1.keepalived高可用软件简介
keepalived是目前轻量级的管理方便、易用的高可用软件解决方案。
keepalived是一个类似于工作在三层、四层、七层交换机的软件。
keepalived软件有两种功能,一是监控检查,一是VRRP冗余协议。
keepalived的作用是检测WEB服务器的状态。
工作在三层时:
keepalived会定期向服务器群中的服务器发送一个ICMP的数据包,如果发现某台服务器的IP地址无法ping通,keepalived便报告这台服务器失效,并将它从服务器集群中剔除。
它是以服务器IP地址是否有效作为服务器工作正常与否的标准。
工作在四层时:
主要以TCP端口的状态来决定服务器是否工作正常。
如WEB SERVER的服务端口一般是80,如果keepalived检测到80端口没有启动,则keepalived将把这台服务器从服务器中剔除。
工作在七层时:
keepalived将根据用户的设定检查服务器程序的运行是否正常,如果与用户的设定不相符,则将其剔除。
2.VRRP及相关术语
VRRP(Virtual Router Redundancy Protocol,虚拟路由器冗余协议)是一种容错协议,保证当主机的下一条路由器出现故障时,由另一台路由器来代替出现故障的路由器进行工作,从而保持网络通信的连续性和可靠性。
VRRP相关术语:
1)虚拟路由器:由一个Master路由器和一个或多个Backup路由器组成。所有的Master和Backup组成一个组,这个主就是虚拟路由器。
2)VRID:虚拟路由器的标识。同一虚拟路由器内的路由器有着相同的VRID。
3)Master:虚拟路由器中正在工作的路由器
4)Backup:备用路由器。
5)虚拟IP地址:路由器组(虚拟路由器)的IP地址。
6)优先级:用来确定Master和Backup。
7)抢占模式与非抢占模式:Master会以组播方式不断的向虚拟路由器组内发送自己的心跳报文,一旦Backup在设定时间内没有收到心跳信息的次数超过了设定次数,则会将Master的所有权转移到优先级最高的Backup,则就是抢占模式。非抢占模式是指只有在主节点完全故障时才能将backup变为master。
keepalived就是利用VRRP协议实现的一种可保障集群高可用的工具。通过主机之间的优先等级以及心跳检测来及时切换准备主机的工作状态,以提高集群的高可用性。
keepalived的核心组件:
1)VRRP stack
2)ipvs wrapper
3)checkers
为什么使用keepalived一定要确认网卡支持并开启组播功能?
如VRRP中所述,Master需要通过组播功能定时向Backup发送心跳信息,报告自己的运作是否正常,组播通信方式是一种很节省资源的通信方式。
3.Keepalived安装
在两台服务器上安装keepalived
- [root@keepalived01 ~]# yum install -y keepalived
- 已加载插件:fastestmirror, langpacks
- Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
4.nginx keepalived主从模式集群实验
这种方案,使用一个vip地址,前端使用2台机器,一台做主,一台做备,但同时只有一台机器工作,另一台备份机器在主机器不出现故障的时候,永远处于浪费状态,对于服务器不多的网站,该方案不经济实惠。
1)环境准备
两台LINUX服务器,Centos7.3:
10.128.25.23/24
10.128.25.25/24
虚拟IP为10.128.25.24/24
2)Nginx负载均衡服务器安装与配置
编辑repo文件:
到nginx官网查找相关资料,编辑nginx.repo
http://nginx.org/en/download.html
下面是官网的安装帮助说明
- Install the prerequisites:
- sudo yum install yum-utils
- To set up the yum repository, create the file named /etc/yum.repos.d/nginx.repo with the following contents:
- [nginx-stable]
- name=nginx stable repo
- baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
- gpgcheck=1
- enabled=1
- gpgkey=https://nginx.org/keys/nginx_signing.key
- module_hotfixes=true
- [nginx-mainline]
- name=nginx mainline repo
- baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
- gpgcheck=1
- enabled=0
- gpgkey=https://nginx.org/keys/nginx_signing.key
- module_hotfixes=true
- By default, the repository for stable nginx packages is used. If you would like to use mainline nginx packages, run the following command:
- sudo yum-config-manager --enable nginx-mainline
- To install nginx, run the following command:
- sudo yum install nginx
- When prompted to accept the GPG key, verify that the fingerprint matches 573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62, and if so, accept it.
两台nginx服务器的配置相同
- upstream myserver{
- server 10.128.25.200:8080;
- server 10.128.25.201:8090;
- server 10.128.25.202:8080;
- }
- server {
- listen 80 ;
- server_name localhost;
- # Load configuration files for the default server block.
- # include /etc/nginx/default.d/*.conf;
- location / {
- proxy_pass http://myserver;
- proxy_connect_timeout 10; }
- error_page 404 /404.html;
- location = /40x.html {
- }
- error_page 500 502 503 504 /50x.html;
- location = /50x.html {
- }
3)两台keepalived服务器配置
配置主keepalived
第一台keepalived服务器配配置如下:
- vrrp_instance VI_1 {
- state MASTER
- interface eth0
- virtual_router_id 51
- priority 100
- advert_int 1
- authentication {
- auth_type PASS
- auth_pass 1111
- }
- virtual_ipaddress {
- 10.128.25.24
- }
- }
第二台keepalivd服务器配置如下:
/etc/keepalived
- vrrp_instance VI_1 {
- state BACKUP
- interface eth0
- virtual_router_id 51
- priority 90
- advert_int 1
- authentication {
- auth_type PASS
- auth_pass 1111
- }
- virtual_ipaddress {
- 10.128.25.24
- }
- }
5.nginx keepalived双主模式集群实验
这种方案,使用两个vip地址,前端使用2台机器,互为主备,同时有两台机器工作,当其中一台机器出现故障,两台机器的请求转移到一台机器负担,非常适合于当前架构环境。
这种模式只需要更改下keepalived配置文件即可。
23上的配置
- vrrp_instance VI_1 {
- state MASTER
- interface eth0
- virtual_router_id 51
- priority 100
- advert_int 1
- authentication {
- auth_type PASS
- auth_pass 1111
- }
- virtual_ipaddress {
- 10.128.25.24
- }
- }
- #VIP2
- vrrp_instance VI_2 {
- state BACKUP
- interface eth0
- virtual_router_id 52
- priority 90
- advert_int 1
- authentication {
- auth_type PASS
- auth_pass 2222
- }
- virtual_ipaddress {
- 10.128.25.26
- }
- }
25上的配置:
- vrrp_instance VI_1 {
- state BACKUP
- interface eth0
- virtual_router_id 51
- priority 90
- advert_int 1
- authentication {
- auth_type PASS
- auth_pass 1111
- }
- virtual_ipaddress {
- 10.128.25.24
- }
- }
- #VIP2
- vrrp_instance VI_2 {
- state MASTER
- interface eth0
- virtual_router_id 52
- priority 100
- advert_int 1
- authentication {
- auth_type PASS
- auth_pass 2222
- }
- virtual_ipaddress {
- 10.128.25.26
- }
- }
查看网卡配置信息
- [root@keepalived01 /]# ip a
- 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
- link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
- inet 127.0.0.1/8 scope host lo
- valid_lft forever preferred_lft forever
- inet6 ::1/128 scope host
- valid_lft forever preferred_lft forever
- 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
- link/ether 00:0c:29:ce:97:9b brd ff:ff:ff:ff:ff:ff
- inet 10.128.25.23/24 brd 10.128.25.255 scope global eth0
- valid_lft forever preferred_lft forever
- inet 10.128.25.24/32 scope global eth0
- valid_lft forever preferred_lft forever
- inet6 fe80::20c:29ff:fece:979b/64 scope link
- valid_lft forever preferred_lft forever
- 3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN qlen 1000
- link/ether 52:54:00:a4:73:ea brd ff:ff:ff:ff:ff:ff
- inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
- valid_lft forever preferred_lft forever
- 4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 1000
- link/ether 52:54:00:a4:73:ea brd ff:ff:ff:ff:ff:ff
- [root@keepalived01 /]#
- [root@keepalived02 nginx]# ip a
- 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
- link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
- inet 127.0.0.1/8 scope host lo
- valid_lft forever preferred_lft forever
- inet6 ::1/128 scope host
- valid_lft forever preferred_lft forever
- 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
- link/ether 00:0c:29:91:3e:cf brd ff:ff:ff:ff:ff:ff
- inet 10.128.25.25/24 brd 10.128.25.255 scope global eth0
- valid_lft forever preferred_lft forever
- inet 10.128.25.26/32 scope global eth0
- valid_lft forever preferred_lft forever
- inet6 fe80::a5d1:e493:55c5:c293/64 scope link
- valid_lft forever preferred_lft forever
- 3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN qlen 1000
- link/ether 52:54:00:d8:0c:43 brd ff:ff:ff:ff:ff:ff
- inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
- valid_lft forever preferred_lft forever
- 4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 1000
- link/ether 52:54:00:d8:0c:43 brd ff:ff:ff:ff:ff:ff
- [root@keepalived02 nginx]#
