一.keepalived服务概念说明
keepalived软件能干什么?
Keepalived软件起初是专为LVS负载均衡软件设计的,用来管理并监控LVS集群系统中各个服务节点的状态,后来又加入了可以实现高可用的VRRP功能
Keepalived软件主要是通过VRRP协议实现高可用功能的。
VRRP是Virtual Router Redundancy Protocol(虚拟路由器冗余协议)的缩写,VRRP出现的目的就是为了解决静态路由单点故障问题的,它能够保证当个别节点宕机时,整个网络可以不间断地运行
keepalived软件工作原理?(重点)
原理
1)VRRP协议,全称Virtual Router Redundancy Protocol,中文名为虚拟路由冗余协议,VRRP的出现是为了解决静态路由的单点故障。
2)VRRP是用过IP多播的方式(默认多播地址(224.0.0.18))实现高可用对之间通信的。
3)工作时主节点发包,备节点接包,当备节点接收不到主节点发的数据包的时候,就启动接管程序接管主节点的资源。备节点可以有多个,通过优先级竞选,但一般Keepalived系统运维工作中都是一对。
二. 环境设置
1.普通web上修改, 其中一台的nginx的配置 3台都一样
[root@web01 extra1]# cat www.conf bbs.conf server { listen 80; server_name www.augustyang.org; root html/www; index index.html index.htm; } server { listen 80; server_name bbs.augustyang.org; location / { root html/bbs; index index.html index.htm; } }
2.lb 上的nginx.conf的配置 2台的配置是一样的
worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; upstream oldboy { server 10.0.0.7:80; server 10.0.0.8:80; server 10.0.0.9:80; } server { listen 80; server_name www.augustyang.org; root html; index index.html index.htm; location /{ proxy_pass http://oldboy; proxy_set_header host $host; proxy_set_header X-Forwarded-For $remote_addr; } } server { listen 80; server_name bbs.augustyang.org; root html; index index.html index.htm; location /{ proxy_pass http://oldboy; proxy_set_header host $host; proxy_set_header X-Forwarded-For $remote_addr; } } }
3.在lb1 lb2上都做测试
curl -H host:www.augustyang.org 10.0.0.7
curl -H host:www.augustyang.org 10.0.0.8
curl -H host:www.augustyang.org 10.0.0.9
curl -H host:bbs.augustyang.org 10.0.0.7
curl -H host:bbs.augustyang.org 10.0.0.8
curl -H host:bbs.augustyang.org 10.0.0.9
三.安装部署高可用keepalived服务
1.安装keepalived服务
yum install -y keepalived
2.修改配置文件
vim /etc/keepalived/keepalived.conf
man keepalived.conf --- 配置文件说明信息
配置文件结构:
GLOBAL CONFIGURATION --- 全局配置(*)
VRRPD CONFIGURATION --- vrrp配置(*)
LVS CONFIGURATION --- LVS服务相关配置
lb01 主负载均衡器配置
! Configuration File for keepalived global_defs { router_id lb01 } vrrp_instance gorup01 { state MASTER interface eth0 virtual_router_id 51 priority 150 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.3/24 dev eth0 label eth0:1 } }
lb02 从负载均衡器配置
! Configuration File for keepalived global_defs { router_id lb02 } vrrp_instance gorup01 { state BACKUP interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.3/24 dev eth0 label eth0:1 } }
基本实现高可用负载均衡, 但有缺陷
四 部署keepalived高可用问题
同时在keepalived高可用集群中, 出现2个虚拟ip地址信息,这种脑裂情况
脑裂情况出现原因:
1.心跳线出现问题
.网卡配置有问题
交换设备有问题
线缆连接有问题
2.有防火墙软件阻止问题
3.virtual_router_id 配置数值不正确
只要备服务器收不到组播包, 就会成为主, 二主资源没有释放,就会出现脑裂
利用shell脚本实现监控管理
备用设备有vip 就表示不正常
① 出现主备切换
②出现脑裂情况
#!/bin/bash check_info=$(ip a|grep -c 10.0.0.3) if [ $check_info -ne 0 ] then echo "keepalived server error!!!" fi
五 实现nginx反向代理监控虚拟ip地址
1.需要实现监听本地网卡上没有的ip地址(lb1 lb2都修改)
echo \'net.ipv4.ip_nonlocal_bind = 1\' >>/etc/sysctl.conf sysctl -p
2.编写nginx反向代理配置(lb1 lb2都修改)
server { listen 10.0.0.3:80; server_name www.augustyang.org; root html; index index.html index.htm; location /{ proxy_pass http://oldboy; proxy_set_header host $host; proxy_set_header X-Forwarded-For $remote_addr; } } server { listen 10.0.0.3:80; server_name bbs.augustyang.org; root html; index index.html index.htm; location /{ proxy_pass http://oldboy; proxy_set_header host $host; proxy_set_header X-Forwarded-For $remote_addr; } }
[root@lb01 conf]# /application/nginx/sbin/nginx -s stop [root@lb01 conf]# /application/nginx/sbin/nginx [root@lb01 conf]# netstat -lntup|grep nginx tcp 0 0 10.0.0.3:80 0.0.0.0:* LISTEN 63640/nginx
六 将keepalived服务和反向代理nginx服务建立联系
当nginx 停止的时候那个 对应的keepalived也要停止
#!/bin/bash web_info=$(ps -ef|grep [n]ginx|wc -l) if [ $web_info -lt 2 ] then /etc/init.d/keepalived stop fi
2.运行脚本, 实现监控nginx服务
编辑keepalived服务配置文件
! Configuration File for keepalived global_defs { router_id lb01 } vrrp_script check_web { #定义一个监控脚本,脚本必须有执行权限 script "/server/scripts/check_web.sh" #指定脚本间隔时间 interval 2 #脚本执行完成,让优先级值和权重值进行运算,从而实现主备切换 weight 2 } vrrp_instance gorup01 { state MASTER interface eth0 virtual_router_id 51 priority 150 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.3/24 dev eth0 label eth0:1 } track_script { check_web } }
七 实现高可用集群架构中双主配置(互为主备配置)
lb1
! Configuration File for keepalived global_defs { router_id lb01 } vrrp_script check_web { #定义一个监控脚本,脚本必须有执行权限 script "/server/scripts/check_web.sh" #指定脚本间隔时间 interval 2 #脚本执行完成,让优先级值和权重值进行运算,从而实现主备切换 weight 2 } vrrp_instance gorup01 { state MASTER interface eth0 virtual_router_id 51 priority 150 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.3/24 dev eth0 label eth0:1 } track_script { check_web } } vrrp_instance gorup02 { state BACKUP interface eth0 virtual_router_id 52 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.4/24 dev eth0 label eth0:2 } track_script { check_web } # }
lb2
! Configuration File for keepalived global_defs { router_id lb02 } vrrp_script check_web { #定义一个监控脚本,脚本必须有执行权限 script "/server/scripts/check_web.sh" #指定脚本间隔时间 interval 2 #脚本执行完成,让优先级值和权重值进行运算,从而实现主备切换 weight 2 } vrrp_instance gorup01 { state BACKUP interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.3/24 dev eth0 label eth0:1 } track_script { check_web } } vrrp_instance gorup02 { state MASTER interface eth0 virtual_router_id 52 priority 150 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.4/24 dev eth0 label eth0:2 } track_script { check_web } }
server { listen 10.0.0.3:80; server_name www.augustyang.org; root html; index index.html index.htm; location /{ proxy_pass http://oldboy; proxy_set_header host $host; proxy_set_header X-Forwarded-For $remote_addr; } } server { listen 10.0.0.4:80; server_name bbs.augustyang.org; root html; index index.html index.htm; location /{ proxy_pass http://oldboy; proxy_set_header host $host; proxy_set_header X-Forwarded-For $remote_addr; } } }
[root@lb01 scripts]# netstat -tulnp | grep nginx tcp 0 0 10.0.0.4:80 0.0.0.0:* LISTEN 65733/nginx tcp 0 0 10.0.0.3:80 0.0.0.0:* LISTEN 65733/nginx