负载均衡lvs+keepalived高可用的集群实用案例
负载均衡lvs+keepalived高可用的集群实用案例1: keepalived 服务介绍
keepalived起初是专门为LVS设计的,专门用来监控集群系统 中各个服务节点的状态,后来又加入了VRRP(virtual 虚拟 router 路由器 redundancy 冗余protocol 协议 )功能,VRRP出现的目的是为了解决静态路由出现的单点故障问题,它能保证网络不间断 稳定的运行,所以keepalived 一方面具有LVS cluster nodes healthchecks 的功能,另一方面具有lvs 的directors failover的功 能,
2:keppalived 服务的两大用途:healthchecks (健康检查)& failover(失败接管)。
2.1:LVS directors failover功能
ha failover功能:实现LB Master主机和backup主机之间故障 转移和自动切换。针对于两个负载均衡器Directors 同时工作而采取的故障转移措施,当主负载均衡器(master)出现故障的情况 下,备份负载均衡器(backup)将自动接管主负载均衡服务器的 所有工作(vip资源以及相应服务);相反一但主负载均衡器 (directors)恢复正常了,master又会自动接管回所有工作
2.2:LVS cluster nodes healthchecks 功能
rs healthcheck功能:负载均衡定期检查RS的可用性决定是否 给其分发请求。当虚拟服务器中某一个甚至是几个真实服务器同 时发生故障无法提供服务时,负载均衡服务器会自动将其失效的 RS节点从待转发队列中清除出去,从而保证用户的访问不受 影响当故障的RS服务器被修复以后,系统又会自动地把它们加入 转发队列中的,根据调度算法分发给它们请求,给用户提供服 务.
2.3: keepalived 故障切换转移原理
keepalived directors 之间的故障切换转移,是通过VRRP协议(virtual router redundancy protocol)来实现的。在keepalived directors正常工作时,主directos节点会不断的向备节点广播心跳信息用已告诉备节点自己还活着,当主节点发生故障时,备directors 检测不到主directors的心跳广播,进而调用自身接管程序,接管主节点的ip资源以及服务。而当主节点恢复正常时,备节点会释放主节点故障时自己接管的ip资源以及服务。恢复到原来自身备用角色。
2.4 VRRP协议简单介绍:
虚拟路由器冗余协议(virtual router redundancy protocol)VRRP出现是为了解决静态路由的单节点故障,VRRP是通过一种竞选协议机制来将路由任务交给某台VRRP路由器,在VRRP虚拟路由器中,有多台物理的VRRP路由器,但是这多台物理的路由器并不同时工作,而是由一台称之为MASTER的负责路由工作,其他都是BACKUP,同时MASTER并非一成不变,VRRP协议让每个VRRP路由器参与竞选,最终获胜的就是MASTER,MASTER有一些特权,比如拥有虚拟路由器的IP地址,我们的主机就是用这个ip地址作为静态路由的,拥有特权的MASTER要负责转发发送送给网管地址的包和相应ARRP请求。
VRRP通过竞选协议来实现虚拟路由器的功能,所有的协议报文都是通过ip多播(multicase)包(多播地址224.0.0.18)形式发送的,虚拟路由器由VRID(0-255)和一组ip组成,对外表现一个周知的MAC地址:00-00-5E-00-01-{VRID} .所以在一个虚拟路由器中不管谁是MASTER,对外都是相同的MAC和IP(称之为VIP)。客户主机并不需要因为MASTER的改变修改自己的路由配置,对他们来说这种主从彻底是透明的。
在一个虚拟路由器中,只有作为MASTER的VRRP路由器会一直发送VRRP广告包(ARRP Advertisenment message)BACKUP不会强占MASTER除非它的优先级(priority)更高,当MASTER不可用时BACKUP,收不到广告包,多台BACKUP中优先级最高的这台会被强占为MASTER,这种枪占是非常快速的(1s),以保证服务的连续性。
处于安全角度考虑,VRRP包使用加密协议进行加密的。
此文件里面没有的额外配置还有
lvs_sync_daemon_interface 负载均衡器之间的监控借口,类似HA heartbeat 的心跳线
生产实用实例演示:负载均衡服务器端配置keepalived+lvs,readserver配置httpd。
1 主机列表及ip规划
http://i2.运维网.com/images/blog/201712/24/d4bca57bed919366b4292ac45992219b.png
2 在LVS1和LVS2上安装lvs(ipvsadm)
查看机器环境
lsmod | grep ip_vs
cat /etc/redhat-release
做link
ln -s /usr/src/kernels/2.6.32-696.16.1.el6.x86_64 /usr/src/linux
ll /usr/src/linux/
下载ipvsadm
mkdir /home/chenyantao/tools/
wget http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.24.tar.gz
ls
然后解压安装ipvsadm
tar -zxvf ipvsadm-1.24.tar.gz
cd keepalived-1.1.17
make
make install
echo $?
安装完毕
lsmod | grep ip_vs 查看模块是否加载
modprobe ip_vs手动加载模块
lsmod | grep ip_vs 查看确保
# lsmod | grep ip_vs
ip_vs 1156430
libcrc32c 12461 ip_vs
ipv6 321422265 ip_vs
3 在LVS1和LVS2上部署keepalived
3.1配置keepalived实现服务高可用功能
keepalived的官方站点是http://www.keepalived.org 官方文档:http://www.keepalived.org/documentation.html 通过官方地址我们可以获取keepalived软件包。
mkdir /home/chenyantao/tools
cd /home/chenyantao/tools/
wget http://www.keepalived.org/software/keepalived-1.1.17.tar.gz
http://i2.运维网.com/images/blog/201712/24/da217fc48d4bbe4a1571111174a5d186.png
tar zxf keepalived-1.1.17.tar.gz
cd keepalived-1.1.17
ls
http://i2.运维网.com/images/blog/201712/24/c73e5d892733ff02ef448906cf44b861.png
./configure#仔细查看有没有报错,可以执行echo$?确定,如果结果是非0 基本都是缺少包导致 执行yum install package-level -y
# ./configure
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for a BSD-compatible install... /usr/bin/install -c
checking for strip... strip
checking how to run the C preprocessor... gcc -E
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for ANSI C header files... yes
checking for sys/wait.h that is POSIX.1 compatible... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking fcntl.h usability... yes
checking fcntl.h presence... yes
checking for fcntl.h... yes
checking syslog.h usability... yes
checking syslog.h presence... yes
checking for syslog.h... yes
checking for unistd.h... (cached) yes
checking sys/ioctl.h usability... yes
checking sys/ioctl.h presence... yes
checking for sys/ioctl.h... yes
checking sys/time.h usability... yes
checking sys/time.h presence... yes
checking for sys/time.h... yes
checking openssl/ssl.h usability... yes
checking openssl/ssl.h presence... yes
checking for openssl/ssl.h... yes
checking openssl/md5.h usability... yes
checking openssl/md5.h presence... yes
checking for openssl/md5.h... yes
checking openssl/err.h usability... yes
checking openssl/err.h presence... yes
checking for openssl/err.h... yes
checking for MD5_Init in -lcrypto... yes
checking for SSL_CTX_new in -lssl... yes
checking for poptGetContext in -lpopt... yes
checking for kernel version... 2.6.32-696
checking for /usr/src/linux/net/core/link_watch.c... no
checking net/ip_vs.h usability... yes
checking net/ip_vs.h presence... yes
checking for net/ip_vs.h... yes
checking for IPVS syncd support... yes
checking for an ANSI C-conforming const... yes
checking for pid_t... yes
checking whether time.h and sys/time.h may both be included... yes
checking whether gcc needs -traditional... no
checking for working memcmp... yes
checking return type of signal handlers... void
checking for gettimeofday... yes
checking for select... yes
checking for socket... yes
checking for strerror... yes
checking for strtol... yes
checking for uname... yes
configure: creating ./config.status
config.status: creating Makefile
config.status: creating genhash/Makefile
config.status: WARNING:genhash/Makefile.in seems to ignore the --datarootdir setting
config.status: creating keepalived/core/Makefile
config.status: creating keepalived/include/config.h
config.status: creating keepalived.spec
config.status: creating keepalived/Makefile
config.status: WARNING:keepalived/Makefile.in seems to ignore the --datarootdir setting
config.status: creating lib/Makefile
config.status: creating keepalived/vrrp/Makefile
config.status: creating keepalived/check/Makefile
config.status: creating keepalived/libipvs-2.6/Makefile
Keepalived configuration
Keepalived version : 1.1.17
Compiler : gcc
Compiler flags : -g -O2
Extra Lib : -lpopt -lssl -lcrypto
Use IPVS Framework : Yes #IPVS框架
IPVS sync daemon support : Yes # IPVS进程支持
Use VRRP Framework : Yes # VRRP的框架
Use LinkWatch : No
Use Debug flags : No
make
make install
echo $? 结果为0说明安装成功。
3.2执行安装完毕以后的其他配置工作
/bin/cp /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/ 生成启动脚本命令
/bin/cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/ 配置启动脚本的参数
mkdir /etc/keepalived 创建keepalived的默认配置文件的目录
/bin/cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/ 拷贝keepalived 的默认配置文件模板拷贝到你创建的路径。
/bin/cp /usr/local/sbin/keepalived /usr/sbin/将Keepalived命令拷贝到/usr/sbin 下面。
/etc/init.d/keepalived start
ps -ef | grep keepalived #检查一下是否启动成功。
root 1371 10 04:02 ? 00:00:00 keepalived -D
root 1374 13710 04:02 ? 00:00:01 keepalived -D
root 1419 13710 04:07 ? 00:00:00 keepalived -D
root 1422 12800 04:07 pts/0 00:00:00 grep keepalived
检查成功后,停止keepalived服务,因为此时加载的事默认配置文件,结下来我们要按要求配置配置文件。
首先我们要看一下keepalived的默认配置文件模板
# cd /et c/
# cat keepalived/keepalived.conf 此配置文件为模板
! Configuration File for keepalived !号开头的是注释信息 #号开头的 也是注释
global_defs { 全局配置
notification_email { 定义通知通报邮件
acassen@firewall.loc要通知的管理员名单failover@firewall.loc
页:
[1]