lvs-dr+keepalived
一、 環境準備
主機名 |
Ip地址 |
系統版本 |
ha1 |
192.168.138.13 |
Centos7.3 |
ha2 |
192.168.138.14 |
Centos7.3 |
Rs1 |
192.168.138.15 |
Centos7.3 |
Rs2 |
192.168.138.16 |
Centos7.3 |
測試機器 |
192.168.138.17 |
Ubuntu |
- 關閉防火墻和selinux
- 時間同步
- 更改主機名
[root@localhost ~]# cat >> /etc/hosts << EOF
> 192.168.138.13 ha1
> 192.168.138.14 ha2
> 192.168.138.15 rs1
> 192.168.138.16 rs2
> EOF
重啟之後才生效
當前生效: [root@localhost ~]# hostnamectl set-hostname ha1
- 在ha1和ha2 上安裝 lvs,keepalived
#yum install ipvsadm keepalived –y
- 在rs1和rs2上安裝httpd
#yum install httpd –y
二、 配置realserver(rs1,rs2上操作)
1.配置web測試主頁
[root@rs1 ~]# echo "web5 test page! " >> /var/www/html/index.html
[root@rs2 ~]# echo "web6 test page! " >> /var/www/html/index.html
2.啟動並設開機自啟動
[root@rs1 ~]# systemctl start httpd
[root@rs1 ~]# systemctl eable httpd
3.測試訪問web頁面
[root@rs1 ~]# curl http://192.168.138.15
[root@rs2 ~]# curl http://192.168.138.16
4.rs端arp抑制(DR 模式)
如果不抑制, 廣播消息會通過物理網卡到達真實服務器,而真實服務器上有VIP,所以,會響應此請求
抑制後,前端路由將請求發往VIP時,只能是Dirctor上的VIP
解決方法:修改Linux內核參數,將RS上的VIP配置為lo接口的別名,限制Linux僅對對應接口的ARP請求做響應
手動:
#Vim /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2
腳本(自動):
[root@rs1 ~]# vim /etc/init.d/lvs_rs
#!/bin/sh
# Startup script handle the initialisation of LVS
# chkconfig: - 28 72
# description: Initialise the Linux Virtual Server for DR
#
### BEGIN INIT INFO
# Provides: ipvsadm
# Required-Start: $local_fs $network $named
# Required-Stop: $local_fs $remote_fs $network
# Short-Description: Initialise the Linux Virtual Server
# Description: The Linux Virtual Server is a highly scalable and highly
# available server built on a cluster of real servers, with the load
# balancer running on Linux.
# description: start LVS of DR-RIP
LOCK=/var/lock/ipvsadm.lock
VIP=192.168.138.10
. /etc/rc.d/init.d/functions
start() {
PID=`ifconfig | grep lo:10 | wc -l`
if [ $PID -ne 0 ];
then
echo "The LVS-DR-RIP Server is already running !"
else
/sbin/ifconfig lo:10 $VIP netmask 255.255.255.255 broadcast $VIP up
/sbin/route add -host $VIP dev lo:10
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore # 1– 只回答目標IP地址是來訪網絡接口本地地址的ARP查詢請求
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce # 2-限制了使用本地的vip地址作為優先的網絡接口
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
/bin/touch $LOCK
echo "starting LVS-DR-RIP server is ok !"
fi
}
stop() {
/sbin/route del -host $VIP dev lo:10
/sbin/ifconfig lo:10 down >/dev/null
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
rm -rf $LOCK
echo "stopping LVS-DR-RIP server is ok !"
}
status() {
if [ -e $LOCK ];
then
echo "The LVS-DR-RIP Server is already running !"
else
echo "The LVS-DR-RIP Server is not running !"
fi
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
status)
status
;;
*)
echo "Usage: $1 {start|stop|restart|status}"
exit 1
esac
exit 0
增加執行權限
[root@rs1 ~]# chmod +x /etc/init.d/lvs_rs
添加為系統服務
[root@rs1 ~]# chkconfig --add lvs_rs
設置為開機自啟動
[root@rs1 ~]# chkconfig lvs_rs on
啟動
[root@rs1 ~]# systemctl start lvs_rs
查看狀態
[root@rs1 ~]# systemctl status lvs_rs
查看vip 是否綁定
[root@rs1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 192.168.138.10/32 brd 192.168.138.10 scope global lo:10
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:a6:ca:72 brd ff:ff:ff:ff:ff:ff
inet 192.168.138.15/24 brd 192.168.138.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fea6:ca72/64 scope link
valid_lft forever preferred_lft forever
三、 配置keepalived
[root@ha1 ~]# cd /etc/keepalived/
[root@ha1 keepalived]# ls
keepalived.conf
備份
[root@ha1 keepalived]# cp keepalived.conf{,.bak}
配置 /etc/keepalived/keepalived.conf 文件
! Configuration File for keepalived
global_defs {
notification_email {
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_1
}
vrrp_instance VI_1 { //實例配置
state MASTER //MASTER或BACKUP
interface ens33 //網卡接口
lvs_sync_daemon_interface ens33
virtual_router_id 51 //虛擬路由id
priority //優先級
advert_int 1
authentication { //認證
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { //虛擬ip地址
192.168.138.10
}
}
virtual_server 192.168.138.10 80 {
delay_loop 6 //定義RS運行情況監測時間間隔
lb_algo wrr //定義負載調度算法
lb_kind DR //定義LVS的工作模式
nat_mask 255.255.255.0 //定義虛擬服務的mask
# persistence_timeout 300 //定義會話保持時間,S為單位
protocol TCP //指定轉發協議
real_server 192.168.138.15 80 { //真實服務器IP地址和端口
weight 1 //定義RS的權重
TCP_CHECK { //RS server健康檢查部分
connect_timeout 8 //連接超時
nb_get_retry 3 //定義重試次數
delay_before_retry 3 //定義重試時間間隔
connect_port 80 //定義健康檢查端口
}
}
real_server 192.168.138.16 80 {
weight 1
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
[root@ha1 keepalived]# systemctl start keepalived
查看VIP是否添加成功
[root@ha1 keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:7f:09:12 brd ff:ff:ff:ff:ff:ff
inet 192.168.138.13/24 brd 192.168.138.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.138.10/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe7f:912/64 scope link
valid_lft forever preferred_lft forever
查看lvs配置是否成功
[root@ha1 keepalived]# ipvsadm -ln --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes
-> RemoteAddress:Port
TCP 192.168.138.10:80 0 0 0 0 0
-> 192.168.138.15:80 0 0 0 0 0
-> 192.168.138.16:80 0 0 0 0 0
四、測試
1.測試lvs功能
root@chengchen-virtual-machine:~# for ((i=1;i<=10;i++)); do curl http://192.168.138.10; done
web6 test page!
web5 test page!
web6 test page!
web5 test page!
web6 test page!
web5 test page!
web6 test page!
web5 test page!
web6 test page!
web5 test page!
lvs-dr+keepalived