Keepalived + lvs configuration and installation, and keepalivedlvs Configuration
Installation:
Tar-zxvf keepalived-1.2.2.tar.gz
Yum list all | grep "ipvsadm"
Yum-y install kernel-devel openssl-develpopt-devel ipvsadm libnl-devel
Service iptables stop
Setenforce 0
./Configure -- prefix =/-- with-kernel-dir =/usr/src/kernels/2.6.32-431. el6.x86 _ 64 & make install
Add System Service:
After chkconfig -- add keepalived is added, you can use the service and chkconfig tools to manage the keepalived service.
Chkconfig keepalived on Level 2, 3, and 4
Chkconfig -- list keepalived to check whether levels 2, 3, and 4 are enabled
Global configuration file:
Global_defs {
Notification_email {
Acassen@firewall.loc
Failover@firewall.loc
Sysadmin@firewall.loc
}
Notification_email_from Alexandre.Cassen@firewall.loc
Smtp_server 192.168.1.1
Smtp_connect_timeout 30
Router_id LVS_master
}
Vrrp_script check_httpd {
# The vrrp_script module is used to monitor service resources in a cluster (HA cluster monitoring ). This module also uses the track_script module, which calls the vrrp_script module. You can also check the port, shell statement, and script. Demo in the Appendix
Script "killall-O httpd"
# Use killall-O httpd to check the return status of the httpd service. If it is zero, it indicates that the service is running normally. If it is 1, it indicates that the service is running abnormally.
Interval 2
# Check Interval, in seconds.
}
Vrrp configuration (keepalived High Availability Configuration) instance:
Vrrp_instance VI_1 {
# ID: ID of the start of the vrrp instance
State MASTER
# Define master and backup roles
Interface eth0
# Specify the listening network card
Virtual_router_id51
# Virtual route ID, which must be unique between the master and slave nodes.
Priority100
# Priority. The greater the number, the higher the priority. In the same vrrp-instance, the master must have a higher priority than the backup.
Advert_int 1
# Set the synchronization check interval between the master and backup, in seconds
Authentication {
Auth_type PASS
Auth_pass 1111
# Set the master and backup Authentication Type (AH, PASS) and password. Only the master and backup passwords can communicate with each other.
}
Notify_master "/etc/keep/master. sh"
Notify_backup "/etc/keep/backup. sh"
Notify_fault "/etc/keep/fault. sh"
# Specify to execute the script when keepalived enters the master, backup, and fault statuses. The script example is in the appendix.
Track_script {
Check_httpd
}
# Call the vrrp_script module. The check_httpd is the name followed by the vrrp_script module.
Virtual_ipaddress {
192.168.1.250
# Virtual address. You can set multiple virtual addresses. It is added as ip address add.
}
# Nopreempt
# Do not preemptible. This function can only be used on a node whose state is backup, and the priority of this node is higher than that of other nodes.
# Preempt_delay 300
# Preemption delay time, in seconds. For example, if the network has jitters, the master node sends a test package to the backup node, but the actual master node is not faulty in time, there is no need to switch between the master and slave nodes. This is also true for restarting the service or system.
}
Vrrp configuration appendix ---------------
The notify_master "/etc/keep/master. sh" script instance is as follows:
#! /Bin/bash
Logfile =/var/log/keep/keep-http-statsu.log
Echo "[MASTER]"> $ logfile
Date> $ logfile
Backup. sh and fault. sh skipped.
Port check:
Vrrp_script check_httpd {
Script "</dev/tcp/127.0.0.1/80"
# This method defines the status check for port 80 of the local machine.
Interval 2
# Check Interval, in seconds.
Fall 2
# Indicates the maximum number of failed checks
Rise 1
# Indicates that the node is declared as normal after a successful check.
}
Shell statement check:
Vrrp_script check_httpd {
Script "if [-f/var/run/httpd. pid]; hten exit 0; else exit 1; fi"
# Check whether the pid file exists. If 0 is returned, it indicates normal. If 1 is returned, it indicates an exception.
Interval 2
# Check Interval, in seconds.
Fall 2
# Indicates the maximum number of failed checks
Rise 1
# Indicates that the node is declared as normal after a successful check.
}
Vrrp_script needs to be called by the track_script module during demonstration, but do not forget to call it in the vrrp_instance configuration instance.
Bytes ------------------------------------------------------------------------------------------
LVS (Server Load balancer) configuration instance:
Virtual_server 192.168.1.250 {
# Starting when the LVS configuration instance is virtual_server
Delay_loop 6
# Set the Health Check Interval in seconds.
Lb_algo rr
# Load scheduling algorithms, including rr (Round Robin), wrr (Weighted Round Robin), lc, wlc, lblc, sh, and dh
Lb_kind NAT
# Server Load balancer, including NAT, TUN, and DR.
Nat_mask00000000255.0
# I don't know what it means. I will check it later.
Persistence_timeout50
# Connections from the same IP address are allocated to the same realserver within 50 seconds.
Persistence_granularity0000255.0
# This option is used with persistence_timeout. If four 255 is entered later, it indicates a single ip address. If 255.255.255.0 is used, requests for the entire network segment of the client will be allocated to the same real_server.
Protocol TCP
# The forwarding protocol types are tcp and udp.
Sorry_server192.168.1.120 80
# It is equivalent to a slave node. When all real_server nodes fail, the slave node is enabled.
Real_server192.168.1.108 80 {
# Start ID of the real_server segment, followed by the real IP address of the backend node. Separate Ip addresses and ports with spaces.
Weight 1
# Weight. The greater the value, the higher the weight. Assign a high weight to a node with high performance. Reasonable Use of nodes
Notify_up/root/keepalived/keepup. sh
Notify_down/root/keepalived/keepdown. sh
# Indicates the script executed when the real_server node is detected to be up or down.
HTTP_GET | SSL_GET {
# Http and SSL detection instance
Url {
# Multiple URLs can be specified.
Path/index.html
# Detailed path
Digestff20ad2481f97b1754ef3e12ecd3a9cc
# Summary information after SSl check. This summary information can be obtained using the ganhash command tool. For example, ganhash-s192.168.1.108-p 80-u /.
Status_code 200
# The returned result is a 200 status code.
}
Connect_port80
# Health Check port. If this parameter is not specified, the default port is the port specified by real_server.
Bindto192.168.1.108
# Send a request using this address to check the health status of the server.
Connect_timeout 3
# No response time, in seconds.
Nb_get_retry 3
# Number of Retries
Delay_before_retry 3
# Interval of retries.
}
}
}
Lvs configuration appendix ----------------------------------------
Besides HTTP_GET and SSL_GET, there are also three real_server health checks: TCP_CHECK, MISC_CHECK, and SMTP_CHECK.
Next we will demonstrate TCP_CHECK (Port Check) and MISC_CHECK (external program check, that is, script check)
TCP_CHECK {
Connect_port80
# Health Check port. If this parameter is not specified, the default port is the port specified by real_server.
Connect_timeout 3
# No response time, in seconds.
Nb_get_retry 3
# Number of Retries
Delay_before_retry 3
# Interval of retries.
}
MISC_CHECK {
Misc_path '/usr/local/bin/script. sh 1.1.1.180 http://www.baidu.com"
# Specify the script execution path, which can be followed by parameters. It is the same as running a script in normal mode.
Misc_timeout 5
# Set the script timeout time
! Misc_dynamic
# It indicates that the node is not enabled to dynamically adjust the real_server weight.
# If it is enabled and the return code is zero, the check is normal and the weight remains unchanged. If the value is 1, the node exception weight is reduced to zero. If the returned value is a number between 2 and, the return value is reduced by 2. For example, if the returned value is 10, the weight is 8 (10-2)
The/usr/local/bin/script. sh script is as follows:
Cat/usr/local/bin/check_squidproxy.sh 1.1.1.1 80 http://www.baidu.com
#! /Bin/bash
If [$ #-ne 3]; then
Echo "Warning: check_command error ."
Exit 1
Else
PROXY_IP = $1
PROXY_PORT = $2
CHECK_URL = $3
CMD = '/usr/bin/curl-I-x $ {PROXY_IP }: $ {PROXY_PORT} "$ {CHECK_URL}" 2>/dev/null | grep "200 OK" | wc-l'
If [$ {CMD}-ne 1]; then
Echo "CRITCAL: check proxy $ {PROXY_IP} failed ."
Exit 1
Else
Echo "OK: check proxy $ {PROXY_IP} OK ."
Echo0
Fi
Fi