很多時候大家為了部署高可用方案都是前端配一個 nginx,如果nginx掛掉怎麼辦,比如下面這張圖:
你可以清楚的看到,如果 192.168.2.100 這臺機器掛掉了,那麼整個集群就下線了,這個問題該怎麼解決呢???簡單的想想確實不大好處理,因為你的前端請求總得要訪問一個ip地址,對吧。。這個問題怎麼破呢?
一:問題分析如果你有一些網絡底子的話,就會明白,你給一個不在本網段的機器發送請求的話,這個請求會先經過你的網關IP,然後通過網關IP傳給對方的網關IP,然後網關IP會將請求轉給它所在區域網的主機,當然我的網關IP和對方的網關IP之間可能有很多跳的路由地址,大概的流程就是下面這樣:
如果你不信的話,可以用 tracert 看看你到 www.ctrip.com 的路由總過程。
從上圖中可以看到,從我當前主機到 ctrip.com 一共有20跳,第一條是192.168.2.1,這個就是我的路由器IP,也就是我的網關IP。
二:虛擬路由冗餘協議好了,說了這麼多有什麼用呢?其實大家仔細觀察這張圖,你會想我能不能在網關IP上做一些手腳呢?可喜的是如今的路由器基本上都支持一個叫做VRRP(虛擬路由冗餘協議),這一協議的作用你可以理解成把網關IP虛擬化成一個網關IP集群,就好像獸族劍聖的鏡像技能,這裡面有master,也有slave,然後區域網內的主機設置的都是虛擬的masterIP(VIP),剛好 keepealived 就是一個實現 VRRP 的一款應用程式,你需要,我專業,大家就這樣走到一塊了。
三:keepalived搭建一覽1. 下載從官網上找到當前最新的版本1.4.2 http://www.keepalived.org/software/keepalived-1.4.2.tar.gz。
配置機器:192.168.23.156 【centos】 和 192.168.23.157 【centos】
[root@localhost app]# wget http://www.keepalived.org/software/keepalived-1.4.2.tar.gz
--2018-03-10 04:04:06-- http://www.keepalived.org/software/keepalived-1.4.2.tar.gz
Resolving www.keepalived.org (www.keepalived.org)... 37.59.63.157, 2001:41d0:8:7a9d::1
Connecting to www.keepalived.org (www.keepalived.org)|37.59.63.157|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 738096 (721K) [application/x-gzip]
Saving to: 『keepalived-1.4.2.tar.gz』
100%[==================================================================>] 738,096 5.24KB/s in 4m 44s
[root@localhost app]# yum install -y openssl openssl-devel
Loaded plugins: fastestmirror, langpacks
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=stock error was
14: curl#52 - "Empty reply from server"
base | 3.6 kB 00:00:00
epel/x86_64/metalink | 7.8 kB 00:00:00
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=extras&infra=stock error was
14: curl#52 - "Empty reply from server"
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
updates/7/x86_64/primary_db | 6.9 MB 00:01:10
[root@localhost app]# tar -zxvf keepalived-1.4.2.tar.gz
[root@localhost app]# ls
keepalived-1.4.2 keepalived-1.4.2.tar.gz
[root@localhost app]# cd keepalived-1.4.2
[root@localhost keepalived-1.4.2]# ls
aclocal.m4 bin_install configure COPYING genhash keepalived Makefile.am README.md
ar-lib ChangeLog configure.ac depcomp INSTALL keepalived.spec.in Makefile.in snap
AUTHOR compile CONTRIBUTORS doc install-sh lib missing TODO
[root@localhost keepalived-1.4.2]#
[root@localhost keepalived-1.4.2]# ./configure --prefix=/usr/app/keepalived && make && make install
安裝好了之後,你就會看到如下的內容,那就恭喜你,安裝成功了。
Keepalived configuration
----
Keepalived version : 1.4.2
Compiler : gcc
Preprocessor flags :
Compiler flags : -Wall -Wunused -Wstrict-prototypes -Wextra -g -O2 -fPIE -D_GNU_SOURCE
Linker flags : -pie
Extra Lib : -lcrypto -lssl
Use IPVS Framework : Yes
IPVS use libnl : No
IPVS syncd attributes : No
IPVS 64 bit stats : No
fwmark socket support : Yes
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
Use VRRP authentication : Yes
With ip rules/routes : Yes
SNMP vrrp support : No
Build genhash : Yes
Build documentation : No
安裝好了之後,在/usr/app/keepalived/etc/keepalived 目錄下有一個 keepalived.conf文件,現在你要做的事情就是將它copy到/etc/keepalived文件夾下,然後在192.168.23.156 機器中的配置文件,修改如下:
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id NodeA
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.2.200
}
}
其中要注意的就是:
<1> priority 150節點的優先級,master要比slave高。
<2> interface ens33ens33大家可以通過ipconfig查看一下自己的網卡。
[root@localhost ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.23.157 netmask 255.255.255.0 broadcast 192.168.23.255
inet6 fe80::20c:29ff:fe54:4f5a prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:54:4f:5a txqueuelen 1000 (Ethernet)
RX packets 10899 bytes 11349012 (10.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5575 bytes 599717 (585.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 4 bytes 340 (340.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4 bytes 340 (340.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
設置好虛擬IP(VIP)為:192.168.23.200, 同樣的道理,在 192.168.23.157 設置如下:
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id NodeB
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.23.200
}
}
[root@localhost sbin]# ./keepalived -D
[root@localhost sbin]# ps -ef | grep keepalived
root 4661 1 0 05:41 ? 00:00:00 ./keepalived -D
root 4662 4661 0 05:41 ? 00:00:00 ./keepalived -D
root 4663 4661 0 05:41 ? 00:00:00 ./keepalived -D
root 4673 4300 0 05:41 pts/0 00:00:00 grep --color=auto keepalived
C:\Users\hxc>arp -a
接口: 192.168.23.1 --- 0x6
Internet 地址 物理地址 類型
192.168.23.156 00-0c-29-75-7e-20 動態
192.168.23.157 00-0c-29-54-4f-5a 動態
192.168.23.200 00-0c-29-75-7e-20 動態
192.168.23.255 ff-ff-ff-ff-ff-ff 靜態
224.0.0.22 01-00-5e-00-00-16 靜態
224.0.0.251 01-00-5e-00-00-fb 靜態
224.0.0.252 01-00-5e-00-00-fc 靜態
239.11.20.1 01-00-5e-0b-14-01 靜態
239.255.255.250 01-00-5e-7f-ff-fa 靜態
255.255.255.255 ff-ff-ff-ff-ff-ff 靜態
C:\Users\hxc>arp -a
接口: 192.168.23.1 --- 0x6
Internet 地址 物理地址 類型
192.168.23.156 00-0c-29-75-7e-20 動態
192.168.23.157 00-0c-29-54-4f-5a 動態
192.168.23.200 00-0c-29-54-4f-5a 動態
192.168.23.255 ff-ff-ff-ff-ff-ff 靜態
224.0.0.22 01-00-5e-00-00-16 靜態
224.0.0.251 01-00-5e-00-00-fb 靜態
224.0.0.252 01-00-5e-00-00-fc 靜態
239.11.20.1 01-00-5e-0b-14-01 靜態
239.255.255.250 01-00-5e-7f-ff-fa 靜態
255.255.255.255 ff-ff-ff-ff-ff-ff 靜態
好了,這個就是本篇所說的所有內容,希望對您有幫助。