5. Installation Configuration keepalived
Keepalived is running on the LVS, its main function is to realize the real machine fault isolation and load balancer between the failure switch Failover.lvs combined with keepalived, the implementation of 3-layer, 4-layer, 5/7-layer switching functions. The following is the second use of LVS, lvs+keepalived. The installation and verification of Ipvsadm is the same as in section 4.2 of this article ( this way does not require the configuration of Director Server), and the configuration and validation of Real server is the same as in section 4.4 of this article.
* all director servers need to install keepalived (hosts with Ipvsadm installed)
5.1 Preparatory work
Address planning: Similar to the first approach.
Server name |
IP Address |
Gateway |
Virtual device Name |
Virtual IP |
Director Server: Primary |
192.168.98.75 |
192.168.98.1 |
Eth0 |
192.168.98.77 |
Director Server: Standby |
192.168.98.118 |
192.168.98.1 |
Eth0 |
192.168.98.77 |
Real Server 1 |
192.168.98.74 |
192.168.98.1 |
lo:0 |
192.168.98.77 |
Real Server 2 |
192.168.98.117 |
192.168.98.1 |
lo:0 |
192.168.98.77 |
Real Server N |
... |
... |
.. |
.. |
5.2 Installing Keepalived
1. Unzip the keepalived-1.1.17.tar.gz package:
[Email protected] ~]# tar zxvf keepalived-1.1.17.tar.gz
2. Switch Directories:
[Email protected] ~]# CD keepalived-1.1.17
3. Configure Configure
[Email protected] ~]#./configure–prefix=/usr/local/keepalived
Because keepalived runs on Ipvs, the two software must be installed in a system. If the configure operation is working properly, the following summary output will be available after the operation is completed:
keepalived Configuration ------------------------ Keepalived version:1.1.17 compiler:gcc Compiler Flags:-G-O2 Extra Lib:-lpopt-lssl-lcrypto Use IPVS Framework:yes IPVS Sync Daemon Support:yes Use VRRP Framework:yes Use Linkwatch:no Use Debug Flags:no |
4. Compiling the installation
[[email protected] ~]# make
[[email protected] ~]# make install
5.2.1 Installation keepalived Verification
After the keepalived installation is complete, the Bin,etc,sbin,share 4 directories are generated in the installation directory/usr/local/keepalived. where etc is the directory where the configuration files are located, enter this directory, and see what's inside?
[email protected] localhost ~]# cd/usr/local/keepalived/etc/ [email protected] localhost etc]# ll Total 24 Drwxr-xr-x 3 root root 4096 may 15:24 keepalived Drwxr-xr-x 3 root root 4096 may 15:24 Rc.d Drwxr-xr-x 2 root root 4096 may 15:24 Sysconfig |
There are subdirectories, which focus on the keepalived directory, which contains a complete configuration file keepalived.conf (actually a sample) and a few separate configuration sample files.
[email protected] localhost etc]# CD keepalived/ [email protected] localhost keepalived]# ll Total 16 -rw-r--r--1 root root 3562 may 15:24 keepalived.conf Drwxr-xr-x 2 root root 4096 may 15:24 samples [email protected] localhost keepalived]# tree-l . |--keepalived.conf '--samples |--Client.pem |--Dh1024.pem |--Keepalived.conf.HTTP_GET.port |--Keepalived.conf.SMTP_CHECK |--Keepalived.conf.SSL_GET |--Keepalived.conf.fwmark |--Keepalived.conf.inhibit |--Keepalived.conf.misc_check |--Keepalived.conf.misc_check_arg |--Keepalived.conf.quorum |--Keepalived.conf.sample |--Keepalived.conf.status_code |--Keepalived.conf.track_interface |--Keepalived.conf.virtual_server_group |--Keepalived.conf.virtualhost |--KEEPALIVED.CONF.VRRP |--Keepalived.conf.vrrp.localcheck |--KEEPALIVED.CONF.VRRP.LVS_SYNCD |--keepalived.conf.vrrp.routes |--keepalived.conf.vrrp.scripts |--keepalived.conf.vrrp.static_ipaddress |--Keepalived.conf.vrrp.sync |--Root.pem '--sample.misccheck.smbcheck.sh 1 directory, files |
5.3 Configuring keepalived5.3.1 to turn on route forwarding
First turn on the route forwarding feature:
[[email protected] localhost ~] #echo "1" >/proc/sys/net/ipv4/ip_forward
5.3.2 keepalived.conf Configuration
Configuration files for the primary server:
/usr/local/keepalive/etc/keepalived/keepalived.conf
#global define Global_defs { router_id lvs_test_1 #本服务器的名称, unique within the backup group } ############################################ # vvrp_instance Define # ############################################ Vrrp_instance Dr_cache {#VRRP热备实例名 State Master #热备状态, Master (master); backup (back up) Interface Eth0 #承载VIP地址的物理接口 Lvs_sync_daemon_inteface eth0 #负载均衡器之间的监控接口 (same as interface in DR Mode) virtual_router_id #虚拟路由器的ID号, the group is consistent in the preservation Priority #优先级, the higher the value the higher the precedence, the master should be higher than the backup Advert_int 5 #主备之间的通告间隔秒数 (heart rate) Authentication {#认证信息, each hot standby group remains consistent Auth_type PASS #认证类型, verification during primary and standby switching Auth_pass 123 #密码字串 } virtual_ipaddress {#指定虚拟地址 (VIP), you can have multiple 192.168.98.77 } } ############################################# # Virtual Machine Setting # ############################################# # Setting Port 2200 forward Virtual_server 192.168.98.77 2200 {#虚拟服务器地址 (VIP), port, separated by spaces Delay_loop 6 #健康检查的间隔时间 (sec) Lb_algo WLC #lvs scheduling algorithm, where weighted least link is used Lb_kind DR #lvs Load Balancing mechanism, where direct-attached routing is used Persistence_timeout #同一IP连接20秒内被分配到同一台服务器 (Session hold time) Protocol TCP #用 TCP protocol check realserver status Real_server 192.168.98.74 2200 {#第一个real server node address, port Weight #权重 Tcp_check {#健康检查方式 Connect_timeout 3 #故障重试秒数 (i.e. connection timeout) Nb_get_retry 3 #重试延迟 (that is, number of retries) Delay_before_retry 3 #重试间隔 (sec) Connect_port 2200 #检查的目标端口 } } Real_server 192.168.98.117 2200 { Weight 100 Tcp_check { Connect_timeout 3 Nb_get_retry 3 Delay_before_retry 3 Connect_port 2200 } } } |
Alternate server configuration file:
/usr/local/keepalive/etc/keepalived/keepalived.conf
#global define Global_defs { router_id lvs_test_2 } ################################################################ # vvrp_instance Define # ################################################################ Vrrp_instance Dr_cache { State BACKUP Interface eth0 Lvs_sync_daemon_inteface eth0 VIRTUAL_ROUTER_ID 51 Priority 150 Advert_int 5 Authentication { Auth_type PASS Auth_pass 123 } virtual_ipaddress { 192.168.98.77 } } ############################################################## # Virtual Machine Setting # ############################################################## # Setting Port 2200 forward Virtual_server 192.168.98.77 2200 { Delay_loop 6 Lb_algo WLC Lb_kind DR Persistence_timeout 20 Protocol TCP Real_server 192.168.98.74 2200 { Weight 100 Tcp_check { Connect_timeout 3 Nb_get_retry 3 Delay_before_retry 3 Connect_port 2200 } } Real_server 192.168.98.117 2200 { Weight 100 Tcp_check { Connect_timeout 3 Nb_get_retry 3 Delay_before_retry 3 Connect_port 2200 } } } |
There are only 3 differences between the primary load balancer (master) and the backup load balancer (SNAPUP) Profile: Globally defined route_id, vrrp_instance state, and priority precedence for vrrp_instance.
5.3.3 configuring keepalived as a system service
[Email protected] ~]# cp/usr/local/keepalived/etc/rc.d/init.d/keepalived/etc/init.d/ [Email protected] ~]# cp/usr/local/keepalived/etc/sysconfig/keepalived/etc/sysconfig/ [Email protected] ~]# mkdir/etc/keepalived/ [Email protected] ~]# cp/usr/local/keepalived/etc/keepalived/keepalived.conf/etc/keepalived/ [Email protected] ~]# cp/usr/local/keepalived/sbin/keepalived/usr/sbin/ |
[[Email protected] ~]# Service keepalived Start | Stop
Start or stop the keepalived service.
Configure keepalived as a system-initiated service with the following command (two runlevel)
[Email protected] ~]# ln-s/etc/init.d/keepalived/etc/rc.d/rc3.d/s98keepalived
[Email protected] ~]# ln-s/etc/init.d/keepalived/etc/rc.d/rc5.d/s98keepalived
5.3.4 Configuration Verification
After starting the service, use the following command to view the IP address on the primary standby server
[[email protected] localhost ~]# IP addr
Can see the main server eth0 network card more IP, is the virtual IP we just configured, and the standby server is not yet, because he is a spare.
Main |
Preparation |
1:lo: <LOOPBACK,UP,LOWER_UP> MTU 16436 qdisc noqueue Link/loopback 00:00:00:00:00:00 BRD 00:00:00:00:00:00 inet 127.0.0.1/8 Scope host lo 2:eth0: <broadcast,multicast,up ,lower_up> MTU Qdisc pfifo_fast qlen Link/ether 00:50:56:91:43:e4 brd ff:ff:ff:ff:ff:ff inet 192.168.98.75/24 BRD 192.168.98.255 Scope global eth0 inet 192.168.98.77/32 scope Global Eth0 |
1:lo: <LOOPBACK,UP,LOWER_UP> MTU 16436 Qdisc noqueue Link/loopback 00:00:00:00:00:00 BRD 00:00:00:00:00:00 inet 127.0.0.1/8 Scope host Lo INET6:: 1/128 Scope Host Valid_lft Forever Preferred_lft Forever 2:eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> MTU Qdisc pfifo_fast Qlen 1000 Link/ether 00:50:56:91:14:81 BRD FF:FF:FF:FF:FF:FF inet 192.168.98.118/24 BRD 192.168.98.255 Scope Global eth0 Inet6 FE80::250:56FF:FE91:1481/64 Scope link |
Executing commands on the primary server
[[email protected] localhost ~]# service keepalived stop
Review the IP address situation again. You can see that the virtual IP on the primary server is gone, and that there are multiple virtual IPs on the standby server.
Then access the 192.168.98.77 2200 port (which can be Telnet),
Then use the following command to view
[email protected] localhost ~]# ipvsadm
View TCP connection conditions.
[Email protected] etc]# Ipvsadm IP Virtual Server version 1.2.1 (size=4096) Prot Localaddress:port Scheduler Flags Remoteaddress:port Forward Weight activeconn inactconn TCP 192.168.98.77:2200 WLC Persistent 20 -192.168.98.117:2200 Route 100 0 6 -192.168.98.74:2200 Route 100 0 0 |
[email protected] localhost ~]# IPVSADM–LCN
View which server the test machine's request was forwarded to.
[Email protected] etc]# IPVSADM-LCN IPVS Connection Entries Pro Expire State source virtual destination TCP 14:16 established 192.168.10.176:53564 192.168.98.77:2200 192.168.98.117:2200 TCP 14:16 established 192.168.10.176:53563 192.168.98.77:2200 192.168.98.117:2200 TCP 00:36 NONE 192.168.10.176:0 192.168.98.77:2200 192.168.98.117:2200 TCP 14:16 established 192.168.10.176:53562 192.168.98.77:2200 192.168.98.117:2200 TCP 14:16 established 192.168.10.176:53559 192.168.98.77:2200 192.168.98.117:2200 TCP 14:16 established 192.168.10.176:53561 192.168.98.77:2200 192.168.98.117:2200 TCP 14:16 established 192.168.10.176:53560 192.168.98.77:2200 192.168.98.117:2200 |
[email protected] localhost ~]# ipvsadm–lcn|grep 192.168.98.117
See how a real server is being turned
[Email protected] etc]# IPVSADM-LCN |grep 192.168.98.117 TCP 14:56 established 192.168.10.176:53564 192.168.98.77:2200 192.168.98.117:2200 TCP 14:56 established 192.168.10.176:53563 192.168.98.77:2200 192.168.98.117:2200 TCP 00:16 NONE 192.168.10.176:0 192.168.98.77:2200 192.168.98.117:2200 TCP 14:56 established 192.168.10.176:53562 192.168.98.77:2200 192.168.98.117:2200 TCP 14:56 established 192.168.10.176:53559 192.168.98.77:2200 192.168.98.117:2200 TCP 14:56 established 192.168.10.176:53561 192.168.98.77:2200 192.168.98.117:2200 TCP 14:56 established 192.168.10.176:53560 192.168.98.77:2200 192.168.98.117:2200 |
6 Appendix: Configuration Notes 6.1 Host planning instructions
In this example, 4 hosts are used in the plan, in fact, the director server and real server can be the same host. It is important to note that Director server: The real server in which master is one is not required to do a real server configuration, that is, do not need to perform lvsrs*.sh.
6.2 Real Server Configuration instructions
1, VIP (virtual IP). The VIP of the direct routing mode must be in the same network segment as the server's external service IP address, and the LVS load balancer and all other servers that provide the same functionality use this VIP.
2, VIP is bound in the loopback interface lo0:0 , its broadcast address is itself, and the subnet mask is 255.255.255.255. This differs greatly from the standard network address settings. This variable length mask is used to divide the network segment into only one host address to avoid IP address collisions.
3, echo "1", echo "2" The role of this paragraph is to suppress the ARP broadcast. If you do not do ARP suppression, there will be a lot of machines to the other ARP packets to claim that they are true, so it is a mess.
6.3 keepalived.conf Configuration Instructions
Description: A keepalived configuration file that features a complete configuration file keepalived.conf can contain three blocks of text: A global definition block, a VRRP instance definition block, and a virtual server definition block. Global definition blocks and virtual server definition blocks are required, and if you have only one load balancer, you do not need to VRRP instance definition blocks. Both the Ipvsadm and Keepalived methods are installed on the primary and standby servers, and the main difference is on the configuration file keepalived.conf.
Global definition Block
Global_defs { Notification_email { [Email protected] #故障接受联系人 } Notification_email_from [email protected] #故障发送人 Smtp_server 127.0.0.1 #本机发送邮件 Smtp_connect_timeout 30 router_id Lvs_master #BACKUP上修改为LVS_BACKUP } |
Can be added via mail notification failure, not configured in this example
1, email notification. Function: There is a malfunction, send an email alarm. This is optional and is not recommended and is replaced with nagios full monitoring.
2, curly braces "{}". Used to separate the definition block, so it must appear in pairs. If the write leaks, the keepalived run, will not get the expected results. Because of the nested relationships within the definition block, it is easy to omit the curly braces at the end, which is especially important.
VRRP Defining blocks
1, synchronous VRRP group Vrrp_sync_group. Role: Determines the number of routing instances that failed switchover (FailOver) contains. That is, in a scenario with 2 load balancers, once a load balancer fails, what are the instances that need to be automatically switched to another load balancer?
2. Instance groups group. Contains at least one VRRP instance.
3, VRRP instance vrrp_instance. The instance name is the name of the instance Group group.
(1) Instance status State. Only MASTER and BACKUP two states, and these words need to be capitalized. Where Master is the working state, backup is the standby state. When Master's server fails, the backup system automatically transforms its status to master, and when the failed Master System resumes, backup resumes from master to the backup state.
(2) Communication interface interface. A network interface that provides services externally, such as eth0,eth1. The current mainstream server has 2 or more than 2 interfaces, when selecting the service interface, it must be verified clearly.
(3) Lvs_sync_daemon_inteface. The monitoring interface between the load balancer. In DR mode, the Lvs_sync_daemon_inteface uses the same network interface as the service interface interface.
(4) Virtual route identification virtual_router_id. This identifier is a number and the same VRRP instance uses a unique identity. That is, the same vrrp_stance,master and BACKUP virtual_router_id are consistent and unique throughout the VRRP.
(5) Precedence priority. This is a number, the larger the value, the higher the priority. In the same vrrp_instance, MASTER has a higher priority than BACKUP. If MASTER has a priority value of 150, then the priority of backup is only 140 or smaller.
(6) Synchronization notification interval advert_int. The time interval, in seconds, between MASTER and the BACKUP load balancer for synchronization checks.
(7) Verify the authentication. Contains the authentication type and the authentication password. The type is mainly pass, ah two kinds, usually use the type of pass, it is said AH use problems. Verify that the password is plaintext and that the same VRRP instance master uses the same password as BACKUP to communicate properly.
4, Virtual IP address virtual_ipaddress. There can be multiple addresses, one row per address, and no subnet mask to be specified. Note: This IP must match the VIP we set in the LVS client (real server)!
Virtual Server Virtual_server definition block
The virtual server definition is the most important project of the keepalived framework and is an essential part of keepalived.conf.
1, Virtual server virtual_server. This IP comes from the "4" step of the VRRP definition block, followed by a space, followed by a port number. Defines a VIP that can implement load balancing on multiple TCP ports.
(1) Delay_loop. The health check interval, in seconds.
(2) Lb_algo. Load balancing scheduling algorithm, the use of the WLC or RR is often used in Internet applications.
(3) Lb_kind. Load-balanced forwarding rules. Generally includes dr,nat,tun3 species, the way DR is used here.
(4) Persistence_timeout. Session hold time in seconds. This option is useful for dynamic sites: When a user logs on to a website from a remote account, the session hold function is used to forward the user's request to the same application server. Here, let's assume that there is now an LVS environment, using the DR forwarding mode, there are 3 real servers, and the load balancer does not enable session hold functionality. When the user first visited, his access request was transferred to a real server by the load balancer, so he saw a landing page, the first access is complete, then he filled in the Login box user name and password, and then submit; At this point, the problem may arise-the login cannot be successful. Because there is no session hold, the load balancer may forward the 2nd request to the other server.
(5) Forwarding Protocol protocol. There are generally TCP and UDP two types.
2, Real server real_server. That is, the server pool. The value of the real_server includes the IP address and port number.
(1) Weight weight. The weight value is a number, the greater the value, the higher the weight. The purpose of using different weights is to assign different loads to different performance machines, and to load the machines with better performance, and the lower the performance of the machines, the less load is shared, so that the machine resources of different performance can be rationally utilized.
(2) TCP check tcp_check.
Resources:
Http://www.keepalived.org/pdf/sery-lvs-cluster.pdf
Http://www.cnblogs.com/mchina/archive/2012/08/27/2644391.html
Http://blog.51cto.com/tag-lvs%E5%AE%89%E8%A3%85%E9%85%8D%E7%BD%AE.html
Http://www.keepalived.org/documentation.html
Linux load balancer software lvs-using lvs+keepalived