keepalived双主模式高可用工作于NAT模型下的ipvs

原创

xuyilin2010 2014-09-23 06:31:08 ©著作权

文章标签 模型应用程序拓扑图 target blank 文章分类 服务器

©著作权归作者所有：来自51CTO博客作者xuyilin2010的原创作品，请联系作者获取转载授权，否则将追究法律责任

一、Keepalived简介

ipvs提供高可用性，能够生成ipvs规则；也可以使用脚本来帮助高可用其他应用程序，没有heartbeart重量级；主要用在高可用ipvs，及一些反向代理应用程序

。

1.拓扑图

说明：1.两个代理服务器通过VIP向外提供数据

2.两个代理服务器都可以代理后端的服务器

3.为测试方便，后端服务器至提供静态页面

2.ip规划

3.安装配置haproxy

关于haproxy的详细配置，

[root@node1 ~]# cat /etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main *:80
default_backend static
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend static
balance roundrobin
server node2 192.168.1.202:80 check maxconn 2000
server node3 192.168.1.203:80 check maxconn 2000
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------

说明：两个节点的HAproxy的配置文件应该保持一样

4.测试haproxy的配置

5.安装配置keepalived

①、安装keepalived

keepalived的安装可以通过yum源来安装，也可以通过编译源码来安装，本处通过yum源赖安装

②、配置keepalived主节点

[root@node1 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs { //全局参数
notification_email { //邮件
sysadmin@firewall.loc //收件人地址
}
notification_email_from Alexandre.Cassen@firewall.loc //发件人地址
smtp_server 127.0.0.1 //邮件服务器的地址
smtp_connect_timeout 30 //间隔时间
router_id LVS_DEVEL //邮件服务器的组的id
}
vrrp_script chk_haproxy {
script "killall -0 haproxy" //检查haproxy是否在线
interval 1 //检查间隔时间
weight -5 //如果检查失败，则权重-5
}
vrrp_instance VI_1 { //定义第一个集群
state MASTER //初始状态为主节点，从节点应该为BACKUP
interface eth0 //配置ip的端口
virtual_router_id 51 //本组集群的id号，主从节点必须一样
priority 100 //主节点的优先级，备用节点的优先级必须低于主节点
advert_int 1 //心跳检查间隔时间
authentication {
auth_type PASS //通信为明文密码通信
auth_pass 1111 //通信的密码，主从节点必须一样
}
virtual_ipaddress {
192.168.1.99 //定义一个VIP
}
track_script { //调用上面的命令
chk_haproxy
}
}

③、配置keepalived从节点

[root@node4 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 1
weight -5
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.99
}
track_script {
chk_haproxy
}
}
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:56:78:cd brd ff:ff:ff:ff:ff:ff
inet 192.168.1.204/24 brd 192.168.1.255 scope global eth0
inet 192.168.1.99/32 scope global eth0
inet6 fe80::20c:29ff:fe56:78cd/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever

可以看到ip地址已经配置上去了

我们可以看到网页访问正常

下面，我们模拟服务器损坏，将node1上的haproxy关掉，看看ip地址是否会转移到node4上

[root@node4 ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:56:78:cd brd ff:ff:ff:ff:ff:ff
inet 192.168.1.204/24 brd 192.168.1.255 scope global eth0
inet 192.168.1.99/32 scope global eth0
inet6 fe80::20c:29ff:fe56:78cd/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever

查看网页是否能够访问正常

OK！！可以看到我们的页面访问正常，这就可以实现当前段的一个反向代理服务器宕机或者后端的一个web服务宕机，服务都可以正常对外提供

7.扩展

我们还可以自定义通知机制

#!/bin/bash
# Author: zero<zero1@163.com>
# description: An example of notify script
#
vip=192.168.1.99
contact='root@localhost'
notify() {
mailsubject="`hostname` to be $1: $vip floating"
mailbody="`date '+%F %H:%M:%S'`: vrrp transition, `hostname` changed to be $1"
echo $mailbody | mail -s "$mailsubject" $contact
}
case "$1" in
master)
notify master
exit 0
;;
backup)
notify backup
exit 0
;;
fault)
notify fault
exit 0
;;
*)
echo 'Usage: `basename $0` {master|backup|fault}'
exit 1
;;
esac