keepalived是什么

• keepalived是集群管理中保证集群高可用的一个服务软件，用来防止单点故障。

keepalived主要有三个模块

• 分别是core、check和vrrp。
• core模块为keepalived的核心，负责主进程的启动、维护以及全局配置文件的加载和解析。
• check负责健康检查，包括常见的各种检查方式。
• vrrp模块是来实现VRRP协议的。

案例1

• 环境:

  • 初识keepalived，实现web服务器的高可用集群。
  • ​ Server1: 192.168.145.15
  • ​ Server2: 192.168.145.16
  • ​ VIP: 192.168.145.100 对外的虚拟ip
  • 拓扑
  • 注意：
    • 关闭防火墙、selinux
    • 配置yum源

• server1

  • 创建etc下的keepalived目录,编辑配置文件

    • yum -y install keepalived

    • vi /etc/keepalived/keepalived.conf

      • ! Configuration File for keepalived global_defs {  router_id 1                            #设备在组中的标识，设置不一样即可  }  #vrrp_script chk_nginx {                        #健康检查 # script "/etc/keepalived/ck_ng.sh"     #检查脚本 # interval 2                            #检查频率.秒 # weight -5                             #priority减5 # fall 3                                        #失败三次 # }  #高可用集群的组员设置 vrrp_instance VI_1 {               #VI_1。实例名两台路由器相同。同学们要注意区分。     state MASTER                        #主或者从状态     interface ens33                     #监控网卡     mcast_src_ip 192.168.229.11         #心跳源IP，当前主机的ip     virtual_router_id 55                #虚拟路由编号，主备要一致。同学们注意区分     priority 100                        #优先级 数值越大优先级越高     advert_int 1                        #心跳间隔 单位是秒      authentication {                    #秘钥认证(1-8位)         auth_type PASS         auth_pass 123456     }      virtual_ipaddress {                 #VIP 虚拟ip     192.168.229.100/24         }  #  track_script {                       #引用脚本 #       chk_nginx #    }  }  

      • 把当前服务器的keepalived的配置，传给另外一台服务器

      • #scp -r /etc/keepalived/keepalived.conf 192.168.145.16:/etc/keepalived/

      • systemctl enable keepalived.service

        • 开机启动keepalived

    • 安装Nginx

      • rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
      • yum -y install nginx
      • systemctl enable nginx.service
      • systemctl start nginx.service
      • vi /usr/share/nginx/html/index.html
      • curl -i localhost
        • -i 显示目标地址返回的响应头信息
      • systemctl start keepalived.service
      • 

• server2

  • BACKUP服务器的配置需要几处修改

    • yum -y install keepalived

    • vi /etc/keepalived/keepalived.conf

      • state MASTER改为  state BACKUP mcast_src_ip 192.168.145.15改为backup服务器实际的IP mcast_src_ip 192.168.145.16 priority 100改为priority 99 

        • 配置文件示例

          • ! Configuration File for keepalived global_defs {  router_id 2  }  #vrrp_script chk_nginx { # script "/etc/keepalived/ck_ng.sh" # interval 2 # weight -5 # fall 3 # }  vrrp_instance VI_1 {     state BACKUP     interface ens33     mcast_src_ip 192.168.229.12     virtual_router_id 55     priority 99     advert_int 1      authentication {         auth_type PASS         auth_pass 123456     }      virtual_ipaddress {     192.168.229.100/24         }  #  track_script { #       chk_nginx #    }  }  

      • systemctl enable keepalived.service

    • 安装Nginx

      • rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
      • yum -y install nginx
      • systemctl enable nginx.service
      • systemctl start nginx.service
      • vi /usr/share/nginx/html/index.html
      • curl -i localhost
      • systemctl start keepalived.service

      

• client

  • 访问VIP http://192.168.145.100

    

  • 拔掉master(server1)的网线。

    ![- 外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传](https://i-blog.csdnimg.cn/direct/a27500ab8b5c4c7cbcce5ffdd840b267.png) 

  • 访问VIP http://192.168.145.100，观察网页已经切换

    • 

• 关于keepalived对nginx状态未知的问题

  • 恢复之前的实验。启动两台主机的keepalived和nginx。确保页面访问正常。 关闭master的nginx服务 。systemctl stop nginx 继续访问VIP，请问页面是否会切换到slave呢？

  • 请思考，nginx服务的状态和keepalived的关系。

    • 原因是keepalived监控的是接口IP状态。无法监控nginx服务状态

    • 编辑监控脚本。

      • server1

        • 添加Nginx监控脚本

          • vi /etc/keepalived/ck_ng.sh

            • #!/bin/bash #检查nginx进程是否存在 counter=$(ps -C nginx --no-heading|wc -l) if [ "${counter}" = "0" ]; then #尝试启动一次nginx，停止5秒后再次检测     systemctl start nginx     sleep 5     counter=$(ps -C nginx --no-heading|wc -l)     if [ "${counter}" = "0" ]; then #如果启动没成功，就杀掉keepalive触发主备切换         systemctl stop keepalived      fi fi 

          • chmod +x /etc/keepalived/ck_ng.sh

      • server2

        • 添加Nginx监控脚本

          • vi /etc/keepalived/ck_ng.sh

            • #!/bin/bash #检查nginx进程是否存在 counter=$(ps -C nginx --no-heading|wc -l) if [ "${counter}" = "0" ]; then #尝试启动一次nginx，停止5秒后再次检测     systemctl start nginx     sleep 5     counter=$(ps -C nginx --no-heading|wc -l)     if [ "${counter}" = "0" ]; then #如果启动没成功，就杀掉keepalive触发主备切换         service keepalived stop     fi fi 

          • chmod +x /etc/keepalived/ck_ng.sh

    • 启动监控脚本

      • 清除掉配置文件中的注释。

      • 

      • 重启keepalived即可

  • nginx状态测试

    • 因为脚本中有拉起nginx的语句，测试时可以将脚本文件位置进行改变。观察脚本的效果

案例2

• keepalived+lvs集群

• 环境

  • 192.168.145.15 dr1 负载均衡器 master
  • 192.168.145.16 dr2 负载均衡器 backup
  • 192.168.145.136 rs1 web1
  • 192.168.145.137 rs2 web2
  • 拓扑
    • 

• 1.在master上安装配置Keepalived:

  • # yum install keepalived ipvsadm -y
    • ipvsadm安装并不启动

• 2.在master上修改配置文件

  • # vim /etc/keepalived/keepalived.conf

    • ! Configuration File for keepalived global_defs {						 	router_id Director1    #两边不一样。 	} 	 vrrp_instance VI_1 {				 	state MASTER				#另外一台机器是BACKUP	 	interface ens33				#心跳网卡	 	virtual_router_id 51			#虚拟路由编号，主备要一致 	priority 150				#优先级	 	advert_int 1				#检查间隔，单位秒	 	authentication { 		auth_type PASS 		auth_pass 1111 		} 	virtual_ipaddress { 		192.168.229.100/24       dev      ens33   	#VIP和工作接口 		} 	} 	 virtual_server 192.168.229.100 80 {		#LVS 配置，VIP,就是keepalived配置的对外地址 	delay_loop 3				#服务论询的时间间隔，#每隔3秒检查一次real_server状态 	lb_algo rr				#LVS 调度算法 	lb_kind DR	 			#LVS 集群模式 	protocol TCP 	real_server 192.168.229.13 80 { 		weight 1                    #权重 		TCP_CHECK { 			connect_timeout 3       #健康检查方式,连接超时时间 			} 		} 	real_server 192.168.229.14 80 { 		weight 1 		TCP_CHECK { 			connect_timeout 3    #设定连接超时时间为3秒 超过视为掉线 			} 		} }  

• 3.在backup上安装keepalived:

  • # yum install keepalived ipvsadm -y
    • ipvsadm安装并不启动

• 4.拷贝master上的keepalived.conf到backup上：

  • # scp  192.168.229.11:/etc/keepalived/keepalived.conf 192.168.229.12:/etc/keepalived/ 

• 5.拷贝后,修改配置文件

  • router_id Director2

  • state BACKUP

  • priority 100

  • 配置示例

    • # vim /etc/keepalived/keepalived.conf

    • ! Configuration File for keepalived global_defs {         router_id Director2         }  vrrp_instance VI_1 {         state BACKUP                            #另外一台机器是BACKUP         interface ens33                         #心跳网卡         virtual_router_id 51         priority 100                            #优先级         advert_int 1                            #检查间隔，单位秒         authentication {                 auth_type PASS                 auth_pass 1111                 }         virtual_ipaddress {                 192.168.229.100/24 dev ens33       #VIP和工作端口                 }         }  virtual_server 192.168.229.100 80 {                #LVS 配置，VIP         delay_loop 3                            #服务论询的时间间隔         lb_algo rr                              #LVS 调度算法         lb_kind DR                              #LVS 集群模式         protocol TCP         real_server 192.168.229.13 80 {                 weight 1                 TCP_CHECK {                         connect_timeout 3                         }                 }         real_server 192.168.229.14 80 {                 weight 1                 TCP_CHECK {                         connect_timeout 3                         }                 } }  

      ​

• 6.master和backup上启动服务:

  • #systemctl enable keepalived
  • # systemctl start keepalived
  • #reboot

• 7.web服务器配置

  • web1和web2同配置

    • 安装web测试站点

      • yum install -y httpd && systemctl start httpd && systemctl enable httpd
      • netstat -antp | grep httpd
      • # elinks 127.0.0.1
      • vim /var/www/html/index.html
      • 自定义web主页，以便观察负载均衡结果

    • 配置虚拟地址

      • #cp /etc/sysconfig/network-scripts/{ifcfg-lo,ifcfg-lo:0} #vim /etc/sysconfig/network-scripts/ifcfg-lo:0 DEVICE=lo:0 IPADDR=192.168.229.100   #对外提供服务的地址 NETMASK=255.255.255.255 ONBOOT=yes 其他行注释掉 

    • 配置路由

      • route add 192.168.145.100 dev lo
      • 在两台机器（RS）上，添加一个路由：route add -host 192.168.145.100 dev lo 确保如果请求的目标IP是 V I P ，那么让出去的数据包的源地址也显示为 VIP，那么让出去的数据包的源地址也显示为 VIP，那么让出去的数据包的源地址也显示为VIP

    • 配置ARP

      • # vim /etc/sysctl.conf

        • net.ipv4.conf.all.arp_ignore = 1 net.ipv4.conf.all.arp_announce = 2 net.ipv4.conf.default.arp_ignore = 1 net.ipv4.conf.default.arp_announce = 2 net.ipv4.conf.lo.arp_ignore = 1 net.ipv4.conf.lo.arp_announce = 2 

          • 忽略arp请求 可以回复

    • reboot

• 8.测试：

  • 1）观察lvs路由条目

    • master上 查询 # ipvsadm -Ln

      • [root@dr1 ~]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags   -> RemoteAddress:Port           Forward Weight ActiveConn InActConn TCP  192.168.229.100:80 rr   -> 192.168.229.13:80            Route   1      0          0   -> 192.168.229.14:80            Route   1      0          0  

  • 2）观察vip地址在哪台机器上

    • master上 查询 # ip a

      • ens33:  inet 192.168.229.11/24 brd 192.168.229.255 scope global noprefixroute ens33 inet 192.168.229.100/24 scope global secondary ens33 

  • 3）客户端浏览器访问vip

  • 4）关闭master上的keepalived服务，再次访问vip

    • master上 关闭 # systemctl stop keepalived.service

  • 5）关闭web1站点服务，再次访问VIP

    • web1 # systemctl stop httpd