关于LVS基础不多介绍直接操练起来。
1.环境准备
首先准备4台机器(VM,Vbox...)
node1 --> Director1 192.168.137.31 vip=192.168.137.10
node2 --> Director2 192.168.137.32 vip=192.168.137.10
node3 --> RServer1 192.168.137.33
node4 --> RServer2 192.168.137.34
基于DR负载均衡模式,设置了一个VIP(Virtual IP)为192.168.137.10,用户只需要访问这个IP地址即可获得网页服务。其中,负载均衡MASTER-Server1 192.168.137.31,BACKUP-Server2 192.168.137.32 ;RServer1为192.168.137.33,RServer2为192.168..137.34
拓扑:
2.RealServer 配置
RS1配置
|
1
2
3
|
# yum install -y httpd
# echo "<h1>The page from node3</h1>" > /var/www/html/index.html
# service httpd start
|
编写脚本setka.sh配置内核参数
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
[root@localhost ~]
# cat setka.sh
#!/bin/bash
vip=192.168.137.10
case
$1
in
start)
echo
1 >
/proc/sys/net/ipv4/conf/all/arp_ignore
echo
1 >
/proc/sys/net/ipv4/conf/lo/arp_ignore
echo
2 >
/proc/sys/net/ipv4/conf/all/arp_announce
echo
2 >
/proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig
lo:0 $vip broadcast $vip netmask 255.255.255.255 up
;;
stop)
ifconfig
lo:0 down
echo
0 >
/proc/sys/net/ipv4/conf/all/arp_ignore
echo
0 >
/proc/sys/net/ipv4/conf/lo/arp_ignore
echo
0 >
/proc/sys/net/ipv4/conf/all/arp_announce
echo
0 >
/proc/sys/net/ipv4/conf/lo/arp_announce
;;
esac
|
|
1
2
3
4
5
6
7
8
9
10
11
|
# bash setka.sh start ##运行该脚本设置相关内核参数及VIP地址。
# cat /proc/sys/net/ipv4/conf/lo/arp_ignore ##内核参数设置成功
1
# cat /proc/sys/net/ipv4/conf/all/arp_announce
2
# ifconfig lo:0 ##VIP设置成功
lo:0 Link encap:Local Loopback
inet addr:192.168.137.10 Mask:255.255.255.255
UP LOOPBACK RUNNING MTU:65536 Metric:1
# scp setka.sh root@192.168.137.33:/root ##拷贝一份给RS2
setka.sh 100% 547 0.5KB
/s
00:00
|
RS2配置
|
1
2
3
4
5
|
# yum install -y httpd
# echo "<h1>The page from node4</h1>" > /var/www/html/index.html
# service start httpd
# bash setka.sh ##执行脚本,检查设置是否生效
两台都准备妥当后。
|
3.Director 配置
在配置之前,先要把4机器的时间同步一下
以node1为ntp-server
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
[root@node1 ~]
# for i in 31 32 33 34;do ssh 192.168.137.$i 'date';done ##提前给4台机器做了密钥认证
Wed Nov 8 23:50:28 CST 2017
Wed Nov 8 23:50:28 CST 2017
Wed Nov 8 23:50:28 CST 2017
Wed Nov 8 23:50:28 CST 2017
# yum install -y ipvsadm
# route add -host 192.168.137.10/32 dev eth0
添加IPVS规则
# ipvsadm -A -t 192.168.137.10:80 -s rr
# ipvsadm -a -t 1192.168.137.10:80 -r 192.168.137.37 -g -w 1
# ipvsadm -a -t 192.168.137.10:80 -r 192.168.137.37 -g -w 1
# ipvsadm -a -t 192.168.137.10:80 -r 192.168.137.33 -g -w 2
# ipvsadm -L -n
使用另一台Director访问VIP
curl http:
//192
.168.137.10
[root@node2 ~]
# curl http://192.168.137.10
<h1>The page from node3<
/h1
>
[root@node2 ~]
# curl http://192.168.137.10
<h1>The page from node4<
/h1
>
[root@node2 ~]
# curl http://192.168.137.10
|
两台Director进行IPVS测试之后,清除ipvs规则删除route条目
# ipvsadm -C
# route del -host 192.168.137.10/32 dev eth0
开始给Director 配置keepalived
MASTER 配置(node1)
# yum install -y keepalived httpd
# echo "<h1>Sorry,Under maintances(31).</h1>" > /var/www/html/index.html ##添加sorry_server页面
# service httpd start
# 编辑配置文件keepalived.conf
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
! Configuration File
for
keepalived
global_defs {
notification_email {
root@localhost
#本地email地址
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_mcast_group4 224.0.1.118
#配置VRRP组播域
}
#健康状态检测脚本检查
vrrp_script chk_mt {
script
"[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
interval 1
weight -20
}
#实例
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 151
#虚拟路由ID
priority 100
#权重100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.137.10
/16
dev eth0 label eth0:1
#虚拟IP地址这里建议使用16为掩码
}
track_script {
#追踪健康状态脚本
chk_mt
}
notify_master
"/etc/keepalived/notify.sh master"
#配置通知脚本
notify_backup
"/etc/keepalived/notify.sh backup"
notify_fault
"/etc/keepalived/notify.sh fault"
}
#虚拟服务器及RealServer配置
virtual_server 192.168.137.10 80 {
delay_loop 6
lb_algo wrr
#weighted rr (表示通过权重来轮询调度)
lb_kind DR
#LVS DR 模型
nat_mask 255.255.255.0
protocol TCP
sorry_server 127.0.0.1 80
#本地sorry_server服务器配置
real_server 192.168.137.33 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.137.34 80 {
weight 2
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
|
通知脚本(/etc/keepalived/notify.sh):
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
#!/bin/bash
# Author: ljohnmail@foxmail.com
# description: An example of notify script
#
vip=192.168.137.10
contact=
'root@localhost'
notify() {
mailsubject=
"`hostname` to be $1: $vip floating"
mailbody=
"`date '+%F %H:%M:%S'`: vrrp transition, `hostname` changed to be $1"
echo
$mailbody | mail -s
"$mailsubject"
$contact
}
case
"$1"
in
master)
notify master
exit
0
;;
backup)
notify backup
exit
0
;;
fault)
notify fault
exit
0
;;
*)
echo
'Usage: `basename $0` {master|backup|fault}'
exit
1
;;
esac
注:通知脚本需要拷一份至node2
scp
notify.sh root@192.168.137.32:
/etc/keepalived/
|
BACKUP配置(node2)
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
# yum install -y keepalived
# yum install -y httpd
# echo "<h1>Sorry,Under maintances(32).</h1>" > /var/www/html/index.html ##添加sorry_server页面
# service httpd start
# 配置keepalived.conf
! Configuration File
for
keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_mcast_group4 224.0.1.118
}
vrrp_script chk_mt {
script
"[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
interval 1
weight -20
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 151
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.137.10
/16
dev eth0 label eth0:1
}
track_script {
chk_mt
}
notify_master
"/etc/keepalived/notify.sh master"
notify_backup
"/etc/keepalived/notify.sh backup"
notify_fault
"/etc/keepalived/notify.sh fault"
}
virtual_server 192.168.137.10 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
nat_mask 255.255.255.0
protocol TCP
sorry_server 127.0.0.1 80
real_server 192.168.137.33 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.137.34 80 {
weight 2
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
|
4.启动keepalived并测试功能
在node1上
1、启动keepalived
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
# service keepalived restart ; ssh 192.168.137.32 'service keepalived restart'
# ifconfig
[root@node1~]
# ifconfig ##可以看到eth0:1地址已经获取到
eth0 Link encap:Ethernet HWaddr 00:0C:29:AA:09:30
inet addr:192.168.137.31 Bcast:192.168.137.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feaa:930
/64
Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:46005 errors:0 dropped:0 overruns:0 frame:0
TX packets:59292 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5151611 (4.9 MiB) TX bytes:5965319 (5.6 MiB)
eth0:1 Link encap:Ethernet HWaddr 00:0C:29:AA:09:30
inet addr:192.168.137.10 Bcast:0.0.0.0 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
|
2、测试访问web
|
1
2
3
4
|
[root@node1~]
# curl http://192.168.137.10
<h1>The page from node3<
/h1
>
[root@node1~]
# curl http://192.168.137.10
<h1>The page from node4<
/h1
>
|
3、健康状态检测
手动在(MASTER)/etc/keepalived中新建一个down文件
# touch down
# 脚本检测到down文件存在权重减20,则vip会自动的floating 到BACKUP的主机上,删除down文件MASTER会将vip抢回来(处于主备的抢占模式下)。
测试如下:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
[root@node1 keepalived]
# touch down
[root@node1 keepalived]
#
[root@node1 keepalived]
# ls
down keepalived.conf notify.sh
在node2上发现VIP设置成功
[root@node2 ~]
# ifconfig eth0:1
eth0:1 Link encap:Ethernet HWaddr 00:0C:29:CB:63:DF
inet addr:192.168.137.10 Bcast:0.0.0.0 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
在看看mail,此处说明VIP漂至node2
U 10 root Wed Nov 8 21:50 19
/723
"node2.localdomain to be master: 192.168.137.10 floating"
访问VIP:
[root@node1 keepalived]
# curl 192.168.137.10
<h1>The page from node4<
/h1
>
[root@node1 keepalived]
# curl 192.168.137.10
<h1>The page from node3<
/h1
>
删除node1keepalived上的down文件。
#rm -rf /etc/keepalived/down
[root@node1 keepalived]
# ifconfig eth0:1
eth0:1 Link encap:Ethernet HWaddr 00:0C:29:AA:09:30
inet addr:192.168.137.10 Bcast:0.0.0.0 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
mail邮件
>N 9 root Wed Nov 8 22:01 18
/713
"node1.localdomain to be master: 192.168.137.10 floating"
查看网站是否正常访问
[root@node2 ~]
# curl 192.168.137.10
<h1>The page from node4<
/h1
>
[root@node2 ~]
# curl 192.168.137.10
<h1>The page from node3<
/h1
>
这里可看到地址又被node1抢回来了(因为我们配置的是抢占模式),网站正常被调度,测试完毕!!!
|
4、Sorry_Server测试
在RealServer(node3)
停掉两台RealServer服务器
# service httpd stop ; ssh 192.168.137.34 'service httpd stop'
[root@liu ~]# curl http://192.168.137.10
<h1>Sorry,Under maintances(31).</h1>
注释:这里会用涉及到ntp时钟同步,Openssl的密钥的认证,
# ntpdate IP(ntp时钟服务器地址)
*/5 * * * * root /usr/sbin/ntpdate 192.168.137.31 &>/dev/null;hwclock -w
# ssh-keygen -t rsa -P '' -f "/root/.ssh/id_rsa"
# ssh-copy-id -i .ssh/id_rsa.pub [user@]machine
至此keepalived+lvs_dr+healthcheck 高可用集群就这样部署完毕。
本文转自 ljohnmail 51CTO博客,原文链接:http://blog.51cto.com/ljohn/1980547,如需转载请自行联系原作者
