集群系列教程之:keepalived+lvs 部署

集群系列教程之:keepalived+lvs

前言:最近看群里很多人在问keepalived+lvs的架构怎么弄,出了各种各样的问题,为此特别放下了别的文档,先写一篇keepalived+lvs架构的文档,使那些有需求的人能够得以满足。但是此篇文档是架构文档,不是基础理论,但我想你能做这个架构,势必也了解了基础理论知识,更多的理论知识体系,请看下回分解。。。。

测试拓扑:

环境说明:
 从上面的拓扑图,就可以看出本实验的环境信息,其中实线代表的是真实的物理连接,而虚线表示的是逻辑关系。
hostname:test1.lxm.com
IP:
 vip:eth0:0:10.0.10.200/24  //会不会有人看不懂含义啊?这个表示vip地址配置在eth0网卡的虚拟网卡eth0:0上,且ip地址是10.0.10.200/24
 DIP:eth0:10.0.10.11/24
 HAip:eth1:10.0.0.16/24   //所谓的HAip就是要用来传递心跳信息的网卡上的ip地址,在线上环境通常是要把数据网卡和心跳网卡分开的
function: 用做keepalived+lvs的前端主机

hostname:test2.lxm.com
IP:
 vip:eth0:0;10.0.10.200/24
 DIP:eth0:10.0.10.12/24
 HAip:eth1:10.0.10.18/24
function:用做keepalived+lvs的前端主机

hostname:test3.lxm.com
IP:
 vip:lo:0:10.0.10.200/32
 RIP:eth0:10.0.10.13/24
function:用作后端web

hostname:test4.lxm.com
IP:
 vip:lo:0:10.0.10.200/32
 RIP:eth0:10.0.10.14/24
function:用作后端web

hostname:test5.lxm.com
IP:
 vip:lo:0:10.0.10.200/32
 RIP:eth0:10.0.10.15/24
function: 用来做备用的web,什么 意思呢?就是当后端web全部故障的时候,keepalived可以设置将其请求转发到这台web上,给用户一个好的错误体验而已,体验内容随你自己喜欢。。

此外,这里的lvs使用的模型是DR模型,在拓扑上已经标注,其实从ip地址信息,也应该能看出来是DR模型。。。

初始化工作:
 所有主机配置好网络环境,尤其要注意前端两台做keepalived+lvs的是两个网卡,其次关闭selinux和iptables,配置好yum源。另外一个重点是一定要所有主机同步好时间,这将是你集群能
否成功的关键。。

架构部署:
 关于架构部署的事情,我想说的是,不要一上来就乱搞一通,这个装装,那个装装,最后一测试,巴拉巴拉一大堆错误,看到错误信息,脑袋直接蒙了,不知道该怎么检查。。所以部署架构
的时候一定要分层次。一个层次一个层次的去测试,直到最终完成。。
 就比如这里谈到的keepalived+lvs的架构,下面分这几个层次部署:
1.先部署后端三台web服务器,并测试web服务能够正常访问;
2.在前端两台主机上分别部署lvs,整合lvs+web,分别测试两台lvs主机和后端web配合能正常提供服务;
3.在前端两台主机上分别部署keepalived,整合keepalived+lvs;
4.测试keepalived是否能够满足HA的需求;

哈哈,看了上面几个层次,是否顿觉架构清晰了不少,当然不排除你比我有更好的思路哦。。。。。

1.部署realserver(后端web)上的web服务
主机:test3.lxm.com
[[email protected] /]# rpm -qa | grep httpd    //这里以httpd为例,如果你需要,你也可以使用nginx等其他web软件
[[email protected] /]# yum -y install httpd
[[email protected] /]# cd /var/www/html/
[[email protected] html]# ls
[[email protected] html]# echo "<h1>this is test3.lxm.com</h1>" > index.html
[[email protected] html]# vim /etc/httpd/conf/httpd.conf
将配置文件中的ServerName字段修改为:
ServerName 0.0.0.0:80

[[email protected] html]# service httpd start
Starting httpd:                                            [  OK  ]
[[email protected] html]#
[[email protected] html]# ps aux | grep httpd
root      1660  0.0  1.4 175708  3660 ?        Ss   11:56   0:00 /usr/sbin/httpd
apache    1662  0.0  0.9 175708  2392 ?        S    11:56   0:00 /usr/sbin/httpd
apache    1663  0.0  0.9 175708  2392 ?        S    11:56   0:00 /usr/sbin/httpd
apache    1664  0.0  0.9 175708  2392 ?        S    11:56   0:00 /usr/sbin/httpd
apache    1665  0.0  0.9 175708  2392 ?        S    11:56   0:00 /usr/sbin/httpd
apache    1666  0.0  0.9 175708  2392 ?        S    11:56   0:00 /usr/sbin/httpd
apache    1667  0.0  0.9 175708  2392 ?        S    11:56   0:00 /usr/sbin/httpd
apache    1668  0.0  0.9 175708  2392 ?        S    11:56   0:00 /usr/sbin/httpd
apache    1669  0.0  0.9 175708  2392 ?        S    11:56   0:00 /usr/sbin/httpd
root      1679  0.0  0.3 103244   848 pts/0    S+   11:58   0:00 grep httpd
[[email protected] html]# netstat -nultp | grep httpd
tcp        0      0 :::80                       :::*                        LISTEN      1660/httpd         
[[email protected] html]# links --dump http://10.0.10.13
                             this is test3.lxm.com
[[email protected] html]

到此,第一台web已经搭建完成。。。。

主机:test4.lxm.com
[[email protected] /]# rpm -qa | grep httpd
[[email protected] /]# yum -y install httpd
[[email protected] /]# cd /var/www/html/
[[email protected] html]# ls
[[email protected] html]# echo "<h1>this is test4.lxm.com</h1>" > index.html
[[email protected] html]# vim /etc/httpd/conf/httpd.conf
将配置文件中的ServerName字段修改为:
ServerName 0.0.0.0:80
[[email protected] html]# service httpd start
Starting httpd:                                            [  OK  ]
[[email protected] html]# ps aux | grep httpd
root      1672  0.0  1.5 175708  3668 ?        Ss   12:01   0:00 /usr/sbin/httpd
apache    1674  0.0  0.9 175708  2400 ?        S    12:01   0:00 /usr/sbin/httpd
apache    1675  0.0  0.9 175708  2400 ?        S    12:01   0:00 /usr/sbin/httpd
apache    1676  0.0  0.9 175708  2400 ?        S    12:01   0:00 /usr/sbin/httpd
apache    1677  0.0  0.9 175708  2400 ?        S    12:01   0:00 /usr/sbin/httpd
apache    1678  0.0  0.9 175708  2400 ?        S    12:01   0:00 /usr/sbin/httpd
apache    1679  0.0  0.9 175708  2400 ?        S    12:01   0:00 /usr/sbin/httpd
apache    1680  0.0  0.9 175708  2400 ?        S    12:01   0:00 /usr/sbin/httpd
apache    1681  0.0  0.9 175708  2400 ?        S    12:01   0:00 /usr/sbin/httpd
root      1683  0.0  0.3 103244   848 pts/1    S+   12:01   0:00 grep httpd
[[email protected] html]# netstat -nultp | grep httpd
tcp        0      0 :::80                       :::*                        LISTEN      1672/httpd         
[[email protected] html]# links --dump http://10.0.10.14
                             this is test4.lxm.com
[[email protected] html]#

到此,第二台web已经搭建测试完成。。。

注意:这里的每台web服务器页面内容都是不一样的,这是为了测试的时候效果明显,在生产环境中,加入负载均衡的web服务器上的web内容必须要保持一致。

2.部署备用web上的web服务

主机:test5.lxm.com
[[email protected] /]# rpm -qa | grep httpd
[[email protected] /]# yum -y install httpd
[[email protected] /]# cd /var/www/html/
[[email protected] html]# ls
[[email protected] html]# echo "<h1>this is test5.lxm.com</h1>" > index.html
[[email protected] html]# vim /etc/httpd/conf/httpd.conf
将配置文件中的ServerName字段修改为:
ServerName 0.0.0.0:80
[[email protected] html]# service httpd start
Starting httpd:                                            [  OK  ]
[[email protected] html]# ps aux | grep httpd
root      1613  0.0  1.5 175708  3664 ?        Ss   12:03   0:00 /usr/sbin/httpd
apache    1615  0.0  0.9 175708  2396 ?        S    12:03   0:00 /usr/sbin/httpd
apache    1616  0.0  0.9 175708  2396 ?        S    12:03   0:00 /usr/sbin/httpd
apache    1617  0.0  0.9 175708  2396 ?        S    12:03   0:00 /usr/sbin/httpd
apache    1618  0.0  0.9 175708  2396 ?        S    12:03   0:00 /usr/sbin/httpd
apache    1619  0.0  0.9 175708  2396 ?        S    12:03   0:00 /usr/sbin/httpd
apache    1620  0.0  0.9 175708  2396 ?        S    12:03   0:00 /usr/sbin/httpd
apache    1621  0.0  0.9 175708  2396 ?        S    12:03   0:00 /usr/sbin/httpd
apache    1622  0.0  0.9 175708  2396 ?        S    12:03   0:00 /usr/sbin/httpd
root      1624  0.0  0.3 103244   848 pts/0    S+   12:03   0:00 grep httpd
[[email protected] html]# netstat -nultp | grep httpd
tcp        0      0 :::80                       :::*                        LISTEN      1613/httpd         
[[email protected] html]# links --dump http://10.0.10.15
                            hello world!!!
[[email protected] html]#

到此,备份web也搭建完成了....

3.部署lvs环境
1)安装配置两台lvs director环境
主机:test1.lxm.com
[[email protected] /]# grep -i ‘ip_vs‘ /boot/config-2.6.32-431.el6.x86_64  //查看当前系统内核是否支持lvs的功能,默认情况下都已经将lvs的模块集成到内核了。。。
CONFIG_IP_VS=m
CONFIG_IP_VS_IPV6=y
# CONFIG_IP_VS_DEBUG is not set
CONFIG_IP_VS_TAB_BITS=12
CONFIG_IP_VS_PROTO_TCP=y
CONFIG_IP_VS_PROTO_UDP=y
CONFIG_IP_VS_PROTO_AH_ESP=y
CONFIG_IP_VS_PROTO_ESP=y
CONFIG_IP_VS_PROTO_AH=y
CONFIG_IP_VS_PROTO_SCTP=y
CONFIG_IP_VS_RR=m
CONFIG_IP_VS_WRR=m
CONFIG_IP_VS_LC=m
CONFIG_IP_VS_WLC=m
CONFIG_IP_VS_LBLC=m
CONFIG_IP_VS_LBLCR=m
CONFIG_IP_VS_DH=m
CONFIG_IP_VS_SH=m
CONFIG_IP_VS_SED=m
CONFIG_IP_VS_NQ=m
CONFIG_IP_VS_FTP=m
CONFIG_IP_VS_PE_SIP=m
[[email protected] /]#

[[email protected] /]# rpm -qa | grep ipvsadm
[[email protected] /]# yum -y install ipvsadmin //安装lvs用户空间的管理软件ipvsadm,
[[email protected] /]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
[[email protected] /]#

如果能出现上面的信息,表示ipvsadm已经安装成功。。
注:这个地方有人会产生怀疑,你怎么没还没启动就开始查看了呢?其实lvs是内核的一种功能,内核默认就支持了这种功能,ipvsadm本身就是用户空间的一种管理工具,启动停止ipvsadm无非
就是刷新规则的过程。并不影响你使用ipvsadm来进行管理。不知道大家有没有注意到iptables,其实iptables也是这个特性。

配置VIP:
[[email protected] /]# ifconfig eth0:0 10.0.10.200 netmask 255.255.255.0
[[email protected] /]# ifconfig eth0:0
eth0:0    Link encap:Ethernet  HWaddr 08:00:27:ED:EF:33 
          inet addr:10.0.10.200  Bcast:10.0.10.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

从上面的信息可见,VIP配置成功。。。

配置LVS规则:
 关于LVS的模型,在上面的环境说明中已经描述,使用DR模型,此外由于该技术文档的重点是测试keepalived的功能,所以这里对负载均衡的策略选择标准的rr(轮询)策略

[[email protected] /]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
[[email protected] /]# ipvsadm -A -t 10.0.10.200:80 -s rr
[[email protected] /]# ipvsadm -a -t 10.0.10.200:80 -r 10.0.10.13:80 -g
[[email protected] /]# ipvsadm -a -t 10.0.10.200:80 -r 10.0.10.14:80 -g
[[email protected] /]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  10.0.10.200:80 rr
  -> 10.0.10.13:80                Route   1      0          0        
  -> 10.0.10.14:80                Route   1      0          0        
[[email protected] /]# service ipvsadm save   
[[email protected] /]#

从上面的信息可见,lvs策略设置没有问题,但是有个注意点要说下,那就是lvs的持久性,如果你设置了持久连接,那么可能一段时间内访问的都是同一台服务器,所以在你测试的时候要特别注意。

到此,一台director上的配置就完成了。。。

主机2:test1.lxm.com

[[email protected] /]# grep -i ‘ip_vs‘ /boot/config-2.6.32-431.el6.x86_64
CONFIG_IP_VS=m
CONFIG_IP_VS_IPV6=y
# CONFIG_IP_VS_DEBUG is not set
CONFIG_IP_VS_TAB_BITS=12
CONFIG_IP_VS_PROTO_TCP=y
CONFIG_IP_VS_PROTO_UDP=y
CONFIG_IP_VS_PROTO_AH_ESP=y
CONFIG_IP_VS_PROTO_ESP=y
CONFIG_IP_VS_PROTO_AH=y
CONFIG_IP_VS_PROTO_SCTP=y
CONFIG_IP_VS_RR=m
CONFIG_IP_VS_WRR=m
CONFIG_IP_VS_LC=m
CONFIG_IP_VS_WLC=m
CONFIG_IP_VS_LBLC=m
CONFIG_IP_VS_LBLCR=m
CONFIG_IP_VS_DH=m
CONFIG_IP_VS_SH=m
CONFIG_IP_VS_SED=m
CONFIG_IP_VS_NQ=m
CONFIG_IP_VS_FTP=m
CONFIG_IP_VS_PE_SIP=m
[[email protected] /]#
[[email protected] /]# rpm -qa | grep ipvsadm
[[email protected] /]# yum -y install ipvsadmin
[[email protected] /]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
[[email protected] /]#

配置VIP:
[[email protected] /]# ifconfig eth0:0 10.0.10.200 netmask 255.255.255.0
[[email protected] /]# ifconfig eth0:0
eth0:0    Link encap:Ethernet  HWaddr 08:00:27:0D:26:B8 
          inet addr:10.0.10.200  Bcast:10.0.10.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

配置LVS规则:
[[email protected] /]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
[[email protected] /]# ipvsadm -A -t 10.0.10.200:80 -s rr
[[email protected]test2 /]# ipvsadm -a -t 10.0.10.200:80 -r 10.0.10.13:80 -g
[[email protected] /]# ipvsadm -a -t 10.0.10.200:80 -r 10.0.10.14:80 -g
[[email protected] /]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  10.0.10.200:80 rr
  -> 10.0.10.13:80                Route   1      0          0        
  -> 10.0.10.14:80                Route   1      0          0        
[[email protected] /]# service ipvsadm save
[[email protected] /]#

到此,lvs的规则配置完成。。。。

2)配置后端realserver
 后端两台realserver是:test3.lxm.com test4.lxm.com,其配置内容是一致的,以test3.lxm.com为例:
主机;test3.lxm.com
配置VIP:
[[email protected] /]# ifconfig lo
lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:39 errors:0 dropped:0 overruns:0 frame:0
          TX packets:39 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3438 (3.3 KiB)  TX bytes:3438 (3.3 KiB)

[[email protected] /]# ifconfig lo:0 10.0.10.200 netmask 255.255.255.255
[[email protected] /]# ifconfig lo:0
lo:0      Link encap:Local Loopback 
          inet addr:10.0.10.200  Mask:255.255.255.255
          UP LOOPBACK RUNNING  MTU:16436  Metric:1

注意:这里为什么要配置在还回口上面呢?当然你愿意你也可以配置在网卡上,之所以选择还回口,是因为这是系统自带的,你网卡怎么坏,它都不会坏,除非你系统挂掉了。。   
   
   
配置ARP规则:
[[email protected] /]# sysctl -w net.ipv4.conf.all.arp_announce=2 >> /etc/sysctl.conf
[[email protected] /]# sysctl -w net.ipv4.conf.all.arp_ignore=1 >> /etc/sysctl.conf
[[email protected] /]# sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key
error: "net.bridge.bridge-nf-call-iptables" is an unknown key
error: "net.bridge.bridge-nf-call-arptables" is an unknown key
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 2
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1

检查:
[[email protected] /]# cd /proc/sys/net/ipv4/conf/all/
[[email protected] all]# ls
accept_local         arp_announce  bootp_relay         forwarding     promote_secondaries  rp_filter         src_valid_mark
accept_redirects     arp_filter    disable_policy      log_martians   proxy_arp            secure_redirects  tag
accept_source_route  arp_ignore    disable_xfrm        mc_forwarding  proxy_arp_pvlan      send_redirects
arp_accept           arp_notify    force_igmp_version  medium_id      route_localnet       shared_media
[[email protected] all]# cat arp_announce
2
[[email protected] all]# cat arp_ignore
1

通过上面的设置,可见arp的内核参数,已经设置成功。。。

注:arp参数的含义:
arp_ignore:定义接收到ARP请求时的响应级别;
   0:默认行为,响应所有的地址ip和mac地址;
   1:仅在请求的目标地址配置在请求到达的接口地址相匹配,才给予响应
   在集群中选择1
  
  arp_announce:定义将自己地址向外通告的通告级别;
   0:将本地任何接口上的任何地址向外通告;
   1:试图仅向目标网络通告与其网络匹配的地址;
   2:仅向与本地接口上地址匹配的网络进行通告;
    在集群中选择2

为什么要设置arp抑制呢?为了防止冲突,网络通信的的底层是通过mac地址通信,但是是通过arp协议来解析mac地址,如果后端服务器上不设置arp抑制,当有请求询问10.0.10.200的mac地址是什么啊,此时所以配置有10.0.10.200的主机都会响应请求,这不就乱套了啊。。
   
   
   
配置主机路由:
[[email protected] /]# route add -host 10.0.10.200 dev lo:0
[[email protected] /]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.0.10.200     0.0.0.0         255.255.255.255 UH    0      0        0 lo
10.0.10.0       0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0
0.0.0.0         10.0.10.254     0.0.0.0         UG    0      0        0 eth0
[[email protected] /]#

有上面的信息可知,主机路由配置成功。。。。

注:为什么要设置主机路由呢?
当一个客户端的请求发来时,目标地址是10.0.10.200,前端director收到请求后,会根据lvs规则转发到后端realserver服务器,后端realserver处理完请求后,就要发送响应包给客户端,由于本地配置有vip地址,所以会直接响应给客户端,但是此时响应的源地址是什么呢?因为客户端的目标地址是10.0.10.200,因此响应包的源地址必须是10.0.10.200,客户端才会接受。。这个时候主机路由就派上用场了,通过查看系统路由表发现10.0.10.200的目的地址通过lo:0口发出去,而此时lo:0口上的地址正式10.0.10.200,因此源地址就是10.0.10.200,这样到了客户端,就会被成功的接受下来。。

额,巴拉巴拉说了一堆,更详细的lvs知识,请看lvs专题吧。。。。累了。。。。

到此,一台realserver就配置完成了。。。。

注意;所有的realserver都要配置,而且配置一样,剩下的realserver的配置就不再巴拉巴拉了。。此外备用web也要跟realserver一样的配置。。

3)测试lvs架构
 这里的测试要特别注意的是:一定要一台一台的测试lvs的架构,否则多台lvs director上都有VIP地址,都响应请求,那就完了。。你懂的。。而且在keepalived高可用中,也是一样,同一
时间内只能有一台lvs director在线工作的。。

测试:test1.lxm.com
(关闭test2.lxm.com这台director,只要取消VIP地址即可)
为了让大家看测试效果,这里选用在备用的web上进行测试,你可以在浏览器中测试:
[[email protected] /]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  10.0.10.200:80 rr
  -> 10.0.10.13:80                Route   1      0          0        
  -> 10.0.10.14:80                Route   1      0          0

[[email protected] /]# links --dump http://10.0.10.200
                             this is test3.lxm.com
[[email protected] /]# links --dump http://10.0.10.200
                             this is test4.lxm.com
[[email protected] /]# links --dump http://10.0.10.200
                             this is test3.lxm.com
[[email protected] /]# links --dump http://10.0.10.200
                             this is test4.lxm.com
[[email protected] /]# links --dump http://10.0.10.200
                             this is test3.lxm.com
[[email protected] /]# links --dump http://10.0.10.200
                             this is test4.lxm.com
[[email protected] /]#

//到这里,会不会有人想,你这里都是文字,是不是你手写的啊。。额,你要这么想,你看着办。。。。

[[email protected] /]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  10.0.10.200:80 rr
  -> 10.0.10.13:80                Route   1      0          3        
  -> 10.0.10.14:80                Route   1      0          3        
[[email protected] /]#

由上面的信息可见,我在客户端刷了6次,而director上查看,平均分配了。。。

关于test2.lxm.com的测试,这里不在展示,请你自行测试。。。。

最后,关闭director上的ipvsadm并不允许开机自启动:    
//这一点特别重要,在keepalived高可用中,lvs的规则是由keepalived来进行管理的。。以上所有的步骤只是为了验证系统运行LVS环境是否有问题。。。
[[email protected] /]# ifconfig eth0:0 down
[[email protected] /]# service ipvsadm stop
ipvsadm: Clearing the current IPVS table:                  [  OK  ]
ipvsadm: Unloading modules:                                [  OK  ]
[[email protected] /]# chkconfig ipvsadm off
[[email protected] /]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
[[email protected] /]#
上面的信息显示的是test2.lxm.com主机的,对于test1.lxm.com主机也是一样,要关闭ipvsadm,并取消VIP。。。

到此,lvs的架构就测试完成了。。。你还有什么问题吗?

4.部署keepalived
 keepalived部署是和lvs的director在同一台主机上的,因此test1.lxm.com test2.lxm.com两台主机都要安装keepalvied软件。。。
1)安装keepalived软件
  keepalived的安装比较简单,因为其是一个轻量级的高可用工具,但是也有需要注意点的地方,就是其在编译安装的时候需要使用的内核源码的头文件。
#yum -y install kernel-devel kernel-headers libnl-devel
#cd /root/soft
#tar -zxvf keepalived-1.2.7.tar.gz
#cd keepalived-1.2.7
#mkdir /usr/local/keepalived
#./configure --prefix=/usr/local/keepalived --mandir=/usr/local/share/man --with-kernel-dir=/usr/src/kernels/2.6.32-279.el6.x86_64
configure完成后,会出现下面的信息:
Keepalived configuration
------------------------
Keepalived version       : 1.2.7
Compiler                 : gcc
Compiler flags           : -g -O2
Extra Lib                : -lpopt -lssl -lcrypto  -lnl
Use IPVS Framework       : Yes
IPVS sync daemon support : Yes
IPVS use libnl           : Yes
Use VRRP Framework       : Yes
Use VRRP VMAC            : Yes
SNMP support             : No
Use Debug flags          : No

注:上面的信息就是当前keepalived所支持的功能,其中VRRP是keepalived的核心功能,这个是一定包含在内的,但是IPVS模块却是可选的,如果你要支持LVS,这里就必须为yes。。。

#make
#make install
#make clean

如果没什么错误,基本上keepalived编译安装算是完成了。。。

后续操作:
#cd /usr/local/keepalived
#cp -p etc/rc.d/init.d/keepalived /etc/rc.d/init.d
#cp -p etc/sysconfig/keepalived /etc/sysconfig/

#vim /etc/profile
export PATH=$PATH:/usr/local/keepalived/sbin/keepalived

#vim /etc/rc.d/init.d/keepalived
修改这个脚步文件,将可执行程序和配置文件改为正确的路径
keepalivebin=${keepalivebin:-/usr/local/keepalived/sbin/keepalived}
config=${config:-/usr/local/keepalived/etc/keepalived/keepalived.conf}

启动keepalived:
[[email protected] init.d]# service keepalived start
Starting keepalived:                                       [  OK  ]
[[email protected] init.d]# ps aux | grep keepalived
root      3056  0.0  0.3  42140   976 ?        Ss   15:24   0:00 /usr/local/keepalived/sbin/keepalived -D -f /usr/local/keepalived/etc/keepalived/keepalived.conf
root      3058  0.5  0.9  44376  2292 ?        S    15:24   0:00 /usr/local/keepalived/sbin/keepalived -D -f /usr/local/keepalived/etc/keepalived/keepalived.conf
root      3059  0.2  0.6  44244  1628 ?        S    15:24   0:00 /usr/local/keepalived/sbin/keepalived -D -f /usr/local/keepalived/etc/keepalived/keepalived.conf

由上面的信息可见,keepalived安装成功,并且能成功启动,但此时如果你查看日志:tail -f /var/log/messages 会发现不停报巴拉巴拉的错误,不要管他 ,暂时跟你没关系

到此,keepalived安装就算成功了。。。同理,安装另一台keepalived主机。。

2)配置文件keepalived.conf
主机:test1.lxm.com:
! Configuration File for keepalived
global_defs {
   notification_email {
 [email protected]
   }
   notification_email_from [email protected]
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
}

vrrp_sync_group VG_1 {
 
  group {
 VI_1
 }
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth1
    virtual_router_id 51
    priority 100
    advert_int 1
 nopreempt
    authentication {
        auth_type PASS
        auth_pass keepalivepass
    }
    virtual_ipaddress {
 10.0.10.200/24 dev eth0 label eth0:0
    }
}

virtual_server 10.0.10.200 80 {
    delay_loop 3
    lb_algo rr
    lb_kind DR
    nat_mask 255.255.255.0
#    persistence_timeout 50
    protocol TCP

real_server 10.0.10.13 80 {
        weight 1
        HTTP_GET {
     url {
  path /
  status_code 200
 }
  connect_port 80
        connect_timeout 1
        nb_get_retry 3
        delay_before_retry 2
    }
}
    real_server 10.0.10.14 80 {
        weight 1
        HTTP_GET {
     url {
  path /
  status_code 200
 }
  connect_port 80
        connect_timeout 1
        nb_get_retry 3
        delay_before_retry 2
    }
}

}

主机;test2.lxm.com:
! Configuration File for keepalived
global_defs {
   notification_email {
 [email protected]
   }
   notification_email_from [email protected]
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
}

vrrp_sync_group VG_1 {
 
  group {
 VI_1
 }
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth1
    virtual_router_id 51
    priority 99
 nopreempt
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass keepalivepass
    }
    virtual_ipaddress {
 10.0.10.200/24 dev eth0 label eth0:0
    }
}

virtual_server 10.0.10.200 80 {
    delay_loop 3
    lb_algo rr
    lb_kind DR
    nat_mask 255.255.255.0
#    persistence_timeout 50
    protocol TCP

real_server 10.0.10.13 80 {
        weight 1
        HTTP_GET {
     url {
  path /
  status_code 200
 }
  connect_port 80
        connect_timeout 1
        nb_get_retry 3
        delay_before_retry 2
    }
}
    real_server 10.0.10.14 80 {
        weight 1
        HTTP_GET {
     url {
  path /
  status_code 200
 }
  connect_port 80
        connect_timeout 1
        nb_get_retry 3
        delay_before_retry 2
    }
}

}

这边配置文件,我就不解释了,方便你直接贴。。。解释会专门写一篇博文。。。。

3)测试keepalived是否能成功启动,并管理lvs和VIP资源
[[email protected] keepalived]# ps aux | grep keepalived
root      3696  0.0  0.3  42140   976 ?        Ss   15:57   0:00 /usr/local/keepalived/sbin/keepalived -D -f /usr/local/keepalived/etc/keepalived/keepalived.conf
root      3698  0.0  0.9  46440  2336 ?        S    15:57   0:00 /usr/local/keepalived/sbin/keepalived -D -f /usr/local/keepalived/etc/keepalived/keepalived.conf
root      3699  0.0  0.6  46316  1684 ?        S    15:57   0:00 /usr/local/keepalived/sbin/keepalived -D -f /usr/local/keepalived/etc/keepalived/keepalived.conf
root      3701  0.0  0.3 103244   844 pts/0    S+   16:00   0:00 grep keepalived
[[email protected] keepalived]#

[[email protected] keepalived]# service keepalived start
Starting keepalived:                                       [  OK  ]
[[email protected] keepalived]# ps aux | grep keepalived
root      3220  0.0  0.3  42140   976 ?        Ss   15:58   0:00 /usr/local/keepalived/sbin/keepalived -D -f /usr/local/keepalived/etc/keepalived/keepalived.conf
root      3222  0.0  0.9  44368  2296 ?        S    15:58   0:00 /usr/local/keepalived/sbin/keepalived -D -f /usr/local/keepalived/etc/keepalived/keepalived.conf
root      3223  0.0  0.6  44244  1636 ?        S    15:58   0:00 /usr/local/keepalived/sbin/keepalived -D -f /usr/local/keepalived/etc/keepalived/keepalived.conf
root      3225  0.0  0.3 103244   844 pts/0    S+   16:00   0:00 grep keepalived
[[email protected] keepalived]#

以上信息显示,keepalived在两台主机上都已经启动了。。

注意;一定要注意的我的主机名的变化啊

查看日志:
主机test1.lxm.com
[[email protected] log]# tail -f /var/log/messages

Sep  2 15:57:58 test1 Keepalived[3695]: Starting Keepalived v1.2.7 (09/02,2014)
Sep  2 15:57:58 test1 Keepalived[3696]: Starting Healthcheck child process, pid=3698
Sep  2 15:57:58 test1 Keepalived[3696]: Starting VRRP child process, pid=3699
Sep  2 15:57:58 test1 Keepalived_vrrp[3699]: Interface queue is empty
Sep  2 15:57:58 test1 Keepalived_vrrp[3699]: No such interface, eth1
Sep  2 15:57:58 test1 Keepalived_vrrp[3699]: Netlink reflector reports IP 10.0.10.11 added
Sep  2 15:57:58 test1 Keepalived_vrrp[3699]: Netlink reflector reports IP 10.0.0.16 added     //这里提示检测到了系统的两个网卡的ip地址
Sep  2 15:57:58 test1 Keepalived_vrrp[3699]: Netlink reflector reports IP fe80::a00:27ff:feed:ef33 added
Sep  2 15:57:58 test1 Keepalived_vrrp[3699]: Netlink reflector reports IP fe80::a00:27ff:fe36:2415 added
Sep  2 15:57:58 test1 Keepalived_vrrp[3699]: Registering Kernel netlink reflector
Sep  2 15:57:58 test1 Keepalived_vrrp[3699]: Registering Kernel netlink command channel
Sep  2 15:57:58 test1 Keepalived_vrrp[3699]: Registering gratuitous ARP shared channel
Sep  2 15:57:58 test1 Keepalived_healthcheckers[3698]: Interface queue is empty
Sep  2 15:57:58 test1 Keepalived_healthcheckers[3698]: No such interface, eth1
Sep  2 15:57:58 test1 Keepalived_healthcheckers[3698]: Netlink reflector reports IP 10.0.10.11 added
Sep  2 15:57:58 test1 Keepalived_healthcheckers[3698]: Netlink reflector reports IP 10.0.0.16 added
Sep  2 15:57:58 test1 Keepalived_healthcheckers[3698]: Netlink reflector reports IP fe80::a00:27ff:feed:ef33 added
Sep  2 15:57:58 test1 Keepalived_healthcheckers[3698]: Netlink reflector reports IP fe80::a00:27ff:fe36:2415 added
Sep  2 15:57:58 test1 Keepalived_healthcheckers[3698]: Registering Kernel netlink reflector
Sep  2 15:57:58 test1 Keepalived_healthcheckers[3698]: Registering Kernel netlink command channel
Sep  2 15:57:58 test1 Keepalived_healthcheckers[3698]: Opening file ‘/usr/local/keepalived/etc/keepalived/keepalived.conf‘.
Sep  2 15:57:58 test1 Keepalived_vrrp[3699]: Opening file ‘/usr/local/keepalived/etc/keepalived/keepalived.conf‘.
Sep  2 15:57:58 test1 Keepalived_vrrp[3699]: Truncating auth_pass to 8 characters
Sep  2 15:57:58 test1 Keepalived_vrrp[3699]: Configuration is using : 65373 Bytes
Sep  2 15:57:58 test1 Keepalived_vrrp[3699]: Using LinkWatch kernel netlink reflector...
Sep  2 15:57:58 test1 Keepalived_vrrp[3699]: VRRP sockpool: [ifindex(3), proto(112), fd(10,11)]
Sep  2 15:57:58 test1 Keepalived_healthcheckers[3698]: Configuration is using : 16462 Bytes
Sep  2 15:57:58 test1 Keepalived_healthcheckers[3698]: Using LinkWatch kernel netlink reflector...
Sep  2 15:57:58 test1 Keepalived_healthcheckers[3698]: Activating healthchecker for service [10.0.10.13]:80
Sep  2 15:57:58 test1 Keepalived_healthcheckers[3698]: Activating healthchecker for service [10.0.10.14]:80   //这个地方显示对后端服务器做检测
Sep  2 15:57:59 test1 Keepalived_vrrp[3699]: VRRP_Instance(VI_1) Transition to MASTER STATE 
Sep  2 15:58:00 test1 Keepalived_vrrp[3699]: VRRP_Instance(VI_1) Entering MASTER STATE   //这里显示该主机被决策为master
Sep  2 15:58:00 test1 Keepalived_vrrp[3699]: VRRP_Instance(VI_1) setting protocol VIPs.
Sep  2 15:58:00 test1 Keepalived_vrrp[3699]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 10.0.10.200
Sep  2 15:58:00 test1 Keepalived_vrrp[3699]: VRRP_Group(VG_1) Syncing instances to MASTER state   
Sep  2 15:58:00 test1 Keepalived_healthcheckers[3698]: Netlink reflector reports IP 10.0.10.200 added  //到这里显示,想对方主机同步master状态,并添加了VIP
Sep  2 15:58:05 test1 Keepalived_vrrp[3699]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 10.0.10.200

主机:test2.lxm.com
[[email protected] ~]# tail -f /var/log/messages

Sep  2 15:58:03 test2 Keepalived[3219]: Starting Keepalived v1.2.7 (09/02,2014)
Sep  2 15:58:03 test2 Keepalived[3220]: Starting Healthcheck child process, pid=3222
Sep  2 15:58:03 test2 Keepalived[3220]: Starting VRRP child process, pid=3223
Sep  2 15:58:03 test2 Keepalived_vrrp[3223]: Interface queue is empty
Sep  2 15:58:03 test2 Keepalived_vrrp[3223]: No such interface, eth1
Sep  2 15:58:03 test2 Keepalived_vrrp[3223]: Netlink reflector reports IP 10.0.10.12 added
Sep  2 15:58:03 test2 Keepalived_vrrp[3223]: Netlink reflector reports IP 10.0.0.18 added
Sep  2 15:58:03 test2 Keepalived_vrrp[3223]: Netlink reflector reports IP fe80::a00:27ff:fe0d:26b8 added
Sep  2 15:58:03 test2 Keepalived_vrrp[3223]: Netlink reflector reports IP fe80::a00:27ff:fe35:e1f4 added
Sep  2 15:58:03 test2 Keepalived_vrrp[3223]: Registering Kernel netlink reflector
Sep  2 15:58:03 test2 Keepalived_vrrp[3223]: Registering Kernel netlink command channel
Sep  2 15:58:03 test2 Keepalived_vrrp[3223]: Registering gratuitous ARP shared channel
Sep  2 15:58:03 test2 Keepalived_vrrp[3223]: Opening file ‘/usr/local/keepalived/etc/keepalived/keepalived.conf‘.
Sep  2 15:58:03 test2 Keepalived_healthcheckers[3222]: Interface queue is empty
Sep  2 15:58:03 test2 Keepalived_vrrp[3223]: Truncating auth_pass to 8 characters
Sep  2 15:58:03 test2 Keepalived_vrrp[3223]: Configuration is using : 65388 Bytes
Sep  2 15:58:03 test2 Keepalived_vrrp[3223]: Using LinkWatch kernel netlink reflector...
Sep  2 15:58:03 test2 Keepalived_healthcheckers[3222]: No such interface, eth1
Sep  2 15:58:03 test2 Keepalived_vrrp[3223]: VRRP_Instance(VI_1) Entering BACKUP STATE       //成为了backup
Sep  2 15:58:03 test2 Keepalived_healthcheckers[3222]: Netlink reflector reports IP 10.0.10.12 added
Sep  2 15:58:03 test2 Keepalived_healthcheckers[3222]: Netlink reflector reports IP 10.0.0.18 added
Sep  2 15:58:03 test2 Keepalived_healthcheckers[3222]: Netlink reflector reports IP fe80::a00:27ff:fe0d:26b8 added
Sep  2 15:58:03 test2 Keepalived_healthcheckers[3222]: Netlink reflector reports IP fe80::a00:27ff:fe35:e1f4 added
Sep  2 15:58:03 test2 Keepalived_healthcheckers[3222]: Registering Kernel netlink reflector
Sep  2 15:58:03 test2 Keepalived_healthcheckers[3222]: Registering Kernel netlink command channel
Sep  2 15:58:03 test2 Keepalived_healthcheckers[3222]: Opening file ‘/usr/local/keepalived/etc/keepalived/keepalived.conf‘.
Sep  2 15:58:03 test2 Keepalived_healthcheckers[3222]: Configuration is using : 16477 Bytes
Sep  2 15:58:03 test2 Keepalived_vrrp[3223]: VRRP sockpool: [ifindex(3), proto(112), fd(10,11)]
Sep  2 15:58:03 test2 Keepalived_healthcheckers[3222]: Using LinkWatch kernel netlink reflector...
Sep  2 15:58:03 test2 Keepalived_healthcheckers[3222]: Activating healthchecker for service [10.0.10.13]:80
Sep  2 15:58:03 test2 Keepalived_healthcheckers[3222]: Activating healthchecker for service [10.0.10.14]:80

通过上面的信息可以看到,keepalived之间的心跳信息已经成功协商,并通过优先级的高低选出了主备。接下来就要验证是否能够驱动资源。在主设备应该能看到VIP和LVS的规则信息,而在从设备上应该只能看到LVS的规则信息,而没有VIP

master:test1.lxm.com:
[[email protected] keepalived]# ifconfig eth0:0
eth0:0    Link encap:Ethernet  HWaddr 08:00:27:ED:EF:33 
          inet addr:10.0.10.200  Bcast:0.0.0.0  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

[[email protected] keepalived]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  10.0.10.200:80 rr
  -> 10.0.10.13:80                Route   1      0          0        
  -> 10.0.10.14:80                Route   1      0          0        
[[email protected] keepalived]#

backup:test2.lxm.com
[[email protected] keepalived]# ifconfig eth0:0
eth0:0    Link encap:Ethernet  HWaddr 08:00:27:0D:26:B8 
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

[[email protected] keepalived]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  10.0.10.200:80 rr
  -> 10.0.10.13:80                Route   1      0          0        
  -> 10.0.10.14:80                Route   1      0          0        
[[email protected] keepalived]#

看到没,通过上面的信息显示,验证了之前的猜想。。。

上面的日志信息还显示,keepalived对后端的服务器发送了检测信息,这是因为在keepalived配置文件中,在lvs配置段,配置了检测功能,此时查看后端web服务器的访问日志,验证是否有检测信息:
[[email protected] all]# cd /etc/httpd/logs/
[[email protected] logs]# ls
access_log  error_log
[[email protected] logs]# tail -f access_log
10.0.10.11 - - [02/Sep/2014:16:12:05 +0800] "GET / HTTP/1.0" 200 31 "-" "KeepAliveClient"
10.0.10.12 - - [02/Sep/2014:16:12:05 +0800] "GET / HTTP/1.0" 200 31 "-" "KeepAliveClient"
10.0.10.11 - - [02/Sep/2014:16:12:10 +0800] "GET / HTTP/1.0" 200 31 "-" "KeepAliveClient"
10.0.10.12 - - [02/Sep/2014:16:12:10 +0800] "GET / HTTP/1.0" 200 31 "-" "KeepAliveClient"
10.0.10.11 - - [02/Sep/2014:16:12:15 +0800] "GET / HTTP/1.0" 200 31 "-" "KeepAliveClient"
10.0.10.12 - - [02/Sep/2014:16:12:15 +0800] "GET / HTTP/1.0" 200 31 "-" "KeepAliveClient"
10.0.10.11 - - [02/Sep/2014:16:12:20 +0800] "GET / HTTP/1.0" 200 31 "-" "KeepAliveClient"
10.0.10.12 - - [02/Sep/2014:16:12:20 +0800] "GET / HTTP/1.0" 200 31 "-" "KeepAliveClient"
10.0.10.11 - - [02/Sep/2014:16:12:25 +0800] "GET / HTTP/1.0" 200 31 "-" "KeepAliveClient"
10.0.10.12 - - [02/Sep/2014:16:12:25 +0800] "GET / HTTP/1.0" 200 31 "-" "KeepAliveClient"
10.0.10.11 - - [02/Sep/2014:16:12:30 +0800] "GET / HTTP/1.0" 200 31 "-" "KeepAliveClient"
10.0.10.12 - - [02/Sep/2014:16:12:30 +0800] "GET / HTTP/1.0" 200 31 "-" "KeepAliveClient"

通过上面的信息,验证了keepalived检测后端服务器是否在线的功能已经启用了。。你会发现这样的日志信息不停的在刷。。这个跟你设置的检测策略有关。。。

到此,关于keepalived的安装,配置,启动就成功了,初步说明keepalived+lvs架构已经搭建起来,至于效果怎么样,有待于后面的测试。。。

5.keepalived+lvs全面测试
1)基于上面完成的环境,测试keepalived+lvs能够提供web访问
[[email protected] /]# links --dump http://10.0.10.200
                             this is test4.lxm.com
[[email protected] /]# links --dump http://10.0.10.200
                             this is test3.lxm.com
[[email protected] /]# links --dump http://10.0.10.200
                             this is test4.lxm.com
[[email protected] /]# links --dump http://10.0.10.200
                             this is test3.lxm.com
[[email protected] /]# links --dump http://10.0.10.200
                             this is test4.lxm.com
[[email protected] /]# links --dump http://10.0.10.200
                             this is test3.lxm.com
[[email protected] /]#

[[email protected] keepalived]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  10.0.10.200:80 rr
  -> 10.0.10.13:80                Route   1      0          3        
  -> 10.0.10.14:80                Route   1      0          3        
[[email protected] keepalived]#

由上面的测试信息可知,访问没有任何问题。。。因此,就之前搭建起来的环境是没有任何问题的。。。

2)测试keepalived自动切换
 keepalived的切换主要分为三种;
第一种:keepalived服务挂了
 基于上面的环境,现在的master是test1.lxm.com,backup是test2.lxm.com,现在模拟test1.lxm.com上的keepalived服务挂了
[[email protected] keepalived]# service keepalived stop  //关闭了test1的keepalived服务,模拟keepalived挂了。。
Stopping keepalived:                                       [  OK  ]
[[email protected] keepalived]#

查看日志:
Sep  2 16:27:26 test1 Keepalived[3696]: Stopping Keepalived v1.2.7 (09/02,2014)
Sep  2 16:27:26 test1 Keepalived_vrrp[3699]: VRRP_Instance(VI_1) sending 0 priority
Sep  2 16:27:26 test1 kernel: IPVS: __ip_vs_del_service: enter
Sep  2 16:27:26 test1 Keepalived_vrrp[3699]: VRRP_Instance(VI_1) removing protocol VIPs.

上面显示keepalived服务停止了,移除了VIP

查看资源:
[[email protected] keepalived]# ifconfig
eth0      Link encap:Ethernet  HWaddr 08:00:27:ED:EF:33 
          inet addr:10.0.10.11  Bcast:10.0.10.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:feed:ef33/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:13896 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13783 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1768054 (1.6 MiB)  TX bytes:1575730 (1.5 MiB)

eth1      Link encap:Ethernet  HWaddr 08:00:27:36:24:15 
          inet addr:10.0.0.16  Bcast:10.0.0.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe36:2415/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2174 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:300 (300.0 b)  TX bytes:117492 (114.7 KiB)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:348 errors:0 dropped:0 overruns:0 frame:0
          TX packets:348 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:27544 (26.8 KiB)  TX bytes:27544 (26.8 KiB)

[[email protected] keepalived]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
[[email protected] keepalived]#

从上面的信息,可见VIP没了,ipvsadm的规则也被清空了。。

此时查看test2.lxm.com主机:
Sep  2 16:27:25 test2 Keepalived_vrrp[3223]: VRRP_Instance(VI_1) Transition to MASTER STATE
Sep  2 16:27:25 test2 Keepalived_vrrp[3223]: VRRP_Group(VG_1) Syncing instances to MASTER state
Sep  2 16:27:26 test2 Keepalived_vrrp[3223]: VRRP_Instance(VI_1) Entering MASTER STATE
Sep  2 16:27:26 test2 Keepalived_vrrp[3223]: VRRP_Instance(VI_1) setting protocol VIPs.
Sep  2 16:27:26 test2 Keepalived_vrrp[3223]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 10.0.10.200
Sep  2 16:27:26 test2 Keepalived_healthcheckers[3222]: Netlink reflector reports IP 10.0.10.200 added
Sep  2 16:27:31 test2 Keepalived_vrrp[3223]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 10.0.10.200

由上面的信息可知,原来的backup主机已经切换到master主机了

查看资源:
[[email protected] keepalived]# ifconfig
eth0      Link encap:Ethernet  HWaddr 08:00:27:0D:26:B8 
          inet addr:10.0.10.12  Bcast:10.0.10.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe0d:26b8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:10498 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11324 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1449942 (1.3 MiB)  TX bytes:1171364 (1.1 MiB)

eth0:0    Link encap:Ethernet  HWaddr 08:00:27:0D:26:B8 
          inet addr:10.0.10.200  Bcast:0.0.0.0  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth1      Link encap:Ethernet  HWaddr 08:00:27:35:E1:F4 
          inet addr:10.0.0.18  Bcast:10.0.0.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe35:e1f4/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2131 errors:0 dropped:0 overruns:0 frame:0
          TX packets:239 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:127860 (124.8 KiB)  TX bytes:13002 (12.6 KiB)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:87 errors:0 dropped:0 overruns:0 frame:0
          TX packets:87 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:7300 (7.1 KiB)  TX bytes:7300 (7.1 KiB)
  
看到没,多了个VIP。。。好,切换成功

此时在使用客户端访问测试:
[[email protected] /]# date
Tue Sep  2 16:31:37 CST 2014
[[email protected] /]# links --dump http://10.0.10.200
                             this is test4.lxm.com
[[email protected] /]# links --dump http://10.0.10.200
                             this is test3.lxm.com
[[email protected] /]# links --dump http://10.0.10.200
                             this is test4.lxm.com
[[email protected] /]# links --dump http://10.0.10.200
                             this is test3.lxm.com
[[email protected] /]# links --dump http://10.0.10.200
                             this is test4.lxm.com
[[email protected] /]# links --dump http://10.0.10.200
                             this is test3.lxm.com
[[email protected] /]#

[[email protected] keepalived]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  10.0.10.200:80 rr
  -> 10.0.10.13:80                Route   1      0          3        
  -> 10.0.10.14:80                Route   1      0          3
 
通过上面的信息,访问没有任何影响,从这个测试看出了,keepalived在自身服务挂掉的情况下,可以正常切换。且也验证了,使用另一台keepalived+lvs主机,访问也是正常的。。

注意:这个时候可能有人有疑问了?如果我挂掉的keepalived主机重新上线了,会不会再次变为主设备,因为它的优先级高。我想说可以,只要你设置了抢占规则,但是在线上环境不建议设置抢占,就算时间很短也会有抖动。。默认情况下如果没有设置nopreempt,会根据优先级自动进行抢占的。。。而我上面的配置文件中设置了nopreempt,因此我这里是不会抢占的。

第二种:ipvsadm挂了

先看一下在没有做任何措施的情况下,停止ipvsadm服务是否会切换:
基于此前的环境,这里的master是test2.lxm.com,因此在该主机上检测:
[[email protected] keepalived]# service ipvsadm stop
ipvsadm: Clearing the current IPVS table:                  [  OK  ]
ipvsadm: Unloading modules:                                [  OK  ]

查看日志:
Sep  2 16:53:55 test2 kernel: IPVS: __ip_vs_del_service: enter
Sep  2 16:53:55 test2 kernel: IPVS: [rr] scheduler unregistered.
Sep  2 16:53:55 test2 kernel: IPVS: ipvs unloaded.

从日志看出,就报了个IPVS 调度器为注册,ipvs模块卸载了或者未加载。。其他啥也没了。此时查看一下VIP信息:
[[email protected] keepalived]# ifconfig
eth0      Link encap:Ethernet  HWaddr 08:00:27:0D:26:B8 
          inet addr:10.0.10.12  Bcast:10.0.10.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe0d:26b8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:13432 errors:0 dropped:0 overruns:0 frame:0
          TX packets:14776 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1831388 (1.7 MiB)  TX bytes:1499838 (1.4 MiB)

eth0:0    Link encap:Ethernet  HWaddr 08:00:27:0D:26:B8 
          inet addr:10.0.10.200  Bcast:0.0.0.0  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth1      Link encap:Ethernet  HWaddr 08:00:27:35:E1:F4 
          inet addr:10.0.0.18  Bcast:10.0.0.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe35:e1f4/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2716 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1065 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:162960 (159.1 KiB)  TX bytes:57606 (56.2 KiB)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:99 errors:0 dropped:0 overruns:0 frame:0
          TX packets:99 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:8300 (8.1 KiB)  TX bytes:8300 (8.1 KiB)

[[email protected] keepalived]#

从上面信息看出,VIP信息还在,由此可判断出,并没有切换。。。好,那该怎么办呢?

这个时候就需要keepalived一种特殊的功能:嵌套脚本

此时修改keepalived.conf配置文件,内容如下:
! Configuration File for keepalived
global_defs {
   notification_email {
 [email protected]
   }
   notification_email_from [email protected]
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
}

vrrp_sync_group VG_1 {
 
  group {
 VI_1
 }
}

vrrp_script check_lvs {     //这段内容就是添加的内容,用来导入外部的脚本
    script "/usr/local/keepalived/etc/keepalived/lvs_check.sh"     //该选项就是指定外部脚步的位置
    interval 1    //没间隔一秒钟执行脚步一次
    weight -10   //如果检测失败,则降低本主机keepalived的优先级
    fall 1    // 检测失败一次就失败,生产中不建议这样,建议3次左右
    rise 1  //检测一次成功,就表示成功。。。
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth1
    virtual_router_id 51
    priority 100
    advert_int 1
 nopreempt
    authentication {
        auth_type PASS
        auth_pass keepalivepass
    }
    virtual_ipaddress {
 10.0.10.200/24 dev eth0 label eth0:0
    }
 
 track_script {    //这段内容也是添加的,必须要和vrrp_script联合使用,这表示调用vrrp_script定义的脚本。
       check_lvs
}
 
}

virtual_server 10.0.10.200 80 {
    delay_loop 3
    lb_algo rr
    lb_kind DR
    nat_mask 255.255.255.0
#    persistence_timeout 50
    protocol TCP

real_server 10.0.10.13 80 {
        weight 1
        HTTP_GET {
     url {
  path /
  status_code 200
 }
  connect_port 80
        connect_timeout 1
        nb_get_retry 3
        delay_before_retry 2
    }
}
    real_server 10.0.10.14 80 {
        weight 1
        HTTP_GET {
     url {
  path /
  status_code 200
 }
  connect_port 80
        connect_timeout 1
        nb_get_retry 3
        delay_before_retry 2
    }
}

}

注意:修改keepalived.conf配置文件,必须要相应的同步所有的keepalived主机,你不可能希望一台具有某个功能,另一台没有吧,但是要注意,主备的不同设置和相同设置

创建/usr/local/keepalived/etc/keepalived/lvs_check.sh脚步,一个简单的脚步内容如下:
#!/bin/bash
function mailSend() {
   echo "ipvsadm service is down" |  mail -s "ipvsadm service is down" [email protected]

}
num=`ipvsadm --list -n | grep 10.0.10.200| wc -l`
[ $num -eq 0 ] && mailSend && exit 1 || exit 0

注:我这个脚步主要是帮助大家测试一下,调用外部脚本来检测服务,达到keepalived切换的目的。其次在该脚步中,当lvs的规则都没有时,此时就考虑ipvsadm挂了,需要切换。那有人就会问了,假如还有lvs规则,但是踢掉了几个规则,怎么办?那我想估计有两种情况,一是你的服务器太脆弱,别人随时能上去玩玩或者你自己踢了玩,二就是后端web服务器有些主机故障了,lvs踢掉了一些,但这个时候即使你切换了,还不是一样的效果哦。。

修改了配置文件,创建的脚本并赋予执行权限,重启服务,再次测试:
注意:我这里还保持主为test2.lxm.com (亲,请不要再问我怎么保持了,如果你是根据我上面做的来,那么此时主默认就是test2.lxm.com,否则根据自己的情况实验即可)
[[email protected] keepalived]# service ipvsadm stop
ipvsadm: Clearing the current IPVS table:                  [  OK  ]
ipvsadm: Unloading modules:                                [  OK  ]
[[email protected] keepalived]#

查看test2.lxm.com的日志:
Sep  5 13:52:21 test2 kernel: IPVS: __ip_vs_del_service: enter
Sep  5 13:52:21 test2 kernel: IPVS: [rr] scheduler unregistered.
Sep  5 13:52:21 test2 kernel: IPVS: ipvs unloaded.

发现日志信息中还是多了这么三行信息,其他没任何反应,怎么回事?按道理来说如果发生了切换,日志中肯定会报移除了虚拟ip地址,但是这里没有,因此可以猜测VIP还在。。
(这里声明下,有人可能眼睛厉害,看到我日志的时间好像和前面不一样啊,哈,亲,因为实验不是一天测完的,本人有工作)

查看VIP地址:
[[email protected] keepalived]# ifconfig
eth0      Link encap:Ethernet  HWaddr 08:00:27:0D:26:B8 
          inet addr:10.0.10.12  Bcast:10.0.10.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe0d:26b8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:13438 errors:0 dropped:0 overruns:0 frame:0
          TX packets:15234 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1632335 (1.5 MiB)  TX bytes:1576327 (1.5 MiB)

eth0:0    Link encap:Ethernet  HWaddr 08:00:27:0D:26:B8 
          inet addr:10.0.10.200  Bcast:0.0.0.0  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth1      Link encap:Ethernet  HWaddr 08:00:27:35:E1:F4 
          inet addr:10.0.0.18  Bcast:10.0.0.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe35:e1f4/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:917 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2562 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:55020 (53.7 KiB)  TX bytes:138084 (134.8 KiB)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:341 errors:0 dropped:0 overruns:0 frame:0
          TX packets:341 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:24801 (24.2 KiB)  TX bytes:24801 (24.2 KiB)

从上面的信息可见,VIP还在,因此并没有切换成功,根据日志的信息来看,没有报任何跟vrrp_script有关的信息,这是什么原因?傻眼了。。。其实这个错误是我故意展示的,这里是为了给你加深映像,如果不给你点出来,你可能感觉呀,以前实验好像成功啊,现在咋了?大部分人可能折腾几个小时,甚至更长都搞不明白。。。说实话我也是折腾了好久,查来查去无果,最后不得已扒日志,一条一条看,发现了这么一句话:
 Keepalived_vrrp[14961]: VRRP_Instance(VI_1) : ignoring tracked script with weights due to SYNC group  
 
 上面这句话的意思:由于sync group的原因,忽略了带有权值的跟踪脚本。。意思就是track_script这个设置根本没起作用。回过头来看看配置文件,果然有这么一段配置:
 vrrp_sync_group VG_1 {

group {
        VI_1
 }

}

好,既然找到了原因,那么接下来,就要测试是否是这个原因,注释掉这段配置,然后再次启动keepalived:
这个时候,查看日志,发现没有了那句话,而且出现了下面一句话:
Sep  5 15:00:54 test2 Keepalived_vrrp[2074]: VRRP_Script(check_lvs) succeeded

由此说明,脚本调用已经成功了。

测试;
[[email protected] keepalived]# service ipvsadm stop
ipvsadm: Clearing the current IPVS table:                  [  OK  ]
ipvsadm: Unloading modules:                                [  OK  ]
[[email protected] keepalived]#

看日志:
Sep  5 15:02:37 test2 kernel: IPVS: __ip_vs_del_service: enter
Sep  5 15:02:37 test2 kernel: IPVS: [rr] scheduler unregistered.
Sep  5 15:02:37 test2 kernel: IPVS: ipvs unloaded.
Sep  5 15:02:37 test2 kernel: IPVS: Registered protocols (TCP, UDP, SCTP, AH, ESP)
Sep  5 15:02:37 test2 kernel: IPVS: Connection hash table configured (size=4096, memory=64Kbytes)
Sep  5 15:02:37 test2 kernel: IPVS: ipvs loaded.
Sep  5 15:02:37 test2 Keepalived_vrrp[2074]: VRRP_Script(check_lvs) failed

从上面的信息看到,脚本已经检测到lvs的规则被刷掉,且返回的结果是失败,这就表示脚本成功返回了值1.但是还是没有移除虚拟ip的信息,这是为什么?

分析:
 这个时候就要分析了,当前所在的主机是test2.lxm.com,本来是作为备用主机的,其优先级比较低,但是master发生了故障,切换到了该主机,因此该主机变成了master。当此前master主
机,即test1.lxm.com恢复时,因为设置了nopreempt,因此不会抢占回去。那如果这个时候,test2主机的ipvsadm挂了,规则没了,但是keepalived的心跳还在,keepalived服务并没有挂掉,此时还是可以和tes1主机进行心跳沟通,这个时候发现test1是不抢占的机制,本来test2的优先级就比test1低,此时检测到故障再次降低优先级是一个效果,因此,此时并不会进行主备切换。这个时候,如果想发生错误进行切换,就要修改脚本test2.lxm.com上脚本的内容。
修改脚本如下:

#!/bin/bash
function mailSend() {
   echo "ipvsadm service is down" |  mail -s "ipvsadm service is down" [email protected]

}
num=`ipvsadm --list -n | grep 10.0.10.200| wc -l`
[ $num -eq 0 ] && mailSend && service keepalived stop || exit 0     //如果检测到失败,直接停止keepalived服务

测试;
[[email protected] keepalived]# service ipvsadm stop
ipvsadm: Clearing the current IPVS table:                  [  OK  ]
ipvsadm: Unloading modules:                                [  OK  ]

看日志:
Sep  5 15:14:58 test2 kernel: IPVS: __ip_vs_del_service: enter
Sep  5 15:14:58 test2 kernel: IPVS: [rr] scheduler unregistered.
Sep  5 15:14:58 test2 kernel: IPVS: ipvs unloaded.
Sep  5 15:14:58 test2 kernel: IPVS: Registered protocols (TCP, UDP, SCTP, AH, ESP)
Sep  5 15:14:58 test2 kernel: IPVS: Connection hash table configured (size=4096, memory=64Kbytes)
Sep  5 15:14:58 test2 kernel: IPVS: ipvs loaded.
Sep  5 15:14:58 test2 Keepalived[7365]: Stopping Keepalived v1.2.7 (09/05,2014)
Sep  5 15:14:58 test2 Keepalived_vrrp[7368]: VRRP_Instance(VI_1) sending 0 priority
Sep  5 15:14:58 test2 Keepalived_vrrp[7368]: VRRP_Instance(VI_1) removing protocol VIPs.
Sep  5 15:14:58 test2 Keepalived_healthcheckers[7367]: Netlink reflector reports IP 10.0.10.200 removed
Sep  5 15:14:58 test2 Keepalived_healthcheckers[7367]: IPVS: No such destination
Sep  5 15:14:58 test2 Keepalived_healthcheckers[7367]: IPVS: Service not defined
Sep  5 15:14:58 test2 Keepalived_healthcheckers[7367]: IPVS: No such service

从日志上看到,keepalived的停止了,VIP被移除了。。。

[[email protected] keepalived]# ifconfig
eth0      Link encap:Ethernet  HWaddr 08:00:27:0D:26:B8 
          inet addr:10.0.10.12  Bcast:10.0.10.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe0d:26b8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:25996 errors:0 dropped:0 overruns:0 frame:0
          TX packets:29273 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:3154978 (3.0 MiB)  TX bytes:3116748 (2.9 MiB)

eth1      Link encap:Ethernet  HWaddr 08:00:27:35:E1:F4 
          inet addr:10.0.0.18  Bcast:10.0.0.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe35:e1f4/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2282 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5657 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:136920 (133.7 KiB)  TX bytes:305214 (298.0 KiB)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:3681 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3681 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:204929 (200.1 KiB)  TX bytes:204929 (200.1 KiB)

这个时候,看到VIP资源没了,查看test1的信息,日志中你会看到切换成了master,VIP信息也添加完成。。。。

到这里,有人肯定会想了?刚刚你在test2上的时候需要修改脚本才行,那test1是不是也要修改?这里的答案是不需要,因为test2是抢占的机制,一旦test1的优先级降低,test2就会立刻抢占过去:
测试:
test1上的脚本内容:
#!/bin/bash
function mailSend() {
   echo "ipvsadm service is down" |  mail -s "ipvsadm service is down" [email protected]

}
num=`ipvsadm --list -n | grep 10.0.10.200| wc -l`
[ $num -eq 0 ] && mailSend && exit 1 || exit 0
 
[[email protected] keepalived]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  10.0.10.200:80 rr
  -> 10.0.10.13:80                Route   1      0          0        
  -> 10.0.10.14:80                Route   1      0          0        
You have new mail in /var/spool/mail/root
[[email protected] keepalived]# service ipvsadm stop
ipvsadm: Clearing the current IPVS table:                  [  OK  ]
ipvsadm: Unloading modules:                                [  OK  ]

查看日志:

Sep  5 15:15:34 test1 kernel: IPVS: __ip_vs_del_service: enter
Sep  5 15:15:34 test1 kernel: IPVS: [rr] scheduler unregistered.
Sep  5 15:15:34 test1 kernel: IPVS: ipvs unloaded.
Sep  5 15:15:34 test1 kernel: IPVS: Registered protocols (TCP, UDP, SCTP, AH, ESP)
Sep  5 15:15:34 test1 kernel: IPVS: Connection hash table configured (size=4096, memory=64Kbytes)
Sep  5 15:15:34 test1 kernel: IPVS: ipvs loaded.
Sep  5 15:15:34 test1 Keepalived_vrrp[5788]: VRRP_Script(check_lvs) failed
Sep  5 15:15:36 test1 Keepalived_vrrp[5788]: VRRP_Instance(VI_1) Received higher prio advert
Sep  5 15:15:36 test1 Keepalived_vrrp[5788]: VRRP_Instance(VI_1) Entering BACKUP STATE
Sep  5 15:15:36 test1 Keepalived_vrrp[5788]: VRRP_Instance(VI_1) removing protocol VIPs.
Sep  5 15:15:36 test1 Keepalived_healthcheckers[5787]: Netlink reflector reports IP 10.0.10.200 removed

从上面的信息看到没,日志报的和刚刚test2不一样,当脚本检测到失败时,立即降低了自身了优先级,然后提示收到高优先级通告,然后转换到backup状态,移除了VIP。。
 
 
 好,到这里,关于用脚本检测第三方服务成功与否实现VIP的切换就成功了。。。。
 
 
不过,这里还残留一个问题,估计你也想到了,就是vrrp_sync_group和vrrp_script同时使用的问题,从上面的讨论来看,好像是有冲突的概念。但是万一生产中,就是要同时使用怎么办呢?
经过我的测试,如果你想在不注释vrrp_sync_group的情况下,使用vrrp_script的话,那就要修改track_script的内容如下:

track_script {
 check_lvs weight 0
 }
 
从上面看出,就是要在脚本名后面 明确的加上weight 0 字段... 关于这个,自行测试吧。我测试是通过。。。
 
 
第三种:网卡通信故障
 在keepalived中,还可以对网卡故障进行检测,一旦检测到对外通信的网卡发生了故障,就可以进行VIP的切换。在keepalived中有两种方式来检测网卡,一种是向上面一样使用外部脚本的
的方式,另一种就是使用keepalived自身的track_interface检测

测试验证:
 测试中的master还是test2.lxm.com(一直在这上面测的原因是其优先级低,如果优先级低的都能正常切换,那么优先级高的就没有问题)
[[email protected] keepalived]#ifdown eth0 down
 
日志:
Sep  5 15:38:36 test2 Keepalived_vrrp[14989]: VRRP_Instance(VI_1) Received higher prio advert
Sep  5 15:38:36 test2 Keepalived_vrrp[14989]: VRRP_Instance(VI_1) Entering BACKUP STATE
Sep  5 15:38:36 test2 Keepalived_vrrp[14989]: VRRP_Instance(VI_1) removing protocol VIPs.
Sep  5 15:38:36 test2 Keepalived_healthcheckers[14988]: Netlink reflector reports IP 10.0.10.200 removed

查看test1:
Sep  5 15:35:55 test1 Keepalived_vrrp[19581]: VRRP_Instance(VI_1) Transition to MASTER STATE
Sep  5 15:35:56 test1 Keepalived_vrrp[19581]: VRRP_Instance(VI_1) Entering MASTER STATE
Sep  5 15:35:56 test1 Keepalived_vrrp[19581]: VRRP_Instance(VI_1) setting protocol VIPs.
Sep  5 15:35:56 test1 Keepalived_vrrp[19581]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 10.0.10.200
Sep  5 15:35:56 test1 Keepalived_healthcheckers[19580]: Netlink reflector reports IP 10.0.10.200 added

可见test1变成了master,此时在将test2的网卡重新上线,发现test1的日志:
Sep  5 15:38:34 test1 Keepalived_vrrp[19581]: VRRP_Instance(VI_1) Received lower prio advert, forcing new election
Sep  5 15:38:34 test1 Keepalived_vrrp[19581]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 10.0.10.200
Sep  5 15:38:35 test1 Keepalived_vrrp[19581]: VRRP_Instance(VI_1) Received lower prio advert, forcing new election
Sep  5 15:38:35 test1 Keepalived_vrrp[19581]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 10.0.10.200

说明其心跳通信正常。。

再次测试,关掉test1的网卡,看test2的日志:

Sep  5 15:42:45 test2 Keepalived_vrrp[14989]: VRRP_Instance(VI_1) Transition to MASTER STATE
Sep  5 15:42:46 test2 Keepalived_vrrp[14989]: VRRP_Instance(VI_1) Entering MASTER STATE
Sep  5 15:42:46 test2 Keepalived_vrrp[14989]: VRRP_Instance(VI_1) setting protocol VIPs.
Sep  5 15:42:46 test2 Keepalived_healthcheckers[14988]: Netlink reflector reports IP 10.0.10.200 added
Sep  5 15:42:46 test2 Keepalived_vrrp[14989]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 10.0.10.200
Sep  5 15:42:51 test2 Keepalived_vrrp[14989]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 10.0.10.200

发现test2立即变成了master,看VIP

[[email protected] ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 08:00:27:0D:26:B8 
          inet addr:10.0.10.12  Bcast:10.0.10.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe0d:26b8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:29585 errors:0 dropped:0 overruns:0 frame:0
          TX packets:33483 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:3618179 (3.4 MiB)  TX bytes:3520824 (3.3 MiB)

eth0:0    Link encap:Ethernet  HWaddr 08:00:27:0D:26:B8 
          inet addr:10.0.10.200  Bcast:0.0.0.0  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth1      Link encap:Ethernet  HWaddr 08:00:27:35:E1:F4 
          inet addr:10.0.0.18  Bcast:10.0.0.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe35:e1f4/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2722 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7036 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:163320 (159.4 KiB)  TX bytes:379776 (370.8 KiB)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:3691 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3691 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:205595 (200.7 KiB)  TX bytes:205595 (200.7 KiB)

[[email protected] ~]#

发现VIP成功切换。。。。

注:这里就不详细贴日志,自己测试即可。。。

说明:对于上面2和3的测试看起来似乎绕了很大一圈,但是不绕这么一圈,你可能学不到什么,网上一大堆都是巴拉拉巴的都在优先级高的上测试,随便弄个例子就OK了。我这么做,就是让你知道这里面有这么个弯子,你自己想怎么用,自己看着办了。。。

第四种:后端web服务器全部故障时,使用sorry_server定向请求到其他备用服务器
 对于这个功能,其实是可有可无,在生产环境中,肯定是每台服务器上的服务都是有所监控的,一旦发现错误就会理解处理,基本上不会发生后端web服务全部故障无法返回数据的情况。但
是凡事不是绝对的,说不定奇葩了呢。。所以还是说一下这个功能。

在测试上面的功能,先测试一下,当后端web服务器有故障时,lvs是否会踢掉有故障的规则:
测试:
在master上查看lvs规则:
[[email protected] ~]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  10.0.10.200:80 rr
  -> 10.0.10.13:80                Route   1      0          0        
  -> 10.0.10.14:80                Route   1      0          0        
[[email protected] ~]#

停止后端一台web服务器的httpd服务:
[[email protected] ~]# service httpd stop
Stopping httpd:                                            [  OK  ]
[[email protected] ~]#

在查看lvs规则:
[[email protected] ~]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  10.0.10.200:80 rr
  -> 10.0.10.13:80                Route   1      0          0        
You have new mail in /var/spool/mail/root
[[email protected] ~]#

看日志:
Sep  5 15:55:44 test2 Keepalived_healthcheckers[19580]: Error connecting server [10.0.10.14]:80.
Sep  5 15:55:44 test2 Keepalived_healthcheckers[19580]: Removing service [10.0.10.14]:80 from VS [10.0.10.200]:80
Sep  5 15:55:44 test2 Keepalived_healthcheckers[19580]: Remote SMTP server [127.0.0.1]:25 connected.
Sep  5 15:55:44 test2 Keepalived_healthcheckers[19580]: SMTP alert successfully sent.

可以看到,但后端web服务故障时,对应的规则成功被踢掉。。。

在启动httpd服务:
[[email protected] ~]# service httpd start
Starting httpd:                                            [  OK  ]
[[email protected] ~]#

看日志:

Sep  5 15:57:22 test2 Keepalived_healthcheckers[19580]: HTTP status code success to [10.0.10.14]:80 url(1).
Sep  5 15:57:25 test2 Keepalived_healthcheckers[19580]: Remote Web server [10.0.10.14]:80 succeed on service.
Sep  5 15:57:25 test2 Keepalived_healthcheckers[19580]: Adding service [10.0.10.14]:80 to VS [10.0.10.200]:80
Sep  5 15:57:25 test2 Keepalived_healthcheckers[19580]: Remote SMTP server [127.0.0.1]:25 connected.
Sep  5 15:57:25 test2 Keepalived_healthcheckers[19580]: SMTP alert successfully sent.

查看规则:
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  10.0.10.200:80 rr
  -> 10.0.10.13:80                Route   1      0          0        
  -> 10.0.10.14:80                Route   1      0          0        
[[email protected] ~]#

可以看到,规则又成功备添加回来了。。。。这说明keepalived可以实时检测后端服务,并刷新规则。。。

测试sorry_server的功能:
在配置文件中添加下面这么一句话:
virtual_server 10.0.10.200 80 {
    delay_loop 3
    lb_algo rr
    lb_kind DR
    nat_mask 255.255.255.0
#    persistence_timeout 50
    protocol TCP

sorry_server 10.0.10.15 80    //我这是配置文件的一部分,看清楚是在什么位置添加的。。。
    real_server 10.0.10.13 80 {
        weight 1

重启keepalived服务:
[[email protected] keepalived]# service keepalived restart
Stopping keepalived:                                       [  OK  ]
Starting keepalived:                                       [  OK  ]
[[email protected] keepalived]#

查看规则:
[[email protected] keepalived]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  10.0.10.200:80 rr
  -> 10.0.10.13:80                Route   1      0          0        
  -> 10.0.10.14:80                Route   1      0          0        
[[email protected] keepalived]#

停止后端所有web服务:
[[email protected] ~]# service httpd stop
Stopping httpd:                                            [  OK  ]
[[email protected] ~]#
[[email protected] logs]# service httpd stop
Stopping httpd:                                            [  OK  ]
[[email protected] logs]#

查看日志:
[[email protected] keepalived]#tail -f /var/log/message
Sep  5 16:05:15 test2 Keepalived_healthcheckers[25096]: Removing service [10.0.10.13]:80 from VS [10.0.10.200]:80
Sep  5 16:05:15 test2 Keepalived_healthcheckers[25096]: Remote SMTP server [127.0.0.1]:25 connected.
Sep  5 16:05:15 test2 Keepalived_healthcheckers[25096]: SMTP alert successfully sent.
Sep  5 16:05:20 test2 Keepalived_healthcheckers[25096]: Error connecting server [10.0.10.14]:80.
Sep  5 16:05:20 test2 Keepalived_healthcheckers[25096]: Removing service [10.0.10.14]:80 from VS [10.0.10.200]:80
Sep  5 16:05:20 test2 Keepalived_healthcheckers[25096]: Lost quorum 1-0=1 > 0 for VS [10.0.10.200]:80
Sep  5 16:05:20 test2 Keepalived_healthcheckers[25096]: Adding sorry server [10.0.10.15]:80 to VS [10.0.10.200]:80
Sep  5 16:05:20 test2 Keepalived_healthcheckers[25096]: Removing alive servers from the pool for VS [10.0.10.200]:80
Sep  5 16:05:20 test2 Keepalived_healthcheckers[25096]: Remote SMTP server [127.0.0.1]:25 connected.
Sep  5 16:05:20 test2 Keepalived_healthcheckers[25096]: SMTP alert successfully sent.

查看规则:
[[email protected] keepalived]# ipvsadm --list -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  10.0.10.200:80 rr
  -> 10.0.10.15:80                Route   1      0          0        
You have new mail in /var/spool/mail/root
[[email protected] keepalived]#

好,到这个地方,请你注意了,对比一样,当添加了sorry_server之后重启了keepalived服务,第一次查看规则,发现没有任何变化,并没有添加备用web的规则信息,当停止掉所有后端服务时
此时在查看规则,发现自动生成了备用web的规则。。

此时在客户端测试访问,发现访问到的是备用web上的内容。。

第五种:主备状态切换的报警
 对于keepalived来说,特别重要的就是当前的主备状态,以便于我们根据需要进行调整。。。
配置如下:
vrrp_instance VI_1 {
    state BACKUP
    interface eth1
    virtual_router_id 51
    priority 99
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass keepalivepass
    }
    virtual_ipaddress {
        10.0.10.200/24 dev eth0 label eth0:0
    }

track_script {
        check_lvs
}
    track_interface {
        eth0
}
    notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master 10.0.10.200"
    notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup 10.0.10.200"
    notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault 10.0.10.200"
    smtp_alert   //这个必须有,是报警的开关
}

上面的配置是个片段,报警配置是:notify开头的配置。上面的master,backup好理解,fault通常是跟心跳有关,例如心跳网卡宕了,检测不到心跳信息了等。。

一个简单的notify.sh的内容:
#!/bin/bash
#
contact=‘[email protected]‘
Usage() {
 echo "Usage:`basename $0` {master|backup|fault} VIP"
}
Notify() {
 subject="`hostname`‘s keepalived state changed to $1"
 mailBody="`date "+%F %T"`:`hostname`‘s keepalived state change to $1,$VIP floating."
 echo $mailBody | mail -s "$subject" $contact
}

[ $# -lt 2 ] && Usage && exit 1

VIP=$2
case $1 in
 master)
  Notify master
  ;;
 backup)
  Notify backup
  ;;
 fault)
  Notify fault
  ;;
 *)
  Usage
  exit 1
  ;;
esac

配置完成后,重启keepalived服务,当主备发生切换时,就会有邮件报警,在生产环境中,可以将邮件地址填写为自己的邮箱即可。。
其次配置了这里的报警,就可以取消全局配置中的邮件报警了,notification_email相关的设置...,使用该方式,你可以任意定义报警的内容。。。

到此位置,关于keepalived+lvs的部署就说道这了,不可能面面俱到,但是也说的差不多了。。。至于keepalived的本身其它的内容设置,会在keepalived.conf配置文件分析中再聊一聊。。

在啰嗦一句,这文档有点长啊,不想在从头审核了,看到错误的话,你自己意会吧啊,不过我想应该不会有什么笔误吧。

结束!!!
  笨蛋的技术------不怕你不会!!!!

时间: 2024-10-08 21:37:31

集群系列教程之:keepalived+lvs 部署的相关文章

高可用集群实验二:keepalived+lvs实现故障自迁移

一.承接上一篇文章,按上面拓扑做修改: 1.新增一台Director,eth1的IP 192.168.1.5 2.旧Director添加一起网卡eth0(IP 10.0.0.1/24)直连新Director的eth0(IP 10.0.0.2/24) 3.删除.旧Director的eth1:0 二.两台Director都进行以下操作: 1.关闭ipvsadm: chkconfig ipvsadm off service ipvsadm off 2..通过ssh-keygen互信 ssh-keyge

linux集群系列(3) --- LVS之负载均衡集群DR实例

一.简介     1.1.  负载均衡集群:LB (load balancing) LVS 是linux virtual server 的简写,即linux的虚拟服务器,是一个虚拟的服务器集群系统.ip负载均衡技术是在负载调度器的实现技术中效率最高的,在已有的ip负载均衡技术中,主要通过网络地址转换(即VS/NAT 技术).由于使用nat技术会使分派器成为瓶颈,所以提出了通过ip隧道实现虚拟服务器(即VS/TUN)和通过直接路由实现虚拟服务器的方法即VS/DR. VS/NAT.VS/TUN和VS

linux命令:linux集群系列之一---LVS类型(未完)

集群系统的主要优点: 高可扩展性: 高可用性:集群中的一个节点失效,它的任务可以传递给其他节点.可以有效防止单点失效. 高性能:负载平衡集群允许系统同时接入更多的用户. 高性价比:可以采用廉价的符合工业标准的硬件构造高性能的系统 集群类型: 最常见的三种集群类型: 负载均衡集群:LB (load balancing) 硬件负载均衡(Hardware): 1.F5,BIG IP 2.Citrix,Netscaler 3.A10 软件负载均衡(Software):  1.四层设备LVS 2.七层设备

kali linux 系列教程之metasploit 连接postgresql可能遇见的问题

kali linux 系列教程之metasploit 连接postgresql可能遇见的问题 文/玄魂   目录 kali linux 下metasploit 连接postgresql可能遇见的问题................................ 1 前言............................................................................................................... 1

WCF系列教程之WCF服务宿主

本文参考自http://www.cnblogs.com/wangweimutou/p/4377062.html,纯属读书笔记,加深记忆. 一.简介 任何一个程序的运行都需要依赖一个确定的进程中,WCF也不例外.如果我们需要使用WCF服务,那么我们就必须将服务寄宿与创建它并控制它的上下文和生存期的运行时环境当中,承载服务的环境,称之为宿主.WCF服务可以在支持托管代码的任意Windows进程中运行.WCF提供了统一编程模型,用于生成面向服务的应用程序.此编程模型保持一致且独立于部署服务的运行时环境

kali Linux系列教程之BeFF安装与集成Metasploit

kali Linux系列教程之BeFF安装与集成Metasploit 文/玄魂 1.1 apt-get安装方式 1.2 启动 1.3 基本测试 1.4 异常信息 1.5 从源码安装BeEF 1.5.1 安装curl git 1.5.2 安装rvm 1.5.3 安装依赖项 1.5.4 安装ruby 1.5.5 安装bundler 1.5.6下载beef 1.5.7 安装和启动 1.6 集成metasploit 1.1 apt-get安装方式 打开终端,输入如下命令: apt-get install

Kali Linux系列教程之OpenVas安装

Kali Linux系列教程之OpenVas安装 文 /玄魂 目录 Kali Linux系列教程之OpenVas安装... 1 前言... 1 1.  服务器层组件... 1 2.客户层组件... 1 安装过程... 2 Initial setup. 2 初始管理员密码... 4 从浏览器访问后台... 4 更新数据... 7 管理用户... 8 扫描器配置信息查看... 9 修复安装错误... 9 创建证书... 10 更新NVT. 12 客户端证书错误... 13 前言 OpenVAS是一款

负载均衡集群企业及应用实战--LVS

负载均衡集群企业及应用实战-Lvs LVS是Linux Virtual Server的简称: 也就是Linux虚拟服务器, 是一个由章文嵩博士发起的自由软件项目,它的官方站点是www.linuxvirtualserver.org. 现在LVS已经是 Linux标准内核的一部分,在Linux2.4内核以前,使用LVS时必须要重新编译内核以支持LVS功能模块,但是从Linux2.4内核以后,已经完全内置了LVS的各个功能模块, 无需给内核打任何补丁,可以直接使用LVS提供的各种功能. LVS自从19

18.1集群介绍 18.2 keepalived介绍18.3/18.4/18.5 用keepalived配置高可用集群

- 18.1 集群介绍 - 18.2 keepalived介绍 - 18.3/18.4/18.5 用keepalived配置高可用集群 - 扩展 - heartbeat和keepalived比较 http://blog.csdn.net/yunhua_lee/article/details/9788433  - DRBD工作原理和配置 http://502245466.blog.51cto.com/7559397/1298945 - mysql+keepalived http://lizhenl