keepalived简介
Keepalived的作用是检测web服务器的状态,如果有一台web服务器死机,或工作出现故障,Keepalived将检测到,并将有故障的web服务器从系统中剔除,当web服务器工作正常后Keepalived自动将web服务器加入到服务器群中,这些工作全部自动完成,不需要人工干涉,需要人工做的只是修复故障的web服务器。
lvs简介
LVS是Linux Virtual Server的简写,意即Linux虚拟服务器,是一个虚拟的服务器集群系统。LVS集群采用IP负载均衡技术和基于内容请求分发技术。调度器具有很好的吞吐率,将请求均衡地转移到不同的服务器上执行,且调度器自动屏蔽掉服务器的故障,从而将一组服务器构成一个高性能的、高可用的虚拟服务器。整个服务器集群的结构对客户是透明的,而且无需修改客户端和服务器端的程序。为此,在设计时需要考虑系统的透明性、可伸缩性、高可用性和易管理性。
lvs-nat
多目标的DNAT,通过将请求报文中的目标地址和目标端口修改为挑选出的某RS的RIP和PORT实现转发;
1)RIP和DIP必须在同一IP网络,且应该使用私有地址;RS的网络要指向DIP(保证响应报文必须经由VS);
2)请求报文和响应报文都经由Director转发,较高负载下,Director易于成为系统性能瓶颈;
3)支持端口映射;
4)VS必须是Linux,RS可以是任意OS;
lvs-nat设计要点:
(1) DIP与RIP要在同一IP网络,RIP的网关要指向DIP;
(2) 支持端口映射;
(3) 是否用到共享存储取决业务需求;
keepalived提供高可用并监测后端服务器健康状态
lvs提供负载均衡
这里使用lvs-nat keepalived的主/备模型来搭建
实验环境:
虚拟机:VMware Workstation 12.1 pro
操作系统:CentOS 7
keepalived-1.2.13-7.el7.x86_64
ipvsadm-1.27-7.el7.x86_64
httpd-2.4.6-40.el7.centos.x86_64
IP规划:
DR-MASTER-外网IP:172.18.1.105
DR-BACKUP-外网IP:172.18.1.106
外网VIP:172.18.1.66
DR-MASTER-内网IP:192.168.10.1
DR-BACKUP-内网IP:192.168.10.2
RS1:192.168.10.11
RS2:192.168.10.12
RS1和RSS2的网关(内网VIP):192.168.10.254
实验拓扑图
开始前将所有主机的iptables和selinux关闭或者设置允许策略
systemctl stop iptables.service systemctl disable iptables.service setenforce 0 vim /etc/selinux/config SELINUX=disable
为DR-MASTER和DR-BACKUP打开网卡转发
vim /etc/sysctl.conf net.ipv4.ip_forward = 1 保存退出 sysctl -p cat /proc/sys/net/ipv4/ip_forward #结果为1就OK
为RS1、RS2配置IP地址和网关,并保证能ping通
yum -y install httpd
实验中为验证效果,在RS1新建一个主页为/var/www/html/index.html内容如下:
RS-1
RS2中新建主页为/var/www/html/index.html,内容如下:
RS-2
DR-MASTER
yum -y install keepalived ipvsadm
更改keepalived配置文件(与DR-BACKUP配置文件仅几处不同)
编辑 /etc/keepalived/keepalived.conf
! Configuration File for keepalived global_defs { notification_email { root@localhost #通知邮件 } notification_email_from [email protected] smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id lvs-keepalived } !配置外网VIP vrrp_instance VI_1 { state MASTER #类型为MASTER interface eno16777736 网卡 virtual_router_id 51 priority 100 #优先级 advert_int 1 authentication { auth_type PASS auth_pass 1a2b3c } virtual_ipaddress { 172.18.1.66 dev eno16777736 label eno16777736:0 #虚拟地址,可以有多个 } } !配置内网VIP vrrp_instance gateway{ state MASTER #类型为MASTER interface eno33554984 #网卡 virtual_router_id 70 priority 100 #优先级 advert_int 1 authentication { auth_type PASS auth_pass 1a2b3c } virtual_ipaddress { 192.168.10.254 dev eno33554984 label eno33554984:0 #虚拟地址 } } !配置外网VIP里的Real Server virtual_server 172.18.1.66 80 { delay_loop 6 lb_algo rr lb_kind NAT nat_mask 255.255.255.0 persistence_timeout 50 #会话保持时间,单位是秒。也可以把这句话删除,后面的测试里就会看到差异了 protocol TCP real_server 192.168.10.11 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.10.12 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } }
DR-BACKUP
yum -y install keepalived ipvsadm
修改 /etc/keepalived/keepalived.conf
! Configuration File for keepalived global_defs { notification_email { root@localhost } notification_email_from [email protected] smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id lvs-keepalived-backup } !配置外网VIP vrrp_instance VI_1 { state BACKUP interface eno16777736 virtual_router_id 51 priority 98 advert_int 1 authentication { auth_type PASS auth_pass 1a2b3c } virtual_ipaddress { 172.18.1.66 dev eno16777736 label eno16777736:0 } } !配置内网VIP vrrp_instance gateway{ state BACKUP interface eno33554984 virtual_router_id 70 priority 98 advert_int 1 authentication { auth_type PASS auth_pass 1a2b3c } virtual_ipaddress { 192.168.10.254 dev eno33554984 label eno33554984:0 } } !配置外网VIP里的Real Server virtual_server 172.18.1.66 80 { delay_loop 6 lb_algo rr lb_kind NAT nat_mask 255.255.255.0 persistence_timeout 50 protocol TCP real_server 192.168.10.11 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.10.12 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } }
启动keepalived服务
systemctl start keepalived.service
接下来测试
[root@bogon keepalived]# systemctl start keepalived.service #先启动备路由 [root@bogon keepalived]# ifconfig eno16777736: flags=4163mtu 1500 inet 172.18.1.106 netmask 255.255.0.0 broadcast 172.18.255.255 inet6 fe80::20c:29ff:fed9:c0c3 prefixlen 64 scopeid 0x20 ether 00:0c:29:d9:c0:c3 txqueuelen 1000 (Ethernet) RX packets 12467 bytes 5686965 (5.4 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 3552 bytes 245841 (240.0 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eno16777736:0: flags=4163 mtu 1500 inet 172.18.1.66 netmask 255.255.255.255 broadcast 0.0.0.0 ether 00:0c:29:d9:c0:c3 txqueuelen 1000 (Ethernet) eno33554984: flags=4163 mtu 1500 inet 192.168.10.2 netmask 255.255.255.0 broadcast 192.168.10.255 inet6 fe80::20c:29ff:fed9:c0cd prefixlen 64 scopeid 0x20 ether 00:0c:29:d9:c0:cd txqueuelen 1000 (Ethernet) RX packets 13069 bytes 1009235 (985.5 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 6025 bytes 444290 (433.8 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eno33554984:0: flags=4163 mtu 1500 inet 192.168.10.254 netmask 255.255.255.255 broadcast 0.0.0.0 ether 00:0c:29:d9:c0:cd txqueuelen 1000 (Ethernet) lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 0 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
接下来启动DR-MASTER的keepalived服务,IP地址已经添加上了
[root@bogon ~]# ifconfig eno16777736: flags=4163mtu 1500 inet 172.18.1.105 netmask 255.255.0.0 broadcast 172.18.255.255 inet6 fe80::20c:29ff:fe57:f99c prefixlen 64 scopeid 0x20 ether 00:0c:29:57:f9:9c txqueuelen 1000 (Ethernet) RX packets 7915 bytes 5496002 (5.2 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 18153 bytes 1300968 (1.2 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eno16777736:0: flags=4163 mtu 1500 inet 172.18.1.66 netmask 255.255.255.255 broadcast 0.0.0.0 ether 00:0c:29:57:f9:9c txqueuelen 1000 (Ethernet) eno33554984: flags=4163 mtu 1500 inet 192.168.10.1 netmask 255.255.255.0 broadcast 192.168.10.255 inet6 fe80::20c:29ff:fe57:f9a6 prefixlen 64 scopeid 0x20 ether 00:0c:29:57:f9:a6 txqueuelen 1000 (Ethernet) RX packets 11983 bytes 1511650 (1.4 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 24613 bytes 1769407 (1.6 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eno33554984:0: flags=4163 mtu 1500 inet 192.168.10.254 netmask 255.255.255.255 broadcast 0.0.0.0 ether 00:0c:29:57:f9:a6 txqueuelen 1000 (Ethernet) lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 0 (Local Loopback) RX packets 270 bytes 19719 (19.2 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 270 bytes 19719 (19.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
再次查看DR-BACKUP,已经没有各VIP了
[root@bogon keepalived]# ifconfig eno16777736: flags=4163mtu 1500 inet 172.18.1.106 netmask 255.255.0.0 broadcast 172.18.255.255 inet6 fe80::20c:29ff:fed9:c0c3 prefixlen 64 scopeid 0x20 ether 00:0c:29:d9:c0:c3 txqueuelen 1000 (Ethernet) RX packets 12959 bytes 5718561 (5.4 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 3661 bytes 257813 (251.7 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eno33554984: flags=4163 mtu 1500 inet 192.168.10.2 netmask 255.255.255.0 broadcast 192.168.10.255 inet6 fe80::20c:29ff:fed9:c0cd prefixlen 64 scopeid 0x20 ether 00:0c:29:d9:c0:cd txqueuelen 1000 (Ethernet) RX packets 13555 bytes 1044800 (1020.3 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 6194 bytes 456698 (445.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 0 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
测试网页
在keepalived配置文件中设置了persistence_timeout 50 这个选项对动态网页是非常有用的,为集群系统中的session共享提供了一个很好的解决方案。
所以,此次测试都是RS-2响应的。
[root@bogon ~]# curl 172.18.1.66RS-2
[root@bogon ~]# curl 172.18.1.66RS-2
[root@bogon ~]# curl 172.18.1.66RS-2
[root@bogon ~]# curl 172.18.1.66RS-2
[root@bogon ~]# curl 172.18.1.66RS-2
[root@bogon ~]# curl 172.18.1.66RS-2
[root@bogon ~]# curl 172.18.1.66RS-2
[root@bogon ~]#
将RS2服务关闭,并再次请求
[root@bogon ~]# curl 172.18.1.66RS-1
[root@bogon ~]# curl 172.18.1.66RS-1
[root@bogon ~]# curl 172.18.1.66RS-1
[root@bogon ~]# curl 172.18.1.66RS-1
查看lvs,已经自动把RS2移除了
[root@bogon ~]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 172.18.1.66:80 rr persistent 50 -> 192.168.10.11:80 Masq 1 0 5 您在 /var/spool/mail/root 中有新邮件
因技术不是很好,难免有遗漏和错误之处,还请斧正