天天看點
傳回

LVS——Keepalived群集理論知識+高可用實驗部署(抓包論證和排障)了解Keepalived實作原理高可用LVS+Keepalived部署驗證結果報錯集與排障

實作原理與部署

  • 了解Keepalived實作原理
      • 案件分析
      • Keepalived工具介紹
      • 實作原理剖析
      • 解決問題拓撲圖
      • Keepalived配置檔案解析
  • 高可用LVS+Keepalived部署
      • 網絡環境
      • 配置主排程器 192.168.100.22
      • 配置輔排程器 192.168.100.23
      • 抓包看一下主/備排程器的VRRP
      • 配置存儲伺服器:192.168.100.21
      • 配置節點伺服器:192.168.100.24
      • 配置節點伺服器:192.168.100.25
  • 驗證結果
      • (1)首先用筆記本浏覽器通路192.168.100.88看一下是否輪詢:以下為正确結果
      • (2)抓包檢視誰是主排程器,隻需要看誰發VRRP封包即可:以下為正确結果
      • (3)再次檢視備排程器是否能夠輪詢:以下為正确結果
      • (4)打開筆記本CMD檢視192.168.100.88的MAC位址
      • (5)CMD一直ping88,stop備排程器Keepalived服務看MAC位址是否切換
  • 報錯集與排障

了解Keepalived實作原理

案件分析

在企業應用中,單台伺服器承擔應用存在單點故障的危險
在企業應用叢集中,存在了至少兩處單點故障危險,單點故障一旦發生,企業服務将發生中斷,造成極大的危害
LVS——Keepalived群集理論知識+高可用實驗部署(抓包論證和排障)了解Keepalived實作原理高可用LVS+Keepalived部署驗證結果報錯集與排障

上面拓撲圖中,可以看到,在DR群集中,如果排程器down掉,那麼整個群集無法正常使用

Keepalived工具介紹

支援故障自動切換(Failover)

支援節點健康狀态檢查(Health Checking)

官方網站:http://www.keepalived.org/

實作原理剖析

Keepalived采用VRRP熱備份協定實作Linux伺服器的多機熱備功能

VRRP ,虛拟路由備援協定,是針對路由器的一種備份解決方案

1、由多台路由器組成一個熱備組,通過共用的虛拟IP位址對外提供服務
2、每個熱備組内同一時刻隻有一台主路由器提供服務,其他路由器處于備援狀态
3、若目前線上的路由器失效,則其他路由器會根據設定的優先級自動接替虛拟IP位址,繼續提供服務
LVS——Keepalived群集理論知識+高可用實驗部署(抓包論證和排障)了解Keepalived實作原理高可用LVS+Keepalived部署驗證結果報錯集與排障

解決問題拓撲圖

LVS——Keepalived群集理論知識+高可用實驗部署(抓包論證和排障)了解Keepalived實作原理高可用LVS+Keepalived部署驗證結果報錯集與排障

Keepalived配置檔案解析

1.漂移位址: 192.168.100.88
主、備伺服器: 192.168.100.22、192.168.100.23
提供的應用服務: Web

#########################################################################

2、配置檔案keepalived.conf
全局設定: global_defs { … }
熱備設定: vrrp_instance 執行個體名稱 { … }
樣例檔案位于: /etc/keepalived/samples/…

#####################################################################

3、主伺服器配置
state: 設定本節點狀态,MASTER、BACKUP
priority: 設定競選優先級,數值越大優先級越高
virtual_ipaddress { … }: 設定漂移IP位址

########################################################################

4、備用伺服器配置
router_id設為自有名稱
state設為BACKUP
priority值低于主伺服器

#########################################################################

5、啟用keepalived服務
主、備機中均啟用keepalived服務
其中優先級最高的裝置将獲得VIP的控制權
VIP位址會由keepalived自動設定

高可用LVS+Keepalived部署

網絡環境

IP位址規劃:

漂移位址(VIP): 192.168.100.88
主排程器: 192.168.100.22 網關: 192.168.100.1
輔排程器: 192.168.100.23 網關: 192.168.100.1
WEB伺服器1: 192.168.100.24 網關: 192.168.100.1
WEB伺服器2: 192.168.100.25 網關: 192.168.100.1
存儲伺服器: 192.168.100.21 網關: 192.168.100.1
實驗環境
所有系統關閉防火牆,關閉核心防護
系統:Centos7.6

配置主排程器 192.168.100.22 

#【1】調整/proc響應參數
[[email protected] network-scripts]# vi /etc/sysctl.conf 
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0

##生效
[[email protected] network-scripts]# sysctl -p     
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0  
      
#【2】清除負載配置設定政策
[[email protected] /]# ipvsadm -C

#【3】調整keepalived參數
[[email protected] ~]# yum -y install keepalived ipvsadm
[[email protected] ~]# cd /etc/keepalived/

#備份原配置檔案
[[email protected] keepalived]# cp keepalived.conf keepalived.conf.bak
[[email protected] keepalived]# vi keepalived.conf

global_defs {
   router_id HA_TEST_R1
}
vrrp_instance VI_1 {
   state MASTER
   interface ens33
   virtual_router_id 1
   priority 100
   advert_int 1
   authentication {
      auth_type PASS
      auth_pass 123456
   }
   virtual_ipaddress {
      192.168.100.88
   }
}

virtual_server 192.168.100.88 80 {
    delay_loop 15
    lb_algo rr
    lb_kind DR
    persistence 60
    protocol TCP

    real_server 192.168.100.24 80 {
        weight 1
        TCP_CHECK {
	    connect_port 80
	    connect_timeout 3
	    nb_get_retry 3
	    delay_before_retry 4
	}
    }
    real_server 192.168.100.25 80 {
        weight 1
        TCP_CHECK {
	    connect_port 80
	    connect_timeout 3
	    nb_get_retry 3
	    delay_before_retry 4
	}
    }
}
####啟動keepalived
[[email protected] keepalived]# systemctl start keepalived      

####開機啟動keepalived
[[email protected] keepalived]# systemctl enable keepalived       

####檢視主要制IP位址和漂移位址          
[[email protected] keepalived]# ip addr show dev ens33
             
inet 192.168.100.22/24 brd 192.168.100.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet 192.168.100.88/32 scope global ens33

配置輔排程器 192.168.100.23 

【1】調整/proc響應參數
[[email protected] network-scripts]# vi /etc/sysctl.conf 
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0

#生效
[[email protected] network-scripts]# sysctl -p  
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0  
      
【2】清除負載配置設定政策
[[email protected] /]# ipvsadm -C


【3】調整keepalived參數
[[email protected] ~]# yum -y install keepalived ipvsadm
[[email protected] ~]# cd /etc/keepalived/
[[email protected] keepalived]# cp keepalived.conf keepalived.conf.bak
[[email protected] keepalived]# vi keepalived.conf
global_defs {
   router_id HA_TEST_R2
}
vrrp_instance VI_1 {
   state BACKUP
   interface ens33
   virtual_router_id 1
   priority 99
   advert_int 1
   authentication {
      auth_type PASS
      auth_pass 123456
   }
   virtual_ipaddress {
      192.168.100.88
   }
}

virtual_server 192.168.100.88 80 {
    delay_loop 15
    lb_algo rr
    lb_kind DR
    persistence 60
    protocol TCP

    real_server 192.168.100.24 80 {
        weight 1
        TCP_CHECK {
	    connect_port 80
	    connect_timeout 3
	    nb_get_retry 3
	    delay_before_retry 4
	}
    }
    real_server 192.168.100.25 80 {
        weight 1
        TCP_CHECK {
	    connect_port 80
	    connect_timeout 3
	    nb_get_retry 3
	    delay_before_retry 4
	}
    }
}

####啟動keepalived
[[email protected] keepalived]# systemctl start keepalived 

####開機啟動keepalived        
[[email protected] keepalived]# systemctl enable keepalived

####檢視主要制IP位址和漂移位址,這裡是沒有虛拟192.168.100.88位址的
[[email protected] keepalived]# ip addr show dev ens33
 inet 192.168.100.23/24 brd 192.168.100.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe44:b2a/64 scope link 
       valid_lft forever preferred_lft forever

抓包看一下主/備排程器的VRRP

LVS——Keepalived群集理論知識+高可用實驗部署(抓包論證和排障)了解Keepalived實作原理高可用LVS+Keepalived部署驗證結果報錯集與排障

這裡我們可以看到,現在192.168.100.22為主排程器

配置存儲伺服器:192.168.100.21 

rpm -q nfs-utils    ###如果沒裝,yum -y install nfs-utils
rpm -q rpcbind      ###如果沒裝,yum -y install rpcbind
[[email protected] ~]# systemctl start nfs
[[email protected] ~]# systemctl start rpcbind

[[email protected] ~]# vi /etc/exports
/opt/51xit 192.168.100.0/24(rw,sync)
/opt/52xit 192.168.100.0/24(rw,sync)

[[email protected] ~]# systemctl restart nfs
[[email protected] ~]# systemctl restart rpcbind
[[email protected] ~]# systemctl enable nfs
[[email protected] ~]# systemctl enable rpcbind
[[email protected] ~]# mkdir /opt/51xit /opt/52xit
[[email protected] ~]# echo "51是我" >/opt/51xit/index.html
[[email protected] ~]# echo "我是52" >/opt/52xit/index.html

配置節點伺服器:192.168.100.24 

【1】配置虛拟IP位址
[[email protected] ~]# cd /etc/sysconfig/network-scripts/
[[email protected] network-scripts]# cp ifcfg-lo ifcfg-lo:0
[[email protected] network-scripts]# vi ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.100.88
NETMASK=255.255.255.255
ONBOOT=yes

[[email protected] network-scripts]# ifup lo:0
[[email protected] network-scripts]# ifconfig
lo:0: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 192.168.100.10  netmask 255.255.255.255
        loop  txqueuelen 1000  (Local Loopback)

##這個相當于開機手動添加本地路由
[[email protected] network-scripts]# vi /etc/rc.local 
/sbin/route add -host 192.168.100.88 dev lo:0

##我們需要手動添加本地192.168.100.88的路由,不然本機虛拟IP不能通路
[[email protected] network-scripts]# route add -host 192.168.100.88 dev lo:0

【2】調整/proc響應參數
[[email protected] network-scripts]# vi /etc/sysctl.conf 
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2

[[email protected] network-scripts]# sysctl -p

【2】安裝httpd 挂載測試頁
[[email protected] ~]# showmount -e 192.168.100.21
Export list for 192.168.100.21:
/opt/51xit 192.168.100.0/24
/opt/52xit 192.168.100.0/24

[[email protected] ~]# yum -y install httpd
[[email protected] ~]# mount 192.168.100.21:/opt/51xit /var/www/html/

##永久挂載
[[email protected] ~]# vi /etc/fstab 
192.168.100.21:/opt/51xit/ /var/www/html/        nfs     rw,tcp,intr     0 1      

[[email protected] ~]# systemctl start httpd
[[email protected] ~]# systemctl enable httpd

#關機重新開機看一下服務是否會掉
[[email protected] ~]# init6 


##重新開機好以後,用筆記本的浏覽器通路一下是否正常

配置節點伺服器:192.168.100.25 

【1】配置虛拟IP位址
[[email protected] ~]# cd /etc/sysconfig/network-scripts/
[[email protected] network-scripts]# cp ifcfg-lo ifcfg-lo:0
[[email protected] network-scripts]# vi ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.100.88
NETMASK=255.255.255.255
ONBOOT=yes

[[email protected] network-scripts]# ifup lo:0
[[email protected] network-scripts]# ifconfig

lo:0: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 192.168.100.88  netmask 255.255.255.255
        loop  txqueuelen 1000  (Local Loopback)

[[email protected] network-scripts]# vi /etc/rc.local 
/sbin/route add -host 192.168.100.88 dev lo:0

[[email protected] network-scripts]# route add -host 192.168.100.88 dev lo:0

【2】調整/proc響應參數
[[email protected] network-scripts]# vi /etc/sysctl.conf 
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2

[[email protected] network-scripts]# sysctl -p


【3】安裝httpd 挂載測試頁
[[email protected] ~]# showmount -e 192.168.100.21 
Export list for 192.168.100.21:
/opt/51xit 192.168.100.0/24
/opt/52xit 192.168.100.0/24

[[email protected] ~]# yum -y install httpd
[[email protected] ~]# mount 192.168.100.21:/opt/52xit /var/www/html/
[[email protected] ~]# vi /etc/fstab 
192.168.100.21:/opt/52xit/ /var/www/html/        nfs     rw,tcp,intr     0 1     

[[email protected] ~]# systemctl start httpd
[[email protected] ~]# systemctl enable httpd

###登入192.168.100.43測試網站是否正常####

驗證結果

(1)首先用筆記本浏覽器通路192.168.100.88看一下是否輪詢:以下為正确結果

LVS——Keepalived群集理論知識+高可用實驗部署(抓包論證和排障)了解Keepalived實作原理高可用LVS+Keepalived部署驗證結果報錯集與排障

清除浏覽器曆史記錄,關閉再重新打開通路88

LVS——Keepalived群集理論知識+高可用實驗部署(抓包論證和排障)了解Keepalived實作原理高可用LVS+Keepalived部署驗證結果報錯集與排障

(2)抓包檢視誰是主排程器,隻需要看誰發VRRP封包即可:以下為正确結果

LVS——Keepalived群集理論知識+高可用實驗部署(抓包論證和排障)了解Keepalived實作原理高可用LVS+Keepalived部署驗證結果報錯集與排障

這個時候 stop主排程器的Keepalived服務,檢視是否自動切換為192.168.100.23備排程器

LVS——Keepalived群集理論知識+高可用實驗部署(抓包論證和排障)了解Keepalived實作原理高可用LVS+Keepalived部署驗證結果報錯集與排障

(3)再次檢視備排程器是否能夠輪詢:以下為正确結果

LVS——Keepalived群集理論知識+高可用實驗部署(抓包論證和排障)了解Keepalived實作原理高可用LVS+Keepalived部署驗證結果報錯集與排障

清除浏覽器曆史記錄,關閉再重新打開通路88

LVS——Keepalived群集理論知識+高可用實驗部署(抓包論證和排障)了解Keepalived實作原理高可用LVS+Keepalived部署驗證結果報錯集與排障

(4)打開筆記本CMD檢視192.168.100.88的MAC位址

注意:此時我們在備排程器上,MAC位址應該是備排程器

LVS——Keepalived群集理論知識+高可用實驗部署(抓包論證和排障)了解Keepalived實作原理高可用LVS+Keepalived部署驗證結果報錯集與排障
LVS——Keepalived群集理論知識+高可用實驗部署(抓包論證和排障)了解Keepalived實作原理高可用LVS+Keepalived部署驗證結果報錯集與排障

可以看到是192.168.100.23主機的MAC位址,虛拟位址也在,沒有問題

(5)CMD一直ping88,stop備排程器Keepalived服務看MAC位址是否切換

LVS——Keepalived群集理論知識+高可用實驗部署(抓包論證和排障)了解Keepalived實作原理高可用LVS+Keepalived部署驗證結果報錯集與排障

這個逾時屬于正常現象,因為切換需要時間,掉包正常

LVS——Keepalived群集理論知識+高可用實驗部署(抓包論證和排障)了解Keepalived實作原理高可用LVS+Keepalived部署驗證結果報錯集與排障
LVS——Keepalived群集理論知識+高可用實驗部署(抓包論證和排障)了解Keepalived實作原理高可用LVS+Keepalived部署驗證結果報錯集與排障

MAC位址切換成功,虛拟位址切換成功,實驗成功

報錯集與排障 

#(1)如果你之前配置了錯誤的ipvsadm,重新開機Keepalived後任然不能生效:
解決:[[email protected] /]# ipvsadm -C

#(2)如果你重新開機了WEB1或者WEB2的network,那麼你的本地192.168.100.88路由也會消失
解決:
手動添加:route add -host 192.168.100.10 dev lo:0

#(3)任何服務搭建完畢後,都應該init6重新開機,因為生産環境上線的機器是不能重新開機的
#以後一旦伺服器挂掉,開啟後服務不能正常運作,你再去排錯,還能記得嗎?
DR模式 排錯 lvs 運維
上一篇: gtest使用入門(6)-win下使用vscode和cmake建構
下一篇: UVALive 2522 Chocolate(機率DP)

繼續閱讀