.131/24 brd 192.168.181.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.181.161/32 scope global ens33 # 作为master的VIP
valid_lft forever preferred_lft forever
inet 192.168.181.160/32 scope global ens33 # 作为backup的VIP
valid_lft forever preferred_lft forever
inet6 fe80::fa05:b29b:80e1:6d0b/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::76c4:f671:6f:a652/64 scope link noprefixroute
valid_lft forever preferred_lft forever
模拟DNS解析后的正常访问
访问160,应该指向129:
访问161,应该指向131:
模拟宕机时的访问
访问160,停掉129的keepalived服务:
访问161,指向131主机。
可以看到,160 -> 131备机, 161 -> 131主机。
到这里,通过keepalived+nginx实现双机主备和双主热备的实验worked!