Lvs+keepalived实现高可用负载均衡
工作原理
因为Lvs解决不了单点故障, Keepalived基于VRRP协议来实现高可用解决方案,利用其避免单点故障,通常这个解决方案中,至少有2台服务器运行Keepalived,即一台为MASTER,另一台为BACKUP,但对外表现为一个虚拟IP,MASTER会发送特定消息给BACKUP,当BACKUP收不到该消息时,则认为MASTER故障了,BACKUP会接管虚拟IP,继续提供服务,而且keepalived自带健康检查,如果某台web服务器故障,Keepalived将检测到并将其从系统中剔除,当该web服务器工作正常后Keepalived自动将其加入到服务器群中,这些工作全部自动完成,而不需要人工干预,只需要人工修复故障的web服务器即可,从而保证了高可用性
环境搭建
server2:172.25.7.2 #安装keepalived,ipvsadm 作为主要调度器(MASTER)
server3:172.25.7.5 #安装keepalived,ipvsadm 作为备份调度器(BACKUP)
server4:172.25.7.3 #安装httpd,arptables_jf 作为后端服务器
server5:172.25.7.4 #安装httpd,arptables_jf 作为后端服务器
虚拟ip(VIP):172.25.7.100主调度器server2配置
keepalived安装
keepalived官方下载地址:www.keepalived.org
目前最新版本为keepalived-1.3.7,本次实验下载的是keepalived-1.3.5版本的压缩包:
切换到解压后的安装目录进行预编译动作,指定安装目录,配置需要的参数:
预编译过程中如果出现以下报错,表示没有安装gcc
安装gcc即可:yum install gcc -y
如果没有安装openssl-devel,则会出现以下报错:
利用yum安装即可:yum install openssl-devel -y
预安装好以后,出现下图提示内容,在IPVS Framework和VRRP后都是Yes,说明keepalived支持IPVS和VRRP协议,如果不是,则需要重新进行预编译:
接下来就可以进行编译动作了:make
最后进行编译安装就可完成keepalived的安装:make install
先给/usr/local/keepalived/etc/rc.d/init.d/keepalived启动脚本执行权限:
chmod +x /usr/local/keepalived/etc/rc.d/init.d/keepalived设置软链接,方便使用:
ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/ #将启动脚本链接到/etc/init.d/下
ln -s /usr/local/keepalived/etc/keepalived/ /etc/ #将配置文件目录链接到/etc目录下
ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/ #将全局文件链接到/etc/sysconfig/目录下
ln -s /usr/local/keepalived/sbin/keepalived /sbin/
主调度器server2还需下载:ipvsadm,直接用yum下载即可,yum源配置在上一篇有讲到,这里就不贴图了:
yum install ipvsadm -y编辑keepalived配置文件: vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@local
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER #主调度器
interface eth0
virtual_router_id 51
priority 100 #优先级
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.7.100 #虚拟ip
}
}
virtual_server 172.25.7.100 80 { #虚拟ip即端口
delay_loop 6
lb_algo rr #负载均衡为轮询模式
lb_kind DR #lvs负载均衡模式为DR模式
protocol TCP
real_server 172.25.7.3 80 { #后端服务器ip及端口
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.25.7.4 80 { #后端服务器ip及端口
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}*注意格式,如果格式错误,系统是不会报错的,尤其是大括号{}前后得对应
vrrp_strict 这一行如果不注释掉,在重启keepalived后,即使关掉防火墙,防火墙(iptables)也会自动设置策略,客户端就会访问不到后端服务器的内容:
[root@server2 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere 172.25.7.100
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination 注释以后重启:/etc/init.d/keepalived restart
关闭防火墙:
iptables -F
/etc/init.d/iptables stopserver5备份调度器配置:
将server2上的keepalived目录拷贝到server5即可:
[root@server2 ~]# scp -r /usr/local/keepalived/ [email protected]:/usr/local/
设置软链接:
ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
ln -s /usr/local/keepalived/etc/keepalived/ /etc/
ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
ln -s /usr/local/keepalived/sbin/keepalived /sbin/
将server2上keepalived的配置文件也拷贝到server5上:
[root@server2 ~]# scp /etc/keepalived/keepalived.conf [email protected]:/etc/keepalived/配置文件只需要修改2处即可:
state MASTER 修改为 state BACKUP
priority 100 修改为 priority 90下载ipvsadm:
yum install ipvsadm -y启动keepalived:/etc/init.d/keepalived start
关闭防火墙:
iptables -F
/etc/init.d/iptables stop调度器端配置完成
后端服务器server3配置:
下载httpd:
yum install httpd -y新建并编辑默认发布文件内容:
echo "server3-HK
" > /var/www/html/index.html
/etc/init.d/httpd start #启动httpd绑定VIP:
ip addr add 172.25.7.100 dev eth0下载arptables_jf
yum install arptables_jf设置arptables策略:
arptables -A IN -d 172.25.7.100 -j DROP #屏蔽虚拟ip
arptables -A OUT -s 172.25.7.100 -j mangle --mangle-ip-s 172.25.7.3
service arptables_jf save #保存策略
/etc/init.d/arptables_jf start #启动arptables_jf关闭防火墙:
iptables -F
/etc/init.d/iptables stop后端服务器server4配置:
下载httpd:
yum install httpd -y新建并编辑默认发布文件内容:
echo "server4-HK
" > /var/www/html/index.html
/etc/init.d/httpd start #启动httpd绑定VIP:
ip addr add 172.25.7.100 dev eth0下载arptables_jf
yum install arptables_jf设置arptables策略:
arptables -A IN -d 172.25.7.100 -j DROP #屏蔽虚拟ip
arptables -A OUT -s 172.25.7.100 -j mangle --mangle-ip-s 172.25.7.4
service arptables_jf save #保存策略
/etc/init.d/arptables_jf start #启动arptables_jf关闭防火墙:
iptables -F
/etc/init.d/iptables stop测试
客户端访问虚拟ip:
[kiosk@hguan07 Desktop]$ for i in {1..10}; do curl 172.25.7.100 ; done
<h1>server4-HKh1>
<h1>server3-HKh1>
<h1>server4-HKh1>
<h1>server3-HKh1>
<h1>server4-HKh1>
<h1>server3-HKh1>
<h1>server4-HKh1>
<h1>server3-HKh1>
<h1>server4-HKh1>
<h1>server3-HKh1>
如果配置没错,虚拟ip现在在MASTER也就时是server2上:
测试当server2挂掉,server5能否接管:
/etc/init.d/keepalived stop #停止server2上的keepalived在客户端查看服务,没有问题,说明server5已经成功接管:
[kiosk@hguan07 Desktop]$ for i in {1..6}; do curl 172.25.7.100 ; done
<h1>server4-HKh1>
<h1>server3-HKh1>
<h1>server4-HKh1>
<h1>server3-HKh1>
<h1>server4-HKh1>
<h1>server3-HKh1>
在server5查看虚拟ip,已经到server5上:
重启server2上的keepalived,虚拟ip又会回切到server2上,因为server2优先级比server5上的keepalived高:
将server3上的httpd停止后,客户端查看,只显示server4上的信息,然后报错,接着就将故障的server3踢出去了:
[kiosk@hguan07 Desktop]$ for i in {1..6}; do curl 172.25.7.100 ; done
curl: (7) Failed connect to 172.25.7.100:80; Connection refused
<h1>server4-HKh1>
curl: (7) Failed connect to 172.25.7.100:80; Connection refused
<h1>server4-HKh1>
curl: (7) Failed connect to 172.25.7.100:80; Connection refused
<h1>server4-HKh1>
[kiosk@hguan07 Desktop]$ for i in {1..6}; do curl 172.25.7.100 ; done
<h1>server4-HKh1>
<h1>server4-HKh1>
<h1>server4-HKh1>
<h1>server4-HKh1>
<h1>server4-HKh1>
<h1>server4-HKh1>
重启server3上的httpd:/etc/init.d/httpd restart 客户端再继续查看,server3重新加入服务器群:
[kiosk@hguan07 Desktop]$ for i in {1..6}; do curl 172.25.7.100 ; done
<h1>server3-HKh1>
<h1>server4-HKh1>
<h1>server3-HKh1>
<h1>server4-HKh1>
<h1>server3-HKh1>
<h1>server4-HKh1>添加lftp服务:
调度器端配置:
server2上编辑keepalived配置文件:vim /etc/keepalived/keepalived.conf 添加以下内容,将lftp服务添加进去:
virtual_server 172.25.7.100 21 { #lftp服务端口为21
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50 #持续连接时间为50s
protocol TCP
real_server 172.25.7.3 21 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.25.7.4 21 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}然后重启keepalived:/etc/init.d/keepalived restart
server5做同样的操作
后端服务器配置:
server3和server4都下载vsftpd,提供lftp服务:
yum install vsftpd -yserver3上在/var/ftp/pub/目录下创建文件:
touch /var/ftp/pub/server3server4上在/var/ftp/pub/目录下创建文件:
touch /var/ftp/pub/server4server3和server4都启动vsftpd服务:/etc/init.d/vsftpd start
在调度器端查看:
[root@server2 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.7.100:21 rr persistent 50
-> 172.25.7.3:21 Route 1 0 0
-> 172.25.7.4:21 Route 1 0 0
TCP 172.25.7.100:80 rr
-> 172.25.7.3:80 Route 1 0 0
-> 172.25.7.4:80 Route 1 0 0
在服务端测试:
[kiosk@hguan07 Desktop]$ lftp 172.25.7.100
lftp 172.25.7.100:~> ls
drwxr-xr-x 2 0 0 4096 Oct 04 15:19 pub
lftp 172.25.7.100:/> cd pub/
lftp 172.25.7.100:/pub> ls
-rw-r--r-- 1 0 0 0 Oct 04 15:19 server4
lftp 172.25.7.100:/pub>
因为是持续连接,所以需到等到设定的时间结束,或者重新在另一个客户端再访问虚拟ip,才能够看到轮询效果
停止server4上的vsftpd服务,也可看到server3上的服务:
/etc/init.d/vsftpd stop
[kiosk@hguan07 Desktop]$ lftp 172.25.7.100
lftp 172.25.7.100:~> ls
drwxr-xr-x 2 0 0 4096 Oct 04 15:19 pub
lftp 172.25.7.100:/> cd pub/
lftp 172.25.7.100:/pub> ls
-rw-r--r-- 1 0 0 0 Oct 04 15:19 server3
lftp 172.25.7.100:/pub> 关于Lvs+keepalived的整理暂时就这些,如有错误,望大家指正