实现lvs群集的两个重要部件是ipvs内核模块和ipvsadm工具包,当前内核版本的系统已经包含ipvs内核模块。
1.下载ipvsadm
ipvsadm是在Linux的内核中实现的,他在Linux的内核中监测需要路由的IP数据包,ipvsadm根据用户设置的条件对数据包进行相应的操作。ipvsadm的作用是为用户选择合适的web服务器。LLB在选择服务器时有不同的规则,这些规则用于选择哪台服务器处理用户的请求。这些规则包括:Round-Robin (RR)、 Weighted Round-Robin (WRR)、 Least-Connection (LC)、 Weighted Least-Connection (WLC)等.....
rhel5.2的内核是Linux real2 2.6.18-92.el5,可以安装的版本是ipvsadm-1.24-6.src.rpm
rhel5.2的内核安装 ipvsadm-1.25-1.src.rpm版本会报错 (for kernel 2.6.28-rc3 or late)
建议使用yum安装,
2.下载keepalived
keepalived是一个监测lvs转发器和web服务器状态的软件,下面是官方网站对keepalived的一段解释,官方网站地址
What is Keepalived ?
The main goal of the keepalived project is to add a strong & robust keepalive facility to the Linux Virtual Server project. This project is written in C with multilayer TCP/IP stack checks. Keepalived implements a framework based on three family checks : Layer3, Layer4 & Layer5/7. This framework gives the daemon the ability of checking a LVS server pool states. When one of the server of the LVS server pool is down, keepalived informs the linux kernel via a setsockopt call to remove this server entrie from the LVS topology. In addition keepalived implements an independent VRRPv2 stack to handle director failover. So in short keepalived is a userspace daemon for LVS cluster nodes healthchecks and LVS directors failover.
Why using Keepalived ?
If your are using a LVS director to loadbalance a server pool in a production environnement, you may want to have a robust solution for healthcheck & failover.
keepalived下载地址/software/keepalived-1.1.15.tar.gz
首先,需要对内核源码做个软连接,否则在编译keepalived时找不到ipvs,如果没有相应的内核源码,安装即可yum install kernel-devel
ln -s /usr/src/kernels/2.6.18-92.el5-i686/ /usr/src/linux
3.安装ipvsadm
建议使用yum安装,
rpm -ivh ipvsadm-1.24-6.src.rpm
cd /usr/src/redhat/SOURCES/ipvsadm-1.24
tar -xvzf ipvsadm-1.24.tar.gz
cd ipvsadm-1.24
make
make install
4.安装keepalived
tar -xvzf keepalived-1.1.15.tar.gz
cd keepalived-1.1.15
./configure --prefix=/usr/local/keepalived
Keepalived configuration
-----------------------------------------------
Keepalived version : 1.1.15
Compiler : gcc
Compiler flags : -g -O2
Extra Lib : -lpopt -lssl -lcrypto
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
Use VRRP Framework : Yes
Use LinkWatch : No
Use Debug flags : No
-------------------------------------------------
make
make install
ln -s /usr/local/keepalived/sbin/keepalived /usr/sbin/
ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
mkdir /etc/keepalived
cd /etc/keepalived/
关于:
Use IPVS Framework : NO
IPVS sync daemon support :NO
上面的软连接没有做,会出现这样的情况
5.配置real服务器的ip地址,告诉real服务器忽略来自客户端计算机搜索VIP属主(MAC地址)的ARP广播。
一个客户端计算机发送一个ARP广播到LVS-DR集群,注意因为Director和集群节点(真实服务器1)都是连接到相同的网络上的,它们都会接收到ARP广播“是谁的VIP?”ARP广播数据包发送到所有连接到本地网络的节点上(VLAN或物理网段)。然而,我们想让真实服务器忽略掉ARP广播,只让LVS-DR Director响应它,为了阻止真实服务器应答ARP广播,我们需要在所有真实服务器上隐藏loopback接口。
下面的脚本将VIP添加到隐藏的loopback设备上,启用数据包转发,并告诉内核隐藏VIP。
#!/bin/bash #description:start realserver VIP1=192.168.7.100
/etc/rc.d/init.d/functions case "$1" in start) echo " start LVS of RealServer" /sbin/ifconfig lo:0 $VIP1 broadcast $VIP1 netmask 255.255.255.255 up echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce ;; stop) /sbin/ifconfig lo:0 down echo "close LVS Directorserver" echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce ;; *) echo "Usage: $0 {start|stop}" exit 1 esac # shell end |
运行脚本后查看网卡状态
[root@real1 opt]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:38:1D:C0
inet addr:192.168.7.191 Bcast:192.168.7.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7617 errors:0 dropped:0 overruns:0 frame:0
TX packets:2515 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1125018 (1.0 MiB) TX bytes:329374 (321.6 KiB)
Interrupt:169 Base address:0x2000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
lo:0 Link encap:Local Loopback
inet addr:192.168.7.100 Mask:255.255.255.255
UP LOOPBACK RUNNING MTU:16436 Metric:1
将该脚本添加到/etc/rc.d/rc.local以开机自启动
/opt/lvsreal.sh start&
6.配置keepalived
keepalived的作用:实现lvs控制器转发请求到web服务器,并且监控web服务器的状态并自动添加删除web结点。实现两台DR的failover。
不再需要直接去执行ipvsadm命令添加realserver、虚拟服务等操作了,直接配置keepalived的配置文件即可。
编辑配置文件/usr/local/keepalived/etc/keepalived/keepalived.conf
ln -s /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
注:更加详细的参数建keepalived官方网站上的keepalived-userguide.pdf,该手册非常详细。
! Configuration File for keepalived global_defs { # notification_email { # acassen@firewall.loc # failover@firewall.loc # sysadmin@firewall.loc # } # notification_email_from Alexandre.Cassen@firewall.loc # smtp_server 192.168.200.1 # smtp_connect_timeout 30 router_id LVS_DEVEL }
# VIP1 vrrp_instance VI_1 { state MASTER #主机为MASTER,备用机为BACKUP interface eth0 #HA监测网络接口 mcast_src_ip 192.168.7.200 #发送vrrp广播的源地址,备机注意修改 virtual_router_id 51 #主、备机的virtual_router_id必须相同 priority 200 #主、备机取不同的优先级,主机值较大,备份机值较小,值越大优先级越高 advert_int 3 #VRRP Multicast广播周期秒数 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.7.100 } } virtual_server 192.168.7.100 80 { delay_loop 6 lb_algo wlc lb_kind DR persistence_timeout 50 #同一IP 50秒内的请求都发到同个real server protocol TCP real_server 192.168.7.191 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } real_server 192.168.7.192 80 { weight 3 HTTP_GET { url { path /testurl/test.jsp digest 640205b7b0fc66c1ea91c463fac6334d } url { path /testurl2/test.jsp digest 640205b7b0fc66c1ea91c463fac6334d } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } # shell end |
上面脚本中使用两种不同的realserver健康检查方法只是为了举例,关于自定义检查脚本等可以参考官方文档的VII. Keepalived configuration synopsis部分。
service keepalived start
启动
在启动前先查看IP地址。注:不能使用ifconfig查看
[root@dr1 ~]# ip addr show
1: lo: mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0c:29:c8:9b:3c brd ff:ff:ff:ff:ff:ff
inet 192.168.7.191/24 brd 192.168.7.255 scope global eth0
service keepalived stop
service keepalived start
启动后
[root@dr1 ~]# ip addr show
1: lo: mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0c:29:c8:9b:3c brd ff:ff:ff:ff:ff:ff
inet 192.168.7.191/24 brd 192.168.7.255 scope global eth0
inet 192.168.7.100/32 scope global eth0
注:可以通过查看ipvsadm来确认哪个real server是master的,使用方法见后面。或者通过打开keepalived的dump来观察日志:
修改/etc/init.d/keepalived的下面的部分,添加 -d
daemon keepalived -d ${KEEPALIVED_OPTIONS}
当Master失效时,Backup就会通过MultiCast地址:224.0.0.18(vrrp的默认地址)这个组播地址,获得这个消息,并将192.168.7.100这个地址接管过来。注:如果有iptables,记得打开。
iptables -A INPUT -i eth1 -d 224.0.0.18 -j ACCEPT
iptables -A OUTPUT -o eth1 -d 224.0.0.18 -j ACCEPT
(4)测试转发
使用ipvsadm -l查看控制器转发状态
watch ipvsadm -ln
清除LVS规则:
ipvsadm -C
连接3306端口,测试:
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.18.6.211:3306 wlc persistent 50
-> 172.18.6.9:3306 Local 1 3 0
-> 172.18.6.10:3306 Route 1 0 0
一个不错的文档:
|
文件: | keepalived.PDF |
大小: | 919KB |
下载: | 下载 |
|