首先,我们先说一个概念:VRRP
VRRP:Virtual Routing Redundent Protocol,称为虚拟路由冗余协议。这个协议本身主要是实现地址漂移的,即当主路由损坏的话,可通过VRRP协议将IP地址转至备份路由上,不至于网络工作的损失。
然后说我们的重点:keepalived
Keepalived是一个专门为lvs提供高可用功能的机制,它可以实现当有两个主从lvs,而且主lvs损坏的时候,将其IP地址以及lvs转移至备份lvs上。IP地址转移就应用了我们前面说的VRRP协议,lvs转移可定义其配置文件,动态生成ipvs规则,还能实现健康状况检查。
接下来就说keepalived的基本配置
一、准备环境
1、实例目的:
安装keepalived,实现其lvs及web高可用的功能。
2、准备三台主机,这里以RHEL5的虚拟机实现。
3、下载软件包,可以编译安装,也可以直接用rpm包安装。我这里直接下载rpm包安装。
(下载地址:http://www.keepalived.org)
二、规划
Keepalived主机的IP:
HA1:172.16.13.3
HA2:172.16.13.4
Lvs基于DR模型的IP:
DR1:172.16.14.3
DR2:172.16.14.4
DR的VIP配置在lo0:0接口上:172.16.14.1
三、实现过程
【两个节点的准备工作】
1、配置节点的IP,并能互相通信
# setup # ping 172.16.13.4 [# ping 172.16.13.3]
2、改两个节点的主机名与uname -n相同
# hostname node1 # uname -n # vim /etc/sysconfig/network 使其永久生效
3、ssh互信通信
# ssh-keygen -t rsa -f ~/.ssh/id_rsa -P '' # ssh-copy-id -i .ssh/id_rsa.pub [email protected] # ssh 172.16.13.4 'ifconfig' 测试是否成功
4、配置主机名解析
# vim /etc/hosts 172.16.13.3 node1 node1 172.16.13.4 node2 node2 [ # scp /etc/hosts node2:/etc/hosts ]
5、基于主机名能够通信
# ping node2
6、时间同步
# service ntpd stop # chkconfig ntpd off # ntpdate 172.16.0.1 # date
(第二个节点与第一个节点的配置一样,只需将IP地址改一下即可)
【安装配置keepalived: node1与node2的操作基本相同】
node1:172.16.13.3
# yum -y --nogpgcheck localinstall keepalived-1.2.7-5.el5.i386.rpm 安装软件包 # vim /etc/keepalived/keepalived.conf 修改配置文件 global_defs { notification_email { root@localhost # 邮件地址 } notification_email_from root@localhost # 发件人 smtp_server 127.0.0.1 # 邮件服务器地址 smtp_connect_timeout 30 # 连接超时间 router_id LVS_DEVEL } vrrp_instance VI_1 { state MASTER # 定义初始状态,这里是主节点 interface eth0 # 虚拟路由工作的物理接口 virtual_router_id 51 # 组ID priority 101 # 主节点的优先级 advert_int 1 # 发送通高的时间间隔 authentication { auth_type PASS # 密码认证 auth_pass password } virtual_ipaddress { 172.16.14.1/16 dev eth0 label eth0:0 # 在别名上配置虚拟地址 } } virtual_server 172.16.14.1 80 { # vip地址以及对应的端口 delay_loop 6 lb_algo wlc # 调度算法 lb_kind DR # lvs类型 nat_mask 255.255.0.0 # 网络掩码 protocol TCP # tcp协议 real_server 172.16.14.3 80 { #realser的地址 weight 1 # 权重 HTTP_GET { #为http服务进行健康状态检查 url { # 监测http服务的url path / status_code 200 # 正确的状态码 } connect_timeout 2 # 连接的超时时长 nb_get_retry 3 # 重试次数 delay_before_retry 1 # 延迟时间 } } real_server 172.16.14.4 80 { weight 1 HTTP_GET{ url { path / status_code 200 } connect_timeout 2 nb_get_retry 3 delay_before_retry 1 } } }
如果要使用TCP_CHECK检测各realserver的健康状态,那么,上面关于realserver部分的定义也可以替换为如下内容:
virtual_server 172.16.100.1 80 { delay_loop 6 lb_algo rr lb_kind DR persistence_timeout 300 protocol TCP sorry_server 127.0.0.1 80 real_server 172.16.100.11 80 { weight 1 TCP_CHECK { tcp_port 80 connect_timeout 3 } } real_server 172.16.100.12 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 3 } } }
说明:其中的sorry_server是用于定义所有realserver均出现故障时所用的服务器。
[将node1的配置文件复制到node2上]
node2:172.16.13.4
修改其vrrp状态为备份节点BACKUP,以及优先级要低于主节点。
# vim /etc/keepalived/keepalived.conf
【分别将两个节点的keepalived启动】
在主节点上执行ifconfig,可得到我们定义的虚拟网卡地址:
安装ipvsadm,并查看自动生成的规则
# yum -y install ipvsadm
在客户端上打开浏览器访问测试:http://172.16.14.1
下面将配置基于web服务实现keepalived的高可用。
(可在上面的基础上配置,这里是实现HA主机上的web高可用)
【先将keepalived服务停止,分别在HA1和HA2上安装web服务】
# yum install -y httpd # service httpd start
【提供网页文件,并打开网页测试是否能访问成功】
# vim /var/www/html/index.html <h1>node1</h1> [ <h2>node2</h2> ]
【修改配置文件】
! Configuration File for keepalived global_defs { notification_email { [email protected] [email protected] } notification_email_from [email protected] smtp_connect_timeout 3 smtp_server 127.0.0.1 router_id LVS_DEVEL } vrrp_script chk_httpd { script "killall -0 httpd" interval 2 # check every 2 seconds weight -2 # if failed, decrease 2 of the priority fall 2 # require 2 failures for failures rise 1 # require 1 sucesses for ok } vrrp_script chk_schedown { script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0" interval 2 weight -2 } vrrp_instance VI_1 { interface eth0 # interface for inside_network, bound by vrrp state MASTER # Initial state, MASTER|BACKUP # As soon as the other machine(s) come up, # an election will be held and the machine # with the highest "priority" will become MASTER. # So the entry here doesn't matter a whole lot. priority 101 # for electing MASTER, highest priority wins. # to be MASTER, make 50 more than other machines. virtual_router_id 51 # arbitary unique number 0..255 # used to differentiate multiple instances of vrrpd # running on the same NIC (and hence same socket). garp_master_delay 1 authentication { auth_type PASS auth_pass password } track_interface { eth0 } # optional, monitor these as well. # go to FAULT state if any of these go down. virtual_ipaddress { 172.16.14.1/16 dev eth0 label eth0:0 } #addresses add|del on change to MASTER, to BACKUP. #With the same entries on other machines, #the opposite transition will be occuring. #<IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPE> label <LABEL> track_script { chk_httpd chk_schedown notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" }
在/etc/keepalived/创建一个脚本文件,notify.sh,内容如下:
#!/bin/bash # Author: MageEdu <[email protected]> # description: An example of notify script # vip=172.16.100.1 contact='root@localhost' Notify() { mailsubject="`hostname` to be $1: $vip floating" mailbody="`date '+%F %H:%M:%S'`: vrrp transition, `hostname` changed to be $1" echo $mailbody | mail -s "$mailsubject" $contact } case "$1" in master) notify master /etc/rc.d/init.d/haproxy start exit 0 ;; backup) notify backup /etc/rc.d/init.d/haproxy restart exit 0 ;; fault) notify fault exit 0 ;; *) echo 'Usage: `basename $0` {master|backup|fault}' exit 1 ;; esac
【在node2上修改从node1复制的主配置文件】
【在双节点上启动keepalived服务,并查看主节点的网卡信息】
# service keepalived start # ifconfig
在客户端访问http://172.16.14.1
这时的http服务在node1上。
【我们模拟主节点node1故障】
浏览器访问测试
双主模型的web服务高可用
【在两个节点的主配置文件中添加下面一段代码即可】
vrrp_instance VI_2 { interface eth0 state BACKUP # VI_1为主,这个就配置为从。(在node2上相反) priority 101 # 100 for BACKUP virtual_router_id 52 # 组ID不能与VI_1的组ID相同 garp_master_delay 1 authentication { auth_type PASS auth_pass password } track_interface { eth0 } virtual_ipaddress { 172.16.14.2/16 dev eth0 label eth0:1 } track_script { chk_httpd chk_schedown } notify_master "/etc/keepalived/notify.sh master eth0:1" notify_backup "/etc/keepalived/notify.sh backup eth0:1" notify_fault "/etc/keepalived/notify.sh fault eth0:1" }
【两个节点分别重启keepalived服务,并查看网卡地址】
# service keepalived restart # ifconfig
【模拟node2故障】
浏览器访问测试:
附:DR的配置
两个RS主机:
时间同步:
# service ntpd stop # chkconfig ntpd off # ntpdate 172.16.0.1 # date
这里有一个写好的脚本,在两台RS上分别执行一下即可。(也可以手动配置,手动配置过程脚本中都有显示。这里为了方便直接运行脚本)
#!/bin/bash # # Script to start LVS DR real server. # chkconfig: - 90 10 # description: LVS DR real server # . /etc/rc.d/init.d/functions VIP=172.16.100.1 host=`/bin/hostname` case "$1" in start) # Start LVS-DR real server on this machine. /sbin/ifconfig lo down /sbin/ifconfig lo up echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce /sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up /sbin/route add -host $VIP dev lo:0 ;; stop) # Stop LVS-DR real server loopback device(s). /sbin/ifconfig lo:0 down echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce ;; status) # Status of LVS-DR real server. islothere=`/sbin/ifconfig lo:0 | grep $VIP` isrothere=`netstat -rn | grep "lo:0" | grep $VIP` if [ ! "$islothere" -o ! "isrothere" ];then # Either the route or the lo:0 device # not found. echo "LVS-DR real server Stopped." else echo "LVS-DR real server Running." fi ;; *) # Invalid entry. echo "$0: Usage: $0 {start|status|stop}" exit 1 ;; Esac