lvs-DR+keepalived高可用负载均衡
基于web轮询
设置后端vip和rs规则
cat vip.sh
#!/bin/bash
vip=192.168.146.233
mask='255.255.255.255'
dev=lo:1
case $1 in
start)
/usr/bin/echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
/usr/bin/echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
/usr/bin/echo 2 >/proc/sys/net/ipv4/conf/all/arp_announce
/usr/bin/echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig $dev $vip netmask $mask
;;
stop)
ifconfig $dev down
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
;;
*)
echo "Usage: $(basename $0) start|stop"
exit 1
esac
echo $1
分别给后端主机安装好web服务器
检测意见启动的vip地址
LISTEN 0 128 *:80
[root@t2 ~]#ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.146.117 netmask 255.255.255.0 broadcast 192.168.146.255
inet6 fe80::30bb:f79d:94ce:c295 prefixlen 64 scopeid 0x20<link>
inet6 fe80::6ad0:30dc:fdfe:acab prefixlen 64 scopeid 0x20<link>
inet6 fe80::74ed:9546:e005:274c prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:49:e6:30 txqueuelen 1000 (Ethernet)
RX packets 203771 bytes 20203621 (19.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 307945 bytes 27268747 (26.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo:1: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 #vip地址
inet 192.168.146.233 netmask 255.255.255.255
loop txqueuelen 1000 (Local Loopback)
keepalived主机配置
global_defs {
notification_email {
root@localhost
}
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_iptables #关闭生成的iptalbes规则
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 80
priority 100
advert_int 1
unicast_src_ip 192.168.146.97 #设置单播访问
unicast_peer {
192.168.146.107
}
authentication {
auth_type PASS
auth_pass 1111qwer
}
virtual_ipaddress { #vip keepalived浮动的ip地址
192.168.146.233 dev eth0 label eth0:1
}
}
virtual_server 192.168.146.233 80 { #后端vip和keepalived相同
delay_loop 3
lb_algo rr #调度算法 实现简单轮询
lb_kind DR #lvs-DR模式
protocol TCP
#persistence_timeout
sorry_server 192.168.146.107 80 #道歉服务器
real_server 192.168.146.126 80 { #后端真是webIP主机
weight 1
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_beefore_retry 3
connect_port 80 #基于tcp端口检测
}
}
real_server 192.168.146.117 80 {
weight 1
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_beefore_retry 3
connect_port 80
}
}
}
访问测试
ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.146.233:80 rr
-> 192.168.146.117:80 Route 1 0 0
-> 192.168.146.126:80 Route 1 0 0
[root@t1 ~]#ipvsadm -Ln --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes
-> RemoteAddress:Port
TCP 192.168.146.233:80 8 48 0 3192 0
-> 192.168.146.117:80 4 24 0 1596 0
-> 192.168.146.126:80 4 24 0 1596 0
[root@t1 ~]#while true;do curl http://192.168.146.233;sleep 0.5;done
77777777777777777777777777777
6666666666666666
77777777777777777777777777777
6666666666666666
77777777777777777777777777777
6666666666666666
77777777777777777777777777777
6666666666666666
基于http状态检测
keepalived代码
virtual_server 192.168.146.233 80 {
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
#persistence_timeout
sorry_server 192.168.146.107 80
real_server 192.168.146.126 80 {
weight 1
HTTP_GET {
url {
path /index.html
status_code 200
}
}
connect_timeout 5
nb_get_retry 3
delay_beefore_retry 3
}
real_server 192.168.146.117 80 {
weight 1
HTTP_GET {
url {
path /index.html #检测后端web服务器/index.html是否访问正常为200,否则不予调度
status_code 200
}
}
connect_timeout 5
nb_get_retry 3
delay_beefore_retry 3
}
}
实例测试
#while true;do curl http://192.168.146.233/index.html;sleep 0.5;done
77777777777777777777777777777
6666666666666666
77777777777777777777777777777
6666666666666666
77777777777777777 #此时访问正常
6666666666666666
<div class="logos">
<a href="http://nginx.net/"><img
src="/nginx-logo.png"
alt="[ Powered by nginx ]"
width="121" height="32" /></a>
<a href="http://fedoraproject.org/"><img
src="/poweredby.png"
alt="[ Powered by Fedora ]"
width="88" height="31" /></a>
</div>
</div>
</body>
</html> #异常
6666666666666666
6666666666666666
6666666666666666 #异常后直接不再调度到该7777地址
6666666666666666
6666666666666666
6666666666666666
6666666666666666
6666666666666666
6666666666666666
6666666666666666
77777777777777777777777777777 #恢复后
6666666666666666
77777777777777777777777777777
6666666666666666
[root@t2 /usr/share/nginx/html]#ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:80 #80端口一直是开启的表示服务没有宕机 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@t2 /usr/share/nginx/html]#ls
404.html 50x.html en-US error icons img index.html1 nginx-logo.png poweredby.png
[root@t2 /usr/share/nginx/html]#mv index.html{,1} #错误原因,我们更改了检测的uri地址
[root@t2 /usr/share/nginx/html]#mv index.html1 index.html #恢复后访问正常
基于第三方仲裁判断检测master或slave上的文件或文件夹是否存在完成vip自动切换
vrrp_script chk_file { #在global_dafs之外设置
script "/bin/bash -c '[[ -f /etc/keepalived/file.txt ]]' && exit 7 || exit 0" #脚本路径或shell命令
interval 1 #间隔时间默认1s
weight -80 #权重,检测失败后会权重相加,权重可以为负数即相加后降低本机权重
fall 3 #脚本几次失败后转换为失败
rise 5 #检测成功后,几次标记为成功
timeout 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 80
priority 100
advert_int 1
unicast_src_ip 192.168.146.97
unicast_peer {
192.168.146.107
}
authentication {
auth_type PASS
auth_pass 1111qwer
}
virtual_ipaddress {
192.168.146.233 dev eth0 label eth0:1
}
track_script { #引用定义好的脚本
chk_file
}
日志检测
Jan 19 22:09:42 t0 Keepalived_vrrp[10413]: Script `chk_file` now returning 1 #文件不存在
Jan 19 22:09:44 t0 Keepalived_vrrp[10413]: VRRP_Script(chk_file) failed (exited with status 1)
Jan 19 22:09:44 t0 Keepalived_vrrp[10413]: (VI_1) Changing effective priority from 100 to 20
Jan 19 22:09:47 t0 Keepalived_vrrp[10413]: (VI_1) Master received advert from 192.168.146.107 with higher priority 80, ours 20
Jan 19 22:09:47 t0 Keepalived_vrrp[10413]: (VI_1) Entering BACKUP STATE
Jan 19 22:09:47 t0 Keepalived_vrrp[10413]: (VI_1) removing VIPs.
Jan 19 22:10:06 t0 Keepalived_vrrp[10413]: Script `chk_file` now returning 0 #文件存在
Jan 19 22:10:10 t0 Keepalived_vrrp[10413]: VRRP_Script(chk_file) succeeded
Jan 19 22:10:10 t0 Keepalived_vrrp[10413]: (VI_1) Changing effective priority from 20 to 100
Jan 19 22:10:10 t0 Keepalived_vrrp[10413]: (VI_1) received lower priority (80) advert from 192.168.146.107 - discarding
Jan 19 22:10:11 t0 Keepalived_vrrp[10413]: (VI_1) received lower priority (80) advert from 192.168.146.107 - discarding
Jan 19 22:10:12 t0 Keepalived_vrrp[10413]: (VI_1) received lower priority (80) advert from 192.168.146.107 - discarding
Jan 19 22:10:13 t0 Keepalived_vrrp[10413]: (VI_1) Receive advertisement timeout
Jan 19 22:10:13 t0 Keepalived_vrrp[10413]: (VI_1) Entering MASTER STATE
Jan 19 22:10:13 t0 Keepalived_vrrp[10413]: (VI_1) setting VIPs.
基于脚本检测haproxy是否存活
vrrp_script chk_haproxy {
script "/etc/keepalived/chk_haproxy.sh"
interval 1
weight -80
fall 3
rise 5
timeout 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 80
priority 100
advert_int 1
unicast_src_ip 192.168.146.97
unicast_peer {
192.168.146.107
}
authentication {
auth_type PASS
auth_pass 1111qwer
}
virtual_ipaddress {
192.168.146.233 dev eth0 label eth0:1
}
track_script {
chk_haproxy
}
}
chmod a+x /etc/keepalived/chk_haproxy.sh
[root@t0 /etc/keepalived]#cat /etc/keepalived/chk_haproxy.sh
#!/bin/bash
/usr/bin/killall -0 haproxy
keepalived故障自动脚本实例
[root@t0 /etc/keepalived]#cat chk_keepalived.sh
#!/bin/bash
ps aux |grep -v grep | grep -v chk_keepalived.sh |grep keepalived
if [ $? -eq 0 ];then
echo keepalived is running
else
systemctl restart keepalived
fi
* * * * * /usr/bin/bash /etc/keepalived/chk_keepalived.sh