在之前一篇使用nginx搭建高可用的解決方案的時候,很多同學會問,如果nginx掛掉怎麼辦,比如下麵這張圖: 你可以清楚的看到,如果192.168.2.100這台機器掛掉了,那麼整個集群就下線了,這個問題該怎麼解決呢??? 簡單的想想確實不大好處理,因為你 的webBrowser總得要訪問一個ip地 ...
在之前一篇使用nginx搭建高可用的解決方案的時候,很多同學會問,如果nginx掛掉怎麼辦,比如下麵這張圖:
你可以清楚的看到,如果192.168.2.100這台機器掛掉了,那麼整個集群就下線了,這個問題該怎麼解決呢??? 簡單的想想確實不大好處理,因為你
的webBrowser總得要訪問一個ip地址,對吧。。這個問題怎麼破呢?
一:問題分析
如果你有一些網路底子的話,就會明白,你給一個不在本網段的機器發送請求的話,這個請求會先經過你的網關IP,然後通過網關IP傳給對方的網關IP,然
後網關IP會將請求轉給它所在區域網的主機,當然我的網關IP和對方的網關IP之間可能有很多跳的路由地址,大概的流程就是下麵這樣:
如果你不信的話,可以用tracert 看看你到www.ctrip.com的路由總過程。
從上圖中可以看到,從我當前主機到ctrip.com一共有20跳,第一條是192.168.2.1,這個就是我的路由器IP,也就是我的網關IP。
二:虛擬路由冗餘協議
好了,說了這麼多有什麼用呢?其實大家仔細觀察這張圖,你會想我能不能在網關IP上做一些手腳呢? 可喜的是如今的路由器基本上都支持一個叫做
VRRP(虛擬路由冗餘協議),這一協議的作用你可以理解成把網關IP虛擬化成一個網關IP集群,就好像獸族劍聖的鏡像技能,這裡面有master,也有slave,
然後區域網內的主機設置的都是虛擬的masterIP(VIP),剛好keepealived就是一個實現VRRP的一款應用程式,你需要,我專業,大家就這樣走到一塊了。
三:keepalived搭建一覽
1. 下載:從官網上找到當前最新的版本1.4.2。http://www.keepalived.org/software/keepalived-1.4.2.tar.gz。
配置機器: 192.168.23.156 【centos】
192.168.23.157 【centos】
1 [root@localhost app]# wget http://www.keepalived.org/software/keepalived-1.4.2.tar.gz 2 --2018-03-10 04:04:06-- http://www.keepalived.org/software/keepalived-1.4.2.tar.gz 3 Resolving www.keepalived.org (www.keepalived.org)... 37.59.63.157, 2001:41d0:8:7a9d::1 4 Connecting to www.keepalived.org (www.keepalived.org)|37.59.63.157|:80... connected. 5 HTTP request sent, awaiting response... 200 OK 6 Length: 738096 (721K) [application/x-gzip] 7 Saving to: ‘keepalived-1.4.2.tar.gz’ 8 9 100%[==================================================================>] 738,096 5.24KB/s in 4m 44s
2. 然後把相關依賴裝起來:yum install -y openssl openssl-devel。
1 [root@localhost app]# yum install -y openssl openssl-devel 2 Loaded plugins: fastestmirror, langpacks 3 Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=stock error was 4 14: curl#52 - "Empty reply from server" 5 base | 3.6 kB 00:00:00 6 epel/x86_64/metalink | 7.8 kB 00:00:00 7 Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=extras&infra=stock error was 8 14: curl#52 - "Empty reply from server" 9 extras | 3.4 kB 00:00:00 10 updates | 3.4 kB 00:00:00 11 updates/7/x86_64/primary_db | 6.9 MB 00:01:10
3. 接下來繼續解壓,最後安裝三板斧: ./configure --prefix=/usr/app/keepalived && make && make install。
[root@localhost app]# tar -zxvf keepalived-1.4.2.tar.gz [root@localhost app]# ls keepalived-1.4.2 keepalived-1.4.2.tar.gz [root@localhost app]# cd keepalived-1.4.2 [root@localhost keepalived-1.4.2]# ls aclocal.m4 bin_install configure COPYING genhash keepalived Makefile.am README.md ar-lib ChangeLog configure.ac depcomp INSTALL keepalived.spec.in Makefile.in snap AUTHOR compile CONTRIBUTORS doc install-sh lib missing TODO [root@localhost keepalived-1.4.2]#
[root@localhost keepalived-1.4.2]# ./configure --prefix=/usr/app/keepalived && make && make install
安裝好了之後,你就會看到如下的內容,那就恭喜你,安裝成功了。
Keepalived configuration ------------------------ Keepalived version : 1.4.2 Compiler : gcc Preprocessor flags : Compiler flags : -Wall -Wunused -Wstrict-prototypes -Wextra -g -O2 -fPIE -D_GNU_SOURCE Linker flags : -pie Extra Lib : -lcrypto -lssl Use IPVS Framework : Yes IPVS use libnl : No IPVS syncd attributes : No IPVS 64 bit stats : No fwmark socket support : Yes Use VRRP Framework : Yes Use VRRP VMAC : Yes Use VRRP authentication : Yes With ip rules/routes : Yes SNMP vrrp support : No SNMP checker support : No SNMP RFCv2 support : No SNMP RFCv3 support : No DBUS support : No SHA1 support : No Use Debug flags : No smtp-alert debugging : No Use Json output : No Stacktrace support : No Memory alloc check : No libnl version : None Use IPv4 devconf : No Use libiptc : No Use libipset : No init type : systemd Build genhash : Yes Build documentation : No
4. 安裝好了之後,在/usr/app/keepalived/etc/keepalived目錄下有一個keepalived.conf文件,現在你要做的事情就是
將它copy到/etc/keepalived文件夾下就可以了。
1 [root@localhost keepalived]# ls 2 keepalived.conf samples 3 [root@localhost keepalived]# pwd 4 /usr/app/keepalived/etc/keepalived 5 [root@localhost keepalived]# mkdir -p /etc/keepalived 6 [root@localhost keepalived]# cp ./keepalived.conf /etc/keepalived/keepalived.conf
5. 接下來我們改一下配置文件。
在192.168.23.156機器中的配置文件,修改如下:
【原來】
global_defs { notification_email { [email protected] [email protected] [email protected] } notification_email_from [email protected] smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_DEVEL vrrp_skip_check_adv_addr vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.200.16 192.168.200.17 192.168.200.18 } }
【修改】
global_defs { notification_email { [email protected] [email protected] [email protected] } notification_email_from [email protected] smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id NodeA vrrp_skip_check_adv_addr vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_instance VI_1 { state MASTER interface ens33 virtual_router_id 51 priority 150 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.2.200 } }
其中要註意的就是:
《1》priority 150
節點的優先順序,master要比slave高。
《2》interface ens33
ens33大家可以通過ipconfig查看一下自己的網卡。
[root@localhost ~]# ifconfig br-11757db6abf5: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 172.22.0.1 netmask 255.255.0.0 broadcast 0.0.0.0 ether 02:42:c2:e0:52:10 txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 br-875e3c64ec79: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 172.23.0.1 netmask 255.255.0.0 broadcast 0.0.0.0 ether 02:42:4e:43:5b:a0 txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 br-904f2c62861e: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 172.19.0.1 netmask 255.255.0.0 broadcast 0.0.0.0 ether 02:42:6d:80:36:58 txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 br-b0028a425959: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 172.21.0.1 netmask 255.255.0.0 broadcast 0.0.0.0 ether 02:42:68:51:95:99 txqueuelen 0 (Ethernet) RX packets 18 bytes 1458 (1.4 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 41 bytes 3920 (3.8 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 br-c4a09a75fc67: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 172.18.0.1 netmask 255.255.0.0 broadcast 0.0.0.0 ether 02:42:92:f9:2d:65 txqueuelen 0 (Ethernet) RX packets 4 bytes 340 (340.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 4 bytes 340 (340.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 br-f0fb207788a0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.20.0.1 netmask 255.255.0.0 broadcast 0.0.0.0 inet6 fe80::42:86ff:fe1e:c970 prefixlen 64 scopeid 0x20<link> ether 02:42:86:1e:c9:70 txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0 ether 02:42:8f:8c:a9:a7 txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.23.157 netmask 255.255.255.0 broadcast 192.168.23.255 inet6 fe80::20c:29ff:fe54:4f5a prefixlen 64 scopeid 0x20<link> ether 00:0c:29:54:4f:5a txqueuelen 1000 (Ethernet) RX packets 10899 bytes 11349012 (10.8 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 5575 bytes 599717 (585.6 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) RX packets 4 bytes 340 (340.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 4 bytes 340 (340.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 veth4d72ad4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet6 fe80::d4fb:fcff:feeb:cd7c prefixlen 64 scopeid 0x20<link> ether d6:fb:fc:eb:cd:7c txqueuelen 0 (Ethernet) RX packets 16 bytes 1248 (1.2 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 43 bytes 4130 (4.0 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 vethe634b1c: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet6 fe80::e0c6:88ff:fe1c:f4a1 prefixlen 64 scopeid 0x20<link> ether e2:c6:88:1c:f4:a1 txqueuelen 0 (Ethernet) RX packets 18 bytes 1458 (1.4 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 41 bytes 3920 (3.8 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255 ether 00:00:00:00:00:00 txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@localhost ~]#
《3》virtual_ipaddress 192.168.23.200
設置好虛擬IP(VIP)為:192.168.23.200
同樣的道理,在192.168.23.157設置如下:
global_defs { notification_email { [email protected] [email protected] [email protected] } notification_email_from [email protected] smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id NodeB vrrp_skip_check_adv_addr vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_instance VI_1 { state BACKUP interface ens33 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.23.200 } }
7. 接下來就可以啟動keepalived了。
[root@localhost sbin]# ./keepalived -D [root@localhost sbin]# ps -ef | grep keepalived root 4661 1 0 05:41 ? 00:00:00 ./keepalived -D root 4662 4661 0 05:41 ? 00:00:00 ./keepalived -D root 4663 4661 0 05:41 ? 00:00:00 ./keepalived -D root 4673 4300 0 05:41 pts/0 00:00:00 grep --color=auto keepalived
五:檢測
1. 通過ip a 看看當前ens33網卡上是否綁定了192.168.23.200虛擬IP。
2. 然後通過arp -a 查看當前的vip映射到的物理(mac)地址,可以看到當前的vip映射到的是192.168.23.156上面。
C:\Users\hxc>arp -a 介面: 192.168.23.1 --- 0x6 Internet 地址 物理地址 類型 192.168.23.156 00-0c-29-75-7e-20 動態 192.168.23.157 00-0c-29-54-4f-5a 動態 192.168.23.200 00-0c-29-75-7e-20 動態 192.168.23.255 ff-ff-ff-ff-ff-ff 靜態 224.0.0.22 01-00-5e-00-00-16 靜態 224.0.0.251 01-00-5e-00-00-fb 靜態 224.0.0.252 01-00-5e-00-00-fc 靜態 239.11.20.1 01-00-5e-0b-14-01 靜態 239.255.255.250 01-00-5e-7f-ff-fa 靜態 255.255.255.255 ff-ff-ff-ff-ff-ff 靜態
3. 然後我們把156這台機器關閉了,可以看到當前的vip已經漂移到了157這台機器上了。
C:\Users\hxc>arp -a 介面: 192.168.23.1 --- 0x6 Internet 地址 物理地址 類型 192.168.23.156 00-0c-29-75-7e-20 動態 192.168.23.157 00-0c-29-54-4f-5a 動態 192.168.23.200 00-0c-29-54-4f-5a 動態 192.168.23.255 ff-ff-ff-ff-ff-ff 靜態 224.0.0.22 01-00-5e-00-00-16 靜態 224.0.0.251 01-00-5e-00-00-fb 靜態 224.0.0.252 01-00-5e-00-00-fc 靜態 239.11.20.1 01-00-5e-0b-14-01 靜態 239.255.255.250 01-00-5e-7f-ff-fa 靜態 255.255.255.255 ff-ff-ff-ff-ff-ff 靜態
好了,這個就是本篇所說的所有內容,希望對您有幫助。
