keepalived做HA對後端有健康檢查,可通過發送郵件告知運維人員。
注意:主備機的id必須一致,master的優先級必須大於備機
實驗環境:rhel6.5 selinux and iptables disabled
HA主機: 192.168.2.138 192.168.2.135
real server: 192.168.2.116 192.168.2.160
virtual server:192.168.2.252
下載軟件包:keepalived-1.2.12
[root@server38 keepalived-1.2.12]# ./configure --prefix=/usr/local/keepalived
configure: error:
!!! OpenSSL is not properly installed on your system. !!!
!!! Can not include OpenSSL headers files. !!![root@server38 keepalived-1.2.12]# yum install openssl-devel -y
[root@server38 keepalived-1.2.12]# ./configure --prefix=/usr/local/keepalived
IPVS use libnl : No
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
SNMP support : No
SHA1 support : No
Use Debug flags : No
[root@server38 keepalived-1.2.12]# yum install libnl-devel -y
[root@server38 keepalived-1.2.12]# ./configure --prefix=/usr/local/keepalived
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
IPVS use libnl : Yes
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
看到5個yes即ok
編譯且安裝
[root@server38 keepalived-1.2.12]# make && make install
[root@server38 keepalived]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost#接收警報的 email 地址,可以添加多個
}
notification_email_from [email protected] #設置郵件的發送地址
smtp_server 127.0.0.1 #設置 smtp server 地址
smtp_connect_timeout 30 #設置連接 smtp 服務器超時時間
router_id LVS_DEVEL #load balancer 的標識 ID,用於 email 警報
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 38 #與備機的id必須一致
priority 100 #優先級必須大於備機
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.2.252 #virtual server
}
}
virtual_server 192.168.2.252 80 {
delay_loop 6
lb_algo rr
lb_kind DR
# persistence_timeout 50
protocol TCP
real_server 192.168.2.116 80 {
weight 1
TCP_CHECK{
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
real_server 192.168.2.160 80 {
weight 1
TCP_CHECK{
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@server38 local]# scp -r keepalived/ 192.168.2.135:/usr/local/
[root@server35 keepalived]# ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
[root@server35 keepalived]# ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
[root@server35 keepalived]# ln -s /usr/local/keepalived/etc/keepalived/ /etc/
[root@server35 keepalived]# ln -s /usr/local/keepalived/sbin/keepalived /sbin/
[root@server35 keepalived]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost#接收警報的 email 地址,可以添加多個
}
notification_email_from [email protected]#設置郵件的發送地址
smtp_server 127.0.0.1#設置 smtp server 地址
smtp_connect_timeout 30#設置連接 smtp 服務器超時時間
router_id LVS_DEVEL#load balancer 的標識 ID,用於 email 警報
}
vrrp_instance VI_1 {
state BACKUP #備機BACKUP,此狀態是由 priority 的值來決定的,若當前master的priority 的值小於備機的值,那麼將會失去 MASTER 狀態
interface eth0
virtual_router_id 38
priority 50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.2.252
}
}
virtual_server 192.168.2.252 80 {
delay_loop 6
lb_algo rr
lb_kind DR
# persistence_timeout 50
protocol TCP
real_server 192.168.2.116 80 {
weight 1
TCP_CHECK{
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
real_server 192.168.2.160 80 {
weight 1
TCP_CHECK{
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@server16 ~]# yum install arptables_jf
[root@server16 ~]# arptables -A IN -d 192.168.2.252 -j DROP
[root@server16 ~]# arptables -A OUT -s 192.168.2.252 -j mangle --mangle-ip-s 192.168.0.116
[root@server16 ~]# /etc/init.d/arptables_jf save
[root@server16 ~]# ifconfig eth0:1 192.168.2.252 netmask 255.255.255.255 up
[root@server16 ~]# echo server16.example.com >/var/www/html/index.html
[root@server16 ~]# /etc/init.d/httpd start
[root@server60 ~]# yum install arptables_jf -y
[root@server60 ~]# arptables -A IN -d 192.168.2.252 -j DROP
[root@server60 ~]# arptables -A OUT -s 192.168.2.252 -j mangle --mangle-ip-s 192.168.0.160
[root@server60 ~]# /etc/init.d/arptables_jf save
[root@server60 ~]# ifconfig eth0:1 192.168.2.252 netmask 255.255.255.255 up(此處的子網掩碼錶示不對外開放)
[root@server60 ~]# echo server60.example.com >/var/www/html/index.html
[root@server60 ~]# /etc/init.d/httpd start
[root@server38 local]# /etc/init.d/keepalived start
Starting keepalived: [ OK ]
[root@server38 local]# tail -f /var/log/messages
May 31 07:17:05 localhost Keepalived_healthcheckers[11443]: Configuration is using : 11339 Bytes
May 31 07:17:05 localhost Keepalived_vrrp[11444]: Using LinkWatch kernel netlink reflector...
May 31 07:17:05 localhost Keepalived_vrrp[11444]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]
May 31 07:17:05 localhost Keepalived_healthcheckers[11443]: Using LinkWatch kernel netlink reflector...
May 31 07:17:06 localhost Keepalived_vrrp[11444]: VRRP_Instance(VI_1) Transition to MASTER STATE
May 31 07:17:07 localhost Keepalived_vrrp[11444]: VRRP_Instance(VI_1) Entering MASTER STATE
May 31 07:17:07 localhost Keepalived_vrrp[11444]: VRRP_Instance(VI_1) setting protocol VIPs.
May 31 07:17:07 localhost Keepalived_healthcheckers[11443]: Netlink reflector reports IP 192.168.2.252
[root@server38 local]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:61:4e:92 brd ff:ff:ff:ff:ff:ff
inet 192.168.2.138/24 brd 192.168.2.255 scope global eth0
inet 192.168.2.252/32 scope global eth0
inet6 fe80::5054:ff:fe61:4e92/64 scope link
valid_lft forever preferred_lft forever
測試:
http://192.168.2.252
刷新出現輪詢界面即可
檢測keepalived對後端的檢查狀況:
[root@server16 ~]# /etc/init.d/httpd stop
刷新界面,一直出現server60的測試頁面,並且無其他報錯則證明keepalived對後端具有健康檢查
查看郵件:
[root@server38 keepalived]# mail
Heirloom Mail version 12.4 7/29/08. Type ? for help.
"/var/spool/mail/root": 6 messages 5 new 6 unread
U 1 Mail Delivery System Sat May 31 07:32 73/2357 "Undelivered Mail Returned to Sender"
>N 2 keepalived@server38. Sat May 31 08:09 17/645 "[LVS_DEVEL] Realserver [192.168.2.160]:80 - DOWN"
N 3 keepalived@server38. Sat May 31 08:11 17/645 "[LVS_DEVEL] Realserver [192.168.2.160]:80 - DOWN"
N 4 keepalived@server38. Sat May 31 08:13 17/645 "[LVS_DEVEL] Realserver [192.168.2.160]:80 - DOWN"
N 5 keepalived@server38. Sat May 31 08:14 17/645 "[LVS_DEVEL] Realserver [192.168.2.160]:80 - DOWN"
N 6 keepalived@server38. Sat May 31 08:15 17/644 "[LVS_DEVEL] Realserver [192.168.2.160]:80 - UP"
添加ftp服務:
ftp服務必須加persistent選項
[root@server16 ~]# yum install vsftpd -y
[root@server60 ~]# yum install vsftpd -y
編輯測試頁面:
[root@server16 ~]# touch /var/ftp/server16
[root@server60 ~]# touch /var/ftp/server60
[root@server16 ~]# /etc/init.d/vsftpd start
[root@server60 ~]# /etc/init.d/vsftpd start
在主備LB上添加如下內容:
[root@server38 keepalived]# cat keepalived.conf
virtual_server 192.168.2.252 21 {
delay_loop 3
lb_algo rr
lb_kind DR
persistence_timeout 100
protocol TCP
real_server 192.168.2.116 21 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.2.160 21 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@server38 keepalived]# /etc/init.d/keepalived stop
[root@server35 keepalived]# /etc/init.d/keepalived stop
[root@server38 keepalived]# /etc/init.d/keepalived start
[root@server35 keepalived]# /etc/init.d/keepalived start
[root@server38 keepalived]# ipvsadm -L
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.2.252:ftp rr persistent 100
-> 192.168.2.116:ftp Route 1 0 1
-> 192.168.2.160:ftp Route 1 0 0
TCP 192.168.2.252:http rr
-> 192.168.2.116:http Route 1 0 0
-> 192.168.2.160:http Route 1 0 0
測試:
[root@cun Desktop]# lftp 192.168.2.252
lftp 192.168.2.252:~> ls
drwxr-xr-x 2 0 0 4096 Feb 12 2013 pub
-rw-r--r-- 1 0 0 0 May 31 00:08 server16
等待100秒,再次訪問vip的21端口時,會出現以下內容:
[root@cun Desktop]# lftp 192.168.2.252
lftp 192.168.2.252:~> ls
drwxr-xr-x 2 0 0 4096 Feb 12 2013 pub
-rw-r--r-- 1 0 0 0 May 31 00:08 server60