IPVS-DR+Keepalived构建高可用负载均衡集群
Keepalived是使用C语言编写的路由热备软件,改项目软件主要目标是为Linux系统提供简单高效的负载均衡及高可用解决方案.Keepalived由一组检查器根据服务器的健康状况动态地维护和管理服务器池。另外,Keepalived通过VRRP协议实现高可用架构,VRRP是路由灾备的实现基础。
在前面我们看到LVS调用一组服务器提供虚拟服务的强大负载均衡能力。但LVS上网核心是调度器,所有的数据请求都需要经过调度器进行调度器转发。因此,万一调度器发生故障,则整个集群系统将全部崩溃,所以我们需要Keepalived来实现集群系统的高可用性。部署两台或多台LVS调度器,当主调度器发生故障时,Keepalived可以自动将备用调度器升级为主调度器,最终实现整个集群系统的负载、高可用。
VRRP协议
VRRP(Virtual Router Redundancy Protocol)协议是为了静态路由环境下防止单点故障而设计的主从灾备协议,VRRP实现在主设备发生故障时将业务自动切换至从设备。而这一切对用户而言是透明的。VRRP将两台或多台路由设备虚拟成一个设备,对外仅提供一个虚拟的路由IP地址,而多台路由设备同一时刻仅可以有一台设备拥有改虚拟IP地址,改设备就是主路由设备,其他设备为备份设备。主设备会不断地发送自己的状态信息给备份设备,当备份设备收不到主设备的状态信息时,备份设备将根据自身的优先级立刻选举出新的主设备,并提供所有放入业务能力。VRRP协议需要为每个路由设备定义虚拟路由的ID(VRID)以及设备优先级别,所有主备路由的设备的VRID必须一样,所有VRID相同的路由设备组成一个虚拟路由设备组,组内优先级高的路由设备将选举为主路由。虚拟路由设备ID与优先级均为0-255之间的整数,如果优先级相等,则继续对比路由设备的实际IP地址,IP地址越大,优先级越高。
网络结构
注:192.168.3.0段的IP在生产环境中换成公网IP
Keepalived服务两大用途
1、实现负载调度器主机之间的故障转移和自动切换
2、定期检查RS的可用性决定是否给其 分发请求
实施步骤
1、设置所有设备的网卡IP,除了VIP
[root@LVS-Master ~]# ifconfig eth0|grep 'inet addr'
inet addr:192.168.8.253 Bcast:192.168.8.255 Mask:255.255.255.0
[root@LVS-Master ~]# ifconfig eth1|grep 'inet addr'
inet addr:192.168.3.99 Bcast:192.168.3.255 Mask:255.255.255.0
[root@LVS-Slave ~]# ifconfig eth0|grep 'inet addr'
inet addr:192.168.8.254 Bcast:192.168.8.255 Mask:255.255.255.0
[root@LVS-Slave ~]# ifconfig eth1|grep 'inet addr'
inet addr:192.168.3.100 Bcast:192.168.3.255 Mask:255.255.255.0
[root@RS1 ~]# ifconfig eth1|grep 'inet addr'
inet addr:192.168.3.101 Bcast:192.168.3.255 Mask:255.255.255.0
[root@RS2 ~]# ifconfig eth1|grep 'inet addr'
inet addr:192.168.3.102 Bcast:192.168.3.255 Mask:255.255.255.0
2、在RealServer1、RealServer2上安装httpd服务,并测试是否正常,并设置虚拟IP
RealServer1:
[root@RS1 ~]# yum install -y httpd [root@RS1 ~]# echo "RealServer1" >/var/www/html/index.html [root@RS1 ~]# service iptables stop [root@RS1 ~]# service httpd start
# vim /opt/lvs-dr #!/bin/bash VIP=192.168.3.111 /sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up /sbin/route add -host $VIP dev lo:0 echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce #end # chmod u+x /opt/lvs-dr # echo "/opt/lvs-dr" >>/etc/rc.local # /opt/lvs-dr 提示:关闭ARP响应的另外一个办法是修改文件/etc/sysctl.conf,把下面内容添加在文件最后 net.ipv4.conf.lo.arp_ignore = 1 net.ipv4.conf.lo.arp_announce = 2 net.ipv4.conf.all.arp_ignore = 1 net.ipv4.conf.all.arp_announce = 2
RealServer2:
[root@RS2 ~]# yum install -y httpd [root@RS2 ~]# service iptables stop [root@RS2 ~]# echo "RealServer2" >/var/www/html/index.html [root@RS2 ~]# service httpd start
# vim /opt/lvs-dr #!/bin/bash VIP=192.168.3.111 /sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up /sbin/route add -host $VIP dev lo:0 echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce #end # chmod u+x /opt/lvs-dr # echo "/opt/lvs-dr" >>/etc/rc.local # /opt/lvs-dr 提示:关闭ARP响应的另外一个办法是修改文件/etc/sysctl.conf,把下面内容添加在文件最后 net.ipv4.conf.lo.arp_ignore = 1 net.ipv4.conf.lo.arp_announce = 2 net.ipv4.conf.all.arp_ignore = 1 net.ipv4.conf.all.arp_announce = 2
2、在LVS-Master、LVS-Slave两台主机上安装LVS
# yum install -y gcc openssl-devel popt-devel popt-static libnl libnl-devel kernel-devel wget http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.26.tar.gz tar zxf ipvsadm-1.26.tar.gz cd ipvsadm-1.26 make make install
3、在LVS-Master、LVS-Slave两台主机上安装Keepalived服务
wget http://www.keepalived.org/software/keepalived-1.2.7.tar.gz tar zxf keepalived-1.2.7.tar.gz cd keepalived-1.2.7 ./configure --with-kernel-dir=/usr/src/kernels/2.6.32-504.30.3.el6.i686 make && make install ln -s /usr/local/etc/keepalived/ /etc/ ln -s /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/ ln -s /usr/local/etc/sysconfig/keepalived /etc/sysconfig/ ln -s /usr/local/sbin/keepalived /usr/bin/
4、编辑LVS-Master\LVS-Slaver主机的keepalived主配置文件
# cd /etc/keepalived/
# cp keepalived.conf keepalived.conf.bak #修改配置文件前备份文件
# vim keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
heboan@qq.com //定义邮件列表,当主从出现故障切换时,会发送邮件给邮件列表中的所有人
}
notification_email_from root@localhost //定义邮件发送者
smtp_server 127.0.0.1 //设置邮件服务器IP地址
smtp_connect_timeout 30
router_id LVS_1 //本服务器的名称(LVS-Slave设置为router_id LVS_1)
}
vrrp_instance LVS_HA { //定义VRRP热备实例
state MASTER //热备状态,MASTAER表示主服务器(LVS-Slave设置为state SLAVE)
interface eth1 //承载VIP地址的物理接口
virtual_router_id 60 //虚拟路由器的ID号,每个热备组保持一致
priority 100 //优先级,数值越大优先级越高(LVS-Slave设置为priority 50)
advert_int 1 //通告间隔描述(心跳频率)
authentication { //认证信息,每个热备组保持一致
auth_type PASS //认证类型
auth_pass 1111 //密码字串
}
virtual_ipaddress { //指定漂移地址(VIP),可以有多个
192.168.3.111
}
}
###############################################################################################
以上配置已经完成了VIP漂移的功能,即启动keepalived服务后,主调度器(LVS-Master)会被自动配置VIP:192.168.3.111,当主调度器出现故障,从调度器(LVS-Slave)会接管VIP,下面我们测试:
# service keepalived start #主从调度器启动Keepalived服务
[root@LVS-Master ~]# ip addr|grep 3.111
inet 192.168.3.111/32 scope global eth1 #主调度器已经配置VIP
[root@LVS-Slave ~]# ip addr|grep 3.111
现在关闭LVS-Master主机上的Keepalived服务,模拟主调度器故障
[root@LVS-Master ~]# service keepalived stop
[root@LVS-Master ~]# ip addr|grep 3.111
[root@LVS-Slave ~]# ip addr|grep 3.111 #可以看出VIP已经成功被从调度器接管
inet 192.168.3.111/32 scope global eth1
然后开启LVS-Master主机上的Keepalived服务,模拟主调度器恢复
# service keepalived start
[root@LVS-Master ~]# ip addr|grep 3.111
inet 192.168.3.111/32 scope global eth1 #主调度器已重新接管VIP
[root@LVS-Slave ~]# ip addr|grep 3.111
###############################################################################################
下面,我们继续在keepalived.conf加入以下内容,实现添加真实服务器以及健康检查
virtual_server 192.168.3.111 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.3.101 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
real_server 192.168.3.102 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
1、重启keepalived服务
2、注意配置文件中“{”前面一定要有空格
5、测试
查看主调度器是否添加成功
查看主调度器 [root@LVS-Master ~]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.3.111:80 rr persistent 50 -> 192.168.3.101:80 Route 1 0 0 -> 192.168.3.102:80 Route 1 0 1 查看从调度器 [root@LVS-Slave ~]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.3.111:80 rr persistent 50 -> 192.168.3.101:80 Route 1 0 0 -> 192.168.3.102:80 Route 1 0 0
从客户端浏览器访问192.168.3.111
[root@LVS-Master ~]# ipvsadm -Lnc IPVS connection entries pro expire state source virtual destination TCP 01:30 FIN_WAIT 192.168.3.254:50409 192.168.3.111:80 192.168.3.101:80 TCP 01:45 FIN_WAIT 192.168.3.254:50408 192.168.3.111:80 192.168.3.101:80 TCP 00:20 NONE 192.168.3.254:0 192.168.3.111:80 192.168.3.101:80 [root@LVS-Slave ~]# ipvsadm -Lnc IPVS connection entries pro expire state source virtual destination
关闭realserver1的httpd服务,再次访问(模拟节点服务器故障)
[root@LVS-Master ~]# ipvsadm -Lnc IPVS connection entries pro expire state source virtual destination TCP 01:07 FIN_WAIT 192.168.3.254:50438 192.168.3.111:80 192.168.3.102:80 TCP 01:07 FIN_WAIT 192.168.3.254:50441 192.168.3.111:80 192.168.3.102:80 TCP 01:24 FIN_WAIT 192.168.3.254:50442 192.168.3.111:80 192.168.3.102:80 [root@LVS-Slave ~]# ipvsadm -Lnc IPVS connection entries pro expire state source virtual destination [root@LVS-Master ~]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.3.111:80 rr persistent 50 -> 192.168.3.102:80 Route 1 0 0 可以看出节点服务器realserver1已经被踢出去了
关闭主调度的keepalived服务,再次访问(模拟调度器故障)
[root@LVS-Master ~]# ipvsadm -Lnc IPVS connection entries pro expire state source virtual destination [root@LVS-Slave ~]# ipvsadm -Lnc IPVS connection entries pro expire state source virtual destination TCP 00:47 NONE 192.168.3.254:0 192.168.3.111:80 192.168.3.102:80 TCP 01:57 FIN_WAIT 192.168.3.254:50509 192.168.3.111:80 192.168.3.102:80 TCP 14:58 ESTABLISHED 192.168.3.254:50510 192.168.3.111:80 192.168.3.102:80
每天进步一点,加油!
