LVS+Keepalived實現高可用負載平衡 一、原理 1、概要介紹 如果將TCP/IP劃分為5層,則Keepalived就是一個類似於3~5層交換器制的軟體,具有3~5層交換功能,其主要作用是檢測web伺服器的狀態,如果某台web伺服器故障,Keepalived將檢測到並將其從系統中剔除,當該web伺服器工作正常後Keepalived自動將其加入到伺服器群中,這些工作全部自動完成,而不需要人工幹預,只需要人工修複故障的web伺服器即可。2、工作原理 Keepalived基於VRRP協議來實現高可用解決方案,利用其避免單點故障,通常這個解決方案中,至少有2台伺服器運行Keepalived,即一台為MASTER,另一台為BACKUP,但對外表現為一個虛擬IP,MASTER會發送特定訊息給BACKUP,當BACKUP收不到該訊息時,則認為MASTER故障了,BACKUP會接管虛擬IP,繼續提供服務,從而保證了高可用性,具體如: 圖1 Keepalived原理圖 3層機理是發送ICMP資料包即PING給某台伺服器,如果不痛,則認為其故障,並從伺服器群中剔除。 4層機理是檢測TCP連接埠號碼狀態來判斷某台伺服器是否故障,如果故障,則從伺服器群中剔除。 5層機理是根據使用者的設定檢查某個伺服器應用程式是否正常運行,如果不正常,則從伺服器群中剔除。3、實際作用 主要用作RealServer的健全狀態檢查,以及負載平衡裝置MASTER和BACKUP之間failover的實現。 二、架構 本系列文章以CentOS Linux release 6.0 (Final)為例,介紹用LVS+Keepalived實現高可用負載平衡。具體業務需求是用虛擬IP轉寄8080、25、21連接埠請求到後端的真實伺服器來處商務邏輯,系統拓撲如所示: 圖2 系統拓撲圖 用戶端通過VIP(Virtual IP)(172.28.14.227/228/229)來訪問負載平衡伺服器,負載平衡伺服器通過MASTER/172.28.19.92或BACKUP/172.28.19.93將請求分別轉寄給真實伺服器(Web伺服器/172.28.19.100/101/102、郵件伺服器/172.28.19.103/104/105、檔案伺服器/172.28.19.106/107/108)。 負載平衡伺服器的MASTER和BACKUP上都必須安裝LVS+Keepalived,下面開始安裝和配置之旅。 三、LVS安裝 Master和Backup都必須安裝LVS,安裝ipvsadm步驟如下: (1)依賴包安裝 執行如下命令查看依賴包是否安裝: (A)#rpm -qa|grep popt popt-static-1.13-7.el6.x86_64 popt-devel-1.13-7.el6.x86_64 popt-1.13-7.el6.x86_64 如果沒有上述包,則需要依次安裝,具體如下: #yum install popt #yum install popt-devel #yum install popt-static (B)rpm -qa|grep libnl libnl-1.1-14.el6.x86_64 libnl-devel-1.1-14.el6.x86_64 如果沒有上述包,則需要依次安裝,具體如下: #yum install libnl #yum install libnl-devel (2)ipvsadm安裝 #wget http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.26.tar.gz #tar zxvf ipvsadm-1.26.tar.gz #ln -s /usr/src/kernels/2.6.32-71.el6.x86_64 /usr/src/linux //注意:每個系統這個路徑可能會不一樣 #cd ipvsadm-1.26 #make #make install OK,LVS就這麼安裝好了。 四、Keepalived安裝 Master和Backup都必須安裝Keepalive,安裝步驟如下: #wget http://www.keepalived.org/software/keepalived-1.2.7.tar.gz #tar zxvf keepalived-1.2.7.tar.gz #cd keepalived-1.2.7 #./configure #make #make install OK,Keepalived安裝好了。 如果#./configure時出現下面錯誤: configure: error: !!! OpenSSL is not properly installed on your system. !!! !!! Can not include OpenSSL headers files. !!! 則需要安裝OpenSSL相關包: #yum install openssl #yum install openssl-devel 然後從#./configure步驟開始執行以下後續步驟就行。 五、配置1、服務指令碼 將Keepalived做成服務啟動(MASTER和BACKUP都是必須的),具體步驟如下: (1)拷貝服務啟動指令碼 #cp ./keepalived/etc/init.d /etc/init.d (2)拷貝設定檔 #mkdir /etc/keepalived #cp ./keepalived/etc/keepalived/keepalived.conf /etc/keepalived (3)拷貝可執行檔 #cp ./bin/keepalived /usr/bin (4)啟動/停止服務 #service keepalived start #service keepalived stop2、配置MASTER 備份並開啟設定檔修改部分內容,尤其注意紅色部分,具體如下: #cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak #vi /etc/keepalived/keepalived.conf vrrp_instance VI_1 { state MASTER # 狀態實際MASTER interface eth0 # 監聽網卡切換 virtual_router_id 51 priority 100 # 優先順序(越大優先順序越高) advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { # 虛擬IP地址清單,即VIP 172.28.14.227 172.28.14.228 172.28.14.229 } } virtual_server 172.28.14.227 8080 { delay_loop 6 lb_algo wlc lb_kind DR # DR模式 persistence_timeout 50 protocol TCP real_server 172.28.19.100 8080 { weight 1 # 權重(權重越高處理的請求越多) TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 8080 } } real_server 172.28.19.101 8080 { weight 1 # 權重(權重越高處理的請求越多) TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 8080 } } real_server 172.28.19.102 8080 { weight 1 # 權重(權重越高處理的請求越多) TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 8080 } } } virtual_server 172.28.14.228 25 { delay_loop 6 lb_algo wlc lb_kind DR # DR模式 persistence_timeout 50 protocol TCP real_server 172.28.19.103 25 { weight 1 # 權重(權重越高處理的請求越多) TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 25 } } real_server 172.28.19.104 25 { weight 1 # 權重(權重越高處理的請求越多) TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 25 } } real_server 172.28.19.105 25 { weight 1 # 權重(權重越高處理的請求越多) TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 25 } } } virtual_server 172.28.14.229 21 { delay_loop 6 lb_algo wlc lb_kind DR # DR模式 persistence_timeout 50 protocol TCP real_server 172.28.19.106 21 { weight 1 # 權重(權重越高處理的請求越多) TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 21 } } real_server 172.28.19.107 21 { weight 1 # 權重(權重越高處理的請求越多) TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 21 } } real_server 172.28.19.108 21 { weight 1 # 權重(權重越高處理的請求越多) TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 21 } } }3、配置BACKUP BACKUP配置與MASTER基本一致,除了紅色部分外,具體如下: #cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak #vi /etc/keepalived/keepalived.conf vrrp_instance VI_1 { state BACKP # 狀態實際BACKUP ... priority 99 # 優先順序99(比MASTER優先順序100低) ... } 4、配置Realserver 為Realserver的某塊網卡建立啟動指令碼,指令碼內容如下: #vi realserverd #!/bin/bash VIP=172.28.14.227 . /etc/rc.d/init.d/functions case "$1" in start) echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up /sbin/route add -host $VIP dev lo:0 sysctl -p > /dev/null 2>&1 echo "realserver start OK" ;; stop) echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce ifconfig lo:0 down /sbin/route del $VIP > /dev/null 2>&1 echo "realserver stoped" ;; *) echo "Usage:$0 {start|stop}" exit 1 esac exit 0 注意指令碼中紅色部分,每塊網卡綁定一個虛擬IP地址,如果綁定多個虛擬IP,則需要為每塊網卡建立一個指令碼,並且指定lo:X(比如:lo:0,lo:1等),另外,.和/etc/rc.d/funtions之間有空格。 啟動keepalived服務,並執行上述指令碼,然後用ip a能確認是否有VIP地址。 輸入ipvsadm -Ln查看LVS工作狀態。 停止MASTER的keepalived服務,BACKUP能接管VIP地址,再次啟動MASTER的keepalived服務,MASTER又能再一次接管VIP地址。 如果這些你都搞定了,恭喜你,你已經擁有高可用服務了
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
