1.keepalived服务介绍
Keepalived的项目实现的主要目标是简化LVS项目的配置并增强其稳定性,即Keepalived是对LVS项目的扩展增强。
Keepalived为Linux系统和基于Linux 的架构提供了负载均衡和高可用能力,其负载均衡功能主要源自集成在Linux内核中的LVS项目模块IPVS( IP Virtual Server ),基于IPVS提供的4 层TCP/IP协议负载均衡, Keepalived也具备负载均衡的功能,此外, Keepalived还实现了基于多层TCP/IP 协议( 3 层、4 层、5/7 层)的健康检查机制,因此, Keepalived在LVS 负载均衡功能的基础上,还提供了LVS 集群物理服务器池健康检查和故障节点隔离的功能。
除了扩展LVS的负载均衡服务器健康检查能力, Keepalived 还基于虚拟路由冗余协议( Virtual Route Redundancy Protocol, VRRP )实现了LVS 负载均衡服务器的故障切换转移,即Keepalived还实现了LVS负载均衡器的高可用性。Keepalived 就是为LVS 集群节点提供健康检查和为LVS 负载均衡服务器提供故障切换的用户空间进程。
2 keepalived核心模块
2.1.WatchDog :其主要负责监控Checkers和VRRP子进程的运行状况。
2.2.Checkers :此功能模块主要负责真实服务器的健康检查( HealthChecking ),是Keepalived最主要的功能之一,因为HealthChecking是负载均衡功能稳定运行的基础, LVS集群节点的故障隔离和重新加入均依赖于HealthChecking的结果。
2.3.VRRPStack :此功能模块主要负责负载均衡器之间的故障切换,如果集群架构中仅使用一个LVS负载均衡器,由于本身不具备故障切换的条件,则VRRPStack不是必须的。
2.4.IPVS Wrapper :此模块主要用来发送设定的规则到内核IPVS代码。Keepalived的设计目标是构建高可用的LVS 负载均衡群集, Keepalived在运行中将会通过IPVSWrapper模块调用IPVSAdmin工具来创建虚拟服务器,检查和管理LVS集群物理服务器池。
2.5.Netlink Reflector :此功能模块主要用来设定VRRP的VIP地址并提供相关的网络功能,该模块通过与内核中的NETLINK模块交互,从而为Keepalived 提供路由高可用功能。
Keepalived是开源负载均衡项目LVS的增强和虚拟路由协议VRRP实现的集合,即Keepalived通过整合和增强LVS与VRRP来提供高可用的负载均衡系统架构。
3 Keepalived配置实现服务高可用
下面是LVS+keepalived实现负载均衡及高可用集群服务。
3.1 下载keepalived软件包。
Keepalived官方站点:http://www.keepalived.org/
wget http://www.keepalived.org/software/keepalived-1.3.0.tar.gz
3.2 安装过程
确实路径
[[email protected] scripts]# cd /usr/src/
[[email protected] src]# ll
total 8
drwxr-xr-x. 2 root root 4096 Sep 23 2011 debug
drwxr-xr-x. 3 root root 4096 Dec 24 2017 kernels
lrwxrwxrwx 1 root root 39 Sep 7 20:44 linux -> /usr/src/kernels/2.6.32-431.el6.x86_64/
tar xvf keepalived-1.3.0.tar.gz
cd keepalived-1.3.0
./configure
编译报错:checking libnfnetlink/libnfnetlink.h usability... no
checking libnfnetlink/libnfnetlink.h presence... no
checking for libnfnetlink/libnfnetlink.h... no
configure: error:
!!! Please install libnfnetlink headers. !!!
安装 yum install -y libnfnetlink-devel
继续编译安装
make && make install
如果执行make安装报错如下:
make[2]: [namespaces.o] Error 1
make[2]: Leaving directory `/server/scripts/keepalived-1.3.0/keepalived/core‘
make[1]: [all-recursive] Error 1
make[1]: Leaving directory `/server/scripts/keepalived-1.3.0/keepalived‘
make: *** [all-recursive] Error 1
执行yum update glib*可以解决,然后继续make
3.3 配置规范启动
1.cp /server/scripts/keepalived-1.3.0/keepalived/etc/init.d/keepalived /etc/init.d/ 生成启动脚本命令
2.cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/ 配置启动脚本参数
3.mkdir /etc/keepalived 创建配置文件路径
4.cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/拷贝配置文件模板
5.cp /usr/local/sbin/keepalived /usr/sbin
6.启动keepalived服务
[[email protected] etc]# /etc/init.d/keepalived start
Starting keepalived: [ OK ]
[[email protected] etc]# ps -ef|grep keep
root 10541 1 0 22:34 ? 00:00:00 keepalived -D
root 10542 10541 0 22:34 ? 00:00:00 keepalived -D
root 10544 10541 0 22:34 ? 00:00:00 keepalived -D
root 10561 1320 0 22:39 pts/0 00:00:00 grep keep
到此keepalived已安装成功。安装成功后停止keepalived服务。
4 Keepalived配置文件详解
查看配置文件帮助文档man keepalived.conf 可以查看配置文件的详细介绍
keepalived有三类配置区域(姑且就叫区域吧),注意不是三种配置文件,是一个配置文件里面三种不同类别的配置区域:
4.1 全局配置(Global Configuration)
全局定义和静态路由配置。如发送邮件通知、路由器标识。
4.2 VRRPD配置
VRRP同步组(synchroization group)
VRRP实例(VRRP Instance)VRRP脚本
4.3 LVS配置
如果你没有配置LVS+keepalived那么无需配置这段区域,这里LVS配置并不是指真的安装LVS然后用ipvsadm来配置他,而是用keepalived的配置文件来代替ipvsadm来配置LVS
5 VIP接管配置
MATER端:
[[email protected] ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {br/>[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_14
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 14
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.132.21
}
}
BACKUP端:
[[email protected] ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {br/>[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_15
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 14
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.132.21
}
}
单实例中有三处与MASTER端配置不同。
启动keepalived服务,用ip add查看
[[email protected] ~]# ip add|grep 192.168.132
inet 192.168.132.14/24 brd 192.168.132.255 scope global eth0
inet 192.168.132.21/32 scope global eth0 ---------》配置文件中配置的vip
另一台上则不会有vip,因为它的实例优先级低。
测试lvs-1主机宕机后lvs-2接管vip。
[d:\~]$ ping -t 192.168.132.21
正在 Ping 192.168.132.21 具有 32 字节的数据:
来自 192.168.132.21 的回复: 字节=32 时间<1ms TTL=64
来自 192.168.132.21 的回复: 字节=32 时间<1ms TTL=64
来自 192.168.132.21 的回复: 字节=32 时间<1ms TTL=64
来自 192.168.132.21 的回复: 字节=32 时间<1ms TTL=64
现在关闭lvs-1主机网卡eth0
查看lvs-2
[[email protected] ~]# ip add|grep 192.168.132.21
inet 192.168.132.21/32 scope global eth0 -------》已经接管了vip
6 Keepalived高可用集群服务实践
之前在两台服务器上配置了keepalived服务,这里再加两台虚拟机作为web服务器(RS).
都安装http服务。由于配置lvs类型为DR,因此安装DR方式来配置RS:即配置VIP、ARP抑制。
负载均衡器端配置与VIP接管配置稍有不同,增加了LVS配置部分。如下:
virtual_server 192.168.132.21 80 {
delay_loop 6
lb_algo wlc
lb_kind DR
persistence_timeout 50 -------》保持会话连接
protocol TCP
real_server 192.168.132.10 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}real_server 192.168.132.11 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
以上不仅配置了RS,同时还对RS进行健康检查。
通过watch ipvsadm -ln查看集群情况。
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.132.21:80 wlc persistent 50
-> 192.168.132.10:80 Route 1 0 0
-> 192.168.132.11:80 Route 1 0 0
配置好后可以通过VIP访问。当有一台RS宕机时,另一台可以继续提供服务。
原文地址:http://blog.51cto.com/tuwei/2175728