keepalived

Zncoro發表於2024-11-14

keepalived是什麼？

Keepalived 軟體起初是專為LVS負載均衡軟體設計的，用來管理並監控LVS叢集系統中各個服務節點的狀態，後來又加入了可以實現高可用的VRRP功能。因此，Keepalived除了能夠管理LVS軟體外，還可以作為其他服務（例如：Nginx、Haproxy、MySQL等）的高可用解決方案軟體。

Keepalived軟體主要是通過VRRP協議實現高可用功能的。VRRP是Virtual Router RedundancyProtocol(虛擬路由器冗餘協議）的縮寫，VRRP出現的目的就是為了解決靜態路由單點故障問題的，它能夠保證當個別節點當機時，整個網路可以不間斷地執行。

所以，Keepalived 一方面具有配置管理LVS的功能，同時還具有對LVS下面節點進行健康檢查的功能，另一方面也可實現系統網路服務的高可用功能。

keepalived的重要功能

keepalived 有三個重要的功能，分別是：

管理LVS負載均衡軟體
實現LVS叢集節點的健康檢查
作為系統網路服務的高可用性（failover）

keepalived高可用故障轉移的原理

Keepalived 高可用服務之間的故障切換轉移，是通過 VRRP (Virtual Router Redundancy Protocol ,虛擬路由器冗餘協議）來實現的。

在 Keepalived 服務正常工作時，主 Master 節點會不斷地向備節點傳送（多播的方式）心跳訊息，用以告訴備 Backup 節點自己還活看，當主 Master 節點發生故障時，就無法傳送心跳訊息，備節點也就因此無法繼續檢測到來自主 Master 節點的心跳了，於是呼叫自身的接管程式，接管主 Master 節點的 IP 資源及服務。而當主 Master 節點恢復時，備 Backup 節點又會釋放主節點故障時自身接管的IP資源及服務，恢復到原來的備用角色。

那麼，什麼是VRRP呢？
VRRP ,全稱 Virtual Router Redundancy Protocol ,中文名為虛擬路由冗餘協議，VRRP的出現就是為了解決靜態踣甶的單點故障問題，VRRP是通過一種競選機制來將路由的任務交給某臺VRRP路由器的。

keepalived高可用架構圖

在這裡插入圖片描述

keepalived工作原理描述

Keepalived高可用對之間是通過VRRP通訊的，因此，我們從 VRRP開始瞭解起：

VRRP,全稱 Virtual Router Redundancy Protocol,中文名為虛擬路由冗餘協議，VRRP的出現是為了解決靜態路由的單點故障。
VRRP是通過一種竟選協議機制來將路由任務交給某臺 VRRP路由器的。
VRRP用 IP多播的方式（預設多播地址（224.0_0.18))實現高可用對之間通訊。
工作時主節點發包，備節點接包，當備節點接收不到主節點發的資料包的時候，就啟動接管程式接管主節點的開源。備節點可以有多個，通過優先順序競選，但一般 Keepalived系統運維工作中都是一對。
VRRP使用了加密協議加密資料，但Keepalived官方目前還是推薦用明文的方式配置認證型別和密碼。

介紹完 VRRP,接下來再介紹一下 Keepalived服務的工作原理：

Keepalived高可用是通過 VRRP 進行通訊的， VRRP是通過競選機制來確定主備的，主的優先順序高於備，因此，工作時主會優先獲得所有的資源，備節點處於等待狀態，當主掛了的時候，備節點就會接管主節點的資源，然後頂替主節點對外提供服務。

在 Keepalived 服務之間，只有作為主的伺服器會一直髮送 VRRP 廣播包,告訴備它還活著，此時備不會槍佔主，當主不可用時，即備監聽不到主傳送的廣播包時，就會啟動相關服務接管資源，保證業務的連續性.接管速度最快可以小於1秒。

keepalived實現http負載均衡高可用

環境說明：防火牆和selinux處於關閉狀態

系統版本	主機名	IP	安裝的包
RedHat8	master(DR)	192.168.163.128	ipvsadm/keepalived
RedHat8	slave(DR)	192.168.163.134	ipvsadm/keepalived
RedHat8	RS1	192.168.163.137	httpd
RedHat8	RS2	192.168.163.136	httpd

配置RS1.RS2主機(配置相同,拿RS1舉例)

[root@RS1 yum.repos.d]# yum -y install httpd
[root@RS1 yum.repos.d]# echo 'RS1' > /var/www/html/index.html
[root@RS1 yum.repos.d]# systemctl start httpd
[root@RS1 ~]# systemctl enable --now httpd
[root@RS1 yum.repos.d]# curl http://192.168.163.137
RS1
# 配置RIP和VIP
[root@RS1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens160 
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens160
UUID=6153e8cf-1b39-4721-bfe6-d218ea4a0a3a
DEVICE=ens160
ONBOOT=yes

IPADDR=192.168.163.137
GATEWAY=192.168.163.2
NETMASK=255.255.255.0
IPADDR1=192.168.163.200
NETMASK=255.255.255.0
[root@RS1 ~]# ifdown ens160;ifup ens160
[root@RS1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:26:85:86 brd ff:ff:ff:ff:ff:ff
    inet 192.168.163.137/24 brd 192.168.163.255 scope global dynamic noprefixroute ens160
       valid_lft 1438sec preferred_lft 1438sec
    inet6 fe80::59fd:20dc:1984:fd9/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

配置host的DR

# 配置DIP
[root@host ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens160 
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO=static
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens160"
UUID="55277f22-c5f9-47ab-9c0c-8a9ef4c38b20"
DEVICE="ens160"
ONBOOT="yes"

IPADDR=192.168.163.128
NETMASK=255.255.255.0
GATEWAY=192.168.163.2
[root@host ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:11:09:89 brd ff:ff:ff:ff:ff:ff
    inet 192.168.163.128/24 brd 192.168.163.255 scope global noprefixroute ens160
       valid_lft forever preferred_lft forever
    inet6 fe80::1a2b:8882:7888:3b75/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
#新增規則
[root@host ~]# yum -y install ipvsadm
[root@host ~]# ipvsadm -A -t 192.168.163.200:80 -s rr
[root@host ~]# ipvsadm -a -t 192.168.163.200:80 -r 192.168.163.137:80 -g
[root@host ~]# ipvsadm -a -t 192.168.163.200:80 -r 192.168.163.136:80 -g
[root@host ~]# ipvsadm -Sn > /etc/sysconfig/ipvsadm
[root@host ~]#  ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.163.200:80 rr
  -> 192.168.163.136:80           Route   1      0          0         
  -> 192.168.163.137:80           Route   1      0          0

配置slave的DR

[root@slave ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens160 
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens160
UUID=ca607566-04c5-45e9-a2fa-1c124707b72a
DEVICE=ens160
ONBOOT=yes

IPADDR=192.168.163.134
NETMASK=255.255.255.0
GATEWAY=192.168.163.2
#新增規則
[root@host ~]# yum -y install ipvsadm
[root@host ~]# ipvsadm -A -t 192.168.163.200:80 -s rr
[root@host ~]# ipvsadm -a -t 192.168.163.200:80 -r 192.168.163.137:80 -g
[root@host ~]# ipvsadm -a -t 192.168.163.200:80 -r 192.168.163.136:80 -g
[root@host ~]# ipvsadm -Sn > /etc/sysconfig/ipvsadm
[root@host ~]#  ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.163.200:80 rr
  -> 192.168.163.136:80           Route   1      0          0         
  -> 192.168.163.137:80           Route   1      0          0

配置主keepalived

#安裝keepalived及相關軟體
[root@host ~]# yum -y install vim wget keepalived
#檢視安裝生成的檔案
[root@host ~]# rpm -ql keepalived
/etc/keepalived      #配置目錄
/etc/keepalived/keepalived.conf      #主配置檔案
/etc/sysconfig/keepalived
/usr/bin/genhash
/usr/lib/.build-id
/usr/lib/.build-id/1b
………………略
/usr/lib/systemd/system/keepalived.service  #服務控制檔案
………………略
#配置主配置檔案
[root@host ~]# cd /etc/keepalived/
[root@host keepalived]# cp keepalived.conf{,-bak}
[root@host keepalived]# ls
keepalived.conf  keepalived.conf-bak
[root@host keepalived]# cat keepalived.conf
! Configuration File for keepalived

global_defs {
   router_id lb01
}

vrrp_instance VI_1 {
    state MASTER
    interface ens160
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 12345678
    }
    virtual_ipaddress {
        192.168.163.200
    }
}

virtual_server 192.168.163.200 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    persistence_timeout 50
    protocol TCP

    real_server 192.168.163.137 80 {
        weight 1
        TCP_CHECK {
            connect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }

    real_server 192.168.163.136 80 {
        weight 1
        TCP_CHECK {
            connect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}

[root@host keepalived]# systemctl restart keepalived
Job for keepalived.service failed because a timeout was exceeded.
See "systemctl status keepalived.service" and "journalctl -xe" for details.

配置備keepalived

yum -y install vim wget keepalived
[root@slave ~]# cd /etc/keepalived/
[root@slave keepalived]# cp keepalived.conf{,-bak}
[root@slave keepalived]# ls
keepalived.conf  keepalived.conf-bak
[root@slave keepalived]# cat keepalived.conf
! Configuration File for keepalived

global_defs {
   router_id lb02
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens160
    virtual_router_id 51
    priority 10
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 12345678
    }
    virtual_ipaddress {
        192.168.163.200
    }
}

virtual_server 192.168.163.200 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    persistence_timeout 50
    protocol TCP

    real_server 192.168.163.137 80 {
        weight 1
        TCP_CHECK {
            connect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }

    real_server 192.168.163.136 80 {
        weight 1
        TCP_CHECK {
            connect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}

[root@slave keepalived]# systemctl enable --now keepalived
Created symlink /etc/systemd/system/multi-user.target.wants/keepalived.service → /usr/lib/systemd/system/keepalived.service.

查詢VIP位置

# 主
[root@host ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:11:09:89 brd ff:ff:ff:ff:ff:ff
    inet 192.168.163.128/24 brd 192.168.163.255 scope global noprefixroute ens160
       valid_lft forever preferred_lft forever
    inet6 fe80::1a2b:8882:7888:3b75/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

# 備
[root@slave keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:cd:5f:0e brd ff:ff:ff:ff:ff:ff
    inet 192.168.163.134/24 brd 192.168.163.255 scope global noprefixroute ens160
       valid_lft forever preferred_lft forever
    inet 192.168.163.200/32 scope global ens160
       valid_lft forever preferred_lft forever
    inet6 fe80::2fa7:e015:78cd:6952/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

keepalived（三）LVS+Keepalived
2018-09-15
keepalived（四）Keepalived+Nginx
2018-09-15
Nginx
Keepalived - Keepalived 實現 tomcat雙機熱備
2020-12-30
Tomcat
快速掌握keepalived
2023-10-13
keepalived安裝
2024-05-19
openGauss+KeepAlived
2024-04-17
LVS搭配Keepalived
2020-11-05
Keepalived 高可用
2024-06-24
keepalived配置問題
2018-10-02
keepalived（二）vip漂移
2018-09-14
KeepAlived+LVS+Nginx
2020-03-12
Nginx
keepalived 安裝部署
2024-09-14
keepalived 主備使用
2022-12-12
LVS+Keepalived群集
2020-12-13
Keepalived 高可用詳解
2023-12-25
Keepalived 原理與實戰
2020-05-24
高併發和 keepalived
2020-05-06
RabbitMQ+haProxy+keepalived使用
2020-09-01
MQ
Keepalived服務詳解
2020-09-23
mysql高可用之keepalived
2024-08-05
MySql
LVS+keepalived高可用
2022-06-08
高可用(keepalived)部署方案
2023-04-10
負載均衡之keepalived
2022-05-25
負載
nginx+keepalived高可用
2021-07-01
Nginx
keepalived高可用負載均衡
2024-04-02
負載
nginx實現keepalived高可用
2020-09-26
Nginx
Keepalived之高可用LVS叢集
2020-09-13
Keepalived部署與配置詳解
2019-04-27
keepalived + nginx 實現高可用
2022-12-14
Nginx
LVS+Keepalived高可用群集
2022-03-09
Keepalived高可用叢集部署
2023-01-27
mysql高可用衡搭建(Keepalived)
2020-12-08
MySql
Nginx&Keepalived 實現高可用
2019-02-25
Nginx
keepalived配置redis主從切換
2018-12-04
Redis
keepalived+MySQL實現高可用
2020-08-03
MySql
MySQL主主模式+Keepalived高可用
2020-10-28
MySql模式
keepalived 高可用（非搶佔式）
2024-08-04
Nginx + Keepalived 高可用叢集部署
2023-03-09
Nginx