简述
Keepalived 的作用是检测web服务器的状态,如果有一台web服务器死机,或工作出现故障,Keepalived将检测到,并将有故障的web服务器从系统中剔除,当web服务器工作正常后Keepalived自动将web服务器加入到服务器群中,这些工作全部自动完成,不需要人工干涉,需要人工做的只是修复故障的web服务器。
配置实例
VIP: 192.168.199.177 RealServer1: 192.168.199.222 RealServer2: 192.168.199.193
MASTER 配置
<pre> ! Configuration File for keepalived vrrp_instance VI_1 { state MASTER interface eth2 garp_master_delay 10 smtp_alert virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.199.177 } } virtual_server i192.168.199.177 80 { delay_loop 6 lb_algo rr lb_kind DR persistence_timeout 50 protocol TCP real_server 192.168.199.222 80 { weight 3 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } real_server 192.168.199.193 80 { weight 3 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } } </pre>
BACKUP
<pre> ! Configuration File for keepalived vrrp_instance VI_1 { state BACKUP interface eth2 garp_master_delay 10 smtp_alert virtual_router_id 51 priority 50 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.199.177 } } virtual_server i192.168.199.177 80 { delay_loop 6 lb_algo rr lb_kind DR persistence_timeout 50 protocol TCP real_server 192.168.199.222 80 { weight 3 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } real_server 192.168.199.193 80 { weight 3 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } } </pre>
192.168.199.193: service keepalived restart 192.168.199.222: service keepalived restart 配置完成
! Configuration File for keepalived
global_defs { notification_email { 定义接受邮件的邮箱 acassen@firewall.loc failover@firewall.loc
sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc 定义发送邮件的邮箱 smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_MASTER lvs服务器标识符 }
vrrp_instance LVSMASTER { lvs实例标识 state MASTER 服务器状态 interface eth0 监控的端口 virtual_router_id 51 虚拟路由标识,一组lvs的虚拟路由标识必须相同,这样才能切换 priority 100 lvs服务启动优先级,值越大,优先级越高,BACKUP 不能大于MASTER advert_int 2 lvs服务器之间的存活检查时间2s authentication { auth_type PASS 认证类型 auth_pass hylanda 认证密码,一组lvs 服务器的认证密码必须一致 } virtual_ipaddress { 192.168.0.138 虚拟ip或服务ip } } virtual_server 192.168.0.138 80 { 虚拟服务运行方式定义 delay_loop 5 检查realserver存活的间隔时间 lb_algo rr 负载均衡算法 lb_kind DR 请求转发方式 persistence_timeout 50 连接保持时间 protocol TCP
real_server 192.168.0.132 80 { 真实服务器定义
weight 1 负载参数
TCP_CKECK {
connect_timeout 10 连接超时时间
nb_get_retry 3 重试连接的次数
delay_before_reitry 3 每次连接间隔
connect_port 80 端口
}
}
real_server 192.168.0.133 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
3.配置keepalive 两台服务器端keepalived.conf内容都为如下,都设置为backup,不抢占,注意修改优先级不同,更详细的keepalived配置文件说明可以执行man keepalived.conf查看:
! Configuration File for keepalived global_defs { notification_email { admin@lvtao.net } notification_email_from admin@lvtao.net smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id LVS_DEVEL } #监控服务.NGINX mysql等 vrrp_script chk_nginx { script "/home/check_nginx.sh" interval 2 weight 2 }
vrrp_instance VI_1 { state BACKUP #主从设置 MASTER interface eth2 #网卡名 virtual_router_id 51 mcast_src_ip 10.0.1.133 #本机IP priority 50 #从机小于主机 advert_int 1 authentication { auth_type PASS auth_pass chtopnet } virtual_ipaddress { 10.0.1.2 #VIP 的IP } track_script { chk_nginx #检测脚本 }
}
virtual_server 10.0.1.2 80 { delay_loop 6 lb_algo rr lb_kind DR persistence_timeout 50 protocol TCP
real_server 10.0.1.132 80 {
weight 3
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 10.0.1.133 80 {
weight 3
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
启动相关服务。我在这儿使用的是nginx ,每个上面开了一个站点,通过IP可以直接访问的。启动keepalive后,就可以通过VIP的虚拟IP 10.0.1.2来访问站点了,测试方法就是 停止任何其中一个站点,看它是否能自动切换到从服务器上。
上面代码中 nginx的检测脚本如下 :
#!/bin/bash if [ "$(ps -ef | grep "nginx: master process"| grep -v grep )" == "" ] then /usr/local/nginx/sbin/nginx sleep 5 if [ "$(ps -ef | grep "nginx: master process"| grep -v grep )" == "" ] then killall keepalived fi fi
在两台Web Server上执行realserver.sh脚本,为lo:0绑定VIP地址10.0.1.2、抑制ARP广播。
#!/bin/bash #description: Config realserver
VIP=10.0.1.2
/etc/rc.d/init.d/functions
case "$1" in start) /sbin/ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP /sbin/route add -host $VIP dev lo:0 echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce sysctl -p >/dev/null 2>&1 echo "RealServer Start OK" ;; stop) /sbin/ifconfig lo:0 down /sbin/route del $VIP >/dev/null 2>&1 echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce echo "RealServer Stoped" ;; *) echo "Usage: $0 {start|stop}" exit 1 esac
exit 0
分别在主从机上执行 sh realserver.sh start 就可实现负载均衡及高可用集群了