为lvs而存在的keepalived

原创

d5533630 2013-05-16 22:24:57 博主文章分类：集群服务 ©著作权

文章标签 Linux 文章分类 运维

©著作权归作者所有：来自51CTO博客作者d5533630的原创作品，请联系作者获取转载授权，否则将追究法律责任

首先，我们先说一个概念：VRRP

VRRP：Virtual Routing Redundent Protocol，称为虚拟路由冗余协议。这个协议本身主要是实现地址漂移的，即当主路由损坏的话，可通过VRRP协议将IP地址转至备份路由上，不至于网络工作的损失。

然后说我们的重点：keepalived

Keepalived是一个专门为lvs提供高可用功能的机制，它可以实现当有两个主从lvs，而且主lvs损坏的时候，将其IP地址以及lvs转移至备份lvs上。IP地址转移就应用了我们前面说的VRRP协议，lvs转移可定义其配置文件，动态生成ipvs规则，还能实现健康状况检查。

接下来就说keepalived的基本配置

一、准备环境

1、实例目的：

安装keepalived，实现其lvs及web高可用的功能。

2、准备三台主机，这里以RHEL5的虚拟机实现。

3、下载软件包，可以编译安装，也可以直接用rpm包安装。我这里直接下载rpm包安装。

(下载地址：http://www.keepalived.org)

为lvs而存在的keepalived_Linux

二、规划

为lvs而存在的keepalived_Linux_02

Keepalived主机的IP：

HA1：172.16.13.3

HA2：172.16.13.4

Lvs基于DR模型的IP：

DR1：172.16.14.3

DR2：172.16.14.4

DR的VIP配置在lo0:0接口上：172.16.14.1

三、实现过程

【两个节点的准备工作】

1、配置节点的IP，并能互相通信

# setup
# ping 172.16.13.4
[# ping 172.16.13.3]

2、改两个节点的主机名与uname -n相同

# hostname node1
# uname -n
# vim /etc/sysconfig/network  使其永久生效

3、ssh互信通信

#  ssh-keygen -t rsa -f ~/.ssh/id_rsa -P ''
# ssh-copy-id -i .ssh/id_rsa.pub root@172.16.13.4
# ssh 172.16.13.4 'ifconfig'        测试是否成功

为lvs而存在的keepalived_Linux_03

4、配置主机名解析

# vim /etc/hosts
172.16.13.3  node1  node1
172.16.13.4  node2  node2
[ # scp /etc/hosts node2:/etc/hosts ]

5、基于主机名能够通信

# ping  node2

6、时间同步

# service ntpd stop
# chkconfig ntpd off
# ntpdate 172.16.0.1
# date

（第二个节点与第一个节点的配置一样，只需将IP地址改一下即可）

【安装配置keepalived： node1与node2的操作基本相同】

node1：172.16.13.3

# yum -y --nogpgcheck localinstall keepalived-1.2.7-5.el5.i386.rpm
安装软件包
# vim /etc/keepalived/keepalived.conf         修改配置文件
global_defs {
notification_email {
root@localhost                       # 邮件地址
}
notification_email_from root@localhost    # 发件人
smtp_server 127.0.0.1                    # 邮件服务器地址
smtp_connect_timeout 30                 # 连接超时间
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER                          # 定义初始状态，这里是主节点
interface eth0                        # 虚拟路由工作的物理接口
virtual_router_id 51                  # 组ID
priority 101                          # 主节点的优先级
advert_int 1                          # 发送通高的时间间隔
authentication {
auth_type PASS                    # 密码认证
auth_pass password
}
virtual_ipaddress {
172.16.14.1/16 dev eth0 label eth0:0    # 在别名上配置虚拟地址
}
}
virtual_server 172.16.14.1 80 {              # vip地址以及对应的端口
delay_loop 6
lb_algo wlc                             # 调度算法
lb_kind DR                              # lvs类型
nat_mask 255.255.0.0                    # 网络掩码
protocol TCP                            # tcp协议
real_server 172.16.14.3 80 {            #realser的地址
weight 1                            # 权重
HTTP_GET {                       #为http服务进行健康状态检查
url {                          # 监测http服务的url
path /
status_code 200              # 正确的状态码
}
connect_timeout 2             # 连接的超时时长
nb_get_retry 3               # 重试次数
delay_before_retry 1          # 延迟时间
}
}
real_server 172.16.14.4 80 {
weight 1
HTTP_GET{
url {
path /
status_code 200
}
connect_timeout 2
nb_get_retry 3
delay_before_retry 1
}
}
}

如果要使用TCP_CHECK检测各realserver的健康状态，那么，上面关于realserver部分的定义也可以替换为如下内容：

virtual_server 172.16.100.1 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 300
protocol TCP
sorry_server 127.0.0.1 80
real_server 172.16.100.11 80 {
weight 1
TCP_CHECK {
tcp_port 80
connect_timeout 3
}
}
real_server 172.16.100.12 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
}
}
}

说明：其中的sorry_server是用于定义所有realserver均出现故障时所用的服务器。

[将node1的配置文件复制到node2上]

为lvs而存在的keepalived_Linux_04

node2：172.16.13.4

修改其vrrp状态为备份节点BACKUP，以及优先级要低于主节点。

# vim /etc/keepalived/keepalived.conf

为lvs而存在的keepalived_Linux_05

【分别将两个节点的keepalived启动】

为lvs而存在的keepalived_Linux_06

在主节点上执行ifconfig，可得到我们定义的虚拟网卡地址：

为lvs而存在的keepalived_Linux_07

安装ipvsadm，并查看自动生成的规则

# yum -y install ipvsadm

为lvs而存在的keepalived_Linux_08

在客户端上打开浏览器访问测试：http://172.16.14.1

为lvs而存在的keepalived_Linux_09

下面将配置基于web服务实现keepalived的高可用。

（可在上面的基础上配置，这里是实现HA主机上的web高可用）

【先将keepalived服务停止，分别在HA1和HA2上安装web服务】

# yum install -y httpd
# service httpd start

【提供网页文件，并打开网页测试是否能访问成功】

# vim /var/www/html/index.html
<h1>node1</h1>
[ <h2>node2</h2> ]

【修改配置文件】

为lvs而存在的keepalived_Linux_10

! Configuration File for keepalived
global_defs {
notification_email {
linuxedu@foxmail.com
mageedu@126.com
}
notification_email_from kanotify@magedu.com
smtp_connect_timeout 3
smtp_server 127.0.0.1
router_id LVS_DEVEL
}
vrrp_script chk_httpd {
script "killall -0 httpd"
interval 2
# check every 2 seconds
weight -2
# if failed, decrease 2 of the priority
fall 2
# require 2 failures for failures
rise 1
# require 1 sucesses for ok
}
vrrp_script chk_schedown {
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
interval 2
weight -2
}
vrrp_instance VI_1 {
interface eth0
# interface for inside_network, bound by vrrp
state MASTER
# Initial state, MASTER|BACKUP
# As soon as the other machine(s) come up,
# an election will be held and the machine
# with the highest "priority" will become MASTER.
# So the entry here doesn't matter a whole lot.
priority 101
# for electing MASTER, highest priority wins.
# to be MASTER, make 50 more than other machines.
virtual_router_id 51
# arbitary unique number 0..255
# used to differentiate multiple instances of vrrpd
# running on the same NIC (and hence same socket).
garp_master_delay 1
authentication {
auth_type PASS
auth_pass password
}
track_interface {
eth0
}
# optional, monitor these as well.
# go to FAULT state if any of these go down.
virtual_ipaddress {
172.16.14.1/16 dev eth0 label eth0:0
}
#addresses add|del on change to MASTER, to BACKUP.
#With the same entries on other machines,
#the opposite transition will be occuring.
#<IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPE> label <LABEL>
track_script {
chk_httpd
chk_schedown
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}

在/etc/keepalived/创建一个脚本文件，notify.sh，内容如下：

#!/bin/bash
# Author: MageEdu <linuxedu@foxmail.com>
# description: An example of notify script
#
vip=172.16.100.1
contact='root@localhost'
Notify() {
mailsubject="`hostname` to be $1: $vip floating"
mailbody="`date '+%F %H:%M:%S'`: vrrp transition, `hostname` changed to be $1"
echo $mailbody | mail -s "$mailsubject" $contact
}
case "$1" in
master)
notify master
/etc/rc.d/init.d/haproxy start
exit 0
;;
backup)
notify backup
/etc/rc.d/init.d/haproxy restart
exit 0
;;
fault)
notify fault
exit 0
;;
*)
echo 'Usage: `basename $0` {master|backup|fault}'
exit 1
;;
esac

为lvs而存在的keepalived_Linux_11

【在node2上修改从node1复制的主配置文件】

为lvs而存在的keepalived_Linux_12

【在双节点上启动keepalived服务,并查看主节点的网卡信息】

# service keepalived start
# ifconfig

为lvs而存在的keepalived_Linux_13

在客户端访问http://172.16.14.1

为lvs而存在的keepalived_Linux_14

这时的http服务在node1上。

【我们模拟主节点node1故障】

为lvs而存在的keepalived_Linux_15

为lvs而存在的keepalived_Linux_16

浏览器访问测试

为lvs而存在的keepalived_Linux_17

双主模型的web服务高可用

【在两个节点的主配置文件中添加下面一段代码即可】

vrrp_instance VI_2 {
interface eth0
state BACKUP        # VI_1为主，这个就配置为从。（在node2上相反）
priority 101             # 100 for BACKUP
virtual_router_id 52     # 组ID不能与VI_1的组ID相同
garp_master_delay 1
authentication {
auth_type PASS
auth_pass password
}
track_interface {
eth0
}
virtual_ipaddress {
172.16.14.2/16 dev eth0 label eth0:1
}
track_script {
chk_httpd
chk_schedown
}
notify_master "/etc/keepalived/notify.sh master eth0:1"
notify_backup "/etc/keepalived/notify.sh backup eth0:1"
notify_fault "/etc/keepalived/notify.sh fault eth0:1"
}

‍‍

【两个节点分别重启keepalived服务，并查看网卡地址】

# service keepalived restart
# ifconfig

为lvs而存在的keepalived_Linux_18

为lvs而存在的keepalived_Linux_19

【模拟node2故障】

为lvs而存在的keepalived_Linux_20

为lvs而存在的keepalived_Linux_21

浏览器访问测试：

为lvs而存在的keepalived_Linux_22

为lvs而存在的keepalived_Linux_23

附：DR的配置

两个RS主机：

时间同步：

# service ntpd stop
# chkconfig ntpd off
# ntpdate 172.16.0.1
# date

这里有一个写好的脚本，在两台RS上分别执行一下即可。（也可以手动配置，手动配置过程脚本中都有显示。这里为了方便直接运行脚本）

#!/bin/bash
#
# Script to start LVS DR real server.
# chkconfig: - 90 10
# description: LVS DR real server
#
.  /etc/rc.d/init.d/functions
VIP=172.16.100.1
host=`/bin/hostname`
case "$1" in
start)
# Start LVS-DR real server on this machine.
/sbin/ifconfig lo down
/sbin/ifconfig lo up
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
/sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add -host $VIP dev lo:0
;;
stop)
# Stop LVS-DR real server loopback device(s).
/sbin/ifconfig lo:0 down
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
;;
status)
# Status of LVS-DR real server.
islothere=`/sbin/ifconfig lo:0 | grep $VIP`
isrothere=`netstat -rn | grep "lo:0" | grep $VIP`
if [ ! "$islothere" -o ! "isrothere" ];then
# Either the route or the lo:0 device
# not found.
echo "LVS-DR real server Stopped."
else
echo "LVS-DR real server Running."
fi
;;
*)
# Invalid entry.
echo "$0: Usage: $0 {start|status|stop}"
exit 1
;;
Esac