基于Keepalive实现LVS高可用集群
一、keepalived的基本介绍1、keepalivd的核心功能就是在linux系统上通过vrrp协议实现LVS的高可用。
2、vrrp协议(虚拟冗余路由协议)可以将多个网关虚拟成一个网关,同时一组IP虚拟成VIP,及其MAC地址可以同时虚拟化。
3、keepalived通过vrrp协议能够很好实现故障转移,避免单点故障发生,主节点服务故障时,备节点能够取代主节点继续提供服务。当故障节点恢复正常后,能自动将此节点加入到服务中。
4、vrrp协议状态机制
http://blog.运维网.com/attachment/201309/170412799.jpg
5、keepalived服务的安装,基于Centos6.4的实验环境,直接使用1.2.7版本的rpm包安装keepalived。
6、keepalived的主配置文件 /etc/keepalived/keepalived.conf
keepalived的服务脚本 /etc/rc.d/init.d/keepalived
二、keepalived的配置文件
1、全局配置段
GLOBAL CONFIGURATION
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
} 定义邮件收发,静态路由
2、keepalived的vrpp实例配置段
VRRPD CONFIGURATION
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.200.16
192.168.200.17
192.168.200.18
}
} 虚拟路由的配置实例为核心配置段
3、keepalived的LVS虚拟服务器配置段
LVS CONFIGURATION
virtual_server 192.168.200.100 443 {
delay_loop 6
lb_algo rr
lb_kind NAT
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 192.168.201.100 443 {
weight 1
SSL_GET {
url {
path /
digest ff20ad2481f97b1754ef3e12ecd3a9cc
}
url {
path /mrtg/
digest 9b3a0c85a887a256d6939da88aabd8cd
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
} 三、keepalived实现LVS的高可用的准备环境
1、准备三个节点 ms/node1/node2。
2、在节点ms安装ansible服务,实现节点node1/node2的互信。
# yum -y install ansible
# ssh-keygen -t rsa -P ''
# ssh-copy-id -i .ssh/id.rsa.pub root@node1.xiaozheng.com
# ssh-copy-id -i .ssh/id.rsa.pub root@node2.xiaozheng.com 3、在节点node1/node2上安装keepalived服务。
# ansible all -m shell -a "yum -y install keepalived" 4、去节点node1/node2查看keepalived的配置。
# cd /etc/keepalived
# vim keepalived.conf
# cd /etc/keepalived
# vim keepalived.conf 5、另启动node1/node2的终端开启日志通知,随时检测。
# tail -f /var/log/message
# tail -f /var/log/message 四、keepalived如何实现在状态转换时的通知
1、通知位置
vrrp_sync_group {
}
最常用的位置
vrrp_instance {
}
1)先定义一下全局配置段
global_defs {
notification_email {
root@localhost
}
notification_email_from msadmin@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL 2)定义相关控制机制
vrrp_script chk_main {
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
interval 1
weight -2
} 3)接着定义vrrp实例段
节点node1的vrrp实例段配置
# vim keepalived.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 63
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.200.100
}
track_script {
chk_main
} 节点node2vrrp实例段配置
# vim keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 63
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.200.100
}
track_script {
chk_main
} 2、通知方式
notify_master 主节点通知
notify_backup 备节点通知
notify_fault 故障点通知
4)在实例中可以定义使用notify.sh脚本控制通知方式
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault" * notify.sh实例脚本
#!/bin/bash
# Author: MageEdu
# description: An example of notify script
vip=172.16.200.100
contact='root@localhost'
notify() {
mailsubject="`hostname` to be $1: $vip floating"
mailbody="`date '+%F %H:%M:%S'`: vrrp transition, `hostname` changed to be $1"
echo $mailbody | mail -s "$mailsubject" $contact
}
case "$1" in
master)
notify master
exit 0
;;
backup)
notify backup
exit 0
;;
fault)
notify fault
exit 0
;;
*)
echo 'Usage: `basename $0` {master|backup|fault}'
exit 1
;;
esac 5)在节点ms上重启node1/node2节点的keepalived服务并查看virtual_ipaddress所在节点
# ansible all -a "service keepalived restart"
# ansible alol -m shell -a "ip addr show | grep eth0" 6)在主节点node1上编译down文件,实现单点故障使virtual_ipaddress从主节点node1转移到node2上去,并在节点ms查看节点之间VIP转移状况
# touch down
# ansible all -m shell -a "ip addr show | grep eth0" 7) 恢复主节点node2,再次查看VIP的转移状况
# rm -rf down
# ansible all -m shell -a "ip addr show | grep eth0" 五、如何配置ipvs
核心配置段为 virtual server 定义虚拟主机
1、virtual_server IP port定义虚拟主机IP地址及其端口
2、virtual_server fwmark intipvs的防火墙打标,实现基于防火墙的LVS
3、virtual_server group string
4、lb_algo {rr|wrr|lc|wlc|lblc|lblcr}定义LVS的调度算法
5、lb_kind {NAT|DR|TUN}定义LVS的模型
6、presitence_timeout 定义支持持久连接的时长
7、protocolipvs规则所能支持的协议
1)在vrrp_server段配置ipvs的实例
主节点node1 vrrp_server中的ipvs配置
# vim keepalived.conf
virtual_server 172.16.200.100 80 {
delay_loop 6
lb_algo rr
lb_kind DR
nat_mask 255.255.0.0
persistence_timeout 0
protocol TCP
real_server 172.16.200.8 80{
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
} 备节点node2 vrrp_server中的ipvs配置
# vim keepalived.conf
virtual_server 172.16.200.100 80 {
delay_loop 6
lb_algo rr
lb_kind DR
nat_mask 255.255.0.0
persistence_timeout 0
protocol TCP
real_server 172.16.200.9 80{
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
} 2)在节点ms上为node1/node2节点安装ipvsadm服务,并启动主备节点的httpd服务
# ansible all -m shell -a "yum -y install ipvsadm"
# ansible all -a "service httpd start" 3) 去节点node1/node2上查看相关的ipvs规则
# ipvsadm -L -n
# ipvsadm -L -n 六、对特定的服务做高可用
1、监控服务
vrrp_script {
}
2、在vrrp实例中追踪服务
track_script {
}
七、实现基于多虚拟路由的双master模型
要实现基于多虚拟路由的master/master模型,则需要定义多个 vrrp_intance段的配置。
1、配置节点node1上的vrrp_intance段,定义两个
# vim keepalived.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 63
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.200.100
}
track_script {
chk_main
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 65
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 21112
}
virtual_ipaddress {
172.16.200.200
}
track_srcipt {
chk_main
} 2、配置node2节点上vrrp_intance段,定义两个
# vim keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 63
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.200.100
}
track_script {
chk_main
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 65
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 21112
}
virtual_ipaddress {
172.16.200.200
}
track_srcipt {
chk_main
} 3、使主节点node1的keepalived的服务停掉,在节点ms查看主备节点之间的VIP的转,同理使备节点node2的keepalived的服务停掉并使node1的keepalived的服务启动,于节点ms上查看主备节点之间VIP的转移。
# servive keepalived stop
# ansible all -m shell -a "ip addr show | grep eth0"
# servive keepalived stop
# servive keepalived start
# ansible all -m shell -a "ip addr show | grep eth0"
页:
[1]