集群系列教程之:keepalived+lvs
前言:最近看群里很多人在问keepalived+lvs的架构怎么弄,出了各种各样的问题,为此特别放下了别的文档,先写一篇keepalived+lvs架构的文档,使那些有需求的人能够得以满足。但是此篇文档是架构文档,不是基础理论,但我想你能做这个架构,势必也了解了基础理论知识,更多的理论知识体系,请看下回分解。。。。
测试拓扑:
环境说明:
从上面的拓扑图,就可以看出本实验的环境信息,其中实线代表的是真实的物理连接,而虚线表示的是逻辑关系。
hostname:test1.lxm.com
IP:
vip:eth0:0:10.0.10.200/24 //会不会有人看不懂含义啊?这个表示vip地址配置在eth0网卡的虚拟网卡eth0:0上,且ip地址是10.0.10.200/24
DIP:eth0:10.0.10.11/24
HAip:eth1:10.0.0.16/24 //所谓的HAip就是要用来传递心跳信息的网卡上的ip地址,在线上环境通常是要把数据网卡和心跳网卡分开的
function: 用做keepalived+lvs的前端主机
hostname:test2.lxm.com
IP:
vip:eth0:0;10.0.10.200/24
DIP:eth0:10.0.10.12/24
HAip:eth1:10.0.10.18/24
function:用做keepalived+lvs的前端主机
hostname:test3.lxm.com
IP:
vip:lo:0:10.0.10.200/32
RIP:eth0:10.0.10.13/24
function:用作后端web
hostname:test4.lxm.com
IP:
vip:lo:0:10.0.10.200/32
RIP:eth0:10.0.10.14/24
function:用作后端web
hostname:test5.lxm.com
IP:
vip:lo:0:10.0.10.200/32
RIP:eth0:10.0.10.15/24
function: 用来做备用的web,什么 意思呢?就是当后端web全部故障的时候,keepalived可以设置将其请求转发到这台web上,给用户一个好的错误体验而已,体验内容随你自己喜欢。。
此外,这里的lvs使用的模型是DR模型,在拓扑上已经标注,其实从ip地址信息,也应该能看出来是DR模型。。。
初始化工作:
所有主机配置好网络环境,尤其要注意前端两台做keepalived+lvs的是两个网卡,其次关闭selinux和iptables,配置好yum源。另外一个重点是一定要所有主机同步好时间,这将是你集群能
否成功的关键。。
架构部署:
关于架构部署的事情,我想说的是,不要一上来就乱搞一通,这个装装,那个装装,最后一测试,巴拉巴拉一大堆错误,看到错误信息,脑袋直接蒙了,不知道该怎么检查。。所以部署架构
的时候一定要分层次。一个层次一个层次的去测试,直到最终完成。。
就比如这里谈到的keepalived+lvs的架构,下面分这几个层次部署:
1.先部署后端三台web服务器,并测试web服务能够正常访问;
2.在前端两台主机上分别部署lvs,整合lvs+web,分别测试两台lvs主机和后端web配合能正常提供服务;
3.在前端两台主机上分别部署keepalived,整合keepalived+lvs;
4.测试keepalived是否能够满足HA的需求;
哈哈,看了上面几个层次,是否顿觉架构清晰了不少,当然不排除你比我有更好的思路哦。。。。。
1.部署realserver(后端web)上的web服务
主机:test3.lxm.com
[root@test3 /]# rpm -qa | grep httpd //这里以httpd为例,如果你需要,你也可以使用nginx等其他web软件
[root@test3 /]# yum -y install httpd
[root@test3 /]# cd /var/www/html/
[root@test3 html]# ls
[root@test3 html]# echo "<h1>this is test3.lxm.com</h1>" > index.html
[root@test3 html]# vim /etc/httpd/conf/httpd.conf
将配置文件中的ServerName字段修改为:
ServerName 0.0.0.0:80
[root@test3 html]# service httpd start
Starting httpd: [ OK ]
[root@test3 html]#
[root@test3 html]# ps aux | grep httpd
root 1660 0.0 1.4 175708 3660 ? Ss 11:56 0:00 /usr/sbin/httpd
apache 1662 0.0 0.9 175708 2392 ? S 11:56 0:00 /usr/sbin/httpd
apache 1663 0.0 0.9 175708 2392 ? S 11:56 0:00 /usr/sbin/httpd
apache 1664 0.0 0.9 175708 2392 ? S 11:56 0:00 /usr/sbin/httpd
apache 1665 0.0 0.9 175708 2392 ? S 11:56 0:00 /usr/sbin/httpd
apache 1666 0.0 0.9 175708 2392 ? S 11:56 0:00 /usr/sbin/httpd
apache 1667 0.0 0.9 175708 2392 ? S 11:56 0:00 /usr/sbin/httpd
apache 1668 0.0 0.9 175708 2392 ? S 11:56 0:00 /usr/sbin/httpd
apache 1669 0.0 0.9 175708 2392 ? S 11:56 0:00 /usr/sbin/httpd
root 1679 0.0 0.3 103244 848 pts/0 S+ 11:58 0:00 grep httpd
[root@test3 html]# netstat -nultp | grep httpd
tcp 0 0 :::80 :::* LISTEN 1660/httpd
[root@test3 html]# links --dump http://10.0.10.13
this is test3.lxm.com
[root@test3 html]
到此,第一台web已经搭建完成。。。。
主机:test4.lxm.com
[root@test4 /]# rpm -qa | grep httpd
[root@test4 /]# yum -y install httpd
[root@test4 /]# cd /var/www/html/
[root@test4 html]# ls
[root@test4 html]# echo "<h1>this is test4.lxm.com</h1>" > index.html
[root@test4 html]# vim /etc/httpd/conf/httpd.conf
将配置文件中的ServerName字段修改为:
ServerName 0.0.0.0:80
[root@test4 html]# service httpd start
Starting httpd: [ OK ]
[root@test4 html]# ps aux | grep httpd
root 1672 0.0 1.5 175708 3668 ? Ss 12:01 0:00 /usr/sbin/httpd
apache 1674 0.0 0.9 175708 2400 ? S 12:01 0:00 /usr/sbin/httpd
apache 1675 0.0 0.9 175708 2400 ? S 12:01 0:00 /usr/sbin/httpd
apache 1676 0.0 0.9 175708 2400 ? S 12:01 0:00 /usr/sbin/httpd
apache 1677 0.0 0.9 175708 2400 ? S 12:01 0:00 /usr/sbin/httpd
apache 1678 0.0 0.9 175708 2400 ? S 12:01 0:00 /usr/sbin/httpd
apache 1679 0.0 0.9 175708 2400 ? S 12:01 0:00 /usr/sbin/httpd
apache 1680 0.0 0.9 175708 2400 ? S 12:01 0:00 /usr/sbin/httpd
apache 1681 0.0 0.9 175708 2400 ? S 12:01 0:00 /usr/sbin/httpd
root 1683 0.0 0.3 103244 848 pts/1 S+ 12:01 0:00 grep httpd
[root@test4 html]# netstat -nultp | grep httpd
tcp 0 0 :::80 :::* LISTEN 1672/httpd
[root@test4 html]# links --dump http://10.0.10.14
this is test4.lxm.com
[root@test4 html]#
到此,第二台web已经搭建测试完成。。。
注意:这里的每台web服务器页面内容都是不一样的,这是为了测试的时候效果明显,在生产环境中,加入负载均衡的web服务器上的web内容必须要保持一致。
2.部署备用web上的web服务
主机:test5.lxm.com
[root@test4 /]# rpm -qa | grep httpd
[root@test4 /]# yum -y install httpd
[root@test5 /]# cd /var/www/html/
[root@test5 html]# ls
[root@test5 html]# echo "<h1>this is test5.lxm.com</h1>" > index.html
[root@test5 html]# vim /etc/httpd/conf/httpd.conf
将配置文件中的ServerName字段修改为:
ServerName 0.0.0.0:80
[root@test5 html]# service httpd start
Starting httpd: [ OK ]
[root@test5 html]# ps aux | grep httpd
root 1613 0.0 1.5 175708 3664 ? Ss 12:03 0:00 /usr/sbin/httpd
apache 1615 0.0 0.9 175708 2396 ? S 12:03 0:00 /usr/sbin/httpd
apache 1616 0.0 0.9 175708 2396 ? S 12:03 0:00 /usr/sbin/httpd
apache 1617 0.0 0.9 175708 2396 ? S 12:03 0:00 /usr/sbin/httpd
apache 1618 0.0 0.9 175708 2396 ? S 12:03 0:00 /usr/sbin/httpd
apache 1619 0.0 0.9 175708 2396 ? S 12:03 0:00 /usr/sbin/httpd
apache 1620 0.0 0.9 175708 2396 ? S 12:03 0:00 /usr/sbin/httpd
apache 1621 0.0 0.9 175708 2396 ? S 12:03 0:00 /usr/sbin/httpd
apache 1622 0.0 0.9 175708 2396 ? S 12:03 0:00 /usr/sbin/httpd
root 1624 0.0 0.3 103244 848 pts/0 S+ 12:03 0:00 grep httpd
[root@test5 html]# netstat -nultp | grep httpd
tcp 0 0 :::80 :::* LISTEN 1613/httpd
[root@test5 html]# links --dump http://10.0.10.15
hello world!!!
[root@test5 html]#
到此,备份web也搭建完成了....
3.部署lvs环境
1)安装配置两台lvs director环境
主机:test1.lxm.com
[root@test1 /]# grep -i 'ip_vs' /boot/config-2.6.32-431.el6.x86_64 //查看当前系统内核是否支持lvs的功能,默认情况下都已经将lvs的模块集成到内核了。。。
CONFIG_IP_VS=m
CONFIG_IP_VS_IPV6=y
# CONFIG_IP_VS_DEBUG is not set
CONFIG_IP_VS_TAB_BITS=12
CONFIG_IP_VS_PROTO_TCP=y
CONFIG_IP_VS_PROTO_UDP=y
CONFIG_IP_VS_PROTO_AH_ESP=y
CONFIG_IP_VS_PROTO_ESP=y
CONFIG_IP_VS_PROTO_AH=y
CONFIG_IP_VS_PROTO_SCTP=y
CONFIG_IP_VS_RR=m
CONFIG_IP_VS_WRR=m
CONFIG_IP_VS_LC=m
CONFIG_IP_VS_WLC=m
CONFIG_IP_VS_LBLC=m
CONFIG_IP_VS_LBLCR=m
CONFIG_IP_VS_DH=m
CONFIG_IP_VS_SH=m
CONFIG_IP_VS_SED=m
CONFIG_IP_VS_NQ=m
CONFIG_IP_VS_FTP=m
CONFIG_IP_VS_PE_SIP=m
[root@test1 /]#
[root@test1 /]# rpm -qa | grep ipvsadm
[root@test1 /]# yum -y install ipvsadmin //安装lvs用户空间的管理软件ipvsadm,
[root@test1 /]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
[root@test1 /]#
如果能出现上面的信息,表示ipvsadm已经安装成功。。
注:这个地方有人会产生怀疑,你怎么没还没启动就开始查看了呢?其实lvs是内核的一种功能,内核默认就支持了这种功能,ipvsadm本身就是用户空间的一种管理工具,启动停止ipvsadm无非
就是刷新规则的过程。并不影响你使用ipvsadm来进行管理。不知道大家有没有注意到iptables,其实iptables也是这个特性。
配置VIP:
[root@test1 /]# ifconfig eth0:0 10.0.10.200 netmask 255.255.255.0
[root@test1 /]# ifconfig eth0:0
eth0:0 Link encap:Ethernet HWaddr 08:00:27:ED:EF:33
inet addr:10.0.10.200 Bcast:10.0.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
从上面的信息可见,VIP配置成功。。。
配置LVS规则:
关于LVS的模型,在上面的环境说明中已经描述,使用DR模型,此外由于该技术文档的重点是测试keepalived的功能,所以这里对负载均衡的策略选择标准的rr(轮询)策略
[root@test1 /]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
[root@test1 /]# ipvsadm -A -t 10.0.10.200:80 -s rr
[root@test1 /]# ipvsadm -a -t 10.0.10.200:80 -r 10.0.10.13:80 -g
[root@test1 /]# ipvsadm -a -t 10.0.10.200:80 -r 10.0.10.14:80 -g
[root@test1 /]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.0.10.200:80 rr
-> 10.0.10.13:80 Route 1 0 0
-> 10.0.10.14:80 Route 1 0 0
[root@test1 /]# service ipvsadm save
[root@test1 /]#
从上面的信息可见,lvs策略设置没有问题,但是有个注意点要说下,那就是lvs的持久性,如果你设置了持久连接,那么可能一段时间内访问的都是同一台服务器,所以在你测试的时候要特别注意。
到此,一台director上的配置就完成了。。。
主机2:test1.lxm.com
[root@test2 /]# grep -i 'ip_vs' /boot/config-2.6.32-431.el6.x86_64
CONFIG_IP_VS=m
CONFIG_IP_VS_IPV6=y
# CONFIG_IP_VS_DEBUG is not set
CONFIG_IP_VS_TAB_BITS=12
CONFIG_IP_VS_PROTO_TCP=y
CONFIG_IP_VS_PROTO_UDP=y
CONFIG_IP_VS_PROTO_AH_ESP=y
CONFIG_IP_VS_PROTO_ESP=y
CONFIG_IP_VS_PROTO_AH=y
CONFIG_IP_VS_PROTO_SCTP=y
CONFIG_IP_VS_RR=m
CONFIG_IP_VS_WRR=m
CONFIG_IP_VS_LC=m
CONFIG_IP_VS_WLC=m
CONFIG_IP_VS_LBLC=m
CONFIG_IP_VS_LBLCR=m
CONFIG_IP_VS_DH=m
CONFIG_IP_VS_SH=m
CONFIG_IP_VS_SED=m
CONFIG_IP_VS_NQ=m
CONFIG_IP_VS_FTP=m
CONFIG_IP_VS_PE_SIP=m
[root@test2 /]#
[root@test2 /]# rpm -qa | grep ipvsadm
[root@test2 /]# yum -y install ipvsadmin
[root@test2 /]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
[root@test2 /]#
配置VIP:
[root@test2 /]# ifconfig eth0:0 10.0.10.200 netmask 255.255.255.0
[root@test2 /]# ifconfig eth0:0
eth0:0 Link encap:Ethernet HWaddr 08:00:27:0D:26:B8
inet addr:10.0.10.200 Bcast:10.0.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
配置LVS规则:
[root@test2 /]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
[root@test2 /]# ipvsadm -A -t 10.0.10.200:80 -s rr
[root@test2 /]# ipvsadm -a -t 10.0.10.200:80 -r 10.0.10.13:80 -g
[root@test2 /]# ipvsadm -a -t 10.0.10.200:80 -r 10.0.10.14:80 -g
[root@test2 /]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.0.10.200:80 rr
-> 10.0.10.13:80 Route 1 0 0
-> 10.0.10.14:80 Route 1 0 0
[root@test2 /]# service ipvsadm save
[root@test2 /]#
到此,lvs的规则配置完成。。。。
2)配置后端realserver
后端两台realserver是:test3.lxm.com test4.lxm.com,其配置内容是一致的,以test3.lxm.com为例:
主机;test3.lxm.com
配置VIP:
[root@test3 /]# ifconfig lo
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:39 errors:0 dropped:0 overruns:0 frame:0
TX packets:39 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3438 (3.3 KiB) TX bytes:3438 (3.3 KiB)
[root@test3 /]# ifconfig lo:0 10.0.10.200 netmask 255.255.255.255
[root@test3 /]# ifconfig lo:0
lo:0 Link encap:Local Loopback
inet addr:10.0.10.200 Mask:255.255.255.255
UP LOOPBACK RUNNING MTU:16436 Metric:1
注意:这里为什么要配置在还回口上面呢?当然你愿意你也可以配置在网卡上,之所以选择还回口,是因为这是系统自带的,你网卡怎么坏,它都不会坏,除非你系统挂掉了。。
配置ARP规则:
[root@test3 /]# sysctl -w net.ipv4.conf.all.arp_announce=2 >> /etc/sysctl.conf
[root@test3 /]# sysctl -w net.ipv4.conf.all.arp_ignore=1 >> /etc/sysctl.conf
[root@test3 /]# sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key
error: "net.bridge.bridge-nf-call-iptables" is an unknown key
error: "net.bridge.bridge-nf-call-arptables" is an unknown key
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 2
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
检查:
[root@test3 /]# cd /proc/sys/net/ipv4/conf/all/
[root@test3 all]# ls
accept_local arp_announce bootp_relay forwarding promote_secondaries rp_filter src_valid_mark
accept_redirects arp_filter disable_policy log_martians proxy_arp secure_redirects tag
accept_source_route arp_ignore disable_xfrm mc_forwarding proxy_arp_pvlan send_redirects
arp_accept arp_notify force_igmp_version medium_id route_localnet shared_media
[root@test3 all]# cat arp_announce
2
[root@test3 all]# cat arp_ignore
1
通过上面的设置,可见arp的内核参数,已经设置成功。。。
注:arp参数的含义:
arp_ignore:定义接收到ARP请求时的响应级别;
0:默认行为,响应所有的地址ip和mac地址;
1:仅在请求的目标地址配置在请求到达的接口地址相匹配,才给予响应
在集群中选择1
arp_announce:定义将自己地址向外通告的通告级别;
0:将本地任何接口上的任何地址向外通告;
1:试图仅向目标网络通告与其网络匹配的地址;
2:仅向与本地接口上地址匹配的网络进行通告;
在集群中选择2
为什么要设置arp抑制呢?为了防止冲突,网络通信的的底层是通过mac地址通信,但是是通过arp协议来解析mac地址,如果后端服务器上不设置arp抑制,当有请求询问10.0.10.200的mac地址是什么啊,此时所以配置有10.0.10.200的主机都会响应请求,这不就乱套了啊。。
配置主机路由:
[root@test3 /]# route add -host 10.0.10.200 dev lo:0
[root@test3 /]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.10.200 0.0.0.0 255.255.255.255 UH 0 0 0 lo
10.0.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
0.0.0.0 10.0.10.254 0.0.0.0 UG 0 0 0 eth0
[root@test3 /]#
有上面的信息可知,主机路由配置成功。。。。
注:为什么要设置主机路由呢?
当一个客户端的请求发来时,目标地址是10.0.10.200,前端director收到请求后,会根据lvs规则转发到后端realserver服务器,后端realserver处理完请求后,就要发送响应包给客户端,由于本地配置有vip地址,所以会直接响应给客户端,但是此时响应的源地址是什么呢?因为客户端的目标地址是10.0.10.200,因此响应包的源地址必须是10.0.10.200,客户端才会接受。。这个时候主机路由就派上用场了,通过查看系统路由表发现10.0.10.200的目的地址通过lo:0口发出去,而此时lo:0口上的地址正式10.0.10.200,因此源地址就是10.0.10.200,这样到了客户端,就会被成功的接受下来。。
额,巴拉巴拉说了一堆,更详细的lvs知识,请看lvs专题吧。。。。累了。。。。
到此,一台realserver就配置完成了。。。。
注意;所有的realserver都要配置,而且配置一样,剩下的realserver的配置就不再巴拉巴拉了。。此外备用web也要跟realserver一样的配置。。
3)测试lvs架构
这里的测试要特别注意的是:一定要一台一台的测试lvs的架构,否则多台lvs director上都有VIP地址,都响应请求,那就完了。。你懂的。。而且在keepalived高可用中,也是一样,同一
时间内只能有一台lvs director在线工作的。。
测试:test1.lxm.com
(关闭test2.lxm.com这台director,只要取消VIP地址即可)
为了让大家看测试效果,这里选用在备用的web上进行测试,你可以在浏览器中测试:
[root@test1 /]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.0.10.200:80 rr
-> 10.0.10.13:80 Route 1 0 0
-> 10.0.10.14:80 Route 1 0 0
[root@test5 /]# links --dump http://10.0.10.200
this is test3.lxm.com
[root@test5 /]# links --dump http://10.0.10.200
this is test4.lxm.com
[root@test5 /]# links --dump http://10.0.10.200
this is test3.lxm.com
[root@test5 /]# links --dump http://10.0.10.200
this is test4.lxm.com
[root@test5 /]# links --dump http://10.0.10.200
this is test3.lxm.com
[root@test5 /]# links --dump http://10.0.10.200
this is test4.lxm.com
[root@test5 /]#
//到这里,会不会有人想,你这里都是文字,是不是你手写的啊。。额,你要这么想,你看着办。。。。
[root@test1 /]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.0.10.200:80 rr
-> 10.0.10.13:80 Route 1 0 3
-> 10.0.10.14:80 Route 1 0 3
[root@test1 /]#
由上面的信息可见,我在客户端刷了6次,而director上查看,平均分配了。。。
关于test2.lxm.com的测试,这里不在展示,请你自行测试。。。。
最后,关闭director上的ipvsadm并不允许开机自启动:
//这一点特别重要,在keepalived高可用中,lvs的规则是由keepalived来进行管理的。。以上所有的步骤只是为了验证系统运行LVS环境是否有问题。。。
[root@test2 /]# ifconfig eth0:0 down
[root@test2 /]# service ipvsadm stop
ipvsadm: Clearing the current IPVS table: [ OK ]
ipvsadm: Unloading modules: [ OK ]
[root@test2 /]# chkconfig ipvsadm off
[root@test2 /]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
[root@test2 /]#
上面的信息显示的是test2.lxm.com主机的,对于test1.lxm.com主机也是一样,要关闭ipvsadm,并取消VIP。。。
到此,lvs的架构就测试完成了。。。你还有什么问题吗?
4.部署keepalived
keepalived部署是和lvs的director在同一台主机上的,因此test1.lxm.com test2.lxm.com两台主机都要安装keepalvied软件。。。
1)安装keepalived软件
keepalived的安装比较简单,因为其是一个轻量级的高可用工具,但是也有需要注意点的地方,就是其在编译安装的时候需要使用的内核源码的头文件。
#yum -y install kernel-devel kernel-headers libnl-devel
#cd /root/soft
#tar -zxvf keepalived-1.2.7.tar.gz
#cd keepalived-1.2.7
#mkdir /usr/local/keepalived
#./configure --prefix=/usr/local/keepalived --mandir=/usr/local/share/man --with-kernel-dir=/usr/src/kernels/2.6.32-279.el6.x86_64
configure完成后,会出现下面的信息:
Keepalived configuration
------------------------
Keepalived version : 1.2.7
Compiler : gcc
Compiler flags : -g -O2
Extra Lib : -lpopt -lssl -lcrypto -lnl
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
IPVS use libnl : Yes
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
SNMP support : No
Use Debug flags : No
注:上面的信息就是当前keepalived所支持的功能,其中VRRP是keepalived的核心功能,这个是一定包含在内的,但是IPVS模块却是可选的,如果你要支持LVS,这里就必须为yes。。。
#make
#make install
#make clean
如果没什么错误,基本上keepalived编译安装算是完成了。。。
后续操作:
#cd /usr/local/keepalived
#cp -p etc/rc.d/init.d/keepalived /etc/rc.d/init.d
#cp -p etc/sysconfig/keepalived /etc/sysconfig/
#vim /etc/profile
export PATH=$PATH:/usr/local/keepalived/sbin/keepalived
#vim /etc/rc.d/init.d/keepalived
修改这个脚步文件,将可执行程序和配置文件改为正确的路径
keepalivebin=${keepalivebin:-/usr/local/keepalived/sbin/keepalived}
config=${config:-/usr/local/keepalived/etc/keepalived/keepalived.conf}
启动keepalived:
[root@test2 init.d]# service keepalived start
Starting keepalived: [ OK ]
[root@test2 init.d]# ps aux | grep keepalived
root 3056 0.0 0.3 42140 976 ? Ss 15:24 0:00 /usr/local/keepalived/sbin/keepalived -D -f /usr/local/keepalived/etc/keepalived/keepalived.conf
root 3058 0.5 0.9 44376 2292 ? S 15:24 0:00 /usr/local/keepalived/sbin/keepalived -D -f /usr/local/keepalived/etc/keepalived/keepalived.conf
root 3059 0.2 0.6 44244 1628 ? S 15:24 0:00 /usr/local/keepalived/sbin/keepalived -D -f /usr/local/keepalived/etc/keepalived/keepalived.conf
由上面的信息可见,keepalived安装成功,并且能成功启动,但此时如果你查看日志:tail -f /var/log/messages 会发现不停报巴拉巴拉的错误,不要管他 ,暂时跟你没关系
到此,keepalived安装就算成功了。。。同理,安装另一台keepalived主机。。
2)配置文件keepalived.conf
主机:test1.lxm.com:
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalive@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_sync_group VG_1 {
group {
VI_1
}
}
vrrp_instance VI_1 {
state BACKUP
interface eth1
virtual_router_id 51
priority 100
advert_int 1
nopreempt
authentication {
auth_type PASS
auth_pass keepalivepass
}
virtual_ipaddress {
10.0.10.200/24 dev eth0 label eth0:0
}
}
virtual_server 10.0.10.200 80 {
delay_loop 3
lb_algo rr
lb_kind DR
nat_mask 255.255.255.0
# persistence_timeout 50
protocol TCP
real_server 10.0.10.13 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_port 80
connect_timeout 1
nb_get_retry 3
delay_before_retry 2
}
}
real_server 10.0.10.14 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_port 80
connect_timeout 1
nb_get_retry 3
delay_before_retry 2
}
}
}
主机;test2.lxm.com:
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalive@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_sync_group VG_1 {
group {
VI_1
}
}
vrrp_instance VI_1 {
state BACKUP
interface eth1
virtual_router_id 51
priority 99
nopreempt
advert_int 1
authentication {
auth_type PASS
auth_pass keepalivepass
}
virtual_ipaddress {
10.0.10.200/24 dev eth0 label eth0:0
}
}
virtual_server 10.0.10.200 80 {
delay_loop 3
lb_algo rr
lb_kind DR
nat_mask 255.255.255.0
# persistence_timeout 50
protocol TCP
real_server 10.0.10.13 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_port 80
connect_timeout 1
nb_get_retry 3
delay_before_retry 2
}
}
real_server 10.0.10.14 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_port 80
connect_timeout 1
nb_get_retry 3
delay_before_retry 2
}
}
}
这边配置文件,我就不解释了,方便你直接贴。。。解释会专门写一篇博文。。。。
3)测试keepalived是否能成功启动,并管理lvs和VIP资源
[root@test1 keepalived]# ps aux | grep keepalived
root 3696 0.0 0.3 42140 976 ? Ss 15:57 0:00 /usr/local/keepalived/sbin/keepalived -D -f /usr/local/keepalived/etc/keepalived/keepalived.conf
root 3698 0.0 0.9 46440 2336 ? S 15:57 0:00 /usr/local/keepalived/sbin/keepalived -D -f /usr/local/keepalived/etc/keepalived/keepalived.conf
root 3699 0.0 0.6 46316 1684 ? S 15:57 0:00 /usr/local/keepalived/sbin/keepalived -D -f /usr/local/keepalived/etc/keepalived/keepalived.conf
root 3701 0.0 0.3 103244 844 pts/0 S+ 16:00 0:00 grep keepalived
[root@test1 keepalived]#
[root@test2 keepalived]# service keepalived start
Starting keepalived: [ OK ]
[root@test2 keepalived]# ps aux | grep keepalived
root 3220 0.0 0.3 42140 976 ? Ss 15:58 0:00 /usr/local/keepalived/sbin/keepalived -D -f /usr/local/keepalived/etc/keepalived/keepalived.conf
root 3222 0.0 0.9 44368 2296 ? S 15:58 0:00 /usr/local/keepalived/sbin/keepalived -D -f /usr/local/keepalived/etc/keepalived/keepalived.conf
root 3223 0.0 0.6 44244 1636 ? S 15:58 0:00 /usr/local/keepalived/sbin/keepalived -D -f /usr/local/keepalived/etc/keepalived/keepalived.conf
root 3225 0.0 0.3 103244 844 pts/0 S+ 16:00 0:00 grep keepalived
[root@test2 keepalived]#
以上信息显示,keepalived在两台主机上都已经启动了。。
注意;一定要注意的我的主机名的变化啊
查看日志:
主机test1.lxm.com
[root@test1 log]# tail -f /var/log/messages
Sep 2 15:57:58 test1 Keepalived[3695]: Starting Keepalived v1.2.7 (09/02,2014)
Sep 2 15:57:58 test1 Keepalived[3696]: Starting Healthcheck child process, pid=3698
Sep 2 15:57:58 test1 Keepalived[3696]: Starting VRRP child process, pid=3699
Sep 2 15:57:58 test1 Keepalived_vrrp[3699]: Interface queue is empty
Sep 2 15:57:58 test1 Keepalived_vrrp[3699]: No such interface, eth1
Sep 2 15:57:58 test1 Keepalived_vrrp[3699]: Netlink reflector reports IP 10.0.10.11 added
Sep 2 15:57:58 test1 Keepalived_vrrp[3699]: Netlink reflector reports IP 10.0.0.16 added //这里提示检测到了系统的两个网卡的ip地址
Sep 2 15:57:58 test1 Keepalived_vrrp[3699]: Netlink reflector reports IP fe80::a00:27ff:feed:ef33 added
Sep 2 15:57:58 test1 Keepalived_vrrp[3699]: Netlink reflector reports IP fe80::a00:27ff:fe36:2415 added
Sep 2 15:57:58 test1 Keepalived_vrrp[3699]: Registering Kernel netlink reflector
Sep 2 15:57:58 test1 Keepalived_vrrp[3699]: Registering Kernel netlink command channel
Sep 2 15:57:58 test1 Keepalived_vrrp[3699]: Registering gratuitous ARP shared channel
Sep 2 15:57:58 test1 Keepalived_healthcheckers[3698]: Interface queue is empty
Sep 2 15:57:58 test1 Keepalived_healthcheckers[3698]: No such interface, eth1
Sep 2 15:57:58 test1 Keepalived_healthcheckers[3698]: Netlink reflector reports IP 10.0.10.11 added
Sep 2 15:57:58 test1 Keepalived_healthcheckers[3698]: Netlink reflector reports IP 10.0.0.16 added
Sep 2 15:57:58 test1 Keepalived_healthcheckers[3698]: Netlink reflector reports IP fe80::a00:27ff:feed:ef33 added
Sep 2 15:57:58 test1 Keepalived_healthcheckers[3698]: Netlink reflector reports IP fe80::a00:27ff:fe36:2415 added
Sep 2 15:57:58 test1 Keepalived_healthcheckers[3698]: Registering Kernel netlink reflector
Sep 2 15:57:58 test1 Keepalived_healthcheckers[3698]: Registering Kernel netlink command channel
Sep 2 15:57:58 test1 Keepalived_healthcheckers[3698]: Opening file '/usr/local/keepalived/etc/keepalived/keepalived.conf'.
Sep 2 15:57:58 test1 Keepalived_vrrp[3699]: Opening file '/usr/local/keepalived/etc/keepalived/keepalived.conf'.
Sep 2 15:57:58 test1 Keepalived_vrrp[3699]: Truncating auth_pass to 8 characters
Sep 2 15:57:58 test1 Keepalived_vrrp[3699]: Configuration is using : 65373 Bytes
Sep 2 15:57:58 test1 Keepalived_vrrp[3699]: Using LinkWatch kernel netlink reflector...
Sep 2 15:57:58 test1 Keepalived_vrrp[3699]: VRRP sockpool: [ifindex(3), proto(112), fd(10,11)]
Sep 2 15:57:58 test1 Keepalived_healthcheckers[3698]: Configuration is using : 16462 Bytes
Sep 2 15:57:58 test1 Keepalived_healthcheckers[3698]: Using LinkWatch kernel netlink reflector...
Sep 2 15:57:58 test1 Keepalived_healthcheckers[3698]: Activating healthchecker for service [10.0.10.13]:80
Sep 2 15:57:58 test1 Keepalived_healthcheckers[3698]: Activating healthchecker for service [10.0.10.14]:80 //这个地方显示对后端服务器做检测
Sep 2 15:57:59 test1 Keepalived_vrrp[3699]: VRRP_Instance(VI_1) Transition to MASTER STATE
Sep 2 15:58:00 test1 Keepalived_vrrp[3699]: VRRP_Instance(VI_1) Entering MASTER STATE //这里显示该主机被决策为master
Sep 2 15:58:00 test1 Keepalived_vrrp[3699]: VRRP_Instance(VI_1) setting protocol VIPs.
Sep 2 15:58:00 test1 Keepalived_vrrp[3699]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 10.0.10.200
Sep 2 15:58:00 test1 Keepalived_vrrp[3699]: VRRP_Group(VG_1) Syncing instances to MASTER state
Sep 2 15:58:00 test1 Keepalived_healthcheckers[3698]: Netlink reflector reports IP 10.0.10.200 added //到这里显示,想对方主机同步master状态,并添加了VIP
Sep 2 15:58:05 test1 Keepalived_vrrp[3699]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 10.0.10.200
主机:test2.lxm.com
[root@test2 ~]# tail -f /var/log/messages
Sep 2 15:58:03 test2 Keepalived[3219]: Starting Keepalived v1.2.7 (09/02,2014)
Sep 2 15:58:03 test2 Keepalived[3220]: Starting Healthcheck child process, pid=3222
Sep 2 15:58:03 test2 Keepalived[3220]: Starting VRRP child process, pid=3223
Sep 2 15:58:03 test2 Keepalived_vrrp[3223]: Interface queue is empty
Sep 2 15:58:03 test2 Keepalived_vrrp[3223]: No such interface, eth1
Sep 2 15:58:03 test2 Keepalived_vrrp[3223]: Netlink reflector reports IP 10.0.10.12 added
Sep 2 15:58:03 test2 Keepalived_vrrp[3223]: Netlink reflector reports IP 10.0.0.18 added
Sep 2 15:58:03 test2 Keepalived_vrrp[3223]: Netlink reflector reports IP fe80::a00:27ff:fe0d:26b8 added
Sep 2 15:58:03 test2 Keepalived_vrrp[3223]: Netlink reflector reports IP fe80::a00:27ff:fe35:e1f4 added
Sep 2 15:58:03 test2 Keepalived_vrrp[3223]: Registering Kernel netlink reflector
Sep 2 15:58:03 test2 Keepalived_vrrp[3223]: Registering Kernel netlink command channel
Sep 2 15:58:03 test2 Keepalived_vrrp[3223]: Registering gratuitous ARP shared channel
Sep 2 15:58:03 test2 Keepalived_vrrp[3223]: Opening file '/usr/local/keepalived/etc/keepalived/keepalived.conf'.
Sep 2 15:58:03 test2 Keepalived_healthcheckers[3222]: Interface queue is empty
Sep 2 15:58:03 test2 Keepalived_vrrp[3223]: Truncating auth_pass to 8 characters
Sep 2 15:58:03 test2 Keepalived_vrrp[3223]: Configuration is using : 65388 Bytes
Sep 2 15:58:03 test2 Keepalived_vrrp[3223]: Using LinkWatch kernel netlink reflector...
Sep 2 15:58:03 test2 Keepalived_healthcheckers[3222]: No such interface, eth1
Sep 2 15:58:03 test2 Keepalived_vrrp[3223]: VRRP_Instance(VI_1) Entering BACKUP STATE //成为了backup
Sep 2 15:58:03 test2 Keepalived_healthcheckers[3222]: Netlink reflector reports IP 10.0.10.12 added
Sep 2 15:58:03 test2 Keepalived_healthcheckers[3222]: Netlink reflector reports IP 10.0.0.18 added
Sep 2 15:58:03 test2 Keepalived_healthcheckers[3222]: Netlink reflector reports IP fe80::a00:27ff:fe0d:26b8 added
Sep 2 15:58:03 test2 Keepalived_healthcheckers[3222]: Netlink reflector reports IP fe80::a00:27ff:fe35:e1f4 added
Sep 2 15:58:03 test2 Keepalived_healthcheckers[3222]: Registering Kernel netlink reflector
Sep 2 15:58:03 test2 Keepalived_healthcheckers[3222]: Registering Kernel netlink command channel
Sep 2 15:58:03 test2 Keepalived_healthcheckers[3222]: Opening file '/usr/local/keepalived/etc/keepalived/keepalived.conf'.
Sep 2 15:58:03 test2 Keepalived_healthcheckers[3222]: Configuration is using : 16477 Bytes
Sep 2 15:58:03 test2 Keepalived_vrrp[3223]: VRRP sockpool: [ifindex(3), proto(112), fd(10,11)]
Sep 2 15:58:03 test2 Keepalived_healthcheckers[3222]: Using LinkWatch kernel netlink reflector...
Sep 2 15:58:03 test2 Keepalived_healthcheckers[3222]: Activating healthchecker for service [10.0.10.13]:80
Sep 2 15:58:03 test2 Keepalived_healthcheckers[3222]: Activating healthchecker for service [10.0.10.14]:80
通过上面的信息可以看到,keepalived之间的心跳信息已经成功协商,并通过优先级的高低选出了主备。接下来就要验证是否能够驱动资源。在主设备应该能看到VIP和LVS的规则信息,而在从设备上应该只能看到LVS的规则信息,而没有VIP
master:test1.lxm.com:
[root@test1 keepalived]# ifconfig eth0:0
eth0:0 Link encap:Ethernet HWaddr 08:00:27:ED:EF:33
inet addr:10.0.10.200 Bcast:0.0.0.0 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
[root@test1 keepalived]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.0.10.200:80 rr
-> 10.0.10.13:80 Route 1 0 0
-> 10.0.10.14:80 Route 1 0 0
[root@test1 keepalived]#
backup:test2.lxm.com
[root@test2 keepalived]# ifconfig eth0:0
eth0:0 Link encap:Ethernet HWaddr 08:00:27:0D:26:B8
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
[root@test2 keepalived]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.0.10.200:80 rr
-> 10.0.10.13:80 Route 1 0 0
-> 10.0.10.14:80 Route 1 0 0
[root@test2 keepalived]#
看到没,通过上面的信息显示,验证了之前的猜想。。。
上面的日志信息还显示,keepalived对后端的服务器发送了检测信息,这是因为在keepalived配置文件中,在lvs配置段,配置了检测功能,此时查看后端web服务器的访问日志,验证是否有检测信息:
[root@test4 all]# cd /etc/httpd/logs/
[root@test4 logs]# ls
access_log error_log
[root@test4 logs]# tail -f access_log
10.0.10.11 - - [02/Sep/2014:16:12:05 +0800] "GET / HTTP/1.0" 200 31 "-" "KeepAliveClient"
10.0.10.12 - - [02/Sep/2014:16:12:05 +0800] "GET / HTTP/1.0" 200 31 "-" "KeepAliveClient"
10.0.10.11 - - [02/Sep/2014:16:12:10 +0800] "GET / HTTP/1.0" 200 31 "-" "KeepAliveClient"
10.0.10.12 - - [02/Sep/2014:16:12:10 +0800] "GET / HTTP/1.0" 200 31 "-" "KeepAliveClient"
10.0.10.11 - - [02/Sep/2014:16:12:15 +0800] "GET / HTTP/1.0" 200 31 "-" "KeepAliveClient"
10.0.10.12 - - [02/Sep/2014:16:12:15 +0800] "GET / HTTP/1.0" 200 31 "-" "KeepAliveClient"
10.0.10.11 - - [02/Sep/2014:16:12:20 +0800] "GET / HTTP/1.0" 200 31 "-" "KeepAliveClient"
10.0.10.12 - - [02/Sep/2014:16:12:20 +0800] "GET / HTTP/1.0" 200 31 "-" "KeepAliveClient"
10.0.10.11 - - [02/Sep/2014:16:12:25 +0800] "GET / HTTP/1.0" 200 31 "-" "KeepAliveClient"
10.0.10.12 - - [02/Sep/2014:16:12:25 +0800] "GET / HTTP/1.0" 200 31 "-" "KeepAliveClient"
10.0.10.11 - - [02/Sep/2014:16:12:30 +0800] "GET / HTTP/1.0" 200 31 "-" "KeepAliveClient"
10.0.10.12 - - [02/Sep/2014:16:12:30 +0800] "GET / HTTP/1.0" 200 31 "-" "KeepAliveClient"
通过上面的信息,验证了keepalived检测后端服务器是否在线的功能已经启用了。。你会发现这样的日志信息不停的在刷。。这个跟你设置的检测策略有关。。。
到此,关于keepalived的安装,配置,启动就成功了,初步说明keepalived+lvs架构已经搭建起来,至于效果怎么样,有待于后面的测试。。。
5.keepalived+lvs全面测试
1)基于上面完成的环境,测试keepalived+lvs能够提供web访问
[root@test5 /]# links --dump http://10.0.10.200
this is test4.lxm.com
[root@test5 /]# links --dump http://10.0.10.200
this is test3.lxm.com
[root@test5 /]# links --dump http://10.0.10.200
this is test4.lxm.com
[root@test5 /]# links --dump http://10.0.10.200
this is test3.lxm.com
[root@test5 /]# links --dump http://10.0.10.200
this is test4.lxm.com
[root@test5 /]# links --dump http://10.0.10.200
this is test3.lxm.com
[root@test5 /]#
[root@test1 keepalived]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.0.10.200:80 rr
-> 10.0.10.13:80 Route 1 0 3
-> 10.0.10.14:80 Route 1 0 3
[root@test1 keepalived]#
由上面的测试信息可知,访问没有任何问题。。。因此,就之前搭建起来的环境是没有任何问题的。。。
2)测试keepalived自动切换
keepalived的切换主要分为三种;
第一种:keepalived服务挂了
基于上面的环境,现在的master是test1.lxm.com,backup是test2.lxm.com,现在模拟test1.lxm.com上的keepalived服务挂了
[root@test1 keepalived]# service keepalived stop //关闭了test1的keepalived服务,模拟keepalived挂了。。
Stopping keepalived: [ OK ]
[root@test1 keepalived]#
查看日志:
Sep 2 16:27:26 test1 Keepalived[3696]: Stopping Keepalived v1.2.7 (09/02,2014)
Sep 2 16:27:26 test1 Keepalived_vrrp[3699]: VRRP_Instance(VI_1) sending 0 priority
Sep 2 16:27:26 test1 kernel: IPVS: __ip_vs_del_service: enter
Sep 2 16:27:26 test1 Keepalived_vrrp[3699]: VRRP_Instance(VI_1) removing protocol VIPs.
上面显示keepalived服务停止了,移除了VIP
查看资源:
[root@test1 keepalived]# ifconfig
eth0 Link encap:Ethernet HWaddr 08:00:27:ED:EF:33
inet addr:10.0.10.11 Bcast:10.0.10.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:feed:ef33/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:13896 errors:0 dropped:0 overruns:0 frame:0
TX packets:13783 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1768054 (1.6 MiB) TX bytes:1575730 (1.5 MiB)
eth1 Link encap:Ethernet HWaddr 08:00:27:36:24:15
inet addr:10.0.0.16 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe36:2415/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5 errors:0 dropped:0 overruns:0 frame:0
TX packets:2174 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:300 (300.0 b) TX bytes:117492 (114.7 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:348 errors:0 dropped:0 overruns:0 frame:0
TX packets:348 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:27544 (26.8 KiB) TX bytes:27544 (26.8 KiB)
[root@test1 keepalived]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
[root@test1 keepalived]#
从上面的信息,可见VIP没了,ipvsadm的规则也被清空了。。
此时查看test2.lxm.com主机:
Sep 2 16:27:25 test2 Keepalived_vrrp[3223]: VRRP_Instance(VI_1) Transition to MASTER STATE
Sep 2 16:27:25 test2 Keepalived_vrrp[3223]: VRRP_Group(VG_1) Syncing instances to MASTER state
Sep 2 16:27:26 test2 Keepalived_vrrp[3223]: VRRP_Instance(VI_1) Entering MASTER STATE
Sep 2 16:27:26 test2 Keepalived_vrrp[3223]: VRRP_Instance(VI_1) setting protocol VIPs.
Sep 2 16:27:26 test2 Keepalived_vrrp[3223]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 10.0.10.200
Sep 2 16:27:26 test2 Keepalived_healthcheckers[3222]: Netlink reflector reports IP 10.0.10.200 added
Sep 2 16:27:31 test2 Keepalived_vrrp[3223]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 10.0.10.200
由上面的信息可知,原来的backup主机已经切换到master主机了
查看资源:
[root@test2 keepalived]# ifconfig
eth0 Link encap:Ethernet HWaddr 08:00:27:0D:26:B8
inet addr:10.0.10.12 Bcast:10.0.10.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe0d:26b8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10498 errors:0 dropped:0 overruns:0 frame:0
TX packets:11324 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1449942 (1.3 MiB) TX bytes:1171364 (1.1 MiB)
eth0:0 Link encap:Ethernet HWaddr 08:00:27:0D:26:B8
inet addr:10.0.10.200 Bcast:0.0.0.0 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth1 Link encap:Ethernet HWaddr 08:00:27:35:E1:F4
inet addr:10.0.0.18 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe35:e1f4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2131 errors:0 dropped:0 overruns:0 frame:0
TX packets:239 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:127860 (124.8 KiB) TX bytes:13002 (12.6 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:87 errors:0 dropped:0 overruns:0 frame:0
TX packets:87 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:7300 (7.1 KiB) TX bytes:7300 (7.1 KiB)
看到没,多了个VIP。。。好,切换成功
此时在使用客户端访问测试:
[root@test5 /]# date
Tue Sep 2 16:31:37 CST 2014
[root@test5 /]# links --dump http://10.0.10.200
this is test4.lxm.com
[root@test5 /]# links --dump http://10.0.10.200
this is test3.lxm.com
[root@test5 /]# links --dump http://10.0.10.200
this is test4.lxm.com
[root@test5 /]# links --dump http://10.0.10.200
this is test3.lxm.com
[root@test5 /]# links --dump http://10.0.10.200
this is test4.lxm.com
[root@test5 /]# links --dump http://10.0.10.200
this is test3.lxm.com
[root@test5 /]#
[root@test2 keepalived]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.0.10.200:80 rr
-> 10.0.10.13:80 Route 1 0 3
-> 10.0.10.14:80 Route 1 0 3
通过上面的信息,访问没有任何影响,从这个测试看出了,keepalived在自身服务挂掉的情况下,可以正常切换。且也验证了,使用另一台keepalived+lvs主机,访问也是正常的。。
注意:这个时候可能有人有疑问了?如果我挂掉的keepalived主机重新上线了,会不会再次变为主设备,因为它的优先级高。我想说可以,只要你设置了抢占规则,但是在线上环境不建议设置抢占,就算时间很短也会有抖动。。默认情况下如果没有设置nopreempt,会根据优先级自动进行抢占的。。。而我上面的配置文件中设置了nopreempt,因此我这里是不会抢占的。
第二种:ipvsadm挂了
先看一下在没有做任何措施的情况下,停止ipvsadm服务是否会切换:
基于此前的环境,这里的master是test2.lxm.com,因此在该主机上检测:
[root@test2 keepalived]# service ipvsadm stop
ipvsadm: Clearing the current IPVS table: [ OK ]
ipvsadm: Unloading modules: [ OK ]
查看日志:
Sep 2 16:53:55 test2 kernel: IPVS: __ip_vs_del_service: enter
Sep 2 16:53:55 test2 kernel: IPVS: [rr] scheduler unregistered.
Sep 2 16:53:55 test2 kernel: IPVS: ipvs unloaded.
从日志看出,就报了个IPVS 调度器为注册,ipvs模块卸载了或者未加载。。其他啥也没了。此时查看一下VIP信息:
[root@test2 keepalived]# ifconfig
eth0 Link encap:Ethernet HWaddr 08:00:27:0D:26:B8
inet addr:10.0.10.12 Bcast:10.0.10.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe0d:26b8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:13432 errors:0 dropped:0 overruns:0 frame:0
TX packets:14776 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1831388 (1.7 MiB) TX bytes:1499838 (1.4 MiB)
eth0:0 Link encap:Ethernet HWaddr 08:00:27:0D:26:B8
inet addr:10.0.10.200 Bcast:0.0.0.0 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth1 Link encap:Ethernet HWaddr 08:00:27:35:E1:F4
inet addr:10.0.0.18 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe35:e1f4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2716 errors:0 dropped:0 overruns:0 frame:0
TX packets:1065 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:162960 (159.1 KiB) TX bytes:57606 (56.2 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:99 errors:0 dropped:0 overruns:0 frame:0
TX packets:99 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:8300 (8.1 KiB) TX bytes:8300 (8.1 KiB)
[root@test2 keepalived]#
从上面信息看出,VIP信息还在,由此可判断出,并没有切换。。。好,那该怎么办呢?
这个时候就需要keepalived一种特殊的功能:嵌套脚本
此时修改keepalived.conf配置文件,内容如下:
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalive@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_sync_group VG_1 {
group {
VI_1
}
}
vrrp_script check_lvs { //这段内容就是添加的内容,用来导入外部的脚本
script "/usr/local/keepalived/etc/keepalived/lvs_check.sh" //该选项就是指定外部脚步的位置
interval 1 //没间隔一秒钟执行脚步一次
weight -10 //如果检测失败,则降低本主机keepalived的优先级
fall 1 // 检测失败一次就失败,生产中不建议这样,建议3次左右
rise 1 //检测一次成功,就表示成功。。。
}
vrrp_instance VI_1 {
state BACKUP
interface eth1
virtual_router_id 51
priority 100
advert_int 1
nopreempt
authentication {
auth_type PASS
auth_pass keepalivepass
}
virtual_ipaddress {
10.0.10.200/24 dev eth0 label eth0:0
}
track_script { //这段内容也是添加的,必须要和vrrp_script联合使用,这表示调用vrrp_script定义的脚本。
check_lvs
}
}
virtual_server 10.0.10.200 80 {
delay_loop 3
lb_algo rr
lb_kind DR
nat_mask 255.255.255.0
# persistence_timeout 50
protocol TCP
real_server 10.0.10.13 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_port 80
connect_timeout 1
nb_get_retry 3
delay_before_retry 2
}
}
real_server 10.0.10.14 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_port 80
connect_timeout 1
nb_get_retry 3
delay_before_retry 2
}
}
}
注意:修改keepalived.conf配置文件,必须要相应的同步所有的keepalived主机,你不可能希望一台具有某个功能,另一台没有吧,但是要注意,主备的不同设置和相同设置
创建/usr/local/keepalived/etc/keepalived/lvs_check.sh脚步,一个简单的脚步内容如下:
#!/bin/bash
function mailSend() {
echo "ipvsadm service is down" | mail -s "ipvsadm service is down" root@localhost
}
num=`ipvsadm --list -n | grep 10.0.10.200| wc -l`
[ $num -eq 0 ] && mailSend && exit 1 || exit 0
注:我这个脚步主要是帮助大家测试一下,调用外部脚本来检测服务,达到keepalived切换的目的。其次在该脚步中,当lvs的规则都没有时,此时就考虑ipvsadm挂了,需要切换。那有人就会问了,假如还有lvs规则,但是踢掉了几个规则,怎么办?那我想估计有两种情况,一是你的服务器太脆弱,别人随时能上去玩玩或者你自己踢了玩,二就是后端web服务器有些主机故障了,lvs踢掉了一些,但这个时候即使你切换了,还不是一样的效果哦。。
修改了配置文件,创建的脚本并赋予执行权限,重启服务,再次测试:
注意:我这里还保持主为test2.lxm.com (亲,请不要再问我怎么保持了,如果你是根据我上面做的来,那么此时主默认就是test2.lxm.com,否则根据自己的情况实验即可)
[root@test2 keepalived]# service ipvsadm stop
ipvsadm: Clearing the current IPVS table: [ OK ]
ipvsadm: Unloading modules: [ OK ]
[root@test2 keepalived]#
查看test2.lxm.com的日志:
Sep 5 13:52:21 test2 kernel: IPVS: __ip_vs_del_service: enter
Sep 5 13:52:21 test2 kernel: IPVS: [rr] scheduler unregistered.
Sep 5 13:52:21 test2 kernel: IPVS: ipvs unloaded.
发现日志信息中还是多了这么三行信息,其他没任何反应,怎么回事?按道理来说如果发生了切换,日志中肯定会报移除了虚拟ip地址,但是这里没有,因此可以猜测VIP还在。。
(这里声明下,有人可能眼睛厉害,看到我日志的时间好像和前面不一样啊,哈,亲,因为实验不是一天测完的,本人有工作)
查看VIP地址:
[root@test2 keepalived]# ifconfig
eth0 Link encap:Ethernet HWaddr 08:00:27:0D:26:B8
inet addr:10.0.10.12 Bcast:10.0.10.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe0d:26b8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:13438 errors:0 dropped:0 overruns:0 frame:0
TX packets:15234 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1632335 (1.5 MiB) TX bytes:1576327 (1.5 MiB)
eth0:0 Link encap:Ethernet HWaddr 08:00:27:0D:26:B8
inet addr:10.0.10.200 Bcast:0.0.0.0 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth1 Link encap:Ethernet HWaddr 08:00:27:35:E1:F4
inet addr:10.0.0.18 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe35:e1f4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:917 errors:0 dropped:0 overruns:0 frame:0
TX packets:2562 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:55020 (53.7 KiB) TX bytes:138084 (134.8 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:341 errors:0 dropped:0 overruns:0 frame:0
TX packets:341 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:24801 (24.2 KiB) TX bytes:24801 (24.2 KiB)
从上面的信息可见,VIP还在,因此并没有切换成功,根据日志的信息来看,没有报任何跟vrrp_script有关的信息,这是什么原因?傻眼了。。。其实这个错误是我故意展示的,这里是为了给你加深映像,如果不给你点出来,你可能感觉呀,以前实验好像成功啊,现在咋了?大部分人可能折腾几个小时,甚至更长都搞不明白。。。说实话我也是折腾了好久,查来查去无果,最后不得已扒日志,一条一条看,发现了这么一句话:
Keepalived_vrrp[14961]: VRRP_Instance(VI_1) : ignoring tracked script with weights due to SYNC group
上面这句话的意思:由于sync group的原因,忽略了带有权值的跟踪脚本。。意思就是track_script这个设置根本没起作用。回过头来看看配置文件,果然有这么一段配置:
vrrp_sync_group VG_1 {
group {
VI_1
}
}
好,既然找到了原因,那么接下来,就要测试是否是这个原因,注释掉这段配置,然后再次启动keepalived:
这个时候,查看日志,发现没有了那句话,而且出现了下面一句话:
Sep 5 15:00:54 test2 Keepalived_vrrp[2074]: VRRP_Script(check_lvs) succeeded
由此说明,脚本调用已经成功了。
测试;
[root@test2 keepalived]# service ipvsadm stop
ipvsadm: Clearing the current IPVS table: [ OK ]
ipvsadm: Unloading modules: [ OK ]
[root@test2 keepalived]#
看日志:
Sep 5 15:02:37 test2 kernel: IPVS: __ip_vs_del_service: enter
Sep 5 15:02:37 test2 kernel: IPVS: [rr] scheduler unregistered.
Sep 5 15:02:37 test2 kernel: IPVS: ipvs unloaded.
Sep 5 15:02:37 test2 kernel: IPVS: Registered protocols (TCP, UDP, SCTP, AH, ESP)
Sep 5 15:02:37 test2 kernel: IPVS: Connection hash table configured (size=4096, memory=64Kbytes)
Sep 5 15:02:37 test2 kernel: IPVS: ipvs loaded.
Sep 5 15:02:37 test2 Keepalived_vrrp[2074]: VRRP_Script(check_lvs) failed
从上面的信息看到,脚本已经检测到lvs的规则被刷掉,且返回的结果是失败,这就表示脚本成功返回了值1.但是还是没有移除虚拟ip的信息,这是为什么?
分析:
这个时候就要分析了,当前所在的主机是test2.lxm.com,本来是作为备用主机的,其优先级比较低,但是master发生了故障,切换到了该主机,因此该主机变成了master。当此前master主
机,即test1.lxm.com恢复时,因为设置了nopreempt,因此不会抢占回去。那如果这个时候,test2主机的ipvsadm挂了,规则没了,但是keepalived的心跳还在,keepalived服务并没有挂掉,此时还是可以和tes1主机进行心跳沟通,这个时候发现test1是不抢占的机制,本来test2的优先级就比test1低,此时检测到故障再次降低优先级是一个效果,因此,此时并不会进行主备切换。这个时候,如果想发生错误进行切换,就要修改脚本test2.lxm.com上脚本的内容。
修改脚本如下:
#!/bin/bash
function mailSend() {
echo "ipvsadm service is down" | mail -s "ipvsadm service is down" root@localhost
}
num=`ipvsadm --list -n | grep 10.0.10.200| wc -l`
[ $num -eq 0 ] && mailSend && service keepalived stop || exit 0 //如果检测到失败,直接停止keepalived服务
测试;
[root@test2 keepalived]# service ipvsadm stop
ipvsadm: Clearing the current IPVS table: [ OK ]
ipvsadm: Unloading modules: [ OK ]
看日志:
Sep 5 15:14:58 test2 kernel: IPVS: __ip_vs_del_service: enter
Sep 5 15:14:58 test2 kernel: IPVS: [rr] scheduler unregistered.
Sep 5 15:14:58 test2 kernel: IPVS: ipvs unloaded.
Sep 5 15:14:58 test2 kernel: IPVS: Registered protocols (TCP, UDP, SCTP, AH, ESP)
Sep 5 15:14:58 test2 kernel: IPVS: Connection hash table configured (size=4096, memory=64Kbytes)
Sep 5 15:14:58 test2 kernel: IPVS: ipvs loaded.
Sep 5 15:14:58 test2 Keepalived[7365]: Stopping Keepalived v1.2.7 (09/05,2014)
Sep 5 15:14:58 test2 Keepalived_vrrp[7368]: VRRP_Instance(VI_1) sending 0 priority
Sep 5 15:14:58 test2 Keepalived_vrrp[7368]: VRRP_Instance(VI_1) removing protocol VIPs.
Sep 5 15:14:58 test2 Keepalived_healthcheckers[7367]: Netlink reflector reports IP 10.0.10.200 removed
Sep 5 15:14:58 test2 Keepalived_healthcheckers[7367]: IPVS: No such destination
Sep 5 15:14:58 test2 Keepalived_healthcheckers[7367]: IPVS: Service not defined
Sep 5 15:14:58 test2 Keepalived_healthcheckers[7367]: IPVS: No such service
从日志上看到,keepalived的停止了,VIP被移除了。。。
[root@test2 keepalived]# ifconfig
eth0 Link encap:Ethernet HWaddr 08:00:27:0D:26:B8
inet addr:10.0.10.12 Bcast:10.0.10.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe0d:26b8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:25996 errors:0 dropped:0 overruns:0 frame:0
TX packets:29273 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3154978 (3.0 MiB) TX bytes:3116748 (2.9 MiB)
eth1 Link encap:Ethernet HWaddr 08:00:27:35:E1:F4
inet addr:10.0.0.18 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe35:e1f4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2282 errors:0 dropped:0 overruns:0 frame:0
TX packets:5657 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:136920 (133.7 KiB) TX bytes:305214 (298.0 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:3681 errors:0 dropped:0 overruns:0 frame:0
TX packets:3681 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:204929 (200.1 KiB) TX bytes:204929 (200.1 KiB)
这个时候,看到VIP资源没了,查看test1的信息,日志中你会看到切换成了master,VIP信息也添加完成。。。。
到这里,有人肯定会想了?刚刚你在test2上的时候需要修改脚本才行,那test1是不是也要修改?这里的答案是不需要,因为test2是抢占的机制,一旦test1的优先级降低,test2就会立刻抢占过去:
测试:
test1上的脚本内容:
#!/bin/bash
function mailSend() {
echo "ipvsadm service is down" | mail -s "ipvsadm service is down" root@localhost
}
num=`ipvsadm --list -n | grep 10.0.10.200| wc -l`
[ $num -eq 0 ] && mailSend && exit 1 || exit 0
[root@test1 keepalived]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.0.10.200:80 rr
-> 10.0.10.13:80 Route 1 0 0
-> 10.0.10.14:80 Route 1 0 0
You have new mail in /var/spool/mail/root
[root@test1 keepalived]# service ipvsadm stop
ipvsadm: Clearing the current IPVS table: [ OK ]
ipvsadm: Unloading modules: [ OK ]
查看日志:
Sep 5 15:15:34 test1 kernel: IPVS: __ip_vs_del_service: enter
Sep 5 15:15:34 test1 kernel: IPVS: [rr] scheduler unregistered.
Sep 5 15:15:34 test1 kernel: IPVS: ipvs unloaded.
Sep 5 15:15:34 test1 kernel: IPVS: Registered protocols (TCP, UDP, SCTP, AH, ESP)
Sep 5 15:15:34 test1 kernel: IPVS: Connection hash table configured (size=4096, memory=64Kbytes)
Sep 5 15:15:34 test1 kernel: IPVS: ipvs loaded.
Sep 5 15:15:34 test1 Keepalived_vrrp[5788]: VRRP_Script(check_lvs) failed
Sep 5 15:15:36 test1 Keepalived_vrrp[5788]: VRRP_Instance(VI_1) Received higher prio advert
Sep 5 15:15:36 test1 Keepalived_vrrp[5788]: VRRP_Instance(VI_1) Entering BACKUP STATE
Sep 5 15:15:36 test1 Keepalived_vrrp[5788]: VRRP_Instance(VI_1) removing protocol VIPs.
Sep 5 15:15:36 test1 Keepalived_healthcheckers[5787]: Netlink reflector reports IP 10.0.10.200 removed
从上面的信息看到没,日志报的和刚刚test2不一样,当脚本检测到失败时,立即降低了自身了优先级,然后提示收到高优先级通告,然后转换到backup状态,移除了VIP。。
好,到这里,关于用脚本检测第三方服务成功与否实现VIP的切换就成功了。。。。
不过,这里还残留一个问题,估计你也想到了,就是vrrp_sync_group和vrrp_script同时使用的问题,从上面的讨论来看,好像是有冲突的概念。但是万一生产中,就是要同时使用怎么办呢?
经过我的测试,如果你想在不注释vrrp_sync_group的情况下,使用vrrp_script的话,那就要修改track_script的内容如下:
track_script {
check_lvs weight 0
}
从上面看出,就是要在脚本名后面 明确的加上weight 0 字段... 关于这个,自行测试吧。我测试是通过。。。
第三种:网卡通信故障
在keepalived中,还可以对网卡故障进行检测,一旦检测到对外通信的网卡发生了故障,就可以进行VIP的切换。在keepalived中有两种方式来检测网卡,一种是向上面一样使用外部脚本的
的方式,另一种就是使用keepalived自身的track_interface检测
测试验证:
测试中的master还是test2.lxm.com(一直在这上面测的原因是其优先级低,如果优先级低的都能正常切换,那么优先级高的就没有问题)
[root@test2 keepalived]#ifdown eth0 down
日志:
Sep 5 15:38:36 test2 Keepalived_vrrp[14989]: VRRP_Instance(VI_1) Received higher prio advert
Sep 5 15:38:36 test2 Keepalived_vrrp[14989]: VRRP_Instance(VI_1) Entering BACKUP STATE
Sep 5 15:38:36 test2 Keepalived_vrrp[14989]: VRRP_Instance(VI_1) removing protocol VIPs.
Sep 5 15:38:36 test2 Keepalived_healthcheckers[14988]: Netlink reflector reports IP 10.0.10.200 removed
查看test1:
Sep 5 15:35:55 test1 Keepalived_vrrp[19581]: VRRP_Instance(VI_1) Transition to MASTER STATE
Sep 5 15:35:56 test1 Keepalived_vrrp[19581]: VRRP_Instance(VI_1) Entering MASTER STATE
Sep 5 15:35:56 test1 Keepalived_vrrp[19581]: VRRP_Instance(VI_1) setting protocol VIPs.
Sep 5 15:35:56 test1 Keepalived_vrrp[19581]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 10.0.10.200
Sep 5 15:35:56 test1 Keepalived_healthcheckers[19580]: Netlink reflector reports IP 10.0.10.200 added
可见test1变成了master,此时在将test2的网卡重新上线,发现test1的日志:
Sep 5 15:38:34 test1 Keepalived_vrrp[19581]: VRRP_Instance(VI_1) Received lower prio advert, forcing new election
Sep 5 15:38:34 test1 Keepalived_vrrp[19581]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 10.0.10.200
Sep 5 15:38:35 test1 Keepalived_vrrp[19581]: VRRP_Instance(VI_1) Received lower prio advert, forcing new election
Sep 5 15:38:35 test1 Keepalived_vrrp[19581]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 10.0.10.200
说明其心跳通信正常。。
再次测试,关掉test1的网卡,看test2的日志:
Sep 5 15:42:45 test2 Keepalived_vrrp[14989]: VRRP_Instance(VI_1) Transition to MASTER STATE
Sep 5 15:42:46 test2 Keepalived_vrrp[14989]: VRRP_Instance(VI_1) Entering MASTER STATE
Sep 5 15:42:46 test2 Keepalived_vrrp[14989]: VRRP_Instance(VI_1) setting protocol VIPs.
Sep 5 15:42:46 test2 Keepalived_healthcheckers[14988]: Netlink reflector reports IP 10.0.10.200 added
Sep 5 15:42:46 test2 Keepalived_vrrp[14989]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 10.0.10.200
Sep 5 15:42:51 test2 Keepalived_vrrp[14989]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 10.0.10.200
发现test2立即变成了master,看VIP
[root@test2 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 08:00:27:0D:26:B8
inet addr:10.0.10.12 Bcast:10.0.10.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe0d:26b8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:29585 errors:0 dropped:0 overruns:0 frame:0
TX packets:33483 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3618179 (3.4 MiB) TX bytes:3520824 (3.3 MiB)
eth0:0 Link encap:Ethernet HWaddr 08:00:27:0D:26:B8
inet addr:10.0.10.200 Bcast:0.0.0.0 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth1 Link encap:Ethernet HWaddr 08:00:27:35:E1:F4
inet addr:10.0.0.18 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe35:e1f4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2722 errors:0 dropped:0 overruns:0 frame:0
TX packets:7036 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:163320 (159.4 KiB) TX bytes:379776 (370.8 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:3691 errors:0 dropped:0 overruns:0 frame:0
TX packets:3691 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:205595 (200.7 KiB) TX bytes:205595 (200.7 KiB)
[root@test2 ~]#
发现VIP成功切换。。。。
注:这里就不详细贴日志,自己测试即可。。。
说明:对于上面2和3的测试看起来似乎绕了很大一圈,但是不绕这么一圈,你可能学不到什么,网上一大堆都是巴拉拉巴的都在优先级高的上测试,随便弄个例子就OK了。我这么做,就是让你知道这里面有这么个弯子,你自己想怎么用,自己看着办了。。。
第四种:后端web服务器全部故障时,使用sorry_server定向请求到其他备用服务器
对于这个功能,其实是可有可无,在生产环境中,肯定是每台服务器上的服务都是有所监控的,一旦发现错误就会理解处理,基本上不会发生后端web服务全部故障无法返回数据的情况。但
是凡事不是绝对的,说不定奇葩了呢。。所以还是说一下这个功能。
在测试上面的功能,先测试一下,当后端web服务器有故障时,lvs是否会踢掉有故障的规则:
测试:
在master上查看lvs规则:
[root@test2 ~]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.0.10.200:80 rr
-> 10.0.10.13:80 Route 1 0 0
-> 10.0.10.14:80 Route 1 0 0
[root@test2 ~]#
停止后端一台web服务器的httpd服务:
[root@test4 ~]# service httpd stop
Stopping httpd: [ OK ]
[root@test4 ~]#
在查看lvs规则:
[root@test2 ~]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.0.10.200:80 rr
-> 10.0.10.13:80 Route 1 0 0
You have new mail in /var/spool/mail/root
[root@test2 ~]#
看日志:
Sep 5 15:55:44 test2 Keepalived_healthcheckers[19580]: Error connecting server [10.0.10.14]:80.
Sep 5 15:55:44 test2 Keepalived_healthcheckers[19580]: Removing service [10.0.10.14]:80 from VS [10.0.10.200]:80
Sep 5 15:55:44 test2 Keepalived_healthcheckers[19580]: Remote SMTP server [127.0.0.1]:25 connected.
Sep 5 15:55:44 test2 Keepalived_healthcheckers[19580]: SMTP alert successfully sent.
可以看到,但后端web服务故障时,对应的规则成功被踢掉。。。
在启动httpd服务:
[root@test4 ~]# service httpd start
Starting httpd: [ OK ]
[root@test4 ~]#
看日志:
Sep 5 15:57:22 test2 Keepalived_healthcheckers[19580]: HTTP status code success to [10.0.10.14]:80 url(1).
Sep 5 15:57:25 test2 Keepalived_healthcheckers[19580]: Remote Web server [10.0.10.14]:80 succeed on service.
Sep 5 15:57:25 test2 Keepalived_healthcheckers[19580]: Adding service [10.0.10.14]:80 to VS [10.0.10.200]:80
Sep 5 15:57:25 test2 Keepalived_healthcheckers[19580]: Remote SMTP server [127.0.0.1]:25 connected.
Sep 5 15:57:25 test2 Keepalived_healthcheckers[19580]: SMTP alert successfully sent.
查看规则:
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.0.10.200:80 rr
-> 10.0.10.13:80 Route 1 0 0
-> 10.0.10.14:80 Route 1 0 0
[root@test2 ~]#
可以看到,规则又成功备添加回来了。。。。这说明keepalived可以实时检测后端服务,并刷新规则。。。
测试sorry_server的功能:
在配置文件中添加下面这么一句话:
virtual_server 10.0.10.200 80 {
delay_loop 3
lb_algo rr
lb_kind DR
nat_mask 255.255.255.0
# persistence_timeout 50
protocol TCP
sorry_server 10.0.10.15 80 //我这是配置文件的一部分,看清楚是在什么位置添加的。。。
real_server 10.0.10.13 80 {
weight 1
重启keepalived服务:
[root@test2 keepalived]# service keepalived restart
Stopping keepalived: [ OK ]
Starting keepalived: [ OK ]
[root@test2 keepalived]#
查看规则:
[root@test2 keepalived]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.0.10.200:80 rr
-> 10.0.10.13:80 Route 1 0 0
-> 10.0.10.14:80 Route 1 0 0
[root@test2 keepalived]#
停止后端所有web服务:
[root@test4 ~]# service httpd stop
Stopping httpd: [ OK ]
[root@test4 ~]#
[root@test3 logs]# service httpd stop
Stopping httpd: [ OK ]
[root@test3 logs]#
查看日志:
[root@test2 keepalived]#tail -f /var/log/message
Sep 5 16:05:15 test2 Keepalived_healthcheckers[25096]: Removing service [10.0.10.13]:80 from VS [10.0.10.200]:80
Sep 5 16:05:15 test2 Keepalived_healthcheckers[25096]: Remote SMTP server [127.0.0.1]:25 connected.
Sep 5 16:05:15 test2 Keepalived_healthcheckers[25096]: SMTP alert successfully sent.
Sep 5 16:05:20 test2 Keepalived_healthcheckers[25096]: Error connecting server [10.0.10.14]:80.
Sep 5 16:05:20 test2 Keepalived_healthcheckers[25096]: Removing service [10.0.10.14]:80 from VS [10.0.10.200]:80
Sep 5 16:05:20 test2 Keepalived_healthcheckers[25096]: Lost quorum 1-0=1 > 0 for VS [10.0.10.200]:80
Sep 5 16:05:20 test2 Keepalived_healthcheckers[25096]: Adding sorry server [10.0.10.15]:80 to VS [10.0.10.200]:80
Sep 5 16:05:20 test2 Keepalived_healthcheckers[25096]: Removing alive servers from the pool for VS [10.0.10.200]:80
Sep 5 16:05:20 test2 Keepalived_healthcheckers[25096]: Remote SMTP server [127.0.0.1]:25 connected.
Sep 5 16:05:20 test2 Keepalived_healthcheckers[25096]: SMTP alert successfully sent.
查看规则:
[root@test2 keepalived]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.0.10.200:80 rr
-> 10.0.10.15:80 Route 1 0 0
You have new mail in /var/spool/mail/root
[root@test2 keepalived]#
好,到这个地方,请你注意了,对比一样,当添加了sorry_server之后重启了keepalived服务,第一次查看规则,发现没有任何变化,并没有添加备用web的规则信息,当停止掉所有后端服务时
此时在查看规则,发现自动生成了备用web的规则。。
此时在客户端测试访问,发现访问到的是备用web上的内容。。
第五种:主备状态切换的报警
对于keepalived来说,特别重要的就是当前的主备状态,以便于我们根据需要进行调整。。。
配置如下:
vrrp_instance VI_1 {
state BACKUP
interface eth1
virtual_router_id 51
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass keepalivepass
}
virtual_ipaddress {
10.0.10.200/24 dev eth0 label eth0:0
}
track_script {
check_lvs
}
track_interface {
eth0
}
notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master 10.0.10.200"
notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup 10.0.10.200"
notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault 10.0.10.200"
smtp_alert //这个必须有,是报警的开关
}
上面的配置是个片段,报警配置是:notify开头的配置。上面的master,backup好理解,fault通常是跟心跳有关,例如心跳网卡宕了,检测不到心跳信息了等。。
一个简单的notify.sh的内容:
#!/bin/bash
#
contact='root@localhost'
Usage() {
echo "Usage:`basename $0` {master|backup|fault} VIP"
}
Notify() {
subject="`hostname`'s keepalived state changed to $1"
mailBody="`date "+%F %T"`:`hostname`'s keepalived state change to $1,$VIP floating."
echo $mailBody | mail -s "$subject" $contact
}
[ $# -lt 2 ] && Usage && exit 1
VIP=$2
case $1 in
master)
Notify master
;;
backup)
Notify backup
;;
fault)
Notify fault
;;
*)
Usage
exit 1
;;
esac
配置完成后,重启keepalived服务,当主备发生切换时,就会有邮件报警,在生产环境中,可以将邮件地址填写为自己的邮箱即可。。
其次配置了这里的报警,就可以取消全局配置中的邮件报警了,notification_email相关的设置...,使用该方式,你可以任意定义报警的内容。。。
到此位置,关于keepalived+lvs的部署就说道这了,不可能面面俱到,但是也说的差不多了。。。至于keepalived的本身其它的内容设置,会在keepalived.conf配置文件分析中再聊一聊。。
在��嗦一句,这文档有点长啊,不想在从头审核了,看到错误的话,你自己意会吧啊,不过我想应该不会有什么笔误吧。
结束!!!
笨蛋的技术------不怕你不会!!!!