Keepalived是类似于layer3层,4层,7层交换机制的软件,作用是检查WEB服务器健康状态,根据超时间件来判断WEB服务器的健康状态,其中一台WEB节点出现故障,Keepalived将会把故障的WEB节点移除。故障修复后自动添加回来。
layer3层,4层,7层工作在TCP/IP的协议栈的IP层,TCP层,应用层。
keepalived使用layer3层的方式工作时,keepalived会根据设定时间定期像后端服务器发送一个ICMP的ping包,来检测web服务器是否在线。
keepalived使用layer4层的方式工作时,是根据TCP的端口来进行检测,例如web服务器的80端口。
keepalived使用layer7层的方式工作时,就需要检测的是web节点的httpd或者nginx是否正常运行。
下图为根据keepalived画出简单的OSI7层模型:
keepalived上面说到是检查后端服务器健康状态的,也就是模拟VRRP的工作模式来实现的。
VRRP的特点:VRRP是一种容错协议,保证当主机的下一跳路由出现故障,由另外一台路由器代替出现故障的路由器进行工作,而保证网络通信的连接性及可靠性。
VRRP将局域网内的一组路由器划分在一起,形成一个VRRP备份组,它在功能上相当于一台虚拟路由器,使用虚拟路由器号进行标识。以下使用虚拟路由器代替VRRP备份组进行描述。
虚拟路由器有自己的虚拟IP地址和虚拟MAC地址,它的外在表现形式和实际的物理路由器完全一样。局域网内的主机将虚拟路由器的IP地址设置为默认网关,通过虚拟路由器与外部网络进行通信。
准备两个主机,安装keepalived。既然是模拟VRRP的工作模式,就需要一个MASTER节点和一个BACKUP节点。
安装keepalived。
# yum install keepalived
配置MASTER节点的keepalived.conf主配置文件。
! Configuration File forkeepalived global_defs { #全局定义段 notification_email { [email protected] [email protected] [email protected] } [email protected] smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_DEVEL } vrrp_instance VI_1 { #实例名称 state MASTER #当前节点为主节点 interface eth1 #指定网卡 virtual_router_id 132 #虚拟路由ID,默认为51 priority 100 #优先级,主节点要数字要大于从节点 advert_int 1 authentication { auth_type PASS auth_pass 111111 } virtual_ipaddress { #虚拟IP地址 192.168.0.121 } }
BACKUP节点需要修改下优先级和虚拟路由ID即可。
MASTER节点可以查看下日志,keepalived是否正常启动。
# tail -f /var/log/messages Sep 22 02:02:12 webKeepalived_healthcheckers[2734]: Opening file '/etc/keepalived/keepalived.conf'. Sep 22 02:02:12 webKeepalived_healthcheckers[2734]: Configuration is using : 7450 Bytes Sep 22 02:02:12 webKeepalived_vrrp[2735]: VRRP sockpool: [ifindex(3), proto(112), fd(11,12)] Sep 22 02:02:12 webKeepalived_healthcheckers[2734]: Using LinkWatch kernel netlink reflector... Sep 22 02:02:13 webKeepalived_vrrp[2735]: VRRP_Instance(VI_1) Transition to MASTER STATE Sep 22 02:02:14 webKeepalived_vrrp[2735]: VRRP_Instance(VI_1) Entering MASTER STATE Sep 22 02:02:14 webKeepalived_vrrp[2735]: VRRP_Instance(VI_1) setting protocol VIPs. Sep 22 02:02:14 webKeepalived_vrrp[2735]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for192.168.0.121 Sep 22 02:02:14 webKeepalived_healthcheckers[2734]: Netlink reflector reports IP 192.168.0.121added Sep 22 02:02:19 webKeepalived_vrrp[2735]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for192.168.0.121
查看指定配置的虚拟IP。
# ip addr show | grep eth1 3: eth1:mtu 1500 qdisc pfifo_fast state UP qlen1000 inet 192.168.0.110/24 brd 192.168.0.255scope global eth1 inet 192.168.0.121/32 scope global eth1 192.168.0.121已经在这里了
停止掉keepalived,看看虚拟IP是否还在。
# ip addr show | grep eth1 3: eth1:mtu 1500 qdisc pfifo_fast state UP qlen1000 inet 192.168.0.110/24 brd 192.168.0.255 scope global eth1
接下来在BACKUP的节点启动keepalived。
# service keepalived start Starting keepalived: [ OK ] # ip addr show | grep eth1 3: eth1:mtu 1500 qdisc pfifo_fast state UP qlen1000 inet 192.168.0.111/24 brd 192.168.0.255scope global eth1 inet 192.168.0.121/32 scope global eth1
这时候在MASTER节点启动keepalived,查看虚拟IP是否回到主节点。
# ip addr show | grep eth1 3: eth1:mtu 1500 qdisc pfifo_fast state UP qlen1000 inet 192.168.0.110/24 brd 192.168.0.255scope global eth1 inet 192.168.0.121/32 scope global eth1 虚拟IP重新回来了
可以查看下BACKUP节点的日志。
# tail -f /var/log/messages Sep 22 02:07:10 webKeepalived_vrrp[1904]: VRRP_Instance(VI_1) Transition to MASTER STATE Sep 22 02:07:11 webKeepalived_vrrp[1904]: VRRP_Instance(VI_1) Entering MASTER STATE Sep 22 02:07:11 webKeepalived_vrrp[1904]: VRRP_Instance(VI_1) setting protocol VIPs. Sep 22 02:07:11 webKeepalived_vrrp[1904]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for192.168.0.121 Sep 22 02:07:11 webKeepalived_healthcheckers[1903]: Netlink reflector reports IP 192.168.0.121added Sep 22 02:07:16 webKeepalived_vrrp[1904]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for192.168.0.121 Sep 22 02:07:41 webKeepalived_vrrp[1904]: VRRP_Instance(VI_1) Received higher prio advert Sep 22 02:07:41 webKeepalived_vrrp[1904]: VRRP_Instance(VI_1) Entering BACKUP STATE Sep 22 02:07:41 webKeepalived_vrrp[1904]: VRRP_Instance(VI_1) removing protocol VIPs. Sep 22 02:07:41 webKeepalived_healthcheckers[1903]: Netlink reflector reports IP 192.168.0.121removed
重新选举后,虚拟IP被移除到192.168.0.121,这时候BACKUP节点的虚拟IP就没有了。
接下来实现Keepalived双主模式。
两个keepalived使用两个虚拟IP,每个节点都使用一个虚拟IP地址,当其中一台故障的时候,可以直接把虚拟IP地址转移到另外一台节点上去,另外一台正常工作的keepalived将会调度故障那台后端所管理的WEB主机。
MASTER节点的keepalived.conf添加如下配置。
vrrp_instance VI_2{ state BACKUP interface eth1 virtual_router_id 232 priority 99 advert_int 1 authentication { auth_type PASS auth_pass 222222 } virtual_ipaddress { 192.168.0.122 } }
定义第二个VRRP实例,修改节点为BACKUP,优先级为99,虚拟IP为192.168.0.122,虚拟路由ID为232。
而原BACKUOP节点定义修改节点为MASTER,优先级为100即可。
两个节点的keepalived都进行重启,虚拟IP就会一边一个。
# ip addr show |grep eth1 3: eth1:mtu 1500 qdisc pfifo_fast state UP qlen1000 inet 192.168.0.110/24 brd 192.168.0.255scope global eth1 inet 192.168.0.121/32 scope global eth1 # ip addr show |grep eth1 3: eth1: mtu 1500 qdisc pfifo_fast state UP qlen1000 inet 192.168.0.111/24 brd 192.168.0.255 scopeglobal eth1 inet 192.168.0.122/32 scope global eth1
而当我们把其中一个节点停掉的话,虚拟IP会立即转移到另外一个节点。
# ip addr show |grep eth1 3: eth1:mtu 1500 qdisc pfifo_fast state UP qlen1000 link/ether 00:0c:29:b0:80:e9 brdff:ff:ff:ff:ff:ff inet 192.168.0.110/24 brd 192.168.0.255scope global eth1 inet 192.168.0.121/32 scope global eth1 inet 192.168.0.122/32 scope global eth1
这样即可保证一台主机出现故障后后端WEB服务器正常被访问,并且可以解决另外一台服务器过于空闲。并且需要监控的时候还可以添加邮箱,可以以邮件的方式监控keepalived是否正常工作。
定义监控脚本,检查web服务运行状态。
vrrp_scriptchk_httpd { #定义一个名为chk_httpd的脚本 script "killall -0 httpd" #返回状态值 interval 1 #检测间隔时间 weight -5 #权重 fall 2 rise 1 } vrrp_instance VI_1{ state MASTER interface eth1 virtual_router_id 132 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 111111 } virtual_ipaddress { 192.168.0.121 } track_script { chk_httpd } notify_master "/etc/init.d/httpdstart" notify_backup "/etc/init.d/httpdstop" notify_fault "/etc/init.d/httpdstop" }
刚安装好的httpd是没有启动的,通过启动keepalived查看httpd是否同时启动。
# ss -tnl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 :::80 :::* LISTEN 0 128 :::22 :::* LISTEN 0 128 *:22 *:* LISTEN 0 100 ::1:25 :::* LISTEN 0 100 127.0.0.1:25 *:* 端口已经看见了
这时候把MASTER节点的keepalived.conf复制到BACKUP节点,并且修改虚拟路由ID和优先级。
LVS + Keepalived 的实现。
WEB节点的配置:
安装好httpd服务,配置回环接口IP地址。
# echo 1 >/proc/sys/net/ipv4/conf/eth1/arp_ignore # echo 1 >/proc/sys/net/ipv4/conf/all/arp_ignore # echo 2 >/proc/sys/net/ipv4/conf/all/arp_announce # echo 2 >/proc/sys/net/ipv4/conf/eth1/arp_announce # ifconfig eth0down # ifconfig lo:0192.168.0.150 netmask 255.255.255.255 broadcast 192.168.0.150 up # ifconfig lo:0 Link encap:Local Loopback inet addr:192.168.0.150 Mask:255.255.255.255 UP LOOPBACK RUNNING MTU:16436 Metric:1 # route add -host192.168.0.150 dev lo:0
另外一台WEB节点相同配置。
后端服务器准备完毕后,开始配置keepalived。
# vim /etc/keepalived/keepalived.conf vrrp_instance VI_1{ state MASTER interface eth1 virtual_router_id 132 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 111111 } virtual_ipaddress { 192.168.0.150 } } virtual_server192.168.0.150 80 { delay_loop 6 lb_algo rr lb_kind DR nat_mask 255.255.255.0 protocol TCP real_server 192.168.0.120 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 2 nb_get_retry 2 delay_before_retry 1 } } real_server 192.168.0.122 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 2 nb_get_retry 2 delay_before_retry 1 } } }
访问测试:
当把主节点的keepalived停掉后,查看虚拟IP是否转移以及ipvsadm规则。
# ip addr show |grep eth1 3: eth1:mtu 1500 qdisc pfifo_fast state UP qlen1000 inet 192.168.0.111/24 brd 192.168.0.255scope global eth1 inet 192.168.0.150/32 scope global eth1 # ipvsadm -L -n IP Virtual Serverversion 1.2.1 (size=4096) ProtLocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.0.150:80 rr -> 192.168.0.120:80 Route 1 0 1 -> 192.168.0.121:80 Route 1 0 1
虚拟IP顺利转移,也可以看到ipvsadm的规则了。
定义一个sorryserver 为了后端节点全部故障后用来响应的。
在keepalived.conf中添加一条。
sorry_server192.168.0.110 80
下面把WEB服务器的两个节点全部停掉,测试。
测试完成。