keepalived+lvs+nginx双机集群
Keepalived for Linux - Version 1.2.8 - September 05, 2013
简介:
Keepalived的作用是检测web服务器的状态,如果有一台web服务器死机,或工作出现故障,Keepalived将检测到,并将有故障的web服务器从系统中剔除,当web服务器工作正常后Keepalived自动将web服务器加入到服务器群中。
主要用作RealServer的健康状态检查以及LoadBalance主机和BackUP主机之间failover的实现。
故keepalived个人定义为HA,不是负载均衡。
keepalived运行在lvs之上
LVS 软件负载均衡
ipvsadm-1.26.tar.gz
DR工作模式 支持约100个左右的应用
NAT工作模式 支持约10~20个左右的应用
TUN工作模式 支持约100个左右的应用
IP配置信息:
LVS-DR-Master 192.168.164.132
LVS-DR-BACKUP 192.168.164.133
LVS-DR-VIP 192.168.164.100
WEB1-Realserver
192.168.164.134
WEB2-Realserver 192.168.164.135
centos6.5_X86_64-livecd安装的系统
yum install -y gcc gcc-c++ zlib-devel kernel-* libnl* popt* openssl openssl-devel net-snmp-*
#ipvs安装报错主要是缺少,libnl跟popt库文件
ningx源码安装
./configure --prefix=/usr/local/nginx --with-pcre=/root/pcre-8.36 && make && make install
cd /usr/local/nginx/html/
mv index.html index.html.bak
echo -e "MASTER" > index.html
echo -e "BACKUP" > index.html # 另一台
/usr/local/nginx/sbin/nginx
ipvsadm安装
ln -vs /usr/src/kernels/2.6.32-504.1.3.el6.x86_64/ /usr/src/linux (1.26不需要这个软连接,也能安装)
tar zxvf ipvsadm-1.26.tar.gz
cd ipvsadm-1.26 && make && make install
验证是否安装成功
[root@localhost ipvsadm-1.26]# ipvsadm ## 必须先执行此命令才能加载ip_vs模块
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
[root@localhost ipvsadm-1.26]# lsmod | grep ip_vs
ip_vs 125220 0
libcrc32c 1246 1 ip_vs
ipv6 317340 145 ip_vs,cnic,ip6t_REJECT,nf_conntrack_ipv6,nf_defrag_ipv6
ipvsadm 启动脚本(用于真实服务器,real server)
[root@localhost ~]# cat lvs_keepd.sh
#! /bin/bash
SYN_VIP=192.168.164.100
source /etc/rc.d/init.d/functions
case "$1" in
start)
echo "start LVS of real server"
ifconfig lo:0 $SYN_VIP netmask 255.255.255.255 broadcast $SYN_VIP
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
echo "stop LVS of real server"
ifconfig lo:0 down
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
*)
echo "USAGE: $0 {start|stop}"
exit 1
esac
bash lvs_keepd.sh start
keepalived的安装
tar xf keepalived-1.2.8.tar.gz
cd keepalived-1.2.8
./configure --prefix=/usr/local/keepalived --enable-snmp && make && make install
cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
mkdir /etc/keepalived/
cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/ #没有这个keepalived启动后,不会检测到real server的vip
cp /usr/local/keepalived/sbin/keepalived /usr/sbin/ #没有这个keepalived无法启动,报错说找不到命令
/etc/init.d/keepalived start
keepalived MASTER配置文件
[root@localhost ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
### keepalived有自己的报警机制,但一般不用,所以注释掉,只留下router_id
# notification_email {
# acassen@firewall.loc
# failover@firewall.loc
# sysadmin@firewall.loc
# }
# notification_email_from Alexandre.Cassen@firewall.loc
# smtp_server 192.168.200.1
# smtp_connect_timeout 30
router_id LVS_DEVEL_1 # 全网唯一标识,不能有重复出现
}
#组块,同步实例组
vrrp_sync_group LVS { #设置vrrp组
group {
VI_1 #实例名,可以配置多个实例,一个实例一行,一个实例一个虚拟块
}
}
####虚拟块
vrrp_instance VI_1 { #跟实例组中的实例名一样
state MASTER ##设置lvs的状态,MASTER和BACKUP两种,必须大写
interface eth1 #对外提供服务的网络接口
lvs_sync_daemon_interface eth1 #设置lvs监听的接口,类似于心跳检测,(HA中绑定VIP的网口)在DR模式中,interface和lvs_sync_daemon_interface的网卡是一致的
virtual_router_id 51 #虚拟路由标识,MASTER和BACKUP是一致的,但在整个VRRP中是唯一的
priority 150 #优先级,数值越大,优先级越高,MASTER要高于BACKUP,
advert_int 1 #同步检查间隔时间,MASTER和BACKUP之间同步检查的时间间隔,单位为秒
authentication { #同步验证,验证密码为明文,MASTER和BACKUP之间的密码和验证类型必须一致,此处一般不改
auth_type PASS #验证方式,就用PASS
auth_pass 1111 #VRRP密码
}
virtual_ipaddress { #虚拟地址,可写多个,一个IP一行
192.168.164.100 #这里设置的IP,一定要和real server的lvs脚本中的VIP一致
}
}
virtual_server 192.168.164.100 80 { #虚拟服务器配置,此处IP就是之前的VIP,端口就是需要提供负载的端口,比如80,3306等等
delay_loop 6 #延时等待时间,单位为秒
lb_algo rr #HA调度算法,互联网一般就用wlc加权最小连接调度和rr轮询round robin
##lb_kind NAT
lb_kind DR #HA的负载均衡转发规则,一般用DR方式
persistence_timeout 50 #会话保持时间,单一链接重连保持时间秒,可以理解为session共享
protocol TCP #转发协议,一般都是采用TCP方式,也可以使用UDP
real_server 192.168.164.134 80 { #真实服务器的IP+端口,理解为需要高可用的应用服务,比如80,3306等等
weight 1 #权重值,值越大,权重越高,可以承担的负载雨大,服务器硬件比较好,可以使用高一点的权重
TCP_CHECK { #TCP协议检查
#SSL_GET {
# url {
# path /
# digest ff20ad2481f97b1754ef3e12ecd3a9cc
# }
# url {
# path /mrtg/
# digest 9b3a0c85a887a256d6939da88aabd8cd
# }
connect_timeout 3 #连接超时时间,单位秒
nb_get_retry 3 #检测失败后,重试次数,超出设定值,将后端服务器移除
delay_before_retry 3 #失败重试时间
connect_prot 80 #需要检测的端口,比如80,3306等等
}
}
real_server 192.168.164.135 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_prot 80
}
}
}
keepalived BACKUP配置文件
[root@localhost ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL_2
}
vrrp_instance VI_1 {
state BACKUP
interface eth1
lvs_sync_daemon_interface eth1
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.164.100
}
}
virtual_server 192.168.164.100 80 {
delay_loop 6
lb_algo rr
##lb_kind NAT
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.164.134 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_prot 80
}
}
real_server 192.168.164.135 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_prot 80
}
}
}
keepalived-HA检测方法
/etc/init.d/keepalived stop #用此命令停止MASTER或者BACKUP的keepalived
ip add #再用此命令查看real server的vip是否已经被绑定到keepalived的MASTER或者BACKUP上
用ipvsadmin能更加准确的查看HA的服务,和real server
[root@localhost ~]# ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.164.100:http rr persistent 50
-> 192.168.164.134:http Route 1 0 0
-> 192.168.164.135:http Route 1 0 0
nginx失效检测
将其中一台nginx进程杀掉,keepalived会自动切换到另外一台nginx上
直接 #此ip为虚拟ip
注:
在没有做路由的情况下,[按照本试验中,eth0跟eth1不在一个网段,eth1用于keepalived-HA],将interface 从eth1改成eth0,访问vip(web)时,要比interface eth1慢很多(约10秒)
在keepalived中有一些模板可以参考
$INSTALL_KEEPALIVED_PATH/etc/keepalived/samples/
《Linux keepalived与lvs的深入分析》
http://blog.sina.com.cn/s/blog_7b6fc4c9010126rt.html
《Linux keepalived与lvs的深入分析》二之虚拟服务器配置分析
http://blog.sina.com.cn/s/blog_7b6fc4c9010126ry.html
《Linux keepalived与lvs的深入分析》三之负载调度算法
http://blog.sina.com.cn/s/blog_7b6fc4c9010126s0.html
《Linux keepalived与lvs的深入分析》四之IP负载均衡技术
http://blog.sina.com.cn/s/blog_7b6fc4c9010126s5.html
