Linux HA集群之Keepalived
时间:2022-04-03 11:14
大纲
一、什么是Keepalived
二、Keepalived工作原理
三、Keepalived + LVS的实现
一、什么是Keepalived
Keepalived是用C写的简单的一个路由软件,这个项目的主要目标是对Linux系统和基于Linux的基础设施提供简单而强大负载均衡和高可用性。负载均衡架构依赖于众所周知的和广泛使用的Linux虚拟服务器(IPVS)内核模块提供第四层负载均衡。另一方面,高可用性是通过VRRP协议实现。
Keepalived的作用是检测web服务器的状态,如果有一台web服务器死机,或工作出现故障,Keepalived将检测到,并将有故障的web服务器从系统中剔除,当web服务器工作正常后Keepalived自动将web服务器加入到服务器群中,这些工作全部自动完成,不需要人工干涉,需要人工做的只是修复故障的web服务器。
二、Keepalived工作原理
Layer3,4&7工作在IP/TCP协议栈的IP层,TCP层,及应用层,原理分别如下:
ipvsadm-1.24-13.el5.x86_64.rpm
keepalived-1.2.1-5.el5.x86_64.rpm
httpd-2.2.15-47.el6.centos.1.x86_64.rpm
拓扑图
1、时间同步
[root@Director1 ~]# ntpdate s2c.time.edu.cn [root@Director2 ~]# ntpdate s2c.time.edu.cn [root@node1 ~]# ntpdate s2c.time.edu.cn [root@node2 ~]# ntpdate s2c.time.edu.cn 可根据需要在每个节点上定义crontab任务 [root@Director1 ~]# which ntpdate /sbin/ntpdate [root@Director1 ~]# echo "*/5 * * * * /sbin/ntpdate s2c.time.edu.cn &> /dev/null" >> /var/spool/cron/root [root@Director1 ~]# crontab -l */5 * * * * /sbin/ntpdate s2c.time.edu.cn &> /dev/null
2、主机名称要与uname -n保持一致,并通过/etc/hosts解析
Director1 [root@Director1 ~]# hostname Director1 [root@Director1 ~]# uname -n Director1 [root@Director1 ~]# sed -i ‘s@\(HOSTNAME=\).*@\1Director1@g‘ /etc/sysconfig/network Director2 [root@Director2 ~]# hostname Director2 [root@Director2 ~]# uname -n Director2 [root@node2 ~]# sed -i ‘s@\(HOSTNAME=\).*@\1Director2@g‘ /etc/sysconfig/network node1 [root@node1 ~]# hostname node1.network.com [root@node1 ~]# uname -n node3.network.com [root@node1 ~]# sed -i ‘s@\(HOSTNAME=\).*@\1node1.network.com@g‘ /etc/sysconfig/network node2 [root@node2 ~]# hostname node2.network.com [root@node2 ~]# uname -n node2.network.com [root@node2 ~]# sed -i ‘s@\(HOSTNAME=\).*@\1node2.network.com@g‘ /etc/sysconfig/network node1添加hosts解析 [root@Director1 ~]# vim /etc/hosts [root@Director1 ~]# cat /etc/hosts # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 CentOS5.8 CentOS5 localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 172.16.1.101 Director1 172.16.1.105 Director2 172.16.1.103 node1.network.com node1 172.16.1.104 node2.network.com node2 拷贝此hosts文件至Director2 [root@Director1 ~]# scp /etc/hosts Director2:/etc/ The authenticity of host ‘director2 (172.16.1.105)‘ can‘t be established. RSA key fingerprint is 13:42:92:7b:ff:61:d8:f3:7c:97:5f:22:f6:71:b3:24. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added ‘director2‘ (RSA) to the list of known hosts. hosts 100% 328 0.3KB/s 00:00 拷贝此hosts文件至node1 [root@Director1 ~]# scp /etc/hosts node1:/etc/ The authenticity of host ‘node1 (172.16.1.103)‘ can‘t be established. RSA key fingerprint is 1e:87:cd:f0:95:ff:a8:ef:19:bc:c6:e7:0a:87:6b:fa. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added ‘node1,172.16.1.103‘ (RSA) to the list of known hosts. root@node1‘s password: hosts 100% 328 0.3KB/s 00:00 拷贝此hosts文件至node2 [root@Director1 ~]# scp /etc/hosts node2:/etc/ The authenticity of host ‘node2 (172.16.1.104)‘ can‘t be established. RSA key fingerprint is 1e:87:cd:f0:95:ff:a8:ef:19:bc:c6:e7:0a:87:6b:fa. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added ‘node2,172.16.1.104‘ (RSA) to the list of known hosts. root@node2‘s password: hosts 100% 328 0.3KB/s 00:00
3、关闭iptables和selinux
Director1 [root@Director1 ~]# service iptables stop [root@Director1 ~]# vim /etc/sysconfig/selinux [root@Director1 ~]# cat /etc/sysconfig/selinux # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. #SELINUX=permissive SELINUX=disabled # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted Director2 [root@Director2 ~]# service iptables stop [root@Director2 ~]# vim /etc/sysconfig/selinux [root@Director2 ~]# cat /etc/sysconfig/selinux # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. #SELINUX=permissive SELINUX=disabled # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted node1 [root@node1 ~]# service iptables stop [root@node1 ~]# vim /etc/sysconfig/selinux [root@node1 ~]# cat /etc/sysconfig/selinux # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. #SELINUX=permissive SELINUX=disabled # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted node2 [root@node2 ~]# service iptables stop [root@node2 ~]# vim /etc/sysconfig/selinux [root@node2 ~]# cat /etc/sysconfig/selinux # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. #SELINUX=permissive SELINUX=disabled # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted
本文出自 “” 博客,请务必保留此出处