环境:
| IP | OS | packages |
|---|---|---|
| 主LVS:192.168.100.10 VIP:192.168.100.111 |
centos7 | ipvsadm+keepalived |
| 备LVS:192.168.100.11 VIP:192.168.100.111 |
centos7 | ipvsadm+keepalived |
| 192.168.100.20 | centos7 | httpd |
| 192.168.100.30 | centos7 | httpd |
keepalived是一个类似于layer3, 4 & 5交换机制的软件,也就是我们平时说的第3层、第4层和第5层交换。Keepalived是自动完成,不需人工干涉。
Keepalived的作用是检测服务器的状态,如果有一台web服务器宕机,或工作出现故障,Keepalived将检测到,并将有故障的服务器从系统中剔除,同时使用其他服务器代替该服务器的工作,当服务器工作正常后Keepalived自动将服务器加入到服务器群中,这些工作全部自动完成,不需要人工干涉,需要人工做的只是修复故障的服务器。
工作原理
Layer3,4,5工作在IP/TCP协议栈的IP层,TCP层,及应用层,原理分别如下:
Layer3:Keepalived使用Layer3的方式工作式时,Keepalived会定期向服务器群中的服务器发送一个ICMP的数据包(既我们平时用的Ping程序),如果发现某台服务的IP地址没有激活,Keepalived便报告这台服务器失效,并将它从服务器群中剔除,这种情况的典型例子是某台服务器被非法关机。Layer3的方式是以服务器的IP地址是否有效作为服务器工作正常与否的标准。
Layer4:如果您理解了Layer3的方式,Layer4就容易了。Layer4主要以TCP端口的状态来决定服务器工作正常与否。如web server的服务端口一般是80,如果Keepalived检测到80端口没有启动,则Keepalived将把这台服务器从服务器群中剔除。
Layer5:Layer5对指定的URL执行HTTP GET。然后使用MD5算法对HTTP GET结果进行求和。如果这个总数与预期值不符,那么测试是错误的,服务器将从服务器池中移除。该模块对同一服务实施多URL获取检查。如果您使用承载多个应用程序服务器的服务器,则此功能很有用。此功能使您能够检查应用程序服务器是否正常工作。MD5摘要是使用genhash实用程序(包含在keepalived软件包中)生成的。
SSL_GET与HTTP_GET相同,但使用SSL连接到远程Web服务器。
MISC_CHECK:此检查允许用户定义的脚本作为运行状况检查程序运行。结果必须是0或1.该脚本在导演盒上运行,这是测试内部应用程序的理想方式。可以使用完整路径(即/path_to_script/script.sh)调用可以不带参数运行的脚本。那些需要参数的需要用双引号括起来(即“/path_to_script/script.sh arg 1 … arg n”)
OSI 7层简易介绍
keepalived安装配置
[root@balancer ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
[root@balancer ~]# yum install keepalived ipvsadm -y
[root@balancer ~]# cd /etc/keepalived/
备份下配置文件
[root@balancer keepalived]# cp keepalived.conf keepalived.conf.bak
[root@balancer keepalived]# vim keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email { #邮箱信息
root@localhost
}
notification_email_from root@localhost
smtp_server localhost
smtp_connect_timeout 30
router_id balancer
}
vrrp_instance web { #定义一个实例,一个集群就是一个实例。 默认VI_1 可以随意改
state MASTER #指定 A 节点为主节点 备用节点上设置为 BACKUP 即可
interface ens37 #绑定虚拟 IP 的网络接口
virtual_router_id 51 #VRRP 组名,两个节点的设置必须一样,以指明各个节点属于同一 VRRP 组
priority 100 #主节点的优先级(1-254 之间),备用节点必须比主节点优先级低
advert_int 1 #组播信息发送间隔,两个节点设置必须一样
authentication { #设置验证信息,两个节点必须一致
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.100.111 #指定虚拟 IP, 两个节点设置必须一样
}
}
virtual_server 192.168.100.111 80 { #对虚拟IP添加LVS相关内容
delay_loop 6 #Keepalived 多长时间监测一次 RS
lb_algo rr #分发算法
lb_kind DR #DR 模式
protocol TCP
real_server 192.168.100.20 80 { #配置服务节点 1,需要指定 realserver 的真实 IP 地址和端口,IP不端口之间用空格隔开
weight 1 #配置服务节点的权值,权值大小用数字表示,数字越大,权值越高,设置权值大小可以为不同性能的服务器
TCP_CHECK {
connect_timeout 3 #表示 3 秒无响应超时
nb_get_retry 3 #表示重试次数
delay_before_retry 3 #表示重试间隔
connect_port 80 #检测端口
}
}
real_server 192.168.100.30 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
[root@balancer keepalived]# systemctl restart keepalived
[root@balancer keepalived]# ip a
可以看到配置的192.168.100.111的ip地址
ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:1d:c7:7b brd ff:ff:ff:ff:ff:ff
inet 192.168.100.10/24 brd 192.168.100.255 scope global ens37
valid_lft forever preferred_lft forever
inet 192.168.100.111/32 scope global ens37
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe1d:c77b/64 scope link
valid_lft forever preferred_lft forever
------------------------------------
配置从节点
[root@slave ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
[root@slave ~]# yum install keepalived ipvsadm -y
[root@balancer ~]# scp /etc/keepalived/keepalived.conf 192.168.100.11:/etc/keepalived/
[email protected]'s password:
keepalived.conf 100% 888 0.9KB/s 00:00
[root@slave ~]# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from root@localhost
smtp_server localhost
smtp_connect_timeout 30
router_id slave #router_id不能能相同
}
vrrp_instance web {
state BACKUP #backup
interface eno16777736 #网卡根据自己实际情况
virtual_router_id 51
priority 90 #这里优先级不能一样
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.100.111
}
}
virtual_server 192.168.100.111 80 {
delay_loop 6
lb_algo rr
lb_kind DR
protocol TCP
real_server 192.168.100.20 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.100.30 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
Server配置
[root@server1 ~]# yum install httpd -y
[root@server1 ~]# echo "server1" >> /var/www/html/index.html
[root@server1 ~]# systemctl start httpd
[root@server1 ~]# vim /etc/init.d/lvsdr
[root@server1 ~]# chmod +x /etc/init.d/lvsdr
#!/bin/bash
#description:start relserver
VIP=192.168.100.111
source /etc/init.d/functions
case $1 in
start)
echo 'start LVS of Realserver DR'
/sbin/ifconfig lo:1 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add -host $VIP dev lo:1
echo '1' > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo '2' > /proc/sys/net/ipv4/conf/lo/arp_announce
echo '1' > /proc/sys/net/ipv4/conf/all/arp_ignore
echo '2' > /proc/sys/net/ipv4/conf/all/arp_announce
;;
stop)
/sbin/ifconfig lo:1 down
echo 'Close LVS of Realserver DR'
echo '0' > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo '0' > /proc/sys/net/ipv4/conf/lo/arp_announce
echo '0' > /proc/sys/net/ipv4/conf/all/arp_ignore
echo '0' > /proc/sys/net/ipv4/conf/all/arp_announce
;;
*)
echo "Usage:$0 (start|stop)"
exit 1
esac
[root@server1 ~]# /etc/init.d/lvsdr start
Reloading systemd: [ 确定 ]
Starting lvsdr (via systemctl): [ 确定 ]
[root@server1 ~]# scp /etc/init.d/lvsdr 192.168.100.30:/etc/init.d/
[root@server2 ~]# yum install httpd -y
[root@server2 ~]# echo "server2" >> /var/www/html/index.html
[root@server2 ~]# systemctl start httpd
[root@server2 ~]# /etc/init.d/lvsdr start
Reloading systemd: [ 确定 ]
Starting lvsdr (via systemctl): [ 确定 ]
测试
[root@balancer ~]# ip addr show ens37
ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:1d:c7:7b brd ff:ff:ff:ff:ff:ff
inet 192.168.100.10/24 brd 192.168.100.255 scope global ens37
valid_lft forever preferred_lft forever
inet 192.168.100.111/32 scope global ens37
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe1d:c77b/64 scope link
valid_lft forever preferred_lft forever
[root@slave ~]# ip addr show eno16777736
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:6c:f5:58 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.11/24 brd 192.168.100.255 scope global eno16777736
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe6c:f558/64 scope link
valid_lft forever preferred_lft forever
=====================
关闭balancer keepalived
[root@balancer ~]# systemctl stop keepalived
[root@balancer ~]# ip addr show ens37
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:1d:c7:7b brd ff:ff:ff:ff:ff:ff
inet 192.168.100.10/24 brd 192.168.100.255 scope global ens37
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe1d:c77b/64 scope link
valid_lft forever preferred_lft forever
[root@slave ~]# ip addr show eno16777736
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:6c:f5:58 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.11/24 brd 192.168.100.255 scope global eno16777736
valid_lft forever preferred_lft forever
inet 192.168.100.111/32 scope global eno16777736
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe6c:f558/64 scope link
valid_lft forever preferred_lft forever
