环境
centos 64位
http://www.osyunwei.com/archives/7566.html
Keepalived 是一种高性能的服务器高可用或热备解决方案,Keepalived可以用来防止服务器单点故障(单点故障是指一旦某一点出现故障就会导致整个系统架构的不可用)的发生,通过配合Nginx可以实现web前端服务的高可用。
Keepalived实现的基础是VRRP协议,Keepalived就是巧用VRRP协议来实现高可用性(HA)的.
VRRP(Virtual Router Redundancy Protocol)协议是用于实现路由器冗余的协议,VRRP协议将两台或多台路由器设备虚拟成一个设备,对外提供虚拟路由器IP(一个或多个),而在路由器组内部,如果实际拥有这个对外IP的路由器如果工作正常的话就是MASTER,或者是通过算法选举产生,MASTER实现针对虚拟路由器IP的各种网络功能,如ARP请求,ICMP,以及数据的转发等;其他设备不拥有该IP,状态是BACKUP,除了接收MASTER的VRRP状态通告信息外,不执行对外的网络功能。当主机失效时,BACKUP将接管原先MASTER的网络功能。
VRRP协议使用多播数据来传输VRRP数据,VRRP数据使用特殊的虚拟源MAC地址发送数据而不是自身网卡的MAC地址,VRRP运行时只有MASTER路由器定时发送VRRP通告信息,表示MASTER工作正常以及虚拟路由器IP(组),BACKUP只接收VRRP数据,不发送数据,如果一定时间内没有接收到MASTER的通告信息,各BACKUP将宣告自己成为MASTER,发送通告信息,重新进行MASTER选举状态。
192.168.8.100 : VIP(虚拟ip地址)
keepalived安装在两台物理服务器上,并相互监控对方是否在正常运行。
当节点A正常的时候:节点A上的keepalived会将下面的信息广播出去:
192.168.8.100 这个IP对应的MAC地址为节点A网卡的MAC地址
图中的其它电脑如客户端和NodeB会更新自己的ARP表,对应192.168.8.100的MAC地址=节点A网卡的MAC地址。
当节点A发生故障的时候,节点B上的keepalived会检测到,并且将下面的信息广播出去:
192.168.8.100 这个IP对应的MAC地址为节点B网卡的MAC地址
图中的其它电脑如客户端会更新自己的ARP表,对应192.168.8.100的MAC地址=节点B网卡的MAC地址。
四、安装keepalived
下载keeplived:http://www.keepalived.org/software/keepalived-1.2.12.tar.gz
上传keepalived-1.2.12.tar.gz到/usr/local/src目录
cd /usr/local/src
tar zxvf keepalived-1.2.12.tar.gz
cd keepalived-1.2.12
./configure --prefix=/usr/local/keepalived #配置,必须看到以下提示,说明配置正确,才能继续安装
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
Use VRRP Framework : Yes
make #编辑
make install #安装
cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/keepalived
mkdir /etc/keepalived
ln -s /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
chmod +x /etc/rc.d/init.d/keepalived #添加执行权限
chkconfig keepalived on #设置开机启动
service keepalived start #启动
service keepalived stop #关闭
service keepalived restart #重启
五、配置keepalived
cp /usr/local/keepalived/etc/keepalived/keepalived.conf /usr/local/keepalived/etc/keepalived/keepalived.conf-bak
vi /usr/local/keepalived/etc/keepalived/keepalived.conf #编辑,修改为以下代码
#########################################################
#以下为192.168.21.129服务器
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_nginx {
script "/etc/keepalived/check_nginx.sh" #Nginx服务监控脚本
interval 2
weight 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_nginx #监测nginx进程状态
}
virtual_ipaddress {
192.168.21.253
}
notify_master "/etc/keepalived/clean_arp.sh 192.168.21.253" #更新虚拟服务器(VIP)地址的arp记录到网关
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 52
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.21.252
}
notify_master "/etc/keepalived/clean_arp.sh 192.168.21.252" #更新虚拟服务器(VIP)地址的arp记录到网关
}
#########################################################
:wq! #保存退出
#########################################################
#以下为192.168.21.130服务器
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_nginx {
script "/etc/keepalived/check_nginx.sh" #Nginx服务监控脚本
interval 2
weight 2
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_nginx #监测nginx进程状态
}
virtual_ipaddress {
192.168.21.253
}
notify_master "/etc/keepalived/clean_arp.sh 192.168.21.253" #更新虚拟服务器(VIP)地址的arp记录到网关
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.21.252
}
notify_master "/etc/keepalived/clean_arp.sh 192.168.21.252" #更新虚拟服务器(VIP)地址的arp记录到网关
}
#########################################################
:wq! #保存退出
六、设置nginx服务监控脚本
touch /usr/local/keepalived/check_nginx.sh
ln -s /usr/local/keepalived/check_nginx.sh /etc/keepalived/check_nginx.sh
vi /etc/keepalived/check_nginx.sh #编辑,添加以下代码
#########################################################
#!/bin/sh
if [ $(ps -C nginx --no-header | wc -l) -eq 0 ]; then
/etc/rc.d/init.d/nginx start
fi
sleep 2
if [ $(ps -C nginx --no-header | wc -l) -eq 0 ]; then
/etc/rc.d/init.d/keepalived stop
fi
#########################################################
:wq! #保存退出
chmod +x /usr/local/keepalived/check_nginx.sh #添加执行权限
七、设置更新虚拟服务器(VIP)地址的arp记录到网关脚本
touch /usr/local/keepalived/clean_arp.sh
ln -s /usr/local/keepalived/clean_arp.sh /etc/keepalived/clean_arp.sh
vi /etc/keepalived/clean_arp.sh #编辑,添加以下代码
#!/bin/sh
VIP=$1
GATEWAY=192.168.21.2 #网关地址
/sbin/arping -I eth0 -c 5 -s $VIP $GATEWAY &>/dev/null
:wq! #保存退出
chmod +x /usr/local/keepalived/clean_arp.sh #添加脚本执行权限
service nginx restart #重启nginx
service keepalived restart #重启keepalived
