一、Keepalived介绍
通常使用keepalived技术配合LVS对director和存储进行双机热备,防止单点故障,keepalived专为LVS和HA设计的一款健康检查工具,但演变为后来不仅仅为LVS提供方案,Keepaliced支持故障自动切换(Failover),支持节点健康状态检查(Health Checking),官方网站http://www.keepalived.org/
Keepalived采用VRRP的热备份协议实现Linux服务器的多机热备功能,VRRP,虚拟路由冗余协议,是针对路由器一种备份解决方案,由多台路由器组成一个人热备组,通过共用的虚拟IP地址对外提供服务,每个热备组内同一时刻只有一台主路由器提供服务,其他路由器处于冗余状态,若当前在线的路由器失效,则其他路由器会根据设置的优先级自动接替虚拟IP地址,继续提供服务。
如图所示,Keepalived可实现多机热备,每个热备组可有多台服务器,最常用的就是双机热备,双机热备的故障切换时由虚拟IP地址的漂移来实现,适用于各种应用服务器。
二、配置举例
案例介绍:
本案例将实现基于Web服务的双机热备,漂移地址:192.168.10.72,主、备服务器:192.168.10.73、192.168.10.74,提供的应用服务:Web
(一)配置Keepalived服务器(主-从配置一样)
1、安装keepalived软件
1 [root@localhost ~]# yum -y install kernel-devel openssl-devel popt-devel #依赖包 2 [root@localhost ~]# tar -zxvf keepalived-1.2.13.tar.gz -C /usr/src/ 3 [root@localhost ~]# cd /usr/src/keepalived-1.2.13/ 4 [root@localhost keepalived-1.2.13]# ./configure --prefix=/ --with-kerneldir=/usr/src/kernels/2.6.32-431.el6.x86_64(指定内核位置) 5 [root@localhost keepalived-1.2.13]# make && make install 6 [root@localhost ~]# /etc/init.d/keepalived start 7 [root@localhost ~]# netstat -anp | grep keepalived 8 [root@localhost ~]# chkconfig --add keepalived 9 [root@localhost ~]# chkconfig keepalived on
2、主服务器配置
1 [root@localhost ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak 2 [root@localhost ~]# vim /etc/keepalived/keepalived.conf(和别的配置文件不同,它是以!作为注释标记) 3 修改: 4 global_defs { 5 router_id Web_HA1 !服务器名称 6 } 7 vrrp_instance VI_1 { !定义VRRP热备实例 8 state MASTER !热备状态,从服务器用slave 9 interface eth0 !承载vip的物理接口 10 virtual_router_id 51 !路由器的id号,同一个热备组里的id要一样 11 priority 100 !优先级,100是最高 12 advert_int 1 !心跳频率,就是几秒联系一下热备组的其他机器,没心跳了就挂掉了 13 authentication { 14 auth_type PASS !认证类型 15 auth_pass 1111 !密码是1111 16 } 17 virtual_ipaddress { !漂移ip地址(就是vip),可以有多个 18 192.168.10.72 19 } 20 } 21 注:配置文件中virtual_server段是配置director相关的参数,我们这个实验只考虑单一web服务,不需要配置,可以往下都删掉 22 [root@localhost ~]# service keepalived restart 23 [root@localhost ~]# ip add show dev eth0 #可以看到虚拟ip地址vip
3、从服务器配置
1 [root@localhost ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf_bak 2 [root@localhost ~]# vim /etc/keepalived/keepalived.conf 3 修改: 4 global_defs { 5 router_id WEB_HA2 6 } 7 vrrp_instance VI_1 { 8 state BACKUP 9 priority 99 10 ...... 11 } 12 ---其他参数与主服务器保持一致---- 13 } 14 [root@localhost ~]# service keepalived restart 15 [root@localhost ~]# ip add show dev eth0 #从服务器没有虚拟ip地址
(二)验证:可以使用ping命令也可以使用web服务,当断掉主服务器的网络时,可以查看从服务器的虚拟ip,会发现从服务器有192.168.10.72这个漂移地址了
[root@localhost ~]# tail -f /var/log/messages #查看日志验证
三、LVS-DR+keepalived高可用群集
在基于LVS+Keepalived实现的LVS群集结构中,至少包括两台热备的负载调度器,两台以上的节点服务器。本案例将以DR模式的LVS群集为基础,增加一台从负载调度器,使用Keepalived来实现主、从调度器的热备,从而构建兼有负载均衡、高可用两种能力的LVS网站群集平台。
配置方法先配置LVS-DR群集,再配置keepalived双机热备。
在配置LVS时,主从调度器的虚拟ip要配置成网卡ip,而在keepalived配置文件中设置vip
[root@localhost ~]# ipvsadm -A -t 192.168.10.73:80 -s rr #添加虚拟director的vip地址,轮询的调度算法 [root@localhost ~]# ipvsadm -A -t 192.168.10.74:80 -s rr #添加虚拟director的vip地址,轮询的调度算法 virtual_ipaddress { !漂移ip地址(就是vip),可以有多个 192.168.10.72
在测试时,可通过主、从调度器的/var/log/messages 日志文件,可以跟踪故障切换过程,可执行ipvsadm -lnc等命令查看负载分配情况
四、LVS-NAT+keepalived高可用群集
由于nat模式director的VIP就是外网IP,因此主director宕机后,从director也能发出数据
1 一、配置LVS服务器(主-从两台) 2 1、配置IP 3 [root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0 4 [root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth1 5 [root@localhost ~]# service network restart 6 2、调整响应参数(主-从配置一样) 7 [root@localhost ~]# vim /etc/sysctl.conf 8 修改: 9 net.ipv4.ip_forward = 1 10 添加: 11 net.ipv4.conf.all.send_redirects = 0 12 net.ipv4.conf.default.send_redirects = 0 13 net.ipv4.conf.eth0.send_redirects = 0 14 [root@localhost ~]# sysctl -p 15 3、安装并配置ipvsadm(主-从配置一样) 16 [root@localhost ~]# rpm -ihv /mnt/Packages/ipvsadm-1.26-2.el6.x86_64.rpm 17 [root@localhost ~]# service ipvsadm start 18 [root@localhost ~]# chkconfig --add ipvsadm 19 [root@localhost ~]# chkconfig ipvsadm on 20 21 二、配置Keepalived服务器 22 4、安装keepalived软件(主-从配置一样) 23 [root@localhost ~]# yum -y install kernel-devel openssl-devel popt-devel 24 [root@localhost ~]# tar -zxvf keepalived-1.2.13.tar.gz -C /usr/src/ 25 [root@localhost ~]# cd /usr/src/keepalived-1.2.13/ 26 [root@localhost keepalived-1.2.13]# ./configure --prefix=/ --with-kernel-dir=/usr/src/kernels/2.6.32- 27 431.el6.x86_64 28 [root@localhost keepalived-1.2.13]# make && make install 29 [root@localhost ~]# /etc/init.d/keepalived start 30 [root@localhost ~]# netstat -anp | grep keepalived 31 [root@localhost ~]# chkconfig --add keepalived 32 [root@localhost ~]# chkconfig keepalived on 33 4.1、主服务器配置 34 [root@localhost ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf_bak 35 [root@localhost ~]# vim /etc/keepalived/keepalived.conf 36 修改: 37 global_defs { 38 router_id LVS_DEVEL_R1 39 } 40 vrrp_instance VI_1 { 41 state MASTER 42 interface eth0 43 virtual_router_id 1 44 priority 100 45 advert_int 1 46 authentication { 47 auth_type PASS 48 auth_pass 1111 49 } 50 virtual_ipaddress { 51 192.168.10.72 52 } 53 } 54 vrrp_instance VI_1 { 55 state MASTER 56 interface eth1 57 virtual_router_id 1 58 priority 100 59 advert_int 1 60 authentication { 61 auth_type PASS 62 auth_pass 1111 63 } 64 virtual_ipaddress { 65 192.168.1.1 66 } 67 } 68 virtual_server 192.168.10.72 80 { 69 delay_loop 15 70 lb_algo rr 71 lb_kind NAT 72 protocol TCP 73 real_server 192.168.10.73 80 { 74 weight 1 75 TCP_CHECK { 76 connect_port 80 77 connect_timeout 3 78 nb_get_retry 3 79 delay_before_retry 4 80 } 81 } 82 real_server 192.168.10.74 80 { 83 weight 1 84 TCP_CHECK { 85 connect_port 80 86 connect_timeout 3 87 nb_get_retry 3 88 delay_before_retry 4 89 } 90 } 91 } 92 [root@localhost ~]# service keepalived restart 93 [root@localhost ~]# ip add show dev eth0 94 4.2、从服务器配置 95 [root@localhost ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf_bak 96 [root@localhost ~]# vim /etc/keepalived/keepalived.conf 97 修改: 98 global_defs { 99 router_id LVS_DEVEL_R2 100 } 101 vrrp_instance VI_1 { 102 state BACKUP 103 priority 99 104 ...... 105 ---其他参数与主服务器保持一致---- 106 } 107 [root@localhost ~]# service keepalived restart 108 [root@localhost ~]# ip add show dev eth0 109 110 三、配置WEB节点服务器 111 1、配置IP地址 112 1)设置IP 113 [root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0 114 2、配置http服务 115 WEB-1: 116 [root@localhost ~]# echo "welcome to 192.168.10.73 web server" > /var/www/html/index.html 117 [root@localhost ~]# service httpd restart 118 [root@localhost ~]# chkconfig --add httpd 119 [root@localhost ~]# chkconfig httpd on 120 WEB-2: 121 [root@localhost ~]# echo "welcome to 192.168.10.74 web server" > /var/www/html/index.html 122 [root@localhost ~]# service httpd restart 123 [root@localhost ~]# chkconfig --add httpd 124 [root@localhost ~]# chkconfig httpd on 125 三、验证: 126 一)使用ping命令 127 客户端:ping -t 192.168.10.72 128 断开主LVS的网卡,查看客户端的ping情况。 129 重启主LVS的网卡,查看客户端的ping情况。 130 二)客户端 131 1、访问: 132 http://192.168.10.72/ 133 在主LVS上查看: 134 [root@localhost ~]# ipvsadm -Lnc 135 2、断开主LVS的网卡 136 客户端访问:http://192.168.10.72/ 137 在主-从LVS上查看: 138 [root@localhost ~]# ipvsadm -Lnc 139 在主-从LVS上查看: 140 [root@localhost ~]# ip addr show dev eth0 141 3、重启主LVS的网卡 142 客户端访问:http://192.168.10.72/ 143 在主-从LVS上查看: 144 [root@localhost ~]# ipvsadm -Lnc 145 在主-从LVS上查看: 146 [root@localhost ~]# ip addr show dev eth0