文章目录
- 前言
-
- 一、Keepalived 双机热备基础
-
- 1.1、Keepalived 概述及安装
-
- 1.1.1、Keepalived 的热备方式
- 1.1.2、Keepalived 的安装与服务控制
- 1.2、使用Keepalived 实现双机热备
-
- 1.2.1、主服务器的配置
- 1.2.2、备用服务器的配置
- 1.2.3、测试双机热备功能
- 二、LVS+Keepalived 高可用群集 实战部署
-
- 2.1、实验环境
- 2.2、配置主调度器
-
- 2.2.1、调整/proc 响应参数
- 2.2.2、调整keepalived 参数
- 2.3、配置从调度器
-
- 2.3.1、调整/proc 响应参数
- 2.3.2、调整keepalived 参数
- 2.4、配置存储服务器
- 2.5、配置节点服务器
-
- 2.5.1、配置虚拟IP地址(VIP)
- 2.5.2、调整/proc响应参数
- 2.5.3、安装httpd 挂载测试页
- 2.6、实验验证
-
- 2.6.1、测试主调度器
- 2.6.2、测试从调度器
前言
在这个高度信息化的IT时代,企业的生产系统、业务运营、销售和支持,以及日常管理等环节越来越依赖于计算机信息和服务,使得对高可用(HA)技术的应用需求大量上升,以便提供持续的、不间断的计算机系统或网络服务。
使用Keepalived实现双机热备,包括针对IP地址的故障切换,以及在LVS高可用群集中的热备应用。
一、Keepalived 双机热备基础
1.1、Keepalived 概述及安装
1.1.1、Keepalived 的热备方式
Keepalived采用VRRP热备份协议实现Linux服务器的多机热备功能
VRRP,虚拟路由冗余协议,是针对路由器的一种备份解决方案
由多台路由器组成一个热备组,通过共用的虚拟IP地址对外提供服务
每个热备组内同一时刻只有一台主路由器提供服务,其他路由器处于冗余状态
若当前在线的路由器失效,则其他路由器会根据设置的优先级自动接替虚拟IP地址,继续提供服务
1.1.2、Keepalived 的安装与服务控制
在LVS群集环境中应用时,也需用到 lipvsadm管理工具
YUM安装 Keepalived
启用 Keepalived服务
[root@localhost ~]# yum -y install keepalived ipvsadm
1.2、使用Keepalived 实现双机热备
Keepalived可实现多机热备,每个热备组可有多台服务器,最常用的就是双机热备
双机热备的故障切换是由虚拟IP地址的漂移来实现,适用于各种应用服务器
本次部署将实现基于web服务的双机热备
1.2.1、主服务器的配置
Keepalievd配置目录位于/etc/keepalievd/
keepalievd.conf是主配置文件
[root@localhost ~]# cd /etc/keepalived/
[root@localhost keepalived]# cp keepalived.conf keepalived.conf.bak
[root@localhost keepalived]# vi keepalived.conf
global_defs{ …}区段指定全局参数
vrrp_instance实例名称{ …}区段指定VRRP热备参数
注释文字以“!”符号开头
目录samples/,提供了许多配置样例作为参考
常用配置选项
router_id HA_TEST_R1: 本路由器(服务器)的名称
vrrp_instance VI_1:定义VRRP热备实例
state MASTER:热备状态,MASTER表示主服务器
interface ens33:承载VIP地址的物理接口
virtual_router_id 1:虚拟路由器的ID号,每个热备组保持一致
priority 100:优先级,数值越大优先级越高
advert_int 1:通告间隔秒数(心跳频率)
auth_type PASS:认证类型
auth_pass 123456:密码字串
virtual_ipaddress{ vip}:指定漂移地址(VIP),可以有多个,多个漂移地址以逗号分隔
确认配置没有问题,启动Keepalived服务,通过ip命令可以查看
[root@localhost keepalived]# systemctl start keepalived ####启动keepalived
[root@localhost keepalived]# ip addr show dev ens33 ####查看主控制IP地址和漂移地址
1.2.2、备用服务器的配置
Keepalived备份服务器的配置与master的配置有三个选项不同
router_id:设为自由名称
state:设为BACKUP
priority:值低于主服务器
其他选项与master相同
1.2.3、测试双机热备功能
测试双机热备的效果
主、备机均启用Web服务,内容相同
先后禁用、启用主服务器的网卡,执行以下测试
测试1:使用ping检测19216810.72的连通性
测试2:访问htt:/192168.10.72,确认可用性及内容变化
测试3:查看日志文件/var/log/messages中的变化
二、LVS+Keepalived 高可用群集 实战部署
2.1、实验环境
VMware 5台服务器
IP地址规划:
漂移地址(VIP):192.168.100.100
主调度器:192.168.100.21
辅调度器:192.168.100.20
WEB服务器1:192.168.100.22
WEB服务器2:192.168.100.23
存储服务器:192.168.100.24
2.2、配置主调度器
2.2.1、调整/proc 响应参数
[
root@localhost network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
[root@localhost network-scripts]# sysctl -p
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
2.2.2、调整keepalived 参数
[root@localhost ~]# yum -y install keepalived ipvsadm
[root@localhost ~]# cd /etc/keepalived/
[root@localhost keepalived]# cp keepalived.conf keepalived.conf.bak
[root@localhost keepalived]# vi keepalived.conf
global_defs {
router_id HA_TEST_R1
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 1
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.100.100
}
}
virtual_server 192.168.100.100 80 {
delay_loop 15
lb_algo rr
lb_kind DR
persistence 60
protocol TCP
real_server 192.168.100.22 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
real_server 192.168.100.23 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
[root@localhost keepalived]# systemctl start keepalived
[root@localhost keepalived]# ip addr show dev ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:11:0d:16 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.21/24 brd 192.168.100.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.100.100/32 brd 192.168.100.100 scope global noprefixroute ens33:0
valid_lft forever preferred_lft forever
inet6 fe80::3069:1a3d:774b:18f/64 scope link noprefixroute
valid_lft forever preferred_lft forever
2.3、配置从调度器
2.3.1、调整/proc 响应参数
[root@localhost network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
[root@localhost network-scripts]# sysctl -p
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
2.3.2、调整keepalived 参数
[root@localhost ~]# yum -y install keepalived ipvsadm
[root@localhost ~]# cd /etc/keepalived/
[root@localhost keepalived]# cp keepalived.conf keepalived.conf.bak
[root@localhost keepalived]# vi keepalived.conf
global_defs {
router_id HA_TEST_R2
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 1
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.100.100
}
}
virtual_server 192.168.100.100 80 {
delay_loop 15
lb_algo rr
lb_kind DR
persistence 60
protocol TCP
real_server 192.168.100.22 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
real_server 192.168.100.23 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
[root@localhost keepalived]# systemctl start keepalived
[root@localhost keepalived]# ip addr show dev ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:48:b8:83 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.20/24 brd 192.168.100.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::e438:b533:985e:cf94/64 scope link noprefixroute
valid_lft forever preferred_lft forever
2.4、配置存储服务器
首先查看nfs-utils 和rpcbind 是否安装,若没有用yum安装即可
安装好后启动两个服务
[root@localhost ~]# systemctl start nfs
[root@localhost ~]# systemctl start rpcbind
[root@localhost ~]# mkdir /opt/51xit /opt/52xit
[root@localhost ~]# vi /etc/exports
/opt/51xit 192.168.100.0/24(rw,sync)
/opt/52xit 192.168.100.0/24(rw,sync)
[root@localhost ~]# systemctl restart rpcbind
[root@localhost ~]# systemctl restart nfs
[root@localhost ~]# systemctl enable nfs
[root@localhost ~]# systemctl enable rpcbind
[root@localhost ~]# echo "this is www.51xit.top" > /opt/51xit/index.html
[root@localhost ~]# echo "this is www.52xit.top" > /opt/52xit/index.html
2.5、配置节点服务器
2.5.1、配置虚拟IP地址(VIP)
防火墙和核心防护均关闭,查看是否安装nfs-utils
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0
[root@localhost network-scripts]# vi ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.100.100
NETMASK=255.255.255.255
ONBOOT=yes
[root@localhost network-scripts]# ifup lo:0
[root@localhost network-scripts]# ifconfig
省略部分内容
lo:0: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 192.168.100.100 netmask 255.255.255.255
loop txqueuelen 1000 (Local Loopback)
省略部分内容
[root@localhost network-scripts]# vi /etc/rc.local
/sbin/route add -host 192.168.100.100 dev lo:0
[root@localhost network-scripts]# route add -host 192.168.100.100 dev lo:0
2.5.2、调整/proc响应参数
[root@localhost network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@localhost network-scripts]# sysctl -p
前面配置两台节点服务器都一样
2.5.3、安装httpd 挂载测试页
下面分别挂载两台节点服务器
[root@localhost ~]# showmount -e 192.168.100.24
Export list for 192.168.100.24:
/opt/52xit 192.168.100.0/24
/opt/51xit 192.168.100.0/24
[root@localhost ~]# yum -y install httpd
[root@localhost ~]# mount 192.168.100.24:/opt/51xit /var/www/html/
[root@localhost ~]# vi /etc/fstab
#
# /etc/fstab
# Created by anaconda on Thu Aug 6 12:23:03 2020
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root / xfs defaults 0 0
UUID=a1c935eb-f211-43a5-be35-2a9fef1f6a89 /boot xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0
/dev/cdrom /mnt iso9660 defaults 0 0
192.168.100.24:/opt/51xit/ /var/www/html/ nfs defaults,_netdev 0 0
[root@localhost ~]# systemctl start httpd
测试登录是否正常
[root@localhost ~]# showmount -e 192.168.100.24
Export list for 192.168.100.24:
/opt/52xit 192.168.100.0/24
/opt/51xit 192.168.100.0/24
[root@localhost ~]# yum -y install httpd
[root@localhost ~]# mount 192.168.100.24:/opt/52xit /var/www/html/
[root@localhost ~]# vi /etc/fstab
#
# /etc/fstab
# Created by anaconda on Thu Aug 6 12:23:03 2020
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root / xfs defaults 0 0
UUID=a1c935eb-f211-43a5-be35-2a9fef1f6a89 /boot xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0
/dev/cdrom /mnt iso9660 defaults 0 0
192.168.100.24:/opt/52xit/ /var/www/html/ nfs defaults,_netdev 0 0
[root@localhost ~]# systemctl start httpd
测试登录是否正常
2.6、实验验证
2.6.1、测试主调度器
打开抓包工具,会发现192.168.100.21主调度器,一直在发VRRP报文
真机浏览器输入192.168.100.100
等一分钟刷新或者重新输入
主调度器正常!!!
2.6.2、测试从调度器
停止主服务器的keepadlive
[root@localhost keepalived]# systemctl stop keepalived
打开抓包工具,会发现192.168.100.20从调度器,一直在发VRRP报文
真机浏览器输入192.168.100.100
等一分钟刷新或者重新输入
从调度器正常!!
