Shulou(Shulou.com)06/02 Report--

The interview must be taken.

The function of keepalived can also be realized by script.

Keepalive, mainly VRRP.

Based on IP (layer 3 network layer), port (layer 4 transport layer) and application layer (layer 7), ensure the normal operation of the service.

Master will regularly send broadcast packets to bakcup. If you don't send backup, you will think that master is dead and re-elected. This can only be checked and restarted, and it can only be balanced with LVS.

Direct yum install-y keepalived ipvsadm

Or source code installation

Yum install kernel kernel-devel popt-devel openssl-devel gcc gcc-c++-y & &

Wget http://www.keepalived.org/software/keepalived-1.2.1.tar.gz & &

Tar-zxf keepalived-1.2.1.tar.gz & & cd keepalived-1.2.1

. / configure-- with-kernel-dir=/usr/src/kernels/2.6.32-696.1.1.el6.x86_64/

Mkdir / etc/keepalived

\ cp / usr/local/sbin/keepalived / usr/sbin/keepalived

\ cp / usr/local/etc/rc.d/init.d/keepalived / etc/rc.d/init.d/keepalived

\ cp / usr/local/etc/sysconfig/keepalived / etc/sysconfig/keepalived

\ cp-r / usr/local/etc/keepalived / etc/keepalived

Cd / etc/keepalived

Change the conf file as follows. The configuration file is divided into three parts.

The first part of the global configuration, mainly to change the mailbox and routing ID, the two machines should be the same

The second part is to configure virtual IP.

The third part is to write and check which services of the local machine.

! Configuration File for keepalived # configure global variables, which mainly change email to whom and where to send it.

Global_defs {

Notification_email {

Wgkgood@139.com # configure to receive alarm email

}

Notification_email_from wgkgood@139.com # configure who to send email

Smtp_server 127.0.0.1

Smtp_connect_timeout 30

Router_id LVS_DEVEL # routing id

}

The configuration of # VIP1 VRRP protocol Config is to generate a virtual router

Vrrp_instance VI_1 {

State BACKUP # master and backup, which take precedence over priority

Interface eth0 # which network card is used to send the broadcast package?

Lvs_sync_daemon_inteface eth0

Virtual_router_id 151th # the routing id of the two is the same

Priority 100 # priority

Advert_int 5

Nopreempt # do not preempt, choose high priority and do not preempt, this one is added or not

Authentication {

Auth_type PASS

Auth_pass 2222

}

Virtual_ipaddress {# # virtual ip address, which is very important. You can enter and configure multiple addresses.

192.168.1.204

}

Notify_master # when matser executes this script

Notify_backup

}

# # it is written here to check what services are provided on the local machine, and only check the local machine

Virtual_server 192.168.1.204 3306 {

Delay_loop 6

Lb_algo wrr

Lb_kind DR

Persistence_timeout 60

Protocol TCP

Real_server 192.168.1.104 3306 {

Weight 100

Notify_down / data/sh/mysql.sh # execute this script when you have down

Notify_up can also do it.

TCP_CHECK {

Connect_timeout 10 # connection timeout

Number of nb_get_retry 3 # reconnections

Delay_before_retry 3 # reconnection interval

Connect_port 80 # Port for health check

}

}

}

Then restart / etc.init.d/keepalived restart

Tail-fn 100 / var/log/message

If there is no IPVS module, modprobe ip_vs loads the module

Through ip addr list, you can see that the virtual IP is matched on the eth0.

TCP_CHECK {

Connect_timeout 10 # connection timeout

Number of nb_get_retry 3 # reconnections

Delay_before_retry 3 # reconnection interval

Connect_port 80 # Port for health check

}

1. The above is port-based. Based on 2. Application:

Note: script monitoring Nginx or MYSQL is used, and the virtual server setting block, that is, the port check block, is not required.

Vrrp_script chk_nginx {

Script "/ data/script/nginx.sh" # Monitoring Service script

Interval 2 # detection interval (execution step interval)

Weight 2

}

# instance 1

Vrrp_instance VI_1 {

State MASTER # master and backup, which take precedence over priority

Interface eth0 # which network card is used to send the broadcast package?

Lvs_sync_daemon_inteface eth0

Virtual_router_id 151th # the routing id of the two is the same

Priority 100 # priority

Advert_int 5

Nopreempt # do not preempt, choose high priority and do not preempt, this one is added or not

Authentication {

Auth_type PASS

Auth_pass 2222

}

# instance 2

Vrrp_instance VI_2 {

State BACKUP # master and backup, which take precedence over priority

Interface eth0 # which network card is used to send the broadcast package?

Lvs_sync_daemon_inteface eth0

Virtual_router_id 152 # the routing id of the two is the same

Priority 100 # priority

Advert_int 5

Nopreempt # do not preempt, choose high priority and do not preempt, this one is added or not

Authentication {

Auth_type PASS

Auth_pass 2222

}

Track_script {# uses scripts to monitor chk_nginx

Chk_nginx

}

Virtual_ipaddress {# set vip

192.168.111.188

}

}

# contents of / data/script/nginx.sh:

#! / bin/bash

NUM= `ps-C nginx-- no-header | wc-l`

If [$NUM-eq 0]; then

/ etc/init.d/keepalived stop

Sleep 30

/ usr/local/nginx/sbin/nginx

/ etc/init.d/keepalived start

Fi

# # #

3. Based on URL

Change the TCP_CHECK part to

HTTP_GET {

Url {# check url, you can specify multiple

Path /

Summary information checked by digest ATM #

Return status code checked by status_code 200 #

}

From the top

Change state to backup,priority, change to 90, and change the checked server to local machine

Then you can use LAP to connect to the mysql of the virtual server

The core of keepalived:

When the port stops, execute the script, down.sh

And then VIP will cut to the top.

Content of the script:

/ etc/init,d/keepalived stop

Sleep 5

/ etc/init,d/keepalived start

Monitored service restart

There should be this script from above.

This script is to give opragx permission.

Be the master of each other

Two instances, two virtual servers, each with a VIP, are the master and slave of each other, and the routing id cannot be the same.

Heartbeat

The two machines must be connected by a network cable.

LVS

Load balancing based on IP is the most efficient load scheduler at present.

There is NAT,TUN,DR mode

There are algorithms: RR (round-robin), LC (least_connection), W (weight) RR, WLC mode, etc. (RR is polling mode, LC is minimum connection mode)

NAT method: the host where the VIP resides can be a public network IP, and address translation must be done in and out, so the efficiency is relatively low. When the user requests LVS to arrive at director (supervisor), director changes the destination address and port of the requested message to the backend realserver address and port, and the request arrives at realserver,realserver to return the data to director,director and then to the user (both requests go through director). If the traffic is heavy, director will become a bottleneck. The back end cannot exceed 20.

DR principle (configuring VIP on the back-end realserver): IP is a private network, and the user requests LVS to arrive at director,director to change the MAC address of the request destination to the MAC address of realserver, the destination IP or VIP, and the source IP or user IP. Then director sends the message to realserver,realserver to find that the destination IP and MAC are both their own. If the user is not in the same network segment as the realserver, it will be returned to the user through the gateway. If it is in the same network segment, the request will be returned directly to the user. The most efficient, Internet enterprises. This requires that the LVS and the back-end server are in the same network, otherwise it is impossible to implement the VIP on the back-end realserver.

TUN principle: similar to DR, it also changes the encapsulated MAC address and adds a layer of tunnel encryption, which is slightly less efficient than DR and higher than NAT.

DR mode with hundreds of nginx at the back end

Cd / usr/src/

Wget http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.24.tar.gz

The software version required by different versions may also be different.

Yum install kernel kernel-devel gcc gcc-c++-y

Ln-s / usr/src/kernels/2.6* / usr/src/linux

Tar xzvf ipvsadm-1.24.tar.gz & & cd ipvsadm-1.24 & & make & & make install

Ipvsadm, see if the installation is successful.

Parameter description:

-An add a virtual server address. -D deletion

The-t virtual server provides tcp services.

The scheduling algorithm used by-s.

-an add a real backend server to the virtual server.

-r specifies the real server address.

-m sets the current forwarding mode to NAT mode;-g to direct routing mode; and-I mode to tunnel mode.

-w the weight of the real server at the backend.

After LVS is installed, you need to configure it. There are two steps to configure. The first step is to define the port service, and the second step is to add the realserver backend service.

Ipvsadm-A-t 192.168.1.200 VIP 80-s rr # add VIP

Ipvsadm-a-t 192.168.1.200 purl 80-r 192.168.1.103-g-w 2

On the backend realserver, put VIP on the loopback address

VIP=192.168.1.201

Ifconfig lo:0$ VIP netmask 255.255.255.255 broadcast $VIP

/ sbin/route add-host $VIP dev lo:0

If the binding is restarted in this way, it will be invalid.

Ipvsadm-save > / tmp/lvs.txt Save LVS configuration

Ipvsadm-restore / proc/sys/net/ipv4/conf/lo/arp_ignore

Echo "2" > / proc/sys/net/ipv4/conf/lo/arp_announce

Echo "1" > / proc/sys/net/ipv4/conf/all/arp_ignore

Echo "2" > / proc/sys/net/ipv4/conf/all/arp_announce

Sysctl-p > / dev/null 2 > & 1

Echo "RealServer Start OK"

Exit 0

Stop)

Ifconfig lo:0 down

Route del $VIP > / dev/null 2 > & 1

Echo "0" > / proc/sys/net/ipv4/conf/lo/arp_ignore

Echo "0" > / proc/sys/net/ipv4/conf/lo/arp_announce

Echo "0" > / proc/sys/net/ipv4/conf/all/arp_ignore

Echo "0" > / proc/sys/net/ipv4/conf/all/arp_announce

Echo "RealServer Stoped OK"

Exit 1

*)

Echo "Usage: $0 {start | stop}"

Esac

# # #

Pressure testing tool http-tools

Ab-c 5000-n 10000 http://192.168.1.200/

Watch ipvsadm-L-n can watch the pressure test in real time.

Keepalived+LVS or script check + LVS

The server can configure keepalived, two LVS servers. Realserver client executes script

Install keepalived

Write to configuration file

! Configuration File for keepalived

Global_defs {

Notification_email {

Wgkgood@163.com

}

Notification_email_from wgkgood@163.com

Smtp_server 127.0.0.1

Smtp_connect_timeout 30

Router_id LVS_DEVEL

}

# VIP1

Vrrp_instance VI_1 {

State MASTER

Interface eth0

Lvs_sync_daemon_inteface eth0

Virtual_router_id 51

Priority 100

Advert_int 5

Nopreempt

Authentication {

Auth_type PASS

Auth_pass 1111

}

Virtual_ipaddress {

192.168.1.200

}

}

Virtual_server 192.168.1.200 80 {

Delay_loop 6

Lb_algo wrr

Lb_kind DR # here is equipped with forwarding method

# persistence_timeout 60 # configure session persistence time here

Protocol TCP

Real_server 192.168.1.102 80 {

Weight 100

TCP_CHECK {

Connect_timeout 10

Nb_get_retry 3

Delay_before_retry 3

Connect_port 80

}

}

Real_server 192.168.1.103 80 {

Weight 100

TCP_CHECK {

Connect_timeout 10

Nb_get_retry 3

Delay_before_retry 3

Connect_port 80

}

}

}

#

Realserver end

Tcpdump-nn port 80 nn is to display the network address

Tcpdump-nn port 22 and host 192.168.0.116 to see what this machine has connected to port 22

LVS troubleshooting

Domain name of ping website to see if it can be resolved to IP

Log in to the LVS server, ipvsadm-Ln to view the information, and tail-fn / var/log/messages to read the error report

See if the zabbix monitoring server has called the police.

Check the keepalived.conf configuration file for errors

Check whether the client's auto--realserver.sh script is started.

See if realserver has hung up (nginx)

If the backend nginx can receive the request from LVS but does not return it, the nginx VIP is not up.

The difference of LVS, haproxy and nginx equilibrium

LVS is a four-layer network layer, haproxy has seven layers and four layers, and nginx is a seven-layer application layer.

Advantages of LVS

LVS has strong anti-load ability, works above layer 4 of the network for distribution only, and does not generate traffic. This characteristic also determines its strongest performance in load balancing software, and ensures that the performance of equalizer Ihand O will not be affected by large traffic.

LVS is a special load balancing software, which can be used for any application.

The work is stable, because it has a strong anti-load ability, and it has a complete dual-computer hot backup scheme. At present, lvs+keepalived is mostly used, while the larger one is mostly lvs+heartbeat.

Advantages of nginx:

High concurrency of 1:Nginx, which can carry tens of thousands of concurrent connections at the same time

2:nginx is supported by sufficient third-party functional modules, mainly through the upstream module for load balancing.

3:nginx is less dependent on the network. In theory, as long as Ping is connected and web access is normal, nginx can be connected.

4: working above the 7 layers of the network, you can make some diversion strategies for http applications. Its regular rules are more powerful and flexible than haproxy, which is one of the main reasons why it is so popular. Nginx alone has far more occasions than lvs.

Disadvantages of nginx:

1: when using Nginx as a reverse proxy, the load balancing function is not very good, and the health check function of the back-end server is weak.

2:nginx only supports http, https and email protocols, so it is less applicable, which is its disadvantage.

3:nginx only supports detection by port, not by url.

Keepalived+mysql

Msyql main downlink machine, can be manually changed to slave IP, can also be automatically switched, using keepalived,heartbeat

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.