keepalived+lvs

今天这里来实现keepalived加lvs的dr模式，实现高可用。

keepalived用来管理lvs。

环境：

主机名	IP	系统	角色
tiandong63	192.168.199.3	rhel6.5、ipvsadm、keepalived	lvs server1（MASTER）
tiandong64	192.168.199.4	rhel6.5、ipvsadm、keepalived	lvs server2（BACKUP）
tiandong65	rip：192.168.199.5 DG：192.168.199.1 vip：192.168.199.111	rhel7.4	realserver1
tiandong66	rip：192.168.199.6 DG：192.168.199.1 vip：192.168.199.111	rhel7.3	realserver2

实战：

lvs server配置

[root@tiandong63 ~]# yum install ipvsadm keepalived -y
[root@tiandong64 ~]# yum install ipvsadm keepalived -y

[root@tiandong63 ~]# /etc/init.d/keepalived start
[root@tiandong64 ~]# /etc/init.d/keepalived start
[root@tiandong63 ~]# rpm -ql keepalived    #查看keepalived的安装路径
[root@tiandong63 ~]# vim /etc/keepalived/keepalived.conf
1 ! Configuration File for keepalived
  2
  3 global_defs {     #全局定义
  4    notification_email {    #定义邮件
  5    root@localhost        #定义邮件地址
  6    }
  7    notification_email_from root@localhost     #定义邮件地址
  8    smtp_server localhost                   #邮件服务器
  9    smtp_connect_timeout 30            #邮件超时时间
 10    router_id tiandong63   #router_id可以自己定义，但是必须唯一
 11 }
 12
 13 vrrp_instance apache {      #定义vrr组
 14     state MASTER      #vrrp实例的角色，MASTER必须大写
 15     interface eth0         #对外访问的网络接口，和自己的一致
 16     virtual_router_id 51    #虚拟路由器id必须和从的一致
 17     priority 100              #主从优先级，主的要高于从
 18     advert_int 1    #广播周期秒数
 19     authentication {
 20         auth_type PASS
 21         auth_pass 1111
 22     }
 23     virtual_ipaddress {
 24         192.168.199.111    #vip地址，真实环境这里应该是公网ip
 25     }
 26 }
 27
 28 virtual_server 192.168.199.111 80 {      #:虚拟VIP地址 与 端口，DR架构WEB端口要和虚拟端口监听一致。否则将无法访问
 29     delay_loop 6                    #健康检查时间间隔，单位是秒
 30     lb_algo rr        #lvs算法
 31     lb_kind DR     #lvs的模式
 32     nat_mask 255.255.255.0
 33     protocol TCP       #使用TCP协议
 34     real_server 192.168.199.5 80 {       #真实的ip

35         weight 1
 36         TCP_CHECK {
 37                 connect_timeout 10     #连接超时时间
 38                 nb_get_retry 3
 39                 delay_before_retry 3
 40                 connect_port 80   #连接端口为80，要和上面的保持一致
 41         }
 42     }
 43     real_server 192.168.199.6 80 {    #真实的ip
 44         weight 1
 45         TCP_CHECK {
 46                 connect_timeout 10
 47                 nb_get_retry 3
 48                 delay_before_retry 3
 49                 connect_port 80
 50         }
 51     }
 52 }
标红的就是配置文件需要修改的地方，在从上必须修改以下几个位置，其他配置一样，把配置文件拷贝到从上，然后修改：

 10    router_id tiandong64
 14     state BACKUP
 17     priority 90

realserver配置（1和2上面都得配置，直接执行脚本就可以了。）

[root@tiandong65 ~]# more lvsdr.sh
#!/bin/bash
VIP=192.168.199.111
source /etc/init.d/functions
case $1 in
start)
    echo 'start LVS of RealServer DR'
    /sbin/ifconfig lo:1 $VIP broadcast $VIP netmask 255.255.255.255 up
    /sbin/route add -host $VIP dev lo:1
    echo '1' > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo '2' > /proc/sys/net/ipv4/conf/lo/arp_announce
    echo '1' > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo '2' > /proc/sys/net/ipv4/conf/all/arp_announce
    ;;
stop)
    /sbin/ifconfig lo:1 down
    echo 'Close LVS of RealServer DR'
    echo '0' > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo '0' > /proc/sys/net/ipv4/conf/lo/arp_announce
    echo '0' > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo '0' > /proc/sys/net/ipv4/conf/all/arp_announce
    ;;
*)
    echo "Usage:$0 (start|stop)"
exit 1
esac

[root@tiandong65 ~]# ./lvsdr.sh start

测试：

此时lvs server的主为192.168.199.3，192.168.199.4是闲置的

可以在从上面测试：

[root@tiandong64 ~]# curl 192.168.199.111
this is 192.168.199.6
[root@tiandong64 ~]# curl 192.168.199.111
this is 192.168.199.5
[root@tiandong64 ~]# curl 192.168.199.111
this is 192.168.199.6
[root@tiandong64 ~]# curl 192.168.199.111
this is 192.168.199.5

在主上查看连接状态：
[root@tiandong63 ~]# ipvsadm -ln --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port               Conns   InPkts  OutPkts  InBytes OutBytes
  -> RemoteAddress:Port
TCP  192.168.199.111:80                  4       23        0     1908        0
  -> 192.168.199.5:80                    2       11        0      928        0
  -> 192.168.199.6:80                    2       12        0      980        0
测试lvs server是否会负载：

停了主（192.168.199.3）上面的keepalived，看一下从（192.168.199.4）上面的是否会开启，是否会正常转发：

[root@tiandong63 ~]# /etc/init.d/keepalived stop   停止主上面的keepalived
Stopping keepalived:                                       [  OK  ]
[root@tiandong64 ~]# ip a    在192.168.199.4上面查看
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:c7:20:71 brd ff:ff:ff:ff:ff:ff
    inet 192.168.199.4/24 brd 192.168.199.255 scope global eth0
    inet 192.168.199.111/32 scope global eth0      #vip已经飘过来了
    inet6 fe80::20c:29ff:fec7:2071/64 scope link
       valid_lft forever preferred_lft forever

在192.168.199.3上面测试：（此时该主机为从）

[root@tiandong63 ~]# curl 192.168.199.111
this is 192.168.199.5
[root@tiandong63 ~]# curl 192.168.199.111
this is 192.168.199.6
[root@tiandong63 ~]# curl 192.168.199.111
this is 192.168.199.5
[root@tiandong63 ~]# curl 192.168.199.111
this is 192.168.199.6

在192.168.199.4上面查看连接状态：
[root@tiandong64 ~]# ipvsadm -ln --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port               Conns   InPkts  OutPkts  InBytes OutBytes
  -> RemoteAddress:Port
TCP  192.168.199.111:80                  4       22        0     1848        0
  -> 192.168.199.5:80                    2       10        0      872        0
  -> 192.168.199.6:80                    2       12        0      976        0

当主上的keepalived恢复的话看一下状态：

当主恢复了之后，vip有飘到了192.168.199.3上面，因为优先级比较高。

[root@tiandong63 ~]# /etc/init.d/keepalived start
[root@tiandong63 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:38:0b:14 brd ff:ff:ff:ff:ff:ff
    inet 192.168.199.3/24 brd 192.168.199.255 scope global eth0
    inet 192.168.199.111/32 scope global eth0
    inet6 fe80::20c:29ff:fe38:b14/64 scope link
       valid_lft forever preferred_lft forever

测试realserver出现故障的现象：

当一台realserver的Apache服务出现故障时，是否会充lvs中剔除，

[root@tiandong63 ~]# ipvsadm -ln     正常情况下的状态。
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.199.111:80 rr
  -> 192.168.199.5:80             Route   1      0          0         
  -> 192.168.199.6:80             Route   1      0          0

当有一台realserver出现故障：

[root@tiandong66 ~]# systemctl stop httpd    一台服务器的Apache服务故障了

[root@tiandong63 ~]# ipvsadm -ln      此时查看只有一台realsever了。
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.199.111:80 rr
  -> 192.168.199.5:80             Route   1      0          0

可以查看lvs server上的日志：

[root@tiandong63 ~]# tail -f /var/log/messages     把故障的主机移除了。
Dec 16 12:52:50 tiandong63 Keepalived_vrrp[3571]: VRRP_Instance(apache) Received lower prio advert, forcing new election
Dec 16 12:52:51 tiandong63 Keepalived_vrrp[3571]: VRRP_Instance(apache) Entering MASTER STATE
Dec 16 12:52:51 tiandong63 Keepalived_vrrp[3571]: VRRP_Instance(apache) setting protocol VIPs.
Dec 16 12:52:51 tiandong63 Keepalived_vrrp[3571]: VRRP_Instance(apache) Sending gratuitous ARPs on eth0 for 192.168.199.111
Dec 16 12:52:51 tiandong63 Keepalived_healthcheckers[3570]: Netlink reflector reports IP 192.168.199.111 added
Dec 16 12:52:56 tiandong63 Keepalived_vrrp[3571]: VRRP_Instance(apache) Sending gratuitous ARPs on eth0 for 192.168.199.111
Dec 16 12:58:35 tiandong63 Keepalived_healthcheckers[3570]: TCP connection to [192.168.199.6]:80 failed !!!
Dec 16 12:58:35 tiandong63 Keepalived_healthcheckers[3570]: Removing service [192.168.199.6]:80 from VS [192.168.199.111]:80
Dec 16 12:58:35 tiandong63 Keepalived_healthcheckers[3570]: Remote SMTP server [0.0.0.0]:25 connected.
Dec 16 12:58:35 tiandong63 Keepalived_healthcheckers[3570]: SMTP alert successfully sent.

当real server恢复之后：

[root@tiandong66 ~]# systemctl start httpd   恢复Apache服务
[root@tiandong63 ~]# tail -f /var/log/messages   查看日志，把机器加入到lvs中了
Dec 16 12:58:35 tiandong63 Keepalived_healthcheckers[3570]: SMTP alert successfully sent.
Dec 16 13:01:35 tiandong63 Keepalived_healthcheckers[3570]: TCP connection to [192.168.199.6]:80 success.
Dec 16 13:01:35 tiandong63 Keepalived_healthcheckers[3570]: Adding service [192.168.199.6]:80 to VS [192.168.199.111]:80
Dec 16 13:01:35 tiandong63 Keepalived_healthcheckers[3570]: Remote SMTP server [0.0.0.0]:25 connected.
Dec 16 13:01:35 tiandong63 Keepalived_healthcheckers[3570]: SMTP alert successfully sent.
^C
[root@tiandong63 ~]# ipvsadm -ln     #查看
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.199.111:80 rr
  -> 192.168.199.5:80             Route   1      0          0         
  -> 192.168.199.6:80             Route   1      0          0 

OK了，有什么问题随时欢迎讨论指教！！！！！

QQ：1127000383

192.168.199.7