實戰:Keepalived 高可用LVS-主備模式
阿新 • • 發佈:2017-11-10
keepalived lvs dr hearthcheck
關於LVS基礎不多介紹直接操練起來。
1.環境準備
首先準備4臺機器(VM,Vbox...)
node1 --> Director1 192.168.137.31 vip=192.168.137.10
node2 --> Director2 192.168.137.32 vip=192.168.137.10
node3 --> RServer1 192.168.137.33
node4 --> RServer2 192.168.137.34
基於DR負載均衡模式,設置了一個VIP(Virtual IP)為192.168.137.10,用戶只需要訪問這個IP地址即可獲得網頁服務。其中,負載均衡MASTER-Server1 192.168.137.31,BACKUP-Server2 192.168.137.32 ;RServer1為192.168.137.33,RServer2為192.168..137.34
拓撲:
2.RealServer 配置
RS1配置
# yum install -y httpd # echo "<h1>The page from node3</h1>" > /var/www/html/index.html # service httpd start
編寫腳本setka.sh配置內核參數
[root@localhost ~]# cat setka.sh #!/bin/bash vip=192.168.137.10 case $1 in start) echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce ifconfig lo:0 $vip broadcast $vip netmask 255.255.255.255 up ;; stop) ifconfig lo:0 down echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce ;; esac
# bash setka.sh start ##運行該腳本設置相關內核參數及VIP地址。 # cat /proc/sys/net/ipv4/conf/lo/arp_ignore ##內核參數設置成功 1 # cat /proc/sys/net/ipv4/conf/all/arp_announce 2 # ifconfig lo:0 ##VIP設置成功 lo:0 Link encap:Local Loopback inet addr:192.168.137.10 Mask:255.255.255.255 UP LOOPBACK RUNNING MTU:65536 Metric:1 # scp setka.sh [email protected]:/root ##拷貝一份給RS2 setka.sh 100% 547 0.5KB/s 00:00
RS2配置
# yum install -y httpd # echo "<h1>The page from node4</h1>" > /var/www/html/index.html # service start httpd # bash setka.sh ##執行腳本,檢查設置是否生效 兩臺都準備妥當後。
3.Director 配置
在配置之前,先要把4機器的時間同步一下
以node1為ntp-server
[root@node1 ~]# for i in 31 32 33 34;do ssh 192.168.137.$i ‘date‘;done ##提前給4臺機器做了密鑰認證 Wed Nov 8 23:50:28 CST 2017 Wed Nov 8 23:50:28 CST 2017 Wed Nov 8 23:50:28 CST 2017 Wed Nov 8 23:50:28 CST 2017 # yum install -y ipvsadm # route add -host 192.168.137.10/32 dev eth0 添加IPVS規則 # ipvsadm -A -t 192.168.137.10:80 -s rr # ipvsadm -a -t 1192.168.137.10:80 -r 192.168.137.37 -g -w 1 # ipvsadm -a -t 192.168.137.10:80 -r 192.168.137.37 -g -w 1 # ipvsadm -a -t 192.168.137.10:80 -r 192.168.137.33 -g -w 2 # ipvsadm -L -n 使用另一臺Director訪問VIP curl http://192.168.137.10 [root@node2 ~]# curl http://192.168.137.10 <h1>The page from node3</h1> [root@node2 ~]# curl http://192.168.137.10 <h1>The page from node4</h1> [root@node2 ~]# curl http://192.168.137.10
兩臺Director進行IPVS測試之後,清除ipvs規則刪除route條目
# ipvsadm -C
# route del -host 192.168.137.10/32 dev eth0
開始給Director 配置keepalived
MASTER 配置(node1)
# yum install -y keepalived httpd
# echo "<h1>Sorry,Under maintances(31).</h1>" > /var/www/html/index.html ##添加sorry_server頁面
# service httpd start
# 編輯配置文件keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost #本地email地址
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_mcast_group4 224.0.1.118 #配置VRRP組播域
}
#健康狀態檢測腳本檢查
vrrp_script chk_mt {
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
interval 1
weight -20
}
#實例
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 151 #虛擬路由ID
priority 100 #權重100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.137.10/16 dev eth0 label eth0:1 #虛擬IP地址這裏建議使用16為掩碼
}
track_script { #追蹤健康狀態腳本
chk_mt
}
notify_master "/etc/keepalived/notify.sh master" #配置通知腳本
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
#虛擬服務器及RealServer配置
virtual_server 192.168.137.10 80 {
delay_loop 6
lb_algo wrr #weighted rr (表示通過權重來輪詢調度)
lb_kind DR #LVS DR 模型
nat_mask 255.255.255.0
protocol TCP
sorry_server 127.0.0.1 80 #本地sorry_server服務器配置
real_server 192.168.137.33 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.137.34 80 {
weight 2
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}通知腳本(/etc/keepalived/notify.sh):
#!/bin/bash # Author: [email protected] # description: An example of notify script # vip=192.168.137.10 contact=‘root@localhost‘ notify() { mailsubject="`hostname` to be $1: $vip floating" mailbody="`date ‘+%F %H:%M:%S‘`: vrrp transition, `hostname` changed to be $1" echo $mailbody | mail -s "$mailsubject" $contact } case "$1" in master) notify master exit 0 ;; backup) notify backup exit 0 ;; fault) notify fault exit 0 ;; *) echo ‘Usage: `basename $0` {master|backup|fault}‘ exit 1 ;; esac 註:通知腳本需要拷一份至node2 scp notify.sh [email protected]:/etc/keepalived/
BACKUP配置(node2)
# yum install -y keepalived
# yum install -y httpd
# echo "<h1>Sorry,Under maintances(32).</h1>" > /var/www/html/index.html ##添加sorry_server頁面
# service httpd start
# 配置keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_mcast_group4 224.0.1.118
}
vrrp_script chk_mt {
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
interval 1
weight -20
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 151
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.137.10/16 dev eth0 label eth0:1
}
track_script {
chk_mt
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
virtual_server 192.168.137.10 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
nat_mask 255.255.255.0
protocol TCP
sorry_server 127.0.0.1 80
real_server 192.168.137.33 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.137.34 80 {
weight 2
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}4.啟動keepalived並測試功能
在node1上
1、啟動keepalived
# service keepalived restart ; ssh 192.168.137.32 ‘service keepalived restart‘ # ifconfig [root@node1~]# ifconfig ##可以看到eth0:1地址已經獲取到 eth0 Link encap:Ethernet HWaddr 00:0C:29:AA:09:30 inet addr:192.168.137.31 Bcast:192.168.137.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:feaa:930/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:46005 errors:0 dropped:0 overruns:0 frame:0 TX packets:59292 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:5151611 (4.9 MiB) TX bytes:5965319 (5.6 MiB) eth0:1 Link encap:Ethernet HWaddr 00:0C:29:AA:09:30 inet addr:192.168.137.10 Bcast:0.0.0.0 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
2、測試訪問web
[root@node1~]# curl http://192.168.137.10 <h1>The page from node3</h1> [root@node1~]# curl http://192.168.137.10 <h1>The page from node4</h1>
3、健康狀態檢測
手動在(MASTER)/etc/keepalived中新建一個down文件
# touch down
# 腳本檢測到down文件存在權重減20,則vip會自動的floating 到BACKUP的主機上,刪除down文件MASTER會將vip搶回來(處於主備的搶占模式下)。
測試如下:
[root@node1 keepalived]# touch down
[root@node1 keepalived]#
[root@node1 keepalived]# ls
down keepalived.conf notify.sh
在node2上發現VIP設置成功
[root@node2 ~]# ifconfig eth0:1
eth0:1 Link encap:Ethernet HWaddr 00:0C:29:CB:63:DF
inet addr:192.168.137.10 Bcast:0.0.0.0 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
在看看mail,此處說明VIP漂至node2
U 10 root Wed Nov 8 21:50 19/723 "node2.localdomain to be master: 192.168.137.10 floating"
訪問VIP:
[root@node1 keepalived]# curl 192.168.137.10
<h1>The page from node4</h1>
[root@node1 keepalived]# curl 192.168.137.10
<h1>The page from node3</h1>
刪除node1keepalived上的down文件。
#rm -rf /etc/keepalived/down
[root@node1 keepalived]# ifconfig eth0:1
eth0:1 Link encap:Ethernet HWaddr 00:0C:29:AA:09:30
inet addr:192.168.137.10 Bcast:0.0.0.0 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
mail郵件
>N 9 root Wed Nov 8 22:01 18/713 "node1.localdomain to be master: 192.168.137.10 floating"
查看網站是否正常訪問
[root@node2 ~]# curl 192.168.137.10
<h1>The page from node4</h1>
[root@node2 ~]# curl 192.168.137.10
<h1>The page from node3</h1>
這裏可看到地址又被node1搶回來了(因為我們配置的是搶占模式),網站正常被調度,測試完畢!!!4、Sorry_Server測試
在RealServer(node3)
停掉兩臺RealServer服務器
# service httpd stop ; ssh 192.168.137.34 ‘service httpd stop‘
[root@liu ~]# curl http://192.168.137.10
<h1>Sorry,Under maintances(31).</h1>
註釋:這裏會用涉及到ntp時鐘同步,Openssl的密鑰的認證,
# ntpdate IP(ntp時鐘服務器地址)
*/5 * * * * root /usr/sbin/ntpdate 192.168.137.31 &>/dev/null;hwclock -w
# ssh-keygen -t rsa -P ‘‘ -f "/root/.ssh/id_rsa"
# ssh-copy-id -i .ssh/id_rsa.pub [user@]machine
至此keepalived+lvs_dr+healthcheck 高可用集群就這樣部署完畢。
本文出自 “Ljohn” 博客,請務必保留此出處http://ljohn.blog.51cto.com/11932290/1980547
實戰:Keepalived 高可用LVS-主備模式