試驗環境
192.168.108.108 Master-LVS-Director
192.168.108.109 Backup-LVS-Director
192.168.108.180 VIP
192.168.108.161 RealServer1
192.168.108.162 RealServer2
安裝ipvsadm
# yum install -y ipvsadm
安裝keepalived
確認當前運行的內核
# name -r
2.6.18-128.4.1.el5xen
# ls -1 /usr/src/kernels
2.6.18-128.4.1.el5-x86_64
2.6.18-128.el5-x86_64
# wget http://www.keepalived.org/software/keepalived-1.1.17.tar.gz
# tar -xvzf keepalived-1.1.17.tar.gz
# cd keepalived-1.1.17
# ./configure --sysconfdir=/etc/ --sbindir=/usr/sbin/ --with-kernel-dir=/usr/src/kernels/2.6.18-128.4.1.el5-x86_64
Keepalived configuration
------------------------
Keepalived version: 1.1.17
Compiler: gcc
Compiler flags: -g -O2
Extra Lib : -lpopt -lssl -lcrypto
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
Use VRRP Framework : Yes
Use LinkWatch: No
Use Debug flags: No
# make && make install
配置keepalived
# vi /etc/keepalived/keepalived.conf
下載 keepalived.conf
# 全局定義
global_defs {
notification_email {
13810955300@139.com
}
notification_email_from root@experiment.jobkoo.com
#smtp主機地址
smtp_server 127.0.0.1
smtp_connect_timeout 30
#運行Keepalived服務器的一個標識。發郵件時顯示在郵件標題中的信息
router_id LVS_MASTER
}
#VIP
vrrp_instance VI_1 {
#指定實例的初始狀態(角色)。在兩臺router都啓動時馬上會根據priority的高低開始競選
#高priority爲Master
state MASTER
#VT_1 實例綁定的網卡
interface eth0
#VRID 標記(0-255)
virtual_router_id 51
#優先級,BACKUP的值一定要低於MASTER
priority 100
#檢查間隔
advert_int 1
#設置認證
authentication {
#認證類型
auth_type PASS
#認證密碼
auth_pass 1111
}
#VIP 這個IP在發生MASTER 到 BACKUP切換時會隨之add或del,所以每臺服務器上可以不綁定
#虛擬地址,而都放入virtual_ipaddress塊中(可以多個),keepalived會自動使用ip地址進
#行綁定(不需要依賴ifcfg-eth0),利用ip add show eth0可以看到加入的VIP
virtual_ipaddress {
192.168.108.180
}
}
#定義virtual_server (HTTP | 80)
virtual_server 192.168.108.180 80 {
delay_loop 6 # service polling的delay時間
lb_algo wlc # 調度算法
lb_kind DR # LVS工作方式
persistence_timeout 50 # 會話保持時間
protocol TCP # 協議類型(TCP|UDP)
#定義rs1,每一個rs都需要下面的一個配置段
real_server 192.168.108.161 80 {
weight 1 # 權值 默認1,0爲失效
# inhibit_on_failure # 在服務器健康檢查失敗後不從IPVS中刪除而將其權值標記爲0
# TCP方式的健康檢查
TCP_CHECK {
connect_timeout 10 # 連接超時時間
nb_get_retry 3 # 重試次數
delay_before_retry 3 # 重試間隔
connect_port 80 # 健康檢查端口
}
}
# 定義rs2
real_server 192.168.108.162 80 {
weight 1
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
# 定義virtual_server (HTTPS | 443)
virtual_server 192.168.108.180 443 {
delay_loop 6
lb_algo wlc
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 192.168.108.161 443 {
weight 1
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 443
}
}
real_server 192.168.108.162 443 {
weight 1
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 443
}
}
}
配置RS
爲了方便起見我自己編寫了一個啓動腳本,如下:
下載 lvsRealServer.sh
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
#!/bin/bash #Description : RealServer Start! #Write by:Cooper #Last Modefiy:2009.08.21 VIP=192.168.108.180 LVS_TYPE=DR startrs() { echo "start LVS of REALServer" if [ "$LVS_TYPE" == "DR" ];then /sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up /sbin/route add -host $VIP dev lo:0 else /sbin/ifconfig tunl0 $VIP netmask 255.255.255.255 broadcast $VIP up /sbin/route add -host $VIP dev tunl0 fi echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce } stoprs() { if [ "$LVS_TYPE" == "DR" ];then /sbin/ifconfig lo:0 down echo "close LVS Directorserver" else /sbin/ifconfig tunl0 down echo "close LVS Tunnel server" fi echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce } # ============ Main =========== case $1 in "start") startrs;; "stop") stoprs;; "*") echo "Usage $0 {start|stop}" exit 1 esac |
該腳本默認啓動LVS/DR模式,通過修改腳本變量可以實現LVS/Tunnel模式的切換。
運行腳本進行RS設置後執行相關的服務
[root@rs-1]# sh lvsRealServer.sh
[root@rs-1]# service httpd restart
rs-2執行相同的操作
Master/Backup LVS啓動keepalived 服務
[root@Master-LVS]# service keepalived start
Backup-LVS 同樣執行如上命令啓動keepalived
查看Master-LVS上eth0接口在啓動keepalived前後變化
啓動keepalived之前
# ip add show eth0
6: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
link/ether 00:1d:7d:3d:1c:63 brd ff:ff:ff:ff:ff:ff
inet 192.168.108.108/24 brd 192.168.108.255 scope global eth0
inet6 fe80::21d:7dff:fe3d:1c63/64 scope link
valid_lft forever preferred_lft forever
啓動之後
# ip add show eth0
6: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
link/ether 00:1d:7d:3d:1c:63 brd ff:ff:ff:ff:ff:ff
inet 192.168.108.108/24 brd 192.168.108.255 scope global eth0
inet 192.168.108.180/32 scope global eth0
inet6 fe80::21d:7dff:fe3d:1c63/64 scope link
valid_lft forever preferred_lft forever
查看LVS運行情況
[root@Master-LVS]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.108.180:443 wlc persistent 50
-> 192.168.108.161:443 Route 1 0 0
-> 192.168.108.162:443 Route 1 0 0
TCP 192.168.108.180:80 wlc persistent 50
-> 192.168.108.161:80 Route 1 0 0
-> 192.168.108.162:80 Route 1 0 0
故障測試
RS故障
切換到其中的一臺rs上,如192.168.108.161
# service httpd stop
這時查看Master/Backup LVS上的的日誌輸出
[root@Master-LVS]# tail -f /var/log/message
1 2 3 4 5 6 7 |
Sep 3 11:08:01 experiment Keepalived_healthcheckers: TCP connection to [192.168.108.161:80] failed !!! Sep 3 11:08:01 experiment Keepalived_healthcheckers: Removing service [192.168.108.161:80] from VS [192.168.108.180:80] Sep 3 11:08:01 experiment Keepalived_healthcheckers: Remote SMTP server [127.0.0.1:25] connected. Sep 3 11:08:01 experiment Keepalived_healthcheckers: TCP connection to [192.168.108.161:443] failed !!! Sep 3 11:08:01 experiment Keepalived_healthcheckers: Removing service [192.168.108.161:443] from VS [192.168.108.180:443] Sep 3 11:08:01 experiment Keepalived_healthcheckers: Remote SMTP server [127.0.0.1:25] connected. Sep 3 11:08:01 experiment Keepalived_healthcheckers: SMTP alert successfully sent. |
[root@Backup-LVS]# tail -f /var/log/message
1 2 3 4 5 6 7 |
Sep 3 11:08:02 localhost Keepalived_healthcheckers: TCP connection to [192.168.108.161:443] failed !!! Sep 3 11:08:02 localhost Keepalived_healthcheckers: Removing service [192.168.108.161:443] from VS [192.168.108.180:443] Sep 3 11:08:02 localhost Keepalived_healthcheckers: Remote SMTP server [127.0.0.1:25] connected. Sep 3 11:08:02 localhost Keepalived_healthcheckers: TCP connection to [192.168.108.161:80] failed !!! Sep 3 11:08:02 localhost Keepalived_healthcheckers: Removing service [192.168.108.161:80] from VS [192.168.108.180:80] Sep 3 11:08:02 localhost Keepalived_healthcheckers: Remote SMTP server [127.0.0.1:25] connected. Sep 3 11:08:03 localhost Keepalived_healthcheckers: SMTP alert successfully sent. |
通過日誌可以看出Master與Backup幾乎同時感知了RS1服務器已經故障,並且從IPVS中移除故障rs(或者將其權值標記爲0也就是不可用)。並且向指定的郵箱發送郵件,Master和Backup都會發送郵件,其郵件標題會根據router_id的值區分出Master和Backup
Master LVS-Router故障
停止Master-LVS的keepalived服務,人爲造成故障
[root@Master-LVS]# service keepalived stop
這時查看Backup-LVS的log信息
[root@Backup-LVS]# tail -f /var/log/message
1 2 3 4 5 6 7 |
Sep 3 11:23:28 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Transition to MASTER STATE Sep 3 11:23:29 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Entering MASTER STATE Sep 3 11:23:29 localhost Keepalived_vrrp: VRRP_Instance(VI_1) setting protocol VIPs. Sep 3 11:23:29 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.108.180 Sep 3 11:23:29 localhost Keepalived_vrrp: Netlink reflector reports IP 192.168.108.180 added Sep 3 11:23:29 localhost Keepalived_healthcheckers: Netlink reflector reports IP 192.168.108.180 added Sep 3 11:23:34 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.108.180 |
由日誌可以看出,Backup-LVS監測到Master-LVS故障後立即將自己的身份切換爲Master然後將VIP設置到自己的eth0端口上併發送ARP廣播。
現在我手動將Master-LVS的keepalived的服務起來,然後再查看Backup-LVS的log信息
[root@Master-LVS]# service keepalived start
[root@Backup-LVS]# tail -f /var/log/message
1 2 3 4 5 |
Sep 3 11:30:44 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Received higher prio advert Sep 3 11:30:44 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Entering BACKUP STATE Sep 3 11:30:44 localhost Keepalived_vrrp: VRRP_Instance(VI_1) removing protocol VIPs. Sep 3 11:30:44 localhost Keepalived_vrrp: Netlink reflector reports IP 192.168.108.180 removed Sep 3 11:30:44 localhost Keepalived_healthcheckers: Netlink reflector reports IP 192.168.108.180 removed |
由Backup-LVS的日誌可以看到,其檢測到比自己優先級高的實例後將自己的身份切換成了Backup,然後將VIP從eth0端口移除,併發送心跳給Master-LVS。
piranha與keepalived比較
經過比較得知,piranha的主-備的地位是相同的,也就是說主故障後備就會代替主,經其地位從備切換爲主,而當先前的主恢復正常後則先前的主便成了備,其不會主動切換自己的身份爲主,當前的備可以檢測到先前的主已經恢復但並不會主動將自己的身份修改爲備。
而keepalived則是主備分明的,其利用優先級的設置可以嚴格的制定主備身份。
參考文章
LVS-HOWTO
http://www.keepalived.org/documentation.html
http://bbs.linuxtone.org/thread-1077-1-1.html
資源下載
Keepalived-UserGuide CN EN
出自:salogs.com