实现LVS+keepalived高可用集群
基于博客“实现Haproxy+keepalived高可用集群转发”https://blog.csdn.net/rafa_2022/article/details/109451695,在之前部署环境上做修改,修改内容如下:
1. 关闭主机zlc1及zlc2上的haproxy服务;
2. 主机zlc1及zlc2修改keepalived配置,实现ipvs;
3. 主机zlc1及zlc2上运行LVS_DR模式的shell脚本,完成虚拟ip绑定,修改相关内核参数等。
修改详情:
三 服务配置
1. keepalived双主配置
1.1 zlc1配置
# cat /etc/keepalived/keepalived.conf
global_defs {
notification_email {
#keepalived 发生故障切换时邮件发送的对象,可以按行区分写多个
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ha1.example.com
# 所有报文都检查比较消耗性能,此配置为如果收到的报文和上一个报文是同一个路由器则跳过检查报文中的源地址
vrrp_skip_check_adv_addr
#严格遵守VRRP协议,不允许状况:1,没有VIP地址,2.配置了单播邻居,3.在VRRP版本2中有IPv6地址.
# vrrp_strict
vrrp_garp_interval 0 #ARP报文发送延迟
vrrp_gna_interval 0 #消息发送延迟
# 默认组播IP地址, 224.0.0.0到239.255.255.255
# vrrp_mcast_group4 224.0.0.18
#yum安装的keepalived配置的虚拟ip不能被访问,自动配置了防火墙策略,加入该参数,则不再添加该策略
vrrp_iptables
}
# VIP转移策略配置,通过判断某脚本的返回值,执行权重的增减,master或backup其中一方配置即可,
# 经确认,master检测脚本返回值非0时执行权重减;backup检测脚本返回值为0时执行权重增。
vrrp_script chk_haproxy {
script "/etc/keepalived/chk_haproxy.sh"
interval 1
weight -80
fall 3
rise 5
timeout 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 80
priority 100
advert_int 1
# 单播通知
unicast_src_ip 172.16.0.101
unicast_peer {
172.16.0.102
}
authentication {
auth_type PASS
auth_pass 1111qwer
}
#调用检查
track_script {
chk_haproxy
}
virtual_ipaddress {
172.16.0.10/16 dev eth0 label eth0:0
172.16.0.11/16 dev eth0 label eth0:1
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 88
priority 80
advert_int 1
unicast_src_ip 172.16.0.101
unicast_peer {
172.16.0.102
}
authentication {
auth_type PASS
auth_pass 1111qwer
}
virtual_ipaddress {
172.16.0.12/16 dev eth0 label eth0:0
172.16.0.13/16 dev eth0 label eth0:1
}
}
# 定义转移ip端口80的集群服务,以某一虚拟IP为例,其他类似。
virtual_server 172.16.0.10 80 {
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
# 定义集群服务包含的RS 1
real_server 172.16.0.202 8080 {
weight 1
# 定义RS1的健康状态检测
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
# 定义集群服务包含的RS 2
real_server 172.16.0.201 8080 {
weight 1
# 定义RS2的健康状态检测
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
}
查看当前配置的虚拟服务和各个RS的权重
# ipvsadm -Ln
1.2 zlc2配置
新增配置与zlc1相同,略。
1.3 RS配置(zlc3 zlc4)
两个后端服务器绑定vip,脚本如下:
#!/bin/bash
LVS_VIP=172.16.0.10
source /etc/rc.d/init.d/functions
case "$1" in
start)
/sbin/ifconfig/ lo:0 $LVS_IP netmask 255.255.255.255 broadcast $LVS_VIP
/sbin/route add -host $LVS_VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealSever Start OK"
;;
stop)
/sbin/ifconfig lo:0 down
/sbin/route del $LVS_VIP >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealSever Stopped"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0
2. 验证
循环curl http://172.16.0.10,此时停止zlc1的keepalived服务,查看zlc1和zlc2的ip变化以及curl是否出现几秒的无响应状态(因时间很短,用户无感知)。