Centos7部署keepalived高可用架构

简介

Keepalived的作用是检测服务器的状态，如果有一台web服务器宕机，或工作出现故障，Keepalived将检测到，并将有故障的服务器从系统中剔除，同时使用其他服务器代替该服务器的工作，当服务器工作正常后Keepalived自动将服务器加入到服务器群中，这些工作全部自动完成，不需要人工干涉，需要人工做的只是修复故障的服务器。
单播和组播
keepalived在组播模式下会向224.0.0.18发送许多无用的信息
单播模式下仅对配置中的结点发送信息，可避免干扰和冲突
脑裂
脑裂现象是在高可用部署时，多台机器同时绑定了虚拟IP地址，导致客户端在访问IP地址时造成访问混乱
通过脑裂监控脚本可防止脑裂情况的出现

前期准备

准备两台Centos7虚拟机，关闭防火墙和selinux，同步系统时间，修改IP地址和hostname

部署Nginx

#从官网获取yum源
[root@master ~]# yum install nginx -y
[root@bak ~]# yum install nginx -y

#修改首页内容以区分
[root@master ~]# vi /usr/share/nginx/html/index.html
<h1>Welcome to nginx!132</h1>
[root@bak ~]# vi /usr/share/nginx/html/index.html
<h1>Welcome to nginx!138</h1>

部署keepalived

安装软件

[root@master ~]# yum install keepalived -y
[root@bak ~]# yum install keepalived -y

修改配置文件

[root@master ~]# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#1.3+版本需要把此行注释掉才能在宿主机PING通
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
#组建vrrp实例组
vrrp_instance VI_1 {
#设置为非抢占模式
state BACKUP
interface ens33
virtual_router_id 51
#设置非抢占模式
nopreempt
#把组播改为单播模式
#发送数据包的主机地址
unicast_src_ip 192.168.29.132
#接收数据包的目的主机地址,支持多台机器
unicast_peer{
192.168.29.138
}
#设置权重
#权重大的优先成为master,权重相同时IP地址大的成为master
priority 100
advert_int 1
#设置认证
authentication {
auth_type PASS
auth_pass 1111
}
#设置虚拟IP地址,要与集群的机器处于同一网段
virtual_ipaddress {
192.168.29.100
}
}

[root@bak ~]# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#1.3+版本需要把此行注释掉才能PING通
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
#组建vrrp实例组
vrrp_instance VI_1 {
#非抢占模式
state BACKUP
interface ens33
virtual_router_id 51
#设置非抢占模式
nopreempt
#把组播改为单播模式
#发送数据包的主机地址
unicast_src_ip 192.168.29.138
#接收数据包的目的主机地址,支持多台机器
unicast_peer{
192.168.29.132
}
#权重
priority 90
advert_int 1
#认证
authentication {
auth_type PASS
auth_pass 1111
}
#设置虚拟IP地址
virtual_ipaddress {
192.168.29.100
}
}

启动服务

[root@master ~]# systemctl start keepalived.service
[root@bak ~]# systemctl start keepalived.service

#验证服务
[root@master ~]# ip a
inet 192.168.29.100/32 scope global ens33

测试验证

浏览器访问虚拟ip地址

关闭master结点的keepalived服务

[root@master ~]# systemctl stop keepalived.service

#虚拟IP飘移
[root@bak ~]# ip a
inet 192.168.29.100/32 scope global ens33

浏览器访问虚拟ip地址

重启master结点的keepalived服务
由于设置为非抢占模式，重启服务后master结点不会抢夺虚拟IP地址，因此虚拟ip依旧绑定在bak结点

配置Nginx高可用架构

编写监控Nginx脚本

[root@master ~]# vi /etc/keepalived/check_nginx.sh
#!/bin/bash
#检测Nginx状态
nginx_status=`ps -C nginx --no-header |wc -l`
if [ $nginx_status -eq 0 ]; then
systemctl stop keepalived
fi

[root@bak ~]# vi /etc/keepalived/check_nginx.sh
#!/bin/bash
#检测Nginx状态
nginx_status=`ps -C nginx --no-header |wc -l`
if [ $nginx_status -eq 0 ]; then
systemctl stop keepalived
fi

#修改权限
[root@master ~]#chmod a+x /etc/keepalived/check_nginx.sh
[root@bak ~]#chmod a+x /etc/keepalived/check_nginx.sh

修改配置文件

[root@master ~]# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
#配置检测Nginx运行情况
vrrp_script check_nginx{
script /etc/keepalived/check_nginx.sh
#设定脚本执行间隔时间
interval 3
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
nopreempt
unicast_src_ip 192.168.29.132
unicast_peer{
192.168.29.138
}
priority 100
advert_int 1
#调用检查Nginx运行情况的脚本
track_script{
check_nginx
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.29.100
}
}

[root@bak ~]# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
#配置检测Nginx运行情况
vrrp_script check_nginx{
script /etc/keepalived/check_nginx.sh
interval 3
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
nopreempt
unicast_src_ip 192.168.29.138
unicast_peer{
192.168.29.132
}
priority 90
advert_int 1
#调用检查Nginx运行情况的脚本
track_script{
check_nginx
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.29.100
}
}

#两结点重启keepalived服务

测试验证

浏览器访问虚拟ip地址

关闭master结点的Nginx服务

[root@master ~]# systemctl stop nginx.service

#查看keepalived服务情况
[root@master ~]# systemctl status keepalived.service
master Keepalived_vrrp[3937]: Stopped - used 0.008106 user time, 0.085418 system time
master Keepalived[3936]: Stopped Keepalived v2.0.10 (11/12,2018)
master systemd[1]: Stopped LVS and VRRP High Availability Monito

浏览器访问虚拟ip地址

重启服务

[root@master ~]# systemctl restart nginx.service
[root@master ~]# systemctl start keepalived.service

#非抢占模式因此虚拟ip依旧绑定在bak结点
[root@bak ~]# ip a
inet 192.168.29.100/32 scope global ens33