1. Basic concepts
1.keepalived is a software similar to layer3, 4 & 5 exchange mechanism, which is commonly referred to as Layer 3, Layer 4 and Layer 5 exchange.Keepalived is done automatically without manual intervention.
2.Keepalived's function is to detect the state of the server. If a web server is down or fails to work, Keepalived will detect and remove the faulty server from the system, and use other servers instead of the server. When the server is working properly, Keepalived will automatically add the server to the server cluster, all of which will be done automaticallyComplete without manual intervention, only repair the failed server.
3. The main purpose is to check the health of RealServer and to implement failover between LoadBalance host and BackUP host.
4. Highly available web architecture: LVS+keepalived+nginx+apache+php+eaccelerator(+nfs optional)
2. Experiment
Experimental environment:
| Host | ip | service |
|---|---|---|
| server1 | 172.25.66.1 | LVS ACTIVE (primary) |
| server4 | 172.25.66.4 | LVS BACKUP (Ready) |
| VIP | 172.25.66.100 | LVS VIP |
| server2 | 172.25.66.2 | Realserver1 |
| server3 | 172.25.66.3 | Realserver2 |
LVS ACTIVE (primary) 172.25.66.1
LVS BACKUP (Ready) 172.25.66.4
LVS VIP 172.25.66.100
Realserver1 172.25.66.2
Realserver2 172.25.66.3
Prerequisite:
First, create a snapshot named vm4, as follows:
1. Configuration
<1>Configure advanced yum sources
[root@server1 ~]# cd /etc/yum.repos.d/ [root@server1 yum.repos.d]# vim rhel-source.repo
The contents of the configuration file are as follows:
<2>Unzip the keepalived package and enter the keepalived-2.0.6 directory
[root@server1 yum.repos.d]# cd [root@server1 ~]# ls [root@server1 ~]# tar zxf keepalived-2.0.6.tar.gz [root@server1 ~]# ls [root@server1 ~]# cd keepalived-2.0.6
<3>Install the keepalived dependency package in the keepalived-2.0.6 directory: openssl-devel
[root@server1 keepalived-2.0.6]# yum install openssl-devel -y
<4>Compile the keepalived source package
[root@server1 keepalived-2.0.6]# ./configure --prefix=/usr/local/keepalived --with-init=SYSV [root@server1 keepalived-2.0.6]# make && make install
Be careful:
Be careful to compile in the keepalived-2.0.6 directory
<5>Give script executable permissions
[root@server1 keepalived-2.0.6]# cd /usr/local/keepalived/ [root@server1 init.d]# ls [root@server1 init.d]# chmod +x keepalived
<6>Make soft links for keeping alived management and settings
[root@server1 init.d]# ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d [root@server1 init.d]# ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig [root@server1 init.d]# ln -s /usr/local/keepalived/etc/keepalived/ /etc [root@server1 init.d]# ln -s /usr/local/keepalived/sbin/keepalived /sbin
<7>Modify the configuration in the file in server1
[root@server1 init.d]# cd /etc/keepalived/ [root@server1 keepalived]# ls [root@server1 keepalived]# vim keepalived.conf
The configuration is as follows:
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost #Emil address to receive alerts, you can add multiple
}
notification_email_from keepalived@localhost #Set mailing address
smtp_server 127.0.0.1 #Set smtp swrver address
smtp_connect_timeout 30 #Set connection smtp server timeout
router_id LVS_DEVEL #Identity ID of the load balancer for email alerts
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER #Standby to BACPUP, this state is determined by the value of priority, the current value of priority is less than the value of standby > machine, then MASTER state will be lost
interface eth0 #HA Monitoring Network Interface
virtual_router_id 51 #Main, standby virtual_router_id must be the same, value 0-255
priority 100 #Host priority, backup machine to 50, host priority must be greater than standby machine
advert_int 1 #Number of seconds between announcements between backups
authentication { #Validation during primary and standby switching
auth_type PASS #Set up authentication types, mainly PASS and AH
auth_pass 1111 #Set the authentication password, MASTER and BACPUP must use the same password in a vrrp_instance
//Ability to communicate normally
}
virtual_ipaddress { #Set virtual IP address, you can set multiple virtual IP addresses, one per line
172.25.66.100
}
}
virtual_server 172.25.66.100 80 { #Define Virtual Server
delay_loop 6 #Query realserver status every 6 seconds
lb_algo rr #lvs scheduling algorithm, where round-call is used
lb_kind DR #lvs is in DR mode
# persistence_timeout 50 #Session retention time, in seconds, is a very useful option for dynamic web pages
#Used to provide a good solution for session sharing in cluster systems.With this session retention feature, the user's
#The request is distributed to a service node until it exceeds the session retention time.It is important to note that this session guarantees
#Hold time, which is the maximum unresponsive timeout, means that if a user is not performing an assignment within 50 seconds while working on a dynamic page
#What happens, then the next action is distributed to another node, but if you keep working on dynamic pages, it won't take 50 seconds
#Time limit.
protocol TCP #Specify the type of forwarding protocol, tcp and udp
real_server 172.25.66.2 80 { #Configure Service Nodes
weight 1 #Configure the weight of the service node. The size of the weight is expressed as a number. The larger the number, the greater the weight
#The higher the value, the size of the setting weight can assign different loads to servers with different performance, and can be set for servers with higher performance
#Setting higher weights while setting lower weights on servers with lower performance makes reasonable use and allocation of system resources
TCP_CHECK{ #The state detection settings section of realserve in seconds
connect_timeout 3 #10s no response timeout
retry 3 #retry count
delay_before_retry 3 #retry interval
}
}
real_server 172.25.66.3 80 {
weight 1
TCP_CHECK{
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
<8>Send the configuration number file to standby (server4) and make modifications
[root@server1 keepalived]# cd /usr/local [root@server1 local]# scp -r keepalived root@172.25.66.4:/usr/local [root@server4 keepalived]# vim keepalived.conf
The configuration is as follows:
state BACKUP #Standby to BACPUP, this state is determined by the value of priority, the current value of priority is less than the value of standby, then MASTER state will be lost
priority 50 #Host priority, backup machine to 50, host priority must be greater than standby machine
<9>Do the same soft links in server4
[root@server4 keepalived]# ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d [root@server4 keepalived]# ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig [root@server4 keepalived]# ln -s /usr/local/keepalived/etc/keepalived/ /etc [root@server4 keepalived]# ln -s /usr/local/keepalived/sbin/keepalived /sbin
<10>Restart the service in both server1 and server4
Restart the service in server1 (if the restart is unsuccessful, the service was not started before)
[root@server1 local]# /etc/init.d/keepalived restart [root@server1 local]# /etc/init.d/keepalived start [root@server1 local]# /etc/init.d/keepalived restart
Restart the service in server4 (if the restart is unsuccessful, the service was not started before)
[root@server4 keepalived]# /etc/init.d/keepalived restart [root@server4 keepalived]# /etc/init.d/keepalived start [root@server4 keepalived]# /etc/init.d/keepalived restart
2. Testing
(1) Testing whether vip drift (about 10s)
<1>When you turn on the service, you will find that the vip address is automatically assigned (172.25.66.100)
<2>Turn off the keepalived service of server1 (host), vip address will drift to server4 (standby)
<3>Open the service again in server1, and you'll see that vip addresses drift back, whereas there are no vip addresses in server4
(2) Testing health examination
<1>Test When there is no service downtime, test results in the physical machine find test page call output (Note: to turn on apache services for server2 and server3)
Open apache service:
[root@server2 ~]# /etc/init.d/httpd start [root@server3 ~]# /etc/init.d/httpd start
Test on a physical machine:
[root@foundation66 images]# curl 172.25.66.100 [root@foundation66 images]# curl 172.25.66.100 [root@foundation66 images]# curl 172.25.66.100 [root@foundation66 images]# curl 172.25.66.100
<2>When apache for server3 is turned off, test again and find that only server 2 test pages output normally
Turn off apache service:
[root@server3 ~]# /etc/init.d/httpd stop
Test on a physical machine:
[root@foundation66 images]# curl 172.25.66.100 [root@foundation66 images]# curl 172.25.66.100 [root@foundation66 images]# curl 172.25.66.100 [root@foundation66 images]# curl 172.25.66.100
<3>When server2's apache is shut down again, it is tested again and found that the normal output is not possible (to shut down ldirectord because the check here has nothing to do with the ldirectord health check)
Turn off apache service:
[root@server2 ~]# /etc/init.d/httpd stop
Test on a physical machine:
[root@foundation66 images]# curl 172.25.66.100 [root@foundation66 images]# curl 172.25.66.100 [root@foundation66 images]# curl 172.25.66.100 [root@foundation66 images]# curl 172.25.66.100
(Miss Jingwen, I miss you too. We'll go to eat Luffa tomorrow and take pictures of you.)