概述
Keepalived是专门针对LVS设计的一款强大的辅助工具,主要用来提供故障切换(Failover)和健康检查(HeathChecking)功能——判断LVS负载调度器、节点服务器的可用性,及时隔离并替换为新的服务器,当故障主机恢复后将其重新加入群集。
Keepalived的官方网站位于http://www.keepalived.org/
Keepalived的热备方式
Keepalived采用VRRP(Virtual Router Redundancy Protocol,虚拟路由冗余协议)热备份协议,以软件的方式实现Linux服务器的多机热备功能。VRRP是针对路由器的一种备份解决方案——由多台路由器组成一个热备组,通过共用的虚拟ip地址对外提供服务;每个热备组内同一时刻只有一台主路由器提供服务,其他路由器处于冗余状态,若当前在线的路由器失效,则其他路由器会自动接替(优先级决定接替顺序)虚拟IP地址,以继续提供服务。热备组内的路由器之间进行转移,所以也称为漂移IP地址。使用Keepalived时,漂移地址的实现不需要手动建立虚接口配置文件(如eth0:0)而是由Keepalived根据配置文件自动管理。
(一主多从之间的优先级不能相同,否则会产生''脑裂"或"裂脑")
Keepalived的安装与服务控制
1.安装支持软件
在编译安装Keepallved之前,必须先安装内核开发包kernel-devel,以及openss1一devel、popt-devel等支持库。除此之外,在LVS群集环境中应用时,也需要用到rpvsadm管理工具。
[root@Keepalived ~]# yum -y install kernel-devel openssl-devel popt-devel [root@Keepalived ~]# yum -y install ipvsadm
2.编译安装keepalived
[root@Keepalived ~]# tar zxvf keepalived-1.2.13.tar.gz -C /usr/src/ [root@Keepalived ~]# cd /usr/src/keepalived-1.2.13/ [root@Keepalived keepalived-1.2.13]# ./configure --prefix=/ --with-kernel-dir=/usr/src/kernels/2.6.32-431.el6.x86_64/ [root@Keepalived keepalived-1.2.13]# make [root@Keepalived keepalived-1.2.13]# make install
只有使用LVS时才需要参数 --with-kernel-dir
3.使用Keepalived服务
[root@Keepalived ~]# ls -1 /etc/init.d/keepalived -rwxr-xr-x 1 root root 1288 11月 8 16:23 /etc/init.d/keepalived [root@Keepalived ~]# chkconfig --add keepalived [root@Keepalived ~]# chkconfig keepalived on
配置文件:
Keepalived服务的配置目录位于/etc/Keepalived/。其中Keepalived.conf是主配置文件;另外包括一个子目录samples/,提供了许多配置样例参考。在Keepalived的配置文件中,使用“global_defs {...}"区段指定全局参数,使用“vrrp_instance 实例名称 {...}"区段指定VRRR热备参数,注释文字以“!”符号开头。
在同一个Keepalived热备组内,所有服务器的Keepalived配置文件基本相同,包括路由器名称,虚拟路由器的ID号,认证信息,漂移地址,心跳频率等。不同之处主要在于路由器名称热备状态,优先级。
- 路由器名称(router_id):建议为每个参与热备的服务器指定不同的名称;
- 热备状态(state):至少应有一台主服务器,将状态设为MASTER;可以有多台备用的服务器,将状态设为备用服务器;
- 优先级(priority):数值越大则取得VIP控制权的优先级越高,因此主服务器的优先级应设为最高;其他备用服务器的优先级可依次递减,但不要相同,以免在争夺VIP控制权时发生冲突;
!全局配置 global_defs { router_id LVS_HA_R1 //主调度器的名称 } !虚拟实例配置 vrrp_instance VI_1 { state MASTER //主调度器的热备状态(MASTER/BACKUP) interface eth0 //承载VIP地址的物理接口 virtual_router_id 51 //虚拟路由器的ID号,每个热备组保持一致 priority 100 //主调度器的优先级 advert_int 1 //通告间隔秒数(心跳频率) authentication { //主、从热备认证信息(每个热备组保持一致) auth_type PASS //认证类型 auth_pass 1111 //密码子串 } virtual_ipaddress { 172.16.1.130 //指定集群VIP地址,可以有多个 } } !Web服务器池配置 virtual_server 172.16.1.130 80 { //虚拟服务器地址(VIP)、端口 delay_loop 15 //健康检查时间的间隔(秒) lb_algo rr //调度算法(轮询(rr)) lb_kind DR //群集工作模式,(DR/NAT) persistence 60 //连接保持时间(秒 protocol TCP //应用服务采用的是TCP协议 real_server 172.16.1.131 80 { //第一个Web节点的地址、端口 weight 1 //节点权重 TCP_CHECK { //健康检查方式 connect_port 80 //检查的目标端口 connect_timeout 3 //连接超时(秒) nb_get_retry 3 //重试次数 delay_before_retry 4 //重试间隔(秒) } } real_server 172.16.1.132 80 { //第二个Web节点的地址、端口 ......//省略部分信息 } real_server 172.16.1.133 80 { //第三个Web节点的地址、端口 ......//省略部分信息 } real_server 172.16.1.134 80 { //第四个Web节点的地址、端口 ......//省略部分信息 } }
Keepalived+LVS(NAT模式)
不需要配置LVS,因为keepalived去调用LVS内核模块
1.配置IP
略,Web服务器和Client客户端需要指定网关,都为VIP地址
2.配置Keepalived服务器(主-从)
1)调整响应参数
[root@Keepalived ~]# vim /etc/sysctl.conf 修改: net.ipv4.ip_forward = 1 添加: net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.eth0.send_redirects = 0 [root@Keepalived ~]# sysctl -p
2)安装Keepalived软件与ipvsadm管理工具
[root@Keepalived ~]# yum -y install ipvsadm [root@Keepalived ~]# yum -y install kernel-devel openssl-devel popt-devel [root@Keepalived ~]# tar zxvf keepalived-1.2.13.tar.gz -C /usr/src/ [root@Keepalived ~]# cd /usr/src/keepalived-1.2.13/ [root@Keepalived keepalived-1.2.13]# ./configure --prefix=/ --with-kernel-dir=/usr/src/kernels/2.6.32-431.el6.x86_64/ [root@Keepalived keepalived-1.2.13]# make [root@Keepalived keepalived-1.2.13]# make install [root@Keepalived ~]# chkconfig --add keepalived [root@Keepalived ~]# chkconfig keepalived on
3)配置Keepalived
(1)全局配置、热备配置
[root@Keepalived ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak [root@Keepalived ~]# vim /etc/keepalived/keepalived.conf
global_defs { router_id LVS_MSATER_1 //主调度器的名称 } vrrp_instance VI_1 { //第一个实例的配置(VIP:1.1.1.1) state MASTER //主调度器的热备状态 interface eth0 //本网段提供服务的网卡设备名称 virtual_router_id 51 priority 100 //主调度器的优先级 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 1.1.1.1 //VIP地址配置 } } vrrp_instance VI_1 { //第二个实例的配置(VIP:192.168.10.1) state MASTER interface eth1 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.10.1 } }
! Configuration File for keepalived global_defs { router_id LVS_Savle_1 //修改 } vrrp_instance VI_1 { state BACKUP //修改 interface eth0 virtual_router_id 51 priority 90 //修改 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 1.1.1.1 } } vrrp_instance VI_1 { state BACKUP //修改 interface eth2 virtual_router_id 51 priority 90 //修改 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.10.1 } }
(2)Web服务器池配置
virtual_server 1.1.1.1 80 { delay_loop 15 lb_algo rr lb_kind NAT protocol TCP real_server 192.168.10.100 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 3 nb_get_retry 3 delay_before_retry 4 } } real_server 192.168.10.200 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 3 nb_get_retry 3 delay_before_retry 4 } } }
使用ip工具可以查看漂移IP(主)
[root@Keepalived ~]# ip a ...... 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:85:d4:5c brd ff:ff:ff:ff:ff:ff inet 1.1.1.10/8 brd 1.255.255.255 scope global eth0 inet 1.1.1.1/32 scope global eth0 inet6 fe80::20c:29ff:fe85:d45c/64 scope link valid_lft forever preferred_lft forever3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:85:d4:70 brd ff:ff:ff:ff:ff:ff inet 192.168.10.10/24 brd 192.168.10.255 scope global eth2 inet 192.168.10.1/32 scope global eth2 inet6 fe80::20c:29ff:fe85:d470/64 scope link valid_lft forever preferred_lft forever
5)配置Web节点服务器(各Web服务器配置相同)
安装httpd服务,创建测试页面,并启动httpd服务
[root@Web1 ~]#echo "LVS test 1" > /var/www/html/index.html //第一个web服务器内容 [root@Web2 ~]#echo "LVS test 2" > /var/www/html/index.html //第二个web服务器内容
Keepalived+LVS(DR模式)
1.配置IP地址
略
2.配置Keeplives服务器(主--从)
1)调整响应参数
[root@Keepalived ~]# vim /etc/sysctl.conf 添加: net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.eth0.send_redirects = 0 [root@Keepalived ~]# sysctl -p
2)安装Keepalived软件与ipvsadm管理工具
[root@Keepalived ~]# yum -y install ipvsadm
[root@Keepalived ~]# yum -y install kernel-devel openssl-devel popt-devel
[root@Keepalived ~]# tar zxvf keepalived-1.2.13.tar.gz -C /usr/src/
[root@Keepalived ~]# cd /usr/src/keepalived-1.2.13/
[root@Keepalived keepalived-1.2.13]# ./configure --prefix=/ --with-kernel-dir=/usr/src/kernels/2.6.32-431.el6.x86_64/
[root@Keepalived keepalived-1.2.13]# make
[root@Keepalived keepalived-1.2.13]# make install
[root@Keepalived ~]# chkconfig --add keepalived
[root@Keepalived ~]# chkconfig keepalived on
3)配置Keepalived
(1)全局配置、热备配置
[root@Keepalived ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@Keepalived ~]# vim /etc/keepalived/keepalived.conf
global_defs { router_id LVS_MSATER_1 //主调度器的名称 } vrrp_instance VI_1 { //第一个实例的配置(VIP:1.1.1.1) state MASTER //主调度器的热备状态 interface eth0 //本网段提供服务的网卡设备名称 virtual_router_id 51 priority 100 //主调度器的优先级 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 1.1.1.1 //VIP地址配置 } }
global_defs { router_id LVS_Savle_1 //主调度器的名称 } vrrp_instance VI_1 { //第一个实例的配置(VIP:1.1.1.1) state BACKUP //主调度器的热备状态 interface eth0 //本网段提供服务的网卡设备名称 virtual_router_id 51 priority 90 //主调度器的优先级 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 1.1.1.1 //VIP地址配置 } }
(2)Web服务器池配置
virtual_server 1.1.1.1 80 { delay_loop 15 lb_algo rr lb_kind DR //调整模式(DR) protocol TCP real_server 1.1.1.100 80 { //Web主机的地址 weight 1 TCP_CHECK { connect_port 80 connect_timeout 3 nb_get_retry 3 delay_before_retry 4 } } real_server 1.1.1.200 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 3 nb_get_retry 3 delay_before_retry 4 } } }
[root@Keepalived ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:85:d4:5c brd ff:ff:ff:ff:ff:ff inet 1.1.1.10/8 brd 1.255.255.255 scope global eth0 inet 1.1.1.1/32 scope global eth0 inet6 fe80::20c:29ff:fe85:d45c/64 scope link valid_lft forever preferred_lft forever
3.配置Web节点服务器
1)设置VIP
[root@Web ~]# cd /etc/sysconfig/network-scripts/ [root@Web network-scripts]# cp ifcfg-lo ifcfg-lo:0 [root@Web network-scripts]# vim ifcfg-lo:0 修改为: DEVICE=lo:0 IPADDR=1.1.1.1 NETMASK=255.255.255.255 ONBOOT=yes [root@Web network-scripts]# service network reload [root@Web ~]# route add -host 1.1.1.1 dev lo:0 //添加路由 [root@Web ~]# echo "route add -host 1.1.1.1 dev lo:0" >> /etc/rc.local
2)调整/proc参数(使用单播访问,提高相应速度)
[root@Web ]# vim /etc/sysctl.conf 添加: net.ipv4.conf.all.arp_ignore = 1 net.ipv4.conf.all.arp_announce = 2 net.ipv4.conf.default.arp_ignore = 1 net.ipv4.conf.default.arp_announce = 2 net.ipv4.conf.lo.arp_ignore = 1 net.ipv4.conf.lo.arp_announce = 2 [root@localhost ]# sysctl -p
3)配置Web节点服务器(各Web服务器配置相同)
安装httpd服务,创建测试页面,并启动httpd服务
[root@Web1 ~]#echo "LVS test 1" > /var/www/html/index.html //第一个web服务器内容 [root@Web2 ~]#echo "LVS test 2" > /var/www/html/index.html //第二个web服务器内容