Keepalived实现LVS-DR集群高可用

时间：2018-07-17 23:28:00 阅读：281 评论：0 收藏：0 [点我收藏+]

标签：超过 1.12.2 间隔 alt mon 降级 etc 参考资料 lease

一、集群高可用概述

单纯的lvs/nginx反向代理模型做负载集群应用时，DR（director）存在单点故障隐患，故需要有机制来保证DR的高可用性。常用的高可用性方案有Keepalived、corosync，Keepalived主要是由VRRP协议实现了VIPfloating，比较适用于前端DR的高可用性，Corosync一般用于更专业的集群模型实现Service的高可用。Keepalived起初就是为了实现LVS集群director高可用而开发的，本处仅做Keepalived+LVS-DR模型实验。

二、Keepalived原理简介

Keepalived中优先级高的节点为MASTER。MASTER其中一个职责就是响应VIP的arp包，将VIP和mac地址映射关系告诉局域网内其他主机，同时，它还会以多播的形式向局域网中发送VRRP通告，告知BACKUP组自己的优先级。网络中的所有BACKUP节点只负责处理MASTER发出的多播包，当发现MASTER的优先级没自己高（脚本检测故障触发自我降级），或者没收到MASTER的VRRP通告（网络故障/MASTER宕机）时，BACKUP将自己切换到MASTER状态，然后做MASTER该做的事：1.响应arp包，2.发送VRRP通告。

三、实验环境

1.网络拓补图

技术分享图片

2.软件环境

CentOS7.4
keepalived.x86_64 1.3.5-6.el7
nginx.x86_64 1:1.12.2-2.el7

四、配置流程

（1）两台DR配置keepalived.conf

配置DR1：

global_defs {
notification_email {
root@localhost #此处仅发给本机，更定制化的邮件通知功能一般由zabbix来做。
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id keepalivedR1 #定义路由器标识,每台服务器局域网内唯一就行。
vrrp_mcast_group4 224.0.0.33 #定义master向backup组播vrrp报文的地址。
}
vrrp_script chk_down {
script "/etc/keepalived/chk_down.sh"
interval 1 #脚本检测间隔
weight -15 #即原有优先级+weight，负值即降低。
# 注意当weight=0时, 用于变更vrrp_instance的状态例如脚本检测失败, 则vrrp的状态直接变为FAULT. (不管有没有其他节点存在来接管MASTER)
fall 2 #执行脚本两次exit非0则降低优先级
rise 1 #执行脚本一次exit 0 则还原优先级
user keepalived_script #默认用户yum安装keepalived需自建，不存在则调用root（不推荐）
}

             vrrp_instance VI_1 {
                 state MASTER    #自定义的state，但如果你的优先级小于backup也不会成为master。
                 interface ens39       #绑定为当前虚拟路由器使用的物理接口。
                 virtual_router_id 3  #当前虚拟路由器的惟一标识，范围是0-255。同实例一致！
                 priority 99         #初始优先级，范围1-254。
                 advert_int 1        #vrrp通告的时间间隔。
                 authentication {
                     auth_type PASS   #简单密码验证，不超过8位。
                     auth_pass 736w4ib2  #最好使用随机字符串,同vip实例保持一致！
                 }
                 virtual_ipaddress {
                     192.168.7.120/24 dev ens39
                 }
                 notify_master "/etc/keepalived/notify.sh master" #调用通知脚本
                 notify_backup "/etc/keepalived/notify.sh backup"
                 notify_fault "/etc/keepalived/notify.sh fault"
             }
            virtual_server 192.168.7.120 80 {  #此处可用IP port/fwmark id 标识VIP对应服务
                  delay_loop 2   #服务轮询的时间间隔2s
                 lb_algo rr
                 lb_kind DR
                 protocol TCP
                 real_server 192.168.7.125 80 {
                     weight 1
                     HTTP_GET {
                     url {
                         path /
                         status_code 200
                     }
                     connect_timeout 2
                     nb_get_retry 3
                     delay_before_retry 3
                     }
                 }
                 real_server 192.168.7.126 80 {
                     weight 1
                     HTTP_GET {
                         url {
                             path /
                             status_code 200
                         }
                         connect_timeout 2
                         nb_get_retry 3
                         delay_before_retry 3
                         }
              }

将上述配置录入/etc/keepalived/keepalived.conf中，过程如下：

[root@DR1 ~]# cd /etc/keepalived/
[root@DR1 keepalived]# cp keepalived.conf{,.bak} #备份下配置文件
[root@DR1 keepalived]# ls
keepalived.conf  keepalived.conf.bak
[root@DR1 keepalived]# vim keepalived.conf

配置中调用的notify脚本内容如下：

  #!/bin/bash
  #
  contact=‘root@localhost‘

  notify() {
      local mailsubject="$(hostname) to be $1, vip floating"
      local mailbody="$(date +‘%F %T‘): vrrp transition, $(hostname) changed to be $1"
      echo "$mailbody" | mail -s "$mailsubject" $contact
  }

  case $1 in
  master)
      notify master
      ;;
  backup)
      notify backup
      ;;
  fault)
      notify fault
      ;;
  *)
      echo "Usage: $(basename $0) {master|backup|fault}"
      exit 1
      ;;
  esac

chk_down.sh只有条件判断：[[ -f /etc/keepalived/down ]] && exit 1 || exit 0

配置DR2

DR2，仅需修改如下配置：

router_id keepalivedR2
state BACKUP
priority 90

（2）两台RS配置

两台RS均yum安装nginx，启动服务监听80端口即可。

需要注意的有如下几点：

检查系统是否自带httpd服务并停止，否则会与nginx发生冲突。
添加vip到网卡辅助接口，并修改arp参数抑制apr报文响应，此处可用脚本如下：
#!/bin/bash
vip=192.168.7.120
/usr/sbin/ip addr add $vip/32 dev lo label lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
注意：因客户端在同网段，添加完RS抑制arp响应后，需要将客户端的arp缓存清空防止干扰效果。
修改默认主页，主要是做标记区分RS1/RS2。可采用如下方法：

编辑默认index.html
在vim末行模式输入:%s/nginx/server1/g回车即可

五、测试实验效果

测试VIP漂移
- 先在DR2初始BACKUP开启keepalived观察是否有状态变更：
  [root@DR2 ~]# systemctl start keepalived.service
  [root@DR2 ~]# systemctl status keepalived.service
  ?.keepalived.service - LVS and VRRP High Availability Monitor
  Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
  Active: active (running) since Sun 2018-07-15 13:28:10 CST; 19s ago
  Process: 2620 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
  Main PID: 2621 (keepalived)
  CGroup: /system.slice/keepalived.service
  ?..2621 /usr/sbin/keepalived -D
  ?..2622 /usr/sbin/keepalived -D
  ?..2623 /usr/sbin/keepalived -D
```
Jul 15 13:28:14 DR2 Keepalived_vrrp[2623]: Sending gratuitous ARP on ens39 for 192.168.7.120
Jul 15 13:28:14 DR2 Keepalived_vrrp[2623]: Sending gratuitous ARP on ens39 for 192.168.7.120
Jul 15 13:28:14 DR2 Keepalived_vrrp[2623]: Sending gratuitous ARP on ens39 for 192.168.7.120
Jul 15 13:28:14 DR2 Keepalived_vrrp[2623]: Opening script file /etc/keepalived/notify.sh
Jul 15 13:28:19 DR2 Keepalived_vrrp[2623]: Sending gratuitous ARP on ens39 for 192.168.7.120
Jul 15 13:28:19 DR2 Keepalived_vrrp[2623]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens39 for 192.168.7.120
[root@DR2 ~]# mail
Heirloom Mail version 12.5 7/5/10.  Type ? for help.
"/var/spool/mail/root": 6 messages 2 new 2 unread
>N  5 root                  Sun Jul 15 13:28  18/667   "DR2 to be backup, vip floating"
 N  6 root                  Sun Jul 15 13:28  18/667   "DR2 to be master, vip floating"
& 6
Message  6:
From root@DR2.localdomain  Sun Jul 15 13:28:15 2018
Return-Path: <root@DR2.localdomain>
X-Original-To: root@localhost
Delivered-To: root@localhost.localdomain
Date: Sun, 15 Jul 2018 13:28:14 +0800
To: root@localhost.localdomain
Subject: DR2 to be master, vip floating
User-Agent: Heirloom mailx 12.5 7/5/10
Content-Type: text/plain; charset=us-ascii
From: root@DR2.localdomain (root)
Status: R

2018-07-15 13:28:14: vrrp transition, DR2 changed to be master
```
  可以看到，因为master没上线，DR2由backup变为master。我们的notify.sh脚本成功发送状态变更通知到本地邮箱。
- 测试DR1上线效果：
  [root@DR2 ~]# systemctl status keepalived.service
  Jul 15 14:52:48 DR2 Keepalived_vrrp[1812]: VRRP_Instance(VI_1) Received advert with higher priority 99, ours 90
  Jul 15 14:52:48 DR2 Keepalived_vrrp[1812]: VRRP_Instance(VI_1) Entering BACKUP STATE
  Jul 15 14:52:48 DR2 Keepalived_vrrp[1812]: VRRP_Instance(VI_1) removing protocol VIPs.
  Jul 15 14:52:48 DR2 Keepalived_vrrp[1812]: Opening script file /etc/keepalived/notify.sh
  You have new mail in /var/spool/mail/root
  [root@DR2 ~]# ip addr show
  1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
  link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  inet 127.0.0.1/8 scope host lo
  valid_lft forever preferred_lft forever
  inet6 ::1/128 scope host
  valid_lft forever preferred_lft forever
  2: ens39: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
  link/ether 00:50:56:3b:a3:7c brd ff:ff:ff:ff:ff:ff
  inet 192.168.7.122/24 brd 192.168.7.255 scope global ens39
  valid_lft forever preferred_lft forever
  inet6 fe80::250:56ff:fe3b:a37c/64 scope link
  valid_lft forever preferred_lft forever
  [root@DR1 ~]# systemctl status keepalived.service
  Jul 15 14:52:49 DR1 Keepalived_vrrp[3471]: Sending gratuitous ARP on ens39 for 192.168.7.120
  Jul 15 14:52:49 DR1 Keepalived_vrrp[3471]: Opening script file /etc/keepalived/notify.sh
  Jul 15 14:52:54 DR1 Keepalived_vrrp[3471]: Sending gratuitous ARP on ens39 for 192.168.7.120
  Jul 15 14:52:54 DR1 Keepalived_vrrp[3471]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens39 for 192.168.7.120
  DR2因为收到了更高优先级的VRRP组播报文而卸载VIP，DR1获取到VIP。
- 手工touch生成/etc/keepalived/down文件模拟单机故障也会发生上述VIP漂移现象。
  Jul 15 15:21:51 DR1 Keepalived_vrrp[3907]: WARNING - default user ‘keepalived_script‘ for script execution does not exist - please create.
  # 此处踩坑了，提示conf文件中配置的脚本需要keepalived_script用户执行
  # 还有个巨坑是参考资料中直接在keepalived.conf中定义script "[[ -f /etc/keepalived/down ]] && # exit 1 || exit 0" 但是我多次测试不成功，将条件判断放入脚本，conf文件仅引用路径才成功......
  Jul 15 15:54:24 DR1 Keepalived_vrrp[4438]: /etc/keepalived/chk_down.sh exited with status 1
  Jul 15 15:54:24 DR1 Keepalived_vrrp[4438]: VRRP_Script(chk_down) failed
  Jul 15 15:54:25 DR1 Keepalived_vrrp[4438]: VRRP_Instance(VI_1) Changing effective priority from 99 to 84
  Jul 15 15:54:25 DR1 Keepalived_vrrp[4438]: /etc/keepalived/chk_down.sh exited with status 1
  Jul 15 15:54:25 DR1 Keepalived_vrrp[4438]: VRRP_Instance(VI_1) Received advert with higher priority 90, ours 84
  Jul 15 15:54:25 DR1 Keepalived_vrrp[4438]: VRRP_Instance(VI_1) Entering BACKUP STATE
  Jul 15 15:54:25 DR1 Keepalived_vrrp[4438]: VRRP_Instance(VI_1) removing protocol VIPs.
  Jul 15 15:54:25 DR1 Keepalived_vrrp[4438]: Opening script file /etc/keepalived/notify.sh
测试RS故障检测
- 先测试RS是否正常被轮询 for i in {1,5};do curl http://192.168.7.120 ;done
- 手动关停一台rs的nginx
  [root@RS2 ~]# systemctl stop nginx
  [root@DR1 ~]# journalctl -xe
  Jul 15 16:59:04 DR1 Keepalived_healthcheckers[4437]: Error connecting server [192.168.7.126]:80.
  [root@DR1 ~]# systemctl status keepalived
  Jul 15 16:59:05 DR1 Keepalived_healthcheckers[4437]: Error connecting server [192.168.7.126]:80.
  Jul 15 16:59:06 DR1 Keepalived_healthcheckers[4437]: Error connecting server [192.168.7.126]:80.
  Jul 15 16:59:07 DR1 Keepalived_healthcheckers[4437]: Error connecting server [192.168.7.126]:80.
  Jul 15 16:59:07 DR1 Keepalived_healthcheckers[4437]: Check on service [192.168.7.126]:80 failed after 3 retry.
  Jul 15 16:59:07 DR1 Keepalived_healthcheckers[4437]: Removing service [192.168.7.126]:80 from VS [192.168.7.120]:80
  Jul 15 16:59:07 DR1 Keepalived_healthcheckers[4437]: Remote SMTP server [127.0.0.1]:25 connected.
  Jul 15 16:59:07 DR1 Keepalived_healthcheckers[4437]: SMTP alert successfully sent.
  [root@DR1 ~]# mail
  N 16 keepalived@localhost Sun Jul 15 16:59 17/646 "[keepalivedR1] Realserver [192.168.7.126]:80 - DOWN"
  - 重新启动nginx
    Jul 15 17:02:55 DR1 Keepalived_healthcheckers[4437]: HTTP status code success to [192.168.7.126]:80 url(1).
    Jul 15 17:02:55 DR1 Keepalived_healthcheckers[4437]: Remote Web server [192.168.7.126]:80 succeed on service.
    Jul 15 17:02:55 DR1 Keepalived_healthcheckers[4437]: Adding service [192.168.7.126]:80 to VS [192.168.7.120]:80
    Jul 15 17:02:55 DR1 Keepalived_healthcheckers[4437]: Remote SMTP server [127.0.0.1]:25 connected.
    Jul 15 17:02:55 DR1 Keepalived_healthcheckers[4437]: SMTP alert successfully sent.
    You have new mail in /var/spool/mail/root
    重新上线的RS可以顺利被检测到并上线服务，至此，本次实验结束。

Keepalived实现LVS-DR集群高可用

标签：超过 1.12.2 间隔 alt mon 降级 etc 参考资料 lease

原文地址：https://www.cnblogs.com/myissues/p/9326365.html

踩

(0)

评论一句话评论（0）

分享档案

更多>

2021年07月29日 (22)
2021年07月28日 (40)
2021年07月27日 (32)
2021年07月26日 (79)
2021年07月23日 (29)
2021年07月22日 (30)
2021年07月21日 (42)
2021年07月20日 (16)
2021年07月19日 (90)
2021年07月16日 (35)

周排行