1.集群规划
IP | 类型 | 机房 | 说明 |
---|---|---|---|
10.242.178.130 | consul server | 新港 | Consul v1.10.2 |
10.242.178.131 | consul server | 新港 | Consul v1.10.2 |
10.242.178.129 | consul server | 新港 | Consul v1.10.2 |
10.242.178.132 | vip | 新港 | keepalived vip |
2.keepalived安装部署
2.1.软件安装
所有节点安装keepalived、
[root@lobapredb128 ~]# yum install ipvsadm keepalived -y
2.2.内核参数
os内核参数调整
net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.eth0.send_redirects = 0 net.ipv4.conf.lo.arp_ignore = 1 net.ipv4.conf.lo.arp_announce = 2 net.ipv4.conf.all.arp_ignore = 1 net.ipv4.conf.all.arp_announce = 2
2.3.配置文件
-
10.242.178.130 /etc/keepalived/keepalived.conf
global_defs { router_id LVS_DEVEL } vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 130 priority 100 advert_int 1 nopreempt authentication { auth_type PASS auth_pass 1324 } virtual_ipaddress { 10.242.178.132 } } virtual_server fwmark 1 { delay_loop 10 lb_algo rr lb_kind DR protocol TCP real_server 10.242.178.130 53 { weight 3 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 connect_port 53 } } real_server 10.242.178.131 53 { weight 3 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 connect_port 53 } } real_server 10.242.178.129 53 { weight 3 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 connect_port 53 } } }
-
10.242.178.131 /etc/keepalived/keepalived.conf
global_defs { router_id LVS_DEVEL } vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 130 priority 150 nopreempt advert_int 1 authentication { auth_type PASS auth_pass 1324 } virtual_ipaddress { 10.242.178.132 } } virtual_server fwmark 2 { delay_loop 10 lb_algo rr lb_kind DR protocol TCP real_server 10.242.178.130 53 { weight 3 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 connect_port 53 } } real_server 10.242.178.131 53 { weight 3 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 connect_port 53 } } real_server 10.242.178.129 53 { weight 3 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 connect_port 53 } } }
-
10.242.178.129 /etc/keepalived/keepalived.conf
global_defs { router_id LVS_DEVEL } vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 130 priority 200 nopreempt advert_int 1 authentication { auth_type PASS auth_pass 1324 } virtual_ipaddress { 10.242.178.132 } } virtual_server fwmark 3 { delay_loop 10 lb_algo rr lb_kind DR protocol TCP real_server 10.242.178.130 53 { weight 3 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 connect_port 53 } } real_server 10.242.178.131 53 { weight 3 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 connect_port 53 } } real_server 10.242.178.129 53 { weight 3 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 connect_port 53 } } }
2.4.启动进程
所有节点启动keepalived
service keepalived start
2.5.数据包打码
-
10.242.178.130
iptables -t mangle -A PREROUTING ! -s 10.242.178.132/32 -d 10.242.178.132/32 -p udp -m udp --dport 53 -m mac ! --mac-source fa:16:3e:a7:1b:35 -m mac ! --mac-source fa:16:3e:05:b8:1b -m mac ! --mac-source fa:16:3e:03:b2:4c -j MARK --set-xmark 0x1/0xffffffff
-
10.242.178.131
iptables -t mangle -A PREROUTING ! -s 10.242.178.132/32 -d 10.242.178.132/32 -p udp -m udp --dport 53 -m mac ! --mac-source fa:16:3e:a7:1b:35 -m mac ! --mac-source fa:16:3e:05:b8:1b -m mac ! --mac-source fa:16:3e:03:b2:4c -j MARK --set-xmark 0x2/0xffffffff
-
10.242.178.129
iptables -t mangle -A PREROUTING ! -s 10.242.178.132/32 -d 10.242.178.132/32 -p udp -m udp --dport 53 -m mac ! --mac-source fa:16:3e:a7:1b:35 -m mac ! --mac-source fa:16:3e:05:b8:1b -m mac ! --mac-source fa:16:3e:03:b2:4c -j MARK --set-xmark 0x3/0xffffffff
3.功能测试
3.1.分发测试
-
10.243.204.103
[root@lobapredb162 ~]# dig consul.service.sndbxingang @10.242.178.132|grep consul.service.sndbxingang ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> consul.service.sndbxingang @10.242.178.132 ;consul.service.sndbxingang. IN A consul.service.sndbxingang. 0 IN A 10.242.178.130 consul.service.sndbxingang. 0 IN A 10.242.178.129 consul.service.sndbxingang. 0 IN A 10.242.178.131 [root@lobapredb162 ~]# dig consul.service.sndbxingang @10.242.178.132|grep consul.service.sndbxingang ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> consul.service.sndbxingang @10.242.178.132 ;consul.service.sndbxingang. IN A consul.service.sndbxingang. 0 IN A 10.242.178.129 consul.service.sndbxingang. 0 IN A 10.242.178.131 consul.service.sndbxingang. 0 IN A 10.242.178.130 [root@lobapredb162 ~]# dig consul.service.sndbxingang @10.242.178.132|grep consul.service.sndbxingang ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> consul.service.sndbxingang @10.242.178.132 ;consul.service.sndbxingang. IN A consul.service.sndbxingang. 0 IN A 10.242.178.129 consul.service.sndbxingang. 0 IN A 10.242.178.131 consul.service.sndbxingang. 0 IN A 10.242.178.130
-
10.242.178.132
[root@lobapredb128 ~]# ipvsadm -Lnc IPVS connection entries pro expire state source virtual destination UDP 04:27 UDP 10.243.204.103:37634 10.242.178.132:53 10.242.178.131:53 UDP 04:56 UDP 10.243.204.103:17025 10.242.178.132:53 10.242.178.129:53 UDP 04:45 UDP 10.243.204.103:26626 10.242.178.132:53 10.242.178.130:53 UDP 04:16 UDP 10.243.204.103:8306 10.242.178.132:53 10.242.178.129:53
3.2.vip漂移测试
-
10.242.178.130
[root@lobapredb128 ~]# service keepalived stop Stopping keepalived: [ OK ]
-
10.242.178.129
[root@lobapredb126 consul]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet 10.242.178.132/32 scope global lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether fa:16:3e:05:b8:1b brd ff:ff:ff:ff:ff:ff inet 10.242.178.129/27 brd 10.242.178.159 scope global eth0 inet 10.242.178.132/32 scope global eth0 inet6 fe80::f816:3eff:fe05:b81b/64 scope link valid_lft forever preferred_lft forever [root@lobapredb126 consul]# service keepalived stop Stopping keepalived:
-
10.242.178.131
[root@lobapredb127 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet 10.242.178.132/32 scope global lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether fa:16:3e:03:b2:4c brd ff:ff:ff:ff:ff:ff inet 10.242.178.131/27 brd 10.242.178.159 scope global eth0 inet 10.242.178.132/32 scope global eth0 inet6 fe80::f816:3eff:fe03:b24c/64 scope link valid_lft forever preferred_lft forever
-
keep全部启动后vip仍停留在10.242.178.131上,因配置非抢占模式
[root@lobapredb127 ~]# cat /etc/keepalived/keepalived.conf |grep -B 5 nopree vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 130 priority 150 nopreempt