keepalived
keepalived 免费开源,具备第3、4、7层交换机的功能
主要提供 loadbalancing(负载均衡)和 high-availability(高可用)功能
负载均衡实现需要依赖Linux的虚拟服务内核模块(ipvs)
高可用是通过VRRP协议实现多台机器之间的故障转移服务
采用多进程的设计模式,每个进程负责不同的功能
[root@server1 ~]# tar zxf keepalived-1.4.3.tar.gz
[root@server1 ~]# cd keepalived-1.4.3
解决依赖性
查看依赖性
[root@server1 keepalived-1.4.3]# less INSTALL
下载第三方软件包
[root@server1 keepalived-1.4.3]# wget http://mirror.centos.org/centos/6/os/x86_64/Packages/libnfnetlink-devel-1.0.0-1.el6.x86_64.rpm
安装依赖包
[root@server1 keepalived-1.4.3]# yum install -y libnfnetlink-devel-1.0.0-1.el6.x86_64.rpm openssl-devel libnl-devel iptables-devel gcc
编译
[root@server1 keepalived-1.4.0]# ./configure --prefix=/usr/local/keepalived --with-init=SYSV
[root@server1 keepalived-1.4.0]# make && make install
注意:编译时,只要不报错,出现warning,就可以!
创建软连接
[root@server1 keepalived-1.4.0]# ln -s /usr/local/keepalived/etc/keepalived/ /etc/
[root@server1 keepalived-1.4.0]# ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
[root@server1 keepalived-1.4.0]# ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
[root@server1 keepalived-1.4.0]# ln -s /usr/local/keepalived/sbin/keepalived /sbin/
赋予脚本可执行权限
[root@server1 keepalived-1.4.0]# chmod +x /usr/local/keepalived/etc/rc.d/init.d/keepalived
设置服务开机自启
[root@server1 keepalived-1.4.3]# chkconfig keepalived on
[root@server1 keepalived-1.4.3]# chkconfig keepalived --list
keepalived 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@server1 keepalived-1.4.3]# /etc/init.d/keepalived start
Starting keepalived: [ OK ]
查看进程( keepalived正常运行后,会启动3个进程)
父进程:内存管理,监控子进程
VRRP子进程
healthchecker子进程
[root@server1 keepalived-1.4.0]# ps -ef | grep keepalived
root 7699 1043 0 16:58 ? 00:00:00 keepalived -D
root 17015 1 17 16:58 ? 00:00:00 keepalived -D
root 17018 17015 0 16:58 ? 00:00:00 keepalived -D
Keepalived配置文件详解
Keepalived的所有配置都在一个配置文件里面设置,支持的配置项主要分三类:
全局配置(Global Configuration):作用于整个keepalived服务
VRRPD配置:keepalived的核心
虚拟服务配置:指定服务与负载均衡
配置文件都是以块(block)形式组织的,每个块都在{ }包围的范围内
#和!开头的行都是注释
全局配置
全局定义:主要设置keepalived的通知机制和标识
global_defs { ##全局定义块
notification_email { ##邮件通知
admin@example.com
}
##notification_email指定keepalived在发生事件(切换),需要发送email到的对象。可以有多个,每行一个。
notification_email_from Alexandre.Cassen@firewall.loc
##smtp_*指定发送email的smtp服务器
smtp_server 192.168.200.1
smtp_connect_timeout 30
##router_id运行keepalived的机器的一个标识
router_id hostname
}
VRRP实例(instance)配置
主要定义vrrp_sync_group里面的每个组的漂移 IP等
vrrp_instance VI_1 {
##state指定instance的初始化状态,在两台router都启动后,马上会发生竞选,高priority的会竞选为Master,因而这里的state并不表示这台就一直是Master
state MASTER
##inside_network实例绑定的网卡
interface eth0
##VRID标记
virtual_router_id 51
##高优先级竞选为MASTER,MASTER要高于BACKUP至少50
priority 100
##检查间隔,默认1s
advert_int 1
##这一段设置认证
authentication {
auth_type PASS ##认证方式,支持PASS和AH
auth_pass 1111 ##认证的密码
}
##指定漂移地址(VIP),即切换到MASTER时,这些IP会被添加,切换到BACKUP时,这些IP会被删除(传给ip addr命令),所以每台服务器可以不用绑定任何的虚拟地址。
virtual_ipaddress {
192.168.200.16
192.168.200.17
192.168.200.18
}
}
虚拟服务块配置
virtual server IP port
virtual_server IP PORT { ##设置一个虚拟服务,virtual server: VIP : Vport
##service polling 的delay时间
delay_loop 6
##LVS的调度算法
lb_algo rr|wrr|lc|wlc|sh|dh|lblc
##LVS集群模式
lb_kind NAT|DR|TUN
##会话保持时间(秒)
persistence_timeout 50
##使用的协议是TCP 或者 UDP
protocol TCP|UDP
##real server IP Port
real_server IP PORT {
##默认为1,0为失效
weight 1
##在检测service down后执行的脚本
notify_down /path/script.sh
##TCP方式的健康检查
TCP_CHECK {
connect_port 80
connect_timeout 4
}
}
real_server IP PORT {
weight 1
##MISC健康方式,执行一个程序
MISC_CHECK {
##外部程序或脚本路径
misc_path /path_to_script/script.sh(or misc_path “/path_to_script/script.sh <arg_list>”)
}
}
real_server IP PORT {
weight 1
##HTTP / SSL健康检查方式
HTTP_GET|SSL_GET {
url {##HTTP/SSL检查的URL,这里可以指定多个URL
##SSL检查后的摘要信息(genhash工具算出)
digest alphanum
}
##健康检查端口
connect_port 80
##连接超时
connect_timeout 3
## 重连次数
nb_get_retry 3
##重连间隔时间(秒)
delay_before_retry 2
}
}
实验:单机keepliaved实现健康检测:
前提是lvs dr已经配好,
1 server1 上vip不要手动添加,写在配置文件即可。
配置文件:
[root@server1 keepalived]# vim keepalived.conf
1 ! Configuration File for keepalived
2
3 global_defs {
4 notification_email {
5 root@localhost
6 }
7 notification_email_from keepliaved@localhost
8 smtp_server 127.0.0.1
9 smtp_connect_timeout 30
10 router_id LVS_DEVEL
11 vrrp_skip_check_adv_addr
12 # vrrp_strict
13 vrrp_garp_interval 0
14 vrrp_gna_interval 0
15 }
16
17 vrrp_instance VI_1 {
18 state MASTER
19 interface eth0
20 virtual_router_id 51
21 priority 100
22 advert_int 1
23 authentication {
14 vrrp_gna_interval 0
15 }
16
17 vrrp_instance VI_1 {
18 state MASTER
19 interface eth0
20 virtual_router_id 51
21 priority 100
22 advert_int 1
23 authentication {
24 auth_type PASS
25 auth_pass 1111
26 }
27 virtual_ipaddress {
28 172.25.79.100
29 }
30 }
31
32 virtual_server 172.25.79.100 80 {
33 delay_loop 6
34 lb_algo rr
35 lb_kind DR
36 #persistence_timeout 50
37 protocol TCP
38 real_server 172.25.79.2 80 {
39 weight 1
40 TCP_CHECK {
41 connect_timeout 3
42 retry 3
43 delay_before_retry 3
44 }
45 }
47 real_server 172.25.79.3 80 {
48 weight 1
49 TCP_CHECK {
50 connect_timeout 3
51 retry 3
52 delay_before_retry 3
53 }
54 }
55 }
[root@server1 keepalived]# service keepalived restart
Stopping keepalived: [ OK ]
Starting keepalived: [ OK ]
[root@server1 keepalived]#
在调度机上关闭ldirectord服务,并查看ipvsadm策率
[root@server1 keepalived]# /etc/init.d/ipvsadm status
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.79.100:80 rr
-> 172.25.79.2:80 Route 1 0 0
-> 172.25.79.3:80 Route 1 0 0
测试:
realserver 2 3都正常时,可以看到轮询
[root@niub Desktop]# curl 172.25.79.100
www.westos.com server3
[root@niub Desktop]# curl 172.25.79.100
www.westos.com server2
当server挂掉时:
[root@niub Desktop]# curl 172.25.79.100
www.westos.com server3
[root@niub Desktop]# curl 172.25.79.100
www.westos.com server3
[root@niub Desktop]# curl 172.25.79.100
www.westos.com server3
[root@niub Desktop]# curl 172.25.79.100
www.westos.com server3
[root@niub Desktop]# curl 172.25.79.100
www.westos.com server3
对用户来说是透明的,实际server2 server3 是同一台服务器内容,keepliaved实现了后端服务器的健康检测,并成功的把坏掉的server 2给‘屏蔽‘了