搭建Keepalived+LVS实现简单高可用
keepalived高可用集群介绍:
keepalived起初是专为LVS设计的,专门用来监控LVS集群系统中各个服务节点的状态,后来又加入了VRRP的功能,因此除了配置LVS服务外,也可以作为其他服务的高可用软件(Nginx Haproxy,MySQL,HTTP),VRRP是Virtual Redundancy Protocol(虚拟路由器冗余协议)
的缩写,VRRP出现的目的就是为了解决静态路由出现单点故障问题,它能够保证网络的不间断、稳定的运行。所以,keepalived一方面具有lvs cluster nodes healthchecks功能,另一方面也具有lvsdirectors failover功能
keepalived服务两大用途:healthcheck & failover
LVS directors failover功能:
实现LB master主机和backup主机之间故障转移和自动切换,这是针对有两个负载均衡器director同时工作而采取的故障转移错误,当主负载均衡器失效或故障时,备份负载均衡器将自动接管主的所有工作,一旦主的故障修复,master又会接管回他原来处理的工作,而备会释放master失效时它接管的工作,此时两者将恢复到最初各自的角色状态。
LVS cluster nodes heathcheck功能:
负载均衡定期检查RS的可用性决定是否给其分发请求,当虚拟服务器中的某一个甚至是几个真实服务器同时发生故障无法提供服务时,负载均衡器会自动将失效的RS从队列中清除,从而保证用户访问不受影响,当故障修复后,系统又会自动把他们加入到队列。
keepalived实现方式及原理
VRRP协议介绍:
VRRP协议,全称Virtual Redundancy Protocol(虚拟路由器冗余协议),VRRP出现的目的就是为了解决静态路由出现单点故障,VRRP是通过一种竞选协议机制来将路由任务交给某台VRRP路由器在一个VRRP虚拟路由器中,有多台物理的VRRP路由器,但是这多台物理的机器并不同时工作,而是由一台称为master的负责路由工作,其他的都是backup,master并非一成不变,VRRP协议让每个VRRP路由器参与竞选,最终获胜的就是master,master有一些特权,比如拥有VIP地址,我们的主机就是用这个IP地址作为静态路由的,拥有特权的master要负责转发发送给网关地址的包,和响应ARP请求。只有作为master的vrrp路由器会一直发送VRRP广告包,backup不会抢占master,除非它的优先级更高,当master不可用时,backup收不到广告包,多台backup中优先级最高的这台会抢占为master
总结:
1、VRRP协议,全称Virtual Redundancy Protocol(虚拟路由器冗余协议),VRRP出现的目的就是为了解决静态路由出现单点故障
2、VRRP是通过一种竞选协议机制来将路由任务交给某台VRRP路由器
3、VRRP是通过用IP多播的方式实现通信
4、主发包,备接收包,备接不到包的时候,接管主的资源,备可以有多个,通过优先级竞选
安装配置keepalived实现服务高可用
网络拓扑:
本实验环境使用4台虚拟机CentOS 6.5操作系统
虚拟机1:192.168.10.55 后端RS服务器,web服务器:nginx1.6.3
虚拟机2:192.168.10.56 后端RS服务器2 web服务器:nginx1.6.3
虚拟机3:192.168.10.57 LVS+keepalived-MASTER服务器:LVS-1.26 keepalived-1.1.19
虚拟机4:192.168.10.58 LV+keepalived-BACKUP服务器:LVS-1.26 keepalived-1.1.19
VIP:192.168.10.2/24
nginx的安装和配置这里不在写了,以下是lvs+keepalived的安装配置实现lvs的高可用功能
一、部署lvs
1、安装LVS模块
wget http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.26.tar.gz
ln -s /usr/src/kernels/2.6.18-194.el5-x86_64 /usr/src/linux
tar -zxvf ipvsadm-1.26.tar.gz
cd ipvsadm-1.26
make && make install
modprobe ip_vs
lsmod |grep "ip_vs"
如果显示下面的结果,表示ipvs安装成功
[root@LVS-2 keepalived-1.1.19]# lsmod |grep "ip_vs" ip_vs_rr 1420 1 ip_vs 125220 3 ip_vs_rr libcrc32c 1246 1 ip_vs ipv6 317340 156 ip_vs,ip6t_REJECT,nf_conntrack_ipv6,nf_defrag_ipv6
make报错解决:
libipvs.c:1051: error: ‘NL_OK’ undeclared (first use in this function)
libipvs.c: In function ‘ipvs_get_daemon’:
libipvs.c:1071: error: ‘NLM_F_DUMP’ undeclared (first use in this function)
libipvs.c:1072: error: too many arguments to function ‘ipvs_nl_send_message’
make[1]: *** [libipvs.o] Error 1
make[1]: Leaving directory `/usr/local/src/ipvsadm-1.26/libipvs'
make: *** [libs] Error 2
原因:ipvsadm1.26适用于kernel2.6.28及之后的内核版本,如果符合系统环境后,同样需要先安装依赖包 yum install libnl* popt*
2、配置LVS
ipvsadm -A -t 192.168.10.2:80 -s rr
ipvsadm -a -t 192.168.10.2:80 -r 192.168.10.55 -g -w 1
ipvsadm -a -t 192.168.10.2:80 -r 192.168.10.56 -g -w 1
二、在每台LVS服务器上安装部署keepalived
1、下载keepalived并安装依赖
cd /usr/local/src/
wget http://www.keepalived.org/software/keepalived-1.1.19.tar.gz
yum install openssl oepnssl-devel popt*
2、安装keepalived
ln -s /usr/src/kernels/2.6.32-358.el6.x86-64/ /usr/src/linux
configure --sysconf=/etc
cp /usr/local/sbin/keepalived /usr/sbin/
3、检查启动结果
ps -ef |grep keepalived
4、配置文件介绍
vim /etc/keepalived
! Configuration File for keepalived
global_defs { #全局设置,设置报警的收件人
notification_email {
}
notification_email_from [email protected] #设置发件人的邮箱
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL#这台keepalived的ID,相当于MySQL的serverid,不同的机器不同的ID
}
vrrp_instance VI_1 { #定义keepalived的一个实例
state MASTER #当前keepalived的状态,MASTER/BACKUP
interface eth0 #keepalived提供服务在哪个网络接口
virtual_router_id 51 #虚拟的路由ID,在两个keepalived之间相同的实例必须一样,在同一个keepalived里,和别的实例不能一样
priority 150 #优先级,建议主备之间相差间隔为50,优先级越高,在主故障的时候,谁就会优先竞选为master
advert_int 1 #高可用对之间接管的间隔,如果超过1秒没收到广告包,就接管master
authentication { #认证配置
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { #这里的VIP地址就会绑定在上面设置的网卡地址上
192.168.10.2/24
}
}
virtual_server 10.0.0.2 80 { #一个virtual_server是一个LVS实例,IP为LVS的VIP。
delay_loop 6
lb_algo wrr #指定负载均衡算法为wrr
lb_kind DR #指定LVS的模式为DR
nat_mask 255.255.255.0
persistence_timeout 300 #会话保持时间
protocol TCP
real_server 192.168.10.55 80 {#后端的RS设置
weight 1#权重
TCP_CHECK {#keepalived健康检查
connect_timeout 8#超时时间
nb_get_retry 3#重试次数
delay_before_retry 3 #失败的重试次数
connect_port 80#检查的端口
}
}
real_server 192.168.10.56 80 { #第二个RS设置
weight 1#权重
TCP_CHECK {connect_timeout 8
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
5、启动keepalived
service keepalived start
ps -ef |grep keepalived
root 3687 1 0 00:41 ? 00:00:00 keepalived -D
root 3689 3687 0 00:41 ? 00:00:00 keepalived -D
root 3690 3687 0 00:41 ? 00:00:00 keepalived -D
root 3961 1720 0 01:33 pts/0 00:00:00 grep keepalived
注意:另外192.168.10.58的lvs和keepalived安装步骤相同,就不再写安装步骤了,下面是192.168.10.58keepalived的配置文件
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.10.2/24
}
}
到此,LVS+KEEPALIVED安装配置完毕。下面是后端的RS,RS我使用的是nginx,也不在写安装配置步骤了。各位请自行配置好web软件
三、后端RS配置过程
在每台RS服务器上绑定虚拟IP
ifconfig lo:0 192.168.10.2/32 up
添加路由
route add -host 192.168.10.2 dev lo
抑制ARP操作
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
RS配置完毕,下面是测试。
启动keepalived
service keepalived start
使用命令查看master的VIP
[root@LVS ~]# ip add 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:25:66:25 brd ff:ff:ff:ff:ff:ff inet 192.168.10.57/24 brd 192.168.10.255 scope global eth0 inet 192.168.10.2/24 scope global secondary eth0 inet6 fe80::20c:29ff:fe25:6625/64 scope link valid_lft forever preferred_lft forever [root@LVS ~]#
这时,master服务正常,而backup的keepalived服务处于监听状态,所以backup上不会应用VIP,下面是backup,并没有192.168.10.2/24的VIP。
[root@LVS-2 keepalived-1.1.19]# ip add 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:00:07:69 brd ff:ff:ff:ff:ff:ff inet 192.168.10.58/24 brd 192.168.10.255 scope global eth0 inet6 fe80::20c:29ff:fe00:769/64 scope link valid_lft forever preferred_lft forever
停止master的keepalived之后,观察网页是否能正常打开,backup上的VIP状态
[root@LVS ~]# service keepalived stop Stopping keepalived: [ OK ] [root@LVS ~]# ip add 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:25:66:25 brd ff:ff:ff:ff:ff:ff inet 192.168.10.57/24 brd 192.168.10.255 scope global eth0 inet6 fe80::20c:29ff:fe25:6625/64 scope link valid_lft forever preferred_lft forever [root@LVS ~]#
master上的VIP:192.168.10.2已经没有了,下面的ping只超时了一个,可以知道keepalived在故障切换时的时间是很短的,对于用户来说更是感觉不到的。
下面是backup的keepalived状态
[root@LVS-2 keepalived-1.1.19]# ip add 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:00:07:69 brd ff:ff:ff:ff:ff:ff inet 192.168.10.58/24 brd 192.168.10.255 scope global eth0 inet 192.168.10.2/24 scope global secondary eth0 inet6 fe80::20c:29ff:fe00:769/64 scope link valid_lft forever preferred_lft forever [root@LVS-2 keepalived-1.1.19]#