LVS
Server1
[root@server1 yum.repos.d]# vim rhel-source.repo
10 [loadBalancer] 均衡负载
11 name=LoadBalancer
12 baseurl=http://172.25.77.250/rhel6.5/LoadBalancer
13 gpgcheck=0
17 [HighAvailability] 高可用
18 name=HighAvailability
19 baseurl=http://172.25.77.250/rhel6.5/HighAvailability
20 gpgcheck=0
25 [ResilientStorage] 分布型存取
26 name=ResilientStorage
27 baseurl=http://172.25.77.250/rhel6.5/ResilientStorage
28 gpgcheck=0
31 [ScalableFileSystem] 大文件系统
32 name=ScalableFileSystem
33 baseurl=http://172.25.77.250/rhel6.5/ScalableFileSystem
34 gpgcheck=0
[root@server1 yum.repos.d]# yum install -y ipvsadm
[root@server1 yum.repos.d]# ipvsadm -A -t 172.25.77.100:80 -s rr
[root@server1 yum.repos.d]# ipvsadm -l
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.77.100:http rr
[root@server1 yum.repos.d]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.77.100:80 rr
配置虚拟主机
[root@server1 yum.repos.d]# ipvsadm -a -t 172.25.77.100:80 -r 172.25.77.2:80 -g
[root@server1 yum.repos.d]# ipvsadm -a -t 172.25.77.100:80 -r 172.25.77.3:80 -g
[root@server1 yum.repos.d]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.77.100:80 rr
-> 172.25.77.2:80 Route 1 0 0
-> 172.25.77.3:80 Route 1 0 0
[root@server1 yum.repos.d]# ipvsadm -l
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.77.100:http rr
-> server2:http Route 1 0 0
-> server3:http Route 1 0 0
[root@server1 yum.repos.d]# ip addr add 172.25.77.100/24 dev eth0
[root@server1 yum.repos.d]# ip addr
link/ether 52:54:00:b6:ae:90 brd ff:ff:ff:ff:ff:ff
Servser2
Server3
1.安装httpd、arptables_jf
2.设置http默认发布文件 /var/www/html/index.html
[root@server2 ~]# curl localhost
<h1>www.westos.org - server 2</h1>
[root@server3 ~]# curl localhost
<h1>www.westos.org - server 3</h1>
[root@server2 html]# arptables -A IN -d 172.25.77.100 -j DROP
[root@server2 html]# arptables -A OUT -s 172.25.77.100 -j mangle --mangle-ip-s 172.25.77.2
[root@server2 html]# /etc/init.d/arptables_jf save
Saving current rules to /etc/sysconfig/arptables: [ OK ]
[root@server2 html]# arptables -L
Chain IN (policy ACCEPT)
target source-ip destination-ip source-hw destination-hw hlen op hrd pro
DROP anywhere 172.25.77.100 anywhere anywhere any any any any
Chain OUT (policy ACCEPT)
target source-ip destination-ip source-hw destination-hw hlen op hrd pro
mangle 172.25.77.100 anywhere anywhere anywhere any any any any --mangle-ip-s server2
Chain FORWARD (policy ACCEPT)
target source-ip destination-ip source-hw destination-hw hlen op hrd pro
[root@server2 html]# arptables -nL
Chain IN (policy ACCEPT)
target source-ip destination-ip source-hw destination-hw hlen op hrd pro
DROP 0.0.0.0/0 172.25.77.100 00/00 00/00 any 0000/0000 0000/0000 0000/0000
Chain OUT (policy ACCEPT)
target source-ip destination-ip source-hw destination-hw hlen op hrd pro
mangle 172.25.77.100 0.0.0.0/0 00/00 00/00 any 0000/0000 0000/0000 0000/0000 --mangle-ip-s 172.25.77.2
Chain FORWARD (policy ACCEPT)
target source-ip destination-ip source-hw destination-hw hlen op hrd pro
浮动IP实现负载均衡
客户端
[root@foundation77 mnt]# yum install -y ipvsadm
[root@foundation77 mnt]# arp -d 172.25.77.100
[root@foundation77 mnt]# arp -an |grep 100
? (172.25.77.100) at 52:54:00:b6:ae:90 [ether] on br0
[root@foundation77 mnt]# curl 172.25.77.100
www.westos.org - server 3
[root@foundation77 mnt]# curl 172.25.77.100
www.westos.org - server2
第一阶段结束
第二阶段 LVS健康检查
Arptables 和iptables 防火墙面冲突
scheduler=rr 算法
Server1
[root@server1 ~]# yum install ldirectord-3.9.5-3.1.x86_64.rpm -y
[root@server1 ~]# yum install -y perl -y
[root@server1 ~]# rpm -ql ldirectord (查找配置文件)
/etc/ha.d
/etc/ha.d/resource.d
/etc/ha.d/resource.d/ldirectord
/etc/init.d/ldirectord
/etc/logrotate.d/ldirectord
/usr/lib/ocf/resource.d/heartbeat/ldirectord
/usr/sbin/ldirectord
/usr/share/doc/ldirectord-3.9.5
/usr/share/doc/ldirectord-3.9.5/COPYING
/usr/share/doc/ldirectord-3.9.5/ldirectord.cf
/usr/share/man/man8/ldirectord.8.gz
[root@server1 ~]# cp /usr/share/doc/ldirectord-3.9.5/ldirectord.cf /etc/ha.d/
[root@server1 ~]# cd /etc/ha.d/
[root@server1 ha.d]# ls
ldirectord.cf resource.d shellfuncs
[root@server1 ha.d]# vim ldirectord.cf
virtual=172.25.77.100:80
26 real=172.25.77.2:80 gate
27 real=172.25.77.3:80 gate
28 fallback=127.0.0.1:80 gate
29 service=http
30 scheduler=rr
31 #persistent=600
32 #netmask=255.255.255.255
33 protocol=tcp
34 checktype=negotiate
35 checkport=80
36 request="index.html"
37 #receive="Test Page"
38 #virtualhost=www.x.y.z
清空ipvsadm策略,启动ldirectord服务
[root@server1 ha.d]# ipvsadm -C
[root@server1 ha.d]# /etc/init.d/ldirectord start
Starting ldirectord... success
scheduler=rr
[root@server1 ha.d]# ipvsadm -l
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.77.100:http rr
-> server2:http Route 1 0 0
-> server3:http Route 1 0 0
[root@server1 ha.d]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.77.100:80 rr
-> 172.25.77.2:80 Route 1 0 0
-> 172.25.77.3:80 Route 1 0 0
scheduler=rr
[root@server1 ~] # cd /var/www/html
[root@server1 ~]# vim index.html
Server 1- 此网站在维护
Server 2
Server 3
Real Server主机关闭http服务,Virtual Server主机配置
[root@server2 ~]# /etc/init.d/httpd stop
[root@server3 ~]# /etc/init.d/httpd stop
客户端
[root@foundation77 mnt]# curl 172.25.77.100
Server 1- 此网站在维护
[root@foundation77 mnt]# curl 172.25.77.100
Server 1- 此网站在维护
报错 Server1 server2 server3 同时关闭的时候
[root@server1 ~]# /etc/init.d/httpd stop
[root@foundation77 ~]# curl 172.25.77.100
curl: (7) Failed connect to 172.25.77.100:80; Connection refused
[root@server1 ha.d]# netstat -antlp
tcp 0 0 :::80 :::* LISTEN 1269/httpd
健康检查
安装ldirectord服务 清空ipvsadm的策略
修改配置文件vim ldirectord.cf 然server1 安装httpd服务 写入首页此网站在维护
把server2 server3的httpd服务关闭 curl 172.25.77.100显示server1的httpd
此网站正在维护 server1 2 3 全部关闭 客户端访问server v100 显示拒绝连接
[root@server1 ~]# curl localhost
<h1>此网站正在维护</h1>
第三阶段 高可用 负载均衡
Free -m 查看内存的情况
故障排除
[root@server1 ~]# /etc/init.d/keepalived status
keepalived dead but subsys locked
使用80端口 把[root@server1 keepalived]# vim keepalived.conf
SSL_GET 的文件 改成 TCP_CHECK
DR > TUN > NAT > FULLNAT
安装keepalived
配置keepalived服务的路径
/usr/local/keepalived/etc/rc.d/init.d/keepalived
[root@server1 ~]# /etc/init.d/ldirectord stop
Stopping ldirectord... Success
[root@server1 ~]# tar zxf keepalived-2.0.6.tar.gz
[root@server1 ~]# cd keepalived-2.0.6
[root@server1 keepalived-2.0.6]# ls
aclocal.m4 bin compile configure COPYING genhash keepalived lib Makefile.in README.md
ar-lib bin_install config.log configure.ac depcomp INSTALL keepalived.spec Makefile missing snap
AUTHOR ChangeLog config.status CONTRIBUTORS doc install-sh keepalived.spec.in Makefile.am README TODO
[root@server1 keepalived-2.0.6]#less INSTALL
./configure --help
Neet to installed openssl-devel
make必须显示 Use IPVS Framework : Yes
Use VRRP Framework : yes
Use VRRP VMAC : yes
USE VRRP authentication : yes
才是编译成功##注意:compile报错时,解决依赖性, 安装 openssl-devel
[root@server1 ~]# yum install openssl-devel -y
[root@server1 keepalived-1.4.3]# ./configure --prefix=/usr/local/keepalived --with-init=SYSV
/usr/local/keepalived 编译的安装路径
[root@server1 ~]# yum install libnfnetlink-devel -y
[root@server1 keepalived-1.4.3]# make && make install
[root@server1 keepalived-1.4.3]# cd /usr/local/keepalived/etc/rc.d/init.d/
[root@server1 init.d]# ls
Keepalived
[root@server1 init.d]#chmod +x Keepalived
[root@server1 init.d]#pwd
/usr/local/keepalived/etc/rc.d/init.d/
[root@server1 init.d]#ln -s /usr/local/keepalived/etc/keepalived /etc/
[root@server1 init.d]#ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
[root@server1 init.d]#ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
[root@server1 init.d]#ln -s /usr/local/keepalived/sbin/keepalived /sbin/
smtp_connect_timeout 30 客户端curl 172.25.77.100 3秒检测
# vrrp_strict 必须注释会报错
# persistence_timeout 50 必须注释 不注释回出现不能均衡负载
priority 100 主要虚拟主机
priority 50 次要备用虚拟主机
Keepalived 双虚拟主机热备
Server2 为真实服务器Server3 为真实服务器
root@server1 init.d]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 77
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.77.100
}
}
virtual_server 172.25.77.100 80 {
delay_loop 3
lb_algo rr
lb_kind DR
# persistence_timeout 50
protocol TCP
real_server 172.25.77.2 80 {
weight 1
TCP_CHECK {
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 172.25.77.3 80 {
weight 1
TCP_CHECK {
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
新建立server4
[root@server1 local]# scp -r keepalived/ server4:/usr/local
server4主机进行keepalived配置
[root@server1 local]# vim /etc/keepalived/keepalived.conf
###主要修改以下部分
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 77
priority 50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.77.100
}
}
[root@server4 init.d]#ln -s /usr/local/keepalived/etc/keepalived /etc/
[root@server4 init.d]#ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
[root@server4 init.d]#ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
[root@server4 init.d]#ln -s /usr/local/keepalived/sbin/keepalived /sbin/
[root@foundation77 ~]# arp -d 172.25.77.100
[root@foundation77 ~]# arp -an | grep 100
? (172.25.77.100) at <incomplete> on br0
实现高可用和健康检查
server1主机和server4主机:
安装mailx服务
Yum install mailx
启动ipvsadm
加载keepalived (reload)
/etc/init.d/keepalived restart
server2主机和server3主机:
http服务正常
默认发布文件ok
物理主机实验
##实验时,可删除vip,停止keepalived服务,停止网络服务,刷掉内核
##注意:手动删除vip时,keepalived
[root@foundation77 ~]# curl 172.25.77.100
www.westos.org - server2
[root@foundation77 ~]# curl 172.25.77.100
www.westos.org - server 3
server1主机keepalived服务开启时: (server1优先级高,显示server1的Mac地址)
[root@foundation77 ~]# arp -an | grep 100
? (172.25.77.100) at 52:54:00:b6:ae:90 [ether] on br0
[root@server1 keepalived-2.0.6]# ip addr
link/ether 52:54:00:b6:ae:90
server1主机keepalived服务关闭时:(切换到server2主机,显示server4的Mac地址)
[root@server1 keepalived-2.0.6]# /etc/init.d/keepalived stop
Stopping keepalived: [ OK ]
[root@foundation77 ~]# arp -an | grep 100
? (172.25.77.100) at 52:54:00:f5:49:4b [ether] on br0
[root@server4 keepalived]# ip addr
link/ether 52:54:00:f5:49:4b
server1主机keepalived服务再次开启时: (由于server1主机优先级高,再次切换到server1主机)
[root@server1 keepalived-2.0.6]# /etc/init.d/keepalived start
Starting keepalived: [ OK ]
[root@foundation77 ~]# arp -an | grep 100
? (172.25.77.100) at 52:54:00:b6:ae:90 [ether] on br0
[root@server1 keepalived-2.0.6]# ip addr
link/ether 52:54:00:b6:ae:90
[root@foundation77 ~]# curl 172.25.77.100
www.westos.org - server 3
[root@foundation77 ~]# curl 172.25.77.100
www.westos.org - server2
cat /var/log/messages
[root@server1 keepalived-2.0.6]#yum install mailx -y
[root@server1 keepalived-2.0.6]# /etc/init.d/keepalived start
Starting keepalived:
You have new mail in /var/spool/mail/root
Keepalived 双虚主机热备用
避免了server1 虚拟主机关闭 不能访问真实服务器sever2 server3
当server1 关闭 server4马上顶替 为主虚拟机工作
Server1 重新工作 再次切换为主虚拟机 server4 作为备用虚拟机
虚假的设计当server1 server4同时关闭
Server1的httpd 显示此网站正在维护