0

点赞

收藏

分享

Keepalived高可用集群

目标践行者 2024-11-18 阅读 23

标签: 高可用 vim 服务器 Keepalived 运维

Keepalived概述

概念

keepalived 是Linux下一个轻量级的高可用解决方案

主要是通过虚拟路由冗余协议(VRRP)来实现高可用功能

Virtual Router Redundancy Protocol

起初就是为了补充LVS功能而设计的，用于监控LVS集群内后端真实服务器状态

后来加入了VRRP的功能，它出现的目的是为了解决静态路由出现的单点故障问题

功能

LVS规则管理

LVS集群真实服务器状态监测

管理VIP

Keepalived实现web高可用

实验环境

web1：eth0->192.168.88.100/24

web2：eth0->192.168.88.200/24

配置Keepalived高可用集群

# 安装Keepalived软件

[root@pubserver cluster]# vim 08_inst_web_kp.yml

---

- name: install keepalive on webservers

hosts: webservers

tasks:

- name: install keepalived #安装软件

yum:

name: keepalived

state: present

[root@pubserver cluster]# ansible-playbook 08_inst_web_kp.yml

# 配置Keepalived集群

[root@web1 ~]# vim /etc/keepalived/keepalived.conf

1 ! Configuration File for keepalived

2

...

11 smtp_connect_timeout 30

12 router_id web1 #设置集群节点唯一标识符

13 vrrp_iptables #与vrrp_strict连用时自动放行iptables规则

14 vrrp_skip_check_adv_addr

15 vrrp_strict #严格遵守VRRP协议，将iptables默认规则设置为拒绝

16 vrrp_garp_interval 0

17 vrrp_gna_interval 0

18 }

19

20 vrrp_instance VI_1 {

21 state MASTER #状态

22 interface eth0 #监听网卡

23 virtual_router_id 51 #虚拟路由器唯一表示，范围0-255

24 priority 100 #优先级

25 advert_int 1 #心跳包频率

26 authentication {

27 auth_type PASS #认证类型为共享密码

28 auth_pass 1111 #集群内节点认证密码相同

29 }

30 virtual_ipaddress {

31 192.168.88.80/24 dev eth0 label eth0:1 #VIP地址及绑定网卡和虚接口标签

32 }

33 }

[root@web2 ~]# vim /etc/keepalived/keepalived.conf

1 ! Configuration File for keepalived

2

3 global_defs {

...

11 smtp_connect_timeout 30

12 router_id web2 #集群节点唯一标识

13 vrrp_iptables #放行iptables规则

14 vrrp_skip_check_adv_addr

15 vrrp_strict

16 vrrp_garp_interval 0

17 vrrp_gna_interval 0

18 }

19

20 vrrp_instance VI_1 {

21 state BACKUP #状态

22 interface eth0

23 virtual_router_id 51

24 priority 50 #优先级值低于master

25 advert_int 1

26 authentication {

27 auth_type PASS

28 auth_pass 1111

29 }

30 virtual_ipaddress {

31 192.168.88.80/24 dev eth0 label eth0:1

32 }

33 }

# 启服务

[root@web1 ~]# systemctl start keepalived.service

[root@web2 ~]# systemctl start keepalived.service

# 验证VIP绑定情况

[root@web1 ~]# ip a s | grep 192.168 #web1主机绑定vip

inet 192.168.88.15/32 brd 192.168.88.15 scope global lo:0

inet 192.168.88.100/24 brd 192.168.88.255 scope global noprefixroute eth0

inet 192.168.88.80/24 scope global secondary eth0:1

[root@web2 ~]# ip a s | grep 192.168 #web2主机未绑定vip

inet 192.168.88.15/32 brd 192.168.88.15 scope global lo:0

inet 192.168.88.200/24 brd 192.168.88.255 scope global noprefixroute eth0

# 测试高可用

[root@client ~]# curl http://192.168.88.80 #访问VIP得到web1节点首页内容

Welcome to web1

[root@web1 ~]# systemctl stop keepalived.service #模拟web1节点故障

[root@client ~]# curl http://192.168.88.80 #访问VIP得到web2节点首页内容

Welcome to web2

[root@web2 ~]# ip a s | grep 192.168 #确认web2主机绑定VIP

inet 192.168.88.15/32 brd 192.168.88.15 scope global lo:0

inet 192.168.88.200/24 brd 192.168.88.255 scope global noprefixroute eth0

inet 192.168.88.80/24 scope global secondary eth0:1

[root@web1 ~]# systemctl start keepalived.service #模拟web1节点修复

[root@web1 ~]# ip a s | grep 192.168 #确认VIP被web1抢占

inet 192.168.88.15/32 brd 192.168.88.15 scope global lo:0

inet 192.168.88.100/24 brd 192.168.88.255 scope global noprefixroute eth0

inet 192.168.88.80/24 scope global secondary eth0:1

[root@web2 ~]# ip a s | grep 192.168 #确认VIP被web2释放

inet 192.168.88.15/32 brd 192.168.88.15 scope global lo:0

inet 192.168.88.200/24 brd 192.168.88.255 scope global noprefixroute eth0

配置Keepalived关联节点服务

配置高可用的web集群时，Keepalived只为服务器提供了VIP

Keepalived不知道服务器上运行了哪些服务

MASTER服务器可以通过跟踪脚本监视本机的80端口，一旦本机80端口失效，则将VIP切换至BACKUP服务器

Keepalived对脚本的要求是，退出码为0表示访问成功；退出码为1表示失败

## 解决Keepalived关联节点服务

# 编写服务检查脚本

[root@web1 ~]# vim /etc/keepalived/check_http.sh

#!/bin/bash

ss -antpul | grep -q nginx && exit 0 || exit 1

[root@web1 ~]# chmod +x /etc/keepalived/check_http.sh

# 配置Keepalived关联服务

[root@web1 ~]# vim /etc/keepalived/keepalived.conf

[root@web1 ~]# cat -n /etc/keepalived/keepalived.conf

1 ! Configuration File for keepalived

2

...

18 }

19

20 vrrp_script chk_http_port { #定义监控监本，手工编辑本段内容

21 script "/etc/keepalived/check_http.sh" #定义检测脚本位置

22 interval 2 #定义脚本执行时间

23 }

24

25 vrrp_instance VI_1 {

26 state MASTER

27 interface eth0

28 virtual_router_id 51

29 priority 100

30 advert_int 1

31 authentication {

32 auth_type PASS

33 auth_pass 1111

34 }

35 virtual_ipaddress {

36 192.168.88.80/24 dev eth0 label eth0:1

37 }

38 track_script { #引用脚本，手工编写本段

39 chk_http_port

40 }

41 }

[root@web1 ~]# systemctl restart keepalived.service

[root@web2 ~]# scp root@192.168.88.100:/etc/keepalived/check_http.sh /etc/keepalived/

[root@web2 ~]# chmod +x /etc/keepalived/check_http.sh

[root@web2 ~]# vim /etc/keepalived/keepalived.conf

[root@web2 ~]# cat -n /etc/keepalived/keepalived.conf

1 ! Configuration File for keepalived

2

...

18 }

19

20 vrrp_script chk_http_port { #定义监控脚本

21 script "/etc/keepalived/check_http.sh"

22 interval 2

23 }

24

25 vrrp_instance VI_1 {

...

35 virtual_ipaddress {

36 192.168.88.80/24 dev eth0 label eth0:1

37 }

38 track_script { #引用监控脚本

39 chk_http_port

40 }

41 }

[root@web2 ~]# systemctl restart keepalived.service

# 测试高可用配置

[root@web1 ~]# ip a s | grep 88.80 #确认VIP绑定在web1

inet 192.168.88.80/24 scope global secondary eth0:1

[root@client ~]# curl http://192.168.88.80 #访问测试得到web1首页内容

Welcome to web1

[root@web1 ~]# systemctl stop nginx.service #模拟web1故障

[root@web1 ~]# ip a s | grep 88.80 #确认web1释放VIP

[root@client ~]# curl http://192.168.88.80 #访问测试得到web2首页内容

Welcome to web2

[root@web2 ~]# ip a s | grep 88.80 #确认VIP绑定于web2

inet 192.168.88.80/24 scope global secondary eth0:1

[root@web1 ~]# systemctl start nginx.service #模拟web1故障修复

[root@web1 ~]# ip a s | grep 88.80 #确认VIP绑定于web1

inet 192.168.88.80/24 scope global secondary eth0:1

0 条评论

目标践行者

关注