簡介
KeepAlived是網絡協議VRRP(Virtual Route Redundancy Protocol 虛擬路由冗余協議)協議的實現。
KeepAlived是Linux集群管理中保證集群高可用的一個服務軟件,其功能是用來防止單點故障。具體來說,其作用是檢測服務器的狀態,如果有一臺web服務器宕機,或工作出現故障,KeepAlived將會檢測到,并將有故障的服務器從系統中剔除,同時使用其他服務器代替該服務器的工作,當服務器工作正常后KeepAlived自動將服務器加入到服務器群中,這些工作全部自動完成,不需要人工干涉,需要人工做的只是修復故障的服務器。
KeepAlived的工作原理:
通過了解VRRP協議來了解KeepAlived的工作原理。
VRRP協議:Virtual Route Redundancy Protocol 虛擬路由冗余協議。是一種容錯協議,保證當主機的下一跳路由出現故障時,由另一臺備用路由器來代替出現故障的路由器進行工作,從而保持網絡通信的連續性和可靠性。這些路由器組成了一個虛擬路由器,其中包含一個Master 路由器和多個 Backup 路由器。主機將虛擬路由器當作默認網關。一個虛擬路由器可以擁有一個或多個IP 地址。
實驗實現基于KeepAlived雙主模型的高可用LVS
需求分析
如下圖所示
| FQDN | IP |
|---|---|
| images.king.com | VIP1 192.168.1.100 |
| app.king.com | VIP2 192.168.1.200 |
當客戶端訪問images.king.com的時候,是通過VIP1訪問,最終后端提供服務的是WEBSRV1和WEBSRV2;當客戶端訪問app.king.com的時候,是通過VIP2訪問,后端提供服務的是WEBSRV3和WEBSRV4。當用戶訪問其中一個站點的時候,單個LVS服務器可以提供負載均衡,將前端的請求調度到后端的兩臺WEBSRV上,但是一臺LVS無法避免單點失敗的問題,所以考慮用兩臺LVS服務器配合KeepAlived來實現高可用性。同時,企業提供兩個站點的服務,如果每個站點都采用兩臺LVS來實現高可用性,那么需要四臺LVS,成本比較高,而且正常情況下,有兩臺LVS服務器處于空閑中。可以考慮采用KeepAlived + LVS 雙主模型的方式來實現這種需求。
雙主模型。即針對VIP1,LVS1是MASTER,LVS2是BACKUP,此時,VIP1漂在LVS1上面,LVS1負責調度后端的WEBSRV1和WEBSRV2。針對VIP2,LVS2是MASTER,LVS1是BACKUP,此時,VIP2漂在LVS2上面,LVS2負責調度后端的WEBSRV3和WEBSRV4。當LVS1或者LVS2服務器出現故障的時候,那么此時出故障的LVS上面的VIP將漂移到另一臺LVS上面,并且原來負責的兩臺后端WEBSRV將由正常的LVS接管。這就是大致的實現過程。
實驗環境準備
確保所有虛擬機(centos7.3)上面的防火墻和selinux處于關閉狀態。
各節點時間必須同步
找一臺機器A與國內一臺常用的NTP服務器同步時間,企業里面其他的機器與A機器同步時間。
各節點之間通過主機名互相通信,建議使用/etc/hosts文件實現
各節點之間的root用戶可以基于密鑰認證的ssh服務完成互相通信
實驗過程
一、配置客戶端CLIENT
vim /etc/hosts
# 添加下面兩行
192.168.1.100 images.king.com
192.168.1.200 app.king.com
二、在WEBSRV1和WEBSRV2上面
WEBSRV2的配置和WEBSRV1的配置大致相同,下面以WEBSRV1為例介紹一下。
# 如果沒有安裝httpd就安裝
yum install httpd
# 啟動服務
systemctl start httpd
# 準備頁面,如果是WEBSRV2,就把WEBSRV1 改為WEBSRV2
echo "WEBSRV1 images" > /var/www/html/index.html
# 準備RS腳本
vim lvs_dr_rs.sh
#!/bin/bash
vip=192.168.1.100
mask='255.255.255.255'
dev=lo:1
case $1 in
start)
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig $dev $vip netmask $mask broadcast $vip up
route add -host $vip dev $dev
echo "The RS Server is Ready!"
;;
stop)
ifconfig $dev down
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "The RS Server is Canceled!"
;;
*)
echo "Usage: $(basename $0) start|stop"
exit 1
;;
esac
# 執行RS腳本
bash lvs_dr_rs.sh start
# 查看回環網卡上面是否綁定了vip 192.168.1.100
ip a
三、在WEBSRV3和WEBSRV4上面
WEBSRV4的配置和WEBSRV3的配置大致相同,下面以WEBSRV3為例介紹一下。
# 如果沒有安裝httpd就安裝
yum install httpd
# 啟動服務
systemctl start httpd
# 準備頁面,如果是WEBSRV4,就把WEBSRV3 改為WEBSRV4
echo "WEBSRV3 app" > /var/www/html/index.html
# 準備RS腳本
vim lvs_dr_rs.sh
#!/bin/bash
vip=192.168.1.200
mask='255.255.255.255'
dev=lo:1
case $1 in
start)
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig $dev $vip netmask $mask broadcast $vip up
route add -host $vip dev $dev
echo "The RS Server is Ready!"
;;
stop)
ifconfig $dev down
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "The RS Server is Canceled!"
;;
*)
echo "Usage: $(basename $0) start|stop"
exit 1
;;
esac
# 執行RS腳本
bash lvs_dr_rs.sh start
# 查看回環網卡上面是否綁定了vip 192.168.1.200
ip a
四、配置LVS1的KeepAlived
# 安裝ipvsadm,用于查看ipvs規則
yum install ipvsadm
# 查看一下,目前來說是空的
ipvsadm -Ln
# 安裝KeepAlived
yum install keepalived
# 配置keepalived
cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from node1@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.100.100.100
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 88
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 411fa9f6
}
virtual_ipaddress {
192.168.1.100/24
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
virtual_server 192.168.1.100 80 {
delay_loop 3
lb_algo wrr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 192.168.1.14 80 {
weight 2
HTTP_GET {
url {
path /index.html
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.1.15 80 {
weight 1
HTTP_GET {
url {
path /index.html
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
vrrp_instance VI_2 {
state BACKUP
interface ens33
virtual_router_id 66
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 123fa9f6
}
virtual_ipaddress {
192.168.1.200/24
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
virtual_server 192.168.1.200 80 {
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 192.168.1.16 80 {
HTTP_GET {
url {
path /index.html
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.1.66 80 {
HTTP_GET {
url {
path /index.html
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
# MASTER和BACKUP切換的郵件通知腳本
cat /etc/keepalived/notify.sh
#!/bin/bash
contact='root@localhost'
notify() {
mailsubject="$(hostname) to be $1, vip floating"
mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"
echo "$mailbody" | mail -s "$mailsubject" $contact
}
case $1 in
master)
notify master
;;
backup)
notify backup
;;
fault)
notify fault
;;
*)
echo "Usage: $(basename $0) {master|backup|fault}"
exit 1
;;
esac
# keepalived記錄日志 ,修改/etc/sysconfig/keepalived對應的行
KEEPALIVED_OPTIONS="-D -S 2"
# 在/etc/rsyslog.conf添加一行
local2.* /var/log/keepalived.log
# 重啟日志服務
systemctl restart rsyslog
# 準備sorry server
yum install httpd
systemctl start httpd
echo sorry,server > /var/www/html/index.html
# 啟動keepalived服務
systemctl start keepalived
五、配置LVS2的KeepAlived
LVS2的配置大致和LVS1相同,主要是KeepAlived的配置不同,現將KeepAlived的配置說明如下。
cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from node2@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node2
vrrp_mcast_group4 224.100.100.100
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 88
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 411fa9f6
}
virtual_ipaddress {
192.168.1.100/24
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
virtual_server 192.168.1.100 80 {
delay_loop 3
lb_algo wrr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 192.168.1.14 80 {
weight 2
HTTP_GET {
url {
path /index.html
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.1.15 80 {
weight 1
HTTP_GET {
url {
path /index.html
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
vrrp_instance VI_2 {
state MASTER
interface ens33
virtual_router_id 66
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123fa9f6
}
virtual_ipaddress {
192.168.1.200/24
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
virtual_server 192.168.1.200 80 {
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 192.168.1.16 80 {
HTTP_GET {
url {
path /index.html
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.1.66 80 {
HTTP_GET {
url {
path /index.html
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
六、在CLIENT上進行測試
測試一:
for i in {1..15};do curl images.king.com; done
for i in {1..15};do curl app.king.com; done
按照調度算法正常進行服務調度。
測試二:
for i in {1..50};do sleep 0.5; curl images.king.com;done
for i in {1..50};do sleep 0.5; curl app.king.com;done
斷開LVS1或者LVS2的網絡,兩個站點依然正常訪問。
此時,VIP1和VIP2集中在一臺正常工作的LVS上面。
測試三:
for i in {1..50};do sleep 0.5; curl images.king.com;done
停掉WEBSRV1或者WEBSRV2,images.king.com站點依然可以正常訪問。
for i in {1..50};do sleep 0.5; curl app.king.com;done
停掉WEBSRV3或者WEBSRV4,app.king.com站點依然可以正常訪問。
測試四:
for i in {1..50};do sleep 0.5; curl images.king.com;done
把WEBSRV1和WEBSRV2的httpd服務都停掉,發現顯示的是sorry,server,前端調度器充當了WEBSRV。
for i in {1..50};do sleep 0.5; curl app.king.com;done
把WEBSRV3和WEBSRV4的httpd服務都停掉,發現顯示的是sorry,server,前端調度器充當了WEBSRV。
