lvs+keepalived配置

本文参考了http://freeloda.blog.51cto.com/2033581/1280962

http://lizhenliang.blog.51cto.com/7876557/1653523这2篇文章

一、环境

    lvs-keep-m: 192.168.3.24

    lvs-keep-s: 192.168.3.25

    RS1: 192.168.3.26

    RS2: 192.168.3.27

    VIP: 192.168.3.28

二、在所有节点都配置ntp同步时间

[root@lvs-keep-m ~]# ntpdate asia.pool.ntp.org
[root@lvs-keep-m ~]# hwclock -w

三、RS1和RS2配置httpd服务,以及VIP

    RS1操作

[root@RS1 ~]# yum -y install httpd
[root@RS1 ~]# echo "<h1>RS1.com</h1>" >/var/www/html/index.html
[root@RS1 ~]# service iptables stop
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]
[root@RS1 ~]# service httpd start
Starting httpd: httpd: apr_sockaddr_info_get() failed for RS1
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
                                                           [  OK  ]
[root@RS1 ~]# curl http://127.0.0.1
<h1>RS1.com</h1>
#以上是配置httpd服务

    在RS1上配置VIP,使用脚本配置,脚本内容如下

[root@RS1 ~]# cat realserver.sh 
#!/bin/bash  
#   
# Script to start LVS DR real server.   
# description: LVS DR real server   
#   
.  /etc/rc.d/init.d/functions

#在上文中我们设置的VIP是192.168.3.28
VIP=192.168.3.28 
host=`/bin/hostname`
case "$1" in  
start)   
       # Start LVS-DR real server on this machine.   
        /sbin/ifconfig lo down   
        /sbin/ifconfig lo up   
        echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore   
        echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce   
        echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore   
        echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
        /sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up  
        /sbin/route add -host $VIP dev lo:0
        ;;  
stop)
        # Stop LVS-DR real server loopback device(s).  
        /sbin/ifconfig lo:0 down   
        echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore   
        echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce   
        echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore   
        echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
        ;;  
status)
        # Status of LVS-DR real server.  
        islothere=`/sbin/ifconfig lo:0 | grep $VIP`   
        isrothere=`netstat -rn | grep "lo:0" | grep $VIP`   
        if [ ! "$islothere" -o ! "isrothere" ];then   
            # Either the route or the lo:0 device   
            # not found.   
            echo "LVS-DR real server Stopped."   
        else   
            echo "LVS-DR real server Running."   
        fi   
        ;;   
*)   
        # Invalid entry.   
        echo "$0: Usage: $0 {start|status|stop}"   
        exit 1   
        ;;   
esac   

#赋予执行权限
[root@RS1 ~]# chmod +x realserver.sh 
[root@RS1 ~]# sh realserver.sh start
[root@RS1 ~]# ip a |grep "192.168.3.28"
    inet 192.168.3.28/32 brd 192.168.3.28 scope global lo:0

     RS2操作

[root@RS2 ~]# yum -y install httpd
[root@RS2 ~]# echo "<h1>RS2.com</h1>" >/var/www/html/index.html
[root@RS2 ~]# service iptables stop
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]
[root@RS2 ~]# service httpd start
Starting httpd: httpd: apr_sockaddr_info_get() failed for RS2
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
                                                           [  OK  ]
[root@RS2 ~]# curl http://127.0.0.1
<h1>RS2.com</h1>

    在RS1上配置VIP,使用脚本配置,脚本内容同上

[root@RS2 ~]# sh realserver.sh start
[root@RS2 ~]# ip a |grep "192.168.3.28"
    inet 192.168.3.28/32 brd 192.168.3.28 scope global lo:0

四、lvs-keep-m和lvs-keep-s上安装lvs

    lvs-keep-m操作

[root@lvs-keep-m ~]# yum install make popt  libnl  libnl-devel  popt-static gcc* -y
[root@lvs-keep-m ~]# wget  http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.26.tar.gz
[root@lvs-keep-m ~]# tar xf ipvsadm-1.26.tar.gz 
[root@lvs-keep-m ~]# cd ipvsadm-1.26
[root@lvs-keep-m ipvsadm-1.26]# make
[root@lvs-keep-m ipvsadm-1.26]# make install

    lvs-keep-s操作

[root@lvs-keep-s ~]# yum install make popt  libnl  libnl-devel  popt-static gcc* -y
[root@lvs-keep-s ~]# wget  http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.26.tar.gz
[root@lvs-keep-s ~]# tar xf ipvsadm-1.26.tar.gz 
[root@lvs-keep-s ~]# cd ipvsadm-1.26
[root@lvs-keep-s ipvsadm-1.26]# make
[root@lvs-keep-s ipvsadm-1.26]# make install

五、lvs-keep-m和lvs-keep-s上安装keepalived

    在lvs-keep-m上安装keepalived

[root@lvs-keep-m ~]# yum install openssl openssl-devel -y
[root@lvs-keep-m ~]# wget http://www.keepalived.org/software/keepalived-1.2.13.tar.gz
[root@lvs-keep-m ~]# tar xf keepalived-1.2.13.tar.gz 
[root@lvs-keep-m ~]# cd keepalived-1.2.13
[root@lvs-keep-m keepalived-1.2.13]# ./configure 
[root@lvs-keep-m keepalived-1.2.13]# make && make install
#将keepalived配置成开机启动
[root@lvs-keep-m keepalived-1.2.13]# cp /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/
[root@lvs-keep-m keepalived-1.2.13]# cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
[root@lvs-keep-m keepalived-1.2.13]# mkdir  /etc/keepalived
[root@lvs-keep-m keepalived-1.2.13]# ln -s /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
[root@lvs-keep-m keepalived-1.2.13]# ln -s /usr/local/sbin/keepalived  /usr/sbin/

#备份keepalived.conf文件
[root@lvs-keep-m keepalived-1.2.13]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@lvs-keep-m ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {  
   notification_email {   
	[email protected]               #配置管理员邮箱
   }   
   notification_email_from root      #配置发件人   
   smtp_server 127.0.0.1             #配置邮件服务器   
   smtp_connect_timeout 30   
   router_id LVS_M                   #标识当前节点
}
vrrp_instance VI_1 {  
    state MASTER                     #配置keepalived的模式   
    interface eth0                   #将VIP绑定在哪个网卡上,这里设置成eth0
    virtual_router_id 99             #VRRP组名,两个节点设置必须一样,表明属于同一个VRRP组
    priority 101                     #配置优先级   
    advert_int 1                     #组播信息发送间隔
    authentication {   
        auth_type PASS               #设置验证方式
        auth_pass 1111               #验证密码
    }   
    virtual_ipaddress {   
        192.168.3.28                 #配置虚拟IP地址,这里可以配置多个地址,每个VIP下对应不同的realserver   
    }   
}
virtual_server 192.168.3.28 80 {  
    delay_loop 6   
    lb_algo rr                       #配置lvs算法,这里是rr,即轮询
    lb_kind DR                       #配置lvs模型,这里是DR,即直接路由模式
    nat_mask 255.255.255.0   
    #persistence_timeout 50          #会话保持时间
    protocol TCP
    real_server 192.168.3.26 80 {    #配置realaserver地址  
        weight 1   
        HTTP_GET {                   #监控配置   
            url {   
              path /                 #监控网站的/路径
          status_code 200   
            }   
            connect_timeout 2        #连接超时时间
            nb_get_retry 3           #重连次数
            delay_before_retry 1     #重连时间间隔
        }   
    }   
    real_server 192.168.3.27 80 {   
        weight 1   
        HTTP_GET {   
            url {   
              path /   
              status_code 200   
            }   
            connect_timeout 2   
            nb_get_retry 3   
            delay_before_retry 1   
        }   
    }   
}

#启动keepalived服务
[root@lvs-keep-m ~]# chkconfig --add keepalived
[root@lvs-keep-m ~]# chkconfig keepalived on
[root@lvs-keep-m ~]# chkconfig |grep keep
keepalived     	0:off	1:off	2:on	3:on	4:on	5:on	6:off
[root@lvs-keep-m ~]# /etc/init.d/keepalived start
Starting keepalived:                                       [  OK  ]
[root@lvs-keep-m ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.3.28:80 rr
  -> 192.168.3.26:80              Route   1      0          0         
  -> 192.168.3.27:80              Route   1      0          0    
  
#到此RS1的keepalived已配置好
[root@lvs-keep-m ~]# service iptables stop

    在lvs-keep-m上安装keepalived

[root@lvs-keep-s ~]# yum install openssl openssl-devel -y
[root@lvs-keep-s ~]# wget http://www.keepalived.org/software/keepalived-1.2.13.tar.gz
[root@lvs-keep-s ~]# tar xf keepalived-1.2.13.tar.gz 
[root@lvs-keep-s ~]# cd keepalived-1.2.13
[root@lvs-keep-s keepalived-1.2.13]# ./configure
[root@lvs-keep-s keepalived-1.2.13]# make && make install
[root@lvs-keep-s keepalived-1.2.13]# cp /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/
[root@lvs-keep-s keepalived-1.2.13]# cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
[root@lvs-keep-s keepalived-1.2.13]# mkdir  /etc/keepalived
[root@lvs-keep-s keepalived-1.2.13]# ln -s /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
[root@lvs-keep-s keepalived-1.2.13]# ln -s /usr/local/sbin/keepalived  /usr/sbin/
[root@lvs-keep-s keepalived-1.2.13]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak

#keepalived的配置文件我们从lvs-keep-m上复制过来修改即可
[root@lvs-keep-s keepalived-1.2.13]# cp ~/keepalived.conf /etc/keepalived/
[root@lvs-keep-s keepalived-1.2.13]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {  
   notification_email {   
	[email protected]                 #配置管理员邮箱
   }   
   notification_email_from root        #配置发件人   
   smtp_server 127.0.0.1               #配置邮件服务器   
   smtp_connect_timeout 30   
   router_id LVS_S                     #修改这里,表示节点标示符
}
vrrp_instance VI_1 {  
    state BACKUP                       #修改lvs的模式为BACKUP  
    interface eth0   
    virtual_router_id 99   
    priority 99                        #修改优先级,要比master的低   
    advert_int 1   
    authentication {   
        auth_type PASS   
        auth_pass 1111   
    }   
    virtual_ipaddress {   
        192.168.3.28  #配置虚拟IP地址   
    }   
}
virtual_server 192.168.3.28 80 {  
    delay_loop 6   
    lb_algo rr   
    lb_kind DR   
    nat_mask 255.255.255.0   
    #persistence_timeout 50   
    protocol TCP
    real_server 192.168.3.26 80 { #配置realaserver  
        weight 1   
        HTTP_GET { #监控配置   
            url {   
              path /   
          status_code 200   
            }   
            connect_timeout 2   
            nb_get_retry 3   
            delay_before_retry 1   
        }   
    }   
    real_server 192.168.3.27 80 {   
        weight 1   
        HTTP_GET {   
            url {   
              path /   
              status_code 200   
            }   
            connect_timeout 2   
            nb_get_retry 3   
            delay_before_retry 1   
        }   
    }   
}

#添加到开机自动启动
[root@lvs-keep-s ~]# chkconfig --add keepalived
[root@lvs-keep-s ~]# chkconfig keepalived on
[root@lvs-keep-s ~]# chkconfig |grep keep
keepalived     	0:off	1:off	2:on	3:on	4:on	5:on	6:off
[root@lvs-keep-s ~]# service keepalived start
Starting keepalived:                                       [  OK  ]
[root@lvs-keep-s ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.3.28:80 rr
  -> 192.168.3.26:80              Route   1      0          0         
  -> 192.168.3.27:80              Route   1      0          0   
[root@lvs-keep-s ~]# service iptables stop
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]

#正常情况下,这里是查询不到VIP地址的
[root@lvs-keep-s ~]# ip a |grep "192.168.3.28"

六、测试RealServer高可用

#结果显示访问http://192.168.3.28,后端服务正常
[root@qa-web ~]# curl http://192.168.3.28
<h1>RS1.com</h1>
[root@qa-web ~]# curl http://192.168.3.28
<h1>RS2.com</h1>
[root@qa-web ~]# curl http://192.168.3.28
<h1>RS1.com</h1>
[root@qa-web ~]# curl http://192.168.3.28
<h1>RS2.com</h1>
[root@qa-web ~]# curl http://192.168.3.28
<h1>RS1.com</h1>
[root@qa-web ~]# curl http://192.168.3.28
<h1>RS2.com</h1>

    场景1:将RS1的httpd服务停止,正常情况下lvs应该会自动删除RS1的记录,通过url访问到的页面应该是RS2.com

#停止RS1的httpd服务
[root@RS1 ~]# ip a |grep eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    inet 192.168.3.26/24 brd 192.168.3.255 scope global eth0
[root@RS1 ~]# service httpd stop
Stopping httpd:                                            [  OK  ]

#查看lvs的记录
[root@lvs-keep-m ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.3.28:80 rr
  -> 192.168.3.27:80              Route   1      0          0   

#结果显示RS1已经被自动删除,通过url访问结果如下
[root@qa-web ~]# curl http://192.168.3.28
<h1>RS2.com</h1>
[root@qa-web ~]# curl http://192.168.3.28
<h1>RS2.com</h1>

    场景2:将停止的RS1重新上线

[root@RS1 ~]# service httpd start
[root@RS1 ~]# netstat -anpt |grep httpd
tcp        0      0 :::80                       :::*                        LISTEN      1521/httpd   

#查看lvs结果
[root@lvs-keep-m ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.3.28:80 rr
  -> 192.168.3.26:80              Route   1      0          0         
  -> 192.168.3.27:80              Route   1      0          2

    从上面2个测试场景能看出lvs+keepalived能自动检测后端的realserver的状态。

七、测试keepalived高可用

    上面我们已经测试完RealSserver的高可用,这里我们来测试一下keepalived的高可用

    测试前2台keepalived状态如下

#lvs-keep-m的状态,拥有VIP
[root@lvs-keep-m ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:95:79:20 brd ff:ff:ff:ff:ff:ff
    inet 192.168.3.24/24 brd 192.168.3.255 scope global eth0
    inet 192.168.3.28/32 scope global eth0
    inet6 fe80::20c:29ff:fe95:7920/64 scope link 
       valid_lft forever preferred_lft forever
     
#lvs-keep-s的状态,没有VIP
[root@lvs-keep-s ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:12:6c:8c brd ff:ff:ff:ff:ff:ff
    inet 192.168.3.25/24 brd 192.168.3.255 scope global eth0
    inet6 fe80::20c:29ff:fe12:6c8c/64 scope link 
       valid_lft forever preferred_lft forever

    现在我们将lvs-keep-m上的keepalived服务停掉

[root@lvs-keep-m ~]# service keepalived stop
Stopping keepalived:                                       [  OK  ]

#结果显示已经没有VIP了
[root@lvs-keep-m ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:95:79:20 brd ff:ff:ff:ff:ff:ff
    inet 192.168.3.24/24 brd 192.168.3.255 scope global eth0
    inet6 fe80::20c:29ff:fe95:7920/64 scope link 
       valid_lft forever preferred_lft forever

    正常情况下,lvs-keep-m停止keepalived服务后,VIP应该会自动漂移到lvs-keep-s上,在lvs-keep-s上查看结果

[root@lvs-keep-s ~]# tail -f /var/log/messages 
#这一条日志记录显示keepalived的状态从BACKUP变成了MASTER
May 22 10:00:26 lvs-keep-s Keepalived_vrrp[1126]: VRRP_Instance(VI_1) Transition to MASTER STATE
May 22 10:00:27 lvs-keep-s Keepalived_vrrp[1126]: VRRP_Instance(VI_1) Entering MASTER STATE
May 22 10:00:27 lvs-keep-s Keepalived_vrrp[1126]: VRRP_Instance(VI_1) setting protocol VIPs.
#这里显示获得了VIP
May 22 10:00:27 lvs-keep-s Keepalived_vrrp[1126]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.3.28
May 22 10:00:27 lvs-keep-s Keepalived_healthcheckers[1125]: Netlink reflector reports IP 192.168.3.28 added
May 22 10:00:32 lvs-keep-s Keepalived_vrrp[1126]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.3.28

#从客户端访问http://192.168.3.28,结果显示一切正常
[root@qa-web ~]# curl http://192.168.3.28
<h1>RS1.com</h1>
[root@qa-web ~]# curl http://192.168.3.28
<h1>RS2.com</h1>

    宕机的lvs-keep-m恢复正常以后,由于lvs-keep-m的优先级高于lvs-keep-s,VIP应该会自动从lvs-keep-s上漂移到lvs-keep-m。

#启动lvs-keep-m的keepalived服务
[root@lvs-keep-m ~]# service keepalived start
Starting keepalived:                                       [  OK  ]
[root@lvs-keep-m ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:95:79:20 brd ff:ff:ff:ff:ff:ff
    inet 192.168.3.24/24 brd 192.168.3.255 scope global eth0
    inet 192.168.3.28/32 scope global eth0
    inet6 fe80::20c:29ff:fe95:7920/64 scope link 
       valid_lft forever preferred_lft forever
#查看日志信息
[root@lvs-keep-m ~]# tail /var/log/messages 
May 22 10:07:38 lvs-keep-m Keepalived_vrrp[1512]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]
May 22 10:07:38 lvs-keep-m Keepalived_healthcheckers[1511]: Activating healthchecker for service [192.168.3.26]:80
May 22 10:07:38 lvs-keep-m Keepalived_healthcheckers[1511]: Activating healthchecker for service [192.168.3.27]:80
#这里显示恢复到MASTER状态
May 22 10:07:38 lvs-keep-m Keepalived_vrrp[1512]: VRRP_Instance(VI_1) Transition to MASTER STATE
May 22 10:07:38 lvs-keep-m Keepalived_vrrp[1512]: VRRP_Instance(VI_1) Received lower prio advert, forcing new election
May 22 10:07:39 lvs-keep-m Keepalived_vrrp[1512]: VRRP_Instance(VI_1) Entering MASTER STATE
#这里显示获得VIP
May 22 10:07:39 lvs-keep-m Keepalived_vrrp[1512]: VRRP_Instance(VI_1) setting protocol VIPs.
May 22 10:07:39 lvs-keep-m Keepalived_healthcheckers[1511]: Netlink reflector reports IP 192.168.3.28 added
May 22 10:07:39 lvs-keep-m Keepalived_vrrp[1512]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.3.28
May 22 10:07:44 lvs-keep-m Keepalived_vrrp[1512]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.3.28

#在lvs-keep-s上查看是否有VIP信息
[root@lvs-keep-s ~]# tail -f /var/log/messages 
May 22 10:07:38 lvs-keep-s Keepalived_vrrp[1126]: VRRP_Instance(VI_1) Received higher prio advert
#这里显示状态变成BACKUP了
May 22 10:07:38 lvs-keep-s Keepalived_vrrp[1126]: VRRP_Instance(VI_1) Entering BACKUP STATE
#这里显示移除了VIP
May 22 10:07:38 lvs-keep-s Keepalived_vrrp[1126]: VRRP_Instance(VI_1) removing protocol VIPs.
May 22 10:07:38 lvs-keep-s Keepalived_healthcheckers[1125]: Netlink reflector reports IP 192.168.3.28 removed

#通过查看IP信息,也显示没有VIP的信息
[root@lvs-keep-s ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:12:6c:8c brd ff:ff:ff:ff:ff:ff
    inet 192.168.3.25/24 brd 192.168.3.255 scope global eth0
    inet6 fe80::20c:29ff:fe12:6c8c/64 scope link 
       valid_lft forever preferred_lft forever

    在生产环境中服务器可能开启了iptables,这会对keepalived造成影响,我们应该在iptables中添加一条vrrp的放行规则,规则如下

[root@lvs-keep-m ~]# iptables -I  INPUT -p vrrp -j ACCEPT

    通过以上测试结果能够看出,keepalived通过心跳检测,能自动实现keepalived的高可用

八、后端RealServer都宕机以后keepalived的处理

    我们通过keepalived实现后端的web服务器高可用,在后端的web服务器都离线以后,我们应该提供一个友好的页面给用户,避免用户访问出现错误页面

    在2台keepalived上安装httpd服务,并配置维护页面

#在lvs-keep-m上操作
[root@lvs-keep-m ~]# yum install httpd -y
[root@lvs-keep-m ~]# cat /var/www/html/index.html 
Website is currently under maintenance, please come back later!
[root@lvs-keep-m ~]# service httpd start

#在lvs-keep-s上操作
[root@lvs-keep-s ~]# yum install httpd -y
[root@lvs-keep-s ~]# cat /var/www/html/index.html 
Website is currently under maintenance, please come back later!
[root@lvs-keep-s ~]# service httpd start

#测试2个维护页面是否能访问
[root@qa-web ~]# curl http://192.168.3.24
Website is currently under maintenance, please come back later!
[root@qa-web ~]# curl http://192.168.3.25
Website is currently under maintenance, please come back later!

    修改2台keepalived的keepalived.conf文件,增加一行sorry_server,修改如下

    lvs-keep-m的配置

[root@lvs-keep-m ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {  
   notification_email {   
	[email protected]              #配置管理员邮箱
   }   
   notification_email_from root     #配置发件人   
   smtp_server 127.0.0.1            #配置邮件服务器   
   smtp_connect_timeout 30   
   router_id LVS_M   
}
vrrp_instance VI_1 {  
    state MASTER                     #配置模式   
    interface eth0   
    virtual_router_id 99   
    priority 101                     #配置优先级   
    advert_int 1   
    authentication {   
        auth_type PASS   
        auth_pass 1111   
    }   
    virtual_ipaddress {   
        192.168.3.28                  #配置虚拟IP地址   
    }   
}
virtual_server 192.168.3.28 80 {  
    delay_loop 6   
    lb_algo rr   
    lb_kind DR   
    nat_mask 255.255.255.0   
    #persistence_timeout 50   
    protocol TCP
    real_server 192.168.3.26 80 {     #配置realaserver  
        weight 1   
        HTTP_GET {                    #监控配置   
            url {   
              path /   
          status_code 200   
            }   
            connect_timeout 2   
            nb_get_retry 3   
            delay_before_retry 1   
        }   
    }   
    real_server 192.168.3.27 80 {   
        weight 1   
        HTTP_GET {   
            url {   
              path /   
              status_code 200   
            }   
            connect_timeout 2   
            nb_get_retry 3   
            delay_before_retry 1   
        }   
    }
    sorry_server 127.0.0.1 80           #在virtual_server段里增加这一行
}

    lvs-keep-s的配置

[root@lvs-keep-s ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {  
   notification_email {   
	[email protected]             #配置管理员邮箱
   }   
   notification_email_from root    #配置发件人   
   smtp_server 127.0.0.1           #配置邮件服务器   
   smtp_connect_timeout 30   
   router_id LVS_S   
}
vrrp_instance VI_1 {  
    state BACKUP                   #配置模式   
    interface eth0   
    virtual_router_id 99   
    priority 99                    #配置优先级   
    advert_int 1   
    authentication {   
        auth_type PASS   
        auth_pass 1111   
    }   
    virtual_ipaddress {   
        192.168.3.28               #配置虚拟IP地址   
    }   
}
virtual_server 192.168.3.28 80 {  
    delay_loop 6   
    lb_algo rr   
    lb_kind DR   
    nat_mask 255.255.255.0   
    #persistence_timeout 50   
    protocol TCP
    real_server 192.168.3.26 80 {   #配置realaserver  
        weight 1   
        HTTP_GET {                  #监控配置   
            url {   
              path /   
          status_code 200   
            }   
            connect_timeout 2   
            nb_get_retry 3   
            delay_before_retry 1   
        }   
    }   
    real_server 192.168.3.27 80 {   
        weight 1   
        HTTP_GET {   
            url {   
              path /   
              status_code 200   
            }   
            connect_timeout 2   
            nb_get_retry 3   
            delay_before_retry 1   
        }   
    } 
    sorry_server 127.0.0.1 80          #在virtual_server段中添加这一行
}

    关闭所有的RealServer的httpd服务,并重启所有的keepalived服务

[root@RS1 ~]# service httpd stop
Stopping httpd:                                            [  OK  ]
[root@RS2 ~]# service httpd stop
Stopping httpd:                                            [  OK  ]
[root@lvs-keep-m ~]# service keepalived restart
Stopping keepalived:                                       [  OK  ]
Starting keepalived:                                       [  OK  ]
[root@lvs-keep-s ~]# service keepalived restart
Stopping keepalived:                                       [  OK  ]
Starting keepalived:                                       [  OK  ]

#查看lvs的结果
[root@lvs-keep-m ~]# ipvsadm -L -n            #realserver记录指向的是本机的httpd服务
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.3.28:80 rr
  -> 127.0.0.1:80                 Local   1      0          0      
[root@lvs-keep-s ~]# ipvsadm -L -n            #realserver记录都指向本机的httpd服务
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.3.28:80 rr
  -> 127.0.0.1:80                 Local   1      0          0  
 
#从上面的结果我们看出,后端的2台RealServer已经被删除了,现在只有一个keepalived本机的记录
#从客户端访问http://192.168.3.28
[root@qa-web ~]# curl http://192.168.3.28
Website is currently under maintenance, please come back later!
[root@qa-web ~]# curl http://192.168.3.28
Website is currently under maintenance, please come back later!
#访问结果显示的是我们配置的维护页面信息。

    到此我们的keepalived维护页面信息配置完成。

九、监控脚本配置

    在工作中我们有的时候要监测后端的RealServer状态,来自动切换VIP。这里简单的演示一下

    定义脚本

vrrp_script check_schedown {        #定义要执行的vrrp脚本
        script "[ -e /etc/keepalived/down ] && exit 1 || exit 0"    #定义脚本内容,或者指定脚本位置
        intervar 1        #监控间隔时间
        weight -5         #降低优先级
        fail 2            #失败次数
        rise 1            #成功次数
}

    执行脚本

#该内容添加在vrrp_instance    
track_script {
        check_schedown        #这里执行的脚本名称是上面定义的
}

    在2台keepalived上都添加同样的内容并重启keepalived,过程略。

    测试:在lvs-keep-m上的/etc/keepalived/路径下创建文件down

[root@lvs-keep-m ~]# touch /etc/keepalived/down
[root@lvs-keep-m ~]# tail /var/log/messages 
May 22 12:57:01 lvs-keep-m Keepalived_vrrp[2005]: VRRP_Instance(VI_1) Entering MASTER STATE
May 22 12:57:01 lvs-keep-m Keepalived_vrrp[2005]: VRRP_Instance(VI_1) setting protocol VIPs.
May 22 12:57:01 lvs-keep-m Keepalived_vrrp[2005]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.3.28
May 22 12:57:01 lvs-keep-m Keepalived_healthcheckers[2004]: Netlink reflector reports IP 192.168.3.28 added
May 22 12:57:06 lvs-keep-m Keepalived_vrrp[2005]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.3.28
#这里显示脚本检测到了down文件,执行了脚本内容
May 22 12:57:26 lvs-keep-m Keepalived_vrrp[2005]: VRRP_Script(check_schedown) failed
May 22 12:57:27 lvs-keep-m Keepalived_vrrp[2005]: VRRP_Instance(VI_1) Received higher prio advert
#切换到BACKUP状态
May 22 12:57:27 lvs-keep-m Keepalived_vrrp[2005]: VRRP_Instance(VI_1) Entering BACKUP STATE
#移除VIP
May 22 12:57:27 lvs-keep-m Keepalived_vrrp[2005]: VRRP_Instance(VI_1) removing protocol VIPs.
May 22 12:57:27 lvs-keep-m Keepalived_healthcheckers[2004]: Netlink reflector reports IP 192.168.3.28 removed

#在lvs-keep-s上查看信息
[root@lvs-keep-s ~]# tail /var/log/messages 
May 22 12:57:17 lvs-keep-s Keepalived_healthcheckers[2020]: Activating healthchecker for service [192.168.3.26]:80
May 22 12:57:17 lvs-keep-s Keepalived_healthcheckers[2020]: Activating healthchecker for service [192.168.3.27]:80
May 22 12:57:26 lvs-keep-s Keepalived_vrrp[2021]: VRRP_Instance(VI_1) forcing a new MASTER election
May 22 12:57:26 lvs-keep-s Keepalived_vrrp[2021]: VRRP_Instance(VI_1) forcing a new MASTER election
May 22 12:57:27 lvs-keep-s Keepalived_vrrp[2021]: VRRP_Instance(VI_1) Transition to MASTER STATE
May 22 12:57:28 lvs-keep-s Keepalived_vrrp[2021]: VRRP_Instance(VI_1) Entering MASTER STATE
#获得VIP
May 22 12:57:28 lvs-keep-s Keepalived_vrrp[2021]: VRRP_Instance(VI_1) setting protocol VIPs.
May 22 12:57:28 lvs-keep-s Keepalived_vrrp[2021]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.3.28
May 22 12:57:28 lvs-keep-s Keepalived_healthcheckers[2020]: Netlink reflector reports IP 192.168.3.28 added
May 22 12:57:33 lvs-keep-s Keepalived_vrrp[2021]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.3.28

    上面演示的是检测的方法,可以根据后端realserver的需要写脚本并使用。

十、keepalived主从切换后,发送邮件通知管理员

    1) 当服务器改变为主时执行此脚本

[root@lvs-keep-m ~]# cat /etc/keepalived/to_master.sh 
#!/bin/bash
Date=$(date +%F" "%T)
IP=$(ifconfig eth0 |grep "inet addr" |cut -d":" -f2 |awk '{print $1}')
Mail="[email protected]"        #这里的邮箱地址根据自己的需要更改
echo "$Date  `hostname`:$IP change to Master." |mail -s "Master-Backup Change Status" $Mail
[root@lvs-keep-m ~]# chmod +x /etc/keepalived/to_master.sh

    2) 当服务器改变为备时执行此脚本

[root@lvs-keep-m ~]# cat /etc/keepalived/to_backup.sh 
#!/bin/bash
Date=$(date +%F" "%T)
IP=$(ifconfig eth0 |grep "inet addr" |cut -d":" -f2 |awk '{print $1}')
Mail="[email protected]"
echo "$Date  `hostname`:$IP change to Backup." |mail -s "Master-Backup Change Status" $Mail
[root@lvs-keep-m ~]# chmod +x /etc/keepalived/to_backup.sh

    3) 当服务器改变为故障时执行此脚本

[root@lvs-keep-m ~]# cat /etc/keepalived/to_fault.sh 
# cat to_fault.sh
#!/bin/bash
Date=$(date +%F" "%T)
IP=$(ifconfig eth0 |grep "inet addr" |cut -d":" -f2 |awk '{print $1}')
Mail="[email protected]"
echo "$Date  `hostname`:$IP change to Fault." |mail -s "Master-Backup Change Status" $Mail
[root@lvs-keep-m ~]# chmod +x /etc/keepalived/to_fault.sh

    将这3个脚本复制到lvs-keep-s的/etc/keepalived路径下,并赋予执行权限

    配置keepalived.conf文件,添加通知脚本参数

    这里只给出lvs-keep-m的配置文件,备节点的配置文件时一样的添加方法

[root@lvs-keep-m ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {  
   notification_email {   
	[email protected]                 #配置管理员邮箱
   }   
   notification_email_from root        #配置发件人   
   smtp_server 127.0.0.1               #配置邮件服务器   
   smtp_connect_timeout 30   
   router_id LVS_M   
}

vrrp_script check_schedown {
	script "[ -e /etc/keepalived/down ] && exit 1 || exit 0"
	intervar 1
	weight -5
	fail 2
	rise 1
}

vrrp_instance VI_1 {  
    state MASTER                       #配置模式   
    interface eth0   
    virtual_router_id 99   
    priority 101                       #配置优先级   
    advert_int 1   
    authentication {   
        auth_type PASS   
        auth_pass 1111   
    }   
    virtual_ipaddress {   
        192.168.3.28                    #配置虚拟IP地址   
    }
    notify_master /etc/keepalived/to_master.sh    #这里指定的是切换成master状态时要执行的通知脚本
    notify_backup /etc/keepalived/to_backup.sh    #这里指定的是切换成backup状态时要执行的通知脚本
    notify_fault /etc/keepalived/to_fault.sh      #这里指定的是切换成fault状态时要执行的通知脚本
    track_script {
    	check_schedown
    }
}
virtual_server 192.168.3.28 80 {  
    delay_loop 6   
    lb_algo rr   
    lb_kind DR   
    nat_mask 255.255.255.0   
    #persistence_timeout 50   
    protocol TCP
    real_server 192.168.3.26 80 {         #配置realaserver  
        weight 1   
        HTTP_GET {                        #监控配置   
            url {   
              path /   
          status_code 200   
            }   
            connect_timeout 2   
            nb_get_retry 3   
            delay_before_retry 1   
        }   
    }   
    real_server 192.168.3.27 80 {   
        weight 1   
        HTTP_GET {   
            url {   
              path /   
              status_code 200   
            }   
            connect_timeout 2   
            nb_get_retry 3   
            delay_before_retry 1   
        }   
    }
    sorry_server 127.0.0.1 80   
}

    重启所有的keepalived服务,让通知脚本参数生效

[root@lvs-keep-m ~]# service keepalived restart
Stopping keepalived:                                       [  OK  ]
Starting keepalived:                                       [  OK  ]
[root@lvs-keep-s ~]# service keepalived restart
Stopping keepalived:                                       [  OK  ]
Starting keepalived:                                       [  OK  ]

    重启后,测试通知脚本会不会生效,利用上文的down文件做测试

[root@lvs-keep-m ~]# touch /etc/keepalived/down
[root@lvs-keep-m ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:95:79:20 brd ff:ff:ff:ff:ff:ff
    inet 192.168.3.24/24 brd 192.168.3.255 scope global eth0
    inet6 fe80::20c:29ff:fe95:7920/64 scope link 
       valid_lft forever preferred_lft forever
#结果显示已VIP已经移除,切换成BACKUP状态了

    查看邮件

wKiom1Ve0eyRgszsAADm3ibNlFU320.jpg

    我们再次删除/etc/keepalived/down文件

[root@lvs-keep-m ~]# rm -rf /etc/keepalived/down
[root@lvs-keep-m ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:95:79:20 brd ff:ff:ff:ff:ff:ff
    inet 192.168.3.24/24 brd 192.168.3.255 scope global eth0
    inet 192.168.3.28/32 scope global eth0
    inet6 fe80::20c:29ff:fe95:7920/64 scope link 
       valid_lft forever preferred_lft forever
#结果表明删除down文件后,主机状态从BACKUP切换成MASTER状态,获取到VIP

    查看邮件

wKioL1Ve1AbzzA2OAADmg7DBUX0701.jpg

从以上测试结果中,我们的状态切换脚本能够正常工作。

你可能感兴趣的:(keepalived,LVS,配置)