keepalived簡介
Keepalived的作用是檢測web服務器的狀態,如果有一臺web服務器死機,或工作出現故障,Keepalived將檢測到,並將有故障的web服務器從系統中剔除,當web服務器工作正常後Keepalived自動將web服務器加入到服務器羣中,這些工作全部自動完成,不需要人工干涉,需要人工做的只是修復故障的web服務器。
lvs簡介
LVS是Linux Virtual Server的簡寫,意即Linux虛擬服務器,是一個虛擬的服務器集羣系統。LVS集羣採用IP負載均衡技術和基於內容請求分發技術。調度器具有很好的吞吐率,將請求均衡地轉移到不同的服務器上執行,且調度器自動屏蔽掉服務器的故障,從而將一組服務器構成一個高性能的、高可用的虛擬服務器。整個服務器集羣的結構對客戶是透明的,而且無需修改客戶端和服務器端的程序。爲此,在設計時需要考慮系統的透明性、可伸縮性、高可用性和易管理性。
lvs-nat
多目標的DNAT,通過將請求報文中的目標地址和目標端口修改爲挑選出的某RS的RIP和PORT實現轉發;
1)RIP和DIP必須在同一IP網絡,且應該使用私有地址;RS的網絡要指向DIP(保證響應報文必須經由VS);
2)請求報文和響應報文都經由Director轉發,較高負載下,Director易於成爲系統性能瓶頸;
3)支持端口映射;
4)VS必須是Linux,RS可以是任意OS;
lvs-nat設計要點:
(1) DIP與RIP要在同一IP網絡,RIP的網關要指向DIP;
(2) 支持端口映射;
(3) 是否用到共享存儲取決業務需求;
keepalived提供高可用並監測後端服務器健康狀態
lvs提供負載均衡
這裏使用lvs-nat keepalived的主/備模型來搭建
實驗環境:
虛擬機:VMware Workstation 12.1 pro
操作系統:CentOS 7
keepalived-1.2.13-7.el7.x86_64
ipvsadm-1.27-7.el7.x86_64
httpd-2.4.6-40.el7.centos.x86_64
IP規劃:
DR-MASTER-外網IP:172.18.1.105
DR-BACKUP-外網IP:172.18.1.106
外網VIP:172.18.1.66
DR-MASTER-內網IP:192.168.10.1
DR-BACKUP-內網IP:192.168.10.2
RS1:192.168.10.11
RS2:192.168.10.12
RS1和RSS2的網關(內網VIP):192.168.10.254
實驗拓撲圖
開始前將所有主機的iptables和selinux關閉或者設置允許策略
systemctl stop iptables.service systemctl disable iptables.service setenforce 0 vim /etc/selinux/config SELINUX=disable
爲DR-MASTER和DR-BACKUP打開網卡轉發
vim /etc/sysctl.conf net.ipv4.ip_forward = 1 保存退出 sysctl -p cat /proc/sys/net/ipv4/ip_forward #結果爲1就OK
爲RS1、RS2配置IP地址和網關,並保證能ping通
yum -y install httpd
實驗中爲驗證效果,在RS1新建一個主頁爲/var/www/html/index.html內容如下:
<h1>RS-1</h1>
RS2中新建主頁爲/var/www/html/index.html,內容如下:
<h1>RS-2</h1>
DR-MASTER
yum -y install keepalived ipvsadm
更改keepalived配置文件(與DR-BACKUP配置文件僅幾處不同)
編輯 /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost #通知郵件
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id lvs-keepalived
}
!配置外網VIP
vrrp_instance VI_1 {
state MASTER #類型爲MASTER
interface eno16777736 網卡
virtual_router_id 51
priority 100 #優先級
advert_int 1
authentication {
auth_type PASS
auth_pass 1a2b3c
}
virtual_ipaddress {
172.18.1.66 dev eno16777736 label eno16777736:0 #虛擬地址,可以有多個
}
}
!配置內網VIP
vrrp_instance gateway{
state MASTER #類型爲MASTER
interface eno33554984 #網卡
virtual_router_id 70
priority 100 #優先級
advert_int 1
authentication {
auth_type PASS
auth_pass 1a2b3c
}
virtual_ipaddress {
192.168.10.254 dev eno33554984 label eno33554984:0 #虛擬地址
}
}
!配置外網VIP裏的Real Server
virtual_server 172.18.1.66 80 {
delay_loop 6
lb_algo rr
lb_kind NAT
nat_mask 255.255.255.0
persistence_timeout 50 #會話保持時間,單位是秒。也可以把這句話刪除,後面的測試裏就會看到差異了
protocol TCP
real_server 192.168.10.11 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.10.12 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}DR-BACKUP
yum -y install keepalived ipvsadm
修改 /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id lvs-keepalived-backup
}
!配置外網VIP
vrrp_instance VI_1 {
state BACKUP
interface eno16777736
virtual_router_id 51
priority 98
advert_int 1
authentication {
auth_type PASS
auth_pass 1a2b3c
}
virtual_ipaddress {
172.18.1.66 dev eno16777736 label eno16777736:0
}
}
!配置內網VIP
vrrp_instance gateway{
state BACKUP
interface eno33554984
virtual_router_id 70
priority 98
advert_int 1
authentication {
auth_type PASS
auth_pass 1a2b3c
}
virtual_ipaddress {
192.168.10.254 dev eno33554984 label eno33554984:0
}
}
!配置外網VIP裏的Real Server
virtual_server 172.18.1.66 80 {
delay_loop 6
lb_algo rr
lb_kind NAT
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 192.168.10.11 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.10.12 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}啓動keepalived服務
systemctl start keepalived.service
接下來測試
[root@bogon keepalived]# systemctl start keepalived.service #先啓動備路由 [root@bogon keepalived]# ifconfig eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.18.1.106 netmask 255.255.0.0 broadcast 172.18.255.255 inet6 fe80::20c:29ff:fed9:c0c3 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:d9:c0:c3 txqueuelen 1000 (Ethernet) RX packets 12467 bytes 5686965 (5.4 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 3552 bytes 245841 (240.0 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eno16777736:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.18.1.66 netmask 255.255.255.255 broadcast 0.0.0.0 ether 00:0c:29:d9:c0:c3 txqueuelen 1000 (Ethernet) eno33554984: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.10.2 netmask 255.255.255.0 broadcast 192.168.10.255 inet6 fe80::20c:29ff:fed9:c0cd prefixlen 64 scopeid 0x20<link> ether 00:0c:29:d9:c0:cd txqueuelen 1000 (Ethernet) RX packets 13069 bytes 1009235 (985.5 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 6025 bytes 444290 (433.8 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eno33554984:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.10.254 netmask 255.255.255.255 broadcast 0.0.0.0 ether 00:0c:29:d9:c0:cd txqueuelen 1000 (Ethernet) lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
接下來啓動DR-MASTER的keepalived服務,IP地址已經添加上了
[root@bogon ~]# ifconfig eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.18.1.105 netmask 255.255.0.0 broadcast 172.18.255.255 inet6 fe80::20c:29ff:fe57:f99c prefixlen 64 scopeid 0x20<link> ether 00:0c:29:57:f9:9c txqueuelen 1000 (Ethernet) RX packets 7915 bytes 5496002 (5.2 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 18153 bytes 1300968 (1.2 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eno16777736:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.18.1.66 netmask 255.255.255.255 broadcast 0.0.0.0 ether 00:0c:29:57:f9:9c txqueuelen 1000 (Ethernet) eno33554984: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.10.1 netmask 255.255.255.0 broadcast 192.168.10.255 inet6 fe80::20c:29ff:fe57:f9a6 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:57:f9:a6 txqueuelen 1000 (Ethernet) RX packets 11983 bytes 1511650 (1.4 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 24613 bytes 1769407 (1.6 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eno33554984:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.10.254 netmask 255.255.255.255 broadcast 0.0.0.0 ether 00:0c:29:57:f9:a6 txqueuelen 1000 (Ethernet) lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) RX packets 270 bytes 19719 (19.2 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 270 bytes 19719 (19.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
再次查看DR-BACKUP,已經沒有各VIP了
[root@bogon keepalived]# ifconfig eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.18.1.106 netmask 255.255.0.0 broadcast 172.18.255.255 inet6 fe80::20c:29ff:fed9:c0c3 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:d9:c0:c3 txqueuelen 1000 (Ethernet) RX packets 12959 bytes 5718561 (5.4 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 3661 bytes 257813 (251.7 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eno33554984: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.10.2 netmask 255.255.255.0 broadcast 192.168.10.255 inet6 fe80::20c:29ff:fed9:c0cd prefixlen 64 scopeid 0x20<link> ether 00:0c:29:d9:c0:cd txqueuelen 1000 (Ethernet) RX packets 13555 bytes 1044800 (1020.3 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 6194 bytes 456698 (445.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
測試網頁
在keepalived配置文件中設置了persistence_timeout 50 這個選項對動態網頁是非常有用的,爲集羣系統中的session共享提供了一個很好的解決方案。
所以,此次測試都是RS-2響應的。
[root@bogon ~]# curl 172.18.1.66 <h1>RS-2</h1> [root@bogon ~]# curl 172.18.1.66 <h1>RS-2</h1> [root@bogon ~]# curl 172.18.1.66 <h1>RS-2</h1> [root@bogon ~]# curl 172.18.1.66 <h1>RS-2</h1> [root@bogon ~]# curl 172.18.1.66 <h1>RS-2</h1> [root@bogon ~]# curl 172.18.1.66 <h1>RS-2</h1> [root@bogon ~]# curl 172.18.1.66 <h1>RS-2</h1> [root@bogon ~]#
將RS2服務關閉,並再次請求
[root@bogon ~]# curl 172.18.1.66 <h1>RS-1</h1> [root@bogon ~]# curl 172.18.1.66 <h1>RS-1</h1> [root@bogon ~]# curl 172.18.1.66 <h1>RS-1</h1> [root@bogon ~]# curl 172.18.1.66 <h1>RS-1</h1>
查看lvs,已經自動把RS2移除了
[root@bogon ~]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 172.18.1.66:80 rr persistent 50 -> 192.168.10.11:80 Masq 1 0 5 您在 /var/spool/mail/root 中有新郵件
因技術不是很好,難免有遺漏和錯誤之處,還請斧正