|
首先,我们先说一个概念:VRRP
VRRP:Virtual Routing Redundent Protocol,称为虚拟路由冗余协议。这个协议本身主要是实现地址漂移的,即当主路由损坏的话,可通过VRRP协议将IP地址转至备份路由上,不至于网络工作的损失。
然后说我们的重点:keepalived
Keepalived是一个专门为lvs提供高可用功能的机制,它可以实现当有两个主从lvs,而且主lvs损坏的时候,将其IP地址以及lvs转移至备份lvs上。IP地址转移就应用了我们前面说的VRRP协议,lvs转移可定义其配置文件,动态生成ipvs规则,还能实现健康状况检查。
接下来就说keepalived的基本配置
一、准备环境
1、实例目的:
安装keepalived,实现其lvs及web高可用的功能。
2、准备三台主机,这里以RHEL5的虚拟机实现。
3、下载软件包,可以编译安装,也可以直接用rpm包安装。我这里直接下载rpm包安装。
(下载地址:http://www.keepalived.org)
二、规划
Keepalived主机的IP:
HA1:172.16.13.3
HA2:172.16.13.4
Lvs基于DR模型的IP:
DR1:172.16.14.3
DR2:172.16.14.4
DR的VIP配置在lo0:0接口上:172.16.14.1
三、实现过程
【两个节点的准备工作】
1、配置节点的IP,并能互相通信
# setup
# ping 172.16.13.4
[# ping 172.16.13.3]2、改两个节点的主机名与uname -n相同
# hostname node1
# uname -n
# vim /etc/sysconfig/network 使其永久生效3、ssh互信通信
# ssh-keygen -t rsa -f ~/.ssh/id_rsa -P ''
# ssh-copy-id -i .ssh/id_rsa.pub root@172.16.13.4
# ssh 172.16.13.4 'ifconfig' 测试是否成功
4、配置主机名解析
# vim /etc/hosts
172.16.13.3 node1 node1
172.16.13.4 node2 node2
[ # scp /etc/hosts node2:/etc/hosts ]5、基于主机名能够通信
# ping node26、时间同步
# service ntpd stop
# chkconfig ntpd off
# ntpdate 172.16.0.1
# date
(第二个节点与第一个节点的配置一样,只需将IP地址改一下即可)
【安装配置keepalived: node1与node2的操作基本相同】
node1:172.16.13.3
# yum -y --nogpgcheck localinstall keepalived-1.2.7-5.el5.i386.rpm
安装软件包
# vim /etc/keepalived/keepalived.conf 修改配置文件
global_defs {
notification_email {
root@localhost # 邮件地址
}
notification_email_from root@localhost # 发件人
smtp_server 127.0.0.1 # 邮件服务器地址
smtp_connect_timeout 30 # 连接超时间
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER # 定义初始状态,这里是主节点
interface eth0 # 虚拟路由工作的物理接口
virtual_router_id 51 # 组ID
priority 101 # 主节点的优先级
advert_int 1 # 发送通高的时间间隔
authentication {
auth_type PASS # 密码认证
auth_pass password
}
virtual_ipaddress {
172.16.14.1/16 dev eth0 label eth0:0 # 在别名上配置虚拟地址
}
}
virtual_server 172.16.14.1 80 { # vip地址以及对应的端口
delay_loop 6
lb_algo wlc # 调度算法
lb_kind DR # lvs类型
nat_mask 255.255.0.0 # 网络掩码
protocol TCP # tcp协议
real_server 172.16.14.3 80 { #realser的地址
weight 1 # 权重
HTTP_GET { #为http服务进行健康状态检查
url { # 监测http服务的url
path /
status_code 200 # 正确的状态码
}
connect_timeout 2 # 连接的超时时长
nb_get_retry 3 # 重试次数
delay_before_retry 1 # 延迟时间
}
}
real_server 172.16.14.4 80 {
weight 1
HTTP_GET{
url {
path /
status_code 200
}
connect_timeout 2
nb_get_retry 3
delay_before_retry 1
}
}
}
如果要使用TCP_CHECK检测各realserver的健康状态,那么,上面关于realserver部分的定义也可以替换为如下内容:
virtual_server 172.16.100.1 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 300
protocol TCP
sorry_server 127.0.0.1 80
real_server 172.16.100.11 80 {
weight 1
TCP_CHECK {
tcp_port 80
connect_timeout 3
}
}
real_server 172.16.100.12 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
}
}
}说明:其中的sorry_server是用于定义所有realserver均出现故障时所用的服务器。
[将node1的配置文件复制到node2上]
node2:172.16.13.4
修改其vrrp状态为备份节点BACKUP,以及优先级要低于主节点。
# vim /etc/keepalived/keepalived.conf
【分别将两个节点的keepalived启动】
在主节点上执行ifconfig,可得到我们定义的虚拟网卡地址:
安装ipvsadm,并查看自动生成的规则
# yum -y install ipvsadm
在客户端上打开浏览器访问测试:http://172.16.14.1
下面将配置基于web服务实现keepalived的高可用。
(可在上面的基础上配置,这里是实现HA主机上的web高可用)
【先将keepalived服务停止,分别在HA1和HA2上安装web服务】
# yum install -y httpd
# service httpd start
【提供网页文件,并打开网页测试是否能访问成功】
# vim /var/www/html/index.html
node1
[ node2 ]
【修改配置文件】
! Configuration File for keepalived
global_defs {
notification_email {
linuxedu@foxmail.com
mageedu@126.com
}
notification_email_from kanotify@magedu.com
smtp_connect_timeout 3
smtp_server 127.0.0.1
router_id LVS_DEVEL
}
vrrp_script chk_httpd {
script "killall -0 httpd"
interval 2
# check every 2 seconds
weight -2
# if failed, decrease 2 of the priority
fall 2
# require 2 failures for failures
rise 1
# require 1 sucesses for ok
}
vrrp_script chk_schedown {
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
interval 2
weight -2
}
vrrp_instance VI_1 {
interface eth0
# interface for inside_network, bound by vrrp
state MASTER
# Initial state, MASTER|BACKUP
# As soon as the other machine(s) come up,
# an election will be held and the machine
# with the highest "priority" will become MASTER.
# So the entry here doesn't matter a whole lot.
priority 101
# for electing MASTER, highest priority wins.
# to be MASTER, make 50 more than other machines.
virtual_router_id 51
# arbitary unique number 0..255
# used to differentiate multiple instances of vrrpd
# running on the same NIC (and hence same socket).
garp_master_delay 1
authentication {
auth_type PASS
auth_pass password
}
track_interface {
eth0
}
# optional, monitor these as well.
# go to FAULT state if any of these go down.
virtual_ipaddress {
172.16.14.1/16 dev eth0 label eth0:0
}
#addresses add|del on change to MASTER, to BACKUP.
#With the same entries on other machines,
#the opposite transition will be occuring.
#/ brd dev scope label
track_script {
chk_httpd
chk_schedown
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}在/etc/keepalived/创建一个脚本文件,notify.sh,内容如下:
#!/bin/bash
# Author: MageEdu
# description: An example of notify script
#
vip=172.16.100.1
contact='root@localhost'
Notify() {
mailsubject="`hostname` to be $1: $vip floating"
mailbody="`date '+%F %H:%M:%S'`: vrrp transition, `hostname` changed to be $1"
echo $mailbody | mail -s "$mailsubject" $contact
}
case "$1" in
master)
notify master
/etc/rc.d/init.d/haproxy start
exit 0
;;
backup)
notify backup
/etc/rc.d/init.d/haproxy restart
exit 0
;;
fault)
notify fault
exit 0
;;
*)
echo 'Usage: `basename $0` {master|backup|fault}'
exit 1
;;
esac
【在node2上修改从node1复制的主配置文件】
【在双节点上启动keepalived服务,并查看主节点的网卡信息】
# service keepalived start
# ifconfig
在客户端访问http://172.16.14.1
这时的http服务在node1上。
【我们模拟主节点node1故障】
浏览器访问测试
双主模型的web服务高可用
【在两个节点的主配置文件中添加下面一段代码即可】
vrrp_instance VI_2 {
interface eth0
state BACKUP # VI_1为主,这个就配置为从。(在node2上相反)
priority 101 # 100 for BACKUP
virtual_router_id 52 # 组ID不能与VI_1的组ID相同
garp_master_delay 1
authentication {
auth_type PASS
auth_pass password
}
track_interface {
eth0
}
virtual_ipaddress {
172.16.14.2/16 dev eth0 label eth0:1
}
track_script {
chk_httpd
chk_schedown
}
notify_master "/etc/keepalived/notify.sh master eth0:1"
notify_backup "/etc/keepalived/notify.sh backup eth0:1"
notify_fault "/etc/keepalived/notify.sh fault eth0:1"
}
‍‍
‍‍
【两个节点分别重启keepalived服务,并查看网卡地址】
# service keepalived restart
# ifconfig
【模拟node2故障】
浏览器访问测试:
附:DR的配置
两个RS主机:
时间同步:
# service ntpd stop
# chkconfig ntpd off
# ntpdate 172.16.0.1
# date
这里有一个写好的脚本,在两台RS上分别执行一下即可。(也可以手动配置,手动配置过程脚本中都有显示。这里为了方便直接运行脚本)
#!/bin/bash
#
# Script to start LVS DR real server.
# chkconfig: - 90 10
# description: LVS DR real server
#
. /etc/rc.d/init.d/functions
VIP=172.16.100.1
host=`/bin/hostname`
case "$1" in
start)
# Start LVS-DR real server on this machine.
/sbin/ifconfig lo down
/sbin/ifconfig lo up
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
/sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add -host $VIP dev lo:0
;;
stop)
# Stop LVS-DR real server loopback device(s).
/sbin/ifconfig lo:0 down
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
;;
status)
# Status of LVS-DR real server.
islothere=`/sbin/ifconfig lo:0 | grep $VIP`
isrothere=`netstat -rn | grep "lo:0" | grep $VIP`
if [ ! "$islothere" -o ! "isrothere" ];then
# Either the route or the lo:0 device
# not found.
echo "LVS-DR real server Stopped."
else
echo "LVS-DR real server Running."
fi
;;
*)
# Invalid entry.
echo "$0: Usage: $0 {start|status|stop}"
exit 1
;;
Esac
| 
QQ群⑧:
YunVN网友
发表于 2018-12-28 13:38:54
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
悔悟卡
匿名卡
显身卡