Keepalived简介
keepalived可以实现服务的高可用或热备,用来防止单点故障问题;而Keepalived核心VRRP协议,VRRP协议主要实现了在路由器或三层交换机处的冗余;Keepalived就是使用VRRP协议来实现高可用的;
下面一起来看一下Keepalived的原理图:
Keepalived启动后会有三个进程:
父进程:内存管理,子进程管理
子进程:VRRP子进程
子进程:healthchecker子进程
由上图可知:两个子进程都被系统WatchDog看管,两个子进程各自复杂自己的事,healthchecker子进程复杂检查各自服务器的健康程度,例如HTTP,LVS等,如果healthchecker子进程检查到MASTER上服务不可用了,就会通知本机上的VRRP子进程,让他删除通告,并且去掉虚拟IP,转换为BACKUP状态。
环境介绍:
系统版本:CentOS 6.4_x86_64
LVS_DR模式:WEB1与WEB2服务器的网关不能设置为LVS调度器
一、安装配置LVS+Keepalived
1、在Master与Backup服务器上分别安装Ipvsadm、Keepalived软件包、这里使用的是rpm包安装方式
1
2
3
| [root@master ~]# yum -y install ipvsadm keepalived
[root@backup ~]# yum -y install ipvsadm keepalived
注释:这里安装Ipvsadm工具主要是为了查看lvs规则使用,不安装ipvsadm工具也能成功配置规则,但不方式查看
|
2、修改Master的主配置文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
| [root@master ~]# vim /etc/keepalived/keepalived.conf
! Configuration File forkeepalived
global_defs {
notification_email { #设置报警通知邮件地址,可以设置多个
root@localhost
}
notification_email_from admin@allen.com #设置邮件的发送地址
smtp_server 127.0.0.1 #设置smtp server的地址,该地址必须是存在的
smtp_connect_timeout 30 #设置连接smtp server的超时时间
router_id LVS_ALLEN #运行Keepalived服务器的标识,发邮件时显示在邮件标题中的信息
}
vrrp_instance lvs_allen { #定义VRRP实例,实例名自定义
state MASTER #指定Keepalived的角色,MASTER为主服务器,BACKUP为备用服务器
interface eth0 #指定HA监测的接口
virtual_router_id 68 #虚拟路由标识,这个标识是一个数字(1-255),在一个VRRP实例中主备服务器ID必须一样
priority 100 #优先级,数字越大优先级越高,在一个实例中主服务器优先级要高于备服务器
advert_int 1 #设置主备之间同步检查的时间间隔单位秒
authentication { #设置验证类型和密码
auth_type PASS #验证类型有两种{PASS|HA}
auth_pass 1689 #设置验证密码,在一个实例中主备密码保持一样
}
virtual_ipaddress { #定义虚拟IP地址,可以有多个,每行一个
172.16.14.10
}
}
virtual_server 172.16.14.10 80 { #设置虚拟服务器,需要指定虚拟IP与服务端口,用空格分隔
delay_loop 6 #设置健康状态检查时间,单位为秒
lb_algo rr #设置负载高度算法,rr为轮询
lb_kind DR #设置LVS实现负载均衡的机制,可以为{NAT|TUN|DR}三种
nat_mask 255.255.0.0 #设置掩码
persistence_timeout 50 #会话保持时间,单位为秒;这个选项对于动态网页是非常有用的,为集群系统中session共享提供了一个很好的解决方案
protocol TCP #指定转发协议类型可以设置{TCP|UDP}两种
real_server 172.16.14.3 80 { #服务服务节点,需要指定Real_server的IP与端口,用空格分隔
weight 1 #配置服务节点的权重,数字越大,权重越高
HTTP_GET { #设置检测Realserver的方式为Http协议
url {
path /
status_code 200 #设定返回状态码为200表示Realserver是存活的
}
connect_timeout 3 #设置响应超时时间
nb_get_retry 3 #设置超时重试次数
delay_before_retry 3 #设置超时后重试间隔
}
}
real_server 172.16.14.4 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
|
3、将Master服务器上的主配置文件拷贝到Backup服务器稍作修改
1
2
3
4
5
| [root@backup ~]# scp 172.16.14.1:/etc/keepalived/keepalived.conf /etc/keepalived/
######修改如下两项
[root@backup ~]# vim /etc/keepalived/keepalived.conf
state BACKUP
priority 98
|
4、启动两台服务器上的Keepalived服务并设置为开机自启动
1
2
3
4
5
6
7
8
9
10
11
12
13
| ######MASER服务器
[root@master ~]# service keepalived start
Starting keepalived: [ OK ]
[root@master ~]# chkconfig keepalived on
[root@master ~]# chkconfig --list keepalived
keepalived 0:off 1:off 2:on 3:on 4:on 5:on 6:off
######BACKUP服务器
[root@backup ~]# vim /etc/keepalived/keepalived.conf
[root@backup ~]# service keepalived start
Starting keepalived: [ OK ]
[root@backup ~]# chkconfig keepalived on
[root@backup ~]# chkconfig --list keepalived
keepalived 0:off 1:off 2:on 3:on 4:on 5:on 6:off
|
5、开启Master与Backup服务器的路由转发功能
1
2
3
4
| [root@master ~]# sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf
[root@backup ~]# sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf
######执行如下命令使其生效
sysctl -p
|
二、安装Httpd并设置好Realserver
1、为后端服务器WEB1安装Httpd服务并启动服务,这里使用的rpm包安装
1
2
3
4
5
6
7
| [root@web1 ~]# yum -y install httpd
######为web1提供测试页
[root@web1 ~]# echo 'WEB1 http://502245466.blog.运维网.com' > /var/www/html/index.html
[root@web1 ~]# service httpd start
[root@web1 ~]# chkconfig httpd on
[root@web1 ~]# chkconfig --list httpd
httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
|
2、访问测试WEB1服务器
3、为后端服务器WEB2安装Httpd服务并启动服务,这里使用的rpm包安装
1
2
3
4
5
6
7
| [root@web2 ~]# yum -y install httpd
######为web2提供测试页
[root@web2 ~]# echo 'WEB2 http://502245466.blog.运维网.com' > /var/www/html/index.html
[root@web2 ~]# service httpd start
[root@web2 ~]# chkconfig httpd on
[root@web2 ~]# chkconfig --list httpd
httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
|
4、访问测试WEB2服务器
5、为两台Realserver提供Sysv格式的脚本来自动修改内核参数与虚拟IP并运行脚本
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
| [root@web1 ~]# vim /etc/init.d/lvs
#!/bin/bash
#ALLEN http://502245466.blog.运维网.com
# chkconfig: - 88 66
# Script to start LVS DR real server.
# description: LVS DR real server
#
. /etc/rc.d/init.d/functions
VIP=172.16.14.10
host=`/bin/hostname`
case"$1"in
start)
# Start LVS-DR real server on this machine.
/sbin/ifconfiglo down
/sbin/ifconfiglo up
echo1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo2 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo2 > /proc/sys/net/ipv4/conf/all/arp_announce
/sbin/ifconfiglo:0 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/routeadd -host $VIP dev lo:0
;;
stop)
# Stop LVS-DR real server loopback device(s).
/sbin/ifconfiglo:0 down
echo0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo0 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo0 > /proc/sys/net/ipv4/conf/all/arp_announce
;;
status)
# Status of LVS-DR real server.
islothere=`/sbin/ifconfiglo:0 | grep$VIP`
isrothere=`netstat-rn | grep"lo:0"| grep$VIP`
if[ ! "$islothere"-o ! "isrothere"];then
# Either the route or the lo:0 device
# not found.
echo"LVS-DR real server Stopped."
else
echo"LVS-DR real server Running."
fi
;;
*)
# Invalid entry.
echo"$0: Usage: $0 {start|status|stop}"
exit1
;;
esac
注释:脚本中的VIP定义的是虚拟IP地址
====================================================================
[root@web1 ~]# chmod +x /etc/init.d/lvs
[root@web1 ~]# chkconfig --add lvs
[root@web1 ~]# chkconfig lvs on
[root@web1 ~]# chkconfig --list lvs
lvs 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@web1 ~]# service lvs start
[root@web1 ~]# service lvs status
LVS-DR real server Running.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
######为WEB2提供脚本
[root@web2 ~]# scp -p 172.16.14.3:/etc/init.d/lvs /etc/init.d/
[root@web2 ~]# chkconfig --add lvs
[root@web2 ~]# chkconfig lvs on
[root@web2 ~]# chkconfig --list lvs
lvs 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@web2 ~]# service lvs start
[root@web2 ~]# service lvs status
LVS-DR real server Running.
|
三、验证服务
1、查看当前Master服务器的IP地址及LVS规则
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
| [root@master ~]# ip addr show eth0
2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether00:0c:29:2c:1a:24 brd ff:ff:ff:ff:ff:ff
inet 172.16.14.1/16brd 172.16.255.255 scope global eth0
inet 172.16.14.10/32scope global eth0
inet6 fe80::20c:29ff:fe2c:1a24/64scope link
valid_lft forever preferred_lft forever
######由上可见虚拟IP地址已经在Master主机上启动
========================================================================
[root@master ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.16.14.10:80 rr persistent 50
-> 172.16.14.3:80 Route 1 0 0
-> 172.16.14.4:80 Route 1 0 0
######从规则中可以看出虚拟IP与Port及调度算法为rr;其中有两个Realserver
|
2、访问测试服务器是否正常提供服务
由上可知,使用的是rr调度算法,在访问测试时可能需要多访问几次或换个浏览器来测试访问。
3、模拟Master服务器出现故障,将Master主机上的Keepalived服务停止,查看Backup服务器是否接管所有服务
[root@master ~]# service keepalived stop
Stopping keepalived: [ OK ]
----------------------------------------------------------------------
[root@master ~]# ip addr show eth0
2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether00:0c:29:2c:1a:24 brd ff:ff:ff:ff:ff:ff
inet 172.16.14.1/16brd 172.16.255.255 scope global eth0
inet6 fe80::20c:29ff:fe2c:1a24/64scope link
valid_lft forever preferred_lft forever
----------------------------------------------------------------------
[root@master ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
######由上可见Master服务器上已删除虚拟IP与LVS规则
======================================================================
[root@backup ~]# ip addr show eth0
2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether00:0c:29:ec:f6:3f brd ff:ff:ff:ff:ff:ff
inet 172.16.14.2/16brd 172.16.255.255 scope global eth0
inet 172.16.14.10/32scope global eth0
inet6 fe80::20c:29ff:feec:f63f/64scope link
valid_lft forever preferred_lft forever
######由上可见,虚拟IP地址已成功在Backup服务器启动
----------------------------------------------------------------------
[root@backup ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.16.14.10:80 rr persistent 50
-> 172.16.14.3:80 Route 1 0 0
-> 172.16.14.4:80 Route 1 0 0
######LVS的规则也已成功配置在Backup服务器上面
|
4、再次访问测试服务器是否正常提供服务
5、假如Master服务器修复好已重新上线,则虚拟IP地址与LVS规则会重新配置到Master服务器上,而在Backup服务器上删除虚拟ip地址和LVS规则。
######查看Master服务器
[root@master ~]# service keepalived start
Starting keepalived: [ OK ]
----------------------------------------------------------------------
[root@master ~]# ip addr show eth0
2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether00:0c:29:2c:1a:24 brd ff:ff:ff:ff:ff:ff
inet 172.16.14.1/16brd 172.16.255.255 scope global eth0
inet 172.16.14.10/32scope global eth0
inet6 fe80::20c:29ff:fe2c:1a24/64scope link
valid_lft forever preferred_lft forever
----------------------------------------------------------------------
[root@master ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.16.14.10:80 rr persistent 50
-> 172.16.14.3:80 Route 1 0 0
-> 172.16.14.4:80 Route 1 0 0
######由上可见,虚拟IP地址与LVS规则又重新配置到Master服务器上面
======================================================================
######查看Backup服务器
[root@backup ~]# ip addr show eth0
2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether00:0c:29:ec:f6:3f brd ff:ff:ff:ff:ff:ff
inet 172.16.14.2/16brd 172.16.255.255 scope global eth0
inet6 fe80::20c:29ff:feec:f63f/64scope link
valid_lft forever preferred_lft forever
----------------------------------------------------------------------
[root@backup ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.16.14.10:80 rr persistent 50
-> 172.16.14.3:80 Route 1 0 0
-> 172.16.14.4:80 Route 1 0 0
######由上可见,虚拟IP地址已经删除,但是LVS规则还存在,这对我们是没有影响的,没有了IP地址只有规则也是不生效的
|
6、如果后端Realserver出现故障,则LVS规则会清除相应Realserver的规则
[root@web1 ~]# service httpd stop
Stopping httpd: [ OK ]
------------------------------------------------------------------------
[root@master ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.16.14.10:80 rr persistent 50
-> 172.16.14.4:80 Route 1 0 0
######由上可见,停止了WEB1服务器的Httpd服务;查看LVS规则中已经清除了WEB1服务器的规则;如果将WEB1重新上线,则LVS会自动将规则添加上这里就不再测试
温馨提示:
如果在是实际环境中使用Keepalived做高可用集群解决方案时,为了解决脑裂的问题,我们需要把MASTER与BACKUP服务器的Keepalived的主配置文件(keepalived.conf)中的 "state" 状态都改为 "BACKUP" 优先级 "priority" 选项的值不要设置为相同,可以设置一个数值大另一个数值小;如优先级分别为:priority 100 priority 98
注意:如何使keeplived工作在非抢占模式
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@locahost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state BACKUP //这个地方一定要改成BACKUP
interface eth0
virtual_router_id 51
nopreempt //然后加上这个命令
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.20.10.199
}
}
构建一个LVS的DR模型
1,实验目的规划如下模型,CIP、VIP、DIP与RIP在同一网段
2、RS1上配置如下:
配置内核参数:
#echo 1 > /prco/sys/net/ipv4/conf/lo/arp_ignore
#echo 1 > /prco/sys/net/ipv4/conf/all/arp_ignore
#echo 2 > /prco/sys/net/ipv4/conf/lo/arp_announce
#echo 2 > /prco/sys/net/ipv4/conf/all/arp_announce
配置RIP、VIP:
#ifconfig eth0 172.16.100.7/24
#ifconfig lo:0 172.16.100.3 broadcast 172.16.100.3 netmask 255.255.255.255 up 添加路由:
#route add -host 172.16.100.3 dev lo:0
3、按照同样过程同RS2(略)
4、Director上的配置:
配置DIP、VIP:
#ifconfig eth0 172.16.100.1/24
#ifconfig eth0:0 172.16.100.3 broadcast 172.16.100.3 netmask 255.255.255.255 up 添加路由:
#route add -host 172.16.100.3 dev eth0:0
定义规则:
#ipvsadm -A -t 172.16.100.3:80 -s rr
#ipvsadm -a -t 172.16.100.3:80 -r 172.16.100.7 -g -w 2
#ipvsadm -a -t 172.16.100.3:80 -r 172.16.100.8 -g -w 1
#ipvsadm -L -n
5、以上即完成配置,开始测试:
客户机连接网页测试http://172.16.100.3,不停刷新,Director通过如下命令即可观察到客户端的链接请求被均匀调度至RS1与RS2去响应(rr轮询调度算法)
#watch -n1 ‘ipvsadm -L -n --status’
Keepalived+Haproxy双主高可用负载均衡web和mysql综合案例
http://manfred12.blog.运维网.com/137312/1406097
http://hao360.blog.运维网.com/5820068/1337965
| 
QQ群⑧:
窥视卡
雷达卡
发表于 2018-12-31 07:33:11
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡