High Availability:
LVS itself does not support high availability;
在lvs集群中,可能有两种故障: 1.Director故障不可用; keepalived:原生的lvs的Director高可用解决方案; heartbeat corosync/pacemaker:通用的高可用解决方案; 2.后端RS故障不可用; lvs的Director不考虑后端RS的可用与否,只是按照调度算法进行客户端请求调度; 完整的实现:周期性的对各个RS进行健康状态检测; 检测失败:应该从lvs集群服务中将对应的RS移除; 检测成功:将对应RS重新加入lvs集群服务中;重新创建lvs集群服务; 所有的RS检测均失败:临时删除lvs集群服务,并使调度器本地的web服务能够响应一个相对比较友好的错误页面,sorry_server; 检测方式: 网络层检测;ping 传输层检测:端口探测,nmap 应用层检测:文件资源的存在性检测;文件访问权限检测;文件内容有效性检测; keepalived:后端RS的健康状态检测;可用性: A=MTBF/(MTBF+MTTR) A ∈ (0,1) 50%, 90%, 95% 99%, 99.9%, 99.99%, 99.999% 提高可用性的有效的方案:降低MTTR; 方法:冗余 + 自动故障倒换;高可用的内容: 服务高可用; 资源高可用;
HA Cluster Implementation scenarios:
Implementation based on the VRRP protocol:
Keepalived, a director dedicated to highly available LVS;
基于AIS的实现:完备的HA集群; heartbeat corosync + pacemaker
Keepalived:
VRRP protocol: Virtual redundancy Router Protocol, VPN redundancy protocol;
VRRP Technical Terms:
Virtual Router: The interface of the virtual router;
Vrid: The virtual router identifier, which describes the grouping of routers, and can determine the virtual MAC address of the virtual router, the value range is: 0-255 (00-FF);
MASTER: The owner of the virtual IP address can use the virtual IP address to receive the user request, and can complete the data forwarding function;
BACKUP: Do not participate in data forwarding, only the health status of the master;
Virtual IP Address: VIP, the IP address of the virtual router interface;
Virtual MAC address: Vmac,00-00-5e-00-01-{vrid}
Priority: The election becomes Master's main reference standard, the value range is: 0-255;
0: Waiver of the Master election;
255: The virtual IP address and the IP address of a router interface is the same, the router will automatically get 255 priority, thus directly become master;
1-254: The larger the more it is possible to become master;
Non-preemptive: If a master failure causes a change in status, all backup will re-elect the new master, and if the original master recovers from the failure, it becomes the backup state until after the current master failure. When all backup is re-elected master, it can be re-called the new master;
Preemption: If a master failure causes a change in status, all backup will re-elect the new master, and if the original master recovers from the failure, immediately announce its priority and start a new round of elections, then re-become master;
VRRP的认证方式: 无认证 简单字符串认证 MD5VRRP的工作模式: 单个实例:MASTER/BACKUP 多个实例:MASTER/BACKUP, MASTER/MASTER
Keepalived:
The application of VRRP protocol in Linux system is implemented; The original design was designed to be a highly available Ipvs scheduler; In some cases, it is called "ka";
keepalived通过调用内核中的系统调用接口完成ipvs的规则编写,从而可以用于管理lvs集群服务;所有的规则,都定义在其配置文件中;keepalived还可以对VIP地址进行浮动设置;keepalived还可以为后端各RS提供健康状态检测,可以基于传输层及应用层实现;keepalived还可以基于外部脚本调用接口完成脚本中定义的功能,甚至可以高可用其他的非lvs服务;keepalived在RHEL 6.4+或CentOS 6.4+的发行版本的操作系统中,被收录到官方系统光盘镜像之中,直接基于本地Base源使用yum命令完成安装即可;
Components of the keepalived:
Control Panel: Configuration file Analyzer;
memory management components;
IO multiplexer components;
Core components:
VRRP Stack: A component that implements the VRRP protocol function;
Checkers: Back-end RS for health status detection components;
SMTP: Invokes the SMTP protocol to send the message of the router state transition to the specified administrator mailbox in the form of a message;
Watch Dog: Monitors the working status of the checkers and VRRP stacks, and if the exception is responsible for restarting the keepalived process;
Ipvs Wrapper: Transfer Ipvs rules to the IPVS framework in the kernel for building, managing, and removing the LVS Cluster service and RS components in the cluster;
NetLink reflactor: Manage virtual Router interface;
Pre-preparation for configuring HA cluster:
1. The time between each node host must be synchronized, can use time server, such as NTP or chrony;
2. Ensure that the rules of iptables and SELinux do not hinder data communication prior to each node;
3. Each node hosts need to communicate with each other via host name (not required for KA);
4. For security reasons, each node host can be the root user, based on the key authentication method of ssh communication (for Ka non-essential);
Keepalived Installation:
in CentOS 7.2, use the CD directly to mirror the Yum repository and install it using the Yum install keepalived;
Program Environment: Master Profile:/etc/keepalived/keepalived.conf Main program file:/usr/sbin/keepalived Unit File:/usr/lib/systemd/system/keepaliv Ed.service structure of the master configuration file: Global configuration Global Definitions Global_defs {notification_email { [email protected]//Configure the email address to receive email notifications;} Notification_email_from [email protected] Smtp_ Server 127.0.0.1//Set up a mail server for sending e-mails; smtp_connect_timeout # Integer, Seconds router_id my_hostname Set the router ID only to distinguish between different devices, and if not modified, it will not affect the keepalived service itself; vrrp_mcast_group4 224.0.0.18//Set the destination multicast communication address to send VRRP protocol must ensure that all parameters of the selected router must have the same multicast communication address;} VRRPD CONFIGURATION vrrp_instance inside_network {//define VRRP instance and instance name; State MASTER//Specifies the initial status of the current device, interface eno16777736//Specifies the network interface that is bound by the VRRP protocol, that is, the network interface that sends VRRP through the information; VIRTUAL_ROUTER_ID 51//Specifies the virtual router identity for determining the VRRP backup group; priority 100//Specifies the precedence of the current node, the specified range is: 1-254; advert_ int 1//Send VRRP through the time interval, unit is seconds; Authentication {Auth_type Pass//Set authentication method between each node of VRRP protocol, pass means simple password Auth_pass MTUWPBJD//Set Authentication Password, no more than 8 characters;} virtual_ipaddress {<IPADDR>/<MASK> brd <IPADDR> dev <STRING> Scope <SCOPE> Label <LABEL>}//Set the private context of the virtual IP address nopreempt//Set the current node to non-preemption mode, default Consider preemption mode; preempt_delay 300//delay time before start of preemption mode; Notify_master <STRING>|<QUOTED-STRING> Notify_backup <STRING>|<QUOTED-STRING> Notify_fault <STRING>|<QUOTED-STRING> Sets the path and related parameters of the script file that is triggered when the current server state changes; track_script {Script_name}} LVS CONFIGURATION Virtual Server VIP Vport | Fwmark <INT> {delay_loop <INT>//service polling interval set; Lb_algo RR|WRR|LC|WLC|LBLC|SH|DH//load is specified Lb_kind nat| dr| TUN//Specifies the type of load balancer cluster; Persistence_timeout <int> Enable persistent connections and set time-outs; protocol TCP//load balancer supported protocols; currently only TCP is supported; Sorry_server <IPADDR> <PORT>//IF Back-end Rs are all unavailable, you need to temporarily remove the LVS Cluster service and set the local HTTP service to Sorry-server, providing a friendly error page; Real_server <IPADDR> <PORT> { Weight <INT>//Specify the weight of the current RS; notify_up <STRING>|<QUOTED-STRING> Noti Fy_down <STRING>|<QUOTED-STRING>//When the status of RS is changed to up or down, the script path and parameter settings used to send the notification are sent; HTTP_ Get| Ssl_get {URL {path <STRING>//Specifies the URL address of the backend RS health state detection; Digest <STRING>//Compare whether the MD5 value of the detected resource is changed; Status_code <INT>//The health status detection of the back-end RS based on the status code of the response message; } nb_get_retry <INT>//Specify the maximum number of times to retry the health check on the back-end RS; delay_before _retry <INT>//delay time before each retry; connect_ip <ip address> connect_port <por T> Which IP address of the back-end RS and which port issued the health status detection request; BindTo <ip address> bind_port <po Rt>//back end RS emits the source IP address and the source port number of the health status detection request; Connect_timeout <INTEGER>//connection timeout time; } tcp_check {connect_ip <ip address> Connect_po RT <PORT>//Which IP address of the back end RS and which port issued the health status detection request; BindTo <ip address> Bind_port <PORT>//back end RS emits the source IP address and source port number of the health status detection request; connect_timeout <INTEGER>//connection time-out;}}}
Linux cluster implements highly available--keepalived