前言
前面介绍过LVS实现负载均衡,通过不同的算法进行调度请求。LVS有一个缺点就是如果后面有一台RSdown了,LVS服务器是无法发现的,调度还是正常进行调度。如果是在实际生产环境中,就会导致有一部分用户无法正常访问。还有一个不足之初LVS本身万一down机了,怎么办呢?LVS虽然很强大,但是功能比较少。这里给大家介绍和LVS绝配的一个软件:keepalived。它既能对IPVS做高可用,还可以最RS对健康性检查,作用有点像ldirectord,但是功能更强大。
keepalived:
vrrp协议的软件实现,原生设计目的为了高可用ipvs服务。
功能:
1、vrrp协议完成地址流动
2、为vip地址所在的节点生成ipvs规则(在配置文件中预先定义)
3、为ipvs集群的各RS做健康状态检测
4、基于脚本调用接口通过执行脚本完成脚本中定义的功能,进而影响集群事务,以此支持nginx、haproxy等服务
注意事项:
(1) 各节点时间必须同步:ntp, chrony
(2) 确保iptables及selinux不会成为阻碍
(3) 各节点之间可通过主机名互相通信(对KA并非必须),建议使用/etc/hosts文件实现
(4) 各节点之间的root用户可以基于密钥认证的ssh服务完成互相通信(对KA并非必须)
环境准备:
两台Keepalived服务器虚拟成一个网络组,对外提供服务。虚拟的IP在实际生产中应为公网IP。
2台Keepalived配置
]#yum install -y keepalived ]#vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { } notification_email_from <===配置报警邮件地址 smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id node1 <===主机名,在另一结点为node2 vrrp_mcast_group4 224.100.100.100 <===组播地址 } vrrp_instance VI_1 { <===一个vrrp虚拟路由器 state MASTER <===在另一个结点上为BACKUP,一个主,一个备 interface eth0 <===虚拟组ip绑定的接口 virtual_router_id 22 <===多个节点必须相同 priority 100 <===优先级,主必须高于备 advert_int 1 authentication { auth_type PASS <===预共享密钥认证 auth_pass 0fef0348 <===随机密码较为安全:openssl rand -hex|-base64 4|12,仅前8位有效 } virtual_ipaddress { 192.168.32.99/24 <===虚拟的公网IP } notify_master "/etc/keepalived/tongzhi.sh master" <===当主备之间切换的时候发邮件通知,脚本内容见后面 notify_backup "/etc/keepalived/tongzhi.sh backup" notify_fault "/etc/keepalived/tongzhi.sh fault" } virtual_server 192.168.32.99 80 { delay_loop 6 <===服务轮询的时间间隔 lb_algo wrr <===定义调度方法:rr|wrr|lc|wlc|lblc|sh|dh lb_kind DR <===集群的类型:NAT|DR|TUN protocol TCP <====服务协议,仅支持TCP sorry_server 127.0.0.1 80 <===所有RS故障时,备用服务器地址 real_server 192.168.32.9 80 { <===定义RS weight 2 <===权重 HTTP_GET { url { path /index.html <===定义要监控的URL status_code 200 <===判断上述检测机制为健康状态的响应码 } connect_timeout 3 <===连接请求的超时时长 nb_get_retry 3 <===重试次数 delay_before_retry 3 <===重试之前的延迟时长 } } real_server 192.168.32.10 80 { weight 1 HTTP_GET { url { path /index.html status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } ]#cat tongzhi.sh #!/bin/bash notify() { mailsubject="$(hostname) to be $1, vip floating" mailbody="$(date +‘%F %T‘): vrrp transition, $(hostname) changed to be $1" echo "$mailbody" | mail -s "$mailsubject" $contact } case $1 in master) notify master ;; backup) notify backup ;; fault) notify fault ;; *) echo "Usage: $(basename $0) {master|backup|fault}" exit 1 ;; esac
RS上配置DR模式
]#cat lvs_rs.sh #!/bin/bash vip=192.168.32.99 <===虚拟的公网IP地址 mask=‘255.255.255.255‘ dev=lo:1 rpm -q httpd &> /dev/null || yum -y install httpd &>/dev/null service httpd start &> /dev/null && echo "The httpd Server is Ready!" echo "<h1>`hostname`</h1>" > /var/www/html/index.html case $1 in start) echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce ifconfig $dev $vip netmask $mask broadcast $vip up #route add -host $vip dev $dev echo "The RS Server is Ready!" ;; stop) ifconfig $dev down echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce echo "The RS Server is Canceled!" ;; *) echo "Usage: $(basename $0) start|stop" exit 1 ;; esac
测试:ipvs的规则自动添加进去,当其中一台Keepalived故障后,备份服务器会自动配上虚拟公网IP,提供服务;当RS某一台出现故障时,会自动从规则中删除,恢复正常后会自动加入。在一定范围内实现了高可用。
]#ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.32.99:80 wrr -> 192.168.32.9:80 Route 2 0 0 -> 192.168.32.10:80 Route 1 0 0 ]#tcpdump -i eth0 -nn host 224.100.100.100 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 17:44:23.381450 IP 192.168.32.111 > 224.100.100.100: VRRPv2, Advertisement, vrid 22, prio 100, authtype simple, intvl 1s, length 20 17:44:24.383358 IP 192.168.32.111 > 224.100.100.100: VRRPv2, Advertisement, vrid 22, prio 100, authtype simple, intvl 1s, length 20
记录日志:
]#vim /etc/sysconfig/keepalived KEEPALIVED_OPTIONS="-D -S 2" ]#vim /etc/rsyslog.conf local2.* /var/log/keepalived.log ]#systemctl restart rsyslog
本文出自 “沉默是金” 博客,请务必保留此出处http://maguofu.blog.51cto.com/12431016/1977578
原文:http://maguofu.blog.51cto.com/12431016/1977578