LVS优点:工作在内核级别,不受socket文件数量的限制,并发数量对调度器本身来讲能达到3百万,缺点:工作在TCP层(IP+PORT),不具备对应用层报文调度,如网页的动静分离。
服务器IP地址规划(10.x模拟公网地址,192.x私网地址,172.x私网地址)
NFS:192.168.30.33
WEB1:192.168.30.17
WEB2:192.168.30.27
LVS:192.168.30.7 VIP:10.0.0.100
DNS:172.20.42.27
Mysql:192.168.30.30
Route:192.168.30.208, 10.0.0.200,172.20.42.200
Client: Windows IP 172.20.42.222
各服务器配置
WEB1
1. 网络
ifcfg-eth0
DEVICE=eth0
IPADDR=192.168.30.17
PREFIX=24
GATEWAY=192.168.30.208
ifcfg-eth0:1
DEVICE=eth0:1
IPADDR=10.0.0.100
PREFIX=8
2. 安装相应的包
yum install httpd php-fpm php-mysql -y
3. 在RS上修改内核参数以限制arp通告及应答级
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
WEB2
参考WEB1,只是将IP更改为192.168.30.27
DNS
1. 安装 yum install bind -y
2. 配置
vim /etc/named.rfc1912.zones
zone "blog.com" IN {
type master;
file "blog.com.zone";
};
vim /var/named/blog.com.zone
$TTL D
@ IN SOA master.blog.com admin.blog.com. (
0 ; serial
D ; refresh
H ; retry
W ; expire
H ) ; minimum
NS master
master A 172.20.42.27
www A 10.0.0.100
3. 启动systemctl restart named
Route路由配置
1. 网络
ifcfg-eth0
DEVICE=eth0
BOOTPROTO=none
IPADDR=192.168.30.208
PREFIX=24
ifcfg-eth0:1
DEVICE=eth0:1
BOOTPROTO=none
IPADDR=10.0.0.200
PREFIX=8
ifcfg-eth1
DEVICE=eth1
BOOTPROTO=none
IPADDR=172.20.42.200
PREFIX=16
2. 启用ip_forward
echo 1 > /prov/sys/net/ipv4/ip_forward
sysctl -a |grep ip_forward: net.ipv4.ip_forward = 1
LVS配置
1. 网络
ifcfg-eth0
DEVICE=eth0
BOOTPROTO=none
IPADDR=192.168.30.7
PREFIX=24
GATEWAY=192.168.30.208
ifcfg-eth0:1
DEVICE=eth0:1
BOOTPROTO=none
IPADDR=10.0.0.100
PREFIX=8
2. 运行如下的脚本(适当进行更改)
[root@lvs ~]#cat lvs_dr_vs.sh
#!/bin/bash
#Author:wangxiaochun
#Date:2017-08-13
vip='10.0.0.100'
iface='eth0:1'
mask='255.255.255.255'
port='80'
rs1='192.168.30.17'
rs2='192.168.30.27'
scheduler='wrr'
type='-g'
rpm -q ipvsadm &> /dev/null || yum -y install ipvsadm &> /dev/null
case $1 in
start)
ifconfig $iface $vip netmask $mask #broadcast $vip up
iptables -F
ipvsadm -A -t ${vip}:${port} -s $scheduler
ipvsadm -a -t ${vip}:${port} -r ${rs1} $type -w 1
ipvsadm -a -t ${vip}:${port} -r ${rs2} $type -w 1
echo "The VS Server is Ready!"
;;
stop)
ipvsadm -C
ifconfig $iface down
echo "The VS Server is Canceled!"
;;
*)
echo "Usage: $(basename $0) start|stop"
exit 1
;;
esac
3. 查看ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.0.0.100:80 wrr
-> 192.168.30.17:80 Route 1 0 0
-> 192.168.30.27:80 Route 1 0 0
4. 更改lvs-dr的调度策略
ipvsadm -C
ipvsadm -A -t 10.0.0.100:80 -s rr
ipvsadm -a -t 10.0.0.100:80 -r 192.168.30.17
ipvsadm -a -t 10.0.0.100:80 -r 192.168.30.27
5. 测试新的策略
在Linux客户机上,配置网络
DEVICE=eth2
BOOTPROTO=none
IPADDR=172.20.0.7
PREFIX=16
GATEWAY=172.20.42.200
DNS1=172.20.42.27
[root@centos7 ~]# curl www.blog.com
web1
[root@centos7 ~]# curl www.blog.com
web2
[root@centos7 ~]# curl www.blog.com
web1
[root@centos7 ~]# curl www.blog.com
web2
测试结论:达到了roundrobin轮询的效果
6. 在windows PC上测试
在浏览器中访问www.blog.com,可以看出,不是每次刷新网站都会切换网站,是因为浏览器的缓存导致。
LVS高可用性
上述LVS的方案有如下缺点:
1. Director不可用,整个系统将不可用;SPoF Single Point of Failure
解决方案:高可用keepalived heartbeat/corosync
2. 某RS不可用时,Director依然会调度请求至此RS
解决方案: 由Director对各RS健康状态进行检查,失败时禁用,成功时启用keepalived heartbeat/corosync ldirectord
检测方式:
(a) 网络层检测,icmp
(b) 传输层检测,端口探测
(c) 应用层检测,请求某关键资源
RS全不用时:backup server, sorry server
ldirectord安装配置过程
1. yum install ldirectord-3.9.6-0rc1.1.1.x86_64.rpm
2. cp /usr/share/doc/ldirectord-3.9.6/ldirectord.cf /etc/ha.d/
更改配置文件
checktimeout=3
checkinterval=1
fallback=127.0.0.1:80
#fallback6=[::1]:80
autoreload=yes
logfile="/var/log/ldirectord.log"
quiescent=no
# Sample for an http virtual service
virtual=10.0.0.100:80
real=192.168.30.17:80 gate(gate表示LVS-DR)
real=192.168.30.27:80 gate
fallback=127.0.0.1:80 gate
service=http
scheduler=rr
protocol=tcp
checktype=negotiate
checkport=80
request="test.html"
receive="web"
如下的配置文件表示有权重:
real=192.168.30.17:80 gate 1
real=192.168.30.27:80 gate 2
fallback=127.0.0.1:80 gate
service=http
scheduler=wrr
3. systemctl start ldirectord.service
4. 同时在两个WEB服务器上的/var/www/html建立text.html,内容分别为web1和web2
5. 测试
在LVS服务器上检查状态:
[root@lvs ha.d]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.0.0.100:80 rr
-> 192.168.30.17:80 Route 1 0 0
-> 192.168.30.27:80 Route 1 0 0
在WEB2服务器上,停止httpd服务systemctl stop httpd
在LVS服务器上,ipvsadm -Ln,可以看到WEB2已经不在LVS的集群节点中:
-> 192.168.30.17:80 Route 1 0 3
停止WEB1服务器上的httpd,在LVS服务器上,可以看到:
-> 127.0.0.1:80 Route 1 0 1
同时在LVS上启动httpd,主页里显示Sorry,please be patient.,当如上两个WEB服务器都不能提供服务时,终端访问会得到如下的显示:
[root@centos7 home]# curl www.blog.com
Sorry,please be patient.