高可用集群keepalived

1.3 环境部署脚本

#!/bin/bash
# 定义日志文件路径
LOG_FILE="/var/log/keepalived_install.log"# 定义环境变量
KEEPALIVED_VERSION="2.3.2"
KEEPALIVED_INSTALL_PATH="/data/server/keepalived"
KEEPALIVED_TAR_NAME="keepalived-${KEEPALIVED_VERSION}"# 读取节点角色
read -p "当前节点的角色(MASTER|BACKUP): " KEEPALIVED_ROLE# 定义日志记录函数
function log() {local timestamp=$(date "+%Y-%m-%d %H:%M:%S")local message="$1"echo "[${timestamp}] ${message}" | tee -a ${LOG_FILE}
}# 定义函数：基本环境定制
function setup_environment() {log "开始基本环境定制"echo "正在更新软件包列表..."apt update 2>&1 | tee -a ${LOG_FILE}if [ $? -eq 0 ]; thenlog "软件包列表更新成功"elselog "软件包列表更新失败"exit 1fiecho "正在安装必要的软件包..."apt -y install make gcc ipvsadm build-essential pkg-config automake autoconf \libipset-dev libnl-3-dev libnl-genl-3-dev libssl-dev libxtables-dev libip4tc-dev \libip6tc-dev libmagic-dev libsnmp-dev libglib2.0-dev libpcre2-dev libnftnl-dev \libmnl-dev libsystemd-dev libpopt-dev daemon 2>&1 | tee -a ${LOG_FILE}if [ $? -eq 0 ]; thenlog "必要软件包安装成功"elselog "必要软件包安装失败"exit 1fi
}# 定义函数：下载软件
function download_software() {log "开始下载软件"echo "正在创建目录并下载 Keepalived ${KEEPALIVED_VERSION}..."mkdir -p /data/{server,softs} 2>&1 | tee -a ${LOG_FILE}if [ $? -eq 0 ]; thenlog "目录创建成功"elselog "目录创建失败"exit 1ficd /data/softsif [ ! -f ${KEEPALIVED_TAR_NAME}.tar.gz ]; thenlocal keepalived_url="https://keepalived.org/software/${KEEPALIVED_TAR_NAME}.tar.gz"wget "${keepalived_url}" 2>&1 | tee -a ${LOG_FILE}if [ $? -eq 0 ]; thenlog "Keepalived ${KEEPALIVED_VERSION} 下载成功"elselog "Keepalived ${KEEPALIVED_VERSION} 下载失败"exit 1fifiecho "正在解压 Keepalived ${KEEPALIVED_VERSION}..."local untar_dir="/data/softs/${KEEPALIVED_TAR_NAME}"[ -d ${untar_dir} ] && rm -rf ${untar_dir}tar xvf "${KEEPALIVED_TAR_NAME}.tar.gz" 2>&1 | tee -a ${LOG_FILE}if [ $? -eq 0 ]; thenlog "Keepalived ${KEEPALIVED_VERSION} 解压成功"elselog "Keepalived ${KEEPALIVED_VERSION} 解压失败"exit 1fi
}# 定义函数：编译安装
function compile_and_install() {log "开始编译安装"echo "正在进入解压目录并进行配置..."cd "${KEEPALIVED_TAR_NAME}"./configure --prefix="${KEEPALIVED_INSTALL_PATH}" 2>&1 | tee -a ${LOG_FILE}if [ $? -eq 0 ]; thenlog "配置成功，安装路径为 ${KEEPALIVED_INSTALL_PATH}"elselog "配置失败，安装路径为 ${KEEPALIVED_INSTALL_PATH}"exit 1fiecho "正在编译 Keepalived ${KEEPALIVED_VERSION}..."make 2>&1 | tee -a ${LOG_FILE}if [ $? -eq 0 ]; thenlog "编译成功"elselog "编译失败"exit 1fiecho "正在安装 Keepalived ${KEEPALIVED_VERSION} 到 ${KEEPALIVED_INSTALL_PATH}..."make install 2>&1 | tee -a ${LOG_FILE}if [ $? -eq 0 ]; thenlog "安装成功，安装路径为 ${KEEPALIVED_INSTALL_PATH}"elselog "安装失败，安装路径为 ${KEEPALIVED_INSTALL_PATH}"exit 1fi
}# 定义函数：定制服务文件
function customize_service_file() {log "开始定制服务文件"echo "正在复制服务文件..."cd /data/softs/${KEEPALIVED_TAR_NAME}/keepalivedcp keepalived.service /lib/systemd/system/ 2>&1 | tee -a ${LOG_FILE}if [ $? -eq 0 ]; thenlog "服务文件复制成功"elselog "服务文件复制失败"exit 1fi
}# 定义函数：定制配置文件
function customize_config_file() {log "开始定制配置文件"echo "正在定制配置文件..."cd "${KEEPALIVED_INSTALL_PATH}/etc/keepalived/"[ ! -d /etc/keepalived ] && mkdir /etc/keepalived || rm -rf /etc/keepalived/*mv keepalived.conf.sample /etc/keepalived/keepalived.conf 2>&1 | tee -a ${LOG_FILE}local net_name=$(ip a | awk -F " |:" '/MULTICAST/{print $3}'|head -n1)sed -i "s/eth0/${net_name}/g" /etc/keepalived/keepalived.confsed -i '/virtual_server/,$d' /etc/keepalived/keepalived.confif [ "${KEEPALIVED_ROLE}" == "BACKUP" ]; thensed -i 's/MASTER/BACKUP/' /etc/keepalived/keepalived.confsed -i 's/ty 100/ty 90/' /etc/keepalived/keepalived.conf  # 注意：这里可能存在拼写错误（ty应为priority）fiif [ $? -eq 0 ]; thenlog "配置文件定制成功，安装路径为 ${KEEPALIVED_INSTALL_PATH}"elselog "配置文件定制失败，安装路径为 ${KEEPALIVED_INSTALL_PATH}"exit 1fi
}# 定义函数：启动服务
function start_service() {log "开始启动服务"echo "正在重新加载 systemd 管理器配置..."systemctl daemon-reload 2>&1 | tee -a ${LOG_FILE}if [ $? -eq 0 ]; thenlog "systemd 管理器配置重新加载成功"systemctl start keepalivedelselog "systemd 管理器配置重新加载失败"exit 1fi
}# 主函数，按顺序调用各个子函数
function main() {# 检查环境变量是否为空if [ -z "${KEEPALIVED_VERSION}" ]; thenlog "错误：KEEPALIVED_VERSION 环境变量为空"exit 1fiif [ -z "${KEEPALIVED_INSTALL_PATH}" ]; thenlog "错误：KEEPALIVED_INSTALL_PATH 环境变量为空"exit 1fisetup_environmentdownload_softwarecompile_and_installcustomize_service_filecustomize_config_filestart_servicelog "Keepalived ${KEEPALIVED_VERSION} 安装及配置完成，安装路径为 ${KEEPALIVED_INSTALL_PATH}！"echo "Keepalived ${KEEPALIVED_VERSION} 安装及配置完成，安装路径为 ${KEEPALIVED_INSTALL_PATH}！"
}# 执行主函数
main

2.配置解读

1.1 配置简介

1.3 简单实践

结果显示： VIP 效果完全正常，可以替代原来的 web 地址访问效果

15主机上抓包     tcpdump -i ens224 -nn host 224.0.0.18 12主机优先级高所以它占用vip

停掉12主机   15主机抢了VIP,说明keepalived默认 工作模式是 抢占式，开启12主机后又恢复。

1.4 日志功能

（1）日志存放在哪里

默认情况下， keepalived 的日志功能是放入到 syslog 文件里面的，但是 syslog 文件不仅仅给 keepalived使用，还给很多其他的服务去使用，所以，一般情况下，我们需要将keepalived 的日志功能，单独独立出来。

cat /data/server/keepalived/etc/sysconfig/keepalived          #查看依赖的配置文件

KEEPALIVED_OPTIONS = "-D" # 记录详细的日志

data/server/keepalived/sbin/keepalived --help    # 查看 keepalived 的命令启动选项

KEEPALIVED_OPTIONS="-D -S 6"  注：里面解释了左边命令所写的原因

（2）定制日志输出

在/etc/rsyslog.d/目录下创建 keepalived的日志配置文件keepalived.conf

[root@rocky9-15 ~]# vim /etc/rsyslog.d/keepalived.conf

local6. * / var / log / keepalived.log

& ~

注意:  & ~ 表示 keepalived 日志仅仅写入 / var / log / keepalived.log 中，不写入 / var / log / syslog 文件。

[root@rocky9-15 ~]# vim /etc/sysconfig/keepalived   # apt 安装的在 / etc / default / keepalived

KEEPALIVED_OPTIONS = "-D -S 6"

systemctl restart rsyslog.service              #重启rsyslog服务

systemctl restart keepalived.service        #重启keepalived服务

tail /var/log/keepalived.log                       #查看日志效果

1.5 子配置[M]

当生产环境复杂时， / etc / keepalived / keepalived.conf 文件中内容过多，除了全局级别的配

置，还有大量的业务级别的配置，相当的不易管理。 利用 include 指令可以实现包含子配置文件。

配置格式：

include / path / file

定制主从配置文件  其中#里面的内容是定制从节点配置要写的

global_defs {router_id kpmaster   #kpbackup
}vrrp_instance VI_1 {state MASTER         #BACKUP interface ens224virtual_router_id 50priority 100         #100以下，例99authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.8.100}
}

确定确认要截取的内容

主从节点相同的完全步骤

1 定制子配置文件

mkdir / etc / keepalived / conf.d /

cd / etc / keepalived

sed - nr '5,$p' keepalived.conf > / etc / keepalived / conf.d / cluster1.conf

2 定制主配置

sed - i '5,$d' / etc / keepalived / keepalived.conf

echo 'include /etc/keepalived/conf.d/*.conf' >> / etc / keepalived / keepalived.conf

3 重启服务

systemctl restart keepalived.service

3.工作模式[L]

Keepalived 是一个基于 VRRP 协议的实现高可用的软件，在 Keepalived 中，抢占式和非抢占式是两种重要的工作模式。keepalived 默认抢占式工作模式。

非抢占式配置

注意：要关闭 VIP 抢占， 必须将各 Keepalived 服务器 state 配置为 BACKUP
master主机配置比slave主机配置多了nopreempt而已 其他配置相同

nopreempt 的主要目的是为了保持服务的稳定性和连续性，避免由于主服务器的频繁恢复和抢占导致的服务中断和网络抖动。

结果显示： 虽然 master 节点优先级高，因为处于非抢占模式，所以 vip 依然在 slave 节点上。

当 slave 节点服务异常， vip 才会被 master 接管 , 这样避免了 vip 的频繁移动

非抢占延迟模式

Keepalived 的非抢占延时模式是在非抢占式模式基础上增加了延时机制

主从节点主机配置 如下 其他的不变

state BACKUP

preempt_delay 60  #表示60s 

关于工作模式的小结

抢占模式

    -主挂了，备立刻抢vip

    -主恢复了，立刻抢备vip

延迟抢占

    -主挂了，备让几秒钟，确保主挂了，然后抢vip

    -主恢复了，让让

非抢占

   -主挂了，备立刻抢vip

   -主恢复了，不抢备的vip

4. 消息传递[L]

单播： 是一种点到点的通信方式，数据从发送方发送到特定的一个接收方。即 一对一。

多播： 是一种点到多点的通信方式，数据从发送方发送到一组特定的接收方，即 一对多。

如何配置多播通信  在主配置文件上增加下面的内容即可 主节点为例

cat /etc/keepalived/keepalived.conf

global_defs {

  router_id kpmaster

  vrrp_mcast_group4 226.0.0.18

}

include / etc / keepalived / conf.d /* .conf

如何配置单播通信  主节点为例

vrrp_instance VI_1 {state BACKUPinterface ens37virtual_router_id 50priority 100unicast_src_ip 192.168.8.12 # 定制单播的地址，本地的网卡地址unicast_peer { # 定制单播的对端地址192.168.8.15}authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {10.0.0.100}
}

5. 多主模式[M]

双主实践 效果如下 以10.0.0.12主机为例

vrrp_instance VI_1 {state MASTER             # 初始状态为MASTER，会尝试抢占VIPinterface ens224         # 绑定的网络接口virtual_router_id 50     # 虚拟路由ID，必须在0-255之间，同一VRRP组内节点需相同priority 100              # 优先级，数值越高越优先成为MASTERunicast_src_ip 192.168.8.12  # 单播源IP地址unicast_peer {           # 单播对等体IP地址192.168.8.15}authentication {         # 认证配置auth_type PASS       # 密码认证auth_pass 1111       # 认证密码}virtual_ipaddress {      # 虚拟IP地址配置10.0.0.100 dev ens160}
}vrrp_instance VI_2 {state BACKUP             # 初始状态为备份，优先级更高的节点会成为MASTERinterface ens224         # 绑定的网络接口virtual_router_id 51     # 虚拟路由ID，必须在0-255之间，同一VRRP组内节点需相同priority 99              # 优先级，数值越高越优先成为MASTERunicast_src_ip 192.168.8.12  # 单播源IP地址unicast_peer {           # 单播对等体IP地址192.168.8.15}authentication {         # 认证配置auth_type PASS       # 密码认证auth_pass 1111       # 认证密码}virtual_ipaddress {      # 虚拟IP地址配置10.0.0.200 dev ens160}
}

三主实践 -1 备

特点：允许三台节点中，可以损坏一个节点

#第一个节点ka1配置：
virtual_router_id 1 , Vrrp instance 1 , MASTER，优先级 100
virtual_router_id 2 , Vrrp instance 2 , BACKUP，优先级 80
#第二个节点ka2配置：
virtual_router_id 2 , Vrrp instance 2 , MASTER，优先级 100
virtual_router_id 3 , Vrrp instance 3 , BACKUP，优先级 80
#第三个节点ka3配置：
virtual_router_id 3 , Vrrp instance 3 , MASTER，优先级 100
virtual_router_id 1 , Vrrp instance 1 , BACKUP，优先级 80

三主实践 -2 备

特点：允许三台节点中，可以损坏两个节点

#第一个节点ka1配置：
virtual_router_id 1 , Vrrp instance 1 , MASTER，优先级100
virtual_router_id 2 , Vrrp instance 2 , BACKUP，优先级80
virtual_router_id 3 , Vrrp instance 3 , BACKUP，优先级60
#第二个节点ka2配置：
virtual_router_id 1 , Vrrp instance 1 , BACKUP，优先级60
virtual_router_id 2 , Vrrp instance 2 , MASTER，优先级100
virtual_router_id 3 , Vrrp instance 3 , BACKUP，优先级80
#第三个节点ka3配置：
virtual_router_id 1 , Vrrp instance 1 , BACKUP，优先级80
virtual_router_id 2 , Vrrp instance 2 , BACKUP，优先级60
virtual_router_id 3 , Vrrp instance 3 , MASTER，优先级100

6. 虚拟服务实践

Keepalived 的虚拟服务是基于 VRRP （虚拟路由冗余协议）实现的一种高可用服务解决方案

前提环境 RS1:10.0.0.146      RS2:10.0.147

首先在这两台主机上配置nginx并将其默认的html文件分别进行如下更改

echo "10.0.0.146 nginx-RS1" > /usr/share/nginx/html/index.html

echo "10.0.0.147 nginx-RS2" > /usr/share/nginx/html/index.html

定制专属脚本 lvs_dr_backend_server.sh

#!/bin/bash# 定义网络相关变量
vip=10.0.0.100
mask='255.255.255.255'
dev=lo:1# 定义内核配置路径前缀
conf_path="/proc/sys/net/ipv4/conf"# 定义 ARP 配置文件路径数组
arp_ignore_files=("${conf_path}/all/arp_ignore""${conf_path}/lo/arp_ignore"
)arp_announce_files=("${conf_path}/all/arp_announce""${conf_path}/lo/arp_announce"
)# 配置 ARP 参数的函数
configure_arp() {local value=$1for file in "${arp_ignore_files[@]}"; do# 环境实施# 检测效果echo "$value" > "$file"donelocal announce_value=$((value * 2))for file in "${arp_announce_files[@]}"; doecho "$announce_value" > "$file"done
}# 启动服务的函数
start_service() {configure_arp 1ifconfig "$dev" "$vip" netmask "$mask"echo "The RS Server is Ready!"
}# 停止服务的函数
stop_service() {ifconfig "$dev" downconfigure_arp 0echo "The RS Server is Canceled!"
}# 主函数，根据参数调用相应的函数
main() {case $1 instart)start_service;;stop)stop_service;;*)echo "Usage: $(basename "$0") start|stop"exit 1;;esac
}# 调用主函数
main "$1"

/bin/bash lvs_dr_backend_server.sh start      #在每台主机上实施此脚本

curl 10.0.0.100  会得到相应之前编辑的内容

定制虚拟服务

从节点配置的全局 为例

vrrp_instance VI_1 {state BACKUP             # 初始状态为备份，优先级更高的节点会成为MASTERinterface ens224         # 绑定的网络接口virtual_router_id 50     # 虚拟路由ID，必须在0-255之间，同一VRRP组内节点需相同priority 99              # 优先级，数值越高越优先成为MASTERunicast_src_ip 192.168.8.15  # 单播源IP地址unicast_peer {           # 单播对等体IP地址192.168.8.12}authentication {         # 认证配置auth_type PASS       # 密码认证auth_pass 1111       # 认证密码}virtual_ipaddress {      # 虚拟IP地址配置10.0.0.100}
}
virtual_server 10.0.0.100 80 {delay_loop 2lb_algo rrlb_kind DRprotocol TCPreal_server 10.0.0.146 80 {}real_server 10.0.0.147 80 {}
}

分析：主要是多了virtual_server 10.0.0.100 80 {...} 这些内容 这些内容和主的配置一样 里面有真实主机的ip