2021 款 MacBook Pro 搭載夏普定製屏,蘋果技術加持下發揮出色
阿新 • • 發佈:2021-10-20
keepalived
簡介
Keepalived 軟體起初是專為LVS負載均衡軟體設計的,用來管理並監控LVS集群系統中各個服務節點的狀態,後來又加入了可以實現高可用的VRRP功能。因此,Keepalived除了能夠管理LVS軟體外,還可以作為其他服務(例如:Nginx、Haproxy、MySQL等)的高可用解決方案軟體。
Keepalived軟體主要是通過VRRP協議實現高可用功能的。VRRP是Virtual Router RedundancyProtocol(虛擬路由器冗餘協議)的縮寫,VRRP出現的目的就是為了解決靜態路由單點故障問題的,它能夠保證當個別節點宕機時,整個網路可以不間斷地執行。
所以,Keepalived 一方面具有配置管理LVS的功能,同時還具有對LVS下面節點進行健康檢查的功能,另一方面也可實現系統網路服務的高可用功能。
官網:http://www.keepalived.org/
功能
管理LVS負載均衡軟體
實現LVS叢集節點的健康檢查
作為系統網路服務的高可用性(failover)
高可用故障轉移的原理
Keepalived 高可用服務之間的故障切換轉移,是通過 VRRP 來實現的。
在 Keepalived 服務正常工作時,主 Master 節點會不斷地向備節點發送(多播的方式)心跳訊息,用以告訴備 Backup 節點自己還活看,當主 Master 節點發生故障時,就無法傳送心跳訊息,備節點也就因此無法繼續檢測到來自主 Master 節點的心跳了,於是呼叫自身的接管程式,接管主 Master 節點的 IP 資源及服務。而當主 Master 節點恢復時,備 Backup 節點又會釋放主節點故障時自身接管的IP資源及服務,恢復到原來的備用角色。
-
VRRP :全 稱 Virtual Router Redundancy Protocol ,中文名為虛擬路由冗餘協議 ,VRRP的出現就是為了解決靜態踣甶的單點故障問題,VRRP是通過一種競選機制來將路由的任務交給某臺VRRP路由器的。
-
VRRP用 IP多播的方式(預設多播地址(224.0_0.18))實現高可用對之間通訊。
-
工作時主節點發包,備節點接包,當備節點接收不到主節點發的資料包的時候,就啟動接管程式接管主節點的開源。備節點可以有多個,通過優先順序競選,但一般 Keepalived系統運維工作中都是一對。
-
VRRP使用了加密協議加密資料,但Keepalived官方目前還是推薦用明文的方式配置認證型別和密碼。
工作原理
Keepalived高可用是通過 VRRP 進行通訊的, VRRP是通過競選機制來確定主備的,主的優先順序高於備,因此,工作時主會優先獲得所有的資源,備節點處於等待狀態,當主掛了的時候,備節點就會接管主節點的資源,然後頂替主節點對外提供服務。
在 Keepalived 服務之間,只有作為主的伺服器會一直髮送 VRRP 廣播包,告訴備它還活著,此時備不會槍佔主,當主不可用時,即備監聽不到主傳送的廣播包時,就會啟動相關服務接管資源,保證業務的連續性.接管速度最快可以小於1秒。
部署
## master ##
關閉防火牆selinux
[root@localhost ~]# hostnamectl set-hostname master
[root@localhost ~]# bash
[root@master ~]# systemctl disable --now firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@master ~]# vim /etc/selinux/config
[root@master ~]# setenforce 0
[root@master ~]# reboot
[root@master ~]# getenforce
Disabled
配置網路源
[root@master ~]# curl -o /etc/yum.repos.d/CentOS7-Base-163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1572 100 1572 0 0 4837 0 --:--:-- --:--:-- --:--:-- 4851
[root@master ~]# sed -i 's/\$releasever/7/g' /etc/yum.repos.d/CentOS7-Base-163.repo
[root@master ~]# sed -i 's/^enabled=.*/enabled=1/g' /etc/yum.repos.d/CentOS7-Base-163.repo
安裝相關元件
[root@master ~]# yum -y install epel-release vim wget gcc gcc-c++
安裝keepalived
[root@master ~]# yum -y install keepalived
[root@master ~]# rpm -ql keepalived
/etc/keepalived //配置目錄
/etc/keepalived/keepalived.conf //主配置檔案
/etc/sysconfig/keepalived
/usr/bin/genhash
/usr/lib/systemd/system/keepalived.service //服務控制檔案
/usr/libexec/keepalived
/usr/sbin/keepalived //命令存放位置
## slave ##
關閉防火牆selinux
[root@localhost ~]# hostnamectl set-hostname slave
[root@localhost ~]# bash
[root@slave ~]# systemctl disable --now firewalld.service
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@slave ~]# vim /etc/selinux/config
[root@slave ~]# setenforce 0
[root@slave ~]# reboot
[root@slave ~]# getenforce
Disabled
配置網路源
[root@slave ~]# curl -o /etc/yum.repos.d/CentOS7-Base-163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1572 100 1572 0 0 2335 0 --:--:-- --:--:-- --:--:-- 2332
[root@slave ~]# sed -i 's/\$releasever/7/g' /etc/yum.repos.d/CentOS7-Base-163.repo
[root@slave ~]# sed -i 's/^enabled=.*/enabled=1/g' /etc/yum.repos.d/CentOS7-Base-163.repo
安裝相關元件
[root@slave ~]# yum -y install epel-release vim wget gcc gcc-c++
安裝keepalived
[root@slave ~]# yum -y install keepalived
## master ##
在master上安裝httpd
[root@master ~]# yum -y install httpd
設定開機自啟
[root@master ~]# systemctl enable --now httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@master ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since 五 2021-10-22 00:18:50 EDT; 8s ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 13792 (httpd)
Status: "Processing requests..."
CGroup: /system.slice/httpd.service
├─13792 /usr/sbin/httpd -DFOREGROUND
├─13793 /usr/sbin/httpd -DFOREGROUND
├─13794 /usr/sbin/httpd -DFOREGROUND
├─13795 /usr/sbin/httpd -DFOREGROUND
├─13796 /usr/sbin/httpd -DFOREGROUND
└─13797 /usr/sbin/httpd -DFOREGROUND
10月 22 00:18:50 master systemd[1]: Starting The Apache HTTP Server...
10月 22 00:18:50 master httpd[13792]: AH00558: httpd: Could not reliably determ...ge
10月 22 00:18:50 master systemd[1]: Started The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.
[root@master ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
配置網站
[root@master ~]# echo 'master' > /var/www/html/index.html
[root@master ~]# curl 192.168.145.149
master
## slave ##
在slave上安裝httpd
[root@slave ~]# yum -y install httpd
設定開機自啟
[root@slave ~]# systemctl enable --now httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
配置網站
[root@slave ~]# echo 'slave' > /var/www/html/index.html
[root@slave ~]# curl 192.168.145.150
slave
[root@slave ~]# curl 192.168.145.149
master
## master ##
配置主keepalived
[root@master ~]# vim /etc/keepalived/keepalived.conf
[root@master ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass lll
}
virtual_ipaddress {
192.168.145.250
}
}
virtual_server 192.168.145.250 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.145.149 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.145.150 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
重啟使配置生效
[root@master ~]# systemctl restart keepalived
[root@master ~]# systemctl enable keepalived
Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.
## slave ##
配置備keepalived
[root@slave ~]# vim /etc/keepalived/keepalived.conf
[root@slave ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass lll
}
virtual_ipaddress {
192.168.145.250
}
}
virtual_server 192.168.145.250 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.145.149 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.145.150 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
使配置生效
[root@slave ~]# systemctl restart keepalived
[root@slave ~]# systemctl enable keepalived
Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.
檢視VIP
[root@master ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:20:9e:66 brd ff:ff:ff:ff:ff:ff
inet 192.168.145.149/24 brd 192.168.145.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.145.250/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe20:9e66/64 scope link
valid_lft forever preferred_lft forever
[root@slave ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:b4:70:bf brd ff:ff:ff:ff:ff:ff
inet 192.168.145.150/24 brd 192.168.145.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feb4:70bf/64 scope link
valid_lft forever preferred_lft forever
## master ##
修改核心引數,開啟監聽VIP功能
[root@master ~]# echo 'net.ipv4.ip_nonlocal_bind = 1' >>/etc/sysctl.conf
[root@master ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
[root@master ~]# cat /proc/sys/net/ipv4/ip_nonlocal_bind
1
## slave ##
[root@slave ~]# echo 'net.ipv4.ip_nonlocal_bind = 1' >>/etc/sysctl.conf
[root@slave ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
[root@slave ~]# cat /proc/sys/net/ipv4/ip_nonlocal_bind
1
讓keepalived通過指令碼來監控httpd負載均衡機的狀態
## master ##
[root@master ~]# mkdir /scripts
[root@master ~]# cd /scripts/
[root@master scripts]# vim check_m.sh
[root@master scripts]# cat check_m.sh
if [ $httpd_status -lt 1 ];then
systemctl stop keepalived
fi
[root@master scripts]# chmod +x check_m.sh
[root@master scripts]# vim notify.sh
[root@master scripts]# cat notify.sh
#!/bin/bash
VIP=$2
sendmail (){
subject="${VIP}'s server keepalived state is translate"
content="`date +'%F %T'`: `hostname`'s state change to master"
echo $content | mail -s "$subject" [email protected]
}
case "$1" in
master)
httpd_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bhttpd\b'|wc -l)
if [ $httpd_status -lt 1 ];then
systemctl start httpd
fi
sendmail
;;
backup)
httpd_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bhttpd\b'|wc -l)
if [ $httpd_status -gt 0 ];then
systemctl stop httpd
fi
;;
*)
echo "Usage:$0 master|backup VIP"
;;
esac
[root@master scripts]# chmod +x notify.sh
[root@master scripts]# ll
總用量 8
-rwxr-xr-x 1 root root 65 10月 22 00:34 check_m.sh
-rwxr-xr-x 1 root root 656 10月 22 00:35 notify.sh
## slave ##
[root@slave ~]# mkdir /scripts
[root@slave ~]# cd /scripts/
[root@slave scripts]# vim notify.sh
[root@slave scripts]# cat notify.sh
#!/bin/bash
VIP=$2
sendmail (){
subject="${VIP}'s server keepalived state is translate"
content="`date +'%F %T'`: `hostname`'s state change to master"
echo $content | mail -s "$subject" [email protected]
}
case "$1" in
master)
httpd_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bhttpd\b'|wc -l)
if [ $httpd_status -lt 1 ];then
systemctl start httpd
fi
sendmail
;;
backup)
httpd_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bhttpd\b'|wc -l)
if [ $httpd_status -gt 0 ];then
systemctl stop httpd
fi
;;
*)
echo "Usage:$0 master|backup VIP"
;;
esac
[root@slave scripts]# chmod +x notify.sh
[root@slave scripts]# ll
總用量 4
-rwxr-xr-x 1 root root 662 10月 22 00:37 notify.sh
配置keepalived加入監控指令碼的配置
## master ##
[root@master scripts]# vim notify.sh
[root@master scripts]# vim /etc/keepalived/keepalived.conf
[root@master scripts]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb01 ## 非常重要,標識本機的hostname
}
vrrp_script httpd_check {
script "/scripts/check_m.sh" ## 執行的指令碼位置
interval 1 ## 檢測時間間隔
weight -20 ## 如果條件成立則權重減20
}
vrrp_instance VI_1 {
state MASTER ## 非常重要,標識主機,備用機為BACKUP
interface ens33 ## 非常重要,網絡卡名
virtual_router_id 52 ## 非常重要,虛擬路由ID號(主備節點要相同)
priority 100 ## 優先順序(0-254),一般主機的大於備機
advert_int 1 ## 主備資訊傳送間隔,兩個節點必須一致,預設1秒
authentication {
auth_type PASS
auth_pass lll 證匹配,設定認證型別和密碼,MASTER和BACKUP必須使用相同的密碼才能正常通訊
}
virtual_ipaddress {
192.168.145.250 ##虛擬ip,可以指定多個
}
track_script { ## 檢查haproxy健康狀況的指令碼
httpd_check
}
notify_master "/scripts/notify.sh master 192.168.216.250"
notify_backup "/scripts/notify.sh backup 192.168.216.250"
}
virtual_server 192.168.145.250 80 { ####虛擬ip 的詳細配置
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.145.149 80 { ## ## 本機的真實ip
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.145.150 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@master scripts]# systemctl restart keepalived
## slave ##
[root@slave scripts]# vim /etc/keepalived/keepalived.conf
[root@slave scripts]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 52
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass lll
}
virtual_ipaddress {
192.168.145.250
}
notify_master "/scripts/notify.sh master 192.168.216.250"
notify_backup "/scripts/notify.sh backup 192.168.216.250"
}
virtual_server 192.168.145.250 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.145.149 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.145.150 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@slave scripts]# systemctl restart keepalived
模擬主伺服器宕機
[root@master scripts]# systemctl stop keepalived
[root@master scripts]# systemctl stop httpd