基于keepalived和RS端腳本配置的案例,,後端是tomcat應用程式.
軟體位址:
<code>wget http://www.keepalived.org/software/keepalived-1.1.19.tar.gz</code>
再做以下操作之前,應該lvs配置成功、配置見這篇文章
<code>http://douya.blog.51cto.com/6173221/1680692</code>
開始配置lvs基于keepalived的環境
<code>[root@lvs-1 soft]</code><code># ls -al /usr/src/</code>
<code>total 16</code>
<code>drwxr-xr-x. 4 root root 4096 Nov 19 00:26 .</code>
<code>drwxr-xr-x. 14 root root 4096 Nov 19 00:32 ..</code>
<code>drwxr-xr-x. 2 root root 4096 Sep 23 2011 debug</code>
<code>drwxr-xr-x. 4 root root 4096 Nov 19 00:27 kernels</code>
<code>lrwxrwxrwx. 1 root root 39 Nov 19 00:26 linux -> </code><code>/usr/src/kernels/2</code><code>.6.32-431.el6.x86_64/</code>
<code> </code>
<code>安裝前先檢視是不是有此路徑,如果沒有,請執行以下步驟:</code>
<code>ls</code> <code>/usr/src/kernels/2</code><code>.6.32-573.8.1.el6.x86_64/ </code>
<code>yum </code><code>install</code> <code>kernel kernel-devel -y </code>
<code> </code>
<code>ln</code> <code>-s </code><code>/usr/src/kernels/2</code><code>.6.32-573.8.1.el6.x86_64/ </code><code>/usr/src/linux/</code>
<code>[root@lvs-1 keepalived-1.1.19]</code><code>tar</code> <code>xvf keepalived-1.1.19.</code><code>tar</code><code>.gz </code>
<code>[root@lvs-1 keepalived-1.1.19] </code><code>cd</code> <code>keepalived-1.1.19</code>
<code>[root@lvs-1 keepalived-1.1.19] .</code><code>/configure</code>
<code> </code><code>configure: error:</code>
<code> </code><code>!!! OpenSSL is not properly installed on your system. !!!</code>
<code> </code><code>!!! Can not include OpenSSL headers files. !!!</code>
<code>[root@lvs-1 keepalived-1.1.19]yum </code><code>install</code> <code>openssl* -y </code>
<code>[root@lvs-1 keepalived-1.1.19].</code><code>/configure</code>
<code>Keepalived configuration</code>
<code>------------------------</code>
<code>Keepalived version : 1.1.19</code>
<code>Compiler : gcc</code>
<code>Compiler flags : -g -O2</code>
<code>Extra Lib : -lpopt -lssl -lcrypto </code>
<code>Use IPVS Framework : Yes</code>
<code>IPVS </code><code>sync</code> <code>daemon support : Yes</code>
<code>Use VRRP Framework : Yes</code>
<code>Use Debug flags : No</code>
<code>表明無誤</code>
<code>[root@lvs-1 keepalived-1.1.19]</code><code>make</code> <code>&&</code><code>make</code> <code>install</code>
以上是編譯安裝,推薦使用yum install keepalived 安裝
一、開始安裝
<code>yum install keepalived </code><code>-</code><code>y</code>
二、開始配置keepalived、
<code>lvs-1 配置keepalived ---MASTER</code>
<code>[root@lvs-1 ~]</code><code># more /etc/keepalived/keepalived.conf </code>
<code>! Configuration File </code><code>for</code> <code>keepalived</code>
<code>global_defs {</code>
<code> </code><code>notification_email {</code>
<code> </code><code>[email protected]</code>
<code> </code><code>}</code>
<code> </code><code>notification_email_from root@localhost</code>
<code> </code><code>smtp_server localhost</code>
<code> </code><code>smtp_connect_timeout 30</code>
<code> </code><code>router_id LVS_1</code>
<code>}</code>
<code>vrrp_instance VI_1 {</code>
<code> </code><code>state MASTER</code>
<code> </code><code>interface eth0</code>
<code> </code><code>virtual_router_id 51</code>
<code> </code><code>priority 100</code>
<code> </code><code>advert_int 1</code>
<code> </code><code>authentication {</code>
<code> </code><code>auth_type PASS</code>
<code> </code><code>auth_pass 1111</code>
<code> </code><code>}</code>
<code> </code><code>virtual_ipaddress {</code>
<code> </code><code>192.168.2.12</code><code>/24</code>
<code>virtual_server 192.168.2.12 80 { </code><code>#設定虛拟伺服器,需要指定虛拟IP與服務端口,用空格分隔</code>
<code> </code><code>delay_loop 6 </code><code>#設定健康狀态檢查時間,機關為秒</code>
<code> </code><code>lb_algo rr </code><code>#設定負載高度算法,rr為輪詢</code>
<code> </code><code>lb_kind DR </code><code>#設定LVS實作負載均衡的機制,可以為{NAT|TUN|DR}三種</code>
<code> </code><code>nat_mask 255.255.255.0 </code><code>#設定掩碼</code>
<code> </code><code>persistence_timeout 50 </code><code>#會話保持時間,機關為秒;這個選項對于動态網頁是非常有用的,為叢集系統中session共享提供了一個很好的解決方案</code>
<code> </code><code>protocol TCP </code><code>#指定轉發協定類型可以設定{TCP|UDP}兩種</code>
<code> </code><code>real_server 192.168.2.221 80 { </code><code>#後端伺服器節點,需要指定Real_server的IP與端口,用空格分隔</code>
<code> </code><code>weight 1 </code><code>#配置服務節點的權重,數字越大,權重越高</code>
<code> </code><code>TCP_CHECK { </code>
<code> </code><code>connect_timeout 3 </code><code>#這個設定幾秒鐘測試一下這服務有沒有挂.</code>
<code> </code><code>nb_get_retry 3</code>
<code> </code><code>delay_before_retry 3</code>
<code> </code><code>connect_port 80</code>
<code> </code><code>}</code>
<code> </code><code>real_server 192.168.2.30 80 {</code>
<code> </code><code>weight 1</code>
<code> </code><code>TCP_CHECK { </code>
<code> </code><code>connect_timeout 3 </code><code>#這個設定幾秒鐘測試一下這服務有沒有挂.</code>
SLAVE端配置檔案
<code>[root@lvs-2~]</code><code># more /etc/keepalived/keepalived.conf </code>
<code> </code><code>router_id LVS_2</code>
<code> </code><code>state BACKUP</code>
<code> </code><code>priority 90</code>
<code> </code><code>TCP_CHECK { </code>
<code> </code><code>nb_get_retry 3 </code>
<code> </code><code>TCP_CHECK { </code>
啟動master,slave,,在master檢視狀态
<code>[root@lvs-1 scripts]</code><code># ip a</code>
<code>1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN </code>
<code> </code><code>link</code><code>/loopback</code> <code>00:00:00:00:00:00 brd 00:00:00:00:00:00</code>
<code> </code><code>inet 127.0.0.1</code><code>/8</code> <code>scope host lo</code>
<code> </code><code>inet6 ::1</code><code>/128</code> <code>scope host </code>
<code> </code><code>valid_lft forever preferred_lft forever</code>
<code>2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000</code>
<code> </code><code>link</code><code>/ether</code> <code>00:0c:29:c8:69:ec brd ff:ff:ff:ff:ff:ff</code>
<code> </code><code>inet 192.168.2.13</code><code>/24</code> <code>brd 192.168.2.255 scope global eth0</code>
<code> </code><code>inet 192.168.2.12</code><code>/24</code> <code>scope global secondary eth0</code>
<code> </code><code>inet6 fe80::20c:29ff:fec8:69ec</code><code>/64</code> <code>scope link </code>
到目前為止,在lvs server端的配置已經完成、
三、下面開始配置real-server後面節點即(綁定VIP到lo,抑制ARP、)
此處可以使用腳本進行配置
<code> </code>
<code>#!/bin/sh</code>
<code>#Date: 2015-11-20</code>
<code>#By: charles</code>
<code>#Description: deploy backend server (bind lo interface and Inhibition arp)</code>
<code>VIP=</code><code>"192.168.2.12"</code>
<code>INT=</code><code>"lo:0"</code>
<code>lo_INT=`</code><code>ifconfig</code><code>|</code><code>grep</code> <code>lo|</code><code>awk</code> <code>-F </code><code>" "</code> <code>'{print $1 }'</code><code>`</code>
<code>. </code><code>/etc/init</code><code>.d</code><code>/functions</code>
<code>function</code> <code>start() {</code>
<code>if</code> <code>[ </code><code>"$lo_INT"</code> <code>== </code><code>"lo"</code> <code>];</code><code>then</code>
<code> </code><code>ifconfig</code> <code>$INT $VIP broadcast $VIP netmask 255.255.255.255 up</code>
<code> </code><code>route add -host $VIP dev $INT</code>
<code> </code><code>echo</code> <code>"1"</code> <code>> </code><code>/proc/sys/net/ipv4/conf/lo/arp_ignore</code>
<code> </code><code>echo</code> <code>"2"</code> <code>> </code><code>/proc/sys/net/ipv4/conf/lo/arp_announce</code>
<code> </code><code>echo</code> <code>"1"</code> <code>> </code><code>/proc/sys/net/ipv4/conf/all/arp_ignore</code>
<code> </code><code>echo</code> <code>"2"</code> <code>> </code><code>/proc/sys/net/ipv4/conf/all/arp_announce</code>
<code>else</code>
<code> </code><code>echo</code> <code>"vip is binded,Pls Re binding"</code>
<code> </code><code>exit</code> <code>2</code>
<code>fi</code>
<code>if</code> <code>[ $? -</code><code>eq</code> <code>0 ]</code>
<code> </code><code>then</code>
<code> </code><code>action </code><code>"start bind vip and Inhibition arp is success"</code> <code>/bin/true</code>
<code>else</code>
<code> </code><code>action </code><code>"start bind vip and Inhibition arp failed"</code> <code>/bin/false</code>
<code>} </code>
<code>function</code> <code>stop() {</code>
<code>ifconfig</code> <code>$INT $VIP broadcast $VIP netmask 255.255.255.255 up</code>
<code>echo</code> <code>"0"</code> <code>> </code><code>/proc/sys/net/ipv4/conf/lo/arp_ignore</code>
<code>echo</code> <code>"0"</code> <code>> </code><code>/proc/sys/net/ipv4/conf/lo/arp_announce</code>
<code>echo</code> <code>"0"</code> <code>> </code><code>/proc/sys/net/ipv4/conf/all/arp_ignore</code>
<code>echo</code> <code>"0"</code> <code>> </code><code>/proc/sys/net/ipv4/conf/all/arp_announce</code>
<code>if</code> <code>[ </code><code>"$INT"</code> <code>!= </code><code>"lo"</code> <code>]</code>
<code> </code><code>action </code><code>"stop bind vip and Inhibition arp is success"</code> <code>/bin/true</code>
<code>elif</code> <code>[ </code><code>"$INT"</code> <code>== </code><code>"lo"</code> <code>]</code>
<code> </code><code>then</code>
<code> </code><code>action </code><code>"stop bind vip is and Inhibition arp failed"</code> <code>/bin/false</code>
<code> </code><code>echo</code> <code>"bind Error"</code>
<code>function</code> <code>restart() {</code>
<code> </code><code>stop</code>
<code> </code><code>sleep</code> <code>1</code>
<code> </code><code>start</code>
<code>case</code> <code>"$1"</code> <code>in</code>
<code> </code><code>start)</code>
<code> </code><code>start</code>
<code> </code><code>;;</code>
<code> </code><code>stop)</code>
<code> </code><code>stop</code>
<code> </code><code>restart)</code>
<code> </code><code>restart</code>
<code> </code><code>;; </code>
<code> </code><code>*)</code>
<code> </code><code>echo</code> <code>"USAGE :$0 {start|stop|restart}"</code>
<code> </code><code>exit</code> <code>2</code>
<code>esac</code>
<code>exit</code> <code>$?</code>
四、還有對keepalived的日志做rsyslog的日志專門記錄
<code>root@lvs-1 ~]</code><code># cat /etc/sysconfig/keepalived </code>
<code>1,修改keepalived的日志格式</code>
<code># Options for keepalived. See `keepalived --help' output and keepalived(8) and</code>
<code># keepalived.conf(5) man pages for a list of all options. Here are the most</code>
<code># common ones :</code>
<code>#</code>
<code># --vrrp -P Only run with VRRP subsystem.</code>
<code># --check -C Only run with Health-checker subsystem.</code>
<code># --dont-release-vrrp -V Dont remove VRRP VIPs & VROUTEs on daemon stop.</code>
<code># --dont-release-ipvs -I Dont remove IPVS topology on daemon stop.</code>
<code># --dump-conf -d Dump the configuration data.</code>
<code># --log-detail -D Detailed log messages.</code>
<code># --log-facility -S 0-7 Set local syslog facility (default=LOG_DAEMON)</code>
<code>#KEEPALIVED_OPTIONS="-D"</code>
<code>KEEPALIVED_OPTIONS=</code><code>"-D -d -S 0"</code><code>,</code>
<code>2, 配置rsyslog</code>
<code>yum </code><code>install</code> <code>syslog -y</code>
<code>新加一下行</code>
<code>[root@lvs-1 ~]</code><code># vim /etc/rsyslog.conf | grep local0</code>
<code>local0.* </code><code>/var/log/keepalived</code><code>.log</code>
<code>[root@lvs-1 ~]</code><code># </code>
<code>/etc/init</code><code>.d</code><code>/rsyslog</code> <code>restart</code>
<code>/etc/init</code><code>.d</code><code>/keepalived</code> <code>restart</code>
<code>3,檢視日志</code>
<code>[root@lvs-1 ~]</code><code># tail -f /var/log/keepalived.log </code>
<code>Nov 20 13:36:27 lvs-1 Keepalived_healthcheckers[12935]: Using LinkWatch kernel netlink reflector...</code>
<code>Nov 20 13:36:27 lvs-1 Keepalived_healthcheckers[12935]: Activating healthchecker </code><code>for</code> <code>service [192.168.2.221]:80</code>
<code>Nov 20 13:36:27 lvs-1 Keepalived_healthcheckers[12935]: Activating healthchecker </code><code>for</code> <code>service [192.168.2.30]:80</code>
<code>Nov 20 13:36:28 lvs-1 Keepalived_vrrp[12936]: VRRP_Instance(VI_1) Transition to MASTER STATE</code>
<code>Nov 20 13:36:28 lvs-1 Keepalived_vrrp[12936]: VRRP_Instance(VI_1) Received lower prio advert, forcing new election</code>
<code>Nov 20 13:36:29 lvs-1 Keepalived_vrrp[12936]: VRRP_Instance(VI_1) Entering MASTER STATE</code>
<code>Nov 20 13:36:29 lvs-1 Keepalived_vrrp[12936]: VRRP_Instance(VI_1) setting protocol VIPs.</code>
<code>Nov 20 13:36:29 lvs-1 Keepalived_healthcheckers[12935]: Netlink reflector reports IP 192.168.2.12 added</code>
<code>Nov 20 13:36:29 lvs-1 Keepalived_vrrp[12936]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 </code><code>for</code> <code>192.168.2.12</code>
<code>Nov 20 13:36:34 lvs-1 Keepalived_vrrp[12936]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 </code><code>for</code> <code>192.168.2.12</code>
##########################################################################################
LB server本機配置nginx服務
master 配置檔案如下:
vim keepalived.conf
! Configuration File for keepalived
vrrp_script check_run {
script "/etc/keepalived/nginx_check.sh"
interval 5
weight 2
}
global_defs {
notification_email {
}
notification_email_from root@localhost
smtp_server localhost
smtp_connect_timeout 30
router_id LVS_1
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51 ## the same as slave lvs
priority 100
advert_int 1
track_interface {
eth0
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.2.12
track_script {
check_run
}
}
#BACKUP 配置檔案
state BACKUP
virtual_router_id 51 ## the same as MASTER lvs
priority 90
以下是檢查nginx健康狀态的腳本:
#!/bin/bash
NGINX_PROCESS=`ps -C nginx --no-header | wc -l`
if [ $NGINX_PROCESS -eq 0 ];then
/usr/local/nginx/sbin/nginx
sleep 3
if [ `ps -C nginx --no-header | wc -l` -eq 0 ];then
/etc/init.d/keepalived stop
fi
fi
本文轉自crazy_charles 51CTO部落格,原文連結:http://blog.51cto.com/douya/1715183,如需轉載請自行聯系原作者
![圖解HTTP八:确認通路使用者身份的認證[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)