简介
Keepalived是集群管理中保证集群高可用的一个服务软件,是以VRRP协议为实现基础的,VRRP全称Virtual Router Redundancy Protocol ,即虚拟路由冗余协议。
Keepalived主要有三个模块,分别是 core、check 和 vrrp。
- core 模块为 keepalived 的核心,负责主进程的启动、维护、以及全局配置文件的加载和解析。
- check 负责健康检查,包括常见的各种检查方式。
- vrrp 模块是来实现 VRRP 协议的。
Haproxy_Director + Keepalived
1.主/备调度器安装软件
yum -y install keepalived
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id director1 #辅助改为director2
}
vrrp_instance VI_1 {
state MASTER/BACKUP
nopreempt #存在于BACKUP
interface eth0 #VIP绑定接口
virtual_router_id 80 # MASTER,BACKUP一致
priority 100 # 辅助改为50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.0.100
}
}
2.启动
systemctl enable keepalived
systemctl start keepalived
3.扩展对调度器Haproxy健康检查(可选)
cat /etc/keepalived/check_haproxy_status.sh
#!/bin/bash
/usr/bin/curl -I http://localhost &>/dev/null
if [ $? -ne 0 ];then
/etc/init.d/keepalived stop
fi
chmod a+x /etc/keepalived/check_haproxy_status.sh
4.添加配置文件
vrrp_script check_haproxy {
script "/etc/keepalived/check_haproxy_status.sh"
interval 5
}
track_script {
check_haproxy
}
5.重启服务
6.配置Haproxy
Lvs_Director + Keepalived
1.主/备调度器安装软件
yum -y install ipvsadm net-tools keepalived
ipvsadm -C
vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.0.200
}
}
virtual_server 192.168.0.200 80 {
delay_loop 10 # 每隔10秒查询realserver状态
lb_algo wlc lvs
lb_kind DR
persistence_timeout 60 # 登陆保持时限为60秒
protocol TCP
real_server 192.168.188.9 80 {
weight 100
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
#失败重试次数
delay_before_retry 3
#失败重试的间隔时间
connect_port 80
}
}
real_server 192.168.188.10 80 {
weight 100
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
2.启动并查看
systemctl start keepalived
ipvsadm -ln
3.配置Real server
keepalived脑裂
BACKUP主机收到不MASTER主机报文后就会切换成为MASTER,如果是它们之间的通信线路出现问题,无法接收到彼此的组播通知,但是两个节点实际都处于正常工作状态,这时两个节点均为master强行绑定虚拟IP,导致不可预料的后果,这就是脑裂。
解决方式:
1、添加更多的检测手段,比如冗余的心跳线(两块网卡做健康监测),ping对方等等。尽量减少”裂脑”发生机会。(指标不治本,只是提高了检测到的概率);
2、设置仲裁机制。两方都不可靠,那就依赖第三方。比如启用共享磁盘锁,ping网关等。(针对不同的手段还需具体分析);
3、将master停掉。然后检查机器之间的防火墙。网络之间的通信