前言
前面介紹過LVS實現負載均衡,通過不同的算法進行調度請求。LVS有一個缺點就是如果後面有一臺RSdown了,LVS服務器是無法發現的,調度還是正常進行調度。如果是在實際生產環境中,就會導致有一部分用戶無法正常訪問。還有一個不足之初LVS本身萬一down機了,怎麼辦呢?LVS雖然很強大,但是功能比較少。這裏給大家介紹和LVS絕配的一個軟件:keepalived。它既能對IPVS做高可用,還可以最RS對健康性檢查,作用有點像ldirectord,但是功能更強大。
keepalived:
vrrp協議的軟件實現,原生設計目的爲了高可用ipvs服務。
功能:
1、vrrp協議完成地址流動
2、爲vip地址所在的節點生成ipvs規則(在配置文件中預先定義)
3、爲ipvs集羣的各RS做健康狀態檢測
4、基於腳本調用接口通過執行腳本完成腳本中定義的功能,進而影響集羣事務,以此支持nginx、haproxy等服務
注意事項:
(1) 各節點時間必須同步:ntp, chrony
(2) 確保iptables及selinux不會成爲阻礙
(3) 各節點之間可通過主機名互相通信(對KA並非必須),建議使用/etc/hosts文件實現
(4) 各節點之間的root用戶可以基於密鑰認證的ssh服務完成互相通信(對KA並非必須)
環境準備:
兩臺Keepalived服務器虛擬成一個網絡組,對外提供服務。虛擬的IP在實際生產中應爲公網IP。
2臺Keepalived配置,要注意主必須不同的地方(router_id 、state、priority、weight)
]#yum install -y keepalived ]#vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { } notification_email_from <===配置報警郵件地址 smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id node1 <===主機名,在另一結點爲node2 vrrp_mcast_group4 224.100.100.100 <===組播地址 } vrrp_instance VI_1 { <===一個vrrp虛擬路由器 state MASTER <===在另一個結點上爲BACKUP,一個主,一個備 interface eth0 <===虛擬組ip綁定的接口 virtual_router_id 22 <===多個節點必須相同 priority 100 <===優先級,主必須高於備, advert_int 1 authentication { auth_type PASS <===預共享密鑰認證 auth_pass 0fef0348 <===隨機密碼較爲安全:openssl rand -hex|-base64 4|12,僅前8位有效 } virtual_ipaddress { 192.168.32.99/24 <===虛擬的公網IP } notify_master "/etc/keepalived/tongzhi.sh master" <===當主備之間切換的時候發郵件通知,腳本內容見後面 notify_backup "/etc/keepalived/tongzhi.sh backup" notify_fault "/etc/keepalived/tongzhi.sh fault" } virtual_server 192.168.32.99 80 { delay_loop 6 <===服務輪詢的時間間隔 lb_algo wrr <===定義調度方法:rr|wrr|lc|wlc|lblc|sh|dh lb_kind DR <===集羣的類型:NAT|DR|TUN protocol TCP <====服務協議,僅支持TCP sorry_server 127.0.0.1 80 <===所有RS故障時,備用服務器地址 real_server 192.168.32.9 80 { <===定義RS weight 2 <===權重 HTTP_GET { url { path /index.html <===定義要監控的URL status_code 200 <===判斷上述檢測機制爲健康狀態的響應碼 } connect_timeout 3 <===連接請求的超時時長 nb_get_retry 3 <===重試次數 delay_before_retry 3 <===重試之前的延遲時長 } } real_server 192.168.32.10 80 { weight 1 HTTP_GET { url { path /index.html status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } ]#cat tongzhi.sh #!/bin/bash notify() { mailsubject="$(hostname) to be $1, vip floating" mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1" echo "$mailbody" | mail -s "$mailsubject" $contact } case $1 in master) notify master ;; backup) notify backup ;; fault) notify fault ;; *) echo "Usage: $(basename $0) {master|backup|fault}" exit 1 ;; esac
RS上配置DR模式
]#cat lvs_rs.sh #!/bin/bash vip=192.168.32.99 <===虛擬的公網IP地址 mask='255.255.255.255' dev=lo:1 rpm -q httpd &> /dev/null || yum -y install httpd &>/dev/null service httpd start &> /dev/null && echo "The httpd Server is Ready!" echo "<h1>`hostname`</h1>" > /var/www/html/index.html case $1 in start) echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce ifconfig $dev $vip netmask $mask broadcast $vip up #route add -host $vip dev $dev echo "The RS Server is Ready!" ;; stop) ifconfig $dev down echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce echo "The RS Server is Canceled!" ;; *) echo "Usage: $(basename $0) start|stop" exit 1 ;; esac
測試:ipvs的規則自動添加進去,當其中一臺Keepalived故障後,備份服務器會自動配上虛擬公網IP,提供服務;當RS某一臺出現故障時,會自動從規則中刪除,恢復正常後會自動加入。在一定範圍內實現了高可用。
]#ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.32.99:80 wrr -> 192.168.32.9:80 Route 2 0 0 -> 192.168.32.10:80 Route 1 0 0 ]#tcpdump -i eth0 -nn host 224.100.100.100 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 17:44:23.381450 IP 192.168.32.111 > 224.100.100.100: VRRPv2, Advertisement, vrid 22, prio 100, authtype simple, intvl 1s, length 20 17:44:24.383358 IP 192.168.32.111 > 224.100.100.100: VRRPv2, Advertisement, vrid 22, prio 100, authtype simple, intvl 1s, length 20
記錄日誌:
]#vim /etc/sysconfig/keepalived KEEPALIVED_OPTIONS="-D -S 2" ]#vim /etc/rsyslog.conf local2.* /var/log/keepalived.log ]#systemctl restart rsyslog