原創作品,允許轉載,轉載時請務必以超鏈接形式標明文章原始出處、作者信息和本聲明。否則將追究法律責任。http://502245466.blog.51cto.com/7559397/1302343
概述
隨着近年來互聯網的快速發展;而衆多需要提供給用戶訪問的WEB服務器,必須保證每天24小時不間斷的提供服務,隨着訪問量的增加,又有哪些好的WEB構架能實現高可用負載均衡,而且又是免費的呢?答案是肯定是有了,而這種架構就是LVS+Keepalived
Keepalived簡介
什麼是Keepalived:keepalived可以實現服務的高可用或熱備,用來防止單點故障的問題;而Keepalived的核心VRRP協議,VRRP協議主要實現了在路由器或三層交換機處的冗餘;Keepalived就是使用VRRP協議來實現高可用的;下面一起來看一下Keepalived的原理圖:
Keepalived啓動後會有三個進程:
父進程:內存管理,子進程管理
子進程:VRRP子進程
子進程:healthchecker子進程
由上圖可知:兩個子進程都被系統WatchDog看管,兩個子進程各自複雜自己的事,healthchecker子進程複雜檢查各自服務器的健康程度,例如HTTP,LVS等,如果healthchecker子進程檢查到MASTER上服務不可用了,就會通知本機上的VRRP子進程,讓他刪除通告,並且去掉虛擬IP,轉換爲BACKUP狀態
環境介紹:
系統版本:CentOS 6_x86_64
LVS_DR模式:WEB1與WEB2服務器的網關不能設置爲LVS調度器
一、安裝配置LVS+Keepalived
1、在Master與Backup服務器上分別安裝Ipvsadm、Keepalived軟件包、這裏使用的是rpm包安裝方式
1 2 3 | [root@master ~]# yum -y install ipvsadm keepalived [root@backup ~]# yum -y install ipvsadm keepalived 註釋:這裏安裝Ipvsadm工具主要是爲了查看lvs規則使用,不安裝ipvsadm工具也能成功配置規則,但不方式查看 |
2、修改Master的主配置文件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 | [root@master ~]# vim /etc/keepalived/keepalived.conf ! Configuration File forkeepalived global_defs { notification_email { #設置報警通知郵件地址,可以設置多個 root@localhost } notification_email_from [email protected] #設置郵件的發送地址 smtp_server 127.0.0.1 #設置smtp server的地址,該地址必須是存在的 smtp_connect_timeout 30 #設置連接smtp server的超時時間 router_id LVS_ALLEN #運行Keepalived服務器的標識,發郵件時顯示在郵件標題中的信息 } vrrp_instance lvs_allen { #定義VRRP實例,實例名自定義 state MASTER #指定Keepalived的角色,MASTER爲主服務器,BACKUP爲備用服務器 interface eth0 #指定HA監測的接口 virtual_router_id 68 #虛擬路由標識,這個標識是一個數字(1-255),在一個VRRP實例中主備服務器ID必須一樣 priority 100 #優先級,數字越大優先級越高,在一個實例中主服務器優先級要高於備服務器 advert_int 1 #設置主備之間同步檢查的時間間隔單位秒 authentication { #設置驗證類型和密碼 auth_type PASS #驗證類型有兩種{PASS|HA} auth_pass 1689 #設置驗證密碼,在一個實例中主備密碼保持一樣 } virtual_ipaddress { #定義虛擬IP地址,可以有多個,每行一個 172.16.14.10 } } virtual_server 172.16.14.10 80 { #設置虛擬服務器,需要指定虛擬IP與服務端口,用空格分隔 delay_loop 6 #設置健康狀態檢查時間,單位爲秒 lb_algo rr #設置負載高度算法,rr爲輪詢 lb_kind DR #設置LVS實現負載均衡的機制,可以爲{NAT|TUN|DR}三種 nat_mask 255.255.0.0 #設置掩碼 persistence_timeout 50 #會話保持時間,單位爲秒;這個選項對於動態網頁是非常有用的,爲集羣系統中session共享提供了一個很好的解決方案 protocol TCP #指定轉發協議類型可以設置{TCP|UDP}兩種 real_server 172.16.14.3 80 { #服務服務節點,需要指定Real_server的IP與端口,用空格分隔 weight 1 #配置服務節點的權重,數字越大,權重越高 HTTP_GET { #設置檢測Realserver的方式爲Http協議 url { path / status_code 200 #設定返回狀態碼爲200表示Realserver是存活的 } connect_timeout 3 #設置響應超時時間 nb_get_retry 3 #設置超時重試次數 delay_before_retry 3 #設置超時後重試間隔 } } real_server 172.16.14.4 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } |
3、將Master服務器上的主配置文件拷貝到Backup服務器稍作修改
1 2 3 4 5 | [root@backup ~]# scp 172.16.14.1:/etc/keepalived/keepalived.conf /etc/keepalived/ ######修改如下兩項 [root@backup ~]# vim /etc/keepalived/keepalived.conf state BACKUP priority 98 |
4、啓動兩臺服務器上的Keepalived服務並設置爲開機自啓動
1 2 3 4 5 6 7 8 9 10 11 12 13 | ######MASER服務器 [root@master ~]# service keepalived start Starting keepalived: [ OK ] [root@master ~]# chkconfig keepalived on [root@master ~]# chkconfig --list keepalived keepalived 0:off 1:off 2:on 3:on 4:on 5:on 6:off ######BACKUP服務器 [root@backup ~]# vim /etc/keepalived/keepalived.conf [root@backup ~]# service keepalived start Starting keepalived: [ OK ] [root@backup ~]# chkconfig keepalived on [root@backup ~]# chkconfig --list keepalived keepalived 0:off 1:off 2:on 3:on 4:on 5:on 6:off |
5、開啓Master與Backup服務器的路由轉發功能
1 2 3 4 | [root@master ~]# sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf [root@backup ~]# sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf ######執行如下命令使其生效 sysctl -p |
二、安裝Httpd並設置好Realserver
1、爲後端服務器WEB1安裝Httpd服務並啓動服務,這裏使用的rpm包安裝
1 2 3 4 5 6 7 | [root@web1 ~]# yum -y install httpd ######爲web1提供測試頁 [root@web1 ~]# echo '<h1>WEB1 http://502245466.blog.51cto.com</h1>' > /var/www/html/index.html [root@web1 ~]# service httpd start [root@web1 ~]# chkconfig httpd on [root@web1 ~]# chkconfig --list httpd httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off |
2、訪問測試WEB1服務器
3、爲後端服務器WEB2安裝Httpd服務並啓動服務,這裏使用的rpm包安裝
1 2 3 4 5 6 7 | [root@web2 ~]# yum -y install httpd ######爲web2提供測試頁 [root@web2 ~]# echo '<h1>WEB2 http://502245466.blog.51cto.com</h1>' > /var/www/html/index.html [root@web2 ~]# service httpd start [root@web2 ~]# chkconfig httpd on [root@web2 ~]# chkconfig --list httpd httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off |
4、訪問測試WEB2服務器
5、爲兩臺Realserver提供Sysv格式的腳本來自動修改內核參數與虛擬IP並運行腳本
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 | [root@web1 ~]# vim /etc/init.d/lvs #!/bin/bash #ALLEN http://502245466.blog.51cto.com # chkconfig: - 88 66 # Script to start LVS DR real server. # description: LVS DR real server # . /etc/rc.d/init.d/functions VIP=172.16.14.10 host=`/bin/hostname` case"$1"in start) # Start LVS-DR real server on this machine. /sbin/ifconfiglo down /sbin/ifconfiglo up echo1 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo2 > /proc/sys/net/ipv4/conf/lo/arp_announce echo1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo2 > /proc/sys/net/ipv4/conf/all/arp_announce /sbin/ifconfiglo:0 $VIP broadcast $VIP netmask 255.255.255.255 up /sbin/routeadd -host $VIP dev lo:0 ;; stop) # Stop LVS-DR real server loopback device(s). /sbin/ifconfiglo:0 down echo0 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo0 > /proc/sys/net/ipv4/conf/lo/arp_announce echo0 > /proc/sys/net/ipv4/conf/all/arp_ignore echo0 > /proc/sys/net/ipv4/conf/all/arp_announce ;; status) # Status of LVS-DR real server. islothere=`/sbin/ifconfiglo:0 | grep$VIP` isrothere=`netstat-rn | grep"lo:0"| grep$VIP` if[ ! "$islothere"-o ! "isrothere"];then # Either the route or the lo:0 device # not found. echo"LVS-DR real server Stopped." else echo"LVS-DR real server Running." fi ;; *) # Invalid entry. echo"$0: Usage: $0 {start|status|stop}" exit1 ;; esac 註釋:腳本中的VIP定義的是虛擬IP地址 ==================================================================== [root@web1 ~]# chmod +x /etc/init.d/lvs [root@web1 ~]# chkconfig --add lvs [root@web1 ~]# chkconfig lvs on [root@web1 ~]# chkconfig --list lvs lvs 0:off 1:off 2:on 3:on 4:on 5:on 6:off [root@web1 ~]# service lvs start [root@web1 ~]# service lvs status LVS-DR real server Running. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ######爲WEB2提供腳本 [root@web2 ~]# scp -p 172.16.14.3:/etc/init.d/lvs /etc/init.d/ [root@web2 ~]# chkconfig --add lvs [root@web2 ~]# chkconfig lvs on [root@web2 ~]# chkconfig --list lvs lvs 0:off 1:off 2:on 3:on 4:on 5:on 6:off [root@web2 ~]# service lvs start [root@web2 ~]# service lvs status LVS-DR real server Running. |
三、驗證服務
1、查看當前Master服務器的IP地址及LVS規則
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | [root@master ~]# ip addr show eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether00:0c:29:2c:1a:24 brd ff:ff:ff:ff:ff:ff inet 172.16.14.1/16brd 172.16.255.255 scope global eth0 inet 172.16.14.10/32scope global eth0 inet6 fe80::20c:29ff:fe2c:1a24/64scope link valid_lft forever preferred_lft forever ######由上可見虛擬IP地址已經在Master主機上啓動 ======================================================================== [root@master ~]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 172.16.14.10:80 rr persistent 50 -> 172.16.14.3:80 Route 1 0 0 -> 172.16.14.4:80 Route 1 0 0 ######從規則中可以看出虛擬IP與Port及調度算法爲rr;其中有兩個Realserver |
2、訪問測試服務器是否正常提供服務
由上可知,使用的是rr調度算法,在訪問測試時可能需要多訪問幾次或換個瀏覽器來測試訪問
3、模擬Master服務器出現故障,將Master主機上的Keepalived服務停止,查看Backup服務器是否接管所有服務
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 | [root@master ~]# service keepalived stop Stopping keepalived: [ OK ] ---------------------------------------------------------------------- [root@master ~]# ip addr show eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether00:0c:29:2c:1a:24 brd ff:ff:ff:ff:ff:ff inet 172.16.14.1/16brd 172.16.255.255 scope global eth0 inet6 fe80::20c:29ff:fe2c:1a24/64scope link valid_lft forever preferred_lft forever ---------------------------------------------------------------------- [root@master ~]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn ######由上可見Master服務器上已刪除虛擬IP與LVS規則 ====================================================================== [root@backup ~]# ip addr show eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether00:0c:29:ec:f6:3f brd ff:ff:ff:ff:ff:ff inet 172.16.14.2/16brd 172.16.255.255 scope global eth0 inet 172.16.14.10/32scope global eth0 inet6 fe80::20c:29ff:feec:f63f/64scope link valid_lft forever preferred_lft forever ######由上可見,虛擬IP地址已成功在Backup服務器啓動 ---------------------------------------------------------------------- [root@backup ~]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 172.16.14.10:80 rr persistent 50 -> 172.16.14.3:80 Route 1 0 0 -> 172.16.14.4:80 Route 1 0 0 ######LVS的規則也已成功配置在Backup服務器上面 |
4、再次訪問測試服務器是否正常提供服務
5、假如Master服務器修復好已重新上線,則虛擬IP地址與LVS規則會重新配置到Master服務器上而在Backup服務器上刪除
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 | ######查看Master服務器 [root@master ~]# service keepalived start Starting keepalived: [ OK ] ---------------------------------------------------------------------- [root@master ~]# ip addr show eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether00:0c:29:2c:1a:24 brd ff:ff:ff:ff:ff:ff inet 172.16.14.1/16brd 172.16.255.255 scope global eth0 inet 172.16.14.10/32scope global eth0 inet6 fe80::20c:29ff:fe2c:1a24/64scope link valid_lft forever preferred_lft forever ---------------------------------------------------------------------- [root@master ~]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 172.16.14.10:80 rr persistent 50 -> 172.16.14.3:80 Route 1 0 0 -> 172.16.14.4:80 Route 1 0 0 ######由上可見,虛擬IP地址與LVS規則又重新配置到Master服務器上面 ====================================================================== ######查看Backup服務器 [root@backup ~]# ip addr show eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether00:0c:29:ec:f6:3f brd ff:ff:ff:ff:ff:ff inet 172.16.14.2/16brd 172.16.255.255 scope global eth0 inet6 fe80::20c:29ff:feec:f63f/64scope link valid_lft forever preferred_lft forever ---------------------------------------------------------------------- [root@backup ~]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 172.16.14.10:80 rr persistent 50 -> 172.16.14.3:80 Route 1 0 0 -> 172.16.14.4:80 Route 1 0 0 ######由上可見,虛擬IP地址已經刪除,但是LVS規則還存在,這對我們是沒有影響的,沒有了IP地址只有規則也是不生效的 |
6、如果後端Realserver出現故障,則LVS規則會清除相應Realserver的規則
1 2 3 4 5 6 7 8 9 10 | [root@web1 ~]# service httpd stop Stopping httpd: [ OK ] ------------------------------------------------------------------------ [root@master ~]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 172.16.14.10:80 rr persistent 50 -> 172.16.14.4:80 Route 1 0 0 ######由上可見,停止了WEB1服務器的Httpd服務;查看LVS規則中已經清除了WEB1服務器的規則;如果將WEB1重新上線,則LVS會自動將規則添加上這裏就不再測試 |
溫馨提示:
如果在是實際環境中使用Keepalived做高可用集羣解決方案時,爲了解決腦裂的問題,我們需要把MASTER與BACKUP服務器的Keepalived的主配置文件(keepalived.conf)中的"state" 狀態都改爲"BACKUP"優先級"priority"選項的值不要設置爲相同,可以設置一個數值大另一個數值小;如優先級分別爲:priority 100 priority98