Highly available keepalived instance

Abstract: This paper mainly focuses on cases to let you learn in practice

catalogue

  1, Introduction to Keepalived

  2, Example of basic Keepalived

  1. Prepare three virtual machines

2. Service installation is as follows:

3. Deploy the keepalived service

4. Test

3, Example of kept + LVS server

1. Configure network environment

2. The scheduler installs Keepalived and ipvsadm software

3. Deploy Keepalived to achieve high availability of LVS-DR mode scheduler

4. Test

1, Introduction to Keepalived

Usually, the keepalived technology is used to cooperate with LVS to perform dual machine hot standby for director and storage to prevent single point of failure. Keepalived is a health check tool specially designed for LVS and HA, but later it evolved to not only provide solutions for LVS. Keepalized supports automatic Failover and node Health Checking

Keepalived uses VRRP hot backup protocol to realize the multi machine hot standby function of Linux server. VRRP, virtual routing redundancy protocol, is a backup solution for routers. Multiple routers form a personal hot standby group to provide services through a shared virtual IP address. Only one master router in each hot standby group provides services at the same time, Other routers are redundant. If the currently online router fails, other routers will automatically take over the virtual IP address according to the set priority and continue to provide services

  Official website http://www.keepalived.org/

  2, Example of basic Keepalived

  1. Prepare three virtual machines

         Two are used as back-end servers and one is used as scheduler         

         Here, the web server ip addresses are 192.168.1.100/24          192.168.1.200/24

         proxy scheduler ip: 192.168.1.5/24

2. Service installation is as follows:

web1 ~]#
yum -y install httpd  
echo "192.168.1.100" > /var/www/html/index.html    #Create web page file
systemctl restart httpd        #Start the server
yum install -y keepalived  #Install Keepalived software

web2 ~]#
yum -y install httpd  
echo "192.168.1.200" > /var/www/html/index.html    #Create web page file
systemctl restart httpd        #Start the server
yum install -y keepalived  #Install Keepalived software

3. Deploy the keepalived service

1) Modify the background web1 server keepalived configuration file

[root@web1 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
  router_id  web1       #Line 12, set the route ID number (the experiment needs to be modified)
    vrrp_iptables      #There was no such line originally) clear the firewall interception rule (add this line manually)
}
vrrp_instance VI_1 {
  state MASTER            #The primary server is MASTER (the standby server needs to be modified to BACKUP)
  interface eth0            #Which network card is the VIP equipped with (the experiment needs to be modified, and the network card name cannot be copied)
  virtual_router_id 51        #The VRID numbers of the primary and standby servers must be consistent
  priority 100            #Server priority, high priority, get VIP first
  advert_int 1
  authentication {
    auth_type pass
    auth_pass 1111                       
  }
  virtual_ipaddress {        #Who is the master server and who gets the VIP (the experiment needs to be modified)
192.168.1.80/24(The network card name cannot be copied)
}    
}

   [root@web1 ~]# systemctl start keepalived      

  

  2) Modify the background web2 server keepalived configuration file

[root@web2 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
  router_id  web2        #Set the route ID number (the experiment needs to be modified)
  vrrp_iptables            #Clear the interception rules of the firewall (the experiment needs to be modified, and this line is added manually) 
}
vrrp_instance VI_1 {
  state BACKUP            #The BACKUP server is BACKUP (the experiment needs to be modified)
  interface eth0            #Which network card is the VIP equipped with (the experiment needs to be modified, and the network card name cannot be copied)
  virtual_router_id 51        #The primary and secondary VRID numbers must be consistent
  priority 50                #Server priority (the experiment needs to be modified)
  advert_int 1
  authentication {
     auth_type pass
     auth_pass 1111                   
  }
  virtual_ipaddress {        #Who is the master server and who configures VIP (the experiment needs to be modified)
192.168.1.80/24 
 }   
}

[root@web2 ~]# systemctl start keepalived

3) Close the fire wall, SElinux

[root@web1 ~]# firewall-cmd --set-default-zone=trusted
[root@web1 ~]# sed -i  '/SELINUX/s/enforcing/permissive/' /etc/selinux/config
[root@web1 ~]# setenforce 0

[root@web2 ~]# firewall-cmd --set-default-zone=trusted
[root@web2 ~]# sed -i  '/SELINUX/s/enforcing/permissive/' /etc/selinux/config
[root@web2 ~]# setenforce 0

4. Test

1) Log in to two Web servers to view VIP information

[root@web1 ~]# ip addr show
[root@web2 ~]# ip addr show

2) Client access

curl http://192.168.1.80
 Client use curl Command connection http://192.168.1.80, view the Web page; Shut down Web1 and the client accesses again http://192.168.1.80 , verify that the service can be accessed normally

3, Example of kept + LVS server

1. Configure network environment

1) Using the ip address of the above case, add a proxy scheduler, that is, the following configuration

web1: 192.168.1.100/24      web2: 192.168.1.200/24

The two servers operate separately
yum -y install httpd        #Install software
echo "192.168.1.100" > /var/www/html/index.html    #Create web page file
systemctl restart httpd        #Start the server

proxy: 192.168.1.5/24

proxy: 192.168.1.6/24

2) Next, configure the VIP address for the web1 background server

[root@web1 ~]# cd /etc/sysconfig/network-scripts/
[root@web1 ~]# cp ifcfg-lo  ifcfg-lo:0
[root@web1 ~]# vim ifcfg-lo:0
DEVICE=lo:0
#Equipment name
IPADDR=192.168.1.15
#IP address
NETMASK=255.255.255.255
#Subnet mask
NETWORK=192.168.1.15
#network address
BROADCAST=192.168.1.15
#Broadcast address
ONBOOT=yes
#Activate the network card after power on
NAME=lo:0
#Network card name

Note: the subnet mask here must be 32 (that is, all 255). The network address is the same as the IP address, and the broadcast address is the same as the IP address.

[root@web1 ~]# vim /etc/sysctl.conf
#Manually write the following four lines
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_announce = 2
 The main purpose of writing the following four lines is to access 192.168.4.15 Only the scheduler will respond to the packet, and no other host will respond.
[root@web1 ~]# sysctl  -p                #Refresh, make the configuration file take effect immediately, and restart the network service 
[root@web1 ~]# systemctl restart network        #service network restart  
[root@web1 ~]# ip  a   s                        #View IP address

3) Next, configure the VIP address for the web2 backend server

[root@web2 ~]# cd /etc/sysconfig/network-scripts/
[root@web2 ~]# cp ifcfg-lo  ifcfg-lo:0
[root@web2 ~]# vim ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.1.15
NETMASK=255.255.255.255
NETWORK=192.168.1.15
BROADCAST=192.168.1.15
ONBOOT=yes
NAME=lo:0

Note: because web2 is also configured with the same VIP address as the proxy, address conflicts will certainly occur by default

[root@web2 ~]# vim /etc/sysctl.conf
#Manually write the following four lines, English Vocabulary: ignore, announce
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_announce = 2
#arp_ Ignore (prevent inbound conflict)
#arp_ Announcement (anti outbound conflict)
[root@web2 ~]# sysctl  -p             #Refresh to make the configuration file take effect immediately

The main purpose of writing these four lines is to access the data packet of 192.168.4.15. Only the scheduler will respond, and no other host will respond.

[root@web2 ~]# sysctl  -p     #Refresh to make the configuration file take effect immediately
[root@web2 ~]# systemctl restart network        #service network restart 
[root@web2 ~]# ip a  s                            #View IP address

2. The scheduler installs Keepalived and ipvsadm software

Both schedulers operate
[root@proxy ~]# yum install -y keepalived
[root@proxy ~]# systemctl enable keepalived
[root@proxy ~]# yum install -y ipvsadm
[root@proxy ~]# ipvsadm -C

3. Deploy Keepalived to achieve high availability of LVS-DR mode scheduler

1) LVS1 scheduler sets Keepalived and starts the service (in 192.168.4.5 host operation)

[root@proxy ~]# vim /etc/keepalived/keepalived.conf
global_defs {
  router_id  lvs1        #Line 12, set the route ID number (the experiment needs to be modified)
  vrrp_iptables            #Line 13, clear the firewall interception rules (the experiment needs to be modified and added manually)   
}
vrrp_instance VI_1 {
  state MASTER            #Line 21, MASTER server
  interface eth0            #Line 22, define the network interface (the network card name cannot be copied)
  virtual_router_id 51        #In line 23, the primary and secondary VRID numbers must be consistent
  priority 100            #Line 24, server priority
  advert_int 1
  authentication {
    auth_type pass
    auth_pass 1111                       
  }
  virtual_ipaddress {        #30 ~ 32 lines, configure VIP (the experiment needs to be modified)
192.168.1.15/24 
 }   
}
virtual_server 192.168.1.15 80 {        #Set the VIP rules of ipvsadm (the experiment needs to be modified)
  delay_loop 6                        #Default health check delay 6 seconds
  lb_algo rr                            #Set LVS scheduling algorithm to RR, SH, DH
  lb_kind DR                            #Set the LVS mode to DR (the experiment needs to be modified)
  #persistence_timeout 50                #(the experiment needs to be deleted) (the same client accesses the same server in 50 seconds)
#Note persistence_ The function of timeout is to keep the connection
#After opening, the client always accesses the same server for a certain period of time (50 seconds)
  protocol TCP                        #TCP protocol
  real_server 192.168.1.100 80 {        #Set the real IP of the back-end web server (the experiment needs to be modified)
    weight 1                            #Set the weight to 1
    TCP_CHECK {                        #For background real_ Health check for server (the experiment needs to be modified)
    connect_timeout 3                #The health check timeout is 3 seconds
    nb_get_retry 3                    #Health check retries 3 times
        delay_before_retry 3                #The interval between health checks is 3 seconds
    }
  }
 real_server 192.168.1.200 80 {        #Set the real IP of the back-end web server (the experiment needs to be modified)
    weight 2                        #Set the weight to 2
    TCP_CHECK {                    #For background real_ Health check for server (the experiment needs to be modified)
         connect_timeout 3            #The health check timeout is 3 seconds
    nb_get_retry 3                #Health check retries 3 times
    delay_before_retry 3            #The interval between health checks is 3 seconds
    }
  }
}
[root@proxy1 ~]# systemctl start keepalived
[root@proxy1 ~]# ipvsadm -Ln        #View LVS rules
[root@proxy1 ~]# ip a  s            #View VIP configuration

2) LVS2 scheduler is set to kept (in 192.168.4.6 host operation)

[root@proxy2 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
   router_id  lvs2                        #Line 12, set the route ID number (the experiment needs to be modified)
 vrrp_iptables                   #Line 13, clear the firewall interception rules (the experiment needs to be modified and added manually)   

}
vrrp_instance VI_1 {
  state BACKUP                             #Line 21, the slave server is BACKUP (the experiment needs to be modified)
  interface eth0                        #Line 22, define the network interface (the network card name cannot be copied)
  virtual_router_id 51                    #In line 23, the primary and secondary VRID numbers must be consistent
  priority 50                             #Line 24, server priority (the experiment needs to be modified)
  advert_int 1
  authentication {
    auth_type pass
    auth_pass 1111 
  }
  virtual_ipaddress {                   #30 ~ 32 lines, set VIP (the experiment needs to be modified)
192.168.1.15/24  
}  
}
virtual_server 192.168.1.15 80 {          #Automatically set LVS rules (the experiment needs to be modified)
  delay_loop 6
  lb_algo  rr                              #Set LVS scheduling algorithm to RR
  lb_kind DR                               #Set the LVS mode to DR (the experiment needs to be modified)
 # persistence_timeout 50               #(this line needs to be deleted)
#Note persistence_ The function of timeout is to keep the connection
#After opening, the client always accesses the same server for a certain period of time (50 seconds)
  protocol TCP                        #TCP protocol
  real_server 192.168.1.100 80 {        #Set the real IP of the back-end web server (the experiment needs to be modified)
    weight 1                              #Set the weight to 1
    TCP_CHECK {                         #For background real_ Health check for server (the experiment needs to be modified)
      connect_timeout 3               #The health check timeout is 3 seconds
    nb_get_retry 3                   #Health check retries 3 times
    delay_before_retry 3            #The interval between health checks is 3 seconds
    }
  }
 real_server 192.168.1.200 80 {         #Set the real IP of the back-end web server (the experiment needs to be modified)
    weight 2                              #Set the weight to 2, and the weight can be modified as needed
    TCP_CHECK {                        #For background real_ Health check for server (the experiment needs to be modified)
      connect_timeout 3               #The health check timeout is 3 seconds
    nb_get_retry 3                   #Health check retries 3 times
    delay_before_retry 3            #The interval between health checks is 3 seconds
    }
  }
[root@proxy2 ~]# systemctl start keepalived
[root@proxy2 ~]# ipvsadm -Ln                 #View LVS rules
[root@proxy2 ~]# ip  a   s                    #View VIP settings

4. Test

curl http://192.168.1.15
 Client use curl Command repeated connection http://192.168.1.15, check whether the visited page will poll different back-end real servers.

Tags: Linux Middleware

Posted on Fri, 03 Sep 2021 23:25:21 -0400 by bhawap