工作原理
因爲Lvs解決不了單點故障, Keepalived基於VRRP協議來實現高可用解決方案,利用其避免單點故障,通常這個解決方案中,至少有2臺服務器運行Keepalived,即一臺爲MASTER,另一臺爲BACKUP,但對外表現爲一個虛擬IP,MASTER會發送特定消息給BACKUP,當BACKUP收不到該消息時,則認爲MASTER故障了,BACKUP會接管虛擬IP,繼續提供服務,而且keepalived自帶健康檢查,如果某臺web服務器故障,Keepalived將檢測到並將其從系統中剔除,當該web服務器工作正常後Keepalived自動將其加入到服務器羣中,這些工作全部自動完成,而不需要人工干預,只需要人工修復故障的web服務器即可,從而保證了高可用性
環境搭建
server2:172.25.7.2 #安裝keepalived,ipvsadm 作爲主要調度器(MASTER)
server3:172.25.7.5 #安裝keepalived,ipvsadm 作爲備份調度器(BACKUP)
server4:172.25.7.3 #安裝httpd,arptables_jf 作爲後端服務器
server5:172.25.7.4 #安裝httpd,arptables_jf 作爲後端服務器
虛擬ip(VIP):172.25.7.100主調度器server2配置
keepalived安裝
keepalived官方下載地址:www.keepalived.org
目前最新版本爲keepalived-1.3.7,本次實驗下載的是keepalived-1.3.5版本的壓縮包:
切換到解壓後的安裝目錄進行預編譯動作,指定安裝目錄,配置需要的參數:
預編譯過程中如果出現以下報錯,表示沒有安裝gcc
安裝gcc即可:yum install gcc -y
如果沒有安裝openssl-devel,則會出現以下報錯:
利用yum安裝即可:yum install openssl-devel -y
預安裝好以後,出現下圖提示內容,在IPVS Framework和VRRP後都是Yes,說明keepalived支持IPVS和VRRP協議,如果不是,則需要重新進行預編譯:
接下來就可以進行編譯動作了:make
最後進行編譯安裝就可完成keepalived的安裝:make install
先給/usr/local/keepalived/etc/rc.d/init.d/keepalived啓動腳本執行權限:
chmod +x /usr/local/keepalived/etc/rc.d/init.d/keepalived設置軟鏈接,方便使用:
ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/ #將啓動腳本鏈接到/etc/init.d/下
ln -s /usr/local/keepalived/etc/keepalived/ /etc/ #將配置文件目錄鏈接到/etc目錄下
ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/ #將全局文件鏈接到/etc/sysconfig/目錄下
ln -s /usr/local/keepalived/sbin/keepalived /sbin/
主調度器server2還需下載:ipvsadm,直接用yum下載即可,yum源配置在上一篇有講到,這裏就不貼圖了:
yum install ipvsadm -y編輯keepalived配置文件: vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@local
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER #主調度器
interface eth0
virtual_router_id 51
priority 100 #優先級
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.7.100 #虛擬ip
}
}
virtual_server 172.25.7.100 80 { #虛擬ip即端口
delay_loop 6
lb_algo rr #負載均衡爲輪詢模式
lb_kind DR #lvs負載均衡模式爲DR模式
protocol TCP
real_server 172.25.7.3 80 { #後端服務器ip及端口
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.25.7.4 80 { #後端服務器ip及端口
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}*注意格式,如果格式錯誤,系統是不會報錯的,尤其是大括號{}前後得對應
vrrp_strict 這一行如果不註釋掉,在重啓keepalived後,即使關掉防火牆,防火牆(iptables)也會自動設置策略,客戶端就會訪問不到後端服務器的內容:
[root@server2 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere 172.25.7.100
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination 註釋以後重啓:/etc/init.d/keepalived restart
關閉防火牆:
iptables -F
/etc/init.d/iptables stopserver5備份調度器配置:
將server2上的keepalived目錄拷貝到server5即可:
[root@server2 ~]# scp -r /usr/local/keepalived/ [email protected]:/usr/local/
設置軟鏈接:
ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
ln -s /usr/local/keepalived/etc/keepalived/ /etc/
ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
ln -s /usr/local/keepalived/sbin/keepalived /sbin/
將server2上keepalived的配置文件也拷貝到server5上:
[root@server2 ~]# scp /etc/keepalived/keepalived.conf [email protected]:/etc/keepalived/配置文件只需要修改2處即可:
state MASTER 修改爲 state BACKUP
priority 100 修改爲 priority 90下載ipvsadm:
yum install ipvsadm -y啓動keepalived:/etc/init.d/keepalived start
關閉防火牆:
iptables -F
/etc/init.d/iptables stop調度器端配置完成
後端服務器server3配置:
下載httpd:
yum install httpd -y新建並編輯默認發佈文件內容:
echo "<h1>server3-HK</h1>" > /var/www/html/index.html
/etc/init.d/httpd start #啓動httpd綁定VIP:
ip addr add 172.25.7.100 dev eth0下載arptables_jf
yum install arptables_jf設置arptables策略:
arptables -A IN -d 172.25.7.100 -j DROP #屏蔽虛擬ip
arptables -A OUT -s 172.25.7.100 -j mangle --mangle-ip-s 172.25.7.3
service arptables_jf save #保存策略
/etc/init.d/arptables_jf start #啓動arptables_jf關閉防火牆:
iptables -F
/etc/init.d/iptables stop後端服務器server4配置:
下載httpd:
yum install httpd -y新建並編輯默認發佈文件內容:
echo "<h1>server4-HK</h1>" > /var/www/html/index.html
/etc/init.d/httpd start #啓動httpd綁定VIP:
ip addr add 172.25.7.100 dev eth0下載arptables_jf
yum install arptables_jf設置arptables策略:
arptables -A IN -d 172.25.7.100 -j DROP #屏蔽虛擬ip
arptables -A OUT -s 172.25.7.100 -j mangle --mangle-ip-s 172.25.7.4
service arptables_jf save #保存策略
/etc/init.d/arptables_jf start #啓動arptables_jf關閉防火牆:
iptables -F
/etc/init.d/iptables stop測試
客戶端訪問虛擬ip:
[kiosk@hguan07 Desktop]$ for i in {1..10}; do curl 172.25.7.100 ; done
<h1>server4-HK</h1>
<h1>server3-HK</h1>
<h1>server4-HK</h1>
<h1>server3-HK</h1>
<h1>server4-HK</h1>
<h1>server3-HK</h1>
<h1>server4-HK</h1>
<h1>server3-HK</h1>
<h1>server4-HK</h1>
<h1>server3-HK</h1>
如果配置沒錯,虛擬ip現在在MASTER也就時是server2上:
測試當server2掛掉,server5能否接管:
/etc/init.d/keepalived stop #停止server2上的keepalived在客戶端查看服務,沒有問題,說明server5已經成功接管:
[kiosk@hguan07 Desktop]$ for i in {1..6}; do curl 172.25.7.100 ; done
<h1>server4-HK</h1>
<h1>server3-HK</h1>
<h1>server4-HK</h1>
<h1>server3-HK</h1>
<h1>server4-HK</h1>
<h1>server3-HK</h1>
在server5查看虛擬ip,已經到server5上:
重啓server2上的keepalived,虛擬ip又會回切到server2上,因爲server2優先級比server5上的keepalived高:
將server3上的httpd停止後,客戶端查看,只顯示server4上的信息,然後報錯,接着就將故障的server3踢出去了:
[kiosk@hguan07 Desktop]$ for i in {1..6}; do curl 172.25.7.100 ; done
curl: (7) Failed connect to 172.25.7.100:80; Connection refused
<h1>server4-HK</h1>
curl: (7) Failed connect to 172.25.7.100:80; Connection refused
<h1>server4-HK</h1>
curl: (7) Failed connect to 172.25.7.100:80; Connection refused
<h1>server4-HK</h1>
[kiosk@hguan07 Desktop]$ for i in {1..6}; do curl 172.25.7.100 ; done
<h1>server4-HK</h1>
<h1>server4-HK</h1>
<h1>server4-HK</h1>
<h1>server4-HK</h1>
<h1>server4-HK</h1>
<h1>server4-HK</h1>
重啓server3上的httpd:/etc/init.d/httpd restart 客戶端再繼續查看,server3重新加入服務器羣:
[kiosk@hguan07 Desktop]$ for i in {1..6}; do curl 172.25.7.100 ; done
<h1>server3-HK</h1>
<h1>server4-HK</h1>
<h1>server3-HK</h1>
<h1>server4-HK</h1>
<h1>server3-HK</h1>
<h1>server4-HK</h1>添加lftp服務:
調度器端配置:
server2上編輯keepalived配置文件:vim /etc/keepalived/keepalived.conf 添加以下內容,將lftp服務添加進去:
virtual_server 172.25.7.100 21 { #lftp服務端口爲21
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50 #持續連接時間爲50s
protocol TCP
real_server 172.25.7.3 21 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.25.7.4 21 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}然後重啓keepalived:/etc/init.d/keepalived restart
server5做同樣的操作
後端服務器配置:
server3和server4都下載vsftpd,提供lftp服務:
yum install vsftpd -yserver3上在/var/ftp/pub/目錄下創建文件:
touch /var/ftp/pub/server3server4上在/var/ftp/pub/目錄下創建文件:
touch /var/ftp/pub/server4server3和server4都啓動vsftpd服務:/etc/init.d/vsftpd start
在調度器端查看:
[root@server2 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.7.100:21 rr persistent 50
-> 172.25.7.3:21 Route 1 0 0
-> 172.25.7.4:21 Route 1 0 0
TCP 172.25.7.100:80 rr
-> 172.25.7.3:80 Route 1 0 0
-> 172.25.7.4:80 Route 1 0 0
在服務端測試:
[kiosk@hguan07 Desktop]$ lftp 172.25.7.100
lftp 172.25.7.100:~> ls
drwxr-xr-x 2 0 0 4096 Oct 04 15:19 pub
lftp 172.25.7.100:/> cd pub/
lftp 172.25.7.100:/pub> ls
-rw-r--r-- 1 0 0 0 Oct 04 15:19 server4
lftp 172.25.7.100:/pub>
因爲是持續連接,所以需到等到設定的時間結束,或者重新在另一個客戶端再訪問虛擬ip,才能夠看到輪詢效果
停止server4上的vsftpd服務,也可看到server3上的服務:
/etc/init.d/vsftpd stop
[kiosk@hguan07 Desktop]$ lftp 172.25.7.100
lftp 172.25.7.100:~> ls
drwxr-xr-x 2 0 0 4096 Oct 04 15:19 pub
lftp 172.25.7.100:/> cd pub/
lftp 172.25.7.100:/pub> ls
-rw-r--r-- 1 0 0 0 Oct 04 15:19 server3
lftp 172.25.7.100:/pub> 關於Lvs+keepalived的整理暫時就這些,如有錯誤,望大家指正