keepalived 是一个基于VRRP协议来实现的服务高可用方案。VRRP协议(虚拟路由冗余协议),是由IETF提出的解决局域网中配置静态网关出现单点故障的路由协议。
VRRP可以允许一台机器可以拥有一个或者多个虚拟IP。在高可用的一组机器中,有一个master,多个slaver。对外提供一个虚IP。通过虚IP访问master,slaver负责监控master,如果master宕机,则选举其中一个slaver接管master,虚拟IP绑定到新的master上(俗称IP漂移),从而实现了高可用。
stateDiagram
client --> 虚IP : 访问
虚IP --> 机器A: IP漂移
虚IP --> 机器B
note right of client
客户端访问虚IP
实际访问虚IP下挂载的机器
具体访问哪台机器,视情况而定
end note
state 机器A {
keepalived[master]
}
state 机器B {
keepalived[slaver]
}
安装
- 直接使用yum安装。在两台机器上同时安装keepalived
1
| $ yum install keepalived -y
|
配置
- 在master上做如下配置 :
vim /etc/keepalived/keepalived.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
| ! Configuration File for keepalived global_defs { router_id LVS_01 } vrrp_script check_apiserver { script "/etc/keepalived/check_apiserver.sh" interval 3 weight -2 fall 10 rise 2 }
vrrp_instance VI_1 { state MASTER interface eth0 # 网口 virtual_router_id 10 priority 101 authentication { auth_type PASS auth_pass 111111 } virtual_ipaddress { 172.20.207.100 # 虚IP } track_script { check_apiserver } }
|
- 在slaver下做如下配置 :
vim /etc/keepalived/keepalived.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
| ! Configuration File for keepalived global_defs { router_id LVS_02 } vrrp_script check_apiserver { script "/etc/keepalived/check_apiserver.sh" interval 3 weight -2 fall 10 rise 2 }
vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 10 priority 100 authentication { auth_type PASS auth_pass 111111 } virtual_ipaddress { 172.20.207.100 } track_script { check_apiserver } }
|
启动
1 2 3
| $ systemctl start keepalived $ systemctl enable keepalived $ systemctl status keepalived
|
查看网口虚IP挂载情况
1 2 3 4 5 6 7 8 9
| $ ip addr show dev eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:16:3e:2b:d5:71 brd ff:ff:ff:ff:ff:ff inet 172.20.197.138/20 brd 172.20.207.255 scope global dynamic eth0 valid_lft 315261443sec preferred_lft 315261443sec + inet 172.20.207.100/32 scope global eth0 + valid_lft forever preferred_lft forever inet6 fe80::216:3eff:fe2b:d571/64 scope link valid_lft forever preferred_lft forever
|
测试
- 可以通过虚IP访问两台机器上的服务判断虚IP是否有效
阿里云 - Special tips
- 阿里云不支持直接使用虚IP。需要使用HaVip服务创建虚IP
- 目前HaVip还处于公测阶段,需要通过申请才可以使用
参考链接