内容:
一:概念、原理
二:實驗過程
一、概念
一、keepalived原理及配置解析
keepalived:vrrp協定的實作
vrrp協定:virtual router redundancy protocol 即虛拟路由器備援協定
vrrp基本實作及工作流程:
VRRP通過在一組路由器(一個VRRP組)之間共享一個虛拟IP(VIP)解決靜态配置的問題,此時僅需要用戶端以VIP作為其預設網關即可。
如圖為一個基本的VLAN拓撲,其中,Device A、B、C共同組成一個VRRP組,其VIP為10.1.1.1,配置在路由器A的實體接口上,是以A為master路由器,B和C為backup路由器。
VRRP組中,master(路由器A)負責轉發發往VIP位址的封包,用戶端A、B、C都以此VIP作為其預設網關。一旦master故障,backup路由器B和C中具有最高優先級的路由器将成為master并接管VIP位址,而當原來的master路由器A重新上線時,如果工作在搶占模式下,其将重新成為master路由器。如果工作在非搶占模式下,其将作為backup路由器備用。
VRRP是一個“選舉”協定,它能夠動态地将一個虛拟路由器的責任指定至同一個VRRP組中的其它路由器上,進而消除了靜态路由配置的單點故障。
VRRP術語:
VRRP虛拟路由(VRRP router):由一個master路由器和多個backup路由器組成,主機将虛拟路由器作為預設網關。
VRID(虛拟路由器标志):同一個虛拟路由器VRID必須唯一。
master路由器:虛拟路由器中承擔封包轉發任務的路由器。
backup路由器:master路由器故障時,能夠接替master路由器工作的路由器。
優先級:vrrp根據優先級高低确定虛拟路由器組中每台路由器地位。
IP位址擁有者(IP Address Owner):如果一個VRRP裝置将虛拟路由器IP位址作為真實的接口位址,則該裝置被稱為IP位址擁有者。如果IP位址擁有者是可用的,通常它将成為Master。
搶占模式:backup路由器工作于該模式下時,當它收到vrrp封包後,會将自身優先級與封包中的優先級作比較,如果自身優先級高,則會主動搶占成為master路由器,否則維持原狀。
非搶占模式:backup路由器工作于該模式下時,隻要master路由器不出現故障,則維持原狀。
VRRP的優勢:
備援:可以使用多個路由器裝置作為LAN用戶端的預設網關,大大降低了預設網關成為單點故障的可能性;
負載共享:允許來自LAN用戶端的流量由多個路由器裝置所共享;
多VRRP組:在一個路由器實體接口上可配置多達255個VRRP組;
多IP位址:基于接口别名在同一個實體接口上配置多個IP位址,進而支援在同一個實體接口上接入多個子網;
搶占:在master故障時允許優先級更高的backup成為master;
通告協定:使用IANA所指定的多點傳播位址224.0.0.18進行VRRP通告;
VRRP追蹤:基于接口狀态來改變其VRRP優先級來确定最佳的VRRP路由器成為master;
二、實驗過程
實驗拓撲圖:
先配置好基本環境 (關閉防火牆、selinux政策禁用等)
雙主配置
一、單主模式即一台為主節點,一台為從節點 (雙主模型是兩台伺服器互為主備,即一台為主備,另一台為備主(配置檔案内容相反),讓兩台伺服器并行運作,也可以實作減輕單台keepalived主機上的壓力。 雙主模型需要注意此時需要有2個VIP位址)
先配置路由器99.120 ,在上面開啟路由轉發功能,使其都能互通
[root@centos7 ~]# echo \'net.ipv4.ip_forward = 1\' >> /etc/sysctl.conf
[root@centos7 ~]# sysctl -p
net.ipv4.ip_forward = 1 在99.130、140主機上安裝軟體
① 安裝軟體包
[root@centos7 ~]# yum install -y lvsadm keepalived keepalived配置檔案詳解
notification_email { #郵件通知機制,當keepalived發生故障時,進行發郵件通知
[email protected] #可以将其修改也可以将其改為本機
}
notification_email_from [email protected] #郵件從哪裡發出去
smtp_server 127.0.0.1 #本機的smtp伺服器位址
smtp_connect_timeout 30 #smtp的連接配接逾時時長
router_id n1.mylinuxops.com #虛拟路由的表示符一般寫本機,確定每個節點都不相同
vrrp_skip_check_adv_addr #跳過檢查資料封包,預設會檢查。
vrrp_strict #嚴格遵循vrrp協定,沒有vip,單點傳播位址,ipv6位址将無法啟動
vrrp_iptables #不生成iptables規則
vrrp_mcast_group4 224.0.0.18 #多點傳播,預設情況下向224.0.0.18發送多點傳播消息
vrrp_garp_interval 0 #arp封包發送延遲
vrrp_gna_interval 0 #消息發送延遲
}
vrrp_instance VI_1 { #配置執行個體的名稱
state BACKUP #伺服器角色
nopreempt #關閉VIP的搶占,state都為BACKUP時生效。
interface eth0 #預設的接口
virtual_router_id 66 #虛拟路由ID
priority 80 #優先級
advert_int 2 #探測時間
authentication { #認證方式
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { #虛拟的IP位址,将位址綁定在哪個網卡上,子接口是哪個
192.168.99.188 dev eth0 label eth0:1
}
} ②編輯99.130主機keepalived主的配置檔案/etc/keepalived/keepalived.conf
[root@centos7 ~]# cd /etc/keepalived/
[root@centos7 keepalived]#ls
keepalived.conf
[root@centos7 keepalived]# cp keepalived.conf keepalived.conf.bak
[root@centos7 keepalived]# cat keepalived.conf global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id s1.peter.com
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 66
priority 100
advert_int 2
authentication {
auth_type PASS
auth_pass 1111
}
unicast_src_ip 192.168.99.130 label eth0:0
unicast_peer {
192.168.99.140
}
virtual_ipaddress {
192.168.99.188 dev eth0 label eth0:0
192.168.99.189 dev eth0 label eth0:1
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 77
priority 80
advert_int 2
authentication {
auth_type PASS
auth_pass 1111
}
unicast_src_ip 192.168.99.130 label eth0:0
unicast_peer {
192.168.99.140
}
virtual_ipaddress {
192.168.99.200 dev eth0 label eth0:2
192.168.99.201 dev eth0 label eth0:3
}
} ③ 編輯從節點99.140的配置檔案
[root@centos7 keepalived]# vim keepalived.conf
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id s1.peter.com
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 66
priority 80
advert_int 2
authentication {
auth_type PASS
auth_pass 1111
}
unicast_src_ip 192.168.99.140 label eth0:0
unicast_peer {
192.168.99.130
}
virtual_ipaddress {
192.168.99.188 dev eth0 label eth0:0
192.168.99.189 dev eth0 label eth0:1
}
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 77
priority 80
advert_int 2
authentication {
auth_type PASS
auth_pass 1111
}
unicast_src_ip 192.168.99.140 label eth0:0
unicast_peer {
192.168.99.130
}
virtual_ipaddress {
192.168.99.200 dev eth0 label eth0:2
192.168.99.201 dev eth0 label eth0:3
}
} ④ 先啟動從節點的keepalived服務并檢視日志(因為此時主節點還沒有啟動服務是以從節點的兩個執行個體配置都會變為MASTER,也應該會有4個vip位址綁定在本機eth0網卡)
[root@centos7 keepalived]#systemctl restart keepalived ;tail -f /var/log/messages
Aug 12 22:13:10 centos7 Keepalived_vrrp[7238]: Stopped
Aug 12 22:13:10 centos7 systemd: Stopped LVS and VRRP High Availability Monitor.
Aug 12 22:13:10 centos7 Keepalived[7236]: Stopped Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2
Aug 12 22:13:14 centos7 systemd: Starting LVS and VRRP High Availability Monitor...
Aug 12 22:13:14 centos7 Keepalived[7252]: Starting Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2
Aug 12 22:13:14 centos7 Keepalived[7252]: Opening file \'/etc/keepalived/keepalived.conf\'.
Aug 12 22:13:14 centos7 systemd: PID file /var/run/keepalived.pid not readable (yet?) after start.
Aug 12 22:13:14 centos7 Keepalived[7253]: Starting Healthcheck child process, pid=7254
Aug 12 22:13:14 centos7 Keepalived[7253]: Starting VRRP child process, pid=7255
Aug 12 22:13:14 centos7 systemd: Started LVS and VRRP High Availability Monitor.
Aug 12 22:13:14 centos7 Keepalived_healthcheckers[7254]: Opening file \'/etc/keepalived/keepalived.conf\'.
Aug 12 22:13:14 centos7 Keepalived_vrrp[7255]: Registering Kernel netlink reflector
Aug 12 22:13:14 centos7 Keepalived_vrrp[7255]: Registering Kernel netlink command channel
Aug 12 22:13:14 centos7 Keepalived_vrrp[7255]: Registering gratuitous ARP shared channel
Aug 12 22:13:14 centos7 Keepalived_vrrp[7255]: Opening file \'/etc/keepalived/keepalived.conf\'.
Aug 12 22:13:14 centos7 Keepalived_vrrp[7255]: VRRP_Instance(VI_1) removing protocol VIPs.
Aug 12 22:13:14 centos7 Keepalived_vrrp[7255]: VRRP_Instance(VI_2) removing protocol VIPs.
Aug 12 22:13:14 centos7 Keepalived_vrrp[7255]: Using LinkWatch kernel netlink reflector...
Aug 12 22:13:14 centos7 Keepalived_vrrp[7255]: VRRP_Instance(VI_1) Entering BACKUP STATE
Aug 12 22:13:14 centos7 Keepalived_vrrp[7255]: VRRP sockpool: [ifindex(2), proto(112), unicast(1), fd(10,11)]
Aug 12 22:13:16 centos7 Keepalived_vrrp[7255]: VRRP_Instance(VI_2) Transition to MASTER STATE
Aug 12 22:13:18 centos7 Keepalived_vrrp[7255]: VRRP_Instance(VI_2) Entering MASTER STATE
Aug 12 22:13:18 centos7 Keepalived_vrrp[7255]: VRRP_Instance(VI_2) setting protocol VIPs.
Aug 12 22:13:18 centos7 Keepalived_vrrp[7255]: Sending gratuitous ARP on eth0 for 192.168.99.200
Aug 12 22:13:18 centos7 Keepalived_vrrp[7255]: VRRP_Instance(VI_2) Sending/queueing gratuitous ARPs on eth0 for 192.168.99.200
Aug 12 22:13:18 centos7 Keepalived_vrrp[7255]: Sending gratuitous ARP on eth0 for 192.168.99.201
Aug 12 22:13:18 centos7 Keepalived_vrrp[7255]: VRRP_Instance(VI_2) Sending/queueing gratuitous ARPs on eth0 for 192.168.99.201
Aug 12 22:13:18 centos7 Keepalived_vrrp[7255]: Sending gratuitous ARP on eth0 for 192.168.99.200
Aug 12 22:13:18 centos7 Keepalived_vrrp[7255]: Sending gratuitous ARP on eth0 for 192.168.99.201
Aug 12 22:13:20 centos7 Keepalived_vrrp[7255]: VRRP_Instance(VI_1) Transition to MASTER STATE
Aug 12 22:13:22 centos7 Keepalived_vrrp[7255]: VRRP_Instance(VI_1) Entering MASTER STATE
Aug 12 22:13:22 centos7 Keepalived_vrrp[7255]: VRRP_Instance(VI_1) setting protocol VIPs.
Aug 12 22:13:22 centos7 Keepalived_vrrp[7255]: Sending gratuitous ARP on eth0 for 192.168.99.188
Aug 12 22:13:22 centos7 Keepalived_vrrp[7255]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on eth0 for 192.168.99.188
Aug 12 22:13:22 centos7 Keepalived_vrrp[7255]: Sending gratuitous ARP on eth0 for 192.168.99.189
Aug 12 22:13:22 centos7 Keepalived_vrrp[7255]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on eth0 for 192.168.99.189
Aug 12 22:13:22 centos7 Keepalived_vrrp[7255]: Sending gratuitous ARP on eth0 for 192.168.99.188
Aug 12 22:13:22 centos7 Keepalived_vrrp[7255]: Sending gratuitous ARP on eth0 for 192.168.99.189
Aug 12 22:13:23 centos7 Keepalived_vrrp[7255]: Sending gratuitous ARP on eth0 for 192.168.99.200
Aug 12 22:13:23 centos7 Keepalived_vrrp[7255]: VRRP_Instance(VI_2) Sending/queueing gratuitous ARPs on eth0 for 192.168.99.200
Aug 12 22:13:23 centos7 Keepalived_vrrp[7255]: Sending gratuitous ARP on eth0 for 192.168.99.201
Aug 12 22:13:23 centos7 Keepalived_vrrp[7255]: VRRP_Instance(VI_2) Sending/queueing gratuitous ARPs on eth0 for 192.168.99.201
Aug 12 22:13:23 centos7 Keepalived_vrrp[7255]: Sending gratuitous ARP on eth0 for 192.168.99.200
Aug 12 22:13:23 centos7 Keepalived_vrrp[7255]: Sending gratuitous ARP on eth0 for 192.168.99.201
Aug 12 22:13:27 centos7 Keepalived_vrrp[7255]: Sending gratuitous ARP on eth0 for 192.168.99.188
Aug 12 22:13:27 centos7 Keepalived_vrrp[7255]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on eth0 for 192.168.99.188
Aug 12 22:13:27 centos7 Keepalived_vrrp[7255]: Sending gratuitous ARP on eth0 for 192.168.99.189
Aug 12 22:13:27 centos7 Keepalived_vrrp[7255]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on eth0 for 192.168.99.189
Aug 12 22:13:27 centos7 Keepalived_vrrp[7255]: Sending gratuitous ARP on eth0 for 192.168.99.189
Aug 12 22:13:27 centos7 Keepalived_vrrp[7255]: Sending gratuitous ARP on eth0 for 192.168.99.188
Aug 12 22:13:27 centos7 Keepalived_vrrp[7255]: Sending gratuitous ARP on eth0 for 1 ⑤ 檢視本地eth0網卡是否有4個VIP的位址
⑥ 此時如果開啟主節點的keepalived,vip位址就會自動被移除,并變為backup狀态
[root@centos7 keepalived]# tail -f /var/log/messages
Aug 12 21:54:20 centos7 Keepalived_vrrp[7156]: Sending gratuitous ARP on eth0 for 192.168.99.188
Aug 12 21:54:20 centos7 Keepalived_vrrp[7156]: Sending gratuitous ARP on eth0 for 192.168.99.188
Aug 12 21:54:20 centos7 Keepalived_vrrp[7156]: Sending gratuitous ARP on eth0 for 192.168.99.188
Aug 12 21:54:20 centos7 Keepalived_vrrp[7156]: Sending gratuitous ARP on eth0 for 192.168.99.188
Aug 12 21:54:25 centos7 Keepalived_vrrp[7156]: Sending gratuitous ARP on eth0 for 192.168.99.188
Aug 12 21:54:25 centos7 Keepalived_vrrp[7156]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on eth0 for 192.168.99.188
Aug 12 21:54:25 centos7 Keepalived_vrrp[7156]: Sending gratuitous ARP on eth0 for 192.168.99.188
Aug 12 21:54:25 centos7 Keepalived_vrrp[7156]: Sending gratuitous ARP on eth0 for 192.168.99.188
Aug 12 21:54:25 centos7 Keepalived_vrrp[7156]: Sending gratuitous ARP on eth0 for 192.168.99.188
Aug 12 21:54:25 centos7 Keepalived_vrrp[7156]: Sending gratuitous ARP on eth0 for 192.168.99.188
Aug 12 21:55:16 centos7 Keepalived_vrrp[7156]: VRRP_Instance(VI_1) Received advert with higher priority 100, ours 80
Aug 12 21:55:16 centos7 Keepalived_vrrp[7156]: VRRP_Instance(VI_1) Entering BACKUP STATE # 狀态從master變為backup
Aug 12 21:55:16 centos7 Keepalived_vrrp[7156]: VRRP_Instance(VI_1) removing protocol VIPs. # 并且自動移除了vip的位址,vip位址就飄到了主節點上的eth0網卡上 此時的模式配置是搶占模式,即當主節點啟動後vip就會被搶過來,從節點又淪為backup模式
二、配置為不搶占模式
1、兩個節點同樣配置
[root@centos7 keepalived]# vim keepalived.conf
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id s1.peter.com
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP #狀态都配置為BACKUP
interface eth0
virtual_router_id 66
priority 100
advert_int 2
nopreempt #配置不搶占
authentication {
auth_type PASS
auth_pass 1111
}
unicast_src_ip 192.168.99.130 label eth0:0
unicast_peer {
192.168.99.140
}
virtual_ipaddress {
192.168.99.188 dev eth0 label eth0:0
192.168.99.189 dev eth0 label eth0:1
}
}
vrrp_instance VI_2 {
state BACKUP #改為BACKUP
interface eth0
virtual_router_id 77
priority 80
advert_int 2
nopreempt #同樣配置
authentication {
auth_type PASS
auth_pass 1111
}
unicast_src_ip 192.168.99.130 label eth0:0
unicast_peer {
192.168.99.140
}
virtual_ipaddress {
192.168.99.200 dev eth0 label eth0:2
192.168.99.201 dev eth0 label eth0:3
}
} 此時當一個節點挂掉後,vip就會飄到另一台機器上,當原先的節點恢複工作後也不會搶回vip的位址
三、keepalived和lvs實作IPVS
環境利用上面的環境
1、配置後端兩個RS伺服器,都安裝httpd,并配置測試的首頁面
[root@centos7 ~]# yum install -y httpd
[root@centos7 ~]# echo RS1_99.150_test-Pages > /var/www/html/index.html 2、配置keepalived添加virtual_server段,兩台同樣配置
[root@centos7 keepalived]# vim keepalived.conf
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id s1.peter.com
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 66
priority 100
advert_int 2
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
unicast_src_ip 192.168.99.130 label eth0:0
unicast_peer {
192.168.99.140
}
virtual_ipaddress {
192.168.99.188/24 dev eth0 label eth0:0
#192.168.99.189 dev eth0 label eth0:1
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 77
priority 80
advert_int 2
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
unicast_src_ip 192.168.99.130 label eth0:0
unicast_peer {
192.168.99.140
}
virtual_ipaddress {
192.168.99.200/24 dev eth0 label eth0:2
#192.168.99.201 dev eth0 label eth0:3
}
}
virtual_server 192.168.99.188 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
protocol TCP
real_server 192.168.99.150 80 {
weight 1
TCP_CHECK { #對後端伺服器做tcp的監測
connect_timeout 5 #定義連接配接逾時時長
retry 3 #重試次數
delay_before_retry 3 #每次重試的間隔時間
connect_port 80 #監測的端口
}
}
real_server 192.168.99.160 80 {
weight 1
TCP_CHECK {
connect_timeout 5
retry 3
delay_before_retry 3
connect_port 80
}
}
} 2、配置完keepalived後重新開機服務即可,keepalived會自動添加lvs政策
此時配置就基本完成了,還剩最後一步
3、需要把vip的位址綁定在後端web的lo網卡上,并且需要配置一下關閉自動應答,如果不關閉就會位址沖突,寫個腳本實作
兩個web端都需要配置
[root@centos7 hx]# vim lvs_dr_rs.sh
#!/bin/bash
#Author:Peter Xu
#Date:2019-08-13
vip=192.168.99.188
mask=\'255.255.255.255\'
dev=lo:1
#rpm -q httpd &> /dev/null || yum -y install httpd &>/dev/null
#service httpd start &> /dev/null && echo "The httpd Server is Ready!"
#echo "<h1>`hostname`</h1>" > /var/www/html/index.html
case $1 in
start)
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig $dev $vip netmask $mask #broadcast $vip up
#route add -host $vip dev $dev
echo "The RS Server is Ready!"
;;
stop)
ifconfig $dev down
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "The RS Server is Canceled!"
;;
*)
echo "Usage: $(basename $0) start|stop"
exit 1
;;
esac
[root@centos7 hx]# sh lvs_dr_rs.sh start #執行腳本即可完成配置
The RS Server is Ready! 4、最後我們通過用戶端進行測試通路,我們配置的lvs政策是輪詢(友善看效果)
通路成功了
實驗完成