keepalived高可用原理
keepalived高可用对之间是通过VRRP协议通信
1、VRRP协议,中文名为虚拟路由冗余协议,VRRP的出现是为了解决静态路由的单点故障。
2、VRRP是通过一种竞选机制来将路由任务交给某台VRRP路由器的。
3、VRRP是用过IP多播的方式(默认多播地址(224.0.0.18))实现高可用对之间通信的。
4、工作时主节点发包,备节点接包,当备节点接收不到主节点发的数据包的时候,就启动接管程序,接管主节点的资源。备节点可以有多个,通过优先级竞选,但一般keepalived系统运维工作中都是一对。
5、VRRP使用了加密协议加密数据,但keepalived官方目前还是推荐使用明文的方式配置认证类型和密码。
<meta charset="utf-8">
1.准备环境
- 准备机器lb01 lb02 web01 web02
- lb01 lb02 安装软件
yum install keepalived -y
[root@lb01 nginx]# rpm -qa keepalived
keepalived-1.3.5-8.el7_6.x86_64
[root@lb02 ~]# rpm -qa keepalived
keepalived-1.3.5-8.el7_6.x86_64
2.开启服务与自启动
lb01:
[root@lb01 nginx]# systemctl start keepalived.service
[root@lb01 nginx]# systemctl enable keepalived.service
lb02:
[root@lb02 ~]# systemctl start keepalived.service
[root@lb02 ~]# systemctl enable keepalived.service
2.利用Wireshark抓包
image
随便抓个包看看:
image
3.配置文件
/etc/keepalived/keepalived.conf
image
配置文件格式:
修改前将源配置文件备份
[root@lb01 nginx]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3/24 dev eth0 label eth0:1
}
}
4.lb01与lb02的keepalived配置文件
image.png
image
测试一下
主关闭后,备接管
主恢复后,优先级高于备,自动跳转回来image
主
image
备
image
keepalived基于服务器,nginx挂了不会自动切换如何解决
1.检查状态
ps -ef |grep keepalived
关闭不了nginx服务的方法
1.restart
2\. pkill nginx
3\. restart
2.写脚本
脚本名字不要写服务的名字,如nginx.sh
检查nginx状态
nginx关闭,keepalived也关闭
[root@lb01 nginx]# vim /server/scripts/jiancha.sh
#!/bin/bash
. /etc/profile
count=` ps -ef|grep nginx |grep -v grep |wc -l `
if [ $count -eq 0 ];then
systemctl stop keepalived
fi
3.一定要给脚本添加执行权限
[root@lb01 nginx]# sh /server/scripts/jiancha.sh
4.添加函数
vrrp_script jiancha { #脚本名称
script "/server/scripts/jiancha.sh" #定义检查的脚本
interval 2 #每隔2秒执行
weight 1 #权重分配数量
track_script { #执行脚本
jiancha #脚本名称
}
5. 完整书写
[root@lb01 nginx]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_script jiancha {
script "/server/scripts/jiancha.sh"
interval 2
weight 1
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3/24 dev eth0 label eth0:1
}
track_script {
jiancha
}
}
6.测试一下
[root@lb01 nginx]# systemctl is-active nginx
active
[root@lb01 nginx]# ip a|grep 0.3
inet 10.0.0.3/24 scope global secondary eth0:1
[root@lb01 nginx]# systemctl stop nginx
[root@lb01 nginx]# ip a|grep 0.3
[root@lb01 nginx]# \\虚拟ip跳走了
[root@lb01 nginx]#
7.去lb02看一下是否跳过去了
[root@lb02 ~]# ip a|grep 0.3
inet 10.0.0.3/24 scope global secondary eth0:1
8.回到lb01把nginx和keepalived开启
[root@lb01 nginx]# systemctl start nginx
[root@lb01 nginx]# ip a|grep 0.3
[root@lb01 nginx]# systemctl start keepalived.service
[root@lb01 nginx]# ip a|grep 0.3 #间隔2秒
[root@lb01 nginx]#
[root@lb01 nginx]# ip a|grep 0.3
inet 10.0.0.3/24 scope global secondary eth0:1
#又转到主了
keepalived双主模式
image.png
修改配置文件后重启keepalived
systemctl restart keepalived
image.png
lb01的keepalived双主配置文件
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_script jiancha {
script "/server/scripts/jiancha.sh"
interval 2
weight 1
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3/24 dev eth0 label eth0:1
}
track_script {
jiancha
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.4/24 dev eth0 label eth0:2
}
}
lb02的keepalived双主配置文件
! Configuration File for keepalived
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3/24 dev eth0 label eth0:1
}
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 52
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.4/24 dev eth0 label eth0:2
}
}
让lb01和lb02的nginx配置文件相同
vim /etc/nginx/nginx.conf :
upstream web_pools {
server 10.0.0.7:80 weight=1 max_fails=3 fail_timeout=10s;
server 10.0.0.8:80 weight=1 max_fails=3 fail_timeout=10s;
}
# include /etc/nginx/conf.d/*.conf;
server {
listen 80;
server_name www.oldboy.com;
location / {
proxy_pass http://web_pools;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
server {
listen 80;
server_name blog.oldboy.com;
location / {
proxy_pass http://web_pools;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
curl一下
保证俩边的/etc/nginx/nginx.conf配置文件一样
[root@lb01 nginx]# curl 10.0.0.3
web01 www.oldboy.com
[root@lb01 nginx]# curl 10.0.0.3
web02 www.oldboy.com
[root@lb01 nginx]# curl 10.0.0.3
web01 www.oldboy.com
[root@lb01 nginx]#
[root@lb01 nginx]# curl 10.0.0.4
web01 www.oldboy.com
[root@lb01 nginx]# curl 10.0.0.4
web02 www.oldboy.com
[root@lb01 nginx]# curl 10.0.0.4
web01 www.oldboy.com
每个域名绑定对应ip
1.基于ip的虚拟主机
添加虚拟主机的ip就可以了
listen 10.0.0.3:80;
listen 10.0.0.4:80;lb01和lb02的修改相同
upstream web_pools {
server 10.0.0.7:80 weight=1 max_fails=3 fail_timeout=10s;
server 10.0.0.8:80 weight=1 max_fails=3 fail_timeout=10s;
}
# include /etc/nginx/conf.d/*.conf;
server {
listen 10.0.0.3:80; ##添加虚拟主机的ip
server_name www.oldboy.com;
location / {
proxy_pass http://web_pools;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
server {
listen 10.0.0.4:80; #添加虚拟主机的ip
server_name blog.oldboy.com;
location / {
proxy_pass http://web_pools;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
}
------------------------------------------------------------
nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
systemctl restart nginx
2.重启检查语法nginx报错问题
image
修改内核参数:net.ipv4.ip_nonlocal_bind = 1
sysctl -p #生效
[root@lb01 nginx]# tail -1 /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind = 1
[root@lb01 nginx]# sysctl -p #生效
net.ipv4.ip_nonlocal_bind = 1
[root@lb02 ~]# tail -1 /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind = 1
[root@lb02 ~]# sysctl -p #生效
net.ipv4.ip_nonlocal_bind = 1
再重启就可以了
[root@lb01 nginx]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@lb01 nginx]# systemctl restart nginx
3.内核参数修改了哪些内容
net.ipv4.ip_nonlocal_bind = 1
[root@lb01 nginx]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
[root@lb01 nginx]# #cat /proc/sys/net/ipv4/ip_nonlocal_bind
[root@lb01 nginx]# #net.ipv4.ip_nonlocal_bind = 1
[root@lb01 nginx]# cat /proc/sys/net/ipv4/ip_nonlocal_bind
1
高可用的裂脑(脑裂)问题
image
image
image
while死循环语法
[root@lb02 ~]# cat /server/scripts/chk_vip.sh
#!/bin/bash
while true
do
date
sleep 2;
done
[root@lb02 ~]# sh /server/scripts/chk_vip.sh
Mon Jun 17 12:01:19 CST 2019
Mon Jun 17 12:01:21 CST 2019
Mon Jun 17 12:01:23 CST 2019
Mon Jun 17 12:01:25 CST 2019
Mon Jun 17 12:01:27 CST 2019
Mon Jun 17 12:01:29 CST 2019
Mon Jun 17 12:01:31 CST 2019
网友评论