Keepalived高可用服務
第1章 Keepalived高可用服務
1.1 Keepalived介紹
Keepalived軟件起初是專為LVS負載均衡軟件設計的, 用來管理並監控LVS集群系統中各個服務節點的狀態,後來又加入了可以實現高可用的VRRP功能 Keepalived軟件主要是通過VRRP協議實現高可用功能的。VRRP是Virtual Router Redundancy Protocol(虛擬路由器冗余協議)的縮寫, VRRP出現的目的就是為了解決靜態路由單點故障問題的,它能夠保證當個別節點宕機時,整個網絡可以不間斷地運行 |
1.2 keepalived軟件主要功能
①. 管理LVS負載均衡軟件 ②. 實現對LVS集群節點健康檢查功能 ① . 作為系統網絡服務的高可用功能 |
1.3 VRRP協議原理
1)VRRP協議,全稱Virtual Router Redundancy Protocol,中文名為虛擬路由冗余協議,VRRP的出現是為了解決靜態路由的單點故障。 2)VRRP是用過IP多播的方式(默認多播地址(224.0.0.18))實現高可用對之間通信的。 3)工作時主節點發包,備節點接包,當備節點接收不到主節點發的數據包的時候,就啟動接管程序接管主節點的資源。備節點可以有多個,通過優先級競選,但一般Keepalived系統運維工作中都是一對。 |
1.4 環境準備說明:
lb01 10.0.0.5 lb02 10.0.0.6 web01 10.0.0.8 web02 10.0.0.7 web03 10.0.0.9 |
web集群服務器配置文件環境統一(web01 web02 web03 配置均一致) server { listen 80; server_name bbs.etiantian.org; root html/bbs; index index.html index.htm; } server { listen 80; server_name www.etiantian.org; root html/www; index index.html index.htm; } } |
同步三臺web服務器配置: scp -rp {www.conf,bbs.conf} 172.16.1.7:/application/nginx/conf/extra/ scp -rp {www.conf,bbs.conf} 172.16.1.9:/application/nginx/conf/extra/
|
在lb01 lb02上測試web集群服務器是否正常響應訪問請求: curl -H host:www.etiantian.org 10.0.0.7/wuxing.html curl -H host:bbs.etiantian.org 10.0.0.7/wuxing.html curl -H host:www.etiantian.org 10.0.0.8/wuxing.html curl -H host:bbs.etiantian.org 10.0.0.8/wuxing.html curl -H host:www.etiantian.org 10.0.0.9/wuxing.html curl -H host:bbs.etiantian.org 10.0.0.9/wuxing.html
|
nginx反向代理負載均衡集群服務器配置文件環境統一 [root@lb01 conf]# cat nginx.conf ####lb01和lb02 nginx.conf worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; upstream server_pools { server 10.0.0.7:80; server 10.0.0.8:80; server 10.0.0.9:80; } server { listen 80; server_name www.etiantian.org; location / { proxy_pass http://server_pools; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; } } server { listen 80; server_name bbs.etiantian.org; location / { proxy_pass http://server_pools; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; } } }
|
#測試訪問lb01 和 lb02 是否實現了負載均衡 curl -H host:www.etiantian.org 10.0.0.5/wuxing.html curl -H host:bbs.etiantian.org 10.0.0.5/wuxing.html curl -H host:www.etiantian.org 10.0.0.6/wuxing.html curl -H host:bbs.etiantian.org 10.0.0.6/wuxing.html
|
1.5 keepalived服務部署
## 第一個裏程碑:keepalived軟件安裝部署 ### lb01 lb02負載服務器上均安裝 yum install -y keepalived rpm -qa keepalived rpm -ql keepalived
[root@lb01 conf]# rpm -ql keepalived /etc/keepalived /etc/keepalived/keepalived.conf --- keepalived服務主配置文件 /etc/rc.d/init.d/keepalived --- keepalived服務啟動腳本文件
|
## 第二個裏程碑:進行默認配置測試 ### 啟動lb01 lb02的keepalived服務 /etc/init.d/keepalived start ip addr 說明:存在默認配置虛IP地址信息 通過抓包可以看到vrrp數據包信息
|
## 第三個裏程碑:進行服務配置文件編寫 ### 前提需要了解配置文件內容信息(man keepalived.conf) ### 配置文件的組成部分 · GLOBAL CONFIGURATION ###全局定義(默認配置文件的01-13行) · VRRPD CONFIGURATION ###虛擬ip的配置(默認配置文件15-30行) · LVS CONFIGURATION ###配置與管理lvs
! Configuration File for keepalived
global_defs { --- 全局配置標題 notification_email { --- 定義管理員郵箱信息, } notification_email_from [email protected] --- 定義利用什麽郵箱發送郵件 smtp_server smtp.163.com --- 定義郵件服務器信息 smtp_connect_timeout 30 --- 定義郵件發送超時時間 router_id oldboy01 --- (重點參數)局域網keepalived主機身份標識信息 每一個keepalived主機身份標識信息唯一 }
vrrp_instance VI_1 { --- vrrp協議相關配置(vip地址設置) state MASTER --- keepalived角色描述(狀態)信息,可以配置參數(MASTER BACKUP) interface eth0 --- 表示將生成虛IP地址,設置在指定的網卡上 virtual_router_id 51 --- 表示keepalived家族標識信息 priority 100 --- keepalived服務競選主備服務器優先級設置(越大越優先) advert_int 1 --- 主服務組播包發送間隔時間 authentication { --- 主備主機之間通訊認證機制, auth_type PASS --- 采用明文認證機制 auth_pass 1111 --- 編寫明文密碼 } virtual_ipaddress { --- 設置虛擬IP地址信息 10.0.0.3 } }
|
### 搭建基礎的keepalived配置文件 #lb01 global_defs { router_id LVS_01 }
vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 51 priority 150 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.3 } } ################################################ ################################################ #lb02 global_defs { router_id LVS_02 }
vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.3 } }
|
說明:主備服務器配置文件區別 01. router_id 不同 02. state BACKUP 不同 03. priority 不同 說明:進行抓包觀察配置效果;並且對比兩個負載均衡服務器的配置文件 |
1.6 高可用集群排錯思路
1) 確認lb01 lb02 訪問後端web服務是否正常 2)確認用戶分別訪問lb01 lb02 是否有問題 3)利用vip地址進行訪問相應網站 4)做好windows host文件解析 說明:解析時,不能一個域名解析為多個IP地址 |
1.7 keepaliver軟件腦裂概念說明
## 開啟防火墻即可模擬出腦裂的情況 /etc/init.d/iptables start ### 腦裂情況出現的原因 ### 腦裂情況解決的方法 #### 制作監控腳本---lb02 報警的條件:只要lb02 上面有vip 1.lb01 掛了 2.心碎
#!/bin/bash #desc: jiankong lb02 vip if [ `ip a s eth0 |grep -c "10.0.0.3"` == 1 ];then echo "baojing" fi |
1.8 Nginx負載均衡實現高可用
1)統一lb01 lb02 反向代理 配置文件 ####lb01 nginx.conf worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; upstream server_pools { server 10.0.0.7; server 10.0.0.8; server 10.0.0.9; } server { listen 80; server_name bbs.etiantian.org; location / { proxy_pass http://server_pools; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; } access_log logs/access_www.log main;
} server { listen 80; server_name www.etiantian.org; location / { proxy_pass http://server_pools; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; } access_log logs/access_blog.log main;
} } |
2)進行測試 ## 01 測試10.0.0.5 lb01服務器 curl -H Host:www.etiantian.org 10.0.0.5/nana.html curl -H Host:bbs.etiantian.org 10.0.0.5/nana.html ## 01 測試10.0.0.6 lb01服務器 curl -H Host:www.etiantian.org 10.0.0.6/nana.html curl -H Host:bbs.etiantian.org 10.0.0.6/nana.html 說明:通過以上測試,確認兩臺lb服務器,均可實現負載調度功能
3)把域名解析到 vip上面 10.0.0.3 www.etiantian.org blog.etiantian.org bbs.etiantian.org |
## 問題小結: 1.是否解析 ping 2.瀏覽器緩存 3.服務沒重啟(平滑重啟) |
排錯過程:(最小化排錯) 01:利用負載服務器,在服務器上curl所有節點信息(web服務器配置有問題) --- web服務器有問題 02;curl 負載均衡服務器地址,可以實現負載均衡 --- nginx反向代理有問題 03:windows綁定虛擬IP,瀏覽器上進行測試 --- keepalived配置或運行有問題 DNS解析
keepalived日誌文件(運維能力:看日誌) tail -f /var/log/messages |
1.9 企業keepalived服務應用:
1.9.1 實踐案例一:更改nginx反向代理只監聽vip地址
10.0.0.3/nana.html 可以使用 10.0.0.5/nana.html 不可以使用 10.0.0.6/nana.html 不可以使用 |
第一個裏程碑:修改反向代理服務配置文件,只監聽vip地址 ####lb01 lb02 nginx.conf worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"';
upstream server_pools { server 10.0.0.7; server 10.0.0.8; server 10.0.0.9; }
server { listen 10.0.0.3:80; server_name www.etiantian.org; location / { proxy_pass http://server_pools; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; } access_log logs/access_www.log main;
} server { listen 10.0.0.3:80; server_name blog.etiantian.org; location / { proxy_pass http://server_pools; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; } access_log logs/access_blog.log main;
} } 說明:在修改反向代理服務器配置文件監聽地址時,多個server都需要配置監聽地址,否則仍舊使用默認監聽所有 |
第二個裏程碑:lb02上不存在vip地址,無法監聽,需要修改內核文件 [root@lb01 conf]# /application/nginx/sbin/nginx -t nginx: the configuration file /application/nginx-1.10.2/conf/nginx.conf syntax is ok nginx: [emerg] bind() to 10.0.0.3:80 failed (99: ) nginx: configuration file /application/nginx-1.10.2/conf/nginx.conf test failed [root@lb01 conf]# ip a s eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:27:4e:e9 brd ff:ff:ff:ff:ff:ff inet 10.0.0.5/24 brd 10.0.0.255 scope global eth0 inet6 fe80::20c:29ff:fe27:4ee9/64 scope link valid_lft forever preferred_lft forever [root@lb01 conf]# ###nginx 沒有辦法 監聽 本地不存在的ip地址
解決方法: echo 'net.ipv4.ip_nonlocal_bind = 1' >>/etc/sysctl.conf ---實現監聽本地不存在的ip地址 ##/etc/sysctl.conf 加上 sysctl -p echo "1" >/proc/sys/net/ipv4/ip_nonlocal_bind |
第三個裏程碑:進行測試 |
1.9.2 企業實踐案例二:讓keepalived監控nginx反向代理服務
####第一個裏程碑-keepalived監控nginx條件 1.如何nginx掛了---我如何知道nginx掛了? 1)端口 2)進程
ps -ef |grep nginx |grep -v grep |wc -l
2.keepalived掛了 /etc/init.d/keepalived stop
##> -gt greater than ##>= -ge greater equal ##< -lt less than ##<= -le less equal ##== -eq equal ##!= -ne no equal |
####第二個裏程碑-根據條件-書寫腳本 #!/bin/bash #name: check_web.sh #desc: check nginx and kill keepalived if [ `ps -ef |grep nginx |grep -v grep |wc -l` -lt 2 ];then /etc/init.d/keepalived stop Fi |
####第三個裏程碑-添加權限 [root@lb02 conf]# chmod +x /server/scripts/check_web.sh [root@lb02 conf]# ll /server/scripts/check_web.sh -rwxr-xr-x 1 root root 174 Mar 30 17:47 /server/scripts/check_web.sh |
####第四個裏程碑-測試 |
####第五個裏程碑-放入到keepalived.conf ####下面是lb02的配置文件 lb01上面自己修改下。 global_defs { router_id LVS_02 }
vrrp_script check_web { script "/server/scripts/web_jiankong.sh" --- 表示將一個腳本信息賦值給變量check_web interval 2 --- 執行監控腳本的間隔時間 weight 2 --- 利用權重值和優先級進行運算,從而降低主服務優先級 使之變為備服務器(建議先忽略) }
/server/scripts/check_web.sh
vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.3/24 dev eth0 label eth0:1 } track_script { check_web }
$check_web } |
####第六個裏程碑-測試 |
1.9.3 企業實踐案例三:keepalived多實例配置
####第一個裏程碑-配置keepalived-配置雙主 ####lb01 #lb01 global_defs { router_id LVS_01 } vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 51 priority 150 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.3/24 dev eth0 label eth0:1 } } vrrp_instance VI_2 { state BACKUP interface eth0 virtual_router_id 52 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.4/24 dev eth0 label eth0:2 } }
#lb02 global_defs { router_id LVS_02 } vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.3/24 dev eth0 label eth0:1 } } vrrp_instance VI_2 { state MASTER interface eth0 virtual_router_id 52 priority 150 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.4/24 dev eth0 label eth0:2 }
} |
#########第二個裏程碑-配置nginx 負載均衡 ####lb01 lb02 nginx.conf worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; upstream server_pools { server 10.0.0.7; server 10.0.0.8; server 10.0.0.9; } server { listen 10.0.0.3:80; server_name www.etiantian.org; location / { proxy_pass http://server_pools; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; } access_log logs/access_www.log main; } server { listen 10.0.0.4:80; server_name blog.etiantian.org; location / { proxy_pass http://server_pools; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; } access_log logs/access_blog.log main;
} } |
#########第三個裏程碑-windows hosts解析 10.0.0.3 www.etiantian.org 10.0.0.4 bbs.etiantian.org |
#########第四個裏程碑-瀏覽器進行測試 |
Keepalived高可用服務