测试环境: vmware+CENTOS6.5
MASTR维修好后,启动后要手动关闭、启动SLAVER的HTTPD服务,VIP才会指向MASTER。
High Availability
Load Balancer
本地yum源配置:
mount -t iso9660 /dev/cdrom /mnt/cdrom
cd /etc/yum.repos.d/
[root@sl yum.repos.d]# mv CentOS-Base.repo CentOS-Base.repose_bak
[root@sl yum.repos.d]# mv CentOS-Debuginfo.repo CentOS-Debuginfo.repo_bak
编辑文件CentOS-Media.repo:
[c6-media] #库名称
name=CentOS-$releasever - Media #名称描述
baseurl=file:///media/centos/ #yum源目录,源地址
gpgcheck=1 #检查GPG-KEY,0为不检查,1为检查
enabled=1 #是否用该yum源,0为禁用,1为使用
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 #gpgcheck=0时无需配置
:x
测试yum源是否配置成功:yum list
安装keepalived:
# yum -y install openssl-devel
# yum -y install ipvsadm
# yum -y install kernel kernel-devel
# yum -y install keepalived-*
# reboot
# mount /dev/cdrom /mnt/cdrom
编写个简单脚本查看httpd进程是否存活,没有则抛出1
#vi /usr/sbin/testHttpd.sh
#!/bin/bash
count = `ps aux | grep httpd | grep -v grep | wc -l`
if [ $count == "0" ]; then
# service httpd start
# sleep 5
count = `ps aux | grep httpd | grep -v grep | wc -l`
if [ $count == "0" ]; then
# service keepalived stop
exit 1
fi
fi
exit 0
编辑 keepalived 配置文件:
master
#Vi /etc/keepalived/keepalived.conf
[root@k01 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
#bli@haotel.com
}
notification_email_from root@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script checkHttpd
{
script "/usr/sbin/testHttpd.sh"
interval 3
weight -20
}
vrrp_instance VI_1 {
state MASTER #SLAVER服务器为 BACKUP
interface eth0
virtual_router_id 51
priority 100
advert_int 1
track_script
{
checkHttpd
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.144.186
}
}
virtual_server 172.16.144.186 80 {
delay_loop 3
lb_algo rr
lb_kind DR
net_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 172.16.144.184 80 {
weight 3
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 172.16.144.185 80 {
weight 3
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
用secondary ip address方式配置VIP
# vi /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
:x
#ip addr add 192.168.1.11/32 dev lo
172.16.144.184 k01
172.16.144.185 k02
关闭iptables
# service iptables stop
# chkconfig iptables off
关闭SELinux
# vi /etc/selinux/config
selinux=disabled
#service httpd start
用setup命令进入服务设置,设置httpd为开机启动
将keepalived作为服务添加到chkconfig中,并设置开机启动
# chkconfig --add keepalived
# chkconfig --level 35 keepalived on
# chkconfig --list keepalived
keepalived 0:off 1:off 2:off 3:on 4:off 5:on 6:off
测试:
停 任1 keepalived VIP切换,但 访问vip:80 有 问题
停 任1 httpd 服务器 ,VIP切换, 访问vip:80 OK,再启动 httpd 服务器 ,VIP不切换, 访问vip:80 OK
先启动SLAVER,后启动MASTER,vip自动返回MASTER,但 访问vip:80 有 问题,停 slaver httpd 服务,启 slaver httpd 服务,访问vip:80 OK,VIP回MASTER
关闭MASTER的 HTTPD,但IPVSADM -Ln看,VIP还在MASTER,只是少了SLAVER,估计路由没有重新指向SLAVER
-------------------------------------------------------------------------------------------------------------
参考:
添加脚本检测处理:
在keepalived的配置文件中增加相应配置项
vrrp_script checkHttpd
{
script "/usr/sbin/testHttpd.sh"
interval 3
weight -20
}
vrrp_instance test
{
...
track_script
{
checkHttpd
}
...
}
测试是否可绑定
#ip addr add 192.168.30.22/32 dev lo
#ip add list 查看是否绑定
在2台web服务器上添加一下脚本
#vim /etc/init.d/realserver.sh
#!/bin/bash
TEST_VIP=172.16.144.186
. /etc/rc.d/init.d/functions
case "$1" in
start)
ifconfig lo:0 $TEST_VIP netmask 255.255.255.255 broadcast $TEST_VIP
/sbin/route add -host $TEST_VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
ifconfig lo:0 down
route del $TEST_VIP >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0
如果发现NginX不正常,重启之。等待3秒再次校验,仍然失败则不再尝试。
根据上述策略很容易写出监控脚本。这里使用nmap检查nginx端口来判断nginx的状态,记得要首先安装nmap。监控脚本如下:
ps aux | grep -v grep | grep httpd | wc -l
#!/bin/sh
# check nginx server status
NGINX=/usr/local/nginx/sbin/nginx
PORT=80
nmap localhost -p $PORT | grep "$PORT/tcp open"
#echo $?
if [ $? -ne 0 ];then
$NGINX -s stop
$NGINX
sleep 3
nmap localhost -p $PORT | grep "$PORT/tcp open"
[ $? -ne 0 ] && /etc/init.d/keepalived stop
fi
MASTER:172.16.144.184
SLAVER:172.16.144.185
VIP:17216.144.186
MASTR维修好后,启动后要手动关闭、启动SLAVER的HTTPD服务,VIP才会指向MASTER。
MASTER、SLAVER安装完全一样,只是在KEEPALIVED配置稍有不同
High Availability
Load Balancer
本地yum源配置:
mount -t iso9660 /dev/cdrom /mnt/cdrom
cd /etc/yum.repos.d/
[root@sl yum.repos.d]# mv CentOS-Base.repo CentOS-Base.repose_bak
[root@sl yum.repos.d]# mv CentOS-Debuginfo.repo CentOS-Debuginfo.repo_bak
编辑文件CentOS-Media.repo:
[c6-media] #库名称
name=CentOS-$releasever - Media #名称描述
baseurl=file:///media/centos/ #yum源目录,源地址
gpgcheck=1 #检查GPG-KEY,0为不检查,1为检查
enabled=1 #是否用该yum源,0为禁用,1为使用
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 #gpgcheck=0时无需配置
:x
测试yum源是否配置成功:yum list
安装keepalived:
# yum -y install openssl-devel
# yum -y install ipvsadm
# yum -y install kernel kernel-devel
# yum -y install keepalived-*
# reboot
# mount /dev/cdrom /mnt/cdrom
编写个简单脚本查看httpd进程是否存活,没有则抛出1
#vi /usr/sbin/testHttpd.sh
#!/bin/bash
count = `ps aux | grep httpd | grep -v grep | wc -l`
if [ $count == "0" ]; then
# service httpd start
# sleep 5
count = `ps aux | grep httpd | grep -v grep | wc -l`
if [ $count == "0" ]; then
# service keepalived stop
exit 1
fi
fi
exit 0
编辑 keepalived 配置文件:
master
#Vi /etc/keepalived/keepalived.conf
[root@k01 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
#bli@haotel.com
}
notification_email_from root@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script checkHttpd
{
script "/usr/sbin/testHttpd.sh"
interval 3
weight -20
}
vrrp_instance VI_1 {
state MASTER #SLAVER服务器为 BACKUP
interface eth0
virtual_router_id 51
priority 100
advert_int 1
track_script
{
checkHttpd
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.144.186
}
}
virtual_server 172.16.144.186 80 {
delay_loop 3
lb_algo rr
lb_kind DR
net_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 172.16.144.184 80 {
weight 3
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 172.16.144.185 80 {
weight 3
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
用secondary ip address方式配置VIP
# vi /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
:x
#sysctl -p
#ip addr add 192.168.1.11/32 dev lo
#ip add list 查看是否绑定
主机名解析设置
172.16.144.184 k01
172.16.144.185 k02
关闭iptables
# service iptables stop
# chkconfig iptables off
关闭SELinux
# vi /etc/selinux/config
selinux=disabled
#service httpd start
用setup命令进入服务设置,设置httpd为开机启动
将keepalived作为服务添加到chkconfig中,并设置开机启动
# chkconfig --add keepalived
# chkconfig --level 35 keepalived on
# chkconfig --list keepalived
keepalived 0:off 1:off 2:off 3:on 4:off 5:on 6:off
测试:
停 任1 keepalived VIP切换,但 访问vip:80 有 问题
停 任1 httpd 服务器 ,VIP切换, 访问vip:80 OK,再启动 httpd 服务器 ,VIP不切换, 访问vip:80 OK
先启动SLAVER,后启动MASTER,vip自动返回MASTER,但 访问vip:80 有 问题,停 slaver httpd 服务,启 slaver httpd 服务,访问vip:80 OK,VIP回MASTER
关闭MASTER的 HTTPD,但IPVSADM -Ln看,VIP还在MASTER,只是少了SLAVER,估计路由没有重新指向SLAVER
-------------------------------------------------------------------------------------------------------------
参考:
添加脚本检测处理:
在keepalived的配置文件中增加相应配置项
vrrp_script checkHttpd
{
script "/usr/sbin/testHttpd.sh"
interval 3
weight -20
}
vrrp_instance test
{
...
track_script
{
checkHttpd
}
...
}
测试是否可绑定
#ip addr add 192.168.30.22/32 dev lo
#ip add list 查看是否绑定
在2台web服务器上添加一下脚本
#vim /etc/init.d/realserver.sh
#!/bin/bash
TEST_VIP=172.16.144.186
. /etc/rc.d/init.d/functions
case "$1" in
start)
ifconfig lo:0 $TEST_VIP netmask 255.255.255.255 broadcast $TEST_VIP
/sbin/route add -host $TEST_VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
ifconfig lo:0 down
route del $TEST_VIP >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0
如果发现NginX不正常,重启之。等待3秒再次校验,仍然失败则不再尝试。
根据上述策略很容易写出监控脚本。这里使用nmap检查nginx端口来判断nginx的状态,记得要首先安装nmap。监控脚本如下:
ps aux | grep -v grep | grep httpd | wc -l
#!/bin/sh
# check nginx server status
NGINX=/usr/local/nginx/sbin/nginx
PORT=80
nmap localhost -p $PORT | grep "$PORT/tcp open"
#echo $?
if [ $? -ne 0 ];then
$NGINX -s stop
$NGINX
sleep 3
nmap localhost -p $PORT | grep "$PORT/tcp open"
[ $? -ne 0 ] && /etc/init.d/keepalived stop
fi