简介:
- Keepalived是Linux下一个轻量级别的高可用解决方案,Keepalived起初是为LVS设计的,专门用来监控集群系统 中各个服务节点的状态,如果某个服务器节点出现故障,Keepalived将检测到后自动将节点从集群系统中剔除。
- 后来Keepalived又加入了VRRP的功能,VRRP(VritrualRouterRedundancyProtocol,虚拟路由冗余协议)出现的目的是解决静态路由出现的单点故障问题,通过VRRP可以实现网络不间断稳定运行,因此Keepalvied一方面具有服 务器状态检测和故障隔离功能,另外一方面也HAcluster(高可用)功能。
- 健康检查和失败切换是keepalived的两大核心功能。所谓的健康检查,就是采用tcp三次握手,icmp请求,http请求,udp echo请求等方式对负载均衡器后面的实际的服务器(通常是承载真实业务的服务器)进行保活;而失败切换主要是应用于配置了主备模式的负载均衡器,利用VRRP维持主备负载均衡器的心跳,当主负载均衡器出现问题时, 由备负载均衡器承载对应的业务,从而在最大限度上减少流量损失,并提供服务的稳定性。
- 工作原理
- 网络层:通过ICMP协议向后端服务器集群中发送数据报文
- 传输层:利用TCP协议的端口连接和扫描技术检测后端服务器集群是否正常
- 应用层:自定义keepalived工作方式(脚本)
VRRP协议
- VRRP协议是一种容错的主备模式的协议,保证当主机的下一跳路由出现故障时,由另一台路由器来代替出现故障的 路由器进行工作,通过VRRP可以在网络发生故障时透明的进行设备切换而不影响主机之间的数据通信。
- 虚拟路由器:VRRP组中所有的路由器,拥有虚拟的IP+MAC(00-00-5e-00-01-VRID)地址
- 主路由器:虚拟路由器内部通常只有一台物理路由器对外提供服务,主路由器是由选举算法产生,对外提供各种网络功能。
- 备份路由器:VRRP组中除主路由器之外的所有路由器,不对外提供任何服务,只接受主路由的通告,当主路由器挂掉之后,重新进行选举算法接替master路由器。
- 选举机制
- 优先级
- 抢占模式下,一旦有优先级高的路由器加入,即成为Master
- 非抢占模式下,只要Master不挂掉,优先级高的路由器只能等待
- 三种状态
- Initialize状态:系统启动后进入initialize状态
- Master状态
- Backup状态
体系结构
- SchedulerI/OMultiplexer是一个I/O复用分发调度器,它负载安排Keepalived所有内部的任务请求。
- Memory Mngt是一个内存管理机制,这个框架提供了访问内存的一些通用方法;
- Control Plane 是keepalived的控制版面,可以实现对配置文件编译和解析;
- Core componets
- Watchdog:是计算机可靠领域中极为简单又非常有效的检测工具,Keepalived正是通过它监控Checkers和 VRRP进程的。
- Checkers:这是Keepalived最基础的功能,也是最主要的功能,可以实现对服务器运行状态检测和故障隔离。
- VRRP Stack:这是keepalived后来引用VRRP功能,可以实现HA集群中失败切换功能。负责负载均衡器之间的失败切换FailOver
- IPVS wrapper:这个是IPVS功能的一个实现,IPVSwarrper模块将可以设置好的IPVS规则发送的内核空间并且 提供给IPVS模块,最终实现IPVS模块的负载功能。
- Netlink Reflector:用来实现高可用集群Failover时虚拟IP(VIP)的设置和切换。
- keepalived运行时会启动的三个进程
- core:负责主进程的启动,维护和全局配置文件的加载。
- check:负责健康检查
- vrrp:用来实现vrrp协议
keepalived+nginx实验
- 环境准备
node1(Nginx1):192.168.10.10
node2(Nginx2):192.168.10.20
node3(WEB1):192.168.10.30
node4(WEB2):192.168.10.40
VIP:192.168.10.100
- web部署
在node3和node4执行下面的脚本:
#!/bin/bash
yum install net-tools httpd -y
systemctl stop firewalld
setenforce 0
echo "<h1>This is RS1</h1>" > /var/www/html/index.html # 修改不同的主页以便测试!
systemctl start httpd
- nginx部署
node1和node2节点执行以下脚本:
#!/bin/bash
systemctl stop firewalld
setenforce 0
yum install nginx -y
cat > /etc/nginx/conf.d/proxy.conf << EOF
upstream websers{
server 192.168.10.30;
server 192.168.10.40;
}
server{
listen 8080;
server_name 192.168.10.10;
location / {
proxy_pass http://websers;
}
}
EOF
nginx -s reload
- keepalived部署
在node1和node2节点执行以下脚本:
#!/bin/bash
yum install keepalived -y
mv /etc/keepalived/keepalived.conf{,.bak}
cat > /etc/keepalived/keepalived.conf << EOF
! Configuration File for keepalived
global_defs {
router_id node1 # node2修改
}
vrrp_instance VI_1 {
state MASTER # node2节点BACKUP
interface ens33
virtual_router_id 10
priority 100 # node2节点小于100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.10.100
}
}
- 要自定义脚本检测nginx服务是否正常
[root@node1 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id node1
}
# 定义script
vrrp_script chk_http_port {
script "/usr/local/src/check_nginx_pid.sh"
interval 1
weight -2 # 优先级-2
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 10
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
# 调用script脚本
track_script {
chk_http_port
}
virtual_ipaddress {
192.168.10.100
}
}
[root@node1 ~]# cat /usr/local/src/check_nginx_pid.sh
#!/bin/bash
# 当nginx正常的时候状态码为0
# 当nginx不正常时候状态码为1
# 因为当退出状态码为非0的时候会执行切换
nginx_process_number=`ps -C nginx --no-header | wc -l`
if [ $nginx_process_number -eq 0 ];then
# systemctl restart nginx
nginx_process_number=`ps -C nginx --no-header | wc -l`
if [ $nginx_process_number -eq 0 ];then
exit 1
else
exit 0
fi
else
exit 0
fi
Keepalived+HAProxy+mysql双主实验
- 环境准备
node1(HAProxy1):192.168.10.10
node2(HAProxy2):192.168.10.20
node3(Mysql1):192.168.10.30
node4(Mysql2):192.168.10.40
VIP:192.168.10.99
- mysql部署
在node3和node4执行以下脚本:
#!/bin/bash
Ip_addr="192.168.10.40" # 修改为对端的node地址
User_pwd="000000"
systemctl stop firewalld
setenforce 0
yum install mariadb-server -y
sed -i '/^\[mysqld\]$/a\binlog-ignore = information_schema'
/etc/my.cnf.d/server.cnf
sed -i '/^\[mysqld\]$/a\binlog-ignore = mysql' /etc/my.cnf.d/server.cnf
sed -i '/^\[mysqld\]$/a\skip-name-resolve' /etc/my.cnf.d/server.cnf
sed -i '/^\[mysqld\]$/a\auto-increment-increment = 1'
/etc/my.cnf.d/server.cnf # 注意node4节点上必须不同
sed -i '/^\[mysqld\]$/a\log-bin = mysql-bin' /etc/my.cnf.d/server.cnf
sed -i '/^\[mysqld\]$/a\auto_increment_offset = 1' /etc/my.cnf.d/server.cnf
# 注意node4节点上必须不同
sed -i '/^\[mysqld\]$/a\server-id = 1' /etc/my.cnf.d/server.cnf # 注意node4节
点上必须不同
systemctl restart mariadb
mysql -uroot -e "grant replication slave on *.* to 'repuser'@'$Ip_addr'
identified by '$User_pwd';"
查询node3节点master状态:
MariaDB [(none)]> show master status;
+------------------+----------+--------------+--------------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+------------------+----------+--------------+--------------------------+
| mysql-bin.000003 | 402 | | mysql,information_schema |
+------------------+----------+--------------+--------------------------+
查询node4节点master状态
MariaDB [(none)]> show master status;
+------------------+----------+--------------+--------------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+------------------+----------+--------------+--------------------------+
| mysql-bin.000003 | 407 | | mysql,information_schema |
+------------------+----------+--------------+--------------------------+
在node3节点执行连接命令:
MariaDB [(none)]> change master to
master_host='192.168.10.40',master_port=3306,master_user='repuser',master_pa
ssword='000000',master_log_file='mysql-bin.000003',master_log_pos=407;
MariaDB [mysql]> start slave;
在node4节点执行连接命令:
MariaDB [(none)]> change master to
master_host='192.168.10.30',master_port=3306,master_user='repuser',master_pa
ssword='000000',master_log_file='mysql-bin.000003',master_log_pos=402;
MariaDB [mysql]> start slave;
查看从节点状态: show slave status \G; 观察IO和SQL线程是否为YES
MariaDB [(none)]> show slave status \G;
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
测试:
1. 在node3上创建mydb数据库
2. 在node4上在test数据库中创建test表
3. 最终要实现node3和node4上保持数据同步
- HAProxy部署
在node1和node2上执行以下脚本:
#!/bin/bash
yum install haproxy -y
mv /etc/haproxy/haproxy.cfg{,.bak}
cat > /etc/haproxy/haproxy.cfg << EOF
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats
listen mysql_proxy
bind 0.0.0.0:3306
mode tcp
balance source
server mysqldb1 192.168.10.30:3306 weight 1 check
server mysqldb2 192.168.10.40:3306 weight 2 check
listen stats
mode http
bind 0.0.0.0:8080
stats enable
stats uri /dbs
stats realm haproxy\ statistics
stats auth admin:admin
EOF
systemctl start haproxy
- keepalived部署
node1上执行以下脚本:
#!/bin/bash
yum install keepalived -y
mv /etc/keepalived/keepalived.conf{,.bak}
cat > etc/keepalived/keepalived.conf << EOF
! Configuration File for keepalived
global_defs {
router_id node1
}
vrrp_script chk_http_port {
script "/usr/local/src/check_proxy_pid.sh"
interval 1
weight -2
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 10
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_http_port
}
virtual_ipaddress {
192.168.10.100
}
}
EOF
systemctl start keepalived
node2上执行以下脚本:
#!/bin/bash
yum install keepalived -y
mv /etc/keepalived/keepalived.conf{,.bak}
cat > etc/keepalived/keepalived.conf << EOF
! Configuration File for keepalived
global_defs {
router_id node2
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 10
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.10.100
}
}
EOF
systemctl start keepalived
[root@node1 src]# cat check_proxy_pid.sh
#!/bin/bash
A=`ps -C haproxy --no-header | wc -l`
if [ $A -eq 0 ];then
exit 1
else
exit 0
fi
Keepalived+LVS实验
- 环境准备
node1(DS1):192.168.10.10
node2(DS2):192.168.10.20
node3(RS1):192.168.10.30
node4(RS2):192.168.10.40
VIP:192.168.10.99(单主模型)
- RS部署
在node3和node4执行下面的脚本:
#!/bin/bash
yum install net-tools httpd -y
systemctl stop firewalld
setenforce 0
vip="192.168.10.99"
mask="255.255.255.255"
ifconfig lo:0 $vip broadcast $vip netmask $mask up
route add -host $vip lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "<h1>This is RS1</h1>" > /var/www/html/index.html # 修改不同的主页以便测
试!
systemctl start httpd
- DR部署
[root@node1 ~]# yum install keepalived ipvsadm -y
[root@node1 ~]# systemctl stop firewalld
[root@node1 ~]# setenforce 0
[root@node1 keepalived]# mv keepalived.conf{,.bak}
[root@node1 keepalived]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
router_id node1 # 设置lvs的id,一个网络中应该唯一
}
vrrp_instance VI_1 {
state MASTER # 指定Keepalived的角色
interface ens33 # 网卡
virtual_router_id 10 # 虚拟路由器ID,主备需要一样
priority 100 # 优先级越大越优,backup路由器需要设置比这小!
advert_int 1 # 检查间隔1s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.10.99 # 定义虚拟IP地址,可以定义多个
}
}
# 定义虚拟主机,对外服务的IP和port
virtual_server 192.168.10.99 80 {
delay_loop 6 # 设置健康检查时间,单位是秒
lb_algo wrr # 负责调度算法
lb_kind DR # LVS负载均衡机制
persistence_timeout 0
protocol TCP
# 指定RS主机IP和port
real_server 192.168.10.30 80 {
weight 2
# 定义TCP健康检查
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.10.40 80 {
weight 1
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
