一、Keepalived


1.概述

  • Keepalived使用HA(High Available双机集群系统),指高可用性集群,是保证业务连续性的有效解决方案,一般有两个或两个以上的节点,且分为活动节点及备用节点。
  • Keepalived的作用是检测服务器的状态,如果有一台web服务器宕机,或工作出现故障,Keepalived将检测到,并将有故障的服务器从系统中剔除,同时使用其他服务器代替该服务器的工作,当服务器工作正常后Keepalived自动将服务器加入到服务器群中,这些工作全部自动完成,不需要人工干涉,需要人工做的只是修复故障的服务器。
  • Keepalived使用VRRP协议实现故障转换

2.特点

  • 解决服务器单点故障问题

  • 支持服务器健康状态检查和故障切换

3.VRRP(虚拟路由冗余协议)

  • 将多个设备组成一个备份组

  • 通过公用的虚拟IP对外提供服务

  • 同一时刻只有一台设备提供服务,其余设备处于冗余状态

  • 当当前在线设备故障后,由其他设备根据优先级自动替换虚拟IP

二、LVS_DR+Keepalived案例


环境准备:

服务器名称 作用 IP地址
Web01 第一台网站服务器 192.168.1.10
Web02 第二台网站服务器 192.168.1.20
Lvs_ha01 第一台网站负载均衡和高可用服务器 192.168.1.100
Lvs_ha02 第二台网站负载均衡和高可用服务器 192.168.1.200
Gateway 网关(代替路由器) 192.168.1.1
  • 群集VIP(virtual IP)地址:192.168.1.254

五台服务器,两台Web、两台LVS,都一块网卡设置为vmnet1;剩余一台为网关,需两块网卡,第一块vmnnet1、第二块桥接

部署Web-1

1.配置IP地址

vim /etc/sysconfig/network-scrips/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=192.168.1.10
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
cp /etc/sysconfig/network-scrips/ifcfg-lo /etc/sysconfig/network-scrips/ifcfg-lo:0
vim /etc/sysconfig/network-scrips/ifcfg-lo:0
DEVICE=lo:0
ONBOOT=yes
IPADDR=192.168.1.254
NETMASK=255.255.255.255
/etc/init.d/network restart

2.配置安装YUM

rm -rf /etc/yum.repos.d/*
vim /etc/yum.repos.d/local.repo
[local]
name=local
baseurl=file:///mnt
gpgcheck=0
mount /dev/cdrom /mnt

3.部署httpd

yum -y install httpd && echo "This is Web1" >/var/www/html/index.html
/etc/init.d/httpd start && chkconfig --level 35 httpd on

4.修改内核参数和路由

vim /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
sysctl -p
route add -host 192.168.1.254 dev lo:0 && echo "route add -host 192.168.1.254 dev lo:0" >>/etc/rc.local

部署Web-2

1.配置IP地址

vim /etc/sysconfig/network-scrips/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=192.168.1.20
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
cp /etc/sysconfig/network-scrips/ifcfg-lo /etc/sysconfig/network-scrips/ifcfg-lo:0
vim /etc/sysconfig/network-scrips/ifcfg-lo:0
DEVICE=lo:0
ONBOOT=yes
IPADDR=192.168.1.254
NETMASK=255.255.255.255
/etc/init.d/network restart

2.配置安装YUM

rm -rf /etc/yum.repos.d/*
vim /etc/yum.repos.d/local.repo
[local]
name=local
baseurl=file:///mnt
gpgcheck=0
mount /dev/cdrom /mnt

3.部署httpd

yum -y install httpd && echo "This is Web2" >/var/www/html/index.html
/etc/init.d/httpd start && chkconfig --level 35 httpd on

4.修改内核参数和路由

vim /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
sysctl -p
route add -host 192.168.1.254 dev lo:0 && echo "route add -host 192.168.1.254 dev lo:0" >>/etc/rc.local

部署LVS+HA-1

1.配置IP

vim /etc/sysconfig/network-scrips/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=192.168.1.100
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
/etc/init.d/network restart

2.配置YUM并安装依赖包

rm -rf /etc/yum.repos.d/*
vim /etc/yum.repos.d/local.repo
[local]
name=local
baseurl=file:///mnt
gpgcheck=0
mount /dev/cdrom /mnt
yum -y install kernel-devel openssl-devel popt-devel  ipvsadm

3.安装keepalived

tar zxvf keepalived-1.2.2.tar.gz -C /usr/src/
cd /usr/src/keepalived-1.2.2/
./configure --prefix=/ --with-kernel-dir=/usr/src/kernels/2.6.32-431.el6.x86_64/
make &&make install
chkconfig --add keepalived && chkconfig keepalived on

4.编辑HA配置文件

vim /etc/keepalived/keepalived.conf
global_defs {
    router_id HA_TEST_R1	##本服务器的名称
}
vrrp_instance VI_1 {		##定义VRRP热备实例
    state MASTER		##MASTER表示主服务器
    interface eth0		##承载VIP地址的物理接口
    virtual_router_id 1		##虚拟路由器的ID号
    priority 100		##优先级,数值越大优先级越高
    advert_int 1		##通告间隔秒数(心跳频率)
    authentication {		##认证信息
        auth_type PASS		##认证类型
        auth_pass 123456	##密码字串
    }
    virtual_ipaddress {
  192.168.1.254		##指定漂移地址(VIP)
    }
virtual_server 192.168.1.254 80 {
        delay_loop 15		##检测时间间隔
        lb_algo rr		##LVS调度算法
        lb_kind DR		##LVS的模式
        protocol TCP
real_server 192.168.1.10 80 {
        weight 1		##权值
        TCP_CHECK {
                connect_port 80		##健康检查端口
                connect_timeout 3	##连接超时时间
                nb_get_retry 3		##重连次数
                delay_before_retry 4	##重连时间
                }
        }
real_server 192.168.1.20 80 {
        weight 1
        TCP_CHECK {
                connect_port 80
                connect_timeout 3
                nb_get_retry 3
                delay_before_retry 4
                }
        }
}

5.加载lvs模块

modprobe ip_vs && echo "modprobe ip_vs" >>/etc/rc.local

部署LVS+HA-2

1.配置IP

vim /etc/sysconfig/network-scrips/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=192.168.1.200
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
/etc/init.d/network restart

2.配置YUM并安装依赖包

rm -rf /etc/yum.repos.d/*
vim /etc/yum.repos.d/local.repo
[local]
name=local
baseurl=file:///mnt
gpgcheck=0
mount /dev/cdrom /mnt
yum -y install kernel-devel openssl-devel popt-devel  ipvsadm

3.安装keepalived

tar zxvf keepalived-1.2.2.tar.gz -C /usr/src/
cd /usr/src/keepalived-1.2.2/
./configure --prefix=/ --with-kernel-dir=/usr/src/kernels/2.6.32-431.el6.x86_64/
make &&make install
chkconfig --add keepalived && chkconfig keepalived on

4.编辑HA配置文件

scp root@192.168.1.100:/etc/keepalived/keepalived.conf /etc/keepalived/
vim /etc/keepalived/keepalived.conf
global_defs {
    router_id HA_TEST_R2	##本服务器的名称
}
vrrp_instance VI_1 {		##定义VRRP热备实例
    state BACKUP		##MASTER表示主服务器,BACKUP代表从
    priority 60			##优先级,数值越大优先级越高

5.加载lvs模块

modprobe ip_vs && echo "modprobe ip_vs" >>/etc/rc.local

Gateway(充当连接公网的路由器)

1.配置IP

vim /etc/sysconfig/network-scrips/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=192.168.1.1
NETMASK=255.255.255.0
cp /etc/sysconfig/network-scrips/ifcfg-eth0 /etc/sysconfig/network-scrips/ifcfg-eth1
vim /etc/sysconfig/network-scrips/ifcfg-eth1
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=dhcp
/etc/init.d/network restart

2.开启路由转发

vim /etc/sysctl.conf
 7 net.ipv4.ip_forward = 1
sysctl -p

3.编写防火墙规则

/etc/init.d/iptables stop
iptables -t nat -I PREROUTING -d 192.168.10.139 -i eth1 (公网接口) -p tcp --dport 80 -j DNAT --to-destination 192.168.1.254:80
/etc/init.d/iptables save && chkconfig --level 35 iptables on

访问测试

HA1:/etc/init.d/keepalived restart

HA2:/etc/init.d/keepalived restart //重启keepalived服务

IE:http://192.168.10.139 //访问公网地址测试故障转移