Keepalived基础

keepalived for lvs

涉及的协议：
VRRP协议
给企业路由器高可用
功能：
高可用
管理lvs 给lvs高可用

原理：

keepalived原理.png

实际配置
第一个里程：在lb01，lb02两台负载均衡上下载Keepalived服务

[root@lb01 ~]#  yum install -y keepalived

第二个里程：keepalived的配置文件详解
分为三个部分：
GLOBAL CONFIGURATION（全局定义不部分）
VRRPD CONFIGURATION （vrrp实列：类似于rsync的模块）
LVS CONFIGURATION （通过keepalived配置文件控制lvs）

[root@lb01 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {                  ---全局定义                  
    router_id lb01             ---每个keepalived软件的标记/名称
}

vrrp_instance VI_1 {           ---vrrp_instance vrrp实列部分
                               ---vrrp_instance    名字  同一对主备之间要一致
    state MASTER               --- state   状态     MASTER 主     BACKUP备
    interface eth0             ---哪块网卡
    virtual_router_id 51       ---虚拟路由id号  同一对主备之间要一致
    priority 150               --- 优先级   主备之间  50   主150   备100
    advert_int 1               ---广告间隔   1s  心跳间隔

    简单认证
    authentication {
        auth_type PASS
        auth_pass 1111
    }

    virtual_ipaddress {                  ---虚拟ip
     10.0.0.3/24 dev eth0 label eth0:1   ---dev网卡   label：标签  给网卡启个小名
    }
}

第三个里程：配置文件如何设置
需要修改的内容
router_id state priority
主配置

[root@lb01 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
    router_id lb01
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 150
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
     10.0.0.3/24 dev eth0 label eth0:1  
    }
}

备配置文件

[root@lb02 ~]# cat /etc/keepalived/keepalived.conf 
! Configuration File for keepalived

global_defs {
    router_id lb02
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
     10.0.0.3/24 dev eth0 label eth0:1  
    }
}

第四个里程：进行测试，实现vip的漂移

image.png

一、如何实时监控nginx，nginx服务停掉keepalived服务也要停掉。

1.如果nginx挂掉，keepalived也停掉，VIP漂移到另一台负载上

编写一个脚本
[root@lb01 /server/scripts]# vim chk_ngx.sh 
#!/bin/sh
count=` ps -ef |grep nginx |grep -v grep |wc -l `

if [ $count -eq 0 ] ; then
   systemctl stop keepalived
fi

2.利用keepalived进行监控nginx的状态

首先要给执行的脚本一个执行的权限
[root@lb01 /server/scripts]# chmod +x /server/scripts/chk_ngx.sh 
然后在编写配置文件
[root@lb01 /server/scripts]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
    router_id lb01
}
添加以下5行
vrrp_script chk_ngx {
  script "/server/scripts/chk_ngx.sh" 
  interval 2
  weight   1
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 150
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
     10.0.0.3/24 dev eth0 label eth0:1
    }
添加以下3行
    track_script {
   chk_ngx
    }
}

3.然后进行测试，停掉nginx，vip漂移到另一台负载上面
在lb01上执行

[root@lb01 /server/scripts]# systemctl  restart nginx 
[root@lb01 /server/scripts]# ip a |grep 0.3

vip出现在lb02上

[root@lb02 ~]# ip  a|grep 0.3
    inet 10.0.0.3/24 scope global secondary eth0:1

二、keepalived双主设置

作用：减轻负载均衡的压力

1.如何设置双主

lb01上面

! Configuration File for keepalived

global_defs {
    router_id lb01
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 150
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
     10.0.0.3/24 dev eth0 label eth0:1
    }
}

vrrp_instance VI_2 {
    state BACKUP
    interface eth0
    virtual_router_id 52
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
     10.0.0.4/24 dev eth0 label eth0:1
    }
}

修改完配置文件，查看ip

10.0.0.3.png

lb02上面

[root@lb02 ~]# vim /etc/keepalived/keepalived.conf 
! Configuration File for keepalived

global_defs {
    router_id lb02
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
     10.0.0.3/24 dev eth0 label eth0:1
    }
}

vrrp_instance VI_2 {
    state MASTER
    interface eth0
    virtual_router_id 52
    priority 150
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
     10.0.0.4/24 dev eth0 label eth0:2
    }
}

修改完配置文件，查看ip

10.0.0.4.png

2、然后修改nginx的配置文件,两台负载均衡配置文件保持一致。

[root@root]# vim /etc/nginx/nginx.conf

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    upstream web_pools {
   # ip_hash;
    server   10.0.0.7:80   weight=2   max_fails=3  fail_timeout=10s;
    server   10.0.0.8:80    weight=1   max_fails=3  fail_timeout=10s;
    }

    #include /etc/nginx/conf.d/*.conf;
     server {
     listen   80;
     server_name  www.oldboy.com;
     location / {
     if ( $remote_addr ~  "^192.168.22.") {
     return 403 "biedaoluan\n";
      }
     proxy_pass  http://web_pools;
     proxy_set_header   Host  $host;
     proxy_set_header   X-Forwarded-For   $remote_addr;
     }
}
     server {
     listen   80;
     server_name  blog.oldboy.com;
     location / {
     proxy_pass  http://web_pools;
     proxy_set_header   Host  $host;
     proxy_set_header   X-Forwarded-For   $remote_addr;
     }
}
}

配置好本地hosts解析

10.0.0.3  www.oldboy.com  
10.0.0.4  status.oldboy.com   blog.oldboy.com

停掉一台负载，在浏览器测试还能是显示
在浏览器分别测试 blog.oldboy.com www.oldboy.com

如何指定某个ip访问指定的网站

在nginx的配置文件中指定ip

    #include /etc/nginx/conf.d/*.conf;
     server {
     listen   10.0.0.3:80;    （指定ip）
     server_name  www.oldboy.com;
     location / {
     proxy_pass  http://web_pools;
     proxy_set_header   Host  $host;
     proxy_set_header   X-Forwarded-For   $remote_addr;
     }
}
     server { 
     listen  10.0.0.4:80;   （指定ip）
     server_name  blog.oldboy.com;
     location / {
     proxy_pass  http://web_pools;
     proxy_set_header   Host  $host;
     proxy_set_header   X-Forwarded-For   $remote_addr;
     }
}

检查语法是报错:

[root@lb01 /etc/nginx]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: [emerg] bind() to 10.0.0.4:80 failed (99: Cannot assign requested address)
nginx: configuration file /etc/nginx/nginx.conf test failed
nginx无法把不存在的ip进行绑定

如何解决：修改内核参数,两台负载都得修改

[root@lb01 ]   vim /etc/sysctl.conf  （在最后一行追加）
net.ipv4.ip_nonlocal_bind = 1

#生效
sysctl -p

此时 ，检查语法就不会报错了

[root@lb01 ~]# nginx -t 
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

然后进行测试
内核参数存放的路径

[root@lb01 ~]# #net.ipv4.ip_nonlocal_bind
[root@lb01 ~]# # /proc/sys/ 
[root@lb01 ~]# #net.ipv4.ip_nonlocal_bind
[root@lb01 ~]# cat /proc/sys/net/ipv4/ip_nonlocal_bind 
1
[root@lb01 ~]# echo 0  >/proc/sys/net/ipv4/ip_nonlocal_bind

如何防止脑裂
什么是脑裂：负载均衡同时出现多个VIP