keepalived高可用

部署环境

主服务器配置

关闭防火墙和selinux 下载keepalived

[root@localhost ~]# systemctl disable --now firewalld.service 
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# vi /etc/selinux/config 
[root@localhost ~]# reboot 
[root@master ~]# yum -y install epel-release vim wget gcc gcc-c++
安装keepalived
[root@master ~]# yum -y install keepalived

备服务器配置

关闭防火墙和selinux 下载keepalived

[root@localhost ~]# systemctl disable --now firewalld.service 
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# vi /etc/selinux/config 
[root@localhost ~]# reboot 
[root@slave ~]# yum -y install epel-release vim wget gcc gcc-c++
安装keepalived
[root@slave ~]# yum -y install keepalived
查看安装生成文件
[root@master ~]# rpm -ql keepalived
/etc/keepalived
/etc/keepalived/keepalived.conf    //配置文件
/etc/sysconfig/keepalived
/usr/bin/genhash
/usr/lib/systemd/system/keepalived.service   //服务控制文件
/usr/libexec/keepalived
/usr/sbin/keepalived
......

在主备服务器上装上httpd

主服务器

[root@master ~]# yum -y install httpd
[root@master ~]# cd /var/www/html/
[root@master html]# ls
[root@master html]# echo "master" > index.html
[root@master html]# cat index.html 
master
[root@master html]# systemctl start httpd.service 
[root@master html]# ss -antl
State       Recv-Q Send-Q Local Address:Port               Peer Address:Port              
LISTEN      0      128      *:22                   *:*                  
LISTEN      0      100    127.0.0.1:25                   *:*                  
LISTEN      0      128     :::80                  :::*                  
LISTEN      0      128     :::22                  :::*                  
LISTEN      0      100    ::1:25                  :::*             

备服务器

[root@slave ~]# yum  -y install httpd
[root@slave ~]# cd /var/www/html/
[root@slave html]# echo "slave" > index.html
[root@slave html]# cat index.html 
slave
[root@slave html]# systemctl start httpd.service
[root@slave html]# ss -antl
State       Recv-Q Send-Q Local Address:Port               Peer Address:Port              
LISTEN      0      128      *:22                   *:*                  
LISTEN      0      100    127.0.0.1:25                   *:*                  
LISTEN      0      128     :::80                  :::*                  
LISTEN      0      128     :::22                  :::*                  
LISTEN      0      100    ::1:25                  :::*                 

keepalived配置

主服务器配置

[root@master ~]# cd /etc/keepalived/
[root@master keepalived]# ls
keepalived.conf
[root@master keepalived]# cp keepalived.conf{,-bak}
[root@master keepalived]# ls
keepalived.conf  keepalived.conf-bak
[root@master keepalived]# rm -rf keepalived.conf
[root@master keepalived]# vim keepalived.conf
! Configuration File for keepalived

global_defs {
   router_id lb01
}

vrrp_instance VI_1 {
    state MASTER
    interface ens33    
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass yzy123	 	密码
    }
    virtual_ipaddress {
        192.168.136.250
    }
}

virtual_server 192.168.136.250 80 {   vip
    delay_loop 6
    lb_algo rr
    lb_kind DR
    persistence_timeout 50
    protocol TCP
    
    real_server 192.168.136.253 80 {    主服务器ip
        weight 1
        TCP_CHECK {
            connect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }

    real_server 192.168.136.129 80 {   备服务器ip
        weight 1
        TCP_CHECK {
            connect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}

[root@master keepalived]# systemctl start keepalived
[root@master keepalived]# systemctl enable keepalived
Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.

备服务器也需要配置，将keepalived文件传输到备服务器
[root@master keepalived]# scp keepalived.conf root@192.168.136.129:/etc/keepalived
The authenticity of host '192.168.136.129 (192.168.136.129)' can't be established.
ECDSA key fingerprint is SHA256:N53ckcLKoZgn3EwL09au/qdiXB2AumHWWlu2OEeM6aY.
ECDSA key fingerprint is MD5:5c:fe:17:c2:3d:f4:ea:b5:f9:52:56:ec:33:be:39:4b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.136.129' (ECDSA) to the list of known hosts.
root@192.168.136.129's password: 
keepalived.conf                        100%  883     1.5MB/s   00:00
[root@master keepalived]# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:a9:bb:12 brd ff:ff:ff:ff:ff:ff
    inet 192.168.136.253/24 brd 192.168.136.255 scope global noprefixroute dynamic ens33
       valid_lft 1188sec preferred_lft 1188sec
    inet 192.168.136.250/32 scope global ens33		虚拟ip已经生成
       valid_lft forever preferred_lft forever
    inet6 fe80::3518:b13b:4fa9:92fa/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

备服务器配置

[root@slave ~]# cd /etc/keepalived/
[root@slave keepalived]# ls
keepalived.conf
[root@slave keepalived]# vim keepalived.conf 
[root@slave keepalived]# cat keepalived.conf 
! Configuration File for keepalived

global_defs {
   router_id lb02
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens33    
    virtual_router_id 51
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass yzy123
    }
    virtual_ipaddress {
        192.168.136.250
    }
}

virtual_server 192.168.136.250 80 {   
    delay_loop 6
    lb_algo rr
    lb_kind DR
    persistence_timeout 50
    protocol TCP
    
    real_server 192.168.136.253 80 { 
        weight 1
        TCP_CHECK {
            connect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }

    real_server 192.168.136.129 80 {   
        weight 1
        TCP_CHECK {
            connect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}
[root@slave keepalived]# systemctl start keepalived
[root@slave keepalived]# systemctl enable keepalived
Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.
[root@slave keepalived]# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:14:d5:98 brd ff:ff:ff:ff:ff:ff
    inet 192.168.136.129/24 brd 192.168.136.255 scope global noprefixroute dynamic ens33
       valid_lft 986sec preferred_lft 986sec
    inet6 fe80::f549:de39:7f10:cdd6/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::3518:b13b:4fa9:92fa/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever

虚拟ip在主服务器上，说明主服务器提供的服务（面向客户端的IP地址）

测试

关闭主服务器的keepalived

[root@master keepalived]# systemctl stop keepalived
[root@master keepalived]# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:a9:bb:12 brd ff:ff:ff:ff:ff:ff
    inet 192.168.136.253/24 brd 192.168.136.255 scope global noprefixroute dynamic ens33
       valid_lft 1749sec preferred_lft 1749sec
    inet6 fe80::3518:b13b:4fa9:92fa/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
[root@master keepalived]# 
去备服务器查看
[root@slave keepalived]# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:14:d5:98 brd ff:ff:ff:ff:ff:ff
    inet 192.168.136.129/24 brd 192.168.136.255 scope global noprefixroute dynamic ens33
       valid_lft 1770sec preferred_lft 1770sec
    inet 192.168.136.250/32 scop发现vip到备服务了说明是备服务器提供的服务e global ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::f549:de39:7f10:cdd6/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::3518:b13b:4fa9:92fa/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever

发现vip到备服务了说明是备服务器提供的服务

用vip去网页查看

keepalived通过脚本来监控httpd负载均衡机的状态

主服务器编辑2个脚本

[root@master scripts]# vim check_h.sh 
[root@master scripts]# vim notify.sh 
[root@master scripts]# chmod +x check_h.sh
[root@master scripts]# chmod +x notify.sh 
[root@master scripts]# ls
check_h.sh  notify.sh
[root@master scripts]# ll
总用量 8
-rwxr-xr-x 1 root root 143 10月 22 12:08 check_h.sh
-rwxr-xr-x 1 root root 434 10月 22 12:09 notify.sh
[root@master scripts]# cat check_h.sh 
#!/bin/bash
httpd_status=$(ps -ef|grep -Ev "httpd|$0"|grep 'bhttpdb'|wc -l)
if [ $httpd_status -lt 1 ];then
    systemctl stop keepalived
fi
[root@master scripts]# cat notify.sh 
#!/bin/bash
VIP=$2
case "$1" in
  master)
        httpd_status=$(ps -ef|grep -Ev "grep|$0"|grep 'bhttpdb'|wc -l)
        if [ $httpd_status -lt 1 ];then
            systemctl start httpd
        fi
  ;;
  backup)
        httpd_status=$(ps -ef|grep -Ev "grep|$0"|grep 'bhttpdb'|wc -l)
        if [ $httpd_status -gt 0 ];then
            systemctl stop httpd
        fi
  ;;
  *)
        echo "Usage:$0 master|backup VIP"
  ;;
esac
在备服务器创建scripts目录，将notify脚本传输过去
[root@master scripts]# scp notify.sh root@192.168.136.129:/scripts
root@192.168.136.129's password: 
notify.sh                              100%  434   589.7KB/s   00:00    

备服务器编辑脚本

[root@slave ~]# mkdir /scripts
[root@slave ~]# cd /scripts/
[root@slave scripts]# ls
notify.sh
以接受到传输的脚本

主服务器

root@master ~]# systemctl restart keepalived[root@master ~]# v[im /etc/keepalived/keepalived.conf
[root@master ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   router_id lb01
}
vrrp_script httpd_check {      		添加的内容
    script "/scripts/check_h.sh"
    interval 1
    weight -20
}

vrrp_instance VI_1 {
    state MASTER
    interface ens33    
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass yzy123
    }
    
    track_script {				添加的内容
           httpd_check
    }
    notify_master "/scripts/notify.sh master 192.168.136.250" 
    notify_backup "/scripts/notify.sh backup 192.168.136.250"
}

virtual_server 192.168.136.250 80 {   
    delay_loop 6
    lb_algo rr
    lb_kind DR
    persistence_timeout 50
    protocol TCP
    
    real_server 192.168.136.253 80 { 
        weight 1
        TCP_CHECK {
            connect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }

    real_server 192.168.136.129 80 {   
        weight 1
        TCP_CHECK {
            connect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}
重启服务
[root@master ~]# systemctl restart keepalived

备服务器配置

[root@slave scripts]# vim /etc/keepalived/keepalived.conf
[root@slave scripts]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   router_id lb02
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens33    
    virtual_router_id 51
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass yzy123
    }
    virtual_ipaddress {
        192.168.136.250
    }
    notify_master "/scripts/notify.sh master 192.168.136.250" 		2行添加的内容
    notify_backup "/scripts/notify.sh backup 192.168.136.250"
}

virtual_server 192.168.136.250 80 {   
    delay_loop 6
    lb_algo rr
    lb_kind DR
    persistence_timeout 50
    protocol TCP
    
    real_server 192.168.136.253 80 { 
        weight 1
        TCP_CHECK {
            connect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }

    real_server 192.168.136.129 80 {   
        weight 1
        TCP_CHECK {
            connect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}

验证

关闭主服务器的httpd服务 ，keepalived服务也关闭了，查看ip发现vip到备服务器上了
[root@master ~]# systemctl stop httpd
[root@master ~]# ss -antl
State       Recv-Q Send-Q Local Address:Port               Peer Address:Port              
LISTEN      0      128      *:22                   *:*                  
LISTEN      0      100    127.0.0.1:25                   *:*                  
LISTEN      0      128     :::22                  :::*                  
LISTEN      0      100    ::1:25                  :::*                  
[root@master ~]# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:a9:bb:12 brd ff:ff:ff:ff:ff:ff
    inet 192.168.136.253/24 brd 192.168.136.255 scope global noprefixroute dynamic ens33
       valid_lft 1286sec preferred_lft 1286sec
    inet6 fe80::3518:b13b:4fa9:92fa/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
[root@slave scripts]# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:14:d5:98 brd ff:ff:ff:ff:ff:ff
    inet 192.168.136.129/24 brd 192.168.136.255 scope global noprefixroute dynamic ens33
       valid_lft 1427sec preferred_lft 1427sec
    inet 192.168.136.250/32 scope global ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::f549:de39:7f10:cdd6/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::3518:b13b:4fa9:92fa/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
[root@slave scripts]# 

网页使用vip访问发现提供服务的是备服务器