高可用叢集之keepalived+lvs實戰-技術流ken
1.keepalived簡介
lvs在我之前的部落格《 高負載叢集實戰之lvs負載均衡-技術流ken》中已經進行了詳細的介紹和應用,在這裡就不再贅述。這篇博文將把lvs與keepalived相結合使用,在實際工作中搭建高可用,高負載,高效能的伺服器叢集。
“Keepalived的作用是檢測伺服器的狀態,如果有一臺web伺服器宕機,或工作出現故障,Keepalived將檢測到,並將有故障的伺服器從系統中剔除,同時使用其他伺服器代替該伺服器的工作,當伺服器工作正常後Keepalived自動將伺服器加入到伺服器群中,這些工作全部自動完成,不需要人工干涉,需要人工做的只是修復故障的伺服器。”
2.keepalived的主要功能
1. healthcheck
檢查後端節點是否正常工作
如果發現後端節點異常,就將該異常節點從排程規則中刪除;
如果發現後端的異常節點恢復正常了,就將該節點重新加入到排程規則中;
2. failover
是對排程器的主節點做健康檢測。
將備用節點升級為主節點
接管主節點上的資源(vip、lvs規則)
3.keepalived實現故障切換的原理
1.keepalived是基於vrrp寫於實現的故障切換
2.正常情況下,主節點會每隔一段時間向備節點發送一個心跳資訊,這個就是告訴備節點自己正常
當主節點發生故障,那麼備節點無法接收都心跳資訊,就認定主節點故障,那麼就會接收主節點的業務和資源(包括
當主節點又恢復的時候,那麼備節點釋放所接收到資源和業務
4.簡單說說vrrp協議
1. VRRP((Virtual Router Redundancy Protocol),虛擬路由冗餘協議,為了解決靜態路由的單點故障問題
2. VRRP的工作機制是基於競選機制選擇一個路由來完成任務處理
3. VRRP協議是通過傳送多播資料包實現競選的(Multicat)
4. 競選出來主節點會一直髮送廣播包,backup節點一直監聽這些廣播包(處於監聽狀態)
5. 當備用節點無法接收到廣播包的是時候,就會重新進行競選,選出一個新的節點作為主節點
5.keepalived可以完成如下工作
1. 自動生成
2. 自動配置lvs規則
3. 可以實現各種服務的高可用
4. failover的時候,做vip的漂移
6.keepalived的配置檔案
第一段:global_defs,全域性配置段 global_defs { notification_email { 237745635@qq.com } notification_email_from [email protected] smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id id1 <<< 當前主機的ID值,這個值必須是唯一的[要確保標紅的三處不同] } 第二段:vrrp_instance,例項配置段(虛擬服務段) 【該段是定義虛擬服務的vip等資訊】 vrrp_instance VI_1 { <<< 指定例項的名稱 state MASTER <<< 指定節點的狀態,MASTER表示主,BACKUP表示備用節點 interface eth0 <<< 指定將VIP繫結在哪個網絡卡上 virtual_router_id 51 <<< 虛擬路由ID,用於標識哪些個節點是一組,同一組的主機的虛擬id需要相同 priority 100 <<< 指定該節點的優先順序(主這節點的優先順序大於備節點) advert_int 1 <<< 指定備節點在幾秒之內沒有接收到主節點的心跳資訊,就接管其業務和資源 authentication { <<< 指定keepalived叢集中各個主備節點做認證的方式 auth_type PASS auth_pass 1111 } virtual_ipaddress { <<< 指定用於提供服務的ip地址(也就是VIP) 10.220.5.233 } } 第三段:virtual_server,虛擬主機配置段 【該段主要是給lvs來用,用來定義後端RS節點】 virtual_server 10.220.5.222 80 { #指定例項對應的VIP delay_loop 6 # 對後端節點做健康檢查的時間間隔 lb_algo rr # 指定負載均衡排程演算法 lb_kind DR # 指定所使用的lvs模型 nat_mask 255.255.255.0 persistence_timeout 50 # 同一IP的請求50秒內被分配到同一臺真實主機 protocol TCP # 用TCP協議對真實節點做健康檢查 real_server 10.220.5.190 80 { # 指定一臺真實伺服器的IP和埠 weight 1 # 設定權重 TCP_CHECK { # 用建立tcp連線的方式做健康檢測 connect_timeout 10 # 設定建立tcp連線的超時時間 delay_before_retry 3 # 超時後多久重試 nb_get_retry 3 # 重試次數 connect_port 80 # 健康檢查使用的埠號 } } real_server 10.220.5.191 80 { weight 1 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } }
7.修改配置檔案需要注意的問題
1. 例項可以有一個,也可以有多個
2. 單例項中必須相同的配置
vrrp_instance VI_1
virtual_router_id 51
auth_type PASS
auth_pass 1111
virtual_ipaddress
3. 單例項中必須不相同的配置
router_id id1
state MASTER
priority 100
8.指定日誌儲存方式和位置
1. 修改keepalived的配置 [[email protected] ~]# cat /etc/sysconfig/keepalived # Options for keepalived. See `keepalived --help' output and keepalived(8) and # keepalived.conf(5) man pages for a list of all options. Here are the most # common ones : # # --vrrp -P Only run with VRRP subsystem. # --check -C Only run with Health-checker subsystem. # --dont-release-vrrp -V Dont remove VRRP VIPs & VROUTEs on daemon stop. # --dont-release-ipvs -I Dont remove IPVS topology on daemon stop. # --dump-conf -d Dump the configuration data. # --log-detail -D Detailed log messages. # --log-facility -S 0-7 Set local syslog facility (default=LOG_DAEMON) # KEEPALIVED_OPTIONS="-D -d -S 0" #KEEPALIVED_OPTIONS="-D" 2. 修改系統日誌配置檔案 [[email protected] ~]# echo "local0.* /var/log/ka.log" >>/etc/rsyslog.conf 3. 重啟服務 [[email protected] ~]# service rsyslog restart [[email protected] ~]# service keepalived restart 日誌 級別:指定觸發日誌的事件的重要等級 日誌設施:指定將日誌記錄在什麼位置
9.keepalived對RS做健康檢查的方式
1. HTTP_GET:向後端的RS傳送http請求,如果請求成功,說明後端節點正常(RS是web服務的時候比較常用) 2. TCP:嘗試與後端RS建立TCP連線,如果成功,說明後端節點正常 【僅僅是檢查RS系統是否正常工作,不能檢查具體的業務】 3. SMTP:對郵件伺服器做健康檢測 4. MISC:通過指令碼的方式實現健康檢測 TCP健康檢測方式舉例 TCP_CHECK { # 通過TcpCheck判斷RealServer的健康狀態 connect_timeout 10 # 連線超時時間 nb_get_retry 3 # 重連次數 delay_before_retry 3 # 重連時間間隔 connect_port 80 # 檢測埠 } HTTP_GET健康檢測方式舉例 HTTP_GET { url { path check/t.html # 檢查的uri地址 digest 1362a91278f0 # 用keepalived自帶的genhash生成 connect_timeout 3 # 連結超時時間 nb_get_retry 3 # 重連次數 delay_before_retry 3 # 重連時間間隔 connect_port 6500 # 檢測埠 } MISC健康檢測方式舉例 MISC_CHECK { misc_path "/tmp/check.sh http://1.2.3.4:80/c/200.jsp" # 呼叫外部程式或者指令碼的路徑和引數 misc_timeout 10 # 指令碼執行的超時時間 misc_dynamic # 動態權重標誌。 # 指令碼返回0 則檢測成功,權重不變 # 返回1表示失敗,權重設定為0 }
10.keepalived+lvs伺服器叢集實戰
1.環境準備
centos7.5
VIP:172.20.10.11/28
客戶端IP:172.20.10.3/28
KEEPALIVED+LVS1伺服器端IP:172.20.10.2/28
KEEPALIVED+LVS2伺服器端IP:172.20.10.5/28
WEB1伺服器端IP:172.20.10.8/28
WEB2伺服器端IP:172.20.10.9/28
2.關閉安全服務
[[email protected] ~]# setenforce 0 [[email protected] ~]# systemctl stop firewalld [[email protected] ~]# iptables -F
3.配置KEEPALIVED+LVS1伺服器端
相當的伺服器配置需要保持相同。接下來的配置你需要配置兩遍,即在每個服務端都需要配置一遍。
安裝ipvsadm
[[email protected] ~]# yum install popt* libnl* kernel-devel ipvsadm -y
安裝keepalived
[[email protected] ~]# yum install keepalived -y
配置主伺服器端keepalived
! Configuration File for keepalived global_defs { notification_email { [email protected] [email protected] [email protected] } notification_email_from [email protected] smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id id1 vrrp_skip_check_adv_addr vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 51 priority 150 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.20.10.11/28 } } virtual_server 172.20.10.11 80 { delay_loop 6 lb_algo rr lb_kind DR persistence_timeout 50 protocol TCP real_server 172.20.10.8 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 172.20.10.9 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } }
配置好之後可以把這個檔案使用scp傳輸到另外一臺伺服器上面
[[email protected] ~]# scp /etc/keepalived/keepalived.conf 172.20.10.5:/etc/keepalived/keepalived.conf [email protected]172.20.10.5's password: keepalived.conf 100% 1116 669.7KB/s 00:00
配置從伺服器端keepalived
! Configuration File for keepalived global_defs { notification_email { [email protected] [email protected] [email protected] } notification_email_from [email protected] smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id id2 vrrp_skip_check_adv_addr vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_instance VI_1 { state BACKUP interface eth0 interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.20.10.11/28 } } virtual_server 172.20.10.11 80 { delay_loop 6 lb_algo rr lb_kind DR persistence_timeout 50 protocol TCP real_server 172.20.10.8 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 172.20.10.9 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } }
4.重啟keepalived
[[email protected] ~]# systemctl restart keepalied
5.檢查ipvsadm
[[email protected] ~]# ipvsadm -L -n --stats IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes -> RemoteAddress:Port TCP 172.20.10.11:80 7 84 0 22131 0 -> 172.20.10.8:80 4 69 0 21009 0 -> 172.20.10.9:80 3 15 0 1122 0
6.檢查VIP
檢查主伺服器端
[[email protected] ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000 link/ether 00:0c:29:2d:5b:b8 brd ff:ff:ff:ff:ff:ff inet 172.20.10.2/28 brd 172.20.10.15 scope global noprefixroute eth0 valid_lft forever preferred_lft forever inet 172.20.10.11/28 scope global secondary eth0 #VIP現在在主伺服器端 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe2d:5bb8/64 scope link valid_lft forever preferred_lft forever
檢查從伺服器端
[[email protected] ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000 link/ether 00:0c:29:a5:e9:a4 brd ff:ff:ff:ff:ff:ff inet 172.20.10.5/28 brd 172.20.10.15 scope global noprefixroute eth0 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fea5:e9a4/64 scope link valid_lft forever preferred_lft forever
6.配置web伺服器端
1.下載apache
[[email protected] ~]# yum install httpd -y
2.準備測試頁面
[[email protected] ~]# echo "this is 172.20.10.8 for test" >/var/www/html/index.html
3.啟動apache
[[email protected] ~]# systemctl restart httpd [[email protected] ~]# ss -tnl |grep 80 LISTEN 0 128 :::80 :::*
4.繫結VIP
[[email protected] ~]# ip a a 172.20.10.11/32 dev lo:0
5.arp抑制
[[email protected] ~]# echo "1">/proc/sys/net/ipv4/conf/lo/arp_ignore [[email protected] ~]# echo "1">/proc/sys/net/ipv4/conf/all/arp_ignore [[email protected] ~]# echo "2">/proc/sys/net/ipv4/conf/lo/arp_announce [[email protected] ~]# echo "2">/proc/sys/net/ipv4/conf/all/arp_announce
11.瀏覽器測試
確認每臺伺服器每項服務重啟之後,再次關閉每臺伺服器
防火牆
[[email protected] ~]# iptables -F
輸入VIP地址
測試成功!
進行重新整理測試
測試成功!
關閉一臺172.20.10.8web伺服器進行測試
[[email protected] ~]# systemctl stop httpd
檢視ipvsadm規則
[[email protected] ~]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 172.20.10.11:80 rr -> 172.20.10.9:80 Route 1 0 0
已自動移除172.20.10.8伺服器
測試成功!
關閉172.20.10.2 keepalived主伺服器進行測試
[[email protected] ~]# systemctl stop keepalived
檢視keepalived主伺服器端ipvsadm規則
[[email protected] ~]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn
檢視keepalived主伺服器端VIP
[[email protected] ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000 link/ether 00:0c:29:2d:5b:b8 brd ff:ff:ff:ff:ff:ff inet 172.20.10.2/28 brd 172.20.10.15 scope global noprefixroute eth0 valid_lft forever preferred_lft forever #已經沒有VIP inet6 fe80::20c:29ff:fe2d:5bb8/64 scope link valid_lft forever preferred_lft forever
檢視從伺服器ipvsadm規則
[[email protected] ~]# ipvsadm -L -n --stats IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes -> RemoteAddress:Port TCP 172.20.10.11:80 0 0 0 0 0 -> 172.20.10.9:80 0 0 0 0 0
從伺服器端已經自動繼承主伺服器端ipvsadm規則
檢視從伺服器端是否有VIP
[[email protected] ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000 link/ether 00:0c:29:a5:e9:a4 brd ff:ff:ff:ff:ff:ff inet 172.20.10.5/28 brd 172.20.10.15 scope global noprefixroute eth0 valid_lft forever preferred_lft forever inet 172.20.10.11/28 scope global secondary eth0 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fea5:e9a4/64 scope link valid_lft forever preferred_lft forever
VIP已經自動繼承到從伺服器端
測試完成!