keepalive构建高可用LVS集群
一、什么是keepalived?利用虚拟路由冗余协议(vrrp)技术,实现lvs的高可用,也可以对nginx和haproxy等轻量级带有负载均衡的软件进行高可用。因为keepalived非常轻量级,速度非常快,配置简单,所以受到众多企业运维人员青睐。
参考资料:http://outofmemory.cn/wiki/keepalived-configuration
二、虚拟路由备份协议
VRRP(Virtual Router Redundancy Protocol,虚拟路由冗余协议)是一种容错协议,这个协议内的所有路由分为主备,平时数据都是由主节点的IP接口接收转发,一旦主节点故障,就自动启动备用节点,夺取主节点的IP,接管主节点的所有转发工作。
三、案例:KeepAlived 实现高可用 LVS
1、环境准备
[*]准备两个http节点:172.16.113.13 172.16.113.14 vip:172.16.13.1
[*]准备两个lvs节点:172.16.13.13 172.16.13.14 vip:172.16.13.1
[*]测试两个lvs节点可不可以对后面两个http节点进行负载均衡
[*]配置keepalived:172.16.13.13 172.16.13.14 vip:172.16.13.1
[*]测试keepalived对lvs的高可用性
2、网络拓扑图
3、两个http节点上的配置
1)安装并开启http服务,确保80端口开启可用;
2)配置lvs-RS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
# vim chk-lvs.sh //写个脚本配置方便多了,只要执行以下就可以了
#!/bin/bash
vip=172.16.13.1
interface="lo:0"
case $1 in
start)
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig $interface $vip broadcast $vip netmask 255.255.255.255 up
route add -host $vip dev $interface
;;
stop)
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig $interface down
;;
status)
if ifconfig lo:0 |grep $vip &> /dev/null; then
echo "ipvs is running."
else
echo "ipvs is stopped."
fi
;;
*)
echo "Usage: `basename $0` {start|stop|status}"
exit 1
esac
# service httpd start
# bash chk-lvs start
3)浏览器分别输入172.16.113.13和172.16.113.14测试http服务是否可用
4、准备两个LVS节点并测试可用
1) 安装ipvsadm
2)配置ipvs规则
3) 测试lvs负载均衡是不是可用
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# yum install ipvsadm -y
# vim ipvs.sh
#!/bin/bash
vip=172.16.13.1
rip=('172.16.113.13' '172.16.113.14')
weight=('1' '2')
port=80
scheduler=rr
ipvstype='-g'
case $1 in
start)
iptables -F -t filter
ipvsadm -C
ifconfig eth0:0 $vip broadcast $vip netmask 255.255.255.255 up
route add -host $vip dev eth0:0
echo 1 > /proc/sys/net/ipv4/ip_forward
ipvsadm -A -t $vip:$port -s $scheduler
[ $? -eq 0 ] && echo "ipvs service $vip:$port added."|| exit 2
for i in `seq 0 $[${#rip[@]}-1]`; do
ipvsadm -a -t $vip:$port -r ${rip[$i]} $ipvstype -w ${weight[$i]}
[ $? -eq 0 ] && echo "RS ${rip[$i]} added."
done
touch /var/lock/subsys/ipvs
;;
stop)
echo 0 > /proc/sys/net/ipv4/ip_forward
ipvsadm -C
ifconfig eth0:0 down
rm -f /var/lock/subsys/ipvs
echo "ipvs stopped."
;;
status)
if [ -f /var/lock/subsys/ipvs ]; then
echo "ipvs is running."
ipvsadm -L -n
else
echo "ipvs is stopped."
fi
;;
*)
echo "Usage: `basename $0` {start|stop|status}"
exit 3
;;
esac
# bash ipvs.sh start
# ipvsadm -Ln
4)浏览器输入172.16.13.1测试DR模型能不能负载
5、安装配置keepalived
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
# yum install keepalived -y
# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
admin@126.com //目标邮箱,可以有多个
}
notification_email_from root@node3.wuhf.com //发件人邮箱
smtp_server 127.0.0.1 //邮件服务器地址
smtp_connect_timeout 30 //邮件服务器连接超时时长
router_id LVS_DEVEL //运行Keepalived服务器的一个标识。发邮件时显示在邮件标题中的信息
}
vrrp_script chk_mt_down { //定义一个函数,检测外部因素决定权重的增加或删除
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0" //如果检测到down文件,就自动减5个数值的权重
interval 1 //一秒检测一次
weight -5
}
vrrp_instance VI_1 { //定义一个vrrp实例
state BACKUP //装态有两个MASTER/BACKUP
interface eth0 //指定网卡
virtual_router_id 52 //虚拟路由标识,这个标识是一个数字,并且同一个vrrp实例使用唯一的标识,即同一个vrrp_instance下,MASTER和BACKUP必须是一致的,范围0-255
priority 95 //定义优先级,数字越大,优先级越高,在一个vrrp_instance下,MASTER的优先级必须大于BACKUP的优先级。
advert_int 1 //设定MASTER与BACKUP负载均衡器之间同步检查的时间间隔,单位是秒
authentication { //设定认证机制
auth_type PASS //设置验证类型,主要有PASS和AH两种
auth_pass 21111 //主备密码必须相同
}
virtual_ipaddress { //虚拟ip可以定义多个;格式:ip/16 dev eth2 label eth2:1
172.16.13.1
}
track_script { //在这里定义一个函数,追踪上面定义的chk_mt_down函数
chk_mt_down
}
notify_master "/etc/keepalived/notify.sh master" //下面三行定义消息通知机制的,需要在/etc/keepalived/目录下创建执行脚本notify.sh,脚本内容下面给出
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
virtual_server 172.16.13.1 80 { //定义ipvs规则
delay_loop 6 //健康状态检查间隔
lb_algo rr //lvs的调度算法
lb_kind DR //lvs的工作模式有DR/NAT/TUN
nat_mask 255.255.255.255 //掩码netmask 255.255.255.255
# persistence_timeout 10 //这里是定义会话保持的,单位是秒,因为要测试高可用,所以注释掉了
protocol TCP //转发协议的类型有tcp/udp两种
real_server 172.16.113.13 80 { //定义后端http服务器的
weight 1 //权重
TCP_CHECK { //定义健康状态检测方式
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.16.113.14 80 {
weight 1
TCP_CHECK { //定义TCP_CHECK方式
connect_timeout 3 //定义连接超时
nb_get_retry 3 //定义重试次数
delay_before_retry 3 //定义重试间隔
}
}
}
# vim /etc/keepalived/notify.sh //邮件通知机制的运行脚本
vip=172.16.13.1
contact='kaadmin@localhost' //必须有kaadmin这个用户存在才可以收到邮件;su - kaadmin 后使用mail查看邮件
notify() {
mailsubject="`hostname` to be $1: $vip floating"
mailbody="`date '+%F %H:%M:%S'`: vrrp transition, `hostname` changed to be $1"
echo $mailbody | mail -s "$mailsubject" $contact
}
case "$1" in
master)
notify master
exit 0
;;
backup)
notify backup
exit 0
;;
fault)
notify fault
exit 0
;;
*)
echo 'Usage: `basename $0` {master|backup|fault}'
exit 1
;;
esac
# chmod +x/etc/keepalived/notify.sh //添加执行权限
# service keepalived start //启动keepalived
6、测试高可用的LVS
1)浏览器输入172.16.13.1查看负载均衡是否可用
2)将后端http服务器下线,测试健康状态检测是否可用
1
2
# service httpd stop
# ipvsadm -Ln //查看规则显示113.13节点已经下线
3)创建down文件,测试keepalived是不是可以自动转变"主备"
1
2
# touch /etc/keepalived/down
# tail -f /var/log/messages //日志显示节点转变为backup节点
1
2
# rm-f /etc/keepalived/down
# tail /var/log/messages //日志显示当前节点转变为master节点
4)将主节点keepalived关闭,查看备节点能不能转变为主节点
1
2
# service keepalived stop
# tail -6 /var/log/messages
5)最后检查邮件通知能不能正常接收查看
1
2
# su - kaadmin
# mail //我已经收到了6封邮件了
页:
[1]