web集群-高可用集群-keepalived+LVS

最新推荐文章于 2024-07-15 22:43:28 发布

xx_01_2048769943

最新推荐文章于 2024-07-15 22:43:28 发布

阅读量184

点赞数

分类专栏： web集群

本文链接：https://blog.csdn.net/m0_46289868/article/details/114532051

版权

web集群专栏收录该内容

13 篇文章 1 订阅

订阅专栏

keepalived+LVS

主机名及地址	作用
node01：192.168.16.11	keepalived主节点 DS
node02：192.168.16.12	keepalived备节点 DS
node03：192.168.16.13	RS
node04：192.168.16.14	RS
node06：192.168.16.16	测试节点
内核版本	3.10.0-1062.el7.x86_64
发行版本	CentOS Linux release 7.7.1908 (Core)

基础环境：都关闭防火墙及SElinux，并查看各服务器之间的时间是否同步

# systemctl stop firewalld.service 
# date

DS主备节点配置：node1,node2
主备节点keepalived 尽量版本一致
本示例都以源码按装，版本keepalived-2.1.0,可参考keepalived安装

前端配置：node1，node2

LVS依赖模块的安装

# yum install ipvsadm.x86_64  -y

keepalived+lvs配置，TCP_CHECK健康检查的方式

主节点配置：node1

[root@node1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
}

vrrp_instance VI_LVS {
    state MASTER
    interface ens33
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.16.100
    }
}

virtual_server 192.168.16.100 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
 #   persistence_timeout 50
    protocol TCP

    real_server 192.168.16.13 80 {
        weight 1
        TCP_CHECK{
            connect_port 80     #检查的端口
            connect_timeout 3   #检查的超时时间
            nb_get_retry 3      #重试的次数
            delay_before_retry 3
        }
     }

    real_server 192.168.16.14 80 {
        weight 1
        TCP_CHECK{
            connect_port 80     #检查的端口
            connect_timeout 3   #检查的超时时间
            nb_get_retry 3      #重试的次数
            delay_before_retry 3
        }
     }
}

# systemctl restart keepalived.service

备节点配置：node2

[root@node1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
}

vrrp_instance VI_LVS {
    state BACKUP     #编辑状态为BACKUP
    interface ens33
    virtual_router_id 51
    priority 80		#优先级比master小
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.16.100
    }
}

virtual_server 192.168.16.100 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
 #   persistence_timeout 50
    protocol TCP

    real_server 192.168.16.13 80 {
        weight 1
        TCP_CHECK{				#使用TCP_check 健康监测
            connect_port 80     #检查的端口
            connect_timeout 3   #检查的超时时间
            nb_get_retry 3      #重试的次数
            delay_before_retry 3 #重试的间隔
        }
     }

    real_server 192.168.16.14 80 {
        weight 1
        TCP_CHECK{
            connect_port 80     #检查的端口
            connect_timeout 3   #检查的超时时间
            nb_get_retry 3      #重试的次数
            delay_before_retry 3
        }
     }
}

# systemctl restart keepalived.service

LVS测试：

[root@node1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.16.100:80 rr
  -> 192.168.16.13:80             Route   1      0          0         
  -> 192.168.16.14:80             Route   1      0          0    

[root@node2 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.16.100:80 rr
  -> 192.168.16.13:80             Route   1      0          0         
  -> 192.168.16.14:80             Route   1      0          0

[root@node1 ~]# ip a| grep 192.168.16.100
    inet 192.168.16.100/32 scope global ens33

后端配置：node3，node4

RS节点服务配置：node3，node4

# yum install httpd -y
# echo "this is `hostname -I`" > /var/www/html/index.html
# systemctl stop firewalld.service 
# systemctl start httpd

测试：node6

[root@node6 ~]# curl 192.168.16.14
this is 192.168.16.14 
[root@node6 ~]# curl 192.168.16.13
this is 192.168.16.13

LVS脚本配置：node3，node4

[root@node3 ~]# vim /etc/init.d/lvs_rs
#!/bin/sh 
#
# Startup script handle the initialisation of LVS 
# chkconfig: - 28 72 
# description: Initialise the Linux Virtual Server for DR 
#
### BEGIN INIT INFO 
# Provides: ipvsadm 
# Required-Start: $local_fs $network $named 
# Required-Stop: $local_fs $remote_fs $network 
# Short-Description: Initialise the Linux Virtual Server 
# Description: The Linux Virtual Server is a highly scalable and highly 
# available server built on a cluster of real servers, with the load 
# balancer running on Linux. 
# description: start LVS of DR-RIP 
LOCK=/var/lock/ipvsadm.lock
VIP=192.168.16.100
. /etc/rc.d/init.d/functions

start() {
        PID=`ifconfig | grep lo:100 | wc -l`
        if [ $PID -ne 0 ];
        then
                echo "The LVS-DR-RIP Server is already running !" 
        else
                /sbin/ifconfig lo:100 $VIP netmask 255.255.255.255 broadcast $VIP up
                /sbin/route add -host $VIP dev lo:100
                echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
                echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
                echo "1" >/proc/sys/net/ipv4/conf/ens33/arp_ignore
                echo "2" >/proc/sys/net/ipv4/conf/ens33/arp_announce
                echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
                echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
                /bin/touch $LOCK
                echo "starting LVS-DR-RIP server is ok !" 
        fi
}

stop() {
        /sbin/route del -host $VIP dev lo:100
        /sbin/ifconfig lo:100 down >/dev/null
        echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
        echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
        echo "0" >/proc/sys/net/ipv4/conf/ens33/arp_ignore
        echo "0" >/proc/sys/net/ipv4/conf/ens33/arp_announce
        echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
        echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
        rm -rf $LOCK echo "stopping LVS-DR-RIP server is ok !" 
}

status() {
        if [ -e $LOCK ];
        then
                echo "The LVS-DR-RIP Server is already running !" 
        else
                echo "The LVS-DR-RIP Server is not running !" 
        fi
}

case "$1" in
        start)
                start
                ;;
        stop)
                stop
                ;;
        restart)
                stop
                start
                ;;
        status)
                status
                ;;
        *)
                echo "Usage: $1 {start|stop|restart|status}" 
                exit 1
esac
exit 0


添加执行权限并启动服务
# chmod +x /etc/init.d/lvs_rs 
# sh /etc/init.d/lvs_rs

测试：node6

[root@node6 ~]# for ((i=1;i<=10;i++))
> do
> curl 192.168.16.100
> done
this is 192.168.16.14 
this is 192.168.16.13 
this is 192.168.16.14 
this is 192.168.16.13 
this is 192.168.16.14 
this is 192.168.16.13 
this is 192.168.16.14 
this is 192.168.16.13 
this is 192.168.16.14 
this is 192.168.16.13

keepalived测试：

[root@node1 ~]# systemctl stop keepalived.service
[root@node2 ~]# ip a| grep 192.168.16.100
    inet 192.168.16.100/32 scope global ens33
[root@node6 ~]# for ((i=1;i<=10;i++)); do curl 192.168.16.100; done
this is 192.168.16.14 
this is 192.168.16.13 
this is 192.168.16.14 
this is 192.168.16.13 
this is 192.168.16.14 
this is 192.168.16.13 
this is 192.168.16.14 
this is 192.168.16.13 
this is 192.168.16.14 
this is 192.168.16.13

LVS测试：

[root@node3 ~]# systemctl stop httpd
[root@node6 ~]# for ((i=1;i<=10;i++)); do curl 192.168.16.100; done
this is 192.168.16.14 
this is 192.168.16.14 
this is 192.168.16.14 
this is 192.168.16.14 
this is 192.168.16.14 
this is 192.168.16.14 
this is 192.168.16.14 
this is 192.168.16.14 
this is 192.168.16.14 
this is 192.168.16.14

[root@node4 ~]# systemctl stop httpd
[root@node6 ~]# for ((i=1;i<=10;i++)); do curl 192.168.16.100; done
this is 192.168.16.13 
this is 192.168.16.13 
this is 192.168.16.13 
this is 192.168.16.13 
this is 192.168.16.13 
this is 192.168.16.13 
this is 192.168.16.13 
this is 192.168.16.13 
this is 192.168.16.13 
this is 192.168.16.13

测试成功

keepalived+lvs配置，HTTP_CHECK健康检查的方式

主节点配置：node1

[root@node1 ~]# vim /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
}

vrrp_instance VI_LVS {
    state MASTER
    interface ens33
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.16.100
    }
}

virtual_server 192.168.16.100 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
 #   persistence_timeout 50
    protocol TCP

    real_server 192.168.16.13 80 {
        weight 1
 #       TCP_CHECK{
         HTTP_GET{
            url{
                path /index.html
                digest e7b78cd5b95cfc072c27500d65666976
                status_code 200
            }
            connect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 2
        }
     }

    real_server 192.168.16.14 80 {
        weight 1
   #     TCP_CHECK{
         HTTP_GET{
                url{
                   path	/index.html
                   digest 2c6d265ea20bb9dc5500c0b69882c538
                   status_code 200
            }
            connect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 2
        }
     }
}

重启服务
# systemctl restart keepalived.service

备节点配置：node2

! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
}

vrrp_instance VI_LVS {
    state BACKUP
    interface ens33
    virtual_router_id 51
    priority 80
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.16.100
    }
}

virtual_server 192.168.16.100 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
 #   persistence_timeout 50
    protocol TCP

    real_server 192.168.16.13 80 {
        weight 1
 #       TCP_CHECK{
         HTTP_GET{
            url{
                path /index.html
                digest e7b78cd5b95cfc072c27500d65666976
                status_code 200
            }
            connect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 2
        }
     }

    real_server 192.168.16.14 80 {
        weight 1
   #     TCP_CHECK{
         HTTP_GET{
                url{
                   path  /index.html
                   digest 2c6d265ea20bb9dc5500c0b69882c538
                   status_code 200
            }
            connect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 2
        }
     }
}

重启服务
# systemctl restart keepalived.service

LVS检测：

[root@node1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.16.100:80 rr
  -> 192.168.16.13:80             Route   1      0          15        
  -> 192.168.16.14:80             Route   1      0          25 

[root@node2 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.16.100:80 rr
  -> 192.168.16.13:80             Route   1      0          0         
  -> 192.168.16.14:80             Route   1      0          0

后端节点配置不改变

测试：node6

keepalived测试：

[root@node1 ~]# systemctl stop keepalived.service 
[root@node6 ~]# for ((i=1;i<=10;i++)); do curl 192.168.16.100; done
this is 192.168.16.13 
this is 192.168.16.14 
this is 192.168.16.13 
this is 192.168.16.14 
this is 192.168.16.13 
this is 192.168.16.14 
this is 192.168.16.13 
this is 192.168.16.14 
this is 192.168.16.13 
this is 192.168.16.14

http测试：

[root@node3 ~]# systemctl stop httpd
[root@node1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.16.100:80 rr
  -> 192.168.16.14:80             Route   1      0          0      
[root@node2 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.16.100:80 rr
  -> 192.168.16.14:80             Route   1      0          20   

[root@node6 ~]# for ((i=1;i<=10;i++)); do curl 192.168.16.100; done
this is 192.168.16.14 
this is 192.168.16.14 
this is 192.168.16.14 
this is 192.168.16.14 
this is 192.168.16.14 
this is 192.168.16.14 
this is 192.168.16.14 
this is 192.168.16.14 
this is 192.168.16.14 
this is 192.168.16.14