高可用集群KEEPALIVED
Keepalived 是一款专为 高可用性(High Availability, HA)集群 设计的开源工具,核心功能是通过 VRRP(虚拟路由冗余协议) 实现虚拟 IP(VIP)的自动故障转移,确保关键服务在主节点宕机时快速切换至备用节点,避免服务中断。以下从核心机制、工作原理、典型应用及部署要点展开说明:
一、核心机制:VRRP 协议
VRRP(Virtual Router Redundancy Protocol,虚拟路由冗余协议)是 IETF 标准(RFC 3768),用于解决单一路由器故障导致的网络中断问题。其核心思想是将多台物理路由器组成一个 虚拟路由器组,对外暴露一个虚拟 IP(VIP),客户端仅感知 VIP,无需关心具体物理路由器的切换。
-
角色划分:
- Master(主节点):实际持有 VIP,负责处理所有流量。
- Backup(备份节点):监控 Master 状态,当 Master 失效时接管 VIP。
- Virtual Router(虚拟路由器):逻辑概念,由 Master 或 Backup 代表,对外提供 VIP 服务。
-
选举规则:
- 组内节点通过优先级(Priority,默认 100,范围 1-255)选举 Master,优先级高者胜出。
- 若优先级相同,IP 地址较大的节点成为 Master。
- Master 定期发送 心跳报文(Advertisement) 告知 Backup 自身存活(默认间隔 1 秒)。
- Backup 若超时(默认 3 倍心跳间隔,即 3 秒)未收到心跳,则触发切换,成为新 Master。
二、Keepalived 的工作原理
Keepalived 基于 VRRP 协议扩展,不仅实现网络层的冗余,还支持 应用层健康检查,确保服务真正可用(而非仅节点存活)。
1. 核心组件
- VRRP 实例(VRRP Instance):定义一组参与高可用的节点(Master/Backup),关联虚拟 IP(VIP)。
- 健康检查脚本(vrrp_script):自定义脚本(如检查 Nginx 进程、MySQL 端口、HTTP 接口等),用于监控应用服务状态。若检查失败,可将节点标记为“不可用”,触发优先级调整或切换。
- 通知脚本(Notify):在状态切换(如 Master→Backup 或 Backup→Master)时触发,用于执行自定义操作(如发送告警、同步配置)。
2. 典型流程
- 初始化:各节点启动 Keepalived,读取配置文件,加入同一 VRRP 实例组。
- 选举 Master:根据优先级选出 Master,绑定 VIP 到本地网卡(通常为
lo
接口)。 - 流量转发:客户端请求 VIP,由 Master 节点处理(实际流量通过本地路由转发至后端服务)。
- 健康监控:
- VRRP 层:Backup 持续监听 Master 的心跳报文。
- 应用层:Master 运行
vrrp_script
检查服务状态(如check_script
定期执行curl http://localhost
),若失败则降低自身优先级(或直接退出),触发 Backup 接管。
- 故障切换:当 Master 心跳中断或应用服务不可用时,Backup 提升为 Master,绑定 VIP,接管流量;原 Master 恢复后重新加入组,成为 Backup(默认不抢占,需配置
nopreempt
或调整优先级)。
三、典型应用场景
Keepalived 适用于需要 单点冗余 的服务,常见场景包括:
- 负载均衡器冗余:如 Nginx、HAProxy 双机热备,避免负载均衡器成为单点。
- 数据库主节点冗余:配合主从复制(如 MySQL 主从),当主库宕机时,Keepalived 切换 VIP 至新主库(需结合中间件或脚本实现自动主从切换)。
- API 服务器高可用:Web 服务集群前端部署 Keepalived,确保入口 IP 持续可用。
四、实验
1、前期的配置与安装
[root@KA1 ~]# dnf install keepalived -y[root@KA1 ~]# systemctl start keepalived
#配置master端[root@KA1 ~]# vim /etc/keepalived/keepalived.conf! Configuration File for keepalivedglobal_defs { notification_email { 594233887@qq.com } notification_email_from keepalived@KA1.timinglee.org smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id KA1.timinglee.org vrrp_skip_check_adv_addr #vrrp_strict #nft list ruleset vrrp_garp_interval 1vrrp_gna_interval 1 vrrp_mcast_group4 224.0.0.18}vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 20 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.25.254.100/24 dev eth0 label eth0:0 }}配置slave端[root@KA2 ~]# vim /etc/keepalived/keepalived.conf! Configuration File for keepalivedglobal_defs { notification_email { 594233887@qq.com } notification_email_from keepalived@timinglee.org smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id KA2.timinglee.org vrrp_skip_check_adv_addr #vrrp_strict vrrp_garp_interval 1 vrrp_gna_interval 1 vrrp_mcast_group4 224.0.0.18}vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 20 #相同id管理同一个虚拟路由 priority 80 #低优先级 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.25.254.100/24 dev eth0 label eth0:0 }}#检测配置文件语法[root@KA1 ~]# keepalived -t -f /etc/keepalived/keepalived.conf
测试[root@KA2 ~]# tcpdump -i eth0 -nn host 224.0.0.18dropped privs to tcpdumptcpdump: verbose output suppressed, use -v[v]... for full protocol decodelistening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes22:48:23.294894 IP 172.25.254.20 > 224.0.0.18: VRRPv2, Advertisement, vrid 20, prio 100, authtype none, intvl 1s, length 2022:48:24.084793 IP 172.25.254.30 > 224.0.0.18: VRRPv2, Advertisement, vrid 30, prio 80, authtype none, intvl 1s, length 2022:48:24.295075 IP 172.25.254.20 > 224.0.0.18: VRRPv2, Advertisement, vrid 20, prio 100, authtype none, intvl 1s, length 2022:48:25.085256 IP 172.25.254.30 > 224.0.0.18: VRRPv2, Advertisement, vrid 30, prio 80, authtype none, intvl 1s, length 2022:48:25.296296 IP 172.25.254.20 > 224.0.0.18: VRRPv2, Advertisement, vrid 20, prio 100, authtype none, intvl 1s, length 2022:48:26.085843 IP 172.25.254.30 > 224.0.0.18: VRRPv2, Advertisement, vrid 30, prio 80, authtype none, intvl 1s, length 20关闭KA1后再看组播信息
2、独立keepalived日志
[root@KA1 ~]# vim /etc/sysconfig/keepalivedKEEPALIVED_OPTIONS=\"-D -S 6\" #日志级别为0-7[root@ka1 ~]#vim /etc/rsyslog.conflocal6.* /var/log/keepalived.log [root@ka1 ~]#systemctl restart keepalived.service rsyslog.service [root@ka1 ~]#tail -f /var/log/keepalived.log Apr 14 09:25:51 ka1 Keepalived_vrrp[1263]: Sending gratuitous ARP on eth0 for10.0.0.10Apr 14 09:25:51 ka1 Keepalived_vrrp[1263]: Sending gratuitous ARP on eth0 for10.0.0.10Apr 14 09:25:51 ka1 Keepalived_vrrp[1263]: Sending gratuitous ARP on eth0 for10.0.0.10Apr 14 09:25:51 ka1 Keepalived_vrrp[1263]: Sending gratuitous ARP on eth0 for10.0.0.10Apr 14 09:25:56 ka1 Keepalived_vrrp[1263]: Sending gratuitous ARP on eth0 for10.0.0.10Apr 14 09:25:56 ka1 Keepalived_vrrp[1263]: (VI_1) Sending/queueing gratuitous ARPs on eth0 for 10.0.0.10Apr 14 09:25:56 ka1 Keepalived_vrrp[1263]: Sending gratuitous ARP on eth0 for10.0.0.10Apr 14 09:25:56 ka1 Keepalived_vrrp[1263]: Sending gratuitous ARP on eth0 for10.0.0.10Apr 14 09:25:56 ka1 Keepalived_vrrp[1263]: Sending gratuitous ARP on eth0 for10.0.0.10Apr 14 09:25:56 ka1 Keepalived_vrrp[1263]: Sending gratuitous ARP on eth0 for10.0.0.10
3、独立子配置文件
[root@KA1 ~]# mkdir /etc/keepalived/conf.d[root@KA1 ~]# vim /etc/keepalived/keepalived.conf! Configuration File for keepalivedglobal_defs { notification_email { 594233887@qq.com } notification_email_from keepalived@KA1.timinglee.org smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id KA1.timinglee.org vrrp_skip_check_adv_addr vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0 vrrp_ipsets keepalived vrrp_iptables}include /etc/keepalived/conf.d/*.conf #相关子配置文件[root@KA1 ~]# vim /etc/keepalived/conf.d/router.confvrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 20 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.25.254.100/24 dev eth0 label eth0:0 }}
4、实现master/slave的 Keepalived 单主架构
MASTER配置[root@KA1 ~]# vim /etc/keepalived/keepalived.conf! Configuration File for keepalivedglobal_defs { notification_email { 594233887@qq.com} notification_email_from keepalived@KA1.timinglee.org smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id KA1.timinglee.org vrrp_skip_check_adv_addr #vrrp_strict #添加此选项无法访问vip,可以用nft list ruleset查看 vrrp_garp_interval 1 vrrp_gna_interval 1 vrrp_mcast_group4 224.0.0.18}vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 20 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.25.254.100/24 dev eth0 label eth0:0 }}BACKUP配置#配置文件和master基本一致,只需修改三行[root@KA2 ~]# vim /etc/keepalived/keepalived.conf! Configuration File for keepalivedglobal_defs { notification_email { 594233887@qq.com } notification_email_from keepalived@timinglee.org smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id KA2.timinglee.org vrrp_skip_check_adv_addr #vrrp_strict vrrp_garp_interval 1 vrrp_gna_interval 1 vrrp_mcast_group4 224.0.0.18}vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 20 #相同id管理同一个虚拟路由 priority 80 #低优先级 advert_int authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.25.254.100/24 dev eth0 label eth0:0 }}抓包观察tcpdump -i eth0 -nn host 224.0.0.18
5、抢占模式和非抢占模式
非抢占模式 nopreempt#ka1主机配置vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 20 priority 100 #优先级高 nopreempt #非抢占模式 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.25.254.100/24 dev eth0 label eth0:0 }} #KA2主机配置vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 20 priority 80 #优先级低 advert_int 1 nopreempt #非抢占模式 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.25.254.100/24 dev eth0 label eth0:0 }}
抢占延迟模式 preempt_delay#ka1主机配置vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 20 priority 100 #优先级高 preempt_delay 10 #抢占延迟10s advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.25.254.100/24 dev eth0 label eth0:0 }} #KA2主机配置vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 20 priority 80 #优先级低 advert_int 1 preempt_delay 10 #抢占延迟10S authentication { auth_type PASS auth_pass 1111} virtual_ipaddress { 172.25.254.100/24 dev eth0 label eth0:0 }}
6、VIP单播配置
#master 主机配置[root@KA1 ~]# vim /etc/keepalived/keepalived.conf! Configuration File for keepalivedglobal_defs { notification_email { 594233887@qq.com } notification_email_from keepalived@KA1.timinglee.org smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id KA1.timinglee.org vrrp_skip_check_adv_addr #vrrp_strict #注释此参数,与vip单播模式冲突 vrrp_garp_interval 1 vrrp_gna_interval 1 vrrp_ipsets keepalived}vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 20 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.25.254.100/24 dev eth0 label eth0:0 } unicast_src_ip 172.25.254.20 #本机IP unicast_peer { 172.25.254.30 #指向对方主机IP #如果有多个keepalived,再加其它节点的IP }}##在slave主机中[root@KA2 ~]# vim /etc/keepalived/keepalived.conf ! Configuration File for keepalivedglobal_defs { notification_email { 594233887@qq.com } notification_email_from keepalived@KA1.timinglee.org smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id KA1.timinglee.org vrrp_skip_check_adv_addr #vrrp_strict #注释此参数,与vip单播模式冲突 vrrp_garp_interval 0 vrrp_gna_interval 0 vrrp_ipsets keepalived}vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 20 priority 80 advert_int 1 preempt_delay 60 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.25.254.100/24 dev eth0 label eth0:0 }unicast_src_ip 172.25.254.30 #本机ip unicast_peer { 172.25.254.20 #对端主机IP }}
[root@KA1 ~]# tcpdump -i eth0 -nn src host 172.25.254.20 and dst 172.25.254.30dropped privs to tcpdumptcpdump: verbose output suppressed, use -v[v]... for full protocol decodelistening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes00:20:16.150917 IP 172.25.254.20 > 172.25.254.30: VRRPv2, Advertisement, vrid 20, prio 100, authtype simple, intvl 1s, length 2000:20:17.151569 IP 172.25.254.20 > 172.25.254.30: VRRPv2, Advertisement, vrid 20, prio 100, authtype simple, intvl 1s, length 2000:20:18.151754 IP 172.25.254.20 > 172.25.254.30: VRRPv2, Advertisement, vrid 20, prio 100, authtype simple, intvl 1s, length 2000:20:19.152290 IP 172.25.254.20 > 172.25.254.30: VRRPv2, Advertisement, vrid 20, prio 100, authtype simple, intvl 1s, length 20[root@KA2 ~]# tcpdump -i eth0 -nn src 172.25.254.30 and dst 172.25.254.20dropped privs to tcpdumptcpdump: verbose output suppressed, use -v[v]... for full protocol decodelistening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes00:20:50.853174 IP 172.25.254.30 > 172.25.254.20: VRRPv2, Advertisement, vrid 30, prio 80, authtype simple, intvl 1s, length 2000:20:51.853798 IP 172.25.254.30 > 172.25.254.20: VRRPv2, Advertisement, vrid 30, prio 80, authtype simple, intvl 1s, length 20
7、实现 Keepalived 状态切换的通知脚本
创建通知脚本[root@KA1 ~]# vim /etc/keepalived/mail.sh#!/bin/bashmail_dest=\'594233887@qq.com\'mail_send(){ mail_subj=\"$HOSTNAME to be $1 vip 转移\" mail_mess=\"`date +%F\\ %T`: vrrp 转移,$HOSTNAME 变为 $1\" echo \"$mail_mess\" | mail -s \"$mail_subj\" $mail_dest}case $1 in master) mail_send master ;; backup) mail_send backup ;; fault) mail_send fault ;; *) exit 1 ;;esac安装邮件发送工具[root@KA2 ~]# dnf install mailx -yQQ邮箱配置[root@KA1 ~]# vim /etc/mail.rc#######mail set##########set smtp=smtp.163.comset smtp-auth=loginset smtp-auth-user=timinglee_zln@163.comset smtp-auth-password=TAb9vYbWevbPtN4mset from=timinglee_zln@163.comset ssl-verify=ignore 发送测试邮件[root@KA1 ~]# dnf install s-nail sendmail -y[root@KA1 ~]# systemctl enable --now sendmail.service[root@KA1 ~]# echo test message |mail -s test 594233887@qq.com
#在所有 keepalived节点配置如下[root@KA1 + KA2 ~]# vim /etc/keepalived/mail.sh#!/bin/bashmail_dest=\'594233887@qq.com\'mail_send(){ mail_subj=\"$HOSTNAME to be $1 vip 转移\" mail_mess=\"`date +%F\\ %T`: vrrp 转移,$HOSTNAME 变为 $1\" echo \"$mail_mess\" | mail -s \"$mail_subj\" $mail_dest}case $1 in master) mail_send master ;; backup) mail_send backup ;; fault) mail_send fault ;; *) exit 1 ;;esac[root@KA1 +KA2 ~]# chmod +x /etc/keepalived/mail.sh[root@KA1 +K2 ~]#vim /etc/keepalived/keepalived.confglobal_defs { notification_email { timinglee_zln@163.com } notification_email_from timinglee@timinglee.orgsmtp_server 127.0.0.1 smtp_connect_timeout 30 router_id KA1.timinglee.org vrrp_skip_check_adv_addr #vrrp_strict vrrp_garp_interval 1 vrrp_gna_interval 1 enable_script_security #开启keepalived执行脚本功能 script_user root #指定脚本执行用户身份}vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 20 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.25.254.100/24 dev eth0 label eth0:0 } unicast_src_ip 172.25.254.20 unicast_peer { 172.25.254.30 } notify_master \"/etc/keepalived/mail.sh master\" notify_backup \"/etc/keepalived/mail.sh backup\" notify_fault \"/etc/keepalived/mail.sh fault\"}#模拟master故障[root@ka1-centos8 ~]#killall keepalived测试:在浏览器中观察邮件即可
8、实现 master/master 的 Keepalived 双主架构
#ha1主机配置[root@rhel7-ka1 ~]# vim /etc/keepalived/keepalived.conf@@@@ 内容省略 @@@@vrrp_instance VI_1 { state MASTER #主 interface ens33 virtual_router_id 50 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.25.254.50 dev ens33 label ens33:0 }}vrrp_instance VI_60 { state BACKUP #备 interface ens33 virtual_router_id 60 priority 80 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.25.254.60 dev ens33 label ens33:1 }}#ka2主机配置,和ka1配置只需五行不同[root@rhel7-ka2 ~]# vim /etc/keepalived/keepalived.conf@@@@ 内容省略 @@@@vrrp_instance VI_1 { state BACKUP #备 interface ens33 virtual_router_id 50 priority 80 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.25.254.50 dev ens33 label ens33:0 }}vrrp_instance VI_60 { state MASTER #主 interface ens33v virtual_router_id 60 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111} virtual_ipaddress { 172.25.254.60 dev etho label eth0:1 }}
9、实 现 I P V S 的 高 可 用 性-实现单主的 LVS-DR 模式
#准备两台后端RS主机[root@rs1 ~]# yum install httpd -y[root@rs1 ~]# echo RS1 - 172.25.254.101 > /var/www/html/index.html[root@rs1 ~]# ip addr add 172.25.254.100/32 dev lo[root@rs1 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore[root@rs1 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore[root@rs1 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce[root@rs2 ~]# yum install httpd -y[root@rs1 ~]# echo RS1 - 172.25.254.101 > /var/www/html/index.html[root@rs2 ~]# ip addr add 172.25.254.100/32 dev lo[root@rs2 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore[root@rs2 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore[root@rs2 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce[root@node30 ~]# yum install httpd -y[root@node30 ~]# echo RS1 - 172.25.254.101 > /var/www/html/index.html[root@node30 ~]# ip addr add 172.25.254.100/32 dev lo[root@node30 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore[root@node30 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore[root@node30~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
配置keepalived#ka1节点的配置[root@rhel7-ka1 ~]# vim /etc/keepalived/keepalived.conf@@@@ 省略内容 @@@@virtual_server 172.25.254.100 80 { delay_loop 6 lb_algo wrr lb_kind DR protocol TCP sorry_server 172.25.254.30 real_server 172.25.254.101 80 { weight 1 TCP_CHECK { connect_timeout 5 retry 3 delay_before_retry 3 connect_port 80 } } real_server 172.25.254.102 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 1 retry 3 delay_before_retry 1 } }}#ka2节点的配置,配置和ka1基本相同,只需修改三行[root@rhel7-ka2 ~]# vim /etc/keepalived/keepalived.conf@@@@ 省略内容 @@@@virtual_server 172.25.254.100 80 { delay_loop 6 lb_algo wrr lb_kind DR protocol TCP sorry_server 172.25.254.30 real_server 172.25.254.101 80 { weight 1 TCP_CHECK { connect_timeout 5 retry 3 delay_before_retry 3 connect_port 80 } } real_server 172.25.254.102 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 1 retry 3 delay_before_retry 1 } }}
[Administrator.WIN-20240602BIS] ➤ for i in {1..6}; do curl 172.25.254.100; doneRS1 - 172.25.254.101RS2 - 172.25.254.102RS1 - 172.25.254.101RS2 - 172.25.254.102RS1 - 172.25.254.101RS2 - 172.25.254.102[root@rhel7-ka1 ~]# ipvsadm -LnIP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConnTCP 172.25.254.100:80 wrr -> 172.25.254.101:80 Route 1 0 6 -> 172.25.254.102:80 Route 1 0 6
模拟故障#第一台RS1故障,自动切换至RS2[root@rs1 ~]# systemctl stop httpd #当RS1故障[Administrator.WIN-20240602BIS] ➤ for i in {1..6}; do curl 172.25.254.100; done #全部流浪被定向到RS2中RS2 - 172.25.254.102RS2 - 172.25.254.102RS2 - 172.25.254.102RS2 - 172.25.254.102RS2 - 172.25.254.102RS2 - 172.25.254.102[root@rhel7-ka1 ~]# ipvsadm -LnIP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConnTCP 172.25.254.100:80 wrr -> 172.25.254.102:80 Route 1 0 12 #RS1被踢出保留RS2#后端RS服务器都故障,启动Sorry Server[root@rs2 ~]#systemctl stop httpd[Administrator.WIN-20240602BIS] ➤ for i in {1..6}; do curl 172.25.254.100; donesorry serversorry serversorry serversorry serversorry serversorry server[root@rhel7-ka1 ~]# ipvsadm -LnIP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConnTCP 172.25.254.100:80 wrr -> 172.25.254.30:80 Route 1 0 3#陆续启动RS1 RS2[root@rhel7-ka1 ~]# ipvsadm -LnIP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConnTCP 172.25.254.100:80 wrr -> 172.25.254.101:80 Route 1 0 3 -> 172.25.254.102:80 Route 1 0 9#ka1故障,自动切换至ka2[root@rhel7-ka1 ~]# systemctl stop keepalived.service[root@rhel7-ka2 ~]# ipvsadm -LnIP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConnTCP 172.25.254.100:80 wrr -> 172.25.254.101:80 Route 1 0 0 -> 172.25.254.102:80 Route 1 0 0
9、双主分别实现httpd和mysql服务的调度
准备实验素材在RS1和RS2中准备httpd和mysql环境在RS1中:[root@rs1 ~]# ip addr add 172.25.254.200/32 dev lo[root@rs1 ~]# yum install mariadb-server -yroot@rs1 ~]# vim /etc/my.cnfserver-id=1[root@rs1 ~]# systemctl enable --now mariadb[root@rs1 ~]# mysql -e \"grant ALL on *.* to lee@\'%\' identified by \'lee\'\"[root@rs1 ~]# mysql -ulee -plee -h172.25.254.101 -e \'select @@server_id\'+-------------+| @@server_id |+-------------+| 1 |+-------------+在RS2中:[root@rs2 ~]# ip addr add 172.25.254.200/32 dev lo[root@rs2 ~]# yum install mariadb-server -y[root@rs2 ~]# vim /etc/my.cnfserver-id=2[root@rs2 ~]# systemctl enable --now mariadb[root@rs2 ~]# mysql -e \"grant ALL on *.* to lee@\'%\' identified by \'lee\'\"[root@rs2 ~]# mysql -ulee -plee -h172.25.254.102 -e \'select @@server_id\'+-------------+| @@server_id |+-------------+| 2 |+-------------+#配置双主模式[root@rhel7-ka1 ~]# vim /etc/keepalived/keepalived.confvrrp_instance web { state MASTER interface ens33 virtual_router_id 100 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.25.254.100 dev ens33 label ens33:0 }}vrrp_instance sql { state BACKUP interface ens33 virtual_router_id 200 priority 80 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.25.254.200 dev ens33 label ens33:1 }}include \"/etc/keepalived/conf.d/web.conf\"include \"/etc/keepalived/conf.d/sql.conf\"[root@rhel7-ka1 ~]# vim /etc/keepalived/conf.d/web.confvirtual_server 172.25.254.100 80 { delay_loop 6 lb_algo wrr lb_kind DR protocol TCP sorry_server 172.25.254.30 80 real_server 172.25.254.101 80 { weight 1 TCP_CHECK { connect_timeout 5 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } real_server 172.25.254.102 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 1 nb_get_retry 3 delay_before_retry 1 } }}[root@rhel7-ka1 ~]# vim /etc/keepalived/conf.d/sql.confvirtual_server 172.25.254.200 3306 { delay_loop 3 lb_algo rr lb_kind DR protocol TCP real_server 172.25.254.101 3306 { weight 1 TCP_CHECK { connect_timeout 5 retry 3 delay_before_retry 3 connect_port 3306 } } real_server 172.25.254.102 3306 { weight 1 TCP_CHECK {connect_timeout 5 nb_get_retry 3 delay_before_retry 3 connect_port 3306 } }}##在ka2中:[root@rhel7-ka2 ~]# vim /etc/keepalived/keepalived.confvrrp_instance web { state BACKUP #备机 interface eth0 virtual_router_id 50 priority 80 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.25.254.100 dev eth0 label eth0:0 }}vrrp_instance sql { state MASTER #主机 interface eth0 virtual_router_id 60 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.25.254.200 dev eth0 label eth0:1 }}include \"/etc/keepalived/conf.d/web.conf\"include \"/etc/keepalived/conf.d/sql.conf\"[root@rhel7-ka2 ~]# vim /etc/keepalived/conf.d/web.confvirtual_server 172.25.254.100 80 { delay_loop 6 lb_algo wrr lb_kind DR protocol TCP sorry_server 172.25.254.30 80 real_server 172.25.254.101 80 { weight 1 TCP_CHECK {connect_timeout 5 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } real_server 172.25.254.102 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 1 nb_get_retry 3 delay_before_retry 1 } }}[root@rhel7-ka2 ~]# vim /etc/keepalived/conf.d/web.confvirtual_server 172.25.254.200 3306 { delay_loop 3 lb_algo rr lb_kind DR protocol TCP real_server 172.25.254.101 3306 { weight 1 TCP_CHECK { connect_timeout 5 nb_get_retry 3 delay_before_retry 3 connect_port 3306 } } real_server 172.25.254.102 3306 { weight 1 TCP_CHECK { connect_timeout 5 nb_get_retry 3 delay_before_retry 3 connect_port 3306 } }} [root@rhel7-ka1 ~]# ipvsadm -LnIP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConnTCP 172.25.254.100:80 wrr -> 172.25.254.101:80 Route 1 0 0 -> 172.25.254.102:80 Route 1 0 0TCP 172.25.254.200:3306 rr-> 172.25.254.101:3306 Route 1 0 0 -> 172.25.254.102:3306 Route 1 0 0#测试[root@node30 html]# mysql -ulee -plee -h172.25.254.200 -e \'select @@server_id\'+-------------+| @@server_id |+-------------+| 2 |+-------------+[root@node30 html]# mysql -ulee -plee -h172.25.254.200 -e \'select @@server_id\'+-------------+| @@server_id |+-------------+| 1 |+-------------+[root@node30 html]# mysql -ulee -plee -h172.25.254.200 -e \'select @@server_id\'
10、利用脚本实现主从角色切换
[root@rhel7-ka1 ~]# vim /mnt/check_lee.sh#!/bin/bash[ ! -f \"/mnt/lee\" ][root@rhel7-ka1 ~]# chmod +x /mnt/check_lee.sh[root@rhel7-ka1 ~]# vim /etc/keepalived/keepalived.conf@@@@ 省略内容 @@@@vrrp_script check_lee { script \"/mnt/check_lee.sh\"interval 1 weight -30 fall 2 rise 2 timeout 2}vrrp_instance web { state MASTER interface ens33 virtual_router_id 50 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.25.254.100 dev ens33 label ens33:0 } track_script { check_lee }}[root@rhel7-ka1 ~]# touch /mnt/lee[root@rhel7-ka1 ~]# tail -f /var/log/messages
11、实现HAProxy高可用
#在两个ka1和ka2先实现haproxy的配置[root@rhel7-ka1 & ka2 ~]# vim /etc/haproxy/haproxy.cfglisten webserver bind 172.25.254.100:80 server web1 172.25.254.101:80 check server web2 172.25.254.102:80 check#在两个ka1和ka2两个节点启用内核参数[root@rhel7-ka1 & ka2 ~]# vim /etc/sysctl.conf net.ipv4.ip_nonlocal_bind = 1[root@rhel7-ka1 & ka2 ~]# sysctl -p#在ka1中编写检测脚本[root@rhel7-ka1 ~]# vim /etc/keepalived/scripts/haproxy.sh#!/bin/bash/usr/bin/killall -0 haproxy[root@rhel7-ka1 ~]# chmod +X /etc/keepalived/scripts/haproxy.sh#在ka1中配置keepalived[root@ka1-centos8 ~]#cat /etc/keepalived/keepalived.confvrrp_script check_haproxy { script \"/etc/keepalived/scripts/haproxy.sh\" interval 1 weight -30 fall 2 rise 2 timeout 2}vrrp_instance web { state MASTER interface ens33 virtual_router_id 50 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.25.254.100 dev ens33 label ens33:0 } track_script { check_haproxy }}#测试root@rhel7-ka1 ~]# systemctl stop haproxy.service