keepalived+lvs
准备4台虚拟机分别为server1,server2,server3,server4(server1为主机,4为备机)
安装
- 安装包
keepalived-1.2.5.tar.gz
tar zxf keepalived-1.2.5.tar.gz
- 依赖性解决
yum install -y ipvsadm kernel-devel openssl-devel popt-devel libnl-devel gcc make
编译安装
./configure –prefix=/usr/local/keepalived ##keepalived路径编译结果:
Keepalived configuration
—————————————————
Keepalived version : 1.2.5
Compiler : gcc
Compiler flags : -g -O2
Extra Lib : -lpopt -lssl -lcrypto -lnl
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
IPVS use libnl : No
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
SNMP support : No
Use Debug flags : No
make && make install
keepalived + lvs
配置keepalived
server1与server4同:
ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
ln -s /usr/local/keepalived/etc/keepalived /etc/
ln -s /usr/local/keepalived/sbin/keepalived /usr/sbin
keepalived主配置文件:
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost ##接收警报的email地址,可添加多个
}
notification_email_from keepalived@server1 ##邮件的发送地址
smtp_server 127.0.0.1 ##设置smtp server地址为本机
smtp_connect_timeout 30 ##连接smtp服务器超时时间
router_id LVS_DEVEL ##loadbalancer的标识,用于email警报
}
vrrp_instance VI_1 {
state MASTER ##设定本机为主,server4为BACKUP,此状态由priority的值决定,priority值大则为MASTER
interface eth0 ##HA检测网络接口
virtual_router_id 87 ##vrid,主备机的vrid必须相同,取值0-255
priority 100 ##优先级
advert_int 1 ##主备之间的通告间隔秒数
authentication { ##主备切换时的认证
auth_type PASS ##验证类型,主要有PASS和AH两种
auth_pass 1111 ##设置验证密码,在一个vrrp_instance下,MASTER与BACKUP必须使用相同的密码才能正常通信
}
virtual_ipaddress { ##设置虚拟IP地址,可以设置多个虚拟IP地址,每行一个
172.25.36.100
}
}
virtual_server 172.25.36.100 80 { ##定义虚拟服务器
delay_loop 6 ##每隔6秒检查realserver状态
lb_algo rr ##lvs调度算法为轮叫rr
lb_kind DR ##lvs使用DR模式
nat_mask 255.255.255.0
#persistence_timeout 50 ##连接后端服务器,50S内不会负载均衡
protocol TCP ##指定转发协议类型,有tcp和udp两种
real_server 172.25.36.2 80 { ##配置服务节点
weight 1 ##服务节点权值
TCP_CHECK { ##realserver的状态检测部分
connect_timeout 3 ##3秒无响应超时
nb_get_retry 3 ##重试次数为3次
delay_before_retry 3 ##重试间隔
}
real_server 172.25.36.3 80 { ##配置服务节点
weight 1 ##服务节点权值
TCP_CHECK { ##realserver的状态检测部分
connect_timeout 3 ##3秒无响应超时
nb_get_retry 3 ##重试次数为3次
delay_before_retry 3
}
/etc/init.d/keepalived start
scp /etc/keepalived/keepalived.conf root@172.25.36.4:/etc/keepalived/
server4:
vim /etc/keepalived/keepalived.conf ##只修改这两处
vrrp_instance VI_1 {
state BACKUP
priority 50
}
/etc/init.d/keepalived start
server2,server3:
ip addr add 172.25.36.100/32 dev eth0
/etc/init.d/httpd start
测试:
1.真机curl 172.25.36.100
server1的mac地址为09:9f
2.server1:
/etc/init.d/keepalived stop
真机:curl 172.25.36.100
server4的mac地址为46:f9
3.server4:
/etc/init.d/keepalived stop
server1:
/etc/init.d/keepalived start
curl 172.25.36.100(server1接管)
keepalived为单线程,其下由两个子进程
第一个子进程:vrrp协议,实现高可用
第二个子进程:健康检查,维护LVS的策略
keepalived+LVS+vsftp
server2,server3:
yum install -y arptables_jf
arptables -A IN -d 172.25.36.100 -j DROP ##将RS接受到的172.25.36.100包丢弃
arptables -A OUT -s 172.25.36.100 -j mangle --mangle-ip-s 172.25.36.3 ##将源时172.25.36.100的请求发送给172.25.36.3
/etc/init.d/arptables_jf save
/etc/init.d/arptables_jf start
查看arptables:
arptables -L
server1,server4中keepalived.conf同时添加如下:
vim /etc/keepalived/keepalived.conf
virtual_server 172.25.36.100 21 { ##vsftpd端口为21端口
delay_loop 6
lb_algo rr
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 50 ##连接后端服务器,50S内不会负载均衡
protocol TCP
real_server 172.25.36.2 21 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.25.36.3 21 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
/etc/init.d/keepalived restart
查看配置是否生效:
ipvsadm -l
server2,server3中:
yum install vsftpd -y
/etc/init.d/vsftpd start
mkdir /var/ftp/server2(server3) ##方便测试看出效果
测试:
1.真机:lftp 172.25.36.100 -> ls
2.server1:
/etc/init.d/keepalived stop
真机:lftp 172.25.36.100(server4会接管keepalived)
3.server3:
/etc/init.d/vsftpd stop
真机:lftp 172.25.36.100
keepalived + nginx
配置nginx:
server1(nginx所在主机):
http {
upstream westos { ##添加westos负载均衡组
server 172.25.36.2:80;
server 172.25.36.3:80;
}
server {
listen 80;
server_name www.westos.org; ##添加访问域名
location / {
proxy_pass http://westos; ##访问westos负载均衡组
}
}
nginx -s reload
scp -r nginx/ server4:/usr/local/
server4:
/usr/local/nginx/sbin/nginx -t ##检查nginx配置文件是否出错
/usr/local/nginx/sbin/nginx ##运行nginx
server2,server3:
/etc/init.d/httpd start ##运行httpd(port 80)
在测试主机上将解析加入:
vim /etc/hosts
172.25.36.100 www.westos.org
测试:
主机web:www.westos.org(有轮询)
轮询
配置keepalived:
keepalived服务(server1,server4):
cd /opt
vim nginx_check.sh
#!/bin/bash
curl http://127.0.0.1/index.html -o /dev/null -s || /usr/local/lnmp/nginx/sbin/nginx ##检测nginx是否运行,若没有运行则运行nginx
if [ $? -ne 0 ];then
/etc/init.d/keepalived stop &> /dev/null ##若不能运行nginx则关闭本机keepalived由备机server4接管
fi
vim /etc/keepalived/keepalived.conf
vrrp_script nginx_check {
script /opt/nginx_check.sh ##脚本位置
interval 2 ##检查间隔两秒
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@server1
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 87
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.36.100/24
}
track_script {
nginx_check ##脚本资源为nginx_check
}
测试:
1.server1:
/etc/init.d/keepalived start
nginx -s stop ##停止运行nginx
真机web:
www.westos.org ##可以正常访问,因为keepalived中脚本每两秒检测,检测到nginx关闭而开启了nginx
2.server1:
mv /usr/local/lnmp/nginx/ /mnt/
/etc/init.d/keepalived start
真机web:
www.westos.org ##可以正常访问,因为keepalived在server1中被停止运行后由备机server4接管