keepalived服务介绍
keepalived
Keepalived 是一个用于实现高可用性(HA)和负载均衡的开源工具,用 C 编写的路由软件,特别适用于 Linux 服务器。它通常与 HAProxy 等负载均衡器结合使用,以确保服务的高可用性。Keepalived 主要通过 VRRP(虚拟路由冗余协议)来实现虚拟 IP 地址的故障转移。官网
Keepalived 的主要功能
-
VRRP(Virtual Router Redundancy Protocol):
- 通过 VRRP 协议实现高可用性,多个服务器可以共享一个虚拟 IP 地址,保证在主服务器出现故障时,备用服务器能够快速接管虚拟 IP,继续提供服务。
-
健康检查:
- Keepalived 可以配置健康检查脚本,定期检测服务的状态。如果检测到服务故障,可以自动进行故障转移。
-
负载均衡:
- Keepalived 也可以实现简单的负载均衡,通过配置不同的调度算法将流量分配到多个后端服务器。
工作原理
-
VRRP 是一种网络协议,用于在多个路由器之间实现冗余,以确保当主路由器出现故障时,备用路由器可以迅速接管。Keepalived 使用 VRRP 协议实现虚拟 IP 地址的故障转移。
- 虚拟路由器:由多个物理路由器组成的一个虚拟路由器组。这个组共享一个虚拟 IP 地址(VIP),这个 VIP 是客户端用来访问服务的地址。
- 主路由器(Master):负责处理 VIP 上的所有流量。
- 备用路由器(Backup):处于待命状态,当主路由器发生故障时,备用路由器之一会接管 VIP。
Keepalived 的工作流程
- 初始化:当 Keepalived 启动时,所有配置的 VRRP 实例都会初始化。每个实例会根据配置文件设置* 初始状态(Master 或 Backup)、优先级和虚拟 IP 地址。
- 发送广告报文:主路由器定期发送 VRRP 广告报文,告知网络中的其他路由器它是主路由器。如果其他路由器在一定时间内没有收到广告报文,它们会认为主路由器失效。
- 健康检查:Keepalived 会定期运行健康检查脚本。如果主路由器的健康检查失败,Keepalived 会将其状态切换为 Backup,并停止发送广告报文。
- 故障转移:当备用路由器检测到主路由器的广告报文丢失时,它会根据优先级选举一个新的主路由器,并开始发送广告报文,同时接管虚拟 IP 地址。
- 恢复:如果主路由器恢复正常,它会重新加入 VRRP 实例。如果它的优先级高于当前的主路由器,它会重新夺回主路由器的角色。
安装配置
实验环境;Ubuntu2404
| 节点 | IP |
|---|---|
| master | 192.168.200.190 |
| node | 192.168.200.195 |
主/备模式
官网文档
这种模式下,有一个主节点(Active)和一个或多个备节点(Passive)。只有主节点处理流量,当主节点出现故障时,备节点接管。
特点:
- 简单易配置
故障转移速度快
资源利用率较低,因为备节点在正常情况下处于待命状态
双节点下载
apt install -y keepalived
systemctl enable --now keepalived
自带配置文件模板
cat /etc/keepalived/keepalived.conf.sample
配置keepalived.conf
vim /etc/keepalived/keepalived.conf
只需要配置全局和vrrp示例即可
root@master:~# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
#设置当前节点的状态,可以是 MASTER 或 BACKUP。MASTER 表示当前节点是主节点
interface eth0
#指定用于 VRRP 的网络接口,虚拟机为ens33
virtual_router_id 51
#设置 VRRP 实例的唯一标识符。这个 ID 在同一 VRRP 实例中必须唯一
priority 100
#设置节点的优先级,值范围是 1 到 254。优先级较高的节点更有可能成为主节点
advert_int 1
#设置 VRRP 广告的间隔时间(秒)。主节点每隔此时间广播一次 VRRP 广告
authentication {
#配置 VRRP 实例的认证信息,以确保只有授权的节点能参与 VRRP 选举
auth_type PASS
#auth_type: 认证类型,这里使用 PASS(简单密码认证)
auth_pass 1111
#auth_pass: 认证密码
}
virtual_ipaddress {
#配置要绑定到虚拟路由器的 IP 地址。所有参与此 VRRP 实例的节点共享这些 IP 地址
192.168.200.16
192.168.200.17
192.168.200.18
}
}
开始配置前需要开启参数;允许将非本地 IP 地址绑定到本地网络接口上。这个参数对于使用虚拟 IP 地址(VIP)和实现高可用性(如 Keepalived)特别重要
echo "net.ipv4.ip_nonlocal_bind=1" | tee -a /etc/sysctl.conf
sysctl -p
开始配置主节点
root@master:~# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 101
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.200.199/24
}
}
systemctl restart keepalived
配置备用节点
root@node:~# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.200.199/24
}
}
systemctl restart keepalived
主节点验证查看
root@master:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:5f:fb:01 brd ff:ff:ff:ff:ff:ff
altname enp2s1
inet 192.168.200.190/24 brd 192.168.200.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.200.199/24 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe5f:fb01/64 scope link
valid_lft forever preferred_lft forever
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:5f:fb:0b brd ff:ff:ff:ff:ff:ff
altname enp2s2
inet6 fe80::20c:29ff:fe5f:fb0b/64 scope link
valid_lft forever preferred_lft forever
虚拟机VIP192.168.200.199已经生成
root@master:~# systemctl status keepalived
● keepalived.service - Keepalive Daemon (LVS and VRRP)
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; preset: enabled)
Active: active (running) since Sun 2024-07-21 11:04:12 UTC; 32s ago
Docs: man:keepalived(8)
man:keepalived.conf(5)
man:genhash(1)
https://keepalived.org
Main PID: 3590 (keepalived)
Tasks: 2 (limit: 4556)
Memory: 2.0M (peak: 2.1M)
CPU: 49ms
CGroup: /system.slice/keepalived.service
├─3590 /usr/sbin/keepalived --dont-fork
└─3592 /usr/sbin/keepalived --dont-fork
Jul 21 11:04:26 master Keepalived_vrrp[3592]: (VI_1) received a 1 auth, expecting 0!
Jul 21 11:04:28 master Keepalived_vrrp[3592]: (VI_1) received a 1 auth, expecting 0!
Jul 21 11:04:30 master Keepalived_vrrp[3592]: (VI_1) received a 1 auth, expecting 0!
Jul 21 11:04:32 master Keepalived_vrrp[3592]: (VI_1) received a 1 auth, expecting 0!
Jul 21 11:04:33 master Keepalived_vrrp[3592]: (VI_1) received a 1 auth, expecting 0!
Jul 21 11:04:34 master Keepalived_vrrp[3592]: (VI_1) received a 1 auth, expecting 0!
Jul 21 11:04:38 master Keepalived_vrrp[3592]: (VI_1) received a 1 auth, expecting 0!
Jul 21 11:04:40 master Keepalived_vrrp[3592]: (VI_1) received a 1 auth, expecting 0!
Jul 21 11:04:43 master Keepalived_vrrp[3592]: (VI_1) received a 1 auth, expecting 0!
Jul 21 11:04:44 master Keepalived_vrrp[3592]: (VI_1) received a 1 auth, expecting 0!
node节点ping
root@node:~# ping 192.168.200.199
PING 192.168.200.199 (192.168.200.199) 56(84) bytes of data.
64 bytes from 192.168.200.199: icmp_seq=1 ttl=64 time=0.040 ms
64 bytes from 192.168.200.199: icmp_seq=2 ttl=64 time=0.060 ms
64 bytes from 192.168.200.199: icmp_seq=3 ttl=64 time=1.55 ms
64 bytes from 192.168.200.199: icmp_seq=4 ttl=64 time=0.051 ms
^C
--- 192.168.200.199 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3083ms
rtt min/avg/max/mdev = 0.040/0.426/1.554/0.651 ms
关闭master节点keepalived后查看
root@master:~# systemctl stop keepalived
root@master:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:5f:fb:01 brd ff:ff:ff:ff:ff:ff
altname enp2s1
inet 192.168.200.190/24 brd 192.168.200.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe5f:fb01/64 scope link
valid_lft forever preferred_lft forever
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:5f:fb:0b brd ff:ff:ff:ff:ff:ff
altname enp2s2
inet6 fe80::20c:29ff:fe5f:fb0b/64 scope link
valid_lft forever preferred_lft forever
IP由node节点接管
root@node:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:8b:b8:b3 brd ff:ff:ff:ff:ff:ff
altname enp2s1
inet 192.168.200.195/24 brd 192.168.200.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.200.199/24 scope global secondary ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe8b:b8b3/64 scope link
valid_lft forever preferred_lft forever
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:8b:b8:bd brd ff:ff:ff:ff:ff:ff
altname enp2s2
inet6 fe80::20c:29ff:fe8b:b8bd/64 scope link
valid_lft forever preferred_lft forever
master节点恢复后再次接管,因为优先级高
root@master:~# systemctl restart keepalived
root@master:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:5f:fb:01 brd ff:ff:ff:ff:ff:ff
altname enp2s1
inet 192.168.200.190/24 brd 192.168.200.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.200.199/24 scope global secondary ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe5f:fb01/64 scope link
valid_lft forever preferred_lft forever
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:5f:fb:0b brd ff:ff:ff:ff:ff:ff
altname enp2s2
inet6 fe80::20c:29ff:fe5f:fb0b/64 scope link
valid_lft forever preferred_lft forever
但是这种情况下服务会中断一点时间,因为master节点恢复后备用节点将会把IP给主节点,而不是备用节点一直接管,用户会感到卡顿一下
原文地址:https://blog.csdn.net/m0_56363537/article/details/140534910
免责声明:本站文章内容转载自网络资源,如本站内容侵犯了原著者的合法权益,可联系本站删除。更多内容请关注自学内容网(zxcms.com)!