本文参考了http://freeloda.blog.51cto.com/2033581/1280962
http://lizhenliang.blog.51cto.com/7876557/1653523这2篇文章
一、环境
lvs-keep-m: 192.168.3.24
lvs-keep-s: 192.168.3.25
RS1: 192.168.3.26
RS2: 192.168.3.27
VIP: 192.168.3.28
二、在所有节点都配置ntp同步时间
[root@lvs-keep-m ~]# ntpdate asia.pool.ntp.org [root@lvs-keep-m ~]# hwclock -w
三、RS1和RS2配置httpd服务,以及VIP
RS1操作
[root@RS1 ~]# yum -y install httpd [root@RS1 ~]# echo "<h1>RS1.com</h1>" >/var/www/html/index.html [root@RS1 ~]# service iptables stop iptables: Flushing firewall rules: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Unloading modules: [ OK ] [root@RS1 ~]# service httpd start Starting httpd: httpd: apr_sockaddr_info_get() failed for RS1 httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName [ OK ] [root@RS1 ~]# curl http://127.0.0.1 <h1>RS1.com</h1> #以上是配置httpd服务
在RS1上配置VIP,使用脚本配置,脚本内容如下
[root@RS1 ~]# cat realserver.sh #!/bin/bash # # Script to start LVS DR real server. # description: LVS DR real server # . /etc/rc.d/init.d/functions #在上文中我们设置的VIP是192.168.3.28 VIP=192.168.3.28 host=`/bin/hostname` case "$1" in start) # Start LVS-DR real server on this machine. /sbin/ifconfig lo down /sbin/ifconfig lo up echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce /sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up /sbin/route add -host $VIP dev lo:0 ;; stop) # Stop LVS-DR real server loopback device(s). /sbin/ifconfig lo:0 down echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce ;; status) # Status of LVS-DR real server. islothere=`/sbin/ifconfig lo:0 | grep $VIP` isrothere=`netstat -rn | grep "lo:0" | grep $VIP` if [ ! "$islothere" -o ! "isrothere" ];then # Either the route or the lo:0 device # not found. echo "LVS-DR real server Stopped." else echo "LVS-DR real server Running." fi ;; *) # Invalid entry. echo "$0: Usage: $0 {start|status|stop}" exit 1 ;; esac #赋予执行权限 [root@RS1 ~]# chmod +x realserver.sh [root@RS1 ~]# sh realserver.sh start [root@RS1 ~]# ip a |grep "192.168.3.28" inet 192.168.3.28/32 brd 192.168.3.28 scope global lo:0
RS2操作
[root@RS2 ~]# yum -y install httpd [root@RS2 ~]# echo "<h1>RS2.com</h1>" >/var/www/html/index.html [root@RS2 ~]# service iptables stop iptables: Flushing firewall rules: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Unloading modules: [ OK ] [root@RS2 ~]# service httpd start Starting httpd: httpd: apr_sockaddr_info_get() failed for RS2 httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName [ OK ] [root@RS2 ~]# curl http://127.0.0.1 <h1>RS2.com</h1>
在RS1上配置VIP,使用脚本配置,脚本内容同上
[root@RS2 ~]# sh realserver.sh start [root@RS2 ~]# ip a |grep "192.168.3.28" inet 192.168.3.28/32 brd 192.168.3.28 scope global lo:0
四、lvs-keep-m和lvs-keep-s上安装lvs
lvs-keep-m操作
[root@lvs-keep-m ~]# yum install make popt libnl libnl-devel popt-static gcc* -y [root@lvs-keep-m ~]# wget http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.26.tar.gz [root@lvs-keep-m ~]# tar xf ipvsadm-1.26.tar.gz [root@lvs-keep-m ~]# cd ipvsadm-1.26 [root@lvs-keep-m ipvsadm-1.26]# make [root@lvs-keep-m ipvsadm-1.26]# make install
lvs-keep-s操作
[root@lvs-keep-s ~]# yum install make popt libnl libnl-devel popt-static gcc* -y [root@lvs-keep-s ~]# wget http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.26.tar.gz [root@lvs-keep-s ~]# tar xf ipvsadm-1.26.tar.gz [root@lvs-keep-s ~]# cd ipvsadm-1.26 [root@lvs-keep-s ipvsadm-1.26]# make [root@lvs-keep-s ipvsadm-1.26]# make install
五、lvs-keep-m和lvs-keep-s上安装keepalived
在lvs-keep-m上安装keepalived
[root@lvs-keep-m ~]# yum install openssl openssl-devel -y [root@lvs-keep-m ~]# wget http://www.keepalived.org/software/keepalived-1.2.13.tar.gz [root@lvs-keep-m ~]# tar xf keepalived-1.2.13.tar.gz [root@lvs-keep-m ~]# cd keepalived-1.2.13 [root@lvs-keep-m keepalived-1.2.13]# ./configure [root@lvs-keep-m keepalived-1.2.13]# make && make install #将keepalived配置成开机启动 [root@lvs-keep-m keepalived-1.2.13]# cp /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/ [root@lvs-keep-m keepalived-1.2.13]# cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/ [root@lvs-keep-m keepalived-1.2.13]# mkdir /etc/keepalived [root@lvs-keep-m keepalived-1.2.13]# ln -s /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/ [root@lvs-keep-m keepalived-1.2.13]# ln -s /usr/local/sbin/keepalived /usr/sbin/ #备份keepalived.conf文件 [root@lvs-keep-m keepalived-1.2.13]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak [root@lvs-keep-m ~]# cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { [email protected] #配置管理员邮箱 } notification_email_from root #配置发件人 smtp_server 127.0.0.1 #配置邮件服务器 smtp_connect_timeout 30 router_id LVS_M #标识当前节点 } vrrp_instance VI_1 { state MASTER #配置keepalived的模式 interface eth0 #将VIP绑定在哪个网卡上,这里设置成eth0 virtual_router_id 99 #VRRP组名,两个节点设置必须一样,表明属于同一个VRRP组 priority 101 #配置优先级 advert_int 1 #组播信息发送间隔 authentication { auth_type PASS #设置验证方式 auth_pass 1111 #验证密码 } virtual_ipaddress { 192.168.3.28 #配置虚拟IP地址,这里可以配置多个地址,每个VIP下对应不同的realserver } } virtual_server 192.168.3.28 80 { delay_loop 6 lb_algo rr #配置lvs算法,这里是rr,即轮询 lb_kind DR #配置lvs模型,这里是DR,即直接路由模式 nat_mask 255.255.255.0 #persistence_timeout 50 #会话保持时间 protocol TCP real_server 192.168.3.26 80 { #配置realaserver地址 weight 1 HTTP_GET { #监控配置 url { path / #监控网站的/路径 status_code 200 } connect_timeout 2 #连接超时时间 nb_get_retry 3 #重连次数 delay_before_retry 1 #重连时间间隔 } } real_server 192.168.3.27 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 2 nb_get_retry 3 delay_before_retry 1 } } } #启动keepalived服务 [root@lvs-keep-m ~]# chkconfig --add keepalived [root@lvs-keep-m ~]# chkconfig keepalived on [root@lvs-keep-m ~]# chkconfig |grep keep keepalived 0:off 1:off 2:on 3:on 4:on 5:on 6:off [root@lvs-keep-m ~]# /etc/init.d/keepalived start Starting keepalived: [ OK ] [root@lvs-keep-m ~]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.3.28:80 rr -> 192.168.3.26:80 Route 1 0 0 -> 192.168.3.27:80 Route 1 0 0 #到此RS1的keepalived已配置好 [root@lvs-keep-m ~]# service iptables stop
在lvs-keep-m上安装keepalived
[root@lvs-keep-s ~]# yum install openssl openssl-devel -y [root@lvs-keep-s ~]# wget http://www.keepalived.org/software/keepalived-1.2.13.tar.gz [root@lvs-keep-s ~]# tar xf keepalived-1.2.13.tar.gz [root@lvs-keep-s ~]# cd keepalived-1.2.13 [root@lvs-keep-s keepalived-1.2.13]# ./configure [root@lvs-keep-s keepalived-1.2.13]# make && make install [root@lvs-keep-s keepalived-1.2.13]# cp /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/ [root@lvs-keep-s keepalived-1.2.13]# cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/ [root@lvs-keep-s keepalived-1.2.13]# mkdir /etc/keepalived [root@lvs-keep-s keepalived-1.2.13]# ln -s /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/ [root@lvs-keep-s keepalived-1.2.13]# ln -s /usr/local/sbin/keepalived /usr/sbin/ [root@lvs-keep-s keepalived-1.2.13]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak #keepalived的配置文件我们从lvs-keep-m上复制过来修改即可 [root@lvs-keep-s keepalived-1.2.13]# cp ~/keepalived.conf /etc/keepalived/ [root@lvs-keep-s keepalived-1.2.13]# cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { [email protected] #配置管理员邮箱 } notification_email_from root #配置发件人 smtp_server 127.0.0.1 #配置邮件服务器 smtp_connect_timeout 30 router_id LVS_S #修改这里,表示节点标示符 } vrrp_instance VI_1 { state BACKUP #修改lvs的模式为BACKUP interface eth0 virtual_router_id 99 priority 99 #修改优先级,要比master的低 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.3.28 #配置虚拟IP地址 } } virtual_server 192.168.3.28 80 { delay_loop 6 lb_algo rr lb_kind DR nat_mask 255.255.255.0 #persistence_timeout 50 protocol TCP real_server 192.168.3.26 80 { #配置realaserver weight 1 HTTP_GET { #监控配置 url { path / status_code 200 } connect_timeout 2 nb_get_retry 3 delay_before_retry 1 } } real_server 192.168.3.27 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 2 nb_get_retry 3 delay_before_retry 1 } } } #添加到开机自动启动 [root@lvs-keep-s ~]# chkconfig --add keepalived [root@lvs-keep-s ~]# chkconfig keepalived on [root@lvs-keep-s ~]# chkconfig |grep keep keepalived 0:off 1:off 2:on 3:on 4:on 5:on 6:off [root@lvs-keep-s ~]# service keepalived start Starting keepalived: [ OK ] [root@lvs-keep-s ~]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.3.28:80 rr -> 192.168.3.26:80 Route 1 0 0 -> 192.168.3.27:80 Route 1 0 0 [root@lvs-keep-s ~]# service iptables stop iptables: Flushing firewall rules: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Unloading modules: [ OK ] #正常情况下,这里是查询不到VIP地址的 [root@lvs-keep-s ~]# ip a |grep "192.168.3.28"
六、测试RealServer高可用
#结果显示访问http://192.168.3.28,后端服务正常 [root@qa-web ~]# curl http://192.168.3.28 <h1>RS1.com</h1> [root@qa-web ~]# curl http://192.168.3.28 <h1>RS2.com</h1> [root@qa-web ~]# curl http://192.168.3.28 <h1>RS1.com</h1> [root@qa-web ~]# curl http://192.168.3.28 <h1>RS2.com</h1> [root@qa-web ~]# curl http://192.168.3.28 <h1>RS1.com</h1> [root@qa-web ~]# curl http://192.168.3.28 <h1>RS2.com</h1>
场景1:将RS1的httpd服务停止,正常情况下lvs应该会自动删除RS1的记录,通过url访问到的页面应该是RS2.com
#停止RS1的httpd服务 [root@RS1 ~]# ip a |grep eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 inet 192.168.3.26/24 brd 192.168.3.255 scope global eth0 [root@RS1 ~]# service httpd stop Stopping httpd: [ OK ] #查看lvs的记录 [root@lvs-keep-m ~]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.3.28:80 rr -> 192.168.3.27:80 Route 1 0 0 #结果显示RS1已经被自动删除,通过url访问结果如下 [root@qa-web ~]# curl http://192.168.3.28 <h1>RS2.com</h1> [root@qa-web ~]# curl http://192.168.3.28 <h1>RS2.com</h1>
场景2:将停止的RS1重新上线
[root@RS1 ~]# service httpd start [root@RS1 ~]# netstat -anpt |grep httpd tcp 0 0 :::80 :::* LISTEN 1521/httpd #查看lvs结果 [root@lvs-keep-m ~]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.3.28:80 rr -> 192.168.3.26:80 Route 1 0 0 -> 192.168.3.27:80 Route 1 0 2
从上面2个测试场景能看出lvs+keepalived能自动检测后端的realserver的状态。
七、测试keepalived高可用
上面我们已经测试完RealSserver的高可用,这里我们来测试一下keepalived的高可用
测试前2台keepalived状态如下
#lvs-keep-m的状态,拥有VIP [root@lvs-keep-m ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:95:79:20 brd ff:ff:ff:ff:ff:ff inet 192.168.3.24/24 brd 192.168.3.255 scope global eth0 inet 192.168.3.28/32 scope global eth0 inet6 fe80::20c:29ff:fe95:7920/64 scope link valid_lft forever preferred_lft forever #lvs-keep-s的状态,没有VIP [root@lvs-keep-s ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:12:6c:8c brd ff:ff:ff:ff:ff:ff inet 192.168.3.25/24 brd 192.168.3.255 scope global eth0 inet6 fe80::20c:29ff:fe12:6c8c/64 scope link valid_lft forever preferred_lft forever
现在我们将lvs-keep-m上的keepalived服务停掉
[root@lvs-keep-m ~]# service keepalived stop Stopping keepalived: [ OK ] #结果显示已经没有VIP了 [root@lvs-keep-m ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:95:79:20 brd ff:ff:ff:ff:ff:ff inet 192.168.3.24/24 brd 192.168.3.255 scope global eth0 inet6 fe80::20c:29ff:fe95:7920/64 scope link valid_lft forever preferred_lft forever
正常情况下,lvs-keep-m停止keepalived服务后,VIP应该会自动漂移到lvs-keep-s上,在lvs-keep-s上查看结果
[root@lvs-keep-s ~]# tail -f /var/log/messages #这一条日志记录显示keepalived的状态从BACKUP变成了MASTER May 22 10:00:26 lvs-keep-s Keepalived_vrrp[1126]: VRRP_Instance(VI_1) Transition to MASTER STATE May 22 10:00:27 lvs-keep-s Keepalived_vrrp[1126]: VRRP_Instance(VI_1) Entering MASTER STATE May 22 10:00:27 lvs-keep-s Keepalived_vrrp[1126]: VRRP_Instance(VI_1) setting protocol VIPs. #这里显示获得了VIP May 22 10:00:27 lvs-keep-s Keepalived_vrrp[1126]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.3.28 May 22 10:00:27 lvs-keep-s Keepalived_healthcheckers[1125]: Netlink reflector reports IP 192.168.3.28 added May 22 10:00:32 lvs-keep-s Keepalived_vrrp[1126]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.3.28 #从客户端访问http://192.168.3.28,结果显示一切正常 [root@qa-web ~]# curl http://192.168.3.28 <h1>RS1.com</h1> [root@qa-web ~]# curl http://192.168.3.28 <h1>RS2.com</h1>
宕机的lvs-keep-m恢复正常以后,由于lvs-keep-m的优先级高于lvs-keep-s,VIP应该会自动从lvs-keep-s上漂移到lvs-keep-m。
#启动lvs-keep-m的keepalived服务 [root@lvs-keep-m ~]# service keepalived start Starting keepalived: [ OK ] [root@lvs-keep-m ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:95:79:20 brd ff:ff:ff:ff:ff:ff inet 192.168.3.24/24 brd 192.168.3.255 scope global eth0 inet 192.168.3.28/32 scope global eth0 inet6 fe80::20c:29ff:fe95:7920/64 scope link valid_lft forever preferred_lft forever #查看日志信息 [root@lvs-keep-m ~]# tail /var/log/messages May 22 10:07:38 lvs-keep-m Keepalived_vrrp[1512]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)] May 22 10:07:38 lvs-keep-m Keepalived_healthcheckers[1511]: Activating healthchecker for service [192.168.3.26]:80 May 22 10:07:38 lvs-keep-m Keepalived_healthcheckers[1511]: Activating healthchecker for service [192.168.3.27]:80 #这里显示恢复到MASTER状态 May 22 10:07:38 lvs-keep-m Keepalived_vrrp[1512]: VRRP_Instance(VI_1) Transition to MASTER STATE May 22 10:07:38 lvs-keep-m Keepalived_vrrp[1512]: VRRP_Instance(VI_1) Received lower prio advert, forcing new election May 22 10:07:39 lvs-keep-m Keepalived_vrrp[1512]: VRRP_Instance(VI_1) Entering MASTER STATE #这里显示获得VIP May 22 10:07:39 lvs-keep-m Keepalived_vrrp[1512]: VRRP_Instance(VI_1) setting protocol VIPs. May 22 10:07:39 lvs-keep-m Keepalived_healthcheckers[1511]: Netlink reflector reports IP 192.168.3.28 added May 22 10:07:39 lvs-keep-m Keepalived_vrrp[1512]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.3.28 May 22 10:07:44 lvs-keep-m Keepalived_vrrp[1512]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.3.28 #在lvs-keep-s上查看是否有VIP信息 [root@lvs-keep-s ~]# tail -f /var/log/messages May 22 10:07:38 lvs-keep-s Keepalived_vrrp[1126]: VRRP_Instance(VI_1) Received higher prio advert #这里显示状态变成BACKUP了 May 22 10:07:38 lvs-keep-s Keepalived_vrrp[1126]: VRRP_Instance(VI_1) Entering BACKUP STATE #这里显示移除了VIP May 22 10:07:38 lvs-keep-s Keepalived_vrrp[1126]: VRRP_Instance(VI_1) removing protocol VIPs. May 22 10:07:38 lvs-keep-s Keepalived_healthcheckers[1125]: Netlink reflector reports IP 192.168.3.28 removed #通过查看IP信息,也显示没有VIP的信息 [root@lvs-keep-s ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:12:6c:8c brd ff:ff:ff:ff:ff:ff inet 192.168.3.25/24 brd 192.168.3.255 scope global eth0 inet6 fe80::20c:29ff:fe12:6c8c/64 scope link valid_lft forever preferred_lft forever
在生产环境中服务器可能开启了iptables,这会对keepalived造成影响,我们应该在iptables中添加一条vrrp的放行规则,规则如下
[root@lvs-keep-m ~]# iptables -I INPUT -p vrrp -j ACCEPT
通过以上测试结果能够看出,keepalived通过心跳检测,能自动实现keepalived的高可用
八、后端RealServer都宕机以后keepalived的处理
我们通过keepalived实现后端的web服务器高可用,在后端的web服务器都离线以后,我们应该提供一个友好的页面给用户,避免用户访问出现错误页面
在2台keepalived上安装httpd服务,并配置维护页面
#在lvs-keep-m上操作 [root@lvs-keep-m ~]# yum install httpd -y [root@lvs-keep-m ~]# cat /var/www/html/index.html Website is currently under maintenance, please come back later! [root@lvs-keep-m ~]# service httpd start #在lvs-keep-s上操作 [root@lvs-keep-s ~]# yum install httpd -y [root@lvs-keep-s ~]# cat /var/www/html/index.html Website is currently under maintenance, please come back later! [root@lvs-keep-s ~]# service httpd start #测试2个维护页面是否能访问 [root@qa-web ~]# curl http://192.168.3.24 Website is currently under maintenance, please come back later! [root@qa-web ~]# curl http://192.168.3.25 Website is currently under maintenance, please come back later!
修改2台keepalived的keepalived.conf文件,增加一行sorry_server,修改如下
lvs-keep-m的配置
[root@lvs-keep-m ~]# cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { [email protected] #配置管理员邮箱 } notification_email_from root #配置发件人 smtp_server 127.0.0.1 #配置邮件服务器 smtp_connect_timeout 30 router_id LVS_M } vrrp_instance VI_1 { state MASTER #配置模式 interface eth0 virtual_router_id 99 priority 101 #配置优先级 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.3.28 #配置虚拟IP地址 } } virtual_server 192.168.3.28 80 { delay_loop 6 lb_algo rr lb_kind DR nat_mask 255.255.255.0 #persistence_timeout 50 protocol TCP real_server 192.168.3.26 80 { #配置realaserver weight 1 HTTP_GET { #监控配置 url { path / status_code 200 } connect_timeout 2 nb_get_retry 3 delay_before_retry 1 } } real_server 192.168.3.27 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 2 nb_get_retry 3 delay_before_retry 1 } } sorry_server 127.0.0.1 80 #在virtual_server段里增加这一行 }
lvs-keep-s的配置
[root@lvs-keep-s ~]# cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { [email protected] #配置管理员邮箱 } notification_email_from root #配置发件人 smtp_server 127.0.0.1 #配置邮件服务器 smtp_connect_timeout 30 router_id LVS_S } vrrp_instance VI_1 { state BACKUP #配置模式 interface eth0 virtual_router_id 99 priority 99 #配置优先级 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.3.28 #配置虚拟IP地址 } } virtual_server 192.168.3.28 80 { delay_loop 6 lb_algo rr lb_kind DR nat_mask 255.255.255.0 #persistence_timeout 50 protocol TCP real_server 192.168.3.26 80 { #配置realaserver weight 1 HTTP_GET { #监控配置 url { path / status_code 200 } connect_timeout 2 nb_get_retry 3 delay_before_retry 1 } } real_server 192.168.3.27 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 2 nb_get_retry 3 delay_before_retry 1 } } sorry_server 127.0.0.1 80 #在virtual_server段中添加这一行 }
关闭所有的RealServer的httpd服务,并重启所有的keepalived服务
[root@RS1 ~]# service httpd stop Stopping httpd: [ OK ] [root@RS2 ~]# service httpd stop Stopping httpd: [ OK ] [root@lvs-keep-m ~]# service keepalived restart Stopping keepalived: [ OK ] Starting keepalived: [ OK ] [root@lvs-keep-s ~]# service keepalived restart Stopping keepalived: [ OK ] Starting keepalived: [ OK ] #查看lvs的结果 [root@lvs-keep-m ~]# ipvsadm -L -n #realserver记录指向的是本机的httpd服务 IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.3.28:80 rr -> 127.0.0.1:80 Local 1 0 0 [root@lvs-keep-s ~]# ipvsadm -L -n #realserver记录都指向本机的httpd服务 IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.3.28:80 rr -> 127.0.0.1:80 Local 1 0 0 #从上面的结果我们看出,后端的2台RealServer已经被删除了,现在只有一个keepalived本机的记录 #从客户端访问http://192.168.3.28 [root@qa-web ~]# curl http://192.168.3.28 Website is currently under maintenance, please come back later! [root@qa-web ~]# curl http://192.168.3.28 Website is currently under maintenance, please come back later! #访问结果显示的是我们配置的维护页面信息。
到此我们的keepalived维护页面信息配置完成。
九、监控脚本配置
在工作中我们有的时候要监测后端的RealServer状态,来自动切换VIP。这里简单的演示一下
定义脚本
vrrp_script check_schedown { #定义要执行的vrrp脚本 script "[ -e /etc/keepalived/down ] && exit 1 || exit 0" #定义脚本内容,或者指定脚本位置 intervar 1 #监控间隔时间 weight -5 #降低优先级 fail 2 #失败次数 rise 1 #成功次数 }
执行脚本
#该内容添加在vrrp_instance track_script { check_schedown #这里执行的脚本名称是上面定义的 }
在2台keepalived上都添加同样的内容并重启keepalived,过程略。
测试:在lvs-keep-m上的/etc/keepalived/路径下创建文件down
[root@lvs-keep-m ~]# touch /etc/keepalived/down [root@lvs-keep-m ~]# tail /var/log/messages May 22 12:57:01 lvs-keep-m Keepalived_vrrp[2005]: VRRP_Instance(VI_1) Entering MASTER STATE May 22 12:57:01 lvs-keep-m Keepalived_vrrp[2005]: VRRP_Instance(VI_1) setting protocol VIPs. May 22 12:57:01 lvs-keep-m Keepalived_vrrp[2005]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.3.28 May 22 12:57:01 lvs-keep-m Keepalived_healthcheckers[2004]: Netlink reflector reports IP 192.168.3.28 added May 22 12:57:06 lvs-keep-m Keepalived_vrrp[2005]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.3.28 #这里显示脚本检测到了down文件,执行了脚本内容 May 22 12:57:26 lvs-keep-m Keepalived_vrrp[2005]: VRRP_Script(check_schedown) failed May 22 12:57:27 lvs-keep-m Keepalived_vrrp[2005]: VRRP_Instance(VI_1) Received higher prio advert #切换到BACKUP状态 May 22 12:57:27 lvs-keep-m Keepalived_vrrp[2005]: VRRP_Instance(VI_1) Entering BACKUP STATE #移除VIP May 22 12:57:27 lvs-keep-m Keepalived_vrrp[2005]: VRRP_Instance(VI_1) removing protocol VIPs. May 22 12:57:27 lvs-keep-m Keepalived_healthcheckers[2004]: Netlink reflector reports IP 192.168.3.28 removed #在lvs-keep-s上查看信息 [root@lvs-keep-s ~]# tail /var/log/messages May 22 12:57:17 lvs-keep-s Keepalived_healthcheckers[2020]: Activating healthchecker for service [192.168.3.26]:80 May 22 12:57:17 lvs-keep-s Keepalived_healthcheckers[2020]: Activating healthchecker for service [192.168.3.27]:80 May 22 12:57:26 lvs-keep-s Keepalived_vrrp[2021]: VRRP_Instance(VI_1) forcing a new MASTER election May 22 12:57:26 lvs-keep-s Keepalived_vrrp[2021]: VRRP_Instance(VI_1) forcing a new MASTER election May 22 12:57:27 lvs-keep-s Keepalived_vrrp[2021]: VRRP_Instance(VI_1) Transition to MASTER STATE May 22 12:57:28 lvs-keep-s Keepalived_vrrp[2021]: VRRP_Instance(VI_1) Entering MASTER STATE #获得VIP May 22 12:57:28 lvs-keep-s Keepalived_vrrp[2021]: VRRP_Instance(VI_1) setting protocol VIPs. May 22 12:57:28 lvs-keep-s Keepalived_vrrp[2021]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.3.28 May 22 12:57:28 lvs-keep-s Keepalived_healthcheckers[2020]: Netlink reflector reports IP 192.168.3.28 added May 22 12:57:33 lvs-keep-s Keepalived_vrrp[2021]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.3.28
上面演示的是检测的方法,可以根据后端realserver的需要写脚本并使用。
十、keepalived主从切换后,发送邮件通知管理员
1) 当服务器改变为主时执行此脚本
[root@lvs-keep-m ~]# cat /etc/keepalived/to_master.sh #!/bin/bash Date=$(date +%F" "%T) IP=$(ifconfig eth0 |grep "inet addr" |cut -d":" -f2 |awk '{print $1}') Mail="[email protected]" #这里的邮箱地址根据自己的需要更改 echo "$Date `hostname`:$IP change to Master." |mail -s "Master-Backup Change Status" $Mail [root@lvs-keep-m ~]# chmod +x /etc/keepalived/to_master.sh
2) 当服务器改变为备时执行此脚本
[root@lvs-keep-m ~]# cat /etc/keepalived/to_backup.sh #!/bin/bash Date=$(date +%F" "%T) IP=$(ifconfig eth0 |grep "inet addr" |cut -d":" -f2 |awk '{print $1}') Mail="[email protected]" echo "$Date `hostname`:$IP change to Backup." |mail -s "Master-Backup Change Status" $Mail [root@lvs-keep-m ~]# chmod +x /etc/keepalived/to_backup.sh
3) 当服务器改变为故障时执行此脚本
[root@lvs-keep-m ~]# cat /etc/keepalived/to_fault.sh # cat to_fault.sh #!/bin/bash Date=$(date +%F" "%T) IP=$(ifconfig eth0 |grep "inet addr" |cut -d":" -f2 |awk '{print $1}') Mail="[email protected]" echo "$Date `hostname`:$IP change to Fault." |mail -s "Master-Backup Change Status" $Mail [root@lvs-keep-m ~]# chmod +x /etc/keepalived/to_fault.sh
将这3个脚本复制到lvs-keep-s的/etc/keepalived路径下,并赋予执行权限
配置keepalived.conf文件,添加通知脚本参数
这里只给出lvs-keep-m的配置文件,备节点的配置文件时一样的添加方法
[root@lvs-keep-m ~]# cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { [email protected] #配置管理员邮箱 } notification_email_from root #配置发件人 smtp_server 127.0.0.1 #配置邮件服务器 smtp_connect_timeout 30 router_id LVS_M } vrrp_script check_schedown { script "[ -e /etc/keepalived/down ] && exit 1 || exit 0" intervar 1 weight -5 fail 2 rise 1 } vrrp_instance VI_1 { state MASTER #配置模式 interface eth0 virtual_router_id 99 priority 101 #配置优先级 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.3.28 #配置虚拟IP地址 } notify_master /etc/keepalived/to_master.sh #这里指定的是切换成master状态时要执行的通知脚本 notify_backup /etc/keepalived/to_backup.sh #这里指定的是切换成backup状态时要执行的通知脚本 notify_fault /etc/keepalived/to_fault.sh #这里指定的是切换成fault状态时要执行的通知脚本 track_script { check_schedown } } virtual_server 192.168.3.28 80 { delay_loop 6 lb_algo rr lb_kind DR nat_mask 255.255.255.0 #persistence_timeout 50 protocol TCP real_server 192.168.3.26 80 { #配置realaserver weight 1 HTTP_GET { #监控配置 url { path / status_code 200 } connect_timeout 2 nb_get_retry 3 delay_before_retry 1 } } real_server 192.168.3.27 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 2 nb_get_retry 3 delay_before_retry 1 } } sorry_server 127.0.0.1 80 }
重启所有的keepalived服务,让通知脚本参数生效
[root@lvs-keep-m ~]# service keepalived restart Stopping keepalived: [ OK ] Starting keepalived: [ OK ] [root@lvs-keep-s ~]# service keepalived restart Stopping keepalived: [ OK ] Starting keepalived: [ OK ]
重启后,测试通知脚本会不会生效,利用上文的down文件做测试
[root@lvs-keep-m ~]# touch /etc/keepalived/down [root@lvs-keep-m ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:95:79:20 brd ff:ff:ff:ff:ff:ff inet 192.168.3.24/24 brd 192.168.3.255 scope global eth0 inet6 fe80::20c:29ff:fe95:7920/64 scope link valid_lft forever preferred_lft forever #结果显示已VIP已经移除,切换成BACKUP状态了
查看邮件
我们再次删除/etc/keepalived/down文件
[root@lvs-keep-m ~]# rm -rf /etc/keepalived/down [root@lvs-keep-m ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:95:79:20 brd ff:ff:ff:ff:ff:ff inet 192.168.3.24/24 brd 192.168.3.255 scope global eth0 inet 192.168.3.28/32 scope global eth0 inet6 fe80::20c:29ff:fe95:7920/64 scope link valid_lft forever preferred_lft forever #结果表明删除down文件后,主机状态从BACKUP切换成MASTER状态,获取到VIP
查看邮件
从以上测试结果中,我们的状态切换脚本能够正常工作。