zoukankan      html  css  js  c++  java
  • lvs-dr+keepalived

    一、       环境准备

            主机名

    Ip地址

    系统版本

               ha1

    192.168.138.13

    Centos7.3

               ha2

    192.168.138.14

    Centos7.3

               Rs1

    192.168.138.15

    Centos7.3

               Rs2 

    192.168.138.16

    Centos7.3

            测试机器

    192.168.138.17

    Ubuntu

    1. 关闭防火墙和selinux
    2. 时间同步
    3. 更改主机名

    [root@localhost ~]# cat >> /etc/hosts << EOF

    > 192.168.138.13     ha1

    > 192.168.138.14     ha2

    > 192.168.138.15     rs1

    > 192.168.138.16     rs2

    > EOF

    重启之后才生效

    当前生效: [root@localhost ~]# hostnamectl set-hostname ha1

    1. 在ha1和ha2 上安装 lvs,keepalived

    #yum install ipvsadm keepalived –y

    1. 在rs1和rs2上安装httpd

    #yum install httpd –y

    二、       配置realserver(rs1,rs2上操作)

    1.配置web测试主页

    [root@rs1 ~]# echo "web5 test page! " >> /var/www/html/index.html

    [root@rs2 ~]# echo "web6 test page! " >> /var/www/html/index.html

    2.启动并设开机自启动

    [root@rs1 ~]# systemctl start httpd

    [root@rs1 ~]# systemctl eable httpd

    3.测试访问web页面

    [root@rs1 ~]# curl http://192.168.138.15

    [root@rs2 ~]# curl http://192.168.138.16

    4.rs端arp抑制(DR 模式)

                 如果不抑制, 广播消息会通过物理网卡到达真实服务器,而真实服务器上有VIP,所以,会响应此请求。

                抑制后,前端路由将请求发往VIP时,只能是Dirctor上的VIP。

       解决方法:修改Linux内核参数,将RS上的VIP配置为lo接口的别名,限制Linux仅对对应接口的ARP请求做响应

    手动:

    #Vim  /etc/sysctl.conf

    net.ipv4.conf.lo.arp_ignore=1

    net.ipv4.conf.lo.arp_announce=2

    net.ipv4.conf.all.arp_ignore=1

    net.ipv4.conf.all.arp_announce=2
    脚本(自动):

    [root@rs1 ~]# vim /etc/init.d/lvs_rs

    #!/bin/sh

    # Startup script handle the initialisation of LVS

    # chkconfig: - 28 72

    # description: Initialise the Linux Virtual Server for DR

    #

    ### BEGIN INIT INFO

    # Provides: ipvsadm

    # Required-Start: $local_fs $network $named

    # Required-Stop: $local_fs $remote_fs $network

    # Short-Description: Initialise the Linux Virtual Server

    # Description: The Linux Virtual Server is a highly scalable and highly

    #   available server built on a cluster of real servers, with the load

    #   balancer running on Linux.

    # description: start LVS of DR-RIP

    LOCK=/var/lock/ipvsadm.lock

    VIP=192.168.138.10

    . /etc/rc.d/init.d/functions

    start() {

         PID=`ifconfig | grep lo:10 | wc -l`

         if [ $PID -ne 0 ];

         then

             echo "The LVS-DR-RIP Server is already running !"

         else

             /sbin/ifconfig lo:10 $VIP netmask 255.255.255.255 broadcast $VIP up

             /sbin/route add -host $VIP dev lo:10

             echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore                             # 1– 只回答目标IP地址是来访网络接口本地地址的ARP查询请求

             echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce                       # 2-限制了使用本地的vip地址作为优先的网络接口

             echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore

             echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce

             /bin/touch $LOCK

                echo "starting LVS-DR-RIP server is ok !"

         fi

    }

    stop() {

             /sbin/route del -host $VIP dev lo:10

             /sbin/ifconfig lo:10 down  >/dev/null

             echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore

             echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce

             echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore

             echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce

             rm -rf $LOCK

             echo "stopping LVS-DR-RIP server is ok !"

    }

    status() {

         if [ -e $LOCK ];

         then

            echo "The LVS-DR-RIP Server is already running !"

         else

            echo "The LVS-DR-RIP Server is not running !"

         fi

    }

    case "$1" in

      start)

            start

            ;;

      stop)

            stop

            ;;

      restart)

            stop

            start

            ;;

      status)

            status

            ;;

      *)

            echo "Usage: $1 {start|stop|restart|status}"

            exit 1

    esac

    exit 0

     增加执行权限

    [root@rs1 ~]# chmod +x /etc/init.d/lvs_rs

    添加为系统服务

    [root@rs1 ~]# chkconfig --add lvs_rs

    设置为开机自启动

    [root@rs1 ~]# chkconfig lvs_rs on

    启动

    [root@rs1 ~]# systemctl start lvs_rs

    查看状态

    [root@rs1 ~]# systemctl status lvs_rs

    查看vip 是否绑定

    [root@rs1 ~]# ip a

    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1

        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

        inet 127.0.0.1/8 scope host lo

           valid_lft forever preferred_lft forever

        inet 192.168.138.10/32 brd 192.168.138.10 scope global lo:10

           valid_lft forever preferred_lft forever

        inet6 ::1/128 scope host

           valid_lft forever preferred_lft forever

    2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

        link/ether 00:0c:29:a6:ca:72 brd ff:ff:ff:ff:ff:ff

        inet 192.168.138.15/24 brd 192.168.138.255 scope global ens33

           valid_lft forever preferred_lft forever

        inet6 fe80::20c:29ff:fea6:ca72/64 scope link

           valid_lft forever preferred_lft forever

    三、       配置keepalived

    [root@ha1 ~]# cd /etc/keepalived/

    [root@ha1 keepalived]# ls

    keepalived.conf

    备份

    [root@ha1 keepalived]# cp keepalived.conf{,.bak}

    配置   /etc/keepalived/keepalived.conf 文件

      ! Configuration File for keepalived

    global_defs {                               

      notification_email {

    acassen@firewall.loc

    }

    notification_email_from Alexandre.Cassen@firewall.loc

    smtp_server 127.0.0.1

    smtp_connect_timeout 30

     router_id LVS_1

    }

    vrrp_instance VI_1 {                 //实例配置

      state MASTER                        //MASTER或BACKUP

      interface ens33                       //网卡接口

      lvs_sync_daemon_interface ens33

      virtual_router_id 51                //虚拟路由id

      priority     150                      //优先级

      advert_int 1

      authentication {                    //认证

        auth_type PASS

        auth_pass 1111

    }

    virtual_ipaddress {                  //虚拟ip地址

    192.168.138.10

    }

    }

    virtual_server 192.168.138.10 80 {

      delay_loop 6                          //定义RS运行情况监测时间间隔

      lb_algo wrr                        //定义负载调度算法

      lb_kind DR                            //定义LVS的工作模式

      nat_mask 255.255.255.0                 //定义虚拟服务的mask

    #  persistence_timeout 300                  //定义会话保持时间,S为单位

      protocol TCP                           //指定转发协议

      real_server 192.168.138.15 80 {             //真实服务器IP地址和端口

        weight 1                         //定义RS的权重

        TCP_CHECK {                   //RS server健康检查部分

          connect_timeout 8                  //连接超时

          nb_get_retry 3                      //定义重试次数

          delay_before_retry 3                 //定义重试时间间隔

          connect_port 80                   //定义健康检查端口

    }

    }

    real_server 192.168.138.16 80 {

      weight 1

      TCP_CHECK {

        connect_timeout 8

        nb_get_retry 3

        delay_before_retry 3

    connect_port 80

    }

    }

    }

    启动并设开机自启动                                                                                       

    [root@ha1 keepalived]# systemctl start keepalived

    [root@ha1 keepalived]# systemctl enable keepalived

    查看VIP是否添加成功

    [root@ha1 keepalived]# ip a

    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1

        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

        inet 127.0.0.1/8 scope host lo

           valid_lft forever preferred_lft forever

        inet6 ::1/128 scope host

           valid_lft forever preferred_lft forever

    2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

        link/ether 00:0c:29:7f:09:12 brd ff:ff:ff:ff:ff:ff

        inet 192.168.138.13/24 brd 192.168.138.255 scope global ens33

           valid_lft forever preferred_lft forever

        inet 192.168.138.10/32 scope global ens33

           valid_lft forever preferred_lft forever

        inet6 fe80::20c:29ff:fe7f:912/64 scope link

           valid_lft forever preferred_lft forever

    查看lvs配置是否成功

    [root@ha1 keepalived]# ipvsadm -ln --stats

    IP Virtual Server version 1.2.1 (size=4096)

    Prot LocalAddress:Port               Conns   InPkts  OutPkts  InBytes OutBytes

      -> RemoteAddress:Port

    TCP  192.168.138.10:80                   0        0        0        0        0

      -> 192.168.138.15:80                   0        0        0        0        0

      -> 192.168.138.16:80                   0        0        0        0        0

    四、测试

    1.测试lvs功能

    root@chengchen-virtual-machine:~# for ((i=1;i<=10;i++)); do curl http://192.168.138.10; done

    web6 test page!

    web5 test page!

    web6 test page!

    web5 test page!

    web6 test page!

    web5 test page!

    web6 test page!

    web5 test page!

    web6 test page!

    web5 test page!

    2.测试权重分配

    将keepalived配置文件,原来的1:1,改为3:1

    real_server 192.168.138.15 80 {

    weight 3

    real_server 192.168.138.16 80 {

    weight 1

    测试

    chengchen@chengchen-virtual-machine:~$ for ((i=1;i<=10;i++)); do curl http://192.168.138.10; done

    web6 test page!

    web5 test page!

    web5 test page!

    web5 test page!

    web6 test page!

    web5 test page!

    web5 test page!

    web5 test page!

    web6 test page!

    web5 test page!

    3.测试健康检查

    动态查看lvs状态(正常)

    [root@ha1 ~]# watch ipvsadm -ln --stats

     

    手动停止rs2s上的httpd,再次查看(rs2异常)

    [root@rs2 ~]# systemctl stop httpd

    [root@ha1 ~]# watch ipvsadm -ln --stats

     

    重新启动httpd,再次查看(恢复)

    [root@ha1 ~]# watch ipvsadm -ln --stats

     

    4.测试故障切换

    首先VIP在ha1上

    停掉master上的keepalived

    [root@ha1 ~]# systemctl stop keepalived

    在ha2上查看(vip飘到backup上)

    [root@ha2 ~]# ip a

    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1

        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

        inet 127.0.0.1/8 scope host lo

           valid_lft forever preferred_lft forever

        inet6 ::1/128 scope host

           valid_lft forever preferred_lft forever

    2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

        link/ether 00:0c:29:9f:e2:d4 brd ff:ff:ff:ff:ff:ff

        inet 192.168.138.14/24 brd 192.168.138.255 scope global ens33

           valid_lft forever preferred_lft forever

        inet 192.168.138.10/32 scope global ens33

           valid_lft forever preferred_lft forever

        inet6 fe80::20c:29ff:fe9f:e2d4/64 scope link

           valid_lft forever preferred_lft forever

    重新启动ha1上的keepalived,再次查看(vip重新抢占回来了)

    [root@ha1 ~]# systemctl start keepalived

    [root@ha1 ~]# ip a

    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1

        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

        inet 127.0.0.1/8 scope host lo

           valid_lft forever preferred_lft forever

        inet6 ::1/128 scope host

           valid_lft forever preferred_lft forever

    2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

        link/ether 00:0c:29:7f:09:12 brd ff:ff:ff:ff:ff:ff

        inet 192.168.138.13/24 brd 192.168.138.255 scope global ens33

           valid_lft forever preferred_lft forever

        inet 192.168.138.10/32 scope global ens33

           valid_lft forever preferred_lft forever

        inet6 fe80::20c:29ff:fe7f:912/64 scope link

           valid_lft forever preferred_lft forever

  • 相关阅读:
    PHP文件打开、关闭、写入的判断与执行
    统计文件大小,以GB、MB、KB、B输出
    超强功能file_put_contents()函数(集成了fopen、fwrite、fclose)
    fputcsv命令,写csv文件,遇到的小问题(多维数组连接符)
    Rename 更改文件、文件夹名称
    PHP学习——定界符格式引起的错误
    SPOJ 1873 Accumulate Cargo
    POJ 3657 Haybale Guessing
    HDU 1512 Monkey King
    POJ 1741 Tree
  • 原文地址:https://www.cnblogs.com/sxchengchen/p/8059224.html
Copyright © 2011-2022 走看看