LVS
高可用:
在Centos7和Centos6系统中都可以使用keepalived作为高可用
高可用是一样的;
高可用避免单点故障:
单一故障点,当有一个故障损坏,整体崩溃
工作原理
编辑
keepalive原理很简单,TCP会在空闲了一定时间后发送数据给对方:
1.如果主机可达,对方就会响应ACK应答,就认为是存活的。
2.如果可达,但应用程序退出,对方就发FIN应答,发送TCP撤消连接。
3.如果可达,但应用程序崩溃,对方就发RST消息。
4.如果对方主机不响应ack, rst,继续发送直到超时,就撤消连接。这个时间就是默认
的二个小时。
负载均衡:
Centos6 建议使用piranha,
Centos7 使用keepalived
负载均衡: 在分发机将客户端的请求按照路由算法“平均”发布到后端的real-server。
从client到server:
client手动选择 – 玩游戏选区
DNS轮询 -- 将一个域名分散到多个real-server,已经淘汰!
为什么淘汰?
无法对后端的real-server进行故障检测;
无法对后端的real-server进行压力分析。
F5交换机
性能最强
软件七层负载均衡器 nginx
软件四层负载均衡器 LVS
绑定的VIP, 发出的广播地址,是自己的IP
你发出的广播,只有自己能收到。
权重:
按照比例计算
权重值是>=1的正整数
不要用1
调度持续性:
nginx ip_hash
lvs 超时时间,persistence
数据一致性:
rsync自动同步
使用集中存储
LVS-NAT数据包走向
LVS-DR数据包走向
开始实验:
PIP 172.16.0.81
SIP 172.16.0.82
RIP1 172.16.0.91
RIP2 172.16.0.92
VIP 172.16.0.80
1. 配置RIP
(1)安装apache,写好测试页,启动服务。
[root@RIP1 ~]# yum install -y httpd
[root@RIP2 ~]# yum install -y httpd
[root@RIP1 ~]# echo "rip1-172.16.0.91" > /var/www/html/index.html
[root@RIP1 ~]# systemctl start httpd
[root@RIP1 ~]# systemctl enable httpd
[root@RIP2 ~]# echo "rip2-172.16.0.92" > /var/www/html/index.html
[root@RIP2 ~]# systemctl start httpd
[root@RIP2 ~]# systemctl enable httpd
(2)给RIP绑定VIP
[root@RIP1 /etc/sysconfig/network-scripts]# cp ifcfg-lo ifcfg-lo:0
在lo网卡配置VIP
[root@RIP1 /etc/sysconfig/network-scripts]# vim ifcfg-lo\:0
DEVICE=lo:0 <---改:0,子网卡
IPADDR=172.16.0.80 <---改为VIP地址
NETMASK=255.255.255.255 <---子网掩码这样设置之后,只默认自己的ip
BROADCAST=172.16.0.80 <---改为VIP地址
ONBOOT=yes
NAME=loopback:0 <---改:0,子网卡
[root@RIP1 ~]# /etc/init.d/network restart
[root@RIP1 ~]# ifconfig lo:0
lo:0: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 172.16.0.80 netmask 255.255.255.255
[root@RIP2 /etc/sysconfig/network-scripts]# cp ifcfg-lo ifcfg-lo:0
[root@RIP2 /etc/sysconfig/network-scripts]# vim ifcfg-lo\:0
DEVICE=lo:0
IPADDR=172.16.0.80
NETMASK=255.255.255.255
BROADCAST=172.16.0.80
ONBOOT=yes
NAME=loopback:0
[root@RIP2 ~]# /etc/init.d/network restart
[root@RIP2 ~]# ifconfig lo:0
lo:0: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 172.16.0.80 netmask 255.255.255.255
(3)抑制ARP广播
拦截到达本机的ARP包。
(使访问vip的连接不会找到rip)
[root@RIP1 ~]# vim /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore=1
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.all.arp_announce=2
[root@RIP1 ~]# sysctl -p
[root@RIP2 ~]# vim /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore=1
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.all.arp_announce=2
[root@RIP2 ~]# sysctl -p
2. 配置PIP
[root@PIP ~]# yum install -y ipvsadm keepalived
获取RIP的测试页的md5校验和:
[root@PIP ~]# genhash -s 172.16.0.91 -p 80 -u /index.html
MD5SUM = 84f5626eb376f5ea9ea37ad6b38d55cc
[root@PIP ~]# genhash -s 172.16.0.92 -p 80 -u /index.html
MD5SUM = a36376b540939fc2aeb76c902592a082
[root@PIP /etc/keepalived]# vim keepalived.conf
! Configuration File for keepalived
global_defs {
router_id LVS_apache_xxs <--- 改这个,其它删除
}
vrrp_sync_group VG1 { <--- 添加这组
group {
VI_1
}
}
vrrp_instance VI_1 {
state BACKUP <--- 改
interface ens32 <--- 网卡,不一样就改
virtual_router_id 108 # 可以指定为ip第三组
priority 100
advert_int 1
nopreempt <--- 添加
authentication {
auth_type PASS
auth_pass apachelvs
}
virtual_ipaddress { # 为pip指定vip地址
172.16.0.80 dev ens32 label ens32:0
}
}
virtual_server 172.16.0.80 80 { <--- 改
!# VIP的地址和端口
delay_loop 6
!# 延迟时间,秒
lb_algo wlc <--- 改
!# 路由算法
lb_kind DR <--- 改
!# 调度算法
! persistence_timeout 50 <--- 当这里注释掉之后,会轮训访问对应节点
!# 持久化时间,秒
protocol TCP
real_server 172.16.0.91 80 {
!# RIP的地址和端口
weight 10 <--- 改 权重值
HTTP_GET { <--- 改
url {
path /index.html <--- 改 根据页面的目录
digest 84f5626eb376f5ea9ea37ad6b38d55cc <--- 上边查到的值
}
!# 获取到的测试页的md5校验和
connect_timeout 3
!# 连接RIP的超时时间,秒
nb_get_retry 3
!# 重试的次数
delay_before_retry 3
!# 重试的时间间隔
}
}
real_server 172.16.0.92 80 {
weight 10
HTTP_GET {
url {
path /index.html
digest a36376b540939fc2aeb76c902592a082
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
启动keepalived服务
[root@PIP ~]# systemctl start keepalived
设置开机启动命令到rc.local里,不是enable,因为需要服务完全启动之后才启动keepalived
[root@PIP ~]# echo "systemctl start keepalived" >> /etc/rc.local
[root@PIP ~]# chmod +x /etc/rc.d/rc.local
[root@PIP ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.16.0.80:80 wlc
-> 172.16.0.91:80 Route 10 0 0
-> 172.16.0.92:80 Route 10 0 0
查看vip地址是否在当前节点(确认VIP是在pip,还是在sip)
[root@PIP ~]# ip a | grep 172
inet 172.16.0.81/16 brd 172.16.255.255 scope global ens32
inet 172.16.0.80/32 scope global ens32:0
访问测试: (用客户机,访问vip地址,不是pip地址,也不能在pip访问)
[root@centos7-bj ~]# curl 172.16.0.80
rip2-172.16.0.92
[root@centos7-bj ~]# curl 172.16.0.80
rip1-172.16.0.91
[root@centos7-bj ~]# curl 172.16.0.80
rip2-172.16.0.92
[root@centos7-bj ~]# curl 172.16.0.80
rip1-172.16.0.91
3. 配置SIP
操作方法跟pip相同
[root@SIP ~]# yum install -y ipvsadm keepalived
[root@PIP ~]# scp /etc/keepalived/keepalived.conf 172.16.0.82:/etc/keepalived/
[root@SIP ~]# systemctl start keepalived
[root@SIP ~]# echo "systemctl start keepalived" >> /etc/rc.local
[root@SIP ~]# chmod +x /etc/rc.d/rc.local
[root@SIP ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.16.0.80:80 wlc
-> 172.16.0.91:80 Route 10 0 0
-> 172.16.0.92:80 Route 10 0 0
测试:
- 停止PIP的keepalived服务
[root@PIP ~]# systemctl stop keepalived
[root@SIP ~]# ip a | grep 172
inet 172.16.0.82/16 brd 172.16.255.255 scope global ens32
inet 172.16.0.80/32 scope global ens32:0 #<--
[root@SIP ~]# reboot
[root@PIP ~]# ip a | grep 172
inet 172.16.0.81/16 brd 172.16.255.255 scope global ens32
inet 172.16.0.80/32 scope global ens32:0
[root@SIP ~]# ps aux | grep keepalived
root 931 0.0 0.1 118616 1380 ? Ss 15:41 0:00 /usr/sbin/keepalived -D
root 932 0.0 0.2 118736 2636 ? S 15:41 0:00 /usr/sbin/keepalived -D
root 933 0.0 0.1 118616 1896 ? S 15:41 0:00 /usr/sbin/keepalived -D
[root@PIP ~]# reboot
[root@SIP ~]# ip a | grep 172
inet 172.16.0.82/16 brd 172.16.255.255 scope global ens32
inet 172.16.0.80/32 scope global ens32:0
2. 测试RIP
打开持久化连接。
(当一个节点down掉之后,会自动连接另一个可用节点)
网页访问。
关闭访问的web-server(关闭的时上边粘连访问的节点)
[root@RIP2 ~]# systemctl stop httpd
查看时关闭的节点消失了
[root@PIP ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.16.0.80:80 wlc persistent 50
-> 172.16.0.91:80 Route 10 0 0
再次启动
[root@RIP2 ~]# systemctl start httpd
[root@PIP ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.16.0.80:80 wlc persistent 50
-> 172.16.0.91:80 Route 10 0 2
-> 172.16.0.92:80 Route 10 0 0
转发另一组web-server (Nginx)
vip 172.16.0.80
nginx1 172.16.0.101 端口8000
nginx2 172.16.0.102 端口8000
1. RIP nginx1 nginx2
设置测试页
[root@nginx1 /usr/local/nginx/html]# echo "172.16.0.101" > index.html
[root@nginx1 /usr/local/nginx/html]# echo "101" > check.html
[root@nginx2 /usr/local/nginx/html]# echo 172.16.0.102 > index.html
[root@nginx2 /usr/local/nginx/html]# echo 102 > check.html
绑定VIP
[root@nginx1 /etc/sysconfig/network-scripts]# cp ifcfg-lo ifcfg-lo:0
[root@nginx1 /etc/sysconfig/network-scripts]# vim ifcfg-lo\:0
DEVICE=lo:0
IPADDR=172.16.0.80
NETMASK=255.255.255.255
BROADCAST=172.16.0.80
ONBOOT=yes
NAME=loopback:0
[root@nginx1 ~]# /etc/init.d/network restart
[root@nginx1 ~]# ifconfig lo:0
lo:0: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 172.16.0.80 netmask 255.255.255.255
[root@nginx2 /etc/sysconfig/network-scripts]# cp ifcfg-lo ifcfg-lo\:0
[root@nginx2 /etc/sysconfig/network-scripts]# vim ifcfg-lo\:0
DEVICE=lo:0
IPADDR=172.16.0.80
NETMASK=255.255.255.255
BROADCAST=172.16.0.80
ONBOOT=yes
NAME=loopback:0
[root@nginx2 ~]# /etc/init.d/network restart
[root@nginx2 ~]# ifconfig lo:0
lo:0: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 172.16.0.80 netmask 255.255.255.255
抑制ARP广播
[root@nginx1 ~]# vim /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore=1
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.all.arp_announce=2
[root@nginx1 ~]# sysctl -p
[root@nginx2 ~]# vim /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore=1
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.all.arp_announce=2
[root@nginx2 ~]# sysctl -p
在PIP:
[root@PIP ~]# genhash -s 172.16.0.101 -p 8000 -u /check.html
MD5SUM = cf6a52053ff904bca9d96fd4e7740d7d
[root@PIP ~]# genhash -s 172.16.0.102 -p 8000 -u /check.html
MD5SUM = 5aa8301da6367a102391fc70cae9ee87
[root@PIP /etc/keepalived]# vim keepalived.conf
添加一个:
virtual_server 172.16.0.80 8000 {
delay_loop 6
lb_algo wlc
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 172.16.0.101 8000 {
weight 10
HTTP_GET {
url {
path /check.html
digest cf6a52053ff904bca9d96fd4e7740d7d
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.16.0.102 8000 {
weight 10
HTTP_GET {
url {
path /check.html
digest 5aa8301da6367a102391fc70cae9ee87
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
配置完需要重新启动keepalived
[root@PIP ~]# systemctl restart keepalived
[root@PIP ~]# scp /etc/keepalived/keepalived.conf 172.16.0.82:/etc/keepalived/
[root@SIP ~]# systemctl restart keepalived
查看结果显示
[root@PIP ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.16.0.80:80 wlc persistent 50
-> 172.16.0.91:80 Route 10 0 0
-> 172.16.0.92:80 Route 10 0 0
TCP 172.16.0.80:8000 wlc persistent 50
-> 172.16.0.101:8000 Route 10 0 0
-> 172.16.0.102:8000 Route 10 0 0
测试
通过主机访问,得到的是index.html的结果
故障参考
keepalived服务没问题,配置文件没问题
虚拟机服务也正常
偶尔访问失败,偶尔好使,检查对应服务的虚拟机服务是否正常,网络配置是否正常。主要是lo网卡配置
ipvsadm -L-n可以查询到vip,但是对应主机没有显示
检查keepalived的配置文件中,对应的虚拟机ip设置是否正确