brief introduction
The function of Keepalived is to detect the state of the server. If a web server goes down or fails to work, Keepalived will detect it and remove the failed server from the system. At the same time, other servers will be used to replace the server's work. When the server works normally, Keepalived will automatically add the server to the server group, and all these work will be completed automatically No need for human intervention. All you need to do is repair the failed server.
Unicast and multicast
keepalived will send a lot of useless information to 224.0.0.18 in multicast mode
In unicast mode, only the nodes in the configuration are sent information, which can avoid interference and conflict
Cleft brain
Brain split phenomenon is that in high availability deployment, multiple machines are bound with virtual IP address at the same time, which causes client access confusion when accessing IP address
The script of brain crack monitoring can prevent the occurrence of brain crack
preparation in advance
Prepare two Centos7 virtual machines, turn off firewall and selinux, synchronize system time, modify IP address and hostname
| ip | hostname |
|---|---|
| 192.168.29.132 | master |
| 192.168.29.138 | bak |
Deploy Nginx
#Get the yum source from the official website [root@master ~]# yum install nginx -y [root@bak ~]# yum install nginx -y #Modify the contents of the first page to distinguish [root@master ~]# vi /usr/share/nginx/html/index.html <h1>Welcome to nginx!132</h1> [root@bak ~]# vi /usr/share/nginx/html/index.html <h1>Welcome to nginx!138</h1>
Deploy keepalived
Install software
[root@master ~]# yum install keepalived -y [root@bak ~]# yum install keepalived -y
Modify profile
[root@master ~]# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#1.3 + version needs to comment out this line to PING the host
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
#Set up vrrp instance group
vrrp_instance VI_1 {
#Set to non preemptive mode
state BACKUP
interface ens33
virtual_router_id 51
#Set non preemption mode
nopreempt
#Change multicast to unicast
#Host address to send packets
unicast_src_ip 192.168.29.132
#Destination host address for receiving packets, supporting multiple machines
unicast_peer{
192.168.29.138
}
#Set weight
#If the weight is significant, the priority will be the master. If the weight is the same, the IP address with the largest weight will be the master
priority 100
advert_int 1
#Set up authentication
authentication {
auth_type PASS
auth_pass 1111
}
#Set the virtual IP address to be in the same network segment as the clustered machine
virtual_ipaddress {
192.168.29.100
}
}
[root@bak ~]# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#1.3 + version needs to comment out this line to PING
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
#Set up vrrp instance group
vrrp_instance VI_1 {
#Non preemptive mode
state BACKUP
interface ens33
virtual_router_id 51
#Set non preemption mode
nopreempt
#Change multicast to unicast
#Host address to send packets
unicast_src_ip 192.168.29.138
#Destination host address for receiving packets, supporting multiple machines
unicast_peer{
192.168.29.132
}
#weight
priority 90
advert_int 1
#authentication
authentication {
auth_type PASS
auth_pass 1111
}
#Set virtual IP address
virtual_ipaddress {
192.168.29.100
}
}Start service
[root@master ~]# systemctl start keepalived.service [root@bak ~]# systemctl start keepalived.service #Validation services [root@master ~]# ip a inet 192.168.29.100/32 scope global ens33
Test verification
Browser access virtual ip address
Turn off the maintained service of the master node
[root@master ~]# systemctl stop keepalived.service #Virtual IP drift [root@bak ~]# ip a inet 192.168.29.100/32 scope global ens33
Browser access virtual ip address
Restart the keepalived service of the master node
Because it is set to non preemptive mode, the master node will not preempt the virtual IP address after restarting the service, so the virtual IP is still bound to the bak node
Configure Nginx high availability architecture
Script monitoring Nginx
[root@master ~]# vi /etc/keepalived/check_nginx.sh
#!/bin/bash
#Detect Nginx status
nginx_status=`ps -C nginx --no-header |wc -l`
if [ $nginx_status -eq 0 ]; then
systemctl stop keepalived
fi
[root@bak ~]# vi /etc/keepalived/check_nginx.sh
#!/bin/bash
#Detect Nginx status
nginx_status=`ps -C nginx --no-header |wc -l`
if [ $nginx_status -eq 0 ]; then
systemctl stop keepalived
fi
#Modify permission
[root@master ~]#chmod a+x /etc/keepalived/check_nginx.sh
[root@bak ~]#chmod a+x /etc/keepalived/check_nginx.shModify profile
[root@master ~]# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
#Configure to check the operation of Nginx
vrrp_script check_nginx{
script /etc/keepalived/check_nginx.sh
#Set script execution interval
interval 3
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
nopreempt
unicast_src_ip 192.168.29.132
unicast_peer{
192.168.29.138
}
priority 100
advert_int 1
#Call the script to check the operation of Nginx
track_script{
check_nginx
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.29.100
}
}
[root@bak ~]# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
#Configure to check the operation of Nginx
vrrp_script check_nginx{
script /etc/keepalived/check_nginx.sh
interval 3
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
nopreempt
unicast_src_ip 192.168.29.138
unicast_peer{
192.168.29.132
}
priority 90
advert_int 1
#Call the script to check the operation of Nginx
track_script{
check_nginx
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.29.100
}
}
#Two nodes restart the maintained serviceTest verification
Browser access virtual ip address
Turn off the Nginx service of the master node
[root@master ~]# systemctl stop nginx.service #View the keepalived service [root@master ~]# systemctl status keepalived.service master Keepalived_vrrp[3937]: Stopped - used 0.008106 user time, 0.085418 system time master Keepalived[3936]: Stopped Keepalived v2.0.10 (11/12,2018) master systemd[1]: Stopped LVS and VRRP High Availability Monito
Browser access virtual ip address
Restart service
[root@master ~]# systemctl restart nginx.service [root@master ~]# systemctl start keepalived.service #Non preemptive mode, so virtual ip is still bound to bak node [root@bak ~]# ip a inet 192.168.29.100/32 scope global ens33