keepalived+LVS
主机名及地址 | 作用 |
---|---|
node01:192.168.16.11 | keepalived主节点 DS |
node02:192.168.16.12 | keepalived备节点 DS |
node03:192.168.16.13 | RS |
node04:192.168.16.14 | RS |
node06:192.168.16.16 | 测试节点 |
内核版本 | 3.10.0-1062.el7.x86_64 |
发行版本 | CentOS Linux release 7.7.1908 (Core) |
基础环境:都关闭防火墙及SElinux,并查看各服务器之间的时间是否同步
# systemctl stop firewalld.service
# date
DS主备节点配置:node1,node2
主备节点keepalived 尽量版本一致
本示例都以源码按装,版本keepalived-2.1.0,可参考keepalived安装
前端配置:node1,node2
LVS依赖模块的安装
# yum install ipvsadm.x86_64 -y
keepalived+lvs配置,TCP_CHECK健康检查的方式
主节点配置:node1
[root@node1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_LVS {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.16.100
}
}
virtual_server 192.168.16.100 80 {
delay_loop 6
lb_algo rr
lb_kind DR
# persistence_timeout 50
protocol TCP
real_server 192.168.16.13 80 {
weight 1
TCP_CHECK{
connect_port 80 #检查的端口
connect_timeout 3 #检查的超时时间
nb_get_retry 3 #重试的次数
delay_before_retry 3
}
}
real_server 192.168.16.14 80 {
weight 1
TCP_CHECK{
connect_port 80 #检查的端口
connect_timeout 3 #检查的超时时间
nb_get_retry 3 #重试的次数
delay_before_retry 3
}
}
}
# systemctl restart keepalived.service
备节点配置:node2
[root@node1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_LVS {
state BACKUP #编辑状态为BACKUP
interface ens33
virtual_router_id 51
priority 80 #优先级比master小
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.16.100
}
}
virtual_server 192.168.16.100 80 {
delay_loop 6
lb_algo rr
lb_kind DR
# persistence_timeout 50
protocol TCP
real_server 192.168.16.13 80 {
weight 1
TCP_CHECK{ #使用TCP_check 健康监测
connect_port 80 #检查的端口
connect_timeout 3 #检查的超时时间
nb_get_retry 3 #重试的次数
delay_before_retry 3 #重试的间隔
}
}
real_server 192.168.16.14 80 {
weight 1
TCP_CHECK{
connect_port 80 #检查的端口
connect_timeout 3 #检查的超时时间
nb_get_retry 3 #重试的次数
delay_before_retry 3
}
}
}
# systemctl restart keepalived.service
LVS测试:
[root@node1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.16.100:80 rr
-> 192.168.16.13:80 Route 1 0 0
-> 192.168.16.14:80 Route 1 0 0
[root@node2 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.16.100:80 rr
-> 192.168.16.13:80 Route 1 0 0
-> 192.168.16.14:80 Route 1 0 0
[root@node1 ~]# ip a| grep 192.168.16.100
inet 192.168.16.100/32 scope global ens33
后端配置:node3,node4
RS节点服务配置:node3,node4
# yum install httpd -y
# echo "this is `hostname -I`" > /var/www/html/index.html
# systemctl stop firewalld.service
# systemctl start httpd
测试:node6
[root@node6 ~]# curl 192.168.16.14
this is 192.168.16.14
[root@node6 ~]# curl 192.168.16.13
this is 192.168.16.13
LVS脚本配置:node3,node4
[root@node3 ~]# vim /etc/init.d/lvs_rs
#!/bin/sh
#
# Startup script handle the initialisation of LVS
# chkconfig: - 28 72
# description: Initialise the Linux Virtual Server for DR
#
### BEGIN INIT INFO
# Provides: ipvsadm
# Required-Start: $local_fs $network $named
# Required-Stop: $local_fs $remote_fs $network
# Short-Description: Initialise the Linux Virtual Server
# Description: The Linux Virtual Server is a highly scalable and highly
# available server built on a cluster of real servers, with the load
# balancer running on Linux.
# description: start LVS of DR-RIP
LOCK=/var/lock/ipvsadm.lock
VIP=192.168.16.100
. /etc/rc.d/init.d/functions
start() {
PID=`ifconfig | grep lo:100 | wc -l`
if [ $PID -ne 0 ];
then
echo "The LVS-DR-RIP Server is already running !"
else
/sbin/ifconfig lo:100 $VIP netmask 255.255.255.255 broadcast $VIP up
/sbin/route add -host $VIP dev lo:100
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/ens33/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/ens33/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
/bin/touch $LOCK
echo "starting LVS-DR-RIP server is ok !"
fi
}
stop() {
/sbin/route del -host $VIP dev lo:100
/sbin/ifconfig lo:100 down >/dev/null
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/ens33/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/ens33/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
rm -rf $LOCK echo "stopping LVS-DR-RIP server is ok !"
}
status() {
if [ -e $LOCK ];
then
echo "The LVS-DR-RIP Server is already running !"
else
echo "The LVS-DR-RIP Server is not running !"
fi
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
status)
status
;;
*)
echo "Usage: $1 {start|stop|restart|status}"
exit 1
esac
exit 0
添加执行权限并启动服务
# chmod +x /etc/init.d/lvs_rs
# sh /etc/init.d/lvs_rs
测试:node6
[root@node6 ~]# for ((i=1;i<=10;i++))
> do
> curl 192.168.16.100
> done
this is 192.168.16.14
this is 192.168.16.13
this is 192.168.16.14
this is 192.168.16.13
this is 192.168.16.14
this is 192.168.16.13
this is 192.168.16.14
this is 192.168.16.13
this is 192.168.16.14
this is 192.168.16.13
keepalived测试:
[root@node1 ~]# systemctl stop keepalived.service
[root@node2 ~]# ip a| grep 192.168.16.100
inet 192.168.16.100/32 scope global ens33
[root@node6 ~]# for ((i=1;i<=10;i++)); do curl 192.168.16.100; done
this is 192.168.16.14
this is 192.168.16.13
this is 192.168.16.14
this is 192.168.16.13
this is 192.168.16.14
this is 192.168.16.13
this is 192.168.16.14
this is 192.168.16.13
this is 192.168.16.14
this is 192.168.16.13
LVS测试:
[root@node3 ~]# systemctl stop httpd
[root@node6 ~]# for ((i=1;i<=10;i++)); do curl 192.168.16.100; done
this is 192.168.16.14
this is 192.168.16.14
this is 192.168.16.14
this is 192.168.16.14
this is 192.168.16.14
this is 192.168.16.14
this is 192.168.16.14
this is 192.168.16.14
this is 192.168.16.14
this is 192.168.16.14
[root@node4 ~]# systemctl stop httpd
[root@node6 ~]# for ((i=1;i<=10;i++)); do curl 192.168.16.100; done
this is 192.168.16.13
this is 192.168.16.13
this is 192.168.16.13
this is 192.168.16.13
this is 192.168.16.13
this is 192.168.16.13
this is 192.168.16.13
this is 192.168.16.13
this is 192.168.16.13
this is 192.168.16.13
测试成功
keepalived+lvs配置,HTTP_CHECK健康检查的方式
主节点配置:node1
[root@node1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_LVS {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.16.100
}
}
virtual_server 192.168.16.100 80 {
delay_loop 6
lb_algo rr
lb_kind DR
# persistence_timeout 50
protocol TCP
real_server 192.168.16.13 80 {
weight 1
# TCP_CHECK{
HTTP_GET{
url{
path /index.html
digest e7b78cd5b95cfc072c27500d65666976
status_code 200
}
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 2
}
}
real_server 192.168.16.14 80 {
weight 1
# TCP_CHECK{
HTTP_GET{
url{
path /index.html
digest 2c6d265ea20bb9dc5500c0b69882c538
status_code 200
}
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 2
}
}
}
重启服务
# systemctl restart keepalived.service
备节点配置:node2
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_LVS {
state BACKUP
interface ens33
virtual_router_id 51
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.16.100
}
}
virtual_server 192.168.16.100 80 {
delay_loop 6
lb_algo rr
lb_kind DR
# persistence_timeout 50
protocol TCP
real_server 192.168.16.13 80 {
weight 1
# TCP_CHECK{
HTTP_GET{
url{
path /index.html
digest e7b78cd5b95cfc072c27500d65666976
status_code 200
}
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 2
}
}
real_server 192.168.16.14 80 {
weight 1
# TCP_CHECK{
HTTP_GET{
url{
path /index.html
digest 2c6d265ea20bb9dc5500c0b69882c538
status_code 200
}
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 2
}
}
}
重启服务
# systemctl restart keepalived.service
LVS检测:
[root@node1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.16.100:80 rr
-> 192.168.16.13:80 Route 1 0 15
-> 192.168.16.14:80 Route 1 0 25
[root@node2 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.16.100:80 rr
-> 192.168.16.13:80 Route 1 0 0
-> 192.168.16.14:80 Route 1 0 0
后端节点配置不改变
测试:node6
keepalived测试:
[root@node1 ~]# systemctl stop keepalived.service
[root@node6 ~]# for ((i=1;i<=10;i++)); do curl 192.168.16.100; done
this is 192.168.16.13
this is 192.168.16.14
this is 192.168.16.13
this is 192.168.16.14
this is 192.168.16.13
this is 192.168.16.14
this is 192.168.16.13
this is 192.168.16.14
this is 192.168.16.13
this is 192.168.16.14
http测试:
[root@node3 ~]# systemctl stop httpd
[root@node1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.16.100:80 rr
-> 192.168.16.14:80 Route 1 0 0
[root@node2 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.16.100:80 rr
-> 192.168.16.14:80 Route 1 0 20
[root@node6 ~]# for ((i=1;i<=10;i++)); do curl 192.168.16.100; done
this is 192.168.16.14
this is 192.168.16.14
this is 192.168.16.14
this is 192.168.16.14
this is 192.168.16.14
this is 192.168.16.14
this is 192.168.16.14
this is 192.168.16.14
this is 192.168.16.14
this is 192.168.16.14
测试成功