|
-------------------LVS專題------------------------ LVS原理詳解及部署之一:ARP原理準備 LVS原理詳解及部署之二:LVS原理詳解(3種工作方式8種調(diào)度算法) LVS原理詳解及部署之三:手動部署LVS LVS原理詳解及部署之四:keepalived介紹 LVS原理詳解及部署之五:LVS+keepalived實現(xiàn)負載均衡&高可用 ------------------------------------------------- 之前已經(jīng)講解LVS原理�,并且介紹了如果手動部署LVS。但由于我們需要進行RS節(jié)點服務(wù)器的健康檢查����,還有要做LVS的HA���。此文就主要介紹keepalived的原理�,并且介紹如何部署keepalived做作為web服務(wù)器的HA。本文的目錄如下: 一��、keepalived原理介紹
二�����、部署keepalived作為web服務(wù)器的HA 三����、腳本實現(xiàn)監(jiān)控httpd服務(wù)
一、keepalived原理介紹 1)keepalived簡介 Keepalived的功能有點像是兩個人互相看著一個工作���,如果一個人離開崗位另外一個人就會接替���,這個keepalived就是他們之間保持這樣“替換機制”的工具。keepalived是一個類似于layer3, 4 & 5交換機制的軟件���,也就是我們平時說的第3層����、第4層和第5層交換。Keepalived的作用是檢測web服務(wù)器的狀態(tài)���,如果有一臺web服務(wù)器死機���,或工作出現(xiàn)故障,Keepalived將檢測到���,并將有故障的web服務(wù)器從系統(tǒng)中剔除���,當web服務(wù)器工作正常后Keepalived自動將web服務(wù)器加入到服務(wù)器群中,這些工作全部自動完成���,不需要人工干涉���,需要人工做的只是修復故障的web服務(wù)器。 Keepalived服務(wù)主要有兩大用途:heartbeat(高可用)&failover(健康檢測) Keepalived服務(wù)主要截圖vrrp來完成這些工作的����,以下我就來介紹下VRRP協(xié)議是怎樣的工作的,那么基本上keepalived的工作原理就是如此��。 2)VRRP協(xié)議(VRRP Virtual Router Redundancy Protocol,虛擬路由冗余協(xié)議) VRRP協(xié)議過程簡述:VRRP 將局域網(wǎng)的一組路由器(包括一個Master 即活動路由器和若干個Backup 即備份路由器)組織成一個虛擬路由器����,稱之為一個備份組。這個虛擬的路由器擁有自己的IP 地址10.100.10.1(這個IP 地址可以和備份組內(nèi)的某個路由器的接口地址相同���,相同的則稱為ip擁有者),備份組內(nèi)的路由器也有自己的IP 地址(如Master的IP 地址為10.100.10.2��,Backup 的IP 地址為10.100.10.3)��。局域網(wǎng)內(nèi)的主機僅僅知道這個虛擬路由器的IP 地址10.100.10.1���,而并不知道具體的Master 路由器的IP 地址10.100.10.2 以及Backup 路由器的IP 地址10.100.10.3���。[1]它們將自己的缺省路由下一跳地址設(shè)置為該虛擬路由器的IP 地址10.100.10.1。于是�,網(wǎng)絡(luò)內(nèi)的主機就通過這個虛擬的路由器來與其它網(wǎng)絡(luò)進行通信。如果備份組內(nèi)的Master 路由器壞掉���,Backup 路由器將會通過選舉策略選出一個新的Master 路由器���,繼續(xù)向網(wǎng)絡(luò)內(nèi)的主機提供路由服務(wù)。從而實現(xiàn)網(wǎng)絡(luò)內(nèi)的主機不間斷地與外部網(wǎng)絡(luò)進行通信。
VRRP原理:
一個VRRP路由器有唯一的標識:VRID����,范圍為0—255該路由器對外表現(xiàn)為唯一的虛擬MAC地址,地址的格式為00-00-5E-00-01-[VRID]主控路由器負責對ARP請求用該MAC地址做應答這樣,無論如何切換��,保證給終端設(shè)備的是唯一一致的IP和MAC地址����,減少了切換對終端設(shè)備的影響[3] VRRP控制報文只有一種:VRRP通告(advertisement)它使用IP多播數(shù)據(jù)包進行封裝,組地址為224.0.0.18�,發(fā)布范圍只限于同一局域網(wǎng)內(nèi)這保證了VRID在不同網(wǎng)絡(luò)中可以重復使用為了減少網(wǎng)絡(luò)帶寬消耗只有主控路由器才可以周期性的發(fā)送VRRP通告報文備份路由器在連續(xù)三個通告間隔內(nèi)收不到VRRP或收到優(yōu)先級為0的通告后啟動新的一輪VRRP選舉[3] 在VRRP路由器組中,按優(yōu)先級選舉主控路由器����,VRRP協(xié)議中優(yōu)先級范圍是0—255若VRRP路由器的IP地址和虛擬路由器的接口IP地址相同,則稱該虛擬路由器作VRRP組中的IP地址所有者����;IP地址所有者自動具有最高優(yōu)先級:255優(yōu)先級0一般用在IP地址所有者主動放棄主控者角色時使用可配置的優(yōu)先級范圍為1—254優(yōu)先級的配置原則可以依據(jù)鏈路的速度和成本路由器性能和可靠性以及其它管理策略設(shè)定主控路由器的選舉中,高優(yōu)先級的虛擬路由器獲勝�,因此,如果在VRRP組中有IP地址所有者����,則它總是作為主控路由的角色出現(xiàn)對于相同優(yōu)先級的候選路由器���,按照IP地址大小順序選舉VRRP還提供了優(yōu)先級搶占策略,如果配置了該策略����,高優(yōu)先級的備份路由器便會剝奪當前低優(yōu)先級的主控路由器而成為新的主控路由器[3] 為了保證VRRP協(xié)議的安全性,提供了兩種安全認證措施:明文認證和IP頭認證明文認證方式要求:在加入一個VRRP路由器組時����,必須同時提供相同的VRID和明文密碼適合于避免在局域網(wǎng)內(nèi)的配置錯誤���,但不能防止通過網(wǎng)絡(luò)監(jiān)聽方式獲得密碼IP頭認證的方式提供了更高的安全性���,能夠防止報文重放和修改等攻擊。
二�����、部署keepalived作為web服務(wù)器的HA
1)部署兩臺apache web服務(wù)器 yum install httpd -y
/etc/init.d/httpd start
2)分別安裝keepalived軟件 #下載安裝 wget http://www./software/keepalived-1.2.8.tar.gz tar -zxf keepalived-1.2.8.tar.gz cd keepalived-1.2.8 ll ./configure --prefix=/usr/local/keepalived make make install #配置keepalived的自啟動&拷貝keepalived的執(zhí)行程序 cp /usr/local/keepalive/sbin/keepalived/ /usr/sbin/ cp cp /usr/local/keepalived/sbin/keepalived /usr/sbin//usr/local/keepalived/sbin/keepalived cp /usr/local/keepalived/sbin/keepalived /usr/sbin/ cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/ cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/ 3)編輯主web和備web的keepalived配置文件
主web服務(wù)器的配置文件 [root@localhost keepalived-1.2.8]# cat /etc/keepalived.conf ! Configuration File for keepalived
global_defs { notification_email { #設(shè)置報警郵件地址�����,可多行每行一個�����。 752119102@qq.com } notification_email_from keepalived@localhost #設(shè)置郵件的發(fā)送地址 smtp_server 127.0.0.1 #設(shè)置SMTP server地址 smtp_connect_timeout 30 #設(shè)置SMTP 超時時間 router_id LVS_DEVEL #運行keepalived機器的一個標識 }
vrrp_instance VI_1 { #定義一個vrrp實例����,不同實例的實例編號不一樣����。 state MASTER #定義在keepalived的角色MASTER表示為主服務(wù)器�,BACKUP為備服務(wù)器。 interface eth0 #指定HA檢測的網(wǎng)絡(luò)接口 virtual_router_id 51 #虛擬路由標示,同一個實例里的路由標示相同,且唯一���。MASTER和BACKUP的路由標識一樣���,且唯一。 priority 100 #定義此服務(wù)器在此虛擬路由器中的優(yōu)先級�,優(yōu)先級大權(quán)限高 advert_int 1 #檢測時間間隔 authentication { #設(shè)置驗證類型和密碼,主從的密碼必須相同�,要不兩者不通訊。 auth_type PASS auth_pass 1111 } virtual_ipaddress { #設(shè)置虛擬IP地址���,可以設(shè)置多個虛擬IP地址�。 192.168.41.249 } } |
備web服務(wù)器的配置文件 [root@localhost ~]# cat /etc/keepalived.conf ! Configuration File for keepalived
global_defs { notification_email { 752119102@qq.com } notification_email_from keepalive@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id LVS_DEVEL }
vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 51 priority 50 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.41.249 } } |
啟動keepalived服務(wù) /etc/init.d/keepalived start /etc/init.d/keepalived stop
4)查看keepalived日志信息 主web服務(wù)器 Jan 14 20:27:41 localhost Keepalived_vrrp[20840]: Opening file '/etc/keepalived/keepalived.conf'. Jan 14 20:27:41 localhost Keepalived_vrrp[20840]: Configuration is using : 36304 Bytes Jan 14 20:27:41 localhost Keepalived_vrrp[20840]: Using LinkWatch kernel netlink reflector... Jan 14 20:27:41 localhost Keepalived[20837]: Starting VRRP child process, pid=20840 Jan 14 20:27:41 localhost Keepalived_vrrp[20840]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(11,12)] Jan 14 20:27:42 localhost Keepalived_vrrp[20840]: VRRP_Instance(VI_1) Transition to MASTER STATE Jan 14 20:27:43 localhost Keepalived_vrrp[20840]: VRRP_Instance(VI_1) Entering MASTER STATE Jan 14 20:27:43 localhost Keepalived_vrrp[20840]: VRRP_Instance(VI_1) setting protocol VIPs. Jan 14 20:27:43 localhost Keepalived_vrrp[20840]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.41.249 Jan 14 20:27:43 localhost Keepalived_vrrp[20840]: Netlink reflector reports IP 192.168.41.249 added Jan 14 20:27:43 localhost avahi-daemon[3207]: Registering new address record for 192.168.41.249 on eth0. Jan 14 20:27:43 localhost Keepalived_healthcheckers[20839]: Netlink reflector reports IP 192.168.41.249 added Jan 14 20:27:44 localhost avahi-daemon[3207]: Invalid query packet. Jan 14 20:27:46 localhost last message repeated 8 times Jan 14 20:27:48 localhost Keepalived_vrrp[20840]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.41.249 Jan 14 20:27:48 localhost avahi-daemon[3207]: Invalid query packet. |
備web服務(wù)器日志
Jan 14 19:55:26 localhost Keepalived_vrrp[19423]: Opening file '/etc/keepalived/keepalived.conf'. Jan 14 19:55:26 localhost Keepalived_vrrp[19423]: Configuration is using : 36302 Bytes Jan 14 19:55:26 localhost Keepalived_vrrp[19423]: Using LinkWatch kernel netlink reflector... Jan 14 19:55:26 localhost Keepalived[19420]: Starting VRRP child process, pid=19423 Jan 14 19:55:26 localhost Keepalived_vrrp[19423]: VRRP_Instance(VI_1) Entering BACKUP STATE Jan 14 19:55:26 localhost Keepalived_vrrp[19423]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(11,12)] |
當主web服務(wù)器的keepalived停掉后����,及主keepalived重新啟動時的日志:
Jan 14 20:25:57 localhost Keepalived_vrrp[19423]: VRRP_Instance(VI_1) Transition to MASTER STATE Jan 14 20:25:58 localhost Keepalived_vrrp[19423]: VRRP_Instance(VI_1) Entering MASTER STATE Jan 14 20:25:58 localhost Keepalived_vrrp[19423]: VRRP_Instance(VI_1) setting protocol VIPs. Jan 14 20:25:58 localhost Keepalived_vrrp[19423]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.41.249 Jan 14 20:25:58 localhost Keepalived_vrrp[19423]: Netlink reflector reports IP 192.168.41.249 added Jan 14 20:25:58 localhost Keepalived_healthcheckers[19422]: Netlink reflector reports IP 192.168.41.249 added Jan 14 20:26:03 localhost Keepalived_vrrp[19423]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.41.249 ###主keepalived重新啟動后 Jan 14 20:27:42 localhost Keepalived_vrrp[19423]: VRRP_Instance(VI_1) Received higher prio advert Jan 14 20:27:42 localhost Keepalived_vrrp[19423]: VRRP_Instance(VI_1) Entering BACKUP STATE Jan 14 20:27:42 localhost Keepalived_vrrp[19423]: VRRP_Instance(VI_1) removing protocol VIPs. |
并且通過tcpdump vrrp能夠看到兩者之間的通訊 [root@localhost ~]# tcpdump vrrp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 20:38:58.657600 IP 192.168.41.33 > vrrp.mcast.net: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20 20:38:59.658287 IP 192.168.41.33 > vrrp.mcast.net: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20 20:39:00.659280 IP 192.168.41.33 > vrrp.mcast.net: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20 20:39:01.660358 IP 192.168.41.33 > vrrp.mcast.net: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20 20:39:02.661203 IP 192.168.41.33 > vrrp.mcast.net: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20 20:39:03.662205 IP 192.168.41.33 > vrrp.mcast.net: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20 20:39:04.663129 IP 192.168.41.33 > vrrp.mcast.net: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20 |
三、腳本實現(xiàn)監(jiān)控httpd服務(wù) 目前keepalived能夠?qū)崿F(xiàn)當我們的主web宕機或者網(wǎng)絡(luò)出現(xiàn)故障時進行切換�,但如果僅是httpd進程出現(xiàn)故障,所以我們就需要寫一點實時監(jiān)控httpd進程狀態(tài)的腳本��,即如果進程出現(xiàn)問題我們就進行切換����。 腳本內(nèi)容:
#!/bin/bash # QQ:752119102 while true do httpdpid=`ps -C httpd --no-heading |wc -l` if [ $httpdpid -eq 0 ];then /etc/init.d/httpd start sleep 5 httpdpid=`ps -C httpd --no-heading |wc -l` if [ $httpdpid -eq 0 ];then /etc/init.d/keepalive stop fi fi sleep 5 done |
即當我們的httpd進程被停止了���,并且無法重啟我們會將keepalived進行停止�,讓備web服務(wù)器進行接管,成為主WEB服務(wù)器提供服務(wù)�����。 到此我們已經(jīng)能夠輕松的部署keepalived讓它作為web服務(wù)器的HA.
|
