內容:
一:概念、原理
二:實驗過程
一、概念
一、keepalived原理及配置解析
keepalived:vrrp協議的實現
vrrp協議:virtual router redundancy protocol 即虛擬路由器冗餘協議
vrrp基本實現及工作流程:
VRRP通過在一組路由器(一個VRRP組)之間共享一個虛擬IP(VIP)解決靜態配置的問題,此時僅需要客戶端以VIP作爲其默認網關即可。
如圖爲一個基本的VLAN拓撲,其中,Device A、B、C共同組成一個VRRP組,其VIP爲10.1.1.1,配置在路由器A的物理接口上,因此A爲master路由器,B和C爲backup路由器。
VRRP組中,master(路由器A)負責轉發發往VIP地址的報文,客戶端A、B、C都以此VIP作爲其默認網關。一旦master故障,backup路由器B和C中具有最高優先級的路由器將成爲master並接管VIP地址,而當原來的master路由器A重新上線時,如果工作在搶佔模式下,其將重新成爲master路由器。如果工作在非搶佔模式下,其將作爲backup路由器備用。
VRRP是一個“選舉”協議,它能夠動態地將一個虛擬路由器的責任指定至同一個VRRP組中的其它路由器上,從而消除了靜態路由配置的單點故障。
VRRP術語:
VRRP虛擬路由(VRRP router):由一個master路由器和多個backup路由器組成,主機將虛擬路由器作爲默認網關。
VRID(虛擬路由器標誌):同一個虛擬路由器VRID必須唯一。
master路由器:虛擬路由器中承擔報文轉發任務的路由器。
backup路由器:master路由器故障時,能夠接替master路由器工作的路由器。
優先級:vrrp根據優先級高低確定虛擬路由器組中每臺路由器地位。
IP地址擁有者(IP Address Owner):如果一個VRRP設備將虛擬路由器IP地址作爲真實的接口地址,則該設備被稱爲IP地址擁有者。如果IP地址擁有者是可用的,通常它將成爲Master。
搶佔模式:backup路由器工作於該模式下時,當它收到vrrp報文後,會將自身優先級與報文中的優先級作比較,如果自身優先級高,則會主動搶佔成爲master路由器,否則維持原狀。
非搶佔模式:backup路由器工作於該模式下時,只要master路由器不出現故障,則維持原狀。
VRRP的優勢:
冗餘:可以使用多個路由器設備作爲LAN客戶端的默認網關,大大降低了默認網關成爲單點故障的可能性;
負載共享:允許來自LAN客戶端的流量由多個路由器設備所共享;
多VRRP組:在一個路由器物理接口上可配置多達255個VRRP組;
多IP地址:基於接口別名在同一個物理接口上配置多個IP地址,從而支持在同一個物理接口上接入多個子網;
搶佔:在master故障時允許優先級更高的backup成爲master;
通告協議:使用IANA所指定的組播地址224.0.0.18進行VRRP通告;
VRRP追蹤:基於接口狀態來改變其VRRP優先級來確定最佳的VRRP路由器成爲master;
二、實驗過程
實驗拓撲圖:
先配置好基本環境 (關閉防火牆、selinux策略禁用等)
雙主配置
一、單主模式即一臺爲主節點,一臺爲從節點 (雙主模型是兩臺服務器互爲主備,即一臺爲主備,另一臺爲備主(配置文件內容相反),讓兩臺服務器並行運行,也可以實現減輕單臺keepalived主機上的壓力。 雙主模型需要注意此時需要有2個VIP地址)
先配置路由器99.120 ,在上面開啓路由轉發功能,使其都能互通
[root@centos7 ~]# echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
[root@centos7 ~]# sysctl -p
net.ipv4.ip_forward = 1
在99.130、140主機上安裝軟件
① 安裝軟件包
[root@centos7 ~]# yum install -y lvsadm keepalived
keepalived配置文件詳解
notification_email { #郵件通知機制,當keepalived發生故障時,進行發郵件通知
[email protected] #可以將其修改也可以將其改爲本機
}
notification_email_from [email protected] #郵件從哪裏發出去
smtp_server 127.0.0.1 #本機的smtp服務器地址
smtp_connect_timeout 30 #smtp的連接超時時長
router_id n1.mylinuxops.com #虛擬路由的表示符一般寫本機,確保每個節點都不相同
vrrp_skip_check_adv_addr #跳過檢查數據報文,默認會檢查。
vrrp_strict #嚴格遵循vrrp協議,沒有vip,單播地址,ipv6地址將無法啓動
vrrp_iptables #不生成iptables規則
vrrp_mcast_group4 224.0.0.18 #組播,默認情況下向224.0.0.18發送組播消息
vrrp_garp_interval 0 #arp報文發送延遲
vrrp_gna_interval 0 #消息發送延遲
}
vrrp_instance VI_1 { #配置實例的名稱
state BACKUP #服務器角色
nopreempt #關閉VIP的搶佔,state都爲BACKUP時生效。
interface eth0 #默認的接口
virtual_router_id 66 #虛擬路由ID
priority 80 #優先級
advert_int 2 #探測時間
authentication { #認證方式
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { #虛擬的IP地址,將地址綁定在哪個網卡上,子接口是哪個
192.168.99.188 dev eth0 label eth0:1
}
}
②編輯99.130主機keepalived主的配置文件/etc/keepalived/keepalived.conf
[root@centos7 ~]# cd /etc/keepalived/ [root@centos7 keepalived]#ls keepalived.conf [root@centos7 keepalived]# cp keepalived.conf keepalived.conf.bak
[root@centos7 keepalived]# cat keepalived.conf
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id s1.peter.com
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 66
priority 100
advert_int 2
authentication {
auth_type PASS
auth_pass 1111
}
unicast_src_ip 192.168.99.130 label eth0:0
unicast_peer {
192.168.99.140
}
virtual_ipaddress {
192.168.99.188 dev eth0 label eth0:0
192.168.99.189 dev eth0 label eth0:1
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 77
priority 80
advert_int 2
authentication {
auth_type PASS
auth_pass 1111
}
unicast_src_ip 192.168.99.130 label eth0:0
unicast_peer {
192.168.99.140
}
virtual_ipaddress {
192.168.99.200 dev eth0 label eth0:2
192.168.99.201 dev eth0 label eth0:3
}
}
③ 編輯從節點99.140的配置文件
[root@centos7 keepalived]# vim keepalived.conf
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id s1.peter.com
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 66
priority 80
advert_int 2
authentication {
auth_type PASS
auth_pass 1111
}
unicast_src_ip 192.168.99.140 label eth0:0
unicast_peer {
192.168.99.130
}
virtual_ipaddress {
192.168.99.188 dev eth0 label eth0:0
192.168.99.189 dev eth0 label eth0:1
}
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 77
priority 80
advert_int 2
authentication {
auth_type PASS
auth_pass 1111
}
unicast_src_ip 192.168.99.140 label eth0:0
unicast_peer {
192.168.99.130
}
virtual_ipaddress {
192.168.99.200 dev eth0 label eth0:2
192.168.99.201 dev eth0 label eth0:3
}
}
④ 先啓動從節點的keepalived服務並查看日誌(因爲此時主節點還沒有啓動服務所以從節點的兩個實例配置都會變爲MASTER,也應該會有4個vip地址綁定在本機eth0網卡)
[root@centos7 keepalived]#systemctl restart keepalived ;tail -f /var/log/messages Aug 12 22:13:10 centos7 Keepalived_vrrp[7238]: Stopped Aug 12 22:13:10 centos7 systemd: Stopped LVS and VRRP High Availability Monitor. Aug 12 22:13:10 centos7 Keepalived[7236]: Stopped Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2 Aug 12 22:13:14 centos7 systemd: Starting LVS and VRRP High Availability Monitor... Aug 12 22:13:14 centos7 Keepalived[7252]: Starting Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2 Aug 12 22:13:14 centos7 Keepalived[7252]: Opening file '/etc/keepalived/keepalived.conf'. Aug 12 22:13:14 centos7 systemd: PID file /var/run/keepalived.pid not readable (yet?) after start. Aug 12 22:13:14 centos7 Keepalived[7253]: Starting Healthcheck child process, pid=7254 Aug 12 22:13:14 centos7 Keepalived[7253]: Starting VRRP child process, pid=7255 Aug 12 22:13:14 centos7 systemd: Started LVS and VRRP High Availability Monitor. Aug 12 22:13:14 centos7 Keepalived_healthcheckers[7254]: Opening file '/etc/keepalived/keepalived.conf'. Aug 12 22:13:14 centos7 Keepalived_vrrp[7255]: Registering Kernel netlink reflector Aug 12 22:13:14 centos7 Keepalived_vrrp[7255]: Registering Kernel netlink command channel Aug 12 22:13:14 centos7 Keepalived_vrrp[7255]: Registering gratuitous ARP shared channel Aug 12 22:13:14 centos7 Keepalived_vrrp[7255]: Opening file '/etc/keepalived/keepalived.conf'. Aug 12 22:13:14 centos7 Keepalived_vrrp[7255]: VRRP_Instance(VI_1) removing protocol VIPs. Aug 12 22:13:14 centos7 Keepalived_vrrp[7255]: VRRP_Instance(VI_2) removing protocol VIPs. Aug 12 22:13:14 centos7 Keepalived_vrrp[7255]: Using LinkWatch kernel netlink reflector... Aug 12 22:13:14 centos7 Keepalived_vrrp[7255]: VRRP_Instance(VI_1) Entering BACKUP STATE Aug 12 22:13:14 centos7 Keepalived_vrrp[7255]: VRRP sockpool: [ifindex(2), proto(112), unicast(1), fd(10,11)] Aug 12 22:13:16 centos7 Keepalived_vrrp[7255]: VRRP_Instance(VI_2) Transition to MASTER STATE Aug 12 22:13:18 centos7 Keepalived_vrrp[7255]: VRRP_Instance(VI_2) Entering MASTER STATE Aug 12 22:13:18 centos7 Keepalived_vrrp[7255]: VRRP_Instance(VI_2) setting protocol VIPs. Aug 12 22:13:18 centos7 Keepalived_vrrp[7255]: Sending gratuitous ARP on eth0 for 192.168.99.200 Aug 12 22:13:18 centos7 Keepalived_vrrp[7255]: VRRP_Instance(VI_2) Sending/queueing gratuitous ARPs on eth0 for 192.168.99.200 Aug 12 22:13:18 centos7 Keepalived_vrrp[7255]: Sending gratuitous ARP on eth0 for 192.168.99.201 Aug 12 22:13:18 centos7 Keepalived_vrrp[7255]: VRRP_Instance(VI_2) Sending/queueing gratuitous ARPs on eth0 for 192.168.99.201 Aug 12 22:13:18 centos7 Keepalived_vrrp[7255]: Sending gratuitous ARP on eth0 for 192.168.99.200 Aug 12 22:13:18 centos7 Keepalived_vrrp[7255]: Sending gratuitous ARP on eth0 for 192.168.99.201 Aug 12 22:13:20 centos7 Keepalived_vrrp[7255]: VRRP_Instance(VI_1) Transition to MASTER STATE Aug 12 22:13:22 centos7 Keepalived_vrrp[7255]: VRRP_Instance(VI_1) Entering MASTER STATE Aug 12 22:13:22 centos7 Keepalived_vrrp[7255]: VRRP_Instance(VI_1) setting protocol VIPs. Aug 12 22:13:22 centos7 Keepalived_vrrp[7255]: Sending gratuitous ARP on eth0 for 192.168.99.188 Aug 12 22:13:22 centos7 Keepalived_vrrp[7255]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on eth0 for 192.168.99.188 Aug 12 22:13:22 centos7 Keepalived_vrrp[7255]: Sending gratuitous ARP on eth0 for 192.168.99.189 Aug 12 22:13:22 centos7 Keepalived_vrrp[7255]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on eth0 for 192.168.99.189 Aug 12 22:13:22 centos7 Keepalived_vrrp[7255]: Sending gratuitous ARP on eth0 for 192.168.99.188 Aug 12 22:13:22 centos7 Keepalived_vrrp[7255]: Sending gratuitous ARP on eth0 for 192.168.99.189 Aug 12 22:13:23 centos7 Keepalived_vrrp[7255]: Sending gratuitous ARP on eth0 for 192.168.99.200 Aug 12 22:13:23 centos7 Keepalived_vrrp[7255]: VRRP_Instance(VI_2) Sending/queueing gratuitous ARPs on eth0 for 192.168.99.200 Aug 12 22:13:23 centos7 Keepalived_vrrp[7255]: Sending gratuitous ARP on eth0 for 192.168.99.201 Aug 12 22:13:23 centos7 Keepalived_vrrp[7255]: VRRP_Instance(VI_2) Sending/queueing gratuitous ARPs on eth0 for 192.168.99.201 Aug 12 22:13:23 centos7 Keepalived_vrrp[7255]: Sending gratuitous ARP on eth0 for 192.168.99.200 Aug 12 22:13:23 centos7 Keepalived_vrrp[7255]: Sending gratuitous ARP on eth0 for 192.168.99.201 Aug 12 22:13:27 centos7 Keepalived_vrrp[7255]: Sending gratuitous ARP on eth0 for 192.168.99.188 Aug 12 22:13:27 centos7 Keepalived_vrrp[7255]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on eth0 for 192.168.99.188 Aug 12 22:13:27 centos7 Keepalived_vrrp[7255]: Sending gratuitous ARP on eth0 for 192.168.99.189 Aug 12 22:13:27 centos7 Keepalived_vrrp[7255]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on eth0 for 192.168.99.189 Aug 12 22:13:27 centos7 Keepalived_vrrp[7255]: Sending gratuitous ARP on eth0 for 192.168.99.189 Aug 12 22:13:27 centos7 Keepalived_vrrp[7255]: Sending gratuitous ARP on eth0 for 192.168.99.188 Aug 12 22:13:27 centos7 Keepalived_vrrp[7255]: Sending gratuitous ARP on eth0 for 1
⑤ 查看本地eth0網卡是否有4個VIP的地址
⑥ 此時如果開啓主節點的keepalived,vip地址就會自動被移除,並變爲backup狀態
[root@centos7 keepalived]# tail -f /var/log/messages
Aug 12 21:54:20 centos7 Keepalived_vrrp[7156]: Sending gratuitous ARP on eth0 for 192.168.99.188
Aug 12 21:54:20 centos7 Keepalived_vrrp[7156]: Sending gratuitous ARP on eth0 for 192.168.99.188
Aug 12 21:54:20 centos7 Keepalived_vrrp[7156]: Sending gratuitous ARP on eth0 for 192.168.99.188
Aug 12 21:54:20 centos7 Keepalived_vrrp[7156]: Sending gratuitous ARP on eth0 for 192.168.99.188
Aug 12 21:54:25 centos7 Keepalived_vrrp[7156]: Sending gratuitous ARP on eth0 for 192.168.99.188
Aug 12 21:54:25 centos7 Keepalived_vrrp[7156]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on eth0 for 192.168.99.188
Aug 12 21:54:25 centos7 Keepalived_vrrp[7156]: Sending gratuitous ARP on eth0 for 192.168.99.188
Aug 12 21:54:25 centos7 Keepalived_vrrp[7156]: Sending gratuitous ARP on eth0 for 192.168.99.188
Aug 12 21:54:25 centos7 Keepalived_vrrp[7156]: Sending gratuitous ARP on eth0 for 192.168.99.188
Aug 12 21:54:25 centos7 Keepalived_vrrp[7156]: Sending gratuitous ARP on eth0 for 192.168.99.188
Aug 12 21:55:16 centos7 Keepalived_vrrp[7156]: VRRP_Instance(VI_1) Received advert with higher priority 100, ours 80
Aug 12 21:55:16 centos7 Keepalived_vrrp[7156]: VRRP_Instance(VI_1) Entering BACKUP STATE # 狀態從master變爲backup
Aug 12 21:55:16 centos7 Keepalived_vrrp[7156]: VRRP_Instance(VI_1) removing protocol VIPs. # 並且自動移除了vip的地址,vip地址就飄到了主節點上的eth0網卡上
此時的模式配置是搶佔模式,即當主節點啓動後vip就會被搶過來,從節點又淪爲backup模式
二、配置爲不搶佔模式
1、兩個節點同樣配置
[root@centos7 keepalived]# vim keepalived.conf
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id s1.peter.com
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP #狀態都配置爲BACKUP
interface eth0
virtual_router_id 66
priority 100
advert_int 2
nopreempt #配置不搶佔
authentication {
auth_type PASS
auth_pass 1111
}
unicast_src_ip 192.168.99.130 label eth0:0
unicast_peer {
192.168.99.140
}
virtual_ipaddress {
192.168.99.188 dev eth0 label eth0:0
192.168.99.189 dev eth0 label eth0:1
}
}
vrrp_instance VI_2 {
state BACKUP #改爲BACKUP
interface eth0
virtual_router_id 77
priority 80
advert_int 2
nopreempt #同樣配置
authentication {
auth_type PASS
auth_pass 1111
}
unicast_src_ip 192.168.99.130 label eth0:0
unicast_peer {
192.168.99.140
}
virtual_ipaddress {
192.168.99.200 dev eth0 label eth0:2
192.168.99.201 dev eth0 label eth0:3
}
}
此時當一個節點掛掉後,vip就會飄到另一臺機器上,當原先的節點恢復工作後也不會搶回vip的地址
三、keepalived和lvs實現IPVS
環境利用上面的環境
1、配置後端兩個RS服務器,都安裝httpd,並配置測試的主頁面
[root@centos7 ~]# yum install -y httpd
[root@centos7 ~]# echo RS1_99.150_test-Pages > /var/www/html/index.html
2、配置keepalived添加virtual_server段,兩臺同樣配置
[root@centos7 keepalived]# vim keepalived.conf
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id s1.peter.com
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 66
priority 100
advert_int 2
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
unicast_src_ip 192.168.99.130 label eth0:0
unicast_peer {
192.168.99.140
}
virtual_ipaddress {
192.168.99.188/24 dev eth0 label eth0:0
#192.168.99.189 dev eth0 label eth0:1
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 77
priority 80
advert_int 2
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
unicast_src_ip 192.168.99.130 label eth0:0
unicast_peer {
192.168.99.140
}
virtual_ipaddress {
192.168.99.200/24 dev eth0 label eth0:2
#192.168.99.201 dev eth0 label eth0:3
}
}
virtual_server 192.168.99.188 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
protocol TCP
real_server 192.168.99.150 80 {
weight 1
TCP_CHECK { #對後端服務器做tcp的監測
connect_timeout 5 #定義連接超時時長
retry 3 #重試次數
delay_before_retry 3 #每次重試的間隔時間
connect_port 80 #監測的端口
}
}
real_server 192.168.99.160 80 {
weight 1
TCP_CHECK {
connect_timeout 5
retry 3
delay_before_retry 3
connect_port 80
}
}
}
2、配置完keepalived後重啓服務即可,keepalived會自動添加lvs策略
此時配置就基本完成了,還剩最後一步
3、需要把vip的地址綁定在後端web的lo網卡上,並且需要配置一下關閉自動應答,如果不關閉就會地址衝突,寫個腳本實現
兩個web端都需要配置
[root@centos7 hx]# vim lvs_dr_rs.sh #!/bin/bash #Author:Peter Xu #Date:2019-08-13 vip=192.168.99.188 mask='255.255.255.255' dev=lo:1 #rpm -q httpd &> /dev/null || yum -y install httpd &>/dev/null #service httpd start &> /dev/null && echo "The httpd Server is Ready!" #echo "<h1>`hostname`</h1>" > /var/www/html/index.html case $1 in start) echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce ifconfig $dev $vip netmask $mask #broadcast $vip up #route add -host $vip dev $dev echo "The RS Server is Ready!" ;; stop) ifconfig $dev down echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce echo "The RS Server is Canceled!" ;; *) echo "Usage: $(basename $0) start|stop" exit 1 ;; esac [root@centos7 hx]# sh lvs_dr_rs.sh start #執行腳本即可完成配置 The RS Server is Ready!
4、最後我們通過客戶端進行測試訪問,我們配置的lvs策略是輪詢(方便看效果)
訪問成功了
實驗完成