keepalived实现LVS的高可用以及实现web服务的高可用（主从模型、双主模型）

准备四台虚拟机，两台HA主机，两台RS主机

一、HA主机的配置

1.1、配置IP：

HA1:IP 172.16.50.20  网关172.16.0.1 
HA2:IP 172.16.50.30  网关172.16.0.1

1.2、配置主机名：

HA1主机：

# hostname node1.magedu.com
# uname -n 
# vim /etc/sysconfig/network
HOSTNAME = node1.magedu.com

HA2主机：

# hostname node2.magedu.com
# uname -n
# vim /etc/sysconfig/network
HOSTNAME = node2.magedu.com

1.3、配置双机互信

HA1主机配置：

# ssh-keygen -t rsa -f ~/.ssh/id_rsa -P'' 密码为空
# ssh-copy-id -i .ssh/id_rsa.pub [email protected]
# ssh 172.16.50.30 'ifconfig'  远程连接查看一下ip是否为50.30

HA2主机配置：

# ssh-keygen -t rsa -f ~/.ssh/id_rsa -P''
# ssh-copy-id -i .ssh/id_rsa.pub [email protected]
# ssh 172.16.50.20 'ifconfig'  远程连接查看一下ip是否为50.20

1.4、配置主机解析

HA1配置：

# vim/etc/hosts
172.16.50.20 node1.magedu.com node1
172.16.50.30 node2.magedu.com node2
ping node2   #查看是否能ping通
scp /etc/hosts node2：/etc/  #直接复制给HA2主机
在HA2主机上ping node1  主机名，看能否ping通

1.5、配置时间同步

HA1主机：

# date
# service ntpd stop   #先关闭ntpd
# chkconfig ntpd off  #不让它开机自启动
# ntpdate 172.16.0.1  #与主服务时间同步一下
# crontab -e          #使用任务计划，让它每五分钟同步一下时间
*/5 * * * * /sbin/ntpdata 172.16.0.1 &> /dev/null

HA2主机：

# date
# service ntpd stop   #先关闭ntpd
# chkconfig ntpd off  #不让它开机自启动
# ntpdate 172.16.0.1  #与主服务时间同步一下
# crontab -e          #使用任务计划，让它每五分钟同步一下时间
*/5 * * * * /sbin/ntpdata 172.16.0.1 &> /dev/null

1.6、配置好yum库

二、RS主机的配置（LVS-DR模型）

2.1、配置IP

RS1：eth0   172.16.50.11
RS2: eth0   172.16.50.12

2.2、关闭selinux

本次实验总共使用了4台虚拟机，都要将selinux关闭

# setenforce 0

2.3、配置DR模型

这里提供一个脚本，可以直接实现

# vim startrs.sh
#!/bin/bash
#
# Script to start LVS DR real server.
# description: LVS DR real server
#
.  /etc/rc.d/init.d/functions
VIP=172.16.50.1
host=`/bin/hostname`
case "$1" in
start)
       # Start LVS-DR real server on this machine.
        /sbin/ifconfig lo down
        /sbin/ifconfig lo up
        echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
        echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
        echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
        echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
        /sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up
        /sbin/route add -host $VIP dev lo:0
;;
stop)
        # Stop LVS-DR real server loopback device(s).
        /sbin/ifconfig lo:0 down
        echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
        echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
        echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
        echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
;;
status)
        # Status of LVS-DR real server.
        islothere=`/sbin/ifconfig lo:0 | grep $VIP`
        isrothere=`netstat -rn | grep "lo:0" | grep $VIP`
        if [ ! "$islothere" -o ! "isrothere" ];then
            # Either the route or the lo:0 device
            # not found.
            echo "LVS-DR real server Stopped."
        else
            echo "LVS-DR real server Running."
        fi
;;
*)
            # Invalid entry.
            echo "$0: Usage: $0 {start|status|stop}"
            exit 1
;;
esac
# chmod +x startrs.sh  给一个执行权限
# ./startrs.sh satrt   执行此脚本

2.3、验证：

# ifconfig

三、实现LVS的高可用

HA配置（HA1与HA2安装的软件包相同）

3、安装配置LVS

3.1、安装keepalived（这里是32位的rpm包，这是自己制作的rpm包，里面有很多

东西是不需要配置的，也提供了样例，和官方下载的rpm是不同的）

注意：因为有依赖关系，这里直接使用yum来安装

# yum -y --nogpgcheck localinstall keepalived-1.2.7-5.el5.i386.rpm
# rpm -ql keepalived   查看都是安装生成了了哪些文件（这里只看我们提供的服务)
/etc/keepalived/keepalived.conf.haproxy_example  这是自己制作的rpm提供的样例
/etc/keepalived/notify.sh  脚本，也是自己制作时提供的，网站下载的是没有的

3.2、安装ipvsadm

# yum -y install ipvsadm

RS主机上的配置

3.3、在RS主机上分别启动httpd服务

# service httpd start

3.4、分别提供网页文件

# vim /var/www/html/index.html
RS1.magedu.com
# vim /var/www/html/index.html
RS2.magedu.com

HA1节点配置

3.5、提供配置文件

# cd /etc/keepalived/
# cp keepalived.conf keepalived.conf.bak
# vim keepalived.conf
! Configuration File for keepalived
global_defs { 全局默认配置
   notification_email {主节点发生变化，通知管理员
     root@localhost
   }
   notification_email_from root@localhost {发件人
   smtp_server 127.0.0.1
   smtp_connect_timeout 30 连接时间超时时长
   router_id LVS_DEVEL
}
vrrp_instance VI_1 {vrrp实例，定义虚拟路由组，第一个虚拟路由组
    state MASTER    定义初始状态下谁是主谁是备份
    interface eth0   虚拟路由工作在eth0，以及路由组的接口
    virtual_router_id 51
    priority 101    优先级
    advert_int 1    每隔一秒通告
    authentication {  安全认证
        auth_type PASS  字符串认证
        auth_pass passwd  密码
    }
    virtual_ipaddress {VIP地址
        172.16.50.1
    }
}
virtual_server 172.16.50.1 80 {
    delay_loop 6 定义获取服务等待的时间
    lb_algo wlc   负载均衡调度算法
    lb_kind DR    LVS类型
    nat_mask 255.255.0.0
    protocol TCP
   real_server 172.16.50.11 80 {
        weight 1
            url {   监控url的状态
              path /
             status_code 200
            }  
            connect_timeout 2  连接超时时长
            nb_get_retry 3     重试时长
            delay_before_retry 1   延时前的重试时长
        }  
}
 virtual_server 172.16.50.1 80 {
    delay_loop 6
    lb_algo wlc
    lb_kind DR
    nat_mask 255.255.0.0
    protocol TCP
    real_server 172.16.50.12 80 {
        weight 2
            url {
              path /
             status_code 200
            }
            connect_timeout 2  
            nb_get_retry 3      
            delay_before_retry 1 
        }
}

3.6、同步至另一节点中

# scp keepalived.conf node2:/etc/keepalived/

HA2主机中修改配置文件

# vim /etc/keepalived/keepalived.conf
只需要修改一下两项，其他的都不改
    state BACKUP
    priority 100

3.7、启动服务（两个节点都要启动）

# service keepalived start

3.8、验证（会自动配置为32位的源码）

3.8.1、查看一下ip

# ip addr show

3.8.2、查看一下ipvs规则

# ipvsadm -L -n

3.8.3、在物理机上访问172.16.50.1

刷新一下

3.8.4、查看一下ipvs规则

# ipvsadm -L -n

四、实现web服务的高可用（在HA1与HA2主机上配置相同）

4.1、需要两台虚拟机（不用realserver虚拟了），将这两台主机做成高可用web服务

4.1.1、将keepalived服务stop

# service keepalived stop

4.1.2、安装httpd包

# yum -y install httpd

4.1.3、提供页面

# vim /var/www/html/index.html
node1
HA2主机页面：
# vim /var/www/html/index.html
node2

4.1.4、启动服务

# service httpd start

4.1.5、在物理主机上访问这两个节点

4.2、提供配置文件

# cd /etc/keepalived/
# cp keepalived.conf.haproxy_example keepalived.conf
# vim keepalived.conf
! Configuration File for keepalived
global_defs {
   notification_email {
        [email protected]
         [email protected]
}
   notification_email_from [email protected]
        smtp_connect_timeout 3
        smtp_server 127.0.0.1
        router_id LVS_DEVEL
}
vrrp_script chk_httpd {  检查httpd
     script "killall -0 httpd"
     interval 2   每隔两秒检查一次httpd
      # check every 2 seconds
     weight -2
# if failed, decrease 2 of the priority  如果检查httpd失败了，将自己的优先级减2
     fall 2   检查两次，避免误杀进程
# require 2 failures for failures
     rise 1
# require 1 sucesses for ok  成功的话就检查一次
}
vrrp_script chk_schedown {只要touch一个down文件，它就变为备份的，删除此文件它就变为主的
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
interval 2
weight -2
}
vrrp_instance VI_1 {
interface eth0
# interface for inside_network, bound by vrrp
state MASTER
# Initial state, MASTER|BACKUP
# As soon as the other machine(s) come up,
# an election will be held and the machine
# with the highest "priority" will become MASTER.
# So the entry here doesn't matter a whole lot.
priority 101
# for electing MASTER, highest priority wins.
# to be MASTER, make 50 more than other machines.
virtual_router_id 51
# arbitary unique number 0..255
# used to differentiate multiple instances of vrrpd
# running on the same NIC (and hence same socket).
garp_master_delay 1
authentication {
auth_typePASS
auth_pass password
}
track_interface {
eth0
}
# optional, monitor these as well.
# go to FAULT state if any of these go down.
virtual_ipaddress {
172.16.50.1/16 dev eth0 label eth0:0
}
#addresses add|del on change to MASTER, to BACKUP.
#With the same entries on other machines,
#the opposite transition will be occuring.
#/ brd  dev  scope  label 
track_script { 每个一定的时间就会执行这两个脚本一次
chk_httpd
chk_schedown
}
一旦发现主从切换就会执行下面的脚本
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"（失败时执行此脚本）
}

4.3、同步至节点2

# scp keepalived.conf notify.sh node2:/etc/keepalived/

4.3.1、HA2主机中修改配置文件

# vim /etc/keepalived/keepalived.conf
只需要修改一下两项，其他的都不改
    state BACKUP
    priority 100

4.3.2、启动服务（两个节点都要启动）

# service keepalived start

4.3.3、验证

# ifconfig

在物理机上访问

4.3.4、手动切换节点1至节点2上

在上面的配置文件中我们定义的有脚本，只有touch一个down文件节点1就会被转移

# touch /etc/keepalived/down

验证：查看节点1与节点2的IP地址

# ifconfig

节点1IP

节点2IP

在物理主机上访问172.16.50.1

4.3.5、删除down文件，资源就会转移回节点1

# rm -rf /etc/keepalived/down

验证：

节点1IP

在物理主机上访问172.16.50.1

五、实现web服务高可用双主模型

当然这是在主从模型的基础上做的

5、配置文件的修改

5.1、修改节点1的配置文件

# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_2 {
    interface eth0
    state BACKUP  # BACKUP for slave routers
    priority 100  # 100 for BACKUP
    virtual_router_id 52
    garp_master_delay 1
    authentication {
        auth_type PASS
        auth_pass password
    }
    track_interface {
       eth0
    }
    virtual_ipaddress {
        172.16.50.2/16 dev eth0 label eth0:1
    }
    track_script {
        chk_httpd
        chk_schedown
    }
    notify_master "/etc/keepalived/notify.sh master eth0:1"
    notify_backup "/etc/keepalived/notify.sh backup eth0:1"
    notify_fault "/etc/keepalived/notify.sh fault eth0:1"
}

5.2、修改节点2的配置文件

# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_2 {
    interface eth0
    state MASTER  # BACKUP for slave routers
    priority 101  # 100 for BACKUP
    virtual_router_id 52
    garp_master_delay 1
    authentication {
        auth_type PASS
        auth_pass password
    }  
    track_interface {
       eth0
    }  
    virtual_ipaddress {
        172.16.50.2/16 dev eth0 label eth0:1
    }  
    track_script {
        chk_httpd
        chk_schedown
    }  
    notify_master "/etc/keepalived/notify.sh master eth0:1"
    notify_backup "/etc/keepalived/notify.sh backup eth0:1"
    notify_fault "/etc/keepalived/notify.sh fault eth0:1"
}

5.3、重启服务

5.3.1、启动节点1

# service keepalived restart

5.3.2、启动节点2

# service keepalived restart

5.4、验证

5.4.1、查看节点1的IP

# ifconfig

5.4.2、查看节点2的IP

# ifconfig

5.4.3、在物理机上分别访问

http://172.16.50.1

http://172.16.50.2

5.5、模拟节点2 down掉

5.5.1、创建一个down文件

# touch /etc/keepalived/down

5.5.2、查看节点2的IP

5.5.3、查看节点1的IP

5.5.4、验证

在物理主机上访问

http://172.16.50.1

http://172.16.50.2

5.6、删除down文件

# rm -rf /etc/keepalived/down

5.6.1、查看节点2IP，看是否夺回了资源

5.6.2、物理主机服务172.16.50.2

5.7、模拟节点1 down掉

5.7.1、创建一个down文件

# touch /etc/keepalived/down

5.7.2、查看节点1的IP

5.7.3、查看节点2的IP

5.7.4、验证

在物理主机上访问

http://172.16.50.1

http://172.16.50.2

5.8、删除down文件

# rm -rf /etc/keepalived/down

5.8.1、查看节点2IP，看是否夺回了资源

5.8.2、物理主机服务172.16.50.2

注意：虽然叫双主模型，但不是双主模型，因为使用了不同的

这就是keepalived所要实现的功能，当然它的功能远不止这些，这里只讲了一小部分，希望对读者有所帮助哦！