首页 > 其他 > 详细

Keepalived基本设置及IPVS扩展

时间:2015-01-17 23:37:42      阅读:948      评论:0      收藏:0      [点我收藏+]

Keepalived基本设置及IPVS扩展

技术分享

IP地址高可用

[root@node1 ~]# yum install keepalived -y (一般系统光盘就有)

[root@node2 ~]# yum install keepalived -y

[root@node1 ~]# rpm -q keepalived

keepalived-1.2.13-4.el6.x86_64

[root@node1 ~]# cd /etc/keepalived/

[root@node1 keepalived]# cp keepalived.conf keepalived.conf.bak

[root@node1 keepalived]# vim keepalived.conf

global_defs {

  notification_email {

        root@node1.dragon.com   (产生邮件时发邮件给谁)

        root@node2.dragon.com     (产生邮件时发邮件给谁)

   }

   notification_email_from kaadmin@dragon.com   (发件人是谁)

   smtp_server 127.0.0.1                       (发件人IP地址)

  smtp_connect_timeout 30               (超时时长)

  router_id LVS_DEVEL                         

}

vrrp_instance VI_1 {

   state MASTER                           (状态)

   interface eth0                           (网口)

   virtual_router_id 101              route_ID 0-255之间都可以)

   priority 100                               (优先级,优先级高的可成为主节点)

   advert_int 1                              (发通告的时间间隔)    

   authentication {

       auth_type PASS                (认证方式默认明文)

       auth_pass 1111                 (密钥,可以随意填写,只要两节点保持一致即可)

    }

   virtual_ipaddress {                         (使用的虚拟IP  指定在哪个网卡上使用(可以省略))

        172.16.18.51/16 dev eth0 label eth0:0

    }

}

后面的内容暂时用不上。注释掉,配置Ipvs时使用。

  :.,$s/^/#  vim小技巧:注释光标所在当前行后面的所有内容!)

 

[root@node1 keepalived]# scp keepalived.conf node2:/etc/keepalived/   (把配置文件传给节点2一份)

[root@node1 keepalived]# date ;ssh node2 ‘date‘ (确保两台主机时间是一致的,如果不一致可以使用# ntpdate 172.16.0.1 命令同步时间,ntp服务器可以百度搜索)

 

[root@node2 ~]# cd /etc/keepalived/

[root@node2 keepalived]# vim keepalived.conf

vrrp_instance VI_1 {

    state BACKUP                           (修改状态为备用)

   interface eth0

   virtual_router_id 101

    priority  98                              (修改优先级)

   advert_int 1

   authentication {

       auth_type PASS

       auth_pass qqadsdfsdfsdfsda

    }

   virtual_ipaddress {

       172.16.18.51

    }

}

 

[root@node2 keepalived]# service keepalived start

[root@node1 keepalived]# service keepalived start

[root@node1 keepalived]# tail/var/log/messages   (日志文件路径)

[root@node1 keepalived]# ip addr show   (查看虚拟IP是否启动,在node2查看是没有的,因为前面给其设置了备用节点)

2: eth0:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen1000

   link/ether 08:00:27:7e:05:55 brd ff:ff:ff:ff:ff:ff

   inet 172.16.18.10/16 brd 172.16.255.255 scope global eth0

    inet 172.16.18.51/32 scope global eth0 

   inet6 fe80::a00:27ff:fe7e:555/64 scope link

      valid_lft forever preferred_lft forever

 

[root@node3 ~]# ping 172.16.18.51   (另找一台主机看是否能ping通)

PING 172.16.18.51 (172.16.18.51) 56(84)bytes of data.

64 bytes from172.16.18.51: icmp_seq=2 ttl=64 time=0.799 ms

[root@node1 keepalived]# service keepalivedstop   (尝试关掉主节点keepalived服务,)

 

[root@node2 keepalived]# ip addr show              (到node2查看IP信息,已经变成主节点)

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP>mtu 1500 qdisc pfifo_fast state UP qlen 1000

    inet 172.16.18.51/32 scope global eth0

[root@node1 keepalived]# service keepalivedstart    node1启动keepalived服务,会立即抢回主节点)

[root@node1 keepalived]# ip addr show

    inet 172.16.18.51/32 scope global eth0

 

[root@node1 keepalived]# vimkeepalived.conf

vrrp_scriptchk_maintance_down {

        script "[[ -f /etc/keepalived/down]] && exit 1 || exit 0"            (若此文件存在返回1,不存在返回0

        intervarl 1                         (检查频率每秒一次)

        weight -5                          (若有down这个文件,则权重-5

}

vrrp_instance VI_1 {

   state MASTER

   interface eth0

   virtual_router_id 101

   priority 100

   advert_int 1

   authentication {

       auth_type PASS

       auth_pass qqadsdfsdfsdfsda

    }

   virtual_ipaddress {

       172.16.18.51/16 dev eth0 label eth0:0

    }

       track_script {                            (调用)

        chk_maintance_down

        }

}

 

[root@node1 keepalived]# scp keepalived.conf node2:/etc/keepalived/                   (把配置文件传给node2

[root@node2 keepalived]# vim keepalived.conf (修改node2配置文件)

vrrp_instance VI_1 {

    state BACKUP                           (备用节点)

   interface eth0

   virtual_router_id 101

    priority 98                                  (优先级)

 

[root@node2 keepalived]# service keepalived restart

[root@node1 keepalived]# service keepalived restart

[root@node1 keepalived]# touch down   (创建down测试,找到down权限,权重-5

[root@node1 keepalived]# ip addr show  vip已经去到node2节点)

[root@node1 keepalived]# rm down             (删除down文件在尝试)

[root@node1 keepalived]# ip addr show  (检测成功,vip又传递回ode1节点)

 

定义邮件脚本:

[root@node1 keepalived]# vim notify.sh      (创建一个脚本)

#!/bin/bash

# Author: MageEdu<linuxedu@foxmail.com>

# description: An exampleof notify script

#

vip=172.16.18.51

contact=‘root@localhost‘

notify() {

    mailsubject="`hostname` to be $1: $vipfloating"

    mailbody="`date ‘+%F %H:%M:%S‘`: vrrptransition, `hostname` changed to be $1"

    echo $mailbody | mail -s"$mailsubject" $contact

}

case "$1" in

    master)

        notify master

       /etc/rc.d/init.d/nginx restart                  (当运行脚本时参数为master时重启nginx服务)

        exit 0

    ;;

    backup)

        notify backup

       /etc/rc.d/init.d/nginx restop                  (当运行脚本时参数为backup时重启nginx服务)

        exit 0

    ;;

    fault)

        notify fault

        /etc/rc.d/init.d/nginx stop

        exit 0

    ;;

    *)

        echo ‘Usage: `basename $0`{master|backup|fault}‘

        exit 1

    ;;

esac

 

[root@node1 keepalived]# chmod +x notify.sh(添加执行权限)

[root@node1 keepalived]# vim keepalived.conf

vrrp_instance VI_1 {

   state MASTER

   interface eth0

   virtual_router_id 101

   priority 100

   advert_int 1

   authentication {

       auth_type PASS

       auth_pass qqadsdfsdfsdfsda

    }

   virtual_ipaddress {

       172.16.18.51/16 dev eth0 label eth0:0

    }

       track_script {

       chk_maintance_down

       }

        notify_master"/etc/keepalived/notify.sh master"   (如果变成主节点就执行这条)

        notify_backup"/etc/keepalived/notify.sh backup"   (如果变成备用节点就执行这条)

        notify_fault"/etc/keepalived/notify.sh fault"     (如果变成主节点就执行这条)

}      

[root@node1 keepalived]# scp -p  keepalived.conf notify.sh  node2:/etc/keepalived/   (把文件传给node2

[root@node2 keepalived]# vim keepalived.conf (修改node2状态和优先级)

vrrp_instance VI_1 {

    stateBACKUP

   interface eth0

   virtual_router_id 101

    priority 98

 

[root@node1 keepalived]# service keepalived restart ;ssh node2 ‘service keepalived  restart‘   (重启keepalived服务)

[root@node1 keepalived]# mail  node1node2状态有变化时都可以收到邮件了!!)

[root@node1 keepalived]# touch down                (再次生成down文件测试成为备用节点)

[root@node1 keepalived]# mail  (再次查看邮件,自己已经变成备用节点了)

 

 

基于上面的配置,实现高可用的nginx服务器

[root@node1 ~]# rpm -ivh nginx-1.6.2-1.el6.ngx.x86_64.rpm

[root@node1 ~]# scp nginx-1.6.2-1.el6.ngx.x86_64.rpm  node2:/root

[root@node2 ~]# rpm -ivh  nginx-1.6.2-1.el6.ngx.x86_64.rpm

[root@node2 ~]# vim  /usr/share/nginx/html/index.html   (编辑页面测试使用)

<h1>NODE2.DRAGON tonginx!</h1>

[root@node1 ~]# vim  /usr/share/nginx/html/index.html

<h1>NODE1.DRAGONWelcome to nginx!</h1>

[root@node1 ~]# service nginx start ;sshnode2 ‘service nginx start‘

使用浏览器访问http://172.16.18.51/       这时候主节点还是node2

[root@node1 ~]# cd /etc/keepalived/

[root@node1 keepalived]# rm down    (删除down文件,抢回主节点)

再次使用浏览器访问http://172.16.18.51/       这时候主节点已经变成node1

 

写一个脚本监控nginx服务,通过脚本判断nginx服务是否启动,如果没有启动那么权重-5,如果启动,那么权重不变

 

[root@node1 keepalived]# vim  keepalived.conf

vrrp_script chk_maintance_down {

       script "[[ -f /etc/keepalived/down ]] && exit 1 || exit0"

       intervarl 1

       weight -5

}

vrrp_script chk_nginx {                            

        script "killall -0 nginx"                      (检查nginx服务是否能杀死,killall -0表示仅测试,并不执行)

        interval 1                          (每秒检查一次)

        weight -5                                            (如果不能杀死那么权重-5

}

vrrp_instance VI_1 {

   state MASTER

   interface eth0

   virtual_router_id 101

   priority 100

   advert_int 1

   authentication {

       auth_type PASS

       auth_pass qqadsdfsdfsdfsda

    }

   virtual_ipaddress {

       172.16.18.51/16 dev eth0 label eth0:0

    }

       track_script {

       chk_maintance_down

        chk_nginx                         (调用chk_nginx,前面写的)

       }

       notify_master "/etc/keepalived/notify.sh master"

       notify_backup "/etc/keepalived/notify.sh backup"

       notify_fault "/etc/keepalived/notify.sh fault"

}

[root@node1 keepalived]# scp  keepalived.conf node2:/etc/keepalived/   (传递给node2

[root@node2 keepalived]# vim  keepalived.conf (修改node2状态和优先级)

vrrp_instance VI_1 {

    state BACKUP

   interface eth0

   virtual_router_id 101

    priority 98

 

[root@node1 keepalived]# service keepalived  restart ;ssh node2 ‘service keepalived  restart‘ (重启服务)

现在尝试停止nginx服务vip会自动跳转到另外的服务器上!!!

 

配置keepalived双主模型!

[root@node1 keepalived]# vim  keepalived.conf                   (添加一个实例,并略做修改)

:.,46y   vim编辑器小技巧,复制光标所在当前行到四十六行)

vrrp_instance VI_1 {

   state MASTER

   interface eth0

   virtual_router_id 101

   priority 100

   advert_int 1

   authentication {

       auth_type PASS

       auth_pass 1igdfkg111

    }

   virtual_ipaddress {

       172.16.18.51/16 dev eth0 label eth0:0

    }

       track_script {

       chk_maintance_down

       chk_nginx

       }

       notify_master "/etc/keepalived/notify.sh master"

       notify_backup "/etc/keepalived/notify.sh backup"

       notify_fault "/etc/keepalived/notify.sh fault"

}

vrrp_instance VI_2 {                         (添加一个实例,名字修改一下)

    state BACKUP                                    (如果第一个实例这里是主节点,那第二个实例就是备用节点)

    interface eth0

    virtual_router_id 111              (路由ID记得修改,不能一样)

    priority 98                                  (备用节点比主节点的优先级要低!)

    advert_int 1                                      

    authentication {

        auth_type PASS

        auth_pass dDD1igdfkg111             (认证密钥可以修改,也可以不修改)

    }

    virtual_ipaddress {

        172.16.18.52/16 dev eth0 label eth0:1                  vip记得修改,并且不使用同一个虚拟端口)

    }

        track_script {                            (后面的脚本仍然可以继续使用)

        chk_maintance_down

        chk_nginx

        }

        notify_master"/etc/keepalived/notify.sh master"

        notify_backup"/etc/keepalived/notify.sh backup"

        notify_fault"/etc/keepalived/notify.sh fault"

}

[root@node1 keepalived]# scp  keepalived.conf  node2:/etc/keepalived/   (把配置文件传给node2节点)

[root@node2 keepalived]# vim  keepalived.conf   (在node2修改部分配置文件)

vrrp_instance VI_1 {

    state BACKUP 

   interface eth0

   virtual_router_id 101

priority 98

……

vrrp_instance VI_2 {

    state MASTER

   interface eth0

   virtual_router_id 111

priority 100

……

[root@node1 keepalived]# service keepalived  restart  ; ssh node2  ‘service keepalived    restart‘ (重启两节点的keepalived服务)

[root@node1 keepalived]# rm down  (记得把node1down文件删除,如果有down文件的话那两个VIP都在node2节点)

 

 

在上面的基础上实现 KeepalivedIPVS提供高可用!

技术分享

[root@node1 keepalived]# cp keepalived.conf  keepalived.conf.2bak   (再备份现有配置文件!)

[root@node1 keepalived]# vim  keepalived.conf  (只需要一个实例,先删除第二个实例,删除NGINX相关角本及调用)

vrrp_instance VI_1 {

   state MASTER

   interface eth0

   virtual_router_id 101

   priority 100

   advert_int 1

   authentication {

       auth_type PASS

       auth_pass 1igdfkg111

    }

   virtual_ipaddress {

        172.16.18.53/32 brd 172.16.18.53 deveth0 label eth:0   (广播地址)

    }

       track_script {

       chk_maintance_down

       }

       notify_master "/etc/keepalived/notify.sh master"

       notify_backup "/etc/keepalived/notify.sh backup"

       notify_fault "/etc/keepalived/notify.sh fault"

}

 

[root@node3 ~]# vim rs.sh  (在node3编辑一个角本)

#!/bin/bash

#

vip=172.16.18.53

case $1 in

start)

        echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore

        echo 1 >/proc/sys/net/ipv4/conf/lo/arp_ignore

        echo 2 >/proc/sys/net/ipv4/conf/all/arp_announce

        echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce

        ifconfig lo:0 $vip broadcast $vipnetmask 255.255.255.255 up

        route add -host $vip dev lo:0

        ;;

stop)

        echo 0 >/proc/sys/net/ipv4/conf/all/arp_ignore

        echo 0 >/proc/sys/net/ipv4/conf/lo/arp_ignore

        echo 0 >/proc/sys/net/ipv4/conf/all/arp_announce

        echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce

        ifconfig lo:0 down

        route del  -host $vip dev lo:0

        ;;

Esac

 

(关于上面的角本一两句也说不清楚,下面是我百度关于arp_ignore和arp_ignore的内容)

arp_announce

默认为0

对网络接口上本地IP地址发出的ARP回应作出相应级别的限制:

确定不同程度的限制,宣布对来自本地源IP地址发出Arp请求的接口

0 - (默认) 在任意网络接口上的任何本地地址

1 -尽量避免不在该网络接口子网段的本地地址. 当发起ARP请求的源IP地址是被设置应该经由路由达到此网络接口的时候很有用.此时会检查来访IP是否为所有接口上的子网段内ip之一.如果改来访IP不属于各个网络接口上的子网段内,那么将采用级别2的方式来进行处理.

2 - 对查询目标使用最适当的本地地址.在此模式下将忽略这个IP数据包的源地址并尝试选择与能与该地址通信的本地地址.首要是选择所有的网络接口的子网中外出访问子网中包含该目标IP地址的本地地址. 如果没有合适的地址被发现,将选择当前的发送网络接口或其他的有可能接受到该ARP回应的网络接口来进行发送

all/ {interface}/ 下两者同时比较,取较大一个值生效.

 

arp_ignore

默认为0

定义对目标地址为本地IPARP询问不同的应答模式

0 - (默认值): 回应任何网络接口上对任何本地IP地址的arp查询请求(比如eth0=192.168.0.1/24,eth1=10.1.1.1/24,那么即使eth0收到来自10.1.1.2这样地址发起的对10.1.1.1arp查询也会回应--而原本这个请求该是出现在eth1上,也该有eth1回应的)

1 - 只回答目标IP地址是来访网络接口本地地址的ARP查询请求(比如eth0=192.168.0.1/24,eth1=10.1.1.1/24,那么即使eth0收到来自10.1.1.2这样地址发起的对192.168.0.1的查询会回答,而对10.1.1.1arp查询不会回应)

 

 

[root@node3 ~]# bash -n rs.sh  (测试语法是否有误)

[root@node3 ~]# bash rs.sh  start

[root@node3 ~]# ifconfig   (可以看到lo:0IP地址了)

lo:0      Link encap:Local Loopback    

          inet addr:172.16.18.53  Mask:255.255.255.255

[root@node3 ~]# service httpd start

[root@node3 ~]# vim  /var/www/html/index.html

<h1>node3</h1>

[root@node1 keepalived]# vim  keepalived.conf   (在实例1后添加虚拟主机)

virtual_server172.16.18.53  80 {                                   (虚拟服务器IP及端口)

        delay_loop 6                                                               

        lb_algo rr                                                             (负载均衡调度算法)

        protocol TCP                                                       (使用协议)

        lb_kind DR                                                           (负载均衡类型)

       

        sorry_server 127.0.0.1 80                       (错误就显示自已的nginx页面)

 

        real_server 172.16.18.30 80                           (提供页面的服务器IP

          weight 1                                                          (权重)

          HTTP_GET {                                                    Http定义了与服务器交互的不同方法GET

                url {

                        path /

                        status_code 200

                        }

                connect_timeout 2                          (超时时间)

                nb_get_retry 3                                 (重试次数)

                delay_before_retry1                      (表示每次连接重试的间,这里的间隔是1.

        }

}

 

[root@node1 keepalived]# scp  keepalived.conf node2:/etc/keepalived/

[root@node2 keepalived]# vim  keepalived.conf

vrrp_instance VI_1 {

    state BACKUP

   interface eth0

   virtual_router_id 101

    priority 98

[root@node1 keepalived]# service keepalivedrestart  ; ssh node2  ‘service keepalived restart‘

[root@node1 keepalived]# ip addr show

inet 172.16.18.53/32 brd 172.16.18.53 scope global eth:0

[root@node1 keepalived]# yum install -yipvsadm                        (安装IPVSADM

[root@node2 keepalived]#  yum install -y ipvsadm

[root@node1 keepalived]# touch down

[root@node2 keepalived]# ipvsadm -L –n  (查看  

IP Virtual Server version1.2.1 (size=4096)

Prot LocalAddress:PortScheduler Flags

  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn

TCP  172.16.18.53:80 rr

  -> 172.16.18.30:80              Route   1     0          0     

[root@node2 keepalived]# ipvsadm –C                 (删除规则)

[root@node1 keepalived]# rm  down

现在访问http://172.16.18.53/  会显示node3的页面;

关闭node3httpd服务[root@node3 ~]# service httpd stop

再次访问,http://172.16.18.53/  就会显示node1的页面!

[root@node1 keepalived]# touch down   (创建DOWN文件,现在节点是node2

再次访问,http://172.16.18.53/  就会显示node2的页面!

[root@node3 ~]# service httpd start   (启用httpd服务)

[root@node1 keepalived]# rm -f down  (删除down文件)




Keepalived基本设置及IPVS扩展

原文:http://dragondragon.blog.51cto.com/6170889/1605164

(0)
(0)
   
举报
评论 一句话评论(0
关于我们 - 联系我们 - 留言反馈 - 联系我们:wmxa8@hotmail.com
© 2014 bubuko.com 版权所有
打开技术之扣,分享程序人生!