国产一级a片免费看高清,亚洲熟女中文字幕在线视频,黄三级高清在线播放,免费黄色视频在线看

-------------------LVS專題------------------------LVS原理詳解及部署之一：ARP原理準備LVS原理詳解及部署之二：LVS原理詳解（3種工作方式8種調(diào)度算法）LVS原理詳解及部署之三：手動部署LVSLVS原理詳解及部署之四：keepalived介紹LVS原理詳解及部署之五：LVS+keepalived實現(xiàn)負載均衡&高可用-------------------------------------------------之前已經(jīng)講解LVS原理，并且介紹了如果手動部署LVS。但由于我們需要進行RS節(jié)點服務(wù)器的健康檢查，還有要做LVS的HA。此文就主要介紹keepalived的原理，并且介紹如何部署keepalived做作為web服務(wù)器的HA。本文的目錄如下：一、keepalived原理介紹二、部署keepalived作為web服務(wù)器的HA三、腳本實現(xiàn)監(jiān)控httpd服務(wù)一、keepalived原理介紹1）keepalived簡介Keepalived的功能有點像是兩個人互相看著一個工作，如果一個人離開崗位另外一個人就會接替，這個keepalived就是他們之間保持這樣“替換機制”的工具。keepalived是一個類似于layer3, 4 & 5交換機制的軟件，也就是我們平時說的第3層、第4層和第5層交換。Keepalived的作用是檢測web服務(wù)器的狀態(tài)，如果有一臺web服務(wù)器死機，或工作出現(xiàn)故障，Keepalived將檢測到，并將有故障的web服務(wù)器從系統(tǒng)中剔除，當(dāng)web服務(wù)器工作正常后Keepalived自動將web服務(wù)器加入到服務(wù)器群中，這些工作全部自動完成，不需要人工干涉，需要人工做的只是修復(fù)故障的web服務(wù)器。Keepalived服務(wù)主要有兩大用途：heartbeat（高可用）&failover（健康檢測）Keepalived服務(wù)主要截圖vrrp來完成這些工作的，以下我就來介紹下VRRP協(xié)議是怎樣的工作的，那么基本上keepalived的工作原理就是如此。2）VRRP協(xié)議（VRRP Virtual Router Redundancy Protocol，虛擬路由冗余協(xié)議）VRRP協(xié)議過程簡述：VRRP 將局域網(wǎng)的一組路由器（包括一個Master 即活動路由器和若干個Backup 即備份路由器）組織成一個虛擬路由器，稱之為一個備份組。這個虛擬的路由器擁有自己的IP 地址10.100.10.1（這個IP 地址可以和備份組內(nèi)的某個路由器的接口地址相同，相同的則稱為ip擁有者），備份組內(nèi)的路由器也有自己的IP 地址（如Master的IP 地址為10.100.10.2，Backup 的IP 地址為10.100.10.3）。局域網(wǎng)內(nèi)的主機僅僅知道這個虛擬路由器的IP 地址10.100.10.1，而并不知道具體的Master 路由器的IP 地址10.100.10.2 以及Backup 路由器的IP 地址10.100.10.3。[1]它們將自己的缺省路由下一跳地址設(shè)置為該虛擬路由器的IP 地址10.100.10.1。于是，網(wǎng)絡(luò)內(nèi)的主機就通過這個虛擬的路由器來與其它網(wǎng)絡(luò)進行通信。如果備份組內(nèi)的Master 路由器壞掉，Backup 路由器將會通過選舉策略選出一個新的Master 路由器，繼續(xù)向網(wǎng)絡(luò)內(nèi)的主機提供路由服務(wù)。從而實現(xiàn)網(wǎng)絡(luò)內(nèi)的主機不間斷地與外部網(wǎng)絡(luò)進行通信。VRRP原理：一個VRRP路由器有唯一的標識：VRID，范圍為0—255該路由器對外表現(xiàn)為唯一的虛擬MAC地址，地址的格式為00-00-5E-00-01-[VRID]主控路由器負責(zé)對ARP請求用該MAC地址做應(yīng)答這樣,無論如何切換，保證給終端設(shè)備的是唯一一致的IP和MAC地址，減少了切換對終端設(shè)備的影響[3]VRRP控制報文只有一種：VRRP通告(advertisement)它使用IP多播數(shù)據(jù)包進行封裝，組地址為224.0.0.18，發(fā)布范圍只限于同一局域網(wǎng)內(nèi)這保證了VRID在不同網(wǎng)絡(luò)中可以重復(fù)使用為了減少網(wǎng)絡(luò)帶寬消耗只有主控路由器才可以周期性的發(fā)送VRRP通告報文備份路由器在連續(xù)三個通告間隔內(nèi)收不到VRRP或收到優(yōu)先級為0的通告后啟動新的一輪VRRP選舉[3]在VRRP路由器組中，按優(yōu)先級選舉主控路由器，VRRP協(xié)議中優(yōu)先級范圍是0—255若VRRP路由器的IP地址和虛擬路由器的接口IP地址相同，則稱該虛擬路由器作VRRP組中的IP地址所有者；IP地址所有者自動具有最高優(yōu)先級：255優(yōu)先級0一般用在IP地址所有者主動放棄主控者角色時使用可配置的優(yōu)先級范圍為1—254優(yōu)先級的配置原則可以依據(jù)鏈路的速度和成本路由器性能和可靠性以及其它管理策略設(shè)定主控路由器的選舉中，高優(yōu)先級的虛擬路由器獲勝，因此，如果在VRRP組中有IP地址所有者，則它總是作為主控路由的角色出現(xiàn)對于相同優(yōu)先級的候選路由器，按照IP地址大小順序選舉VRRP還提供了優(yōu)先級搶占策略，如果配置了該策略，高優(yōu)先級的備份路由器便會剝奪當(dāng)前低優(yōu)先級的主控路由器而成為新的主控路由器[3]為了保證VRRP協(xié)議的安全性，提供了兩種安全認證措施：明文認證和IP頭認證明文認證方式要求：在加入一個VRRP路由器組時，必須同時提供相同的VRID和明文密碼適合于避免在局域網(wǎng)內(nèi)的配置錯誤，但不能防止通過網(wǎng)絡(luò)監(jiān)聽方式獲得密碼IP頭認證的方式提供了更高的安全性，能夠防止報文重放和修改等攻擊。二、部署keepalived作為web服務(wù)器的HA1)部署兩臺apache web服務(wù)器yum install httpd -y/etc/init.d/httpd start2)分別安裝keepalived軟件#下載安裝wgethttp://www.keepalived.org/software/keepalived-1.2.8.tar.gztar -zxf keepalived-1.2.8.tar.gzcd keepalived-1.2.8ll./configure --prefix=/usr/local/keepalivedmakemake install#配置keepalived的自啟動&拷貝keepalived的執(zhí)行程序cp /usr/local/keepalive/sbin/keepalived/ /usr/sbin/cp cp /usr/local/keepalived/sbin/keepalived /usr/sbin//usr/local/keepalived/sbin/keepalivedcp /usr/local/keepalived/sbin/keepalived /usr/sbin/cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/3）編輯主web和備web的keepalived配置文件主web服務(wù)器的配置文件[root@localhost keepalived-1.2.8]# cat /etc/keepalived.conf! Configuration File for keepalivedglobal_defs {notification_email {  #設(shè)置報警郵件地址，可多行每行一個。752119102@qq.com}notification_email_from keepalived@localhost  #設(shè)置郵件的發(fā)送地址smtp_server 127.0.0.1                         #設(shè)置SMTP server地址smtp_connect_timeout 30                       #設(shè)置SMTP 超時時間router_id LVS_DEVEL                           #運行keepalived機器的一個標識}vrrp_instance VI_1 {                      #定義一個vrrp實例，不同實例的實例編號不一樣。state MASTER        #定義在keepalived的角色MASTER表示為主服務(wù)器，BACKUP為備服務(wù)器。interface eth0      #指定HA檢測的網(wǎng)絡(luò)接口virtual_router_id 51     #虛擬路由標示，同一個實例里的路由標示相同，且唯一。MASTER和BACKUP的路由標識一樣，且唯一。priority 100        #定義此服務(wù)器在此虛擬路由器中的優(yōu)先級，優(yōu)先級大權(quán)限高advert_int 1        #檢測時間間隔authentication {    #設(shè)置驗證類型和密碼，主從的密碼必須相同，要不兩者不通訊。auth_type PASSauth_pass 1111}virtual_ipaddress {     #設(shè)置虛擬IP地址，可以設(shè)置多個虛擬IP地址。192.168.41.249}}備web服務(wù)器的配置文件[root@localhost ~]# cat /etc/keepalived.conf! Configuration File for keepalivedglobal_defs {notification_email {752119102@qq.com}notification_email_from keepalive@localhostsmtp_server 127.0.0.1smtp_connect_timeout 30router_id LVS_DEVEL}vrrp_instance VI_1 {state BACKUPinterface eth0virtual_router_id 51priority 50advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.41.249}}啟動keepalived服務(wù)/etc/init.d/keepalived start/etc/init.d/keepalived stop4)查看keepalived日志信息主web服務(wù)器Jan 14 20:27:41 localhost Keepalived_vrrp[20840]: Opening file '/etc/keepalived/keepalived.conf'.Jan 14 20:27:41 localhost Keepalived_vrrp[20840]: Configuration is using : 36304 BytesJan 14 20:27:41 localhost Keepalived_vrrp[20840]: Using LinkWatch kernel netlink reflector...Jan 14 20:27:41 localhost Keepalived[20837]: Starting VRRP child process, pid=20840Jan 14 20:27:41 localhost Keepalived_vrrp[20840]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(11,12)]Jan 14 20:27:42 localhost Keepalived_vrrp[20840]: VRRP_Instance(VI_1) Transition to MASTER STATEJan 14 20:27:43 localhost Keepalived_vrrp[20840]: VRRP_Instance(VI_1) Entering MASTER STATEJan 14 20:27:43 localhost Keepalived_vrrp[20840]: VRRP_Instance(VI_1) setting protocol VIPs.Jan 14 20:27:43 localhost Keepalived_vrrp[20840]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.41.249Jan 14 20:27:43 localhost Keepalived_vrrp[20840]: Netlink reflector reports IP 192.168.41.249 addedJan 14 20:27:43 localhost avahi-daemon[3207]: Registering new address record for 192.168.41.249 on eth0.Jan 14 20:27:43 localhost Keepalived_healthcheckers[20839]: Netlink reflector reports IP 192.168.41.249 addedJan 14 20:27:44 localhost avahi-daemon[3207]: Invalid query packet.Jan 14 20:27:46 localhost last message repeated 8 timesJan 14 20:27:48 localhost Keepalived_vrrp[20840]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.41.249Jan 14 20:27:48 localhost avahi-daemon[3207]: Invalid query packet.備web服務(wù)器日志Jan 14 19:55:26 localhost Keepalived_vrrp[19423]: Opening file '/etc/keepalived/keepalived.conf'.Jan 14 19:55:26 localhost Keepalived_vrrp[19423]: Configuration is using : 36302 BytesJan 14 19:55:26 localhost Keepalived_vrrp[19423]: Using LinkWatch kernel netlink reflector...Jan 14 19:55:26 localhost Keepalived[19420]: Starting VRRP child process, pid=19423Jan 14 19:55:26 localhost Keepalived_vrrp[19423]: VRRP_Instance(VI_1) Entering BACKUP STATEJan 14 19:55:26 localhost Keepalived_vrrp[19423]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(11,12)]當(dāng)主web服務(wù)器的keepalived停掉后，及主keepalived重新啟動時的日志：Jan 14 20:25:57 localhost Keepalived_vrrp[19423]: VRRP_Instance(VI_1) Transition to MASTER STATEJan 14 20:25:58 localhost Keepalived_vrrp[19423]: VRRP_Instance(VI_1) Entering MASTER STATEJan 14 20:25:58 localhost Keepalived_vrrp[19423]: VRRP_Instance(VI_1) setting protocol VIPs.Jan 14 20:25:58 localhost Keepalived_vrrp[19423]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.41.249Jan 14 20:25:58 localhost Keepalived_vrrp[19423]: Netlink reflector reports IP 192.168.41.249 addedJan 14 20:25:58 localhost Keepalived_healthcheckers[19422]: Netlink reflector reports IP 192.168.41.249 addedJan 14 20:26:03 localhost Keepalived_vrrp[19423]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.41.249###主keepalived重新啟動后Jan 14 20:27:42 localhost Keepalived_vrrp[19423]: VRRP_Instance(VI_1) Received higher prio advertJan 14 20:27:42 localhost Keepalived_vrrp[19423]: VRRP_Instance(VI_1) Entering BACKUP STATEJan 14 20:27:42 localhost Keepalived_vrrp[19423]: VRRP_Instance(VI_1) removing protocol VIPs.并且通過tcpdump vrrp能夠看到兩者之間的通訊[root@localhost ~]# tcpdump vrrptcpdump: verbose output suppressed, use -v or -vv for full protocol decodelistening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes20:38:58.657600 IP 192.168.41.33 > vrrp.mcast.net: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 2020:38:59.658287 IP 192.168.41.33 > vrrp.mcast.net: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 2020:39:00.659280 IP 192.168.41.33 > vrrp.mcast.net: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 2020:39:01.660358 IP 192.168.41.33 > vrrp.mcast.net: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 2020:39:02.661203 IP 192.168.41.33 > vrrp.mcast.net: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 2020:39:03.662205 IP 192.168.41.33 > vrrp.mcast.net: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 2020:39:04.663129 IP 192.168.41.33 > vrrp.mcast.net: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20三、腳本實現(xiàn)監(jiān)控httpd服務(wù)目前keepalived能夠?qū)崿F(xiàn)當(dāng)我們的主web宕機或者網(wǎng)絡(luò)出現(xiàn)故障時進行切換，但如果僅是httpd進程出現(xiàn)故障，所以我們就需要寫一點實時監(jiān)控httpd進程狀態(tài)的腳本，即如果進程出現(xiàn)問題我們就進行切換。腳本內(nèi)容：#!/bin/bash#       QQ:752119102while truedohttpdpid=`ps -C httpd  --no-heading  |wc -l`if [ $httpdpid -eq 0 ];then/etc/init.d/httpd  startsleep 5httpdpid=`ps -C httpd  --no-heading  |wc -l`if [ $httpdpid -eq 0 ];then/etc/init.d/keepalive stopfifisleep 5done即當(dāng)我們的httpd進程被停止了，并且無法重啟我們會將keepalived進行停止，讓備web服務(wù)器進行接管，成為主WEB服務(wù)器提供服務(wù)。到此我們已經(jīng)能夠輕松的部署keepalived讓它作為web服務(wù)器的HA.