负载均衡lvs+keepalived高可用的集群实用案例
1: keepalived 服务介绍
keepalived起初是专门为LVS设计的,专门用来监控集群系统 中各个服务节点的状态,后来又加入了VRRP(virtual 虚拟 router 路由器 redundancy 冗余protocol 协议 )功能,VRRP出现的目的 是为了解决静态路由出现的单点故障问题,它能保证网络不间断 稳定的运行,所以keepalived 一方面具有LVS cluster nodes healthchecks 的功能,另一方面具有lvs 的directors failover的功 能,
2:keppalived 服务的两大用途:healthchecks (健康检查)& failover (失败接管)。
2.1:LVS directors failover功能
ha failover功能:实现LB Master主机和backup主机之间故障 转移和自动切换。针对于两个负载均衡器Directors 同时工作而采 取的故障转移措施,当主负载均衡器(master)出现故障的情况 下,备份负载均衡器(backup)将自动接管主负载均衡服务器的 所有工作(vip资源以及相应服务);相反一但主负载均衡器 (directors)恢复正常了,master又会自动接管回所有工作
2.2:LVS cluster nodes healthchecks 功能
rs healthcheck功能:负载均衡定期检查RS的可用性决定是否 给其分发请求。当虚拟服务器中某一个甚至是几个真实服务器同 时发生故障无法提供服务时,负载均衡服务器会自动将其失效的 RS节点从待转发队列中清除出去,从而保证用户的访问不受 影响当故障的RS服务器被修复以后,系统又会自动地把它们加入 转发队列中的,根据调度算法分发给它们请求,给用户提供服 务.
2.3: keepalived 故障切换转移原理
keepalived directors 之间的故障切换转移,是通过VRRP协议(virtual router redundancy protocol)来实现的。在keepalived directors正常工作时,主directos节点会不断的向备节点广播心跳信息用已告诉备节点自己还活着,当主节点发生故障时,备directors 检测不到主directors的心跳广播,进而调用自身接管程序,接管主节点的ip资源以及服务。而当主节点恢复正常时,备节点会释放主节点故障时自己接管的ip资源以及服务。恢复到原来自身备用角色。
2.4 VRRP协议简单介绍:
虚拟路由器冗余协议(virtual router redundancy protocol)VRRP出现是为了解决静态路由的单节点故障,VRRP是通过一种竞选协议机制来将路由任务交给某台VRRP路由器,在VRRP虚拟路由器中,有多台物理的VRRP路由器,但是这多台物理的路由器并不同时工作,而是由一台称之为MASTER的负责路由工作,其他都是BACKUP,同时MASTER并非一成不变,VRRP协议让每个VRRP路由器参与竞选,最终获胜的就是MASTER,MASTER有一些特权,比如拥有虚拟路由器的IP地址,我们的主机就是用这个ip地址作为静态路由的,拥有特权的MASTER要负责转发发送送给网管地址的包和相应ARRP请求。
VRRP通过竞选协议来实现虚拟路由器的功能,所有的协议报文都是通过ip多播(multicase)包(多播地址224.0.0.18)形式发送的,虚拟路由器由VRID(0-255)和一组ip组成,对外表现一个周知的MAC地址:00-00-5E-00-01-{VRID} .所以在一个虚拟路由器中不管谁是MASTER,对外都是相同的MAC和IP(称之为VIP)。客户主机并不需要因为MASTER的改变修改自己的路由配置,对他们来说这种主从彻底是透明的。
在一个虚拟路由器中,只有作为MASTER的VRRP路由器会一直发送VRRP广告包(ARRP Advertisenment message)BACKUP不会强占MASTER除非它的优先级(priority)更高,当MASTER不可用时BACKUP,收不到广告包,多台BACKUP中优先级最高的这台会被强占为MASTER,这种枪占是非常快速的(1s),以保证服务的连续性。
处于安全角度考虑,VRRP包使用加密协议进行加密的。
此文件里面没有的额外配置还有
lvs_sync_daemon_interface 负载均衡器之间的监控借口,类似HA heartbeat 的心跳线
生产实用实例演示:负载均衡服务器端配置keepalived+lvs,readserver配置httpd。
1 主机列表及ip规划

负载均衡lvs+keepalived高可用的集群实用案例_第1张图片

2 在LVS1和LVS2上安装lvs(ipvsadm)
查看机器环境
lsmod | grep ip_vs
cat /etc/redhat-release
做link
ln -s /usr/src/kernels/2.6.32-696.16.1.el6.x86_64 /usr/src/linux
ll /usr/src/linux/
下载ipvsadm
mkdir /home/chenyantao/tools/
wget http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.24.tar.gz
ls
然后解压安装ipvsadm
tar -zxvf ipvsadm-1.24.tar.gz
cd keepalived-1.1.17
make
make install
echo $?
安装完毕
lsmod | grep ip_vs 查看模块是否加载
modprobe ip_vs手动加载模块
lsmod | grep ip_vs 查看确保
[root@lvs-01 keepalived-1.1.17]# lsmod | grep ip_vs
ip_vs 115643 0
libcrc32c 1246 1 ip_vs
ipv6 321422 265 ip_vs
3 在LVS1和LVS2上部署keepalived
3.1配置keepalived实现服务高可用功能
keepalived的官方站点是http://www.keepalived.org 官方文档:http://www.keepalived.org/documentation.html 通过官方地址我们可以获取keepalived软件包。

mkdir /home/chenyantao/tools
cd /home/chenyantao/tools/
wget http://www.keepalived.org/software/keepalived-1.1.17.tar.gz
负载均衡lvs+keepalived高可用的集群实用案例

tar zxf keepalived-1.1.17.tar.gz
cd keepalived-1.1.17
ls
负载均衡lvs+keepalived高可用的集群实用案例

./configure #仔细查看有没有报错,可以执行echo$?确定,如果结果是非0 基本都是缺少包导致 执行yum install package-level -y
[root@lvs-01 keepalived-1.1.17]# ./configure
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for a BSD-compatible install... /usr/bin/install -c
checking for strip... strip
checking how to run the C preprocessor... gcc -E
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for ANSI C header files... yes
checking for sys/wait.h that is POSIX.1 compatible... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking fcntl.h usability... yes
checking fcntl.h presence... yes
checking for fcntl.h... yes
checking syslog.h usability... yes
checking syslog.h presence... yes
checking for syslog.h... yes
checking for unistd.h... (cached) yes
checking sys/ioctl.h usability... yes
checking sys/ioctl.h presence... yes
checking for sys/ioctl.h... yes
checking sys/time.h usability... yes
checking sys/time.h presence... yes
checking for sys/time.h... yes
checking openssl/ssl.h usability... yes
checking openssl/ssl.h presence... yes
checking for openssl/ssl.h... yes
checking openssl/md5.h usability... yes
checking openssl/md5.h presence... yes
checking for openssl/md5.h... yes
checking openssl/err.h usability... yes
checking openssl/err.h presence... yes
checking for openssl/err.h... yes
checking for MD5_Init in -lcrypto... yes
checking for SSL_CTX_new in -lssl... yes
checking for poptGetContext in -lpopt... yes
checking for kernel version... 2.6.32-696
checking for /usr/src/linux/net/core/link_watch.c... no
checking net/ip_vs.h usability... yes
checking net/ip_vs.h presence... yes
checking for net/ip_vs.h... yes
checking for IPVS syncd support... yes
checking for an ANSI C-conforming const... yes
checking for pid_t... yes
checking whether time.h and sys/time.h may both be included... yes
checking whether gcc needs -traditional... no
checking for working memcmp... yes
checking return type of signal handlers... void
checking for gettimeofday... yes
checking for select... yes
checking for socket... yes
checking for strerror... yes
checking for strtol... yes
checking for uname... yes
configure: creating ./config.status
config.status: creating Makefile
config.status: creating genhash/Makefile
config.status: WARNING: genhash/Makefile.in seems to ignore the --datarootdir setting
config.status: creating keepalived/core/Makefile
config.status: creating keepalived/include/config.h
config.status: creating keepalived.spec
config.status: creating keepalived/Makefile
config.status: WARNING: keepalived/Makefile.in seems to ignore the --datarootdir setting
config.status: creating lib/Makefile
config.status: creating keepalived/vrrp/Makefile
config.status: creating keepalived/check/Makefile
config.status: creating keepalived/libipvs-2.6/Makefile

Keepalived configuration

Keepalived version : 1.1.17
Compiler : gcc
Compiler flags : -g -O2
Extra Lib : -lpopt -lssl -lcrypto
Use IPVS Framework : Yes #IPVS框架
IPVS sync daemon support : Yes # IPVS进程支持
Use VRRP Framework : Yes # VRRP的框架
Use LinkWatch : No
Use Debug flags : No

make
make install
echo $? 结果为0说明安装成功。
3.2执行安装完毕以后的其他配置工作
/bin/cp /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/ 生成启动脚本命令
/bin/cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/ 配置启动脚本的参数
mkdir /etc/keepalived 创建keepalived的默认配置文件的目录
/bin/cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/ 拷贝keepalived 的默认配置文件模板拷贝到你创建的路径。
/bin/cp /usr/local/sbin/keepalived /usr/sbin/ 将Keepalived命令拷贝到/usr/sbin 下面。
/etc/init.d/keepalived start
ps -ef | grep keepalived #检查一下是否启动成功。
root 1371 1 0 04:02 ? 00:00:00 keepalived -D
root 1374 1371 0 04:02 ? 00:00:01 keepalived -D
root 1419 1371 0 04:07 ? 00:00:00 keepalived -D
root 1422 1280 0 04:07 pts/0 00:00:00 grep keepalived
检查成功后,停止keepalived服务,因为此时加载的事默认配置文件,结下来我们要按要求配置配置文件。
首先我们要看一下keepalived的默认配置文件模板
[root@lvs-01 etc]# cd /et c/
[root@lvs-01 etc]# cat keepalived/keepalived.conf 此配置文件为模板
! Configuration File for keepalived !号开头的是注释信息 #号开头的 也是注释
global_defs { 全局配置
notification_email { 定义通知通报邮件
[email protected] 要通知的管理员名单br/>[email protected]
[email protected]
}
notification_email_from [email protected] 由谁通知。
smtp_server 192.168.200.1 #通知的邮件服务器的ip
smtp_connect_timeout 30 #超时时间
router_id LVS_DEVEL #虚拟路由器id
}

vrrp_instance VI_1 { #定义一个VRRP实例实例名称VI-1
state MASTER #定义这个实例在这个路由器中是主还是备
interface eth0 #配置ip地址在eth0上面配置
virtual_router_id 51 虚拟路由id 在一个配置文件有很多实例多 个实例里面的id 不能一样 。
priority 100 #priority 优先级
advert_int 1 keepalived之间通知的时间间隔
authentication { keepalived之间通信的验证密码
auth_type PASS pass 代表是明文的
auth_pass 1111 密码是 1111
}
virtual_ipaddress { 虚拟ip地址 也就是vip地址
192.168.200.16
192.168.200.17
192.168.200.18
}
}
virtual_server 192.168.232.80:80 { 创建virtual_server
delay_loop 6
lb_algo rr
lb_kind NAT
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP

相当于我们手动配置的ipvsadm -A -t 192.168.232.80:80 -s wrr

real_server 192.168.232.132 80  {
    weight 1
    SSL_GET {
        url {
          path /
          digest ff20ad2481f97b1754ef3e12ecd3a9cc
        }

#相当于ipvsadm -a -t 192.168.232.80:80 -r 192.168.232.132:80 -g -w 1
4按照这个模板我们配置keepalived.conf

负载均衡lvs+keepalived高可用的集群实用案例_第2张图片

/etc/init.d/keepalived start 开启 两边开启
5 查看下确保正常
watch ipvsadm -Ln --stat
master端
负载均衡lvs+keepalived高可用的集群实用案例_第3张图片
backup端
负载均衡lvs+keepalived高可用的集群实用案例_第4张图片
然后查看下lvs上面vip启了吗?
master端
[root@lvs-01 keepalived]# ip addr show | grep 192.168.232.80
inet 192.168.232.80/24 scope global secondary eth0:1
backup端
[root@lvs-02 keepalived]# ip addr show | grep 192.168.232.80
[root@lvs-02 keepalived]#
备节点没有就对了,如果主备都启vip说明裂脑了,裂闹在生产环境决不允许的,它使用户写入的数据通过两个负载均衡器分配到不同web上面。只有当主负载均衡器宕掉的情况下备结点才会接管vip。当主
6 然后readserver上部署httpd
首先查看是否已经安装
[root@RS01 ~]# rpm -qa http*
httpd-tools-2.2.15-60.el6.centos.6.x86_64
httpd-2.2.15-60.el6.centos.6.x86_64 #已安装
[root@RS01 ~]# /etc/init.d/httpd status
httpd (pid 1250) is running... #已运行
如果没安装的就
yum install http -y
7 realserver上面还需要做绑定vip工作和抑制ARP工作
写个脚本实现
#!/bin/bash
. /etc/init.d/functions
VIP=(
192.168.232.80
)
start(){

for ((i=0;i<${#VIP[@]};i++))
do
ifconfig lo:$i ${VIP[$i]} netmask 255.255.255.255 up
route add -host ${VIP[$i]} dev lo
done
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
}

stop(){
for ((i=0;i<${#VIP[@]};i++))
do
ifconfig lo:$i ${VIP[$i]} netmask 255.255.255.255 down
route del -host ${VIP[$i]} dev lo
done
if [ ${#VIP[@]} -le 1 ];then
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
fi
}
case "$1" in
start)
action "realserver vip is tied" /bin/true
start
;;
stop)
action "realserver vip is canceled" /bin/true
stop
;;
*)
echo "Usage:$0 {start|stop}"
;;
esac
8执行完毕后查看
负载均衡lvs+keepalived高可用的集群实用案例
9然后客户端通过浏览器访问vip测试
负载均衡lvs+keepalived高可用的集群实用案例_第5张图片
查看主备lvs动态数据

负载均衡lvs+keepalived高可用的集群实用案例

负载均衡lvs+keepalived高可用的集群实用案例_第6张图片
备件点只有正在主宕掉后才会有数据
备注:LVS之间的高可用以及健康检查 realserver拆除添加测试请自行测试,thx。