KeepAlived实践
1.Keepalived简介Keepalived的作用是检测web服务器的状态,如果有一台web服务器死机,或工作出现故障,Keepalived将检测到,并将有故障的web服务器从系统中剔除,当web服务器工作正常后Keepalived自动将web服务器加入到服务器群中,这些工作全部自动完成,不需要人工干涉,需要人工做的只是修复故障的web服务器。
2.KeepAlived实现Nginx反向代理高可用
实验环境:
lab1:172.16.21.101OS:CentOS6.5 已安装Nginx
lab2:172.16.21.102OS:CentOS6.5已安装Nginx
lab3:172.16.21.103 OS:CentOS6.5 已安装Httpd,运行www.stu21.com网站
lab4:172.16.21.104 OS:CentOS6.5 已安装Httpd,运行bbs.stu21.com网站
在nginx实现将www.stu21.com/bbs重定向到bbs.stu21.com网站,同时配置Kepppalived在lab1和lab2上,实现Nginx的高可用,以避免其发生单点故障而影响整个站点的访问
设置Nginx为反向代理:
在lab1和lab2的nginx的配置文件中的http段中添加如下内容
server {
listen 80;
server_nametest.stu21.com;
location / {
proxy_pass http://172.16.21.103;
}
location /bbs {
rewrite /bbs/?(.*)$ /$1 break;
proxy_pass http://172.16.21.104;
} 现在访问效果如下:
# curl www.stu21.com
www.stu21.com
# curl www.stu21.com/bbs
bbs.stu21.com
配置KeepAlived实现Nginx高可用:
前提:
两台主机分别可以基于密钥连接到对方,并且在对方主机的已知主机列表中
lab1和lab2的keepalived配置如下
lab1:
# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost.com
}
notification_email_from keepalived@localhost.com
smtp_server localhost
smtp_connect_timeout 30
}
vrrp_script chk_nginx {
script "if killall -0 nginx; then exit 0;else ssh lab2 '/etc/init.d/nginx start'; exit 1;fi"
interval 1
weight -2
fall 3
rise 1
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 21
priority 100
authentication {
auth_type PASS
auth_pass nginxabc
}
virtual_ipaddress {
172.16.21.200/16
}
track_script {
chk_nginx
}
notify_master "/etc/keepalived/nginx.sh master"
notify_backup "/etc/keepalived/nginx.sh backup"
notify_fault "/etc/keepalived/nginx.sh fault"
}
lab2:
# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost.com
}
notification_email_from keepalived@localhost.com
smtp_server localhost
smtp_connect_timeout 30
}
vrrp_script chk_nginx {
script "if killall -0 nginx; then exit 0;else ssh lab2 '/etc/init.d/nginx start'; exit 1;fi"
interval 1
weight -2
fall 3
rise 1
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 21
priority 99
authentication {
auth_type PASS
auth_pass nginxabc
}
virtual_ipaddress {
172.16.21.200/16
}
track_script {
chk_nginx
}
notify_master "/etc/keepalived/nginx.sh master"
notify_backup "/etc/keepalived/nginx.sh backup"
notify_fault "/etc/keepalived/nginx.sh fault"
}
两边所使用监控脚本内容如下
# cat /etc/keepalived/nginx.sh
#!/bin/bash
vip=172.16.21.200
contact='root@localhost'
mail() {
mailsubject="`hostname` to be $1: $vip floating"
mailbody="`date '+%F %H:%M:%S'`: vrrp transition, `hostname` changed to be $1"
echo $mailbody | mail -s "$mailsubject" $contact
}
case "$1" in
master)
mail master
/etc/rc.d/init.d/nginx start
exit 0
;;
backup)
mail backup
/etc/rc.d/init.d/nginx stop
exit 0
;;
fault)
mail fault
/etc/rc.d/init.d/nginx stop
exit 0
;;
*)
echo 'Usage: `basename $0` {master|backup|fault}'
exit 1
;;
esac
保证两边使用同样的Nginx配置
测试:
http://s3.运维网.com/wyfs02/M00/49/DF/wKiom1QdP8Tj5LFRAAA9IOFr9Fo491.jpg
http://s3.运维网.com/wyfs02/M01/49/DF/wKiom1QdP8SDf00VAAA6aP5kR8g359.jpg
#停掉lab1的nginx程序,此时查看lab2的日志
http://s3.运维网.com/wyfs02/M02/49/E1/wKioL1QdP-TCIyrdAAD4R0c0WDo597.jpg
可见lab2已经成功添加了172.16.21.200的地址,访问,仍然可以得到如下页面
http://dddbk.blog.运维网.com/attachment/201409/20/6837943_1411202756rjPl.png
3.双主模型Keepalived实现LVS高可用
http://s3.运维网.com/wyfs02/M02/49/DF/wKiom1QdP8qz7qUiAAGEsw1pke8659.jpg
配置文件:
#lab1的配置
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 172.16.21.101
smtp_connect_timeout 30
router_id LVS_2121
}
vrrp_script chk_schedown{
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
interval 2
weight -2
}
vrrp_instance VI_1 {
state MASTER #另一台为SLAVE
interface eth0
virtual_router_id 121
priority 100 #另一台为99
garp_master_delay 1
authentication {
auth_type PASS
auth_pass lvsablvs
}
track_script {
chk_schedown
}
virtual_ipaddress {
172.16.21.200/16
}
}
vrrp_instance VI_2 {
state SLAVE #另一台为MASTER
interface eth0
virtual_router_id 122
priority 99 #另一台为100
garp_master_delay 1
authentication {
auth_type PASS
auth_pass lvslvsv2
}
track_script {
chk_schedown
}
virtual_ipaddress {
172.16.21.201/16
}
}
virtual_server 172.16.21.200 80 { #定义虚拟主机
delay_loop 6
lb_algo wrr
lb_kind DR
nat_mask 255.255.0.0
# persistence_timeout 50 #定义持续连接时间,此处测试,故被注释掉
protocol TCP
sorry_server 127.0.0.1 80
real_server 172.16.21.103 80 { #定义RealServer
weight 10 #定义权重
HTTP_GET { #定义健康检测机制
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.16.21.104 80 {
weight 5
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 172.16.21.201 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
nat_mask 255.255.0.0
# persistence_timeout 50
protocol TCP
sorry_server 127.0.0.1 80
real_server 172.16.21.103 80 {
weight 10
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.16.21.104 80 {
weight 5
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
在lab3和lab4上,需要进行如下设置
#阻止VIP的arp请求
# echo 1 >/proc/sys/net/ipv4/conf/all/arp_ignore
# echo 1 >/proc/sys/net/ipv4/conf/lo/arp_ignore
# echo 2 >/proc/sys/net/ipv4/conf/all/arp_announce
# echo 2 >/proc/sys/net/ipv4/conf/lo/arp_announce
#给lo口设置VIP
# ip addr add 172.16.21.201/32 broadcast 172.16.21.200 dev lo
# ip addr add 172.16.21.201/32 broadcast 172.16.21.201 dev lo 其次我们还需要为各RealServer提供网页服务器和网页文件,此时我们的一个双主模型,高可用的LVS服务器便搭建成功了
页:
[1]