HA,lvs,keepalived
一 配置heartbeat
官网:linux-ha.org
server1:(master节点)
1 下载rpm包并安装
yum install -y heartbeat-*
2 heartbeat的配置文件
/etc/ha.d/ ###主配置目录###
/etc/ha.d/ha.cf ###主配置文件###
/etc/ha.d/haresources ###资源定义文件,集群要维护的资源组###
/etc/ha.d/authkeys ###认证文件###
3 less README.config ###查看说明文件###
4 rpm -q heartbeat -d ###查看heartbeat的说明文档###
5 cd /usr/share/doc/heartbeat-3.0.4/ ###进入到说明文档的目录下###
6 cp ha.cf authkeys haresources /etc/ha.d/ ###将文档移到主配置目录下###
7 vim /etc/ha.d/ha.cf
内容:
keepalive 2s ###心跳频率,多久发一次心跳###
deadtime 30 ###down###
warntime 10 ###警告###
initdead 60 ###初始化###
udpport 732 ###udp端口###
bcast eth0 ###在eth0上广播###
auto_failback on ###回切###
node server1 ###该节点的顺序决定了谁是master,注意一定只能写主机名###
node server2
ping 172.25.38.250 ###
respawn hacluster /usr/lib64/heartbeat/ipfail ###一个插件,用于主备切换###
apiauth ipfail gid=haclient uid=hacluster
8 vim authkeys ###认证文件###
auth 1
1 crc
9 chmod 600 authkeys ###认证文件一定要是600权限###
10 vim /etc/ha.d/haresources ###资源文件##
server1 IPaddr::172.25.38.100/24/eth0 httpd ###一定要写主节点,vip(IPaddr是资源的脚本名,后面跟的是传递的参数),httpd脚本###
*******************************************************************************
注意:heartbeate自动调用的脚本路径:/etc/init.d/,/etc/rc.d/和/etc/ha.d/resource.d/
*******************************************************************************
11 scp ha.cf authkeys haresources server2:/etc/ha.d/ ###还有一个节点的配置文件与该节点相同####
12 /etc/init.d/heartbeat start ###开启###
13 tail -f /var/log/messages ###查看日志,看是否有错####
server2 (热备的节点)
1 yum install -y heartbeat-*
2 /etc/init.d/heartbeat start
3 tail -f /var/log/messages
测试:将server1的heartbeat关闭,server2就会接管资源
[root@server1 ~]# /etc/init.d/heartbeat stop
Stopping High-Availability services: Done.
[root@foundation78 ~]# curl 172.25.78.100 ###关闭前###
server2-www.westos.org
[root@foundation78 ~]# curl 172.25.78.100 ###关闭后###
server2-www.westos.org
[root@foundation78 ~]# curl 172.25.78.100
server2-www.westos.org
二 lvs
lvs是一个四层负载均衡,是在内核层面,分为netfilter+ipvs和ipvsafm(用户层面的使用工具)
lvs的模式:NAT,Tun,DR,fullNAT
对后端服务器没有健康检查,当其中一个后端服务器的服务停止了,那么就会将错误的信息反映给客户端
###DR模式###
client ---> vs ---> rs ---> client
(cip) (vip)
(m1) (m2) (m3)
工作再数据链路层,采用了arp协议,假设client的ip为cip,mac地址为m1,调度器vs的ip为vip,mac地址为m2,后端的服务器的mac地址为m3,由于dr模式是工作再数据链路层,没有经过路由器,所以vs和rs必须再一个网段内,当client访问vip,再dr模式下,vs经过它本身的一些算法会将m2改成m3,这样就做到了直接将数据包丢到了rs,(注意,rs上必须有vip,因为client访问的是vip)rs经过解封,得到了vip,由于rs上有vip,从而确定要访问的就是rs,rs再经过封装,将数据发给client,这样,数据就不用原路经返回给client。
由于vs和rs上都与vip,又在同一个网段内,将会出现ip冲突,因此就需要arptables,在rs上写策略,使得对传来的arp数据包丢弃,这样就只能访问vs。
server1(master节点):
1 yum install -y ipvsadm
2 ipvsadm -A -t 172.25.38.100:80 -s rr ###添加虚拟ip 172.25.38.100:80,-t指tcp,-s rr 指定算法为轮询###
3 ipvsadm -a -t 172.25.38.100:80 -r 172.25.38.3:80 -g ###将虚拟ip映射到真实的ip,-g指dr模式###
4 ipvsadm -a -t 172.25.38.100:80 -r 172.25.38.4:80 -g
5 /etc/init.d/ipvsadm save ###将策略保存到文件里,开机时会自动生效##
6 ipvsadm -l ###列出策略###
作为负载均衡的服务器:
server3:
1 ip addr 172.25.38.100/32 dev eth0
2 yum install -y arptables_jf
3 arptables -A IN -d 172.25.38.100 -j DROP
4 arptables -A OUT -s 172.25.38.100 -j mangle --mangle-ip-s 172.25.38.3 ###由于在同一个网段内三个同样的ip会造成ip冲突,因此要将访问本机的172.25.38.100的请求丢弃,本机的172.25.38.100要发送消息就要转换成真实的ip发送###
5 /etc/init.d/arptables_jf save ###保存策略,开机自动执行策略###
server4:(与server3操作相同)
1 ip addr 172.25.38.100/32 dev eth0
2 yum install -y arptables_jf
3 arptables -A IN -d 172.25.38.100 -j DROP
4 arptables -A OUT -s 172.25.38.100 -j mangle --mangle-ip-s 172.25.38.4 ###由于在同一个网段内三个同样的ip会造成ip冲突,因此要将访问本机的172.25.38.100的请求丢弃,本机的172.25.38.100要发送消息就要转换成真实的ip发送###
5 /etc/init.d/arptables_jf save
6 arptables -nL ###查看所写的策略###
测试:
[root@foundation38 ~]# curl 172.25.38.100
server4-www.westos.org
[root@foundation38 ~]# curl 172.25.38.100
server3-www.westos.org
[root@foundation38 ~]# curl 172.25.38.100
server4-www.westos.org
[root@foundation38 ~]# arp -an | grep 100
? (172.25.38.100) at 52:54:00:bc:1e:7a [ether] on br0 ###该mac地址就是server1的mac地址###
如果还是没有变化,则是因为有缓存,执行arp -d 172.25.38.100就可以了
三 HA(heartbeat)+lvs
(lvs的配置前面已经配置过,在此不再重复)
1 yum install -y ldirectord-3.9.5-3.1.x86_64.rpm ###因为lvs不能够对后端进行健康检查,如果服务down了,那么客户端能够看到错误的信息,因此要安装该软件包,该软件包能够对后端进行健康检查,并且整合了lvs,能够根据后端服务器更新策略,但是也有不好的地方,如果lvs出现问题,他是不知道的,因为他只是对后端进行健康检查###
2 rpm -qd ldirectord ###查看文档###
3 cd /usr/share/doc/ldirectord-3.9.5/
4 cp ldirectord.cf /etc/ha.d/ ###将文档放在主配置文件的目录下,不然不会去读###
6 cd /etc/ha.d
7 vim ldirectord.cf
virtual=172.25.38.100:80 ###vip###
real=172.25.38.3:80 gate ##后端服务器##
real=172.25.38.4:80 gate
fallback=127.0.0.1:80 gate ###如果后端服务器都down了,就本机上#
service=http
scheduler=rr ###轮询算法###
protocol=tcp
checktype=negotiate
checkport=80
request="index.html"
8 vim haresources
内容:
server1 IPaddr::172.25.38.100/24/eth0 httpd ldirectord ###加入ldirectord,当高可用打开后,就能够对后端进行健康检查,加入httpd脚本的原因是开启了fallback###
此时的高可用的资源组为:
*************
vip
httpd
ldirectord
************
9 scp ha.cf authkeys haresources ldirectord.cf server2:/etc/ha.d/
10 /etc/init.d/heartbeat start
11 tail -f /var/log/messages
server2:
1 /etc/init.d/heartbeat start
2 tail -f /var/log/messages
测试:
1 有健康检查
将其中一个后端服务器的服务停止,另一个后端服务器就接管了服务
[root@server3 ~]# /etc/init.d/httpd stop
Stopping httpd: [ OK ]
[root@foundation78 ~]# curl 172.25.78.100
server4-www.westos.org
[root@foundation78 ~]# curl 172.25.78.100
server4-www.westos.org
[root@foundation78 ~]# curl 172.25.78.100
server4-www.westos.org
[root@foundation78 ~]# curl 172.25.78.100
server4-www.westos.org
2 查看master的资源组信息
vip:
[root@server1 ~]# ip addr show eth0
2: eth0:
link/ether 52:54:00:d5:e3:a3 brd ff:ff:ff:ff:ff:ff
inet 172.25.78.1/24 brd 172.25.78.255 scope global eth0
inet 172.25.78.100/24 brd 172.25.78.255 scope global secondary eth0
inet6 fe80::5054:ff:fed5:e3a3/64 scope link
valid_lft forever preferred_lft forever
valid_lft forever preferred_lft forever
httpd:
[root@server1 ~]# ps ax | grep httpd
3504 ? Ss 0:00 /usr/sbin/httpd
3507 ? S 0:00 /usr/sbin/httpd
3508 ? S 0:00 /usr/sbin/httpd
3510 ? S 0:00 /usr/sbin/httpd
3511 ? S 0:00 /usr/sbin/httpd
3512 ? S 0:00 /usr/sbin/httpd
3513 ? S 0:00 /usr/sbin/httpd
3514 ? S 0:00 /usr/sbin/httpd
3515 ? S 0:00 /usr/sbin/httpd
3590 pts/1 S+ 0:00 grep httpd
lvs策略:
[root@server1 ~]# ipvsadm -l
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.78.100:http rr
-> server3:http Route 1 0 0
-> server4:http Route 1 0 0
3 将一个节点的heartbeat停止,另一个节点就会接管资源。
[root@foundation78 ~]# curl 172.25.78.100
server4-www.westos.org
[root@foundation78 ~]# curl 172.25.78.100
server3-www.westos.org
[root@foundation78 ~]# arp -an | grep 100
? (172.25.78.100) at 52:54:00:ac:6c:6d [ether] on br0 ###此时的 mac地址就是server2的mac地址
四 keepalived + lvs
注意:要将前面做过的heartbeat的服务关闭:
/etc/init.d/heartbeat stop
chkconfig heartbeat off
server1(master)
1 源码编译
./configure --prefix=/usr/local/keepalived
make && make install
scp -r /usr/local/keepalived server2:/usr/local/
2 作软连接
配置文件的目录:
/usr/local/keepalived/etc/keepalived
ln -s /usr/local/keepalived/etc/keepalived/ /etc/
服务脚本的目录:
/usr/local/keepalived/etc/rc.d/init.d /usr/local/keepalived/sbin
ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
ln -s /usr/local/keepalived/sbin/keepalived /sbin/
/usr/local/keepalived/etc/sysconfig
ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
*******************************************************************************
注意:/usr/local/keepalived/etc/rc.d/init.d/keepalived要有可执行的权限,如果没有就要加上chmod +x /usr/local/keepalived/etc/rc.d/init.d/keepalived
******************************************************************************
3 vim /etc/keepalived/keepalived.conf
内容:
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost ###接收警报的email地址,可以添加多个###
}
notification_email_from keepalived@server1 ###设置邮件的发送地址
smtp_server 127.0.0.1 ###设置smtp server地址
smtp_connect_timeout 30 ###设置连接smtp服务器超时时间
router_id LVS_DEVEL ###load banlancer 的标示 ID,用于email警报
}
vrrp_instance VI_1 {
state MASTER ###主机是master,备机是backup,又priority决定
interface eth0 ###用eth0来传递心跳###
virtual_router_id 51 ###主、备机的 virtual_router_id 必须相同,取值 0-255
priority 100 ###优先级,数字越大,优先级越高,由此决定谁是master
advert_int 1 ###主备之间的通告间隔秒数
authentication { ###主备切换时的验证
auth_type PASS ###设置验证类型
auth_pass 1111 ###设置验证密码,在一个 vrrp_instance 下,MASTER 与 BACKUP 必须使用相同的密码才能正常通信
}
virtual_ipaddress { ###设置虚拟ip地址,可以设置多个虚拟ip地址,每行一个
172.25.78.100
}
}
virtual_server 172.25.78.100 80 { ###定义虚拟服务器
delay_loop 6 ###每隔6s查询,realserver状态
lb_algo rr ###lvs调度算法,这里使用轮询
lb_kind DR ###lvs使用DR模式
#persistence_timeout 50
protocol TCP ###指定转发协议类型,有tcp和udp两种
real_server 172.25.78.3 80 { ###配置服务节点
weight 1 ###权值
TCP_CHECK { ###realserve 的状态检测设置部分,单位是秒
connect_timeout 3 ###10 秒无响应超时
nb_get_retry 3 ###重试次数
delay_before_retry 3 ###重试间隔
}
}
real_server 172.25.78.4 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
4 /etc/init.d/keepalived start
server2(热备的节点)
1 作软连接:
ln -s /usr/local/keepalived/etc/keepalived/ /etc/
ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
ln -s /usr/local/keepalived/sbin/keepalived /sbin/
ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
2 vim /etc/keepalived/keepalived.conf
3 /etc/init.d/keepalived start
内容:
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@server2
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state BACKUP ###作为热备###
interface eth0
virtual_router_id 51
priority 50 ###数字要比master的节点的数字小###
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.78.100
}
}
virtual_server 172.25.78.100 80 {
delay_loop 6
lb_algo rr
lb_kind DR
#persistence_timeout 50
protocol TCP
real_server 172.25.78.3 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.25.78.4 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
4 /etc/init.d/keepalived start
测试:
[root@foundation78 ~]# curl 172.25.78.100
server3-www.westos.org
[root@foundation78 ~]# curl 172.25.78.100
server4-www.westos.org
[root@foundation78 ~]# curl 172.25.78.100
server3-www.westos.org
[root@foundation78 ~]# curl 172.25.78.100
server4-www.westos.org