keepalived双主备

发表评论

keepalived双主备文档。

一、环境准备。
yum -y install gcc gcc-c++ gcc-g77 ncurses-devel bison libaio-devel cmake libnl* libpopt* popt-static openssl-devel

二、安装ipvsadm

A、检查内核模块,看一下ip_vs 是否被加载

# lsmod |grep ip_vs

ip_vs 35009 0

如果没有显示,则说明没有加载,执行命令 modprobe ip_vs 就可以把ip_vs模块加载到内核

#modprobe ip_vs 然后再查看就有了。

B、安装ipvsadm

查看内核版本 #uname -r
2.6.32-71.el6.x86_64

先把目录/usr/src/kernels/2.6.32-71.el6.x86_64链接为/usr/src/linux,命令如下

ln –s /usr/src/2.6.32-71.el6.x86_64 /usr/src/linux

wget http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.24.tar.gz
解压ipvsadm-1.24.tar.gz,执行‘make’;make install

三、安装keepalived
tar zxvf keepalived.xx.tar.gz
mkdir /usr/local/keepalived
./configure –disable-fwmark –prefix=/usr/local/keepalived
make && make install
ls /usr/local/keepalived/ #查看安装完成后,生成了4个目录
bin etc sbin share

GRANT ALL PRIVILEGES ON *.* TO zone@”%” IDENTIFIED BY ‘123456’ WITH GRANT OPTION;

# mkdir /etc/keepalived/
cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
ln -s /usr/local/keepalived/sbin/keepalived /sbin/

# service keepalived restart

4、有关keepalived.conf的配置项

[root@HKBO keepalived]# more keepalived.conf
! Configuration File for keepalived

#全局定义块,包含邮件定义部分,
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL //负载均衡器标识,在一个网络内,它应该是唯一的
}

#VRRP实例定义块,负责负载均衡器之间的失败切换
vrrp_instance VI_1 {
state MASTER //只有MASTER和BACKUP 2种状态,主为MASTER,从为BACKUP,使用大写
interface eth0 //监控的网络接口
virtual_router_id 51 //同一实例下virtual_router_id必须相同
priority 100 //定义优先级,数字越大,优先级越高
advert_int 1 //MASTER与BACKUP负载均衡器之间同步检查的时间间隔,单位是秒
authentication { //验证类型和密码
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { //虚拟ip地址virtual_ipaddress,可以定义多个
192.168.200.16
192.168.200.17
192.168.200.18
}
}

#虚拟服务器定义块
virtual_server 192.168.200.100 443 { //定义虚拟服务器
delay_loop 6 //delay_loop,健康检查时间间隔,单位是秒
lb_algo wrr //负载调度算法,这里设置为rr,即轮询算法,互联网应用常使用wlc或rr
lb_kind DR //负载均衡转发规则。一般包括DR,NAT,TUN3种,在我的方案中,都使用DR的方式
nat_mask 255.255.255.0 //子网掩码
persistence_timeout 50 //会话保持时间,单位是秒(可以适当延长时间以保持session)
protocol TCP //转发协议类型,有tcp和udp两种

real_server 192.168.201.100 443 { //真实服务器IP及端口
weight 1 //默认为1,0为失效
SSL_GET {
url {
path /
digest ff20ad2481f97b1754ef3e12ecd3a9cc
}
url {
path /mrtg/
digest 9b3a0c85a887a256d6939da88aabd8cd
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}

virtual_server 10.10.10.2 1358 {
delay_loop 6
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP

sorry_server 192.168.200.200 1358

real_server 192.168.200.2 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}

real_server 192.168.200.3 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334c
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334c
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}

5、配置主备keepalived

a、配置主备keepalived
#主,以下主要列出keepalived.conf差异部分
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.220
192.168.1.230
}
}

#备,以下主要列出keepalived.conf差异部分
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.220
192.168.1.230
}
}

b、测试主备keepalived
#启动主服务器上的keepalived服务
[root@MASTER ~]# service keepalived start
Starting keepalived: [ OK ]

[root@SZ-SYS-APP01 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:56:84:1f:37 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.65/24 brd 192.168.1.255 scope global eth0
inet 192.168.1.220/32 scope global eth0 #可以看到220和230的虚IP
inet 192.168.1.230/32 scope global eth0
inet6 fe80::250:56ff:fe84:1f37/64 scope link
valid_lft forever preferred_lft forever
3: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0

#启动备用服务器上的keepalived服务
[root@BACKUP ~]# service keepalived start
Starting keepalived: [ OK ]
#下面的查询结果中,虚IP220和230并为出现在备用服务器
[root@HKBO ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:56:84:04:2c brd ff:ff:ff:ff:ff:ff
inet 192.168.1.66/24 brd 192.168.1.255 scope global eth0
inet6 fe80::250:56ff:fe84:42c/64 scope link
valid_lft forever preferred_lft forever
3: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0

#关闭主服务上的keepalived服务,观察vip是否会漂移到备用服务
[root@MASTER ~]# service keepalived stop
Stopping keepalived: [ OK ]
[root@MASTER ~]# ip addr #关闭后,该命令可以看到220和230的虚IP已经不存在于主服务器
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:56:84:1f:37 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.65/24 brd 192.168.1.255 scope global eth0
inet6 fe80::250:56ff:fe84:1f37/64 scope link
valid_lft forever preferred_lft forever
3: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0

#此时在备用服务器上查看到了漂移的vip地址
[root@BACKUP ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:56:84:04:2c brd ff:ff:ff:ff:ff:ff
inet 192.168.1.66/24 brd 192.168.1.255 scope global eth0
inet 192.168.1.220/32 scope global eth0
inet 192.168.1.230/32 scope global eth0
inet6 fe80::250:56ff:fe84:42c/64 scope link
valid_lft forever preferred_lft forever
3: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0

#如果再次启动主服务器上的keepalived服务,则会vip自动漂移到主服务器,不再验证。
#Author : Leshami
#Blog :http://www.linuxidc.com

6、配置双主keepalived

双主的keepalived方式实际上是互为主备,以避免单点故障
#配置主备keepalived
MasterA: 192.168.1.65, VirtualIP: 192.168.1.220
MasterB: 192.168.1.66, VirtualIP: 192.168.1.230
#主,以下主要列出keepalived.conf差异部分
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.220
}
}

vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 52
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.230
}
}

#备,以下主要列出keepalived.conf差异部分
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.220
}
}

vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.230
}
}

#从上面的配置文件中可以看出,实际上是增加了一个vrrp实例
#验证过程略

7、编译时的错误No SO_MARK

#如果在编译时碰到了No SO_MARK错误,如下
# ./configure
checking for gcc… gcc
checking whether the C compiler works… yes
checking for C compiler default output file name… a.out
checking for suffix of executables…
checking whether we are cross compiling… no
checking for suffix of object files… o
………..
checking for nl_socket_alloc in -lnl-3… no
checking for nl_socket_modify_cb in -lnl… no
configure: WARNING: keepalived will be built without libnl support.
checking for kernel version… 2.6.18
checking for IPVS syncd support… yes
checking for kernel macvlan support… no
checking whether SO_MARK is declared… no
configure: error: No SO_MARK declaration in headers

#可以通过增加disable-fwmark参数来解决
–disable-fwmark compile without SO_MARK support

CentOS 6.3下Haproxy+Keepalived+Apache配置笔记 http://www.linuxidc.com/Linux/2013-06/85598.htm

Haproxy + KeepAlived 实现WEB群集 on CentOS 6 http://www.linuxidc.com/Linux/2012-03/55672.htm

发表评论

邮箱地址不会被公开。