友情提醒:本文實驗環境 centos 6.6 X86_64 + vmware 10,文中命令請謹慎使用
一 關於keepalived的理論
待補
二 實驗拓撲和實驗環境設定:
主機 | 主機名和IP | 角色 |
Test06 | Test06.lijun.com eth2:172.16.100.6/24 | 後臺web服務器,提供HTTPD服務 |
Test07 | Test07.lijun.com eth2:172.16.100.7/24 | 後臺web服務器,提供HTTPD服務 |
Test03 | Test03.lijun.com eth1:192.168.100.3/24 eth2:172.16.100.3/24 | 前臺調度器 |
Test04 | Test04.lijun.com eth1:192.168.100.4/24 eth2:172.16.100.4/24 | 前臺調度器 |
client | 192.168.100.100/24 | 測試機 |
IP:192.168.100.10/24 虛擬的後臺web資源IP,是client訪問的唯一地址 IP:172.16.100.10/24 下文lvs高可用時虛擬的DIP地址 |
實驗拓撲:
三 keepalived實現LVS調度器高可用
*lvs使用NET網絡模型
1)後臺web服務器設定:
Test07上:
#關閉iptables和selinux防止干擾實驗 [root@Test07 ~]#serivce iptables stop [root@Test07 ~]#setenforce 0 #設定ip [root@Test07 ~]#ip link set up dev eth2 [root@Test07 ~]#ip addr 172.16.100.7/24 dev eth2 #因做的lvs的nat模型,故設定該路由 [root@Test07 ~]#ip route add default via 172.16.100.10 #安裝httpd軟件,並設定主頁內容 [root@Test07 ~]#yum -y install httpd [root@Test07 ~]#echo "<h1>Test07,ip address is 100.7</h1>">/var/www/html/index.html #啓動httpd服務 [root@Test07 ~]#service httpd start
Test06 上:
#同上不解釋 [root@Test06 ~]#serivce iptables stop [root@Test06 ~]#setenforce 0 [root@Test06 ~]#ip link set up dev eth2 [root@Test06 ~]#ip addr 172.16.100.6/24 dev eth2 [root@Test06 ~]#ip route add default via 172.16.100.10 [root@Test06 ~]#yum -y install httpd [root@Test06 ~]#echo "<h1>This is Test06,my ip address is 172.16.100.6</h1>">/var/www/html/index.html [root@Test06 ~]#service httpd start
2)Test03調度器環境的設定:
#關閉iptables和selinux放置干擾實驗,另做爲lvs調度器必須清空input鏈規則 [root@Test03 ~]#service iptables stop [root@Test03 ~]#setenforce 0 #因爲做lvs nat模型調度器故設定IPv4的數據包轉發 [root@Test03 ~]#echo 1>/proc/sys/net/ipv4/ip_forward #設定IP地址 [root@Test03 ~]#ip addr add 172.16.100.3/24 dev eth2 [root@Test03 ~]#ip addr add 192.168.100.3/24 dev eth1 #增加kpadmin用戶,用來接受郵件使用 [root@Test03 ~]#useradd kpadmin [root@Test03 ~]#echo 'redhat' | passwd --stdin kpadmin
測試同後臺web服務器的連通性:
3)Test03上keepalived的設定:
#從centos6.4開始keepalive就成爲系統安裝樹的成員,這樣使用yum直接安裝 [root@Test03 ~]#yum -y install keepalived [root@Test03 ~]# cd /etc/keepalived/ #備份配置文件,這是一個好習慣 [root@Test03 keepalived]# cp keepalived.conf{,.bak}
[root@Test03 keepalived]#vim keepalived.conf ! Configuration File for keepalived #全局設定,關於警示郵件的發送設定 global_defs { notification_email { [email protected] } notification_email_from [email protected] smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id LVSFOR80 } #定義對lvs調度器本身的檢查方式 vrrp_script chk_mt_down { script "[[ -f /var/lock/subsys/lvsdown ]] && exit 1 || exit 0" interval 1 weight -5 } #定義vrrp虛擬資源組,很明顯這臺機器做主節點 vrrp_instance VI_1 { state MASTER interface eth1 virtual_router_id 57 priority 100 advert_int 1 authentication { auth_type PASS auth_pass VI1pass } #因爲是lvs nat模型,故這裏的資源IP設定2個一個是vip一個是dip virtual_ipaddress { 192.168.100.10/24 dev eth1 label eth1:0 172.16.100.10/24 dev eth2 label eth2:0 } track_script { chk_mt_down } } #這裏定義lvs的集羣 virtual_server 192.168.100.10 80 { delay_loop 6 lb_algo rr lb_kind NAT nat_mask 255.255.255.0 protocol TCP real_server 172.16.100.6 80 { weight 1 #使用HTTP_GET方式檢查後臺服務器的存活 HTTP_GET { url { path /index.html status_code 200 } connect_timeout 2 nb_get_retry 3 delay_before_retry 1 } } real_server 172.16.100.7 80 { weight 1 HTTP_GET { url { path /index.html status_code 200 } connect_timeout 2 nb_get_retry 3 delay_before_retry 1 } } } [root@Test03 keepalived]#service keepalived start
觀察資源Ip的設定:
4)Test04調度器上環境設定:
#同上2)不解釋 [root@Test04 ~]#service iptables stop [root@Test04 ~]#setenforce 0 [root@Test04 ~]#echo 1>/proc/sys/net/ipv4/ip_forward [root@Test04 ~]#ip addr add 172.16.100.4/24 dev eth2 [root@Test04 ~]#ip addr add 192.168.100.4/24 dev eth1 [root@Test04 ~]#useradd kpadmin [root@Test04 ~]#echo 'redhat' | passwd --stdin kpadmin
5)Test04上keepalived的設定:
[root@Test04 ~]#yum -y install keepalived #爲保證配置文件中特殊部分的設定,這裏直接copyTest03的配置,並進行更改 [root@Test04 ~]#scp 192.168.100.3:/etc/keepalived/keepalived.conf /etc/keepalived/
[root@Test04 ~]#vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { [email protected] } notification_email_from [email protected] smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id LVSFOR80 } vrrp_script chk_mt_down { script "[[ -f /var/lock/subsys/lvsdown ]] && exit 1 || exit 0" interval 1 weight -5 } #Test03是主節點,這臺Test04做輔助節點使用 vrrp_instance VI_1 { state BACKUP interface eth1 virtual_router_id 57 priority 100 advert_int 1 authentication { auth_type PASS auth_pass VI1pass } virtual_ipaddress { 192.168.100.10/24 dev eth1 label eth1:0 172.16.100.10/24 dev eth2 label eth2:0 } track_script { chk_mt_down } } virtual_server 192.168.100.10 80 { delay_loop 6 lb_algo rr lb_kind NAT nat_mask 255.255.255.0 protocol TCP real_server 172.16.100.6 80 { weight 1 HTTP_GET { url { path /index.html status_code 200 } connect_timeout 2 nb_get_retry 3 delay_before_retry 1 } } real_server 172.16.100.7 80 { weight 1 HTTP_GET { url { path /index.html status_code 200 } connect_timeout 2 nb_get_retry 3 delay_before_retry 1 } } } [root@Test04 ~]#service keepalived start
6)客戶端訪問觀察:
7)在主節點Test03上建立lvsdown文件觀察資源IP的轉移情況
8)客戶端訪問測試:
9)在主節點Test03上刪除lvsdown文件,觀察資源IP的是否會轉移:
10)將後臺web服務停止一臺,看下客戶端通過lvs能訪問什麼呢:
四 keepalived 實現nginx代理調度器的高可用
*這裏nginx只實現簡單的代理功能
實驗環境接上文
11)設定nginx 的代理功能:
nginx的安裝這裏忽略,請自行準備,這裏給出nginx的配置文件,莫噴我,懶!!!
Test03,Test04上均安裝nginx,均使用下面的配置文件
# grep -E -v '(^[[:space:]]{0,}#|^$)' /usr/local/nginx/conf/nginx.conf worker_processes 1; events { worker_connections 1024; } http { upstream backwebserver { server 172.16.100.6 weight=1; server 172.16.100.7 weight=1; } include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; server { listen 80; server_name localhost; location / { proxy_pass http://backwebserver/; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } } #/usr/local/nginx/sbin/nginx
12)Test03上的設定keepalived
#恢復機器環境 [root@Test03 ~]#echo 0 > /proc/sys/net/ipv4/ip_forward [root@Test03 ~]#ifconfig down eth1 [root@Test03 ~]#ifconfig eth1 192.168.100.3 netmask 255.255.255.0 up [root@Test03 ~]#ifconfig down eth2 [root@Test03 ~]#ifconfig eth2 172.16.100.3 netmask 255.255.255.0 up [root@Test03 ~]#service keepalived stop [root@Test03 ~]# ipvsadm -C
#恢復keepalive的主機環境 [root@Test03 ~]#cd /etc/keepalived/ [root@Test03 keepalived]#rm -rf keepalived.conf [root@Test03 keepalived]#cp keepalived.conf.bak keepalived.conf
#從新定義keepalived
[root@Test03 keepalived]# vim keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
kpadmin@localhost
}
notification_email_from kaadmin@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVSFOR80
}
#這是定義對nginx的檢測,並做爲資源IP是否轉移的依據
vrrp_script chk_nginx {
script "killall -0 nginx &> /dev/null"
interval 1
weight -5
}
vrrp_instance no1 {
state MASTER
interface eth1
virtual_router_id 57
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass VI1pass
}
virtual_ipaddress {
192.168.100.10/24 dev eth1 label eth1:0
}
track_script {
chk_nginx
}
#這裏定義了2個命令,根據nginx的檢查結果來執行,使用的腳本見下文
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
}
#定義腳本,實現當nginx狀態改變後,發送郵件通知
[root@Test03 keepalived]#touch notify.sh && chmod +x notify.sh
[root@Test03 keepalived]# vim notify.sh
#!/bin/bash
#The scripts userd for send mail when nginx change the state
vip=192.168.100.10
contact='kpadmin@localhost'
notify() {
mailsubject="`hostname` to be $1: $vip floating"
mailbody="`date '+%F %H:%M:%S'`: vrrp transition, `hostname` changed to be $1"
echo $mailbody | mail -s "$mailsubject" $contact
}
case "$1" in
master)
notify master
exit 0
;;
backup)
notify backup
exit 0
;;
*)
echo 'Usage: `basename $0` {master|backup}'
exit 1
;;
esac
[root@Test03 keepalived]# service keepalived start
13)Test04上的設定
#恢復環境設定
[root@Test04 ~]#echo 0 > /proc/sys/net/ipv4/ip_forward [root@Test04 ~]#ifconfig down eth1 [root@Test04 ~]#ifconfig eth1 192.168.100.4 netmask 255.255.255.0 up [root@Test04 ~]#ifconfig down eth2 [root@Test04 ~]#ifconfig eth2 172.16.100.4 netmask 255.255.255.0 up [root@Test04 ~]#service keepalived stop [root@Test04 ~]# ipvsadm -C [root@Test04 ~]#cd /etc/keepalived/ [root@Test04 keepalived]#rm -rf keepalived.conf [root@Test04 keepalived]#cp keepalived.conf.bak keepalived.conf
#從新定義keepalived
[root@Test04 keepalived]# vim keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
kpadmin@localhost
}
notification_email_from kaadmin@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVSFOR80
}
vrrp_script chk_nginx {
script "killall -0 nginx &> /dev/null"
interval 1
weight -5
}
vrrp_instance no1 {
state BACKUP
interface eth1
virtual_router_id 57
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass VI1pass
}
virtual_ipaddress {
192.168.100.10/24 dev eth1 label eth1:0
}
track_script {
chk_nginx
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
}
[root@Test04 keepalived]# vim notify.sh
#!/bin/bash
#The scripts userd for send mail when nginx change the state
vip=192.168.100.10
contact='kpadmin@localhost'
notify() {
mailsubject="`hostname` to be $1: $vip floating"
mailbody="`date '+%F %H:%M:%S'`: vrrp transition, `hostname` changed to be $1"
echo $mailbody | mail -s "$mailsubject" $contact
}
case "$1" in
master)
notify master
exit 0
;;
backup)
notify backup
exit 0
;;
*)
echo 'Usage: `basename $0` {master|backup}'
exit 1
;;
esac
[root@Test04 keepalived]# service keepalived start
14)客戶端測試:
15)停止主節點上nginx服務,觀察資源IP的轉移:
16)觀察是否有郵件提醒:
17)啓動Test03上的nginx看資源IP的情況
這兩天在搞python的面向對象的編程,文章寫的有點糙,見諒!!