實作原理與部署
- 了解Keepalived實作原理
-
-
- 案件分析
- Keepalived工具介紹
- 實作原理剖析
- 解決問題拓撲圖
- Keepalived配置檔案解析
-
- 高可用LVS+Keepalived部署
-
-
- 網絡環境
- 配置主排程器 192.168.100.22
- 配置輔排程器 192.168.100.23
- 抓包看一下主/備排程器的VRRP
- 配置存儲伺服器:192.168.100.21
- 配置節點伺服器:192.168.100.24
- 配置節點伺服器:192.168.100.25
-
- 驗證結果
-
-
- (1)首先用筆記本浏覽器通路192.168.100.88看一下是否輪詢:以下為正确結果
- (2)抓包檢視誰是主排程器,隻需要看誰發VRRP封包即可:以下為正确結果
- (3)再次檢視備排程器是否能夠輪詢:以下為正确結果
- (4)打開筆記本CMD檢視192.168.100.88的MAC位址
- (5)CMD一直ping88,stop備排程器Keepalived服務看MAC位址是否切換
-
- 報錯集與排障
了解Keepalived實作原理
案件分析
在企業應用中,單台伺服器承擔應用存在單點故障的危險 |
---|
在企業應用叢集中,存在了至少兩處單點故障危險,單點故障一旦發生,企業服務将發生中斷,造成極大的危害 |
上面拓撲圖中,可以看到,在DR群集中,如果排程器down掉,那麼整個群集無法正常使用
Keepalived工具介紹
支援故障自動切換(Failover)
支援節點健康狀态檢查(Health Checking)
官方網站:http://www.keepalived.org/
實作原理剖析
Keepalived采用VRRP熱備份協定實作Linux伺服器的多機熱備功能
VRRP ,虛拟路由備援協定,是針對路由器的一種備份解決方案
1、由多台路由器組成一個熱備組,通過共用的虛拟IP位址對外提供服務 |
---|
2、每個熱備組内同一時刻隻有一台主路由器提供服務,其他路由器處于備援狀态 |
3、若目前線上的路由器失效,則其他路由器會根據設定的優先級自動接替虛拟IP位址,繼續提供服務 |
解決問題拓撲圖
Keepalived配置檔案解析
1.漂移位址: | 192.168.100.88 |
---|---|
主、備伺服器: | 192.168.100.22、192.168.100.23 |
提供的應用服務: | Web |
#########################################################################
2、配置檔案keepalived.conf | |
---|---|
全局設定: | global_defs { … } |
熱備設定: | vrrp_instance 執行個體名稱 { … } |
樣例檔案位于: | /etc/keepalived/samples/… |
#####################################################################
3、主伺服器配置 | |
---|---|
state: | 設定本節點狀态,MASTER、BACKUP |
priority: | 設定競選優先級,數值越大優先級越高 |
virtual_ipaddress { … }: | 設定漂移IP位址 |
########################################################################
4、備用伺服器配置 |
---|
router_id設為自有名稱 |
state設為BACKUP |
priority值低于主伺服器 |
#########################################################################
5、啟用keepalived服務 |
---|
主、備機中均啟用keepalived服務 |
其中優先級最高的裝置将獲得VIP的控制權 |
VIP位址會由keepalived自動設定 |
高可用LVS+Keepalived部署
網絡環境
IP位址規劃:
漂移位址(VIP): | 192.168.100.88 | ||
---|---|---|---|
主排程器: | 192.168.100.22 | 網關: | 192.168.100.1 |
輔排程器: | 192.168.100.23 | 網關: | 192.168.100.1 |
WEB伺服器1: | 192.168.100.24 | 網關: | 192.168.100.1 |
WEB伺服器2: | 192.168.100.25 | 網關: | 192.168.100.1 |
存儲伺服器: | 192.168.100.21 | 網關: | 192.168.100.1 |
實驗環境 |
---|
所有系統關閉防火牆,關閉核心防護 |
系統:Centos7.6 |
配置主排程器 192.168.100.22
#【1】調整/proc響應參數
[[email protected] network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
##生效
[[email protected] network-scripts]# sysctl -p
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
#【2】清除負載配置設定政策
[[email protected] /]# ipvsadm -C
#【3】調整keepalived參數
[[email protected] ~]# yum -y install keepalived ipvsadm
[[email protected] ~]# cd /etc/keepalived/
#備份原配置檔案
[[email protected] keepalived]# cp keepalived.conf keepalived.conf.bak
[[email protected] keepalived]# vi keepalived.conf
global_defs {
router_id HA_TEST_R1
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 1
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.100.88
}
}
virtual_server 192.168.100.88 80 {
delay_loop 15
lb_algo rr
lb_kind DR
persistence 60
protocol TCP
real_server 192.168.100.24 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
real_server 192.168.100.25 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
####啟動keepalived
[[email protected] keepalived]# systemctl start keepalived
####開機啟動keepalived
[[email protected] keepalived]# systemctl enable keepalived
####檢視主要制IP位址和漂移位址
[[email protected] keepalived]# ip addr show dev ens33
inet 192.168.100.22/24 brd 192.168.100.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.100.88/32 scope global ens33
配置輔排程器 192.168.100.23
【1】調整/proc響應參數
[[email protected] network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
#生效
[[email protected] network-scripts]# sysctl -p
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
【2】清除負載配置設定政策
[[email protected] /]# ipvsadm -C
【3】調整keepalived參數
[[email protected] ~]# yum -y install keepalived ipvsadm
[[email protected] ~]# cd /etc/keepalived/
[[email protected] keepalived]# cp keepalived.conf keepalived.conf.bak
[[email protected] keepalived]# vi keepalived.conf
global_defs {
router_id HA_TEST_R2
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 1
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.100.88
}
}
virtual_server 192.168.100.88 80 {
delay_loop 15
lb_algo rr
lb_kind DR
persistence 60
protocol TCP
real_server 192.168.100.24 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
real_server 192.168.100.25 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
####啟動keepalived
[[email protected] keepalived]# systemctl start keepalived
####開機啟動keepalived
[[email protected] keepalived]# systemctl enable keepalived
####檢視主要制IP位址和漂移位址,這裡是沒有虛拟192.168.100.88位址的
[[email protected] keepalived]# ip addr show dev ens33
inet 192.168.100.23/24 brd 192.168.100.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe44:b2a/64 scope link
valid_lft forever preferred_lft forever
抓包看一下主/備排程器的VRRP
這裡我們可以看到,現在192.168.100.22為主排程器
配置存儲伺服器:192.168.100.21
rpm -q nfs-utils ###如果沒裝,yum -y install nfs-utils
rpm -q rpcbind ###如果沒裝,yum -y install rpcbind
[[email protected] ~]# systemctl start nfs
[[email protected] ~]# systemctl start rpcbind
[[email protected] ~]# vi /etc/exports
/opt/51xit 192.168.100.0/24(rw,sync)
/opt/52xit 192.168.100.0/24(rw,sync)
[[email protected] ~]# systemctl restart nfs
[[email protected] ~]# systemctl restart rpcbind
[[email protected] ~]# systemctl enable nfs
[[email protected] ~]# systemctl enable rpcbind
[[email protected] ~]# mkdir /opt/51xit /opt/52xit
[[email protected] ~]# echo "51是我" >/opt/51xit/index.html
[[email protected] ~]# echo "我是52" >/opt/52xit/index.html
配置節點伺服器:192.168.100.24
【1】配置虛拟IP位址
[[email protected] ~]# cd /etc/sysconfig/network-scripts/
[[email protected] network-scripts]# cp ifcfg-lo ifcfg-lo:0
[[email protected] network-scripts]# vi ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.100.88
NETMASK=255.255.255.255
ONBOOT=yes
[[email protected] network-scripts]# ifup lo:0
[[email protected] network-scripts]# ifconfig
lo:0: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 192.168.100.10 netmask 255.255.255.255
loop txqueuelen 1000 (Local Loopback)
##這個相當于開機手動添加本地路由
[[email protected] network-scripts]# vi /etc/rc.local
/sbin/route add -host 192.168.100.88 dev lo:0
##我們需要手動添加本地192.168.100.88的路由,不然本機虛拟IP不能通路
[[email protected] network-scripts]# route add -host 192.168.100.88 dev lo:0
【2】調整/proc響應參數
[[email protected] network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[[email protected] network-scripts]# sysctl -p
【2】安裝httpd 挂載測試頁
[[email protected] ~]# showmount -e 192.168.100.21
Export list for 192.168.100.21:
/opt/51xit 192.168.100.0/24
/opt/52xit 192.168.100.0/24
[[email protected] ~]# yum -y install httpd
[[email protected] ~]# mount 192.168.100.21:/opt/51xit /var/www/html/
##永久挂載
[[email protected] ~]# vi /etc/fstab
192.168.100.21:/opt/51xit/ /var/www/html/ nfs rw,tcp,intr 0 1
[[email protected] ~]# systemctl start httpd
[[email protected] ~]# systemctl enable httpd
#關機重新開機看一下服務是否會掉
[[email protected] ~]# init6
##重新開機好以後,用筆記本的浏覽器通路一下是否正常
配置節點伺服器:192.168.100.25
【1】配置虛拟IP位址
[[email protected] ~]# cd /etc/sysconfig/network-scripts/
[[email protected] network-scripts]# cp ifcfg-lo ifcfg-lo:0
[[email protected] network-scripts]# vi ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.100.88
NETMASK=255.255.255.255
ONBOOT=yes
[[email protected] network-scripts]# ifup lo:0
[[email protected] network-scripts]# ifconfig
lo:0: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 192.168.100.88 netmask 255.255.255.255
loop txqueuelen 1000 (Local Loopback)
[[email protected] network-scripts]# vi /etc/rc.local
/sbin/route add -host 192.168.100.88 dev lo:0
[[email protected] network-scripts]# route add -host 192.168.100.88 dev lo:0
【2】調整/proc響應參數
[[email protected] network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[[email protected] network-scripts]# sysctl -p
【3】安裝httpd 挂載測試頁
[[email protected] ~]# showmount -e 192.168.100.21
Export list for 192.168.100.21:
/opt/51xit 192.168.100.0/24
/opt/52xit 192.168.100.0/24
[[email protected] ~]# yum -y install httpd
[[email protected] ~]# mount 192.168.100.21:/opt/52xit /var/www/html/
[[email protected] ~]# vi /etc/fstab
192.168.100.21:/opt/52xit/ /var/www/html/ nfs rw,tcp,intr 0 1
[[email protected] ~]# systemctl start httpd
[[email protected] ~]# systemctl enable httpd
###登入192.168.100.43測試網站是否正常####
驗證結果
(1)首先用筆記本浏覽器通路192.168.100.88看一下是否輪詢:以下為正确結果
清除浏覽器曆史記錄,關閉再重新打開通路88
(2)抓包檢視誰是主排程器,隻需要看誰發VRRP封包即可:以下為正确結果
這個時候 stop主排程器的Keepalived服務,檢視是否自動切換為192.168.100.23備排程器
(3)再次檢視備排程器是否能夠輪詢:以下為正确結果
清除浏覽器曆史記錄,關閉再重新打開通路88
(4)打開筆記本CMD檢視192.168.100.88的MAC位址
注意:此時我們在備排程器上,MAC位址應該是備排程器
可以看到是192.168.100.23主機的MAC位址,虛拟位址也在,沒有問題
(5)CMD一直ping88,stop備排程器Keepalived服務看MAC位址是否切換
這個逾時屬于正常現象,因為切換需要時間,掉包正常
MAC位址切換成功,虛拟位址切換成功,實驗成功
報錯集與排障
#(1)如果你之前配置了錯誤的ipvsadm,重新開機Keepalived後任然不能生效:
解決:[[email protected] /]# ipvsadm -C
#(2)如果你重新開機了WEB1或者WEB2的network,那麼你的本地192.168.100.88路由也會消失
解決:
手動添加:route add -host 192.168.100.10 dev lo:0
#(3)任何服務搭建完畢後,都應該init6重新開機,因為生産環境上線的機器是不能重新開機的
#以後一旦伺服器挂掉,開啟後服務不能正常運作,你再去排錯,還能記得嗎?