介绍:
VRRP
VRRP(Virtual Router Redundancy Protocol)虚拟路由冗余协议将局域网的一组路由器
(包括一个Master 即活动路由器和若干个Backup 即备份路由器)组织成一个虚拟路由器,
并虚拟出一个IP(VIP),局域网内的主机知道这个虚拟路由器的IP 地址就可以了,不需要
知道具体的Master 路由器的IP 地址以及Backup 路由器的IP 地址,它们将自己的缺省路由
下一跳地址设置为该虚拟路由器的IP 地址并通过这个虚拟的路由器来与其它网络进行通信。
如果备份组内的Master 路由器坏掉,Backup 路由器将会通过选举策略选出一个新的Master
路由器,继续向网络内的主机提供路由服务。从而实现网络内的主机不间断地与外部网络进
行通信。关于VRRP 协议的详细信息,可以参考RFC 2338和这篇文章:http://www.cublog.cn/u/12313/showart_235796.html
简单说来就是keepalived是用来增强lvs服务器池中服务器的健康检查和故障隔离的,此外keepa
lived还实现了用 VRRPv2 stack 来处理节点的失败切换。
架构:
在我这个架构中,由于访问量不大,没有用到LVS,下面webserver的负载均衡是用nginx来做的,
用keepalived的vrrp功能来做故障切换-〉在master 192.168.1.106出现故障时backup 192.168.1.107
接管vip并提供服务,在master正常情况下这个backup是用不到的。
VIP: 192.168.1.200
nginx1(master): 192.168.1.106
nginx2(backup): 192.168.1.107
webserver: 192.168.2.2/3/4
安装:
需要安装pcre
nginx:
[root@server1 ~]# ./configure --prefix=/usr/local/nginx
[root@server1 ~]# make && make install
keepalive:
[root@server1 ~]# yum install kernel-devel
[root@server1 ~]# wget http://www.keepalived.org/software/keepalived-1.2.1.tar.gz
[root@server1 ~]# tar zxvf keepalived-1.2.1.tar.gz
[root@server1 ~]# cd keepalived-1.2.1
[root@server1 ~]# ./configure --prefix=/usr/local/keepalived --with-kernel-dir=
/usr/src/kernels/2.6.18-238.9.1.el5-x86_64/
Keepalived configuration
------------------------
Keepalived version : 1.2.1
Compiler : gcc
Compiler flags : -g -O2 -DETHERTYPE_IPV6=0x86dd
Extra Lib : -lpopt -lssl -lcrypto
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
Use VRRP Framework : Yes
Use Debug flags : No
[root@server1 ~]# make
[root@server1 ~]# make install
[root@server1 ~]# cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
[root@server1 ~]# cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
[root@server1 ~]# cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
[root@server1 ~]# mkdir /etc/keepalived
[root@server1 ~]# touch /etc/keepalived/keepalived.conf
配置:
nginx:
upstream solr {
server 192.168.2.2:80 weight=1 max_fails=3 fail_timeout=20s;
server 192.168.2.3:80 weight=1 max_fails=3 fail_timeout=20s;
server 192.168.2.4:80 weight=1 max_fails=3 fail_timeout=20s;
}
server {
listen 80;
server_name 172.16.2.7;
server_name_in_redirect off;
location / {
proxy_pass http://solr;
}
}keepalive: master
## global setting ##
global_defs {
router_id NGINX_FAILOVERE
}
## nginx check script ##
vrrp_script chk_nginx {
script "/opt/mytools/chk_nginx.sh"
interval 10
}
## vrrp setting ##
vrrp_instance VI_1 {
state MASTER
interface bond0
virtual_router_id 51
mcast_src_ip 192.168.1.106
priority 150
advert_int 5
authentication {
auth_type PASS
auth_pass imusic
}
track_script {
chk_nginx
}
virtual_ipaddress {
192.168.1.200
}
}
keepalive: backup
## global setting ##
global_defs {
router_id NGINX_FAILOVERE
}
## nginx check script ##
vrrp_script chk_nginx {
script "/opt/mytools/chk_nginx.sh"
interval 10
}
## vrrp setting ##
vrrp_instance VI_1 {
state BACKUP
interface bond0
virtual_router_id 51
mcast_src_ip 192.168.1.107
priority 130
advert_int 5
authentication {
auth_type PASS
auth_pass imusic
}
track_script {
chk_nginx
}
virtual_ipaddress {
192.168.1.200
}
}
nginx的配置没什么好说的,只是想做两个节点间的故障切换,所以keepalived 只要配置VRRP
就可以了,主备配置不同的地方只有红色加粗的那些。
另外比较重要的是vrrp_script和track_script,track_script指定检查脚本,/opt/mytools/chk_nginx.sh
的功能是检查本机nginx的状态,nginx服务死了则将它重启,如果重启失败就将keepalived停掉
让另一台keepalived接管VIP,这样做是为了避免keepalived没有死而nginx死掉时发生的单点故障,
如master 192.168.1.106上的keepalived运行正常而nginx没有启动,这时是不能成功访问
http://192.168.1.200的。
使用:
[root@server1 ~]# /etc/init.d/keepalived start #启动
[root@server1 ~]# ifconfig eth0:0 $VIP broadcast $VIP netmask 255.255.255.255 up
[root@server1 ~]# route add -host $VIP dev eth0:0
[root@server1 ~]# echo “1” > /proc/sys/net/ipv4/ip_forward #keepalived服务需要开启路由转发功能
[root@server1 ~]# ip add #可以看到VIP 192.168.1.200已经绑到了网卡bond0
7: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue
link/ether 00:26:55:83:e2:10 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.106/24 brd 192.168.1.255 scope global bond0
inet 192.168.1.200/32 scope global bond0
inet6 fe80::226:55ff:fe83:e210/64 scope link
valid_lft forever preferred_lft forever
附:
vrrp_script配置参数
script 脚本名或命令
interval 脚本执行间隔,隔多久执行一次,单位为秒
weight -40 #if failed, decrease 40 of the priority
fall 1 #require 2 failures for failures
rise 1 #equire 1 sucesses for ok
chk_nginx.sh 脚本内容:
#!/bin/sh
# check nginx server status
Nginx=/usr/local/nginx/sbin/nginx
NginxPort=80
Nmap=/usr/bin/nmap
Server=localhost
$Nmap $Server -p $NginxPort |grep "$NginxPort/tcp open"
if [ $? -ne 0 ];then
$Nginx
sleep 2
$Nmap $Server -p $NginxPort |grep "$NginxPort/tcp open"
[ $? -ne 0 ] && /etc/init.d/keepalived stop
fi
后端webserver不需要任何配置