LVS之 Keepalived

Keepalived简介

   Keepalived是Linux下一个轻量级别的高可用解决方案。高可用(High Avalilability,HA)，其实两种不同的含义：广义来讲，是指整个系统的高可用行，狭义的来讲就是之主机的冗余和接管，

   它与HeartBeat RoseHA 实现相同类似的功能，都可以实现服务或者网络的高可用，但是又有差别，HeartBeat是一个专业的、功能完善的高可用软件，它提供了HA 软件所需的基本功能，比如：心跳检测、资源接管，检测集群中的服务，在集群节点转移共享IP地址的所有者等等。HeartBeat功能强大，但是部署和使用相对比较麻烦，

与HeartBeat相比，Keepalived主要是通过虚拟路由冗余来实现高可用功能，虽然它没有HeartBeat功能强大，但是Keepalived部署和使用非常的简单，所有配置只需要一个配置文件即可以完成

Keepalived是什么？

Keepalived起初是为LVS设计的，专门用来监控集群系统中各个服务节点的状态，它根据TCP/IP参考模型的第三、第四层、第五层交换机制检测每个服务节点的状态，如果某个服务器节点出现异常，或者工作出现故障，Keepalived将检测到，并将出现的故障的服务器节点从集群系统中剔除，这些工作全部是自动完成的，不需要人工干涉，需要人工完成的只是修复出现故障的服务节点。

[root@server1 ~]# /etc/init.d/ldirectord stop
Stopping ldirectord... success
[root@server1 mnt]# yum install libnfnetlink-devel-1.0.0-1.el6.x86_64.rpm -y
[root@server1 local]# yum install -y mailx


[root@server1 keepalived-2.0.6]# ./configure --prefix=/use/local/keepalived --with-init=SYSV



configure: error: 
  !!! OpenSSL is not properly installed on your system. !!!
  !!! Can not include OpenSSL headers files.            !!!
  需先解决error
[root@server1 keepalived-2.0.6]# yum install -y openssl-devel

[root@server1 ~]# yum install openssl-devel libnl3-devel ipset-devel iptables-devel libnfnetlink-devel


[root@server1 keepalived-2.0.6]# ./configure --prefix=/usr/local/keepalived --with-init=SYSV
[root@server1 keepalived-2.0.6]# make
[root@server1 keepalived-2.0.6]# make install

[root@server1 keepalived-2.0.6]# cd
[root@server1 ~]# cd /usr/local/keepalived/
[root@server1 keepalived]# ls
bin etc sbin share
[root@server1 keepalived]# pwd
/usr/local/keepalived
[root@server1 keepalived]# cd etc/
[root@server1 etc]# ls
keepalived rc.d sysconfig
[root@server1 etc]# cd rc.d/
[root@server1 rc.d]# ls
init.d
[root@server1 rc.d]# cd init.d/
[root@server1 init.d]# pwd
/usr/local/keepalived/etc/rc.d/init.d
[root@server1 init.d]# ls
keepalived
[root@server1 init.d]# vim keepalived
[root@server1 init.d]# chmod +x keepalived
[root@server1 init.d]# ls
keepalived
[root@server1 init.d]# pwd
创建软连接为可执行
[root@server1 init.d]# ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
[root@server1 init.d]# cd ..
[root@server1 rc.d]# ls
init.d
[root@server1 rc.d]# cd ..
[root@server1 etc]# ls
keepalived rc.d sysconfig
[root@server1 etc]# cd keepalived/
[root@server1 keepalived]# ls
keepalived.conf samples
[root@server1 keepalived]# pwd
/usr/local/keepalived/etc/keepalived
[root@server1 keepalived]# ls
keepalived.conf samples
[root@server1 keepalived]# ln -s /usr/local/keepalived/etc/keepalived /etc/
[root@server1 keepalived]# cd ..
[root@server1 etc]# ls
keepalived rc.d sysconfig
[root@server1 etc]# cd sysconfig/
[root@server1 sysconfig]# pwd
/usr/local/keepalived/etc/sysconfig
[root@server1 sysconfig]# ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
[root@server1 sysconfig]# cd ..
[root@server1 etc]# cd ..
[root@server1 keepalived]# ls
bin etc sbin share
[root@server1 keepalived]# cd sbin/
[root@server1 sbin]# ls
keepalived
[root@server1 sbin]# pwd
/usr/local/keepalived/sbin
[root@server1 sbin]# ls
keepalived
[root@server1 sbin]# ln -s /usr/local/keepalived/sbin/keepalived /sbin/
[root@server1 sbin]# which keepalived
/sbin/keepalived
[root@server1 sbin]# /etc/init.d/keepalived start
Starting keepalived: [ OK ]
[root@server1 sbin]# /etc/init.d/keepalived stop
Stopping keepalived: [ OK ]
[[email protected]]#chmod+x/usr/local/keepalived/etc/rc.d/init.d/keepalived
[root@server1 keepalived-2.0.6]# cd /etc/keepalived/
[root@server1 keepalived]# ls
keepalived.conf samples
[root@server1 keepalived]# vim keepalived.conf

! Configuration File for keepalived

global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1

   smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   这个是火墙策略，需要注释掉
   #vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 53
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.25.53.100
    }
}


virtual_server 172.25.53.100 80 {
    delay_loop 3
    lb_algo rr
    lb_kind DR
    #persistence_timeout 50
    protocol TCP

    real_server 172.25.53.2 80 {
        weight 1
        TCP_CHECK {
            connect_timeout 3
            retry 3
            delay_before_retry 3
        }
    }
    real_server 172.25.53.3 80 {
        weight 1
        TCP_CHECK {
            connect_timeout 3
            retry 3
            delay_before_retry 3
        }
    }
}




[root@server1 sbin]# cd /usr/local/
[root@server1 local]# scp -r keepalived/ server4:/usr/local/

[root@server4 ~]# cd /usr/local/
[root@server4 local]# ls
bin  etc  games  include  keepalived  lib  lib64  libexec  sbin  share  src
[root@server4 local]# cd keepalived/
[root@server4 keepalived]# ls
bin  etc  sbin  share
[root@server4 keepalived]# cd etc/
[root@server4 etc]# ls
keepalived  rc.d  sysconfig
[root@server4 etc]# cd rc.d/
[root@server4 rc.d]# cd init.d/
[root@server4 init.d]# ls
keepalived
[root@server4 init.d]# ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
[root@server4 init.d]# ln -s /usr/local/keepalived/etc/keepalived /etc/
[root@server4 init.d]# ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
[root@server4 init.d]# ln -s /usr/local/keepalived/sbin/keepalived /sbin/
[root@server4 init.d]# /etc/init.d/keepalived start
Starting keepalived:                                       [  OK  ]
[root@server4 init.d]# /etc/init.d/keepalived stop
Stopping keepalived:                                       [  OK  ]



[root@server4 keepalived]# cd /etc/keepalived/
[root@server4 keepalived]# ls
keepalived.conf  samples
[root@server4 keepalived]# vim keepalived.conf 

! Configuration File for keepalived

global_defs {
   notification_email {
     root@localhost
   }
   notification_email_from keepalived@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   #vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 53
    priority 50
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.25.53.100
    }
}


virtual_server 172.25.53.100 80 {
    delay_loop 3
    lb_algo rr
    lb_kind DR
    #persistence_timeout 50
    protocol TCP

    real_server 172.25.53.2 80 {
        weight 1
        TCP_CHECK {
            connect_timeout 3
            retry 3
            delay_before_retry 3
        }
    }
    real_server 172.25.53.3 80 {
        weight 1
        TCP_CHECK {
            connect_timeout 3
            retry 3
            delay_before_retry 3
        }
    }
}



[root@server4 keepalived]# /etc/init.d/keepalived start
Starting keepalived:                                       [  OK  ]

[root@server1 local]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.25.53.100:80 rr
  -> 172.25.53.2:80               Route   1      0          1         
  -> 172.25.53.3:80               Route   1      0          1         
[root@server1 local]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:07:35:d5 brd ff:ff:ff:ff:ff:ff
    inet 172.25.53.1/24 brd 172.25.53.255 scope global eth0
    inet 172.25.53.100/32 scope global eth0
    inet6 fe80::5054:ff:fe07:35d5/64 scope link 
       valid_lft forever preferred_lft forever
[root@server1 local]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.25.53.100:80 rr
  -> 172.25.53.2:80               Route   1      0          1         
  -> 172.25.53.3:80               Route   1      0          1    






[root@server2 ~]# /etc/init.d/httpd start
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.25.53.2 for ServerName
                                                           [  OK  ]
[root@server2 ~]# ip addr add 172.25.53.100/24 dev eth0


[root@server3 ~]# /etc/init.d/httpd start
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.25.53.2 for ServerName
                                                           [  OK  ]
[root@server3 ~]# ip addr add 172.25.53.100/24 dev eth0

[root@foundation53 ~]# curl 172.25.53.100
www.westos.org - server3
[root@foundation53 ~]# curl 172.25.53.100
www.westos.org  -server2
[root@foundation53 ~]# curl 172.25.53.100
www.westos.org - server3
[root@foundation53 ~]# curl 172.25.53.100
www.westos.org - server3
[root@foundation53 ~]# curl 172.25.53.100
www.westos.org  -server2

停掉server2的httpd，server3会在之后接替工作，不再需要坏掉的server3
[root@server2 ~]# /etc/init.d/httpd stop
Stopping httpd:                                            [  OK  ]
[root@server2 ~]# 


[root@foundation53 ~]# curl 172.25.53.100
www.westos.org - server3
[root@foundation53 ~]# curl 172.25.53.100
curl: (7) Failed connect to 172.25.53.100:80; Connection refused
[root@foundation53 ~]# curl 172.25.53.100
www.westos.org - server3
[root@foundation53 ~]# curl 172.25.53.100
curl: (7) Failed connect to 172.25.53.100:80; Connection refused
[root@foundation53 ~]# curl 172.25.53.100
www.westos.org - server3
[root@foundation53 ~]# curl 172.25.53.100
www.westos.org - server3
[root@foundation53 ~]# curl 172.25.53.100
www.westos.org - server3

[root@server1 ~]# ipvsadm -l
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.25.53.100:http rr
  -> server3:http                 Route   1      0          0         
[root@server1 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.25.53.100:80 rr
  -> 172.25.53.3:80               Route   1      0          0         



停掉server2和3的httpd，server1自己并不会接替
[root@foundation53 ~]# curl 172.25.53.100
curl: (7) Failed connect to 172.25.53.100:80; Connection refused
[root@foundation53 ~]# curl 172.25.53.100
curl: (7) Failed connect to 172.25.53.100:80; Connection refused
[root@foundation53 ~]# curl 172.25.53.100
curl: (7) Failed connect to 172.25.53.100:80; Connection refused
[root@foundation53 ~]# curl 172.25.53.100
curl: (7) Failed connect to 172.25.53.100:80; Connection refused

[root@server1 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.25.53.100:80 rr
[root@server1 ~]# ipvsadm -l
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.25.53.100:http rr


打开两个的httpd，自动加上

[root@server1 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.25.53.100:80 rr
  -> 172.25.53.2:80               Route   1      0          0         
  -> 172.25.53.3:80               Route   1      0          0         
You have new mail in /var/spool/mail/root
[root@server1 ~]# ipvsadm -l
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.25.53.100:http rr
  -> server2:http                 Route   1      0          0         
  -> server3:http                 Route   1      0          0